The annual audit process is how Security Assurance Audit selects the UMIT departments, systems and or processes which risk assessments and/or audits will be undertaken within a given fiscal year. The output of the annual audit process is the Annual Audit Plan.
Deciding what to audit is a process we re-examines and perform annually. Given the large number of security auditable units and our small audit staff, it is important we allocate our available time to the areas with highest risk exposures and are most significant to the achievement of the UMIT Security Strategic Plan. In addition to the above, we strongly consider the sources below when selecting audits and risk assessments to perform as well as defining their scope: