Internal auditors are charged with aligning their work with the work of those they serve. The achievement of any goal is fraught with risk, and by assessing the efforts to address the risks their constituents face to the attainment of identified goals, internal auditors give assurance as to the value of those efforts. The annual Risk Assessment is used to identify, quantify and prioritize those risks.

The Risk Assessment conducted by Internal Audit is focused on the preparation of its annual Audit Plan and does not constitute what is termed an Enterprise Risk Assessment or ERA, which is broader in scope and in the depth of analysis of collected data than is this Risk Assessment.

To gather the necessary data for the 2019-2020 Risk Assessment, Internal Audit performed the following tasks:

• Solicitation of input from our college chancellors and directors.
• Analysis of findings of outside auditors – Legislative auditors, Board of Regents auditors, US Department of Education auditors and others.
• Analysis of special projects over the last year.
• Discussions with senior LCTCS staff and LCTCS Board members

Based on these discussions and analyses, Internal Audit has compiled its audit universe, presented herein at the end of this document. Each item in the list is evaluated according to:

• The type of risk
• The probability of occurrence of a risk event
• The impact of an occurrence of a risk event
• The event’s potential for fraud

The at-risk entities were further scored on:

• The degree to which their activities are determined by outside regulations
• The degree to which the unit’s activities rely on functioning IT services
• The degree of organizational changes within the entity
• The entity’s audit history