130 likes | 186 Vues
RISK ASSESSMENT _____________________________________________________. Fort Bend Independent School District. Goal:.
E N D
RISK ASSESSMENT _____________________________________________________ Fort Bend Independent School District
Goal: To adopt a formal audit plan for Fort Bend Independent School District based on a risk assessment of the district’s operations, and to direct the Internal Audit Department's focus to high-risk operational areas.
A risk assessment is an effective tool to aid the auditors in identifying and prioritizing high-risk operational areas within the district. Without a risk assessment, it is possible that auditors may audit functions that have relatively minimal risk exposure, which leaves other higher risk activities unaudited.
Steps and Methodology of Assessing Risk: 1. Identify all auditable units within the organization and categorize the units into logical functional areas. (e.g., Contract Management, Accounts Payable, Contract/Vendor Agreements and Purchasing would be grouped under the functional area of “Procurement”.) In addition, identify each auditable units' appropriate “owner” or responsible individual.
Steps and Methodology of Assessing Risk: 2. Identify relevant risk variables, both objective and subjective, to assess the auditable units' relative significance or risk. (e.g., materiality, prior audit activities, personnel and management conditions and future business activities.)
Steps and Methodology of Assessing Risk: 3. Determine the weight for each risk variable (i.e., risk variable weight) based on relevance of the criteria (e.g., if materiality is more relevant than prior audit activities, materiality would carry a higher weight.) All weights are shown in percentages, totaling 100%.
Steps and Methodology of Assessing Risk: 4. Communicate with each auditable unit owner and based on these discussions, as well as prior audit familiarity and experience with the auditable unit, determine the level of risk for each unit.
Steps and Methodology of Assessing Risk: 5. Document the level of risk for each risk variable per auditable unit (e.g., with regards to materiality, the higher the financial impact of the unit, the higher the level of risk based on a predetermined rating of 1 to 5.)
Steps and Methodology of Assessing Risk: 6. Calculate the overall risk rating for each unit by multiplying the level of risk with the risk variable weight for each risk variable. (See Attachment A for an example)
Steps and Methodology of Assessing Risk: 7. Based on the highest risk areas in the district, Internal Audit will adopt a formal audit plan for submission and approval by the Superintendent and the Board.
Note: Any audits that are mandatory and are required to be completed annually will not be evaluated in the risk assessment as described above. Risk assessments will be reviewed and updated by Internal Audit every three years, as appropriate.