Biennially, we update our risk assessments and evaluate each auditable area based on several criteria, including:
- Legal/compliance considerations - Risk of significant regulations and/or legal requirements, and costly penalties/fines for non compliance.
- Control environment - Degree of management experience and monitoring, early warning systems or quality assurance programs established, and/or the results of prior audit/regulatory reviews.
- Size - Financial reporting risk and the unit's annual revenue, annual expense total, asset size, annual operating expense, and/or number of transactions.
- Complexity - Complexity of the unit's processes, degree of specialized skill required, significant dependencies on other units/processes, degree of external/market risk factors, and/or significant systems used by the area.