Internal Audits FAQ

What happens during an audit?

Engagement Memo – With few exceptions, audit clients are notified in writing when their area is selected for review. These letters are sent to the vice president of the area being audited as well as to the appropriate dean, chairperson, or director. The engagement memo states the date, time, and place of the entrance conference and the objectives to be accomplished in the audit. Due to the nature of some audit work, we may give little or no advance notice.

Entrance Conference – An entrance conference is scheduled with the head of the department to discuss the purpose and scope of the audit. We encourage audit clients to discuss any concerns or questions they may have about the audit. Audit clients may also request a review of those areas of most concern to them be included as part of the audit activity.

Audit Work - Written policies and procedures may be requested to aid the auditor in understanding departmental operations; however, it is often necessary for auditors to reside in the department office(s) to conduct interviews and review departmental records. In order to minimize disruption of daily operations, we try to schedule meetings in advance to avoid potential scheduling conflicts.

Duration of audits vary depending upon scope. Hence, limited scope audits require less time than audits with broader scopes, which could lengthen the audit time period. Additionally, the level of cooperation from auditees and access to personnel and records has a direct bearing on the duration of audits.

Communicating Results - Audit results are presented to audit clients via verbal or written communication and usually include recommendations intended to benefit the area under review and the University.

Audit clients have an opportunity to discuss concerns identified within the audit and to concur or disagree with conclusions and recommendations. In any event, audit clients are required to provide, in writing, proposed resolutions including reasonably expected implementation dates.

Exit Conference - An exit conference is held to discuss audit findings. Attendees include the auditors, members of management responsible for oversight and operation of the area under review, as well as those individuals who will have a direct or indirect involvement in resolving audit concerns identified. The exit conference provides an opportunity to clear and resolve questions or concerns pertaining to findings, or other issues, before the final audit report is released.

Final Audit Report - The final audit report includes findings and recommendations along with management's responses. Copies of the report are distributed to the president, appropriate vice presidents, the audited unit’s manager, and the System Audit Office. Audit findings are also included in a summary of all UT component reports provided to the chancellor and the Audit Committee of the Board of Regents.

Follow-up Reviews - Our professional standards require that we follow-up and report on previously reported findings to determine if corrective action was taken and audit concerns were resolved.

How are areas selected for audit?

The Office of Internal Audits is required to develop a comprehensive annual audit plan. The decision of what audits to include in the plan is based on a risk analysis and input from senior management. Provisions are also made for UT System required audits and special requests. The annual audit plan is then reviewed and approved by the Audit Committee.

What professional standards do Internal Auditors follow?

The Office of Internal Audits provides a high level of professional service to the University by maintaining and following professional standards and guidelines as outlined by the following:

• International Standards for the Professional Practice of Internal Auditing as published by The Institute of Internal Auditors
• Government Accountability Office (GAO) – Yellow Book Standards
• Code of Ethics as set forth by The Institute of Internal Auditors
• UT Business Procedure Memorandum No. 18
• Generally Accepted Auditing Standards (GAAS) as published by the American Institute of Certified Public Accountants
• The Texas Internal Auditing Act
• Guidelines published by the National Association of College and University Business Officers
  Our professional staff holds various certifications, such as Certified Internal Auditor, Certified Government Audit Professional, Certified Public Accountant and Certified Information System Auditor. In addition, staff members attend a variety of continuing professional education courses and conferences to enhance knowledge, skills, and service to the University. Professional memberships include:
  • The Institute of Internal Auditors (IIA)
  • Texas Society of CPAs (TSCPA)
  • Association of College and University Auditors (ACUA)
  • Texas Association of College and University Auditors (TACUA)
  • Information Systems Audit and Control Association (ISACA)

Who audits the auditors?

Oversight of the Internal Audit Office is performed by the Institutional Audit Committee and the UT System Audit Office. In addition, a Quality Assurance Review, or peer review, is performed every three years by qualified auditors (external to the organization) in accordance with Professional Standards.

Also, in most instances, audit clients have an opportunity to evaluate the quality of service provided by our department by completing an evaluation form which we use to identify ways to improve our services.