Risk Assessments
In general, a risk assessment is the process used to identify risk factors that have the potential to negatively impact achievement of an organization’s goals or objectives. Beginning in April and continuing through July, Internal Audit and Compliance will be working on three different risk assessments which assist us in planning and prioritizing the work of our respective departments.
Three Risk Assessments?? Can’t there be just one?? We too wish there could just be one large risk assessment, unfortunately, the purpose, respondent groups, method of delivery and timing make this difficult and may cause added confusion or frustration. Details of each risk assessment are below:
Fraud Risk Assessment – To be completed by the Office of Internal Audit in April via a short Qualtrics survey to a wide group of employees at all levels. This assessment will gauge, among other things, the understanding of what fraud is, the level of fraud training provided and the understanding of how to report suspected fraud.
Compliance Risk Assessment – To be completed by the Office of Compliance in May-June via a self-assessment survey assigned to identified stewards of USA’s compliance with federal and state laws and statutes. This assessment will ideally facilitate any necessary coordination between the Office of Compliance and departments in need of additional compliance controls to mitigate regulatory risks.
Annual Risk Assessment – To be completed by the Office of Internal Audit in June-July via a combination of interviews with senior leaders and managers, and other quantitative factors. This assessment will identify the enterprise risks that USA is facing and is a key component in the creation of the annual audit plan.
