Business Exposure: larger potential losses are normally associated with larger sized activities, as indicated by revenues and expenditures. Other things being equal, large dollar amounts either following through a system or committed to an activity or project will increase audit interest. Dollar amount and relative liquidity of assets safeguard will impact this factor. Other objective information to be considered for each auditable area includes the dollar amount of cash receipts, receivables, inventory and property safeguarded. Questions to consider include:
- How many programs/areas are encompassed within department?
- What is the amount of the total department budget?
- What is the amount of the total department revenue?
- How many full-time employees (FTE) for all programs/areas?
Public & Political Sensitivity: a public relations exposure exists whenever an event occurs which would erode public confidence in the University. The following conditions influence this factor: probability of adverse publicity, reduced support, tarnished reputation or depletion of goodwill, erosion of the legitimacy of ASU’s mission or miscommunication of traditional values. Questions to consider include:
- How sensitive is the department to bad media publicity?
- How much effect could politics have on meeting departmental goals?
Compliance Requirements: risk associated with non-compliance related to the inability to meet business objectives which can result in monetary loss due to improper business practices, levy of fines or litigation, loss of funding sources and disallowed costs from funding agencies. Questions to consider include:
- Is the department governed by external regulations other than state law?
- Does the department have external audits?
Information technology and management reporting: reliable information is needed at all levels of an organization to run the business and move toward achievement of the entity’s objectives in all categories. Reliable internal measures, including information technology, are essential for generating information used. Questions to consider include:
- Are computer systems other than the ERP operated within the department?
- Does the department have any external reporting requirements?
- Have procedures been established to backup data files, including the identification of all critical data files and programs on work stations and servers?
Management concerns regarding meeting departmental goals, fraud, departmental confidentiality, current operating procedures, etc. are also taken into consideration.