This document is a guide for review of how key areas of risk are managed within an organizational entity.
Initial Information Needed
Certain information is needed to prepare for the review, and will minimize the time spent at the unit. Please assemble or prepare the following information for the Auditor.
- Current Organizational chart. If associated centers and programs are not listed, please indicate how those units report to the Chair\Director.
- Listing of campus buildings or off-campus sites used by the unit (do not include incidental classroom or office assignments).
- Listing of all ledger accounts used by unit
- Listing of whom in the unit has a PCard
- The most current Payroll Authorization List Form.
- Unique policies and procedures issued for guidance of unit (Do not include general Institute prepared materials, such as the Classified Employee Handbook.) This should include any flex time policy, internet or cell phone usage paid by the unit, etc.
- Wireless Authorization Form for cell phone or internet services paid by the Institute.
- The School\Unit logo or seal. Please email or provide on disk.
Materials/Documents We Will Review
Most information will be obtained during interviews with designated points of contacts in the unit. However, there are some materials that the Auditor will wish to examine during the review. You might have readily available the materials that follow:
- Current employees' leave records
- Current employees' travel records
- Current FY Procurement Card (PCard) monthly reconciliations.
- Activity records from the last physical inventory of capital assets, and any loan agreements for School equipment taken off campus.
- Procurement’s Signature Authorization Form for all personnel currently handling the unit’s procurement activities, and any forms cancelled FY-to-date.
- Any unit approvals to pay for cell phone usage or home internet service.
- Activity records for any workers compensation claims in the last 2 years.
- Any EHS, IRB, or other reports affecting the unit in the last two years.
- Conflict of interest\consulting approval forms.
- Building Emergency Response Plan (Redbook)
- For academic units, signed & approved Grade Change Authorization forms.
- Strategic Information Systems Plan.
- Most recent internal Information System risk assessment.
- Current Business Continuity Plan with documentation of when it was last tested.
- Current copy of hardware inventory
- Current copy of purchased software inventory