Risk Assessment Process

How are College Departments Chosen for Audit?

The Internal Audit Department conducts an annual risk assessment to identify the major areas and departments within the San Jacinto College District that require audit attention.

The risk assessment consists of three phases:

Identify auditable entities

We review the College structure to identify administrative and academic units. We evaluate organizational charts and financial information in order to determine how to organize the units into auditable entities. We also identify processes which apply to all departments such as payroll, purchasing, etc.

Risk Assessment Questionnaire

Utilizing a standardized questionnaire and interviews with key stakeholders we obtain information about each of the College's auditable units.

Analyze information and develop a risk matrix

We utilize responses to the questionnaire to rate each entity based on eleven risk factors, which are given a weighted percentage value. The risk factors include:

  1. Quality of internal controls (20%)
  2. Financial Impact (10%)
  3. Frequency/Complexity/Volume of Transactions (10%)
  4. Regulatory/Legal Impact (10%)
  5. Changes in Area/Management/Systems or Business Processes (10%)
  6. Competency of Management/Staff (10%)
  7. Opportunity of Fraudulent Activity/Waster or Abuse (10%)
  8. College Image/ Reputation or Market / Participant / Customer Impact (5%)
  9. Time Since Last Audit (5%)
  10. Last Audit Results (5%)
  11. Management Discretion (5%)

The risk factors for a given audit unit are assigned weights from 1 (less significant) to 5 (more significant) based on the weighted scale. The weighted sum determines the total risk score for each entity.

In addition to the utilizing the risk score determined for each auditable entity, the annual internal audit plan is created with input from the SLT, Board Finance Committee, and/or personnel from the auditable entities themselves.