Risk Assessment
To effectively prepare an audit plan, we need to identify which activities are the most important and detect areas that pose potential risk to the city. To provide the most benefit, our audits need to be targeted and relevant. We conduct risk assessments both to compare departments and offices based on their potential risk and to better serve the city with our audits. Our current risk assessment model includes these steps:
- Construction of an audit universe consisting of city departments (and offices), top vendors by spend, and largest contracts
- Assessment of twenty standard risk areas from a citywide perspective, ideally with input from the executive offices
- Application of the twenty risk areas to city departments, based on which departments are responsible for controlling risk areas
- Selection of audit topics after consideration of citywide assessments of risk areas and departments' aggregate risk scores