CWU banner, your future is Central.  
Skip navigation menu. CWU Home Admissions Academic Programs Alumni/Friends Life at Central Administration
    A-Z SITE INDEX
Pictures from around campus

Internal Audit: Risk Assessment Questions
Back to Internal Audit

Risk Assessment Questions

These are the basic areas of risk as defined in the State Administrative Accounting Manual.

Mark the appropriate response for each question.

  1. Interest shown by outside parties such as legislators, news media, citizen groups, the general public or others (including agency personnel) increases and agency's risk related to a system.
    High _________ Outside parties have shown a major interest in the area.
    Medium _________ Outside parties have shown a moderate interest in the area.
    Low _________ Outside parties have shown no or very little interest in the area.
  2. The existence and applicability of external laws, regulations, contractual or reporting requirements increases the diversity and complexity of system requirements and hence, the opportunity for noncompliance.
    High _________ Subject to 5 or more outside entities.
    Medium _________ Subject to 1 to 5 outside entities.
    Low _________ Subject to no apparent external laws, regulations, contractual, or reporting requirements, of outside entities.
  3. Employee turnover increases the risk associated with a particular system of management or accounting controls.
    High _________ Major turnover in key management or staff.
    Medium _________ Limited turnover in key management or staff.
    Low _________ No turnover in key management or staff.
  4. External and internal auditing of an area or department's internal controls may decrease an agency's risk associated with management and accounting controls.
    High _________ Last review by internal or external auditors was completed over 5 years ago.
    Medium _________ Last review by internal or external auditors was conducted within 3 to 5 years ago.
    Low _________ Reviewed by either internal or external auditor within the last 2 years.
  5. Areas or departments with a history of audit findings and/ or informal internal control comments (external or internal audit) normally have a higher level of risk for an agency.
    High _________ Internal control audit finding less than 2 years ago that resulted in either a compliance failure or a significant adjustment to an account balance.
    Medium _________ Informal internal control comment less than 5 years ago or last internal control audit finding less than 5 years ago.
    Low _________ Last internal control audit finding more than 5 years ago or no internal control audit findings in the last 5 years.
  6. Account or activity balance size has an effect in an agency's risk due to materiality considerations. Account balance size should be measured at the audit area or department's total.
    High _________ More than $7,000,000.
    Medium _________ Between $1,000,000 and $7,000,000.
    Low _________ Under $1,000,000.
  7. Processing general fund expenditures (ledger 1) increases area or department risk due to the budgetary constraints and legislative oversight and concern with the accurate reporting of this data.
    High _________ Processes more than $3,000,000 in general fund expenditures.
    Medium _________ Processes between $100,000 and $3,000,000 in general fund expenditures.
    Low _________ Processes none or less than $100,000 in general fund expenditures.
  8. Processing federal assistance transactions (Financial Aid, Grants, Contracts, etc) causes an increase in area or department risk due to the stringent administrative and cost principle guidelines that must be met.
    High _________ Processes more than $1,000,000 in federal assistance transactions.
    Medium _________ Processes between $100,000 and $1,000,000 in federal assistance transactions.
    Low _________ Processes none or less than $100,000 in federal assistance transactions.
  9. Cash and checks are more susceptible to fraud/ theft than other assets. Their presence in an area or department increases risk especially if the process is part of a major system.
    High _________ The handling of cash and checks or other attractive negotiable instruments is a major part of your system/organization.
    Medium _________ There is limited opportunity for access to cash and check or other attractive negotiable items or potential for access to them.
    Low _________ Includes no cash or highly liquid instruments.
  10. The presence of large inventory balances (not fixed assets and equipment) or specialized inventories such as controlled substances, hazardous wastes, or precious metals increases an area or department risk.
    High _________ Inventories valued at more than $400,000 or including specialized items, such as hazardous wastes.
    Medium _________ Inventories between $50,000 and $400,000 that do not include specialized items.
    Low _________ SInventories under $50,000 that do not include specialized items or no inventory.
  11. State agencies have a history of accountability problems with fixed assets and equipment. The presence of large fixed assets balances or highly desirable small and attractive assets such as firearms or camera equipment, increases the departments risk.
    High _________ Fixed asset balance over $2,000,000 or extensive highly desirable assets.
    Medium _________ Fixed asset balance between $200,000 and $2,000,000 or highly desirable assets.
    Low _________ Fixed asset balance under $200,000 and no highly desirable assets.
  12. Generally, an area or department's risk will increase with higher level of automation within systems. Risk will also tend to increase with major system changes.
    High _________ Your department is responsible for an automated system with major changes or new major automated system(FMS, SAFARI, HRS, LMS).
    Medium _________ Your department is responsible for an automated system with minor changes or a subsidiary system that feeds to a major system.
    Low _________ Your department has no responsibility for major or subsidiary automated systems.
  13. The extent of decentralization has an effect on an area or departments internal accounting controls. Generally, decentralized operations are more difficult to control than centralized.
    High _________ Operations function at more than 5 locations.
    Medium _________ Operations function at 2 to 5 locations.
    Low _________ Operations housed at 1 location.
  14. An area or department's risk increases by the degree that the system is involved in the creation, handling, storage, or affords potential access to sensitive data. ( E.G. personnel files, medical records, client files, research records, student records or other activities deemed confidential by law or policy).
    High _________ Operation include the creation or handling of sensitive data that is an integral part of the system's internal controls.
    Medium _________ Operations include the handling of sensitive data that is not part of the system's internal controls.
    Low _________ The operation does not include the creation or handling of sensitive data; however, information could be used by outside parties.
  15. Describe any specific significant risks related to your business operations that have not been addressed in the above questions and assign the level of risk as high, medium, or low.
    Also list your compensating control to mitigate this risk.
Contact Information
Internal Auditor's Office
Barge Hall 312
400 E. University Way
Ellensburg, WA 98926
Phone: (509) 963-2299
Email: margaret@cwu.edu
Central Washington University 400 E. University Way, Ellensburg WA 98926 This Site Optimized For Newer Browsers.
Go back to Central's main page