The risk assessment process is an ongoing one. Internal and external threats constantly develop, presenting new hazards to the University. Change itself is a risk, and management must continually adapt its policies and procedures to manage its risks to a comfortable level.
Each operating function at the University faces its own challenges, and must assess how it will manage them to meet its objectives. A good internal control system can mitigate those risks, and the Office of Internal Auditors can advise you on developing good internal controls.
The American University in Cairo's Internal audit office assesses enterprise-wide business risks throughout the University. We seek input from the Board of Trustees, administrators, staff, faculty, students, and our external auditors on possible risks and their likelihood or importance. The results of the assessment are used to prepare future annual audit plans.
In 2016, the Office of Internal Auditors launched the electronic risk assessment module, where each department/office head is required to answer a list of questions with different weights and based on these weights different departments are ranked according to the risk score, Each head of the department/office can also fill in other important risks that he sees from his point of view.