Annual Risk Assessment

ANNUAL RISK ASSESSMENT

Each year Valdosta State University is required to complete a university-wide risk assessment.  This process requires departments that are considered to have a substantial impact on the Annual Financial Report to answer an internal control questionnaire, to complete a documentation of internal control over financial reporting, and to complete a segregation of duties matrix.  Departments will also be asked to submit up-to-date policies and procedures for various positions on campus.Completing a risk assessment for your department, is not required, but is strongly encouraged.  A risk assessment identifies the objectives of a department and the associated risks that may prevent completion of those objectives.  If your department has not completed a risk assessment, please use this template as a guide.  If you have questions or need assistance identifying risks, please contact the Office of Internal Audits at 229-245-2491 or view their web site here.  An Internal Control Self-Assessment Questionnaire is also available online.  This provides several short yes/no questions that will help your department determine which areas need improvement.  Typically, a response of “no” indicates an internal control weakness.

SEGREGATION OF DUTIES

Determining proper segregation of duties is also a part of the annual risk assessment.  There are four functions in any organization that should be performed by separate individuals.  These include authorization, custody, record keeping, and reconciliation. No individual should have control over two or more of these responsibilities. For example, one should not accept cash and reconcile cash.  These two functions should be separated.  If duties cannot be segregated, compensating controls (i.e. increased management oversight) must be established. Increased management oversight would include a review of a sample of transactions processed by any individual who has conflicting duties to ensure that those transactions were appropriately processed. This management review has to be performed by an individual who, themself, is independent of the billing and cash collection functions.