UT Virtual View Book
UT Rockets
A University Rising
UTMC Named Regions #1 Hospital
Welcome
- Home
- Meet the Team
- 20 Questions for Internal Audit
- Guidance
- Compliance and Privacy Office
- ADA/504 Compliance
- Anonymous Reporting Line
- Finance Office
- Finance and Audit Committee
- Internal Audit Plan
- Finance and Audit Committee Presentations
- UT Home Page
- ** New Links **
- Federal Title IV Financial Aid Reporting Requirements
- U.S. Dept. of Education Federal Student Aid Federal Direct Loan Program Audit Report (2010-2011 program year)
- 2010-2011 Annual Financial Report with A133 (as submitted to The State of Ohio in October of 2011)
What is a Control Self-Assessment? How does it differ from an audit?
A Control Self-Assessment (CSA) is a “line of business” offered by the UT Internal Audit Department, and is defined as a process by which a department examines and improves existing internal controls and/or implements new internal controls to mitigate risks associated with a process or function. The CSA process entails documentation of the process or function, identification of all risks related to that process or function, and identification and evaluation of all internal controls that should be in place to mitigate the risks to an acceptable level. Each CSA will have its own goals and objectives; however, every CSA will also have the following three global objectives:• Communication and understanding of each department’s roles and responsibilities within the selected process or function, including the roles and responsibilities of each individual that is part of the process or function.
• Determination of acceptable levels of risk.
• Determination of the correct cost-benefit trade-off for establishing new internal controls.
A CSA differs from an internal audit in that the direction of a CSA is determined by operating department management; the direction of an internal audit is determined by Internal Audit department management. Also, a typical internal audit includes testing of transactions to determine whether internal controls are operating as expected – a CSA typically does not include transaction testing within its scope of work.
