Put together risk assessment? Risk assessment and control evaluation. The sample is attached below:

  

Organizational Objective/Process Goal: 1 2 3 4 Process Level Risks Risk that checks are not being endorsed properly upon receipt. Risk that the persons processing revenue have not taken the required training program provided by Treasury prior to processing revenue. Risk that unapproved vendor software for processing Credit Cards is being used or the software is being used in an unapproved manner. Risk that checks are improperly stored Key Controls IU Internal Audit Audit Name Adequacy of Control Design DO NOT Fill This Column in Monitoring/Testing Plan Potential Testing ideas: 1. Interview cash handling employees concerning the process for endorsing checks. 3. Verify that the department s endorsement stamps location and propriety. Potential Testing ideas: 2. Determine who processes revenue for the department and follow up with appropriate people to ensure that University required training has been received. Potential Testing ideas: 1. Obtain a list from Treasury of approved CC software for the department and compare the list to actual software in use. Potential Testing ideas: 1. Interview employees on storage and destruction of checks. 2. Verify locations of where money is stored and spot check these locations for 6 8 9 10 Risk that cash/checks are not timely deposited or recorded. Failure to record cash receipts or delaying the recording of cash receipts allows cash receipts to be receipts to be misappropriated www. without detection. Dich aber Risk that revenue received is not being reconciled recome (castyc (cash/check/CC). Not reconciling revenue can lead misappropriated or lost funds. Risk that department is not claiming of CC payments in FIS is not occurring timely. Risk that Credit Card numbers or other sensitive data is being stored on spreadsheets or other invoices/documents. Risk that proper segregation of duties is not in place for revenue activities. age of checks. 3. Verify who has access to safes (or locations where cash/checks are stored business and determine if the person has a business reason for that access. Potential Testing ideas: 1. Interview employees on deposit procedures. 2. Select a sample of CR deposits and verify that they comply with IU policy. Potential Testing ideas: 1. Interviews with key employees on reconciliation procedures. 2. Ask to see a selected number of monthly reconciliations for each key revenue arca revenue area ands review for proper procedures. Proce 3. Review the IUIE detail transactions to www. determine that Dls are occurring daily for C6 team CC transactions (that they dept is not holding them and completing them weekly or monthly). 4. Obtain the merchant agreement and determine what the requirements are and verify the requirement to actual actions being performed. Potential Testing Ideas: 1. Review all documentation during testing for sensitive data. 2. Interview with key employees on sensitive data procedures. Potential Testing Ideas: 1. Discussions with key employees on job Page 2 of 3 duties. 2. Verify routing logs and/or key job responsibilities of each employee to ensure that segregation exists.