Internal Audit Services Internal Audit Services Berkeley Lab
Risk Assessment
Annual Audit Plan
Audit Reports
(Restricted Access)
  Organizational Chart
  IAS Search
  Staff Only
  Lab Search Phone Book A-Z Index
  Privacy and
Security Notice
Audit Planning: Risk Assessment
Risk assessment is a process whereby various business processes applicable to the Lab are ranked according to risk to the organization. Input into the risk assessment process is solicated from various Directors, Department Heads, Department Managers and Lab Stakeholders. Once input has been received and consolidated, each business process is given a score in each of the following five areas:
  • Quality and Stability of Control Environment:

Adequacy and stability of existing control structure
•Expertise of management
•Historical problems
•Changes in management personnel or structure
•Interval since last audit
•Conditions found during recent reviews
•Adherence to budget
•Complexity of operations and technology
•Potential for fraud
•Overall effectiveness and efficiency of operations

  • Business Exposure:

•Potential losses associated with activities, as indicated by revenues and expenditures
•Dollar amount flowing through a system or committed to an activity or project
•Dollar amount and relative liquidity of assets safeguarded
•Dollar amount of cash receipts, receivables, inventory, and plant and property safeguarded

  • Public and Political Sensitivity:

•Likelihood of event occurring which would erode public confidence in the Lab
•Probability of: Adverse publicity; Reduced support; Tarnished reputation; Erosion of the legitimacy of the Lab’s mission; Depletion of goodwill; Miscommunication of traditional values
•Amount of interest that Regents or Office of the President expresses in particular unit or function

  • Compliance Requirements:

•All internal and external policy, procedure, regulatory, and statutory matters affecting the operations of the organization or any of its sub-units.
•Complexity and clarity of internal/external requirements
•Risk associated with non-compliance:
•Monetary loss due to improper business practices
•Levy of fines or litigation
•Loss of funding sources
•Disallowed costs from funding agencies

  • Information Technology and Management Reporting:

•Accuracy, availability, and integrity of information provided either via manual or automated systems
•Information technology factors including system's age, and processing stability, security, and complexity
•Lab-wide impact due to a temporary or major loss of service of IT system, application or entity

A cumulative risk score is then determined for each business process. All applicable business processes are then ranked from highest risk (largest score) to lowest risk (smallest score). This ranking drives the development of the new audit plan.

Top | Home | About IAS
Audit Committee | Audit Planning | Ethics & Investigations | External Audit Coordination | Advisory Services
Other Relevant Audit Links | Contacts | Organizational Chart | IAS Search | Staff Only