What are the types of services the Office of Internal Audits performs?
The Office of Internal Audits performs various types of audits, consulting and advisory engagements, investigations, and other miscellaneous management requests. Please see the Internal Audit Services document for more information.
How is an area selected to be audited?
An area can be selected for audit based on the following:
Risk Assessment – Every year, the Office of Internal Audits performs a comprehensive campus-wide risk assessment to evaluate the top risk areas and then determines which areas to audit based on the risk rankings and available audit resources.
Required Audits – These audits are required by authoritative entities, such as the Federal and State government, the UT System Board of Regents, granting agencies, laws, etc.
Special Projects – These unplanned projects are audits, investigations, or advisory engagements that are performed at the request of University administrators or are initiated based on information obtained from various sources.
An audit plan is created for the fiscal year and is approved by the University President, the Institutional Audit Committee, and the UT System Board of Regents. Changes can be made to the plan throughout the year depending on updated risks, priorities, and audit staffing.
What happens during an audit?
The audit process has four phases: Planning, Fieldwork, Reporting, and Follow-up. The Audit Process page on this site provides details on each of the phases of the audit process.
Will I be kept informed during the entire audit process?
Regular and open communication is crucial for an audit to be successful and effective. As the audit progresses, audit clients will be informed of the audit process through regular status meetings and/or communications. The audit team makes every effort to discuss audit observations, potential issues, and proposed recommendations as they are identified.
How are audit results reported? Who sees audit reports?
The Audit Process page on this site provides details on the reporting phase of the audit process.
How long will the audit of our area take?
The duration of an audit varies depending upon its scope; limited scope audits may take only a week or two while broad scope audits may take several months. In addition, access to personnel and records and the timeliness of responses to audit requests may also affect the duration of the audit. The audit team will provide an estimate of the time that will be needed to complete the audit at the entrance meeting.
Will the audit interfere with my department's daily activities?
Inevitably an audit affects the area’s routine to some extent as it will be necessary for the audit team to conduct interviews with departmental personnel and to review departmental records and practices; however, efforts will be made to minimize disruptions and cooperate with audit clients to make the audit process as smooth as possible. Much of the audit work can be completed outside of the department; therefore, direct contact with departmental employees is only necessary on a limited basis during the audit process. Many requests are made by email and time is allowed to complete these requests.
Why is the Office of Internal Audits auditing my area when someone else has audited the same thing?
In addition to being audited by the Office of Internal Audits, units and functions within the University may also be audited by external auditors during their routine annual audits. While there is an effort to eliminate or reduce duplication of effort by coordinating with these other auditors, we have no control over their audit plans. Consequently, an area or department may occasionally be reviewed more than once during the year.
What is the difference between Internal Audit and Compliance?
Internal Audit is an independent assurance function that evaluates university operations in all areas: financial, operational, information technology, and compliance. Compliance is a management function that helps ensure compliance with policies and regulations, and facilitates compliance training.
To view a comparison of internal audit and institutional compliance functions, see the document here.