- Meet the Team
- 20 Questions for Internal Audit
- Institutional Compliance Plan Manual
- Compliance and Privacy Office
- ADA/504 Compliance
- Anonymous Reporting Line
- Finance Office
- Finance and Audit Committee
- Internal Audit Plan
- Finance and Audit Committee Presentations
- UT Home Page
- ** New Links **
- Federal Title IV Financial Aid Reporting Requirements
- Retention Rate Information and Graduate and Professional Education
- Completion and Graduation Rate Information
- Gainful Disclosure Certificates
- U.S. Dept. of Education Federal Student Aid Federal Direct Loan Program Audit Report (2010-2011 program year)
- 2011-2012 Annual Financial Report with A133 (as submitted to The State of Ohio in October of 2012)
Scott Park Campus
Academic Services CenterRoom 2050 email@example.com
I understand that Internal Audit will help me manage the risks in the area. So what exactly is a "business risk"?A business risk is anything that could jeopardize achieving your goals, operating effectively and efficiently, protecting the University’s assets from loss, providing reliable financial data, and complying with applicable laws, policies, and procedures.
When attempting to identify business risks, ask yourself:
• What could go wrong?
• How could someone steal from us?
• What policies are we most affected by?
• How can someone bypass the internal controls?
What could go wrong in your area? Could a fire break out in your research lab? Could a key local system/application go down? Can a key employee call in sick? Can the media become aware of procurement card fraud? Could a safety or security incident occur with faculty/student/staff member overseas? Is cash missing from departmental funds? Can faculty hire family members inappropriately? Use your imagination!
Itis not enough to identify the business risks – each risk needs to also be assessed. In other words, you should estimate the chance that a risk will actually occur and the potential effect/impact.
All types of risk could be foreseeable when considering compliance with federal regulations. In the IT arena, security, privacy, and access risks should be considered. Disaster recovery planning should consider risks such as a flu outbreak or incidents like the tragedy at Virginia Tech. Functional areas that deal with student, faculty, and employment safety issues should consider stress, counseling, and workplace violence risks. And facilities and construction management processes should consider risks in managing and monitoring building construction.