IAS begins the Risk Assessment Phase at the beginning of each calendar year.

Risk Assessment Process

Risk assessment is a process whereby various business processes applicable to the Lab are ranked according to risk to the organization. Input into the risk assessment process is solicated from various Directors, Department Heads, Department Managers and Lab Stakeholders. Once input has been received and consolidated, each business process is given a score in each of the following five areas - Quality and Stability of Control Environment, Business Exposure, Public and Political Sensitivity, Compliance Requirements and Information Technology and Management Reporting. A cumulative risk score is then determined for each business process. All applicable business processes are then ranked from highest risk (largest score) to lowest risk (smallest score). This ranking drives the development of the new audit plan.