Risk Assessment Questionnaire
Department/Area Name:__________________________________
This Department Reports to:_______________________________
Person completing survey:_________________________________
Briefly describe the department or area, its major activities and functions.
Critical Measures:
Current Number of FTEs employed in the department:______
Last Three Years Total Budget Amount (All Accounts):
Total Budget Operating Budget (Total
Budget minus Payroll)
FY 2009-10
FY 2008-09
FY 2007-08
Revenues and Assets
Does the Department/Area have revenues (Funds or receipts not provided as part of the budget
appropriation process -cash, check, credit card, etc.)? If so, please give the approximate yearly
amount:
_____Yes. Description:
Approximate Amount:
_____No.
Does the Department/Area have a Petty Cash Fund? If so, what is the amount and purpose of the
fund?
_____Yes. Amount: Purpose:
_____No.
Does the Department/Area have inventories of any kind? If so, please describe the inventory in
general terms and give an approximate value.
_____Yes. Description:
Approximate Amount:
_____No.
Does the Department currently have grants?
_____Yes. List of Grants:
_____No.
***********************************
For the remainder of the questions, please check whichever alternative best describes your
department (1,2, or 3).
Growth of Auditable Unit
Indicate the whether there has been growth in your department in numbers of activities or budget
during the past 12 months.
_____ 1. The unit has experienced no growth or has shrunk in size.
_____ 2. The unit has experienced less than 10% growth.
_____ 3. The unit has experienced more than 10% growth.
Policies and Procedures
In regard to departmental policies and detailed procedures to support the policies, indicate
whether:
_____ 1. Policies have been in place for over three years, with no major changes made.
Written procedures which support the policies are in place.
_____ 2. Policies are in place; however, employees are not always familiar with the
policies and adherence to procedures is not always enforced.
_____ 3. No written policies are in place.
Regulation/Compliance
To what extent is your department/area governed or impacted by Federal or State regulation?
_____ 1. Department is not affected or is minimally affected by Federal and/or State
regulations.
_____ 2. Department moderately affected by Federal and/or State regulations.
_____ 3. Department is heavily regulated by Federal and/or State regulations.
Information Technology Changes
What level of impact does Information Technology (IT) have on your department?
_____ 1. There have been no new IT changes during the past 12 months and/or IT has
little impact on this department.
_____ 2. Some changes have been made to the IT environment and/or IT significantly
affects this function.
_____ 3. The IT environment has changed or been replaced. The IT environment affects
nearly all aspects of this function.
Departmental Changes
Have there been any significant changes in staff size, funding, functions, systems, key positions
and/or responsibilities of the department which might created problems?
_____ 1. No significant changes have occurred during the last 3 years.
_____ 2. Funding, staffing and/or responsibilities have changed moderately during the
last 3 years.
_____ 3. Continuous and large-scale changes have been made to the department.
Management/Employee Turnover
Regarding management or employment turnover in your department during the past 3 years:
_____ 1. No turnover in key management or staff.
_____ 2. Limited turnover in key management or staff.
_____ 3. Major turnover in key management or staff.
Quality of Management
How would you rate your department’s management skills:
_____ 1. Management is able to be responsive and copes successfully with existing and
foreseeable problems. As issues arise, they are immediately addressed and
corrected.
_____ 2. Management is not always able to be responsive to issues as they arise but
generally has a satisfactory record of performance.
_____ 3. Management frequently is not able to be responsive to issues that arise, for
whatever reason.
Management Override
To what degree can management of this department supersede the policies established for this
particular activity?
_____ 1. Complete inability to circumvent controls.
_____ 2. Capability to override some controls without detection.
_____ 3. Capability to override the majority or all of the controls without detection.
Training
Please indicate the status of training in your department?
_____ 1. Training is provided at least annually to all applicable employees, and there are
discussions with employees to confirm that training is adequate.
_____ 2. Some training is being provided to applicable employees; however, additional
training is needed.
_____ 3. Very little training is being provided, and the adequacy of the training is not
effective.
Date of Last Audit
When was the last time that your department was reviewed by either internal audit or external
auditors (KPMG) as part of the financial audit or A-133 audit?
_____ 1. Reviewed by either internal or external auditor within the last 2 years.
_____ 2. Last review by internal or external auditors was conducted within 3 to 5 years
ago.
_____ 3. Last review by internal or external auditors was completed over 5 years ago.
Controls and Prior Exceptions
If your department had either an internal audit or was part of the external audit, what kind of
findings or exceptions were there?
_____ 1. Only minor exceptions were noted in the department’s activities and they have
been addressed.
_____ 2. Some minor to moderate exceptions have occurred causing some control
concerns.
_____ 3. Significant exceptions have been revealed during past audits/
Degree of Dependence
Describe the number of University organization units supported by the department:
_____ 1. The department/area does not serve other organizational units, or at most one
other organization unit. Department is mostly self-contained.
_____ 2. Department serves limited informational needs of several dependent
organizations within the University.
_____ 3. Department meets full and very complex informational needs of numerous
dependent organizations within the University.
Impact of Inaccurate Data
What would be the relative effect of inaccurate data to the department’s capability to provide
internal or external service?
_____ 1. Incorrect or inaccurate information generated by the department would have
little or no impact on the operations of the University.
_____ 2. Incorrect or inaccurate information generated by the department has a moderate
impact on the operations of the University.
_____ 3. Incorrect or inaccurate information generated by the department activity has a
serious impact on the operations of the University.
Degree of Confidentiality
What is the degree of confidentiality of the information produced or handled by the department?
_____ 1. Information produced by the department is not confidential and is generally
available to the public, the release of which would not result in any potential
loss or embarrassment to the University.
_____ 2. Information produced by the department is available to designated employees
of the University in connection with their jobs. Release to the public or to an
unauthorized entity could result in minor financial loss or moderate
embarrassment or violation of an individual’s privacy.
_____ 3. Information produced by the department requires protection against
unauthorized or premature disclosure. Such disclosure could result in serious
loss or embarrassment or could adversely affect the department, the University
or the subject of the information.
Instances of Abuse
Have there been any instances of fraud, computer abuse, or data loss for this department?
_____ 1. No instances of "known" fraud, computer abuse or loss of data have occurred
during the last 24 months. Internal controls are in place and effective.
_____ 2. Instances of "known" fraud, computer abuse or loss of data have occurred
during the last 24 months. Internal controls that were lacking have been
installed and are being monitored for effectiveness.
_____ 3. Instances of "known" fraud, computer abuse or loss of data have occurred
during the last 24 months. Internal controls have not been strengthen.
Desirability of Inventory
Do you have any departmental inventory (not fixed assets or equipment) or specialized inventory
such as controlled substances, hazardous wastes, or precious metals?
_____ 1. Inventories are valued at low dollar amounts and do not include specialized
items or no inventory.
_____ 2. Inventories are at relatively moderate dollar amounts and do not include
specialized items.
_____ 3. Inventories are valued at high dollar amounts or include specialized items, such
as hazardous wastes. (Please indicate which.)
Complexity of Operations
Are assignments or transactions managed by your department inherently complex?
Do assignments or transactions require a significant amount of time or number of steps to
complete? Are work tasks difficult, requiring a high degree of interpersonal coordination and/or
extensive training?
_____ 1. The department's/area's instruction's operations are relatively simple.
_____ 2. Assignments or transactions require several persons or steps, are somewhat
time consuming, and require moderate training.
_____ 3. Assignments or transactions require several persons or steps, are very time
consuming, and require extensive training.
Interest to Outside Parties
Do you routinely have communication with outside parties such as: legislators, news media,
citizen groups, or agency personnel?
_____ 1. Outside parties have shown no or very little interest in the area
_____ 2. Outside parties have shown a moderate interest in the area.
_____ 3. Outside parties have shown a major interest in the area.
Handling of Cash
To what extent does your department handle cash?
_____ 1. Does not handle any cash, checks, or credit card payments.
_____ 2. There is limited activity with cash, checks or credit card receipts or potential
for access to them.
_____ 3. The handling of cash, checks, and credit card payments is a major part of the
department’s responsibilities.
Do you have any specific areas of issue/concern that you would like to discuss with Internal
Audit?