Risk Assessment and Planning
How are topics selected for an internal audit?
A Year At A Glance
Throughout the year we collect ideas and input from the Board of Directors Audit
Committee, Management, DOE Fermi Site Office, DOE Office of Inspector General, and others
in the field. Annually, we prepare and vet our risk based audit plan and conduct audits.
We prepare reports that summarize the results of individual audits, as well as an annual
report.
Audit results are shared with a wide audience including the Audit Committee, Management, the DOE Fermi Site Office, the DOE Chicago Office, the DOE Office of Inspector General, and FRA's external audit firm.
The Risk Assessment Process
A quantitative risk based approach is used to rank the entities in the audit universe.
Our audit universe is defined by major Fermilab function. Professionally accepted
criteria are used to evaluate the relative risk of each function. Examples of the
criteria include: transaction volume, materiality, prior audit results, regulatory
involvement (applicable DOE Orders), and potential for unallowable costs.
Risk assessment is a comprehensive process, therefore, we ask many different people for their input. For example, Management is asked to identify significant changes since the last assessment. To avoid duplication of audit effort, we also request copies of external audits and reviews conducted. We meet with the Audit Committee, Management, the DOE Fermi Site Office, and the DOE Office of Inspector General in order to consider their views as we establish our risk based audit plan.
When the risk assessment process is complete, we prepare an annual internal audit plan. The plan is presented to the Audit Committee for review and approval. We usually focus our resources on the areas of highest risk. Additionally, we also select lower risk ranked topics, or "wildcards," to ensure broad coverage of the audit universe. The final audit plan approved by the Audit Committee is formally issued to the DOE Fermi Site Office, and copies are provided to Management, the DOE Chicago Office, the DOE Office of Inspector General, and FRA's external audit firm.
Other Services Provided
The annual audit plan includes a provision for projects that may be performed throughout
the year.
Fiscal Year 2012 Audit Plan
- New Hire Orientation
- Service Center Labor Chargebacks
- Visual Media Services
- Service Subcontract Administration
- IT Service Level Management
- Annual Allowable Cost Audit
- OMB Circular A-123 Testing
- Follow-On Verification Procedures
- Management Advisory Services