|
Risk Assessment and Planning
How are topics selected for an internal audit?
A Year At A Glance
Throughout the year we collect ideas and input from the Board of Directors Audit Committee, FRA, Fermilab Management, DOE Fermi Site Office, DOE Office of Inspector General, and others in the field. Annually, we prepare and vet our risk based audit plan and conduct audits. We prepare reports that summarize the results of individual audits, as well as an annual report.
Audit results are shared with a wide audience including the Audit Committee, FRA, Fermilab Management, the DOE Fermi Site Office, the DOE Office of Inspector General, and FRA's external audit firm.
The Risk Assessment Process
A quantitative risk based approach is used to rank the entities in the audit universe. Our audit universe is defined by major Fermilab function. Professionally accepted criteria are used to evaluate the relative risk of each function. Examples of the criteria include: transaction volume, materiality, prior audit results, regulatory involvement (applicable DOE Orders), and potential for unallowable costs.
Risk assessment is a comprehensive process, therefore, we ask many different people for their input. For example, Fermilab Management is asked to identify significant changes since the last assessment. To avoid duplication of audit effort, we also request copies of external audits and reviews conducted. We meet with the Audit Committee, FRA, Fermilab Management, the DOE Fermi Site Office, and the DOE Office of Inspector General in order to consider their views as we establish our risk based audit plan.
When the risk assessment process is complete, we prepare an annual internal audit plan. The plan is presented to the Audit Committee for review and approval. We usually focus our resources on the areas of highest risk. Additionally, we also select lower risk ranked topics, or "wildcards," to ensure broad coverage of the audit universe. The final audit plan approved by the Audit Committee is formally issued to the DOE Fermi Site Office, and copies are provided to FRA, Fermilab Management, the DOE Office of Inspector General, and FRA's external audit firm.
Other Services Provided
The annual audit plan includes a provision for other audits and reviews that may be performed throughout the year.
Fiscal Year 2007 Audit Plan
Annual Allowable Cost Review
Meal Costs
Service Subcontract Administration
ES&H TRAIN System Controls Review
Basic Receiving Operation
Follow-On Verification
Fiscal Year 2008 Audit Plan
Retirement Plan Reconciliation Process
Earned Value Analyses
Annual Allowable Cost Reivew: FRA Corporate
Annual Allowable Cost Review: Fermilab
ProCard Usage
OMB Circular A-123 Testing
Follow-On Verification
|
