Audit Planning Process
Audit Planning and Risk Assessment Process
In determining which areas to audit, we develop an annual risk-based dynamic audit plan designed to test high and moderated rated areas. A dynamically based audit plan allows us to adjust our schedule as necessary to incorporate emerging issues and significant changes within the agency.
Biennially, we update our risk assessments and evaluate each auditable area based on several criteria, including:
- Legal/compliance considerations - Risk of significant regulations and/or legal requirements, and costly penalties/fines for non compliance.
- Control environment - Degree of management experience and monitoring, early warning systems or quality assurance programs established, and/or the results of prior audit/regulatory reviews.
- Size - Financial reporting risk and the unit's annual revenue, annual expense total, asset size, annual operating expense, and/or number of transactions.
- Complexity - Complexity of the unit's processes, degree of specialized skill required, significant dependencies on other units/processes, degree of external/market risk factors, and/or significant systems used by the area.
In developing our audit plan, we also seek input from the Executive Directors regarding areas of concern within their specific areas or other areas within the Agency as a whole.
Our audit follow-ups consist of reviews, interviews, and/or sample testing to verify whether management's corrective actions to control weaknesses are functioning as intended. A Semi-Annual Management Action Plan Status Report is distributed to management and Executive Directors to promote accountability and to ensure that appropriate attention and resources are allocated to facilitate timely resolution of management's action plans.