1. Internal Risk Assessment

The Internal Audit risk assessment is a process that identifies hazards that could negatively impact the organization's ability to conduct business.

Touro College and University System divides its entities in Banner via charts. Using the Banner structure, the Internal Audit Department performs various assessments, such as, Financial, Compliance, Fraud, Information Technology, and Information Security.

Example Audit Plan

Auditable EntitiesPotential Audit AreasProject TypeRisk LevelBudgeted Hours
Entity 1 ComplianceAuditCritical440
Entity 2AccountingAuditHigh440
Entity 3Human ResourcesCompliance Medium440
Entity 4 PayrollIT AuditCritical440
Entity 5Vendor Management Limited Scope Audit High220
Total Estimated Required Hours
GovernanceERM Special ProjectsN/A150
Total Estimated Required Hours for Special Projects150
Total Estimated Available Hours (.56 FTE)1030

2. Internal Audit and Consultative Engagements

The Internal Audit Department is committed to providing the highest level of professional audit services to Touro. Professional audit services act as resources to management and meeting professional standards.

Internal Audit and Consultative Engagement Timeline
Planning Fieldwork Reporting
4 weeks 3 weeks 2 weeks
  • Risk Assessment
  • Risk Control Matrix
  • Announcement Memo
  • Walkthroughs of key processes to identify internal controls,
  • Entry/Opening Meeting
  • Developing, executing and overseeing substantive testing of control and related procedures,


  • Reporting and discussing identified issues with management
  • Draft Internal Audit Report
  • Exit/Closing Meeting Issue Final Report*

Refer to TouroOne, in the Employee Tab under the Internal Audit Subsection for the detailed Internal Audit Policy and Procedures document.