It is the policy of the University of Denver to evaluate the institutional risk and financial impact of all technology-based business or administrative applications prior to their implementation. To ensure consistency in the review process, a common business application proposal form as prescribed herein shall be completed and submitted for review by appropriate staff of Institutional Compliance and Internal Audit, the Controller's Office, and Information Technology (the "Review Panel"). Completion and review of the initiative proposal form will ensure that due diligence is conducted, including impact analysis, risk assessment, and compliance with adequate controls and regulatory standards.

The business applications and system implementation review will assist senior staff and the Trustees in determining that proper controls are in place, and that impacts on University financial resources and technological infrastructure are appropriately considered and planned for. New business application initiatives undergoing said review will benefit from the collective expertise and judgment of relevant institutional staff to ensure a successful implementation, and said review will enable timely and proactive identification and mitigation of risks at the inception of technology-based business application projects.

Read the full policy here (.PDF).