FUNCTION OF INTERNAL AUDIT
WHAT IS THE FUNCTION OF THE OFFICE OF INTERNAL AUDIT?
The Internal Audit Office was established to provide an independent examination, appraisal, and evaluation of Texas Southern University operations on behalf of the Board of Regents, the President, and management.
In addition, the Internal Audit Office is dedicated to providing management with value-added services, as well as reasonable assurance to the Board and university management in the following categories:
• Reliability and integrity of financial and operational information
• Effectiveness and efficiency of operations
• Compliance with all applicable laws, regulations, and contracts
• Safeguarding of assets
In performing these activities, the auditor is authorized to have full, free, and unrestricted access to all property, personnel and records (including medical) relevant to the subject under review. The Board of Regents, via the TSU Internal Audit Charter, grants this authority.
Risk Analysis– Each year, the Office of Internal Audit develops an audit plan utilizing risk analysis
to identify the major areas needing audit attention. The plan is approved by the Board
of Regents and is submitted to the President and Executive Committee.
General Operational Audits- These audits are utilized to assess a department’s (business unit) operations for compliance, efficiency, and effectiveness. Items reviewed during an operational audit may include accounting transactions, inventory, long-distance calls, payroll, personnel, petty cash, etc.
Special Projects- These projects are audits or investigations that are conducted upon request. These include specific requests by TSU Regents, administration, departments, and investigations based on information obtained from various sources.
WHAT HAPPENS DURING AN AUDIT?
The audit process includes the following steps:
1. Notification Letter- With few exceptions, auditees are notified in writing when their area is selected for an audit. Due to the nature of some audit work, we may give little or no advance notice. These letters are sent to the Vice President of the area being audited as well as to the appropriate Dean, Chairperson, or Director. The notification letter states the scope and objectives to be accomplished in the audit.
2. Entrance Conference- Depending on the type of audit and the amount of audit work planned, an entrance conference may be scheduled with the head of the department to discuss the purpose and scope of the audit. This may also be accomplished via telephone if the auditee so desires. We encourage auditees to discuss any concerns or questions they have about the audit. Together, the auditee and the auditors determine the departmental personnel and data needed to conduct the audit.
3. Audit Work- It will often be necessary for the auditors to be in your area to review departmental records and conduct interviews of departmental personnel. The interviews are necessary for the auditor to become familiar with the department's operations and procedures. We realize each person's time is valuable so we attempt to arrange meetings in advance and to work around scheduling conflicts. Written policies and procedures may also be requested to aid the auditor in understanding the operations. The duration of the audit will vary depending upon its scope. Limited scope audits may take only a week or two while broad scope audits may take several months. The level of cooperation received from the auditee also has a bearing on the duration of the audit. Access to personnel and records is important for the prompt completion of our work.
4. Communicating Results– Issues requiring corrective action are documented in Audit Finding Sheets. Audit Finding Sheets will be issued to management, who will generally be given 10 working days to respond to the findings. Management responses should include a corrective action plan, along with timelines for implementation and the position(s) responsible for implementation.
5. Exit Conference- An exit conference will be held to discuss the results of the audit, as well as any audit findings. Those attending usually include the auditors, the Dean, Chairperson, or Director, as well as anyone from the department that the auditee wishes to invite. The exit conference provides an opportunity to resolve any questions or concerns the auditee may have about the findings and to resolve any other issues before the final audit report is released.
6. Final Audit Report- The final audit report will include the findings, recommendations, and management's responses. Copies of the final report are distributed to TSU Board of Regents, the President, applicable Vice Presidents, the head of the audited unit, the State Auditors Office, the Office of the Governor, the Legislative Budget Board, and the Sunset Commission.
7. Follow-up Reviews- There will be occasions when action to resolve a finding will not be accomplished until after the audit work is finished. Our professional standards require that we follow-up on previously reported findings to determine whether corrective action was taken as planned by the auditee. Follow-up reviews are usually conducted six to twelve months from issuance of the final audit report.
WHAT PROFESSIONAL STANDARDS DO INTERNAL AUDITORS FOLLOW?
The Office of Internal Audit provides a high level of professional service to the University by (1) following established professional standards, and (2) ensuring that its auditors have appropriate technical proficiency and educational background. The following guidelines are used to perform internal audit activities:
• The Texas Internal Auditing Act, Texas Government Code, Chapter 2102
• Government Auditing Standards (yellow book), published by the United States General
Accounting Office (GAO)
• The Standards for the Professional Practice of Internal Auditing published by the Institute of
Institute of Internal Auditors, Inc. (IIA)
• College and University Business Administration published by the National Association of College
of College and University Business Office (NACUBO)
• Code of Ethics as set forth by the Institute of Internal Auditors, Inc.
Auditors participate in the following certification programs:
• Certified Public Accountant (CPA)
• Certified Internal Auditor (CIA)
• Certified Information Systems Auditors (CISA)
• Certified Fraud Examiner (CFE)
Auditors also maintain memberships in the following professional organizations:
• American Institute of Certified Public Accountants / Texas Society of Certified Public Accountants
• Institute of Internal Auditors
• Information Systems Audit and Control Association
• Association of Certified Fraud Examiners
• Association of College and University Auditors / Texas Association of College and University
Additionally, auditors are required to obtain continuing professional education relevant to the services they provide.
WHO AUDITS THE AUDITORS?
The Office of Internal Audit is not immune to being audited. All audit reports must be submitted to several oversight agencies (Pursuant to the Texas Internal Auditing Act (Texas Government Code Section 2102). In addition, independent quality assurance reviews (peer reviews) are conducted periodically by external parties as required by law.