Risk Assessment

Factors considered within the Risk Assessment include:

Quality of the Control Environment

• Have administrative personnel changes occurred within the department?
• Have major program modifications occurred?
• Have departmental procedural problems been noted by the departmental chair/director?
• How long since last audit?
• Are monthly reconciliation performed on all departmental revenues and expenditures (compare documents to SAP postings)?

Business Exposure

• How many programs/areas are encompassed within department?
• What is the amount of the total departmental budget?
• What is the amount of total department revenue?
• How many full time employees (FTE) for all programs/areas?
• Public & Political Sensitivity
• How sensitive is the department to bad media publicity?
• How much effect could politics have on meeting departmental goals?

Compliance Requirements

• Is the department governed by external regulations other than state law?
• Does the department have external audits?

Degree of Reliance on Information Technology/Reporting

• Are computer systems other than SAP operated within the department?
• Does the department have any external reporting requirements?
• Have procedures been established to backup data files, including the identification of all critical data files and programs on work stations and servers?

Management Concerns

• Does management have any specific concerns regarding meeting departmental goals, fraud, departmental confidentiality, current operating procedures, etc?