Enterprise Risk Management
Prior to any analysis or review, an analysis of the risk involved should be performed. UAS will ensure the COSO integrated framework of the control environment, risk assessment, control activities, monitoring, and information and communication are implemented within the University.
University Audit Services uses the COSO Framework to evaluate the risks associated with a process or function, and the control activities established by management to mitigate these risks.
Control Environment: it is the mission, objectives, organizational structure, and policies that sets the "risk and control" tone for the organization or department.
Risk Assessment: the identification and analysis of relevant risks (strategic, financial, operational, and compliance) to the achievement of objectives.
Control Activities: Procedures enacted by management to ensure that directives are carried out.
Information & Communication: relevant information identified, captured, and communicated in a form and timeframe that enable people to carry out their responsibilities.
Monitoring: a process that assesses the quality of the system's performance over time.