IT & Privacy Risk Assessments


Internal Audit is required by professional audit standards and our risk environment to consider IT-related risks. The Internal Audit Charter states that the scope of Internal Audit should include “monitoring and evaluating the effectiveness of the University’s risk management system.”

IT Risk Assessment & Audit Process

Develop and maintain IT risk universe

Select entities, units, applications, and development projects for IT risk assessment

Distribute IT risk assessment questionnaire 

Distribute data inventory questionnaire or request data inventory updates

Analyze risk assessment questionnaire results

Request supporting documentation and perform additional testing

Report risk assessment results and obtain management risk remediation plan