Skip to navigation Skip to login
Saturday, October 20
Home » About MOSERS » Internal Auditors » Risk Assessment

Risk Assessment

PAGE TOOLS: TEXT SIZE: Larger | Smaller Print Logo Print this Page

Internal Audit Risk Assessment Process

Once a year internal audit conducts a high level risk assessment of all agency functions in order to identify the next audit areas to review. This process includes completing a risk assessment questionnaire for each auditable area in the agency with the help of staff in that area. The risk assessment is not an in-depth evaluation of the controls in those areas, but a process by which to identify:

  • Quality of internal controls identified by staff and internal auditor,
  • Adequacy of written procedures,
  • Complexity of operations,
  • Changes in operations over last year,
  • Time since last audit or review,
  • Impact of area functions on other users and,
  • Interest of the board or executive management.

Calculating Total Risk Rating

  • Each of the identified areas is scored on each of the seven risk factors, using a scale of one to five, with 5 points indicating maximum risk and 1 point indicating minimum risk. The next page provides greater detail on the risk factors.
  • The risk scores, given by internal audit, are multiplied by the risk factors percentage weights pre-assigned to that particular risk factor. The weights are determined by the internal auditor based on professional judgement.
  • A total rating is computed by totaling the scores for each audit area. An Excel spreadsheet is used to perform the mathematical calculations.
  • The audit areas will be sorted by their total rating scores (descending order).
  • When a tie among risk scores exists, other factors can be used in determining rank; for example, the number of hours required to conduct an audit, biggest impact on the System. Generally speaking, there will be more potential audits and available hours.

Audit Plan

The internal auditor will prepare an audit plan for the forthcoming fiscal year based on the the total risk rating and audit time constraints. This plan is presented to both the board of trustees and the executive director for approval. Copies of the audit plan are available upon request.

Missouri State Employees' Retirement System
Address: 907 Wildwood Dr., Jefferson City, MO 65102 Phone: 800.827.1063 URL: Email: Founded On: September 1, 1957