An Annual Audit Plan is prepared each summer for the following fiscal year. As required by statute, this plan is based upon an assessment of risk, which is performed by the Office of Internal Audit in the period preceding plan development.

Typically, the risk assessment process includes interviewing managers to develop a “baseline” of information about activities, objectives, risks, and mitigating controls. This process takes about 30 minutes. In some years, managers will be asked merely to update the information with any changes. This assessment is NOT an audit. Rather, it collects information to enable the Office of Internal Audit to determine where it can best spend its resources.

This Risk Assessment, supplemented by information from management and the Board of Regents, is used by the Office of Internal Audit to develop the Annual Audit Plan, which is submitted to the Board of Regents for their approval at the August Board meeting.

Changes to the plan, however, are often required to adapt to changing circumstances and unidentified risks.