Office of Internal Audit - The Audit Process
The audit process includes the following steps:
- Scheduling - Whenever appropriate, the timing of an audit is discussed and agreed with management.
- Engagement Letter - The engagement letter serves to notify management of a pending audit/consulting services engagement. Notification occurs via email, and usually includes a request for preliminary documentation needed for the review, such as written policies, procedures and flowcharts, etc. Depending on the nature of the audit work, some staff impacted may receive little or no advance notice.
- Entrance Conference - An entrance conference may be scheduled with the department to discuss the purpose and scope of the audit. This may be accomplished via telephone or e-mail if the auditee so desires. We encourage auditees to discuss any concerns or questions they have about the audit and will solicit input regarding issues management would like us to include in the review.
- Field Work - As much as practical, we will review documentation in our office; however, we may also need to work on-site to access necessary records and information. We will frequently conduct interviews and complete questionnaires with departmental personnel to gain a better understanding of operations and procedures. We realize each person's time is valuable, so we attempt to arrange meetings in advance and to work around scheduling conflicts. Please note that TSUS Rules and Regulations provide that "auditors shall have full, free, and unrestricted access to all activities, records, property, infrastructure, and personnel." The Rules further stipulate that documents and information we obtain during any review are to be safeguarded and handled in a professionally responsible and confidential manner in accordance with Texas Law.
- Draft Audit Report - Throughout the review, potential issues and recommendations will be discussed with departmental management. After completion of our work, we will draft a report and present it to departmental management for review and commentary. We encourage open communication and the sharing of information with employees familiar with the details to ensure that issues noted in draft reports are accurate, fairly presented, and complete. There may be several iterations of draft reports, particularly if new, relevant information becomes available or circumstances change significantly during the drafting stages. Ultimately, we will request a response from management for each of the recommendations contained in the draft report. Per the TSUS Rules and Regulations, management's responses must include a corrective action plan, those responsible for implementing the corrective actions, and an estimated timetable for completion. When the audit report has been developed at the institutional level, a copy is emailed to the Texas State University System, Chief Audit Executive for review. Any further revisions are cleared with the auditee prior to release of the final report.
- Exit Conference - A formal exit conference may be held at the option of the auditee. Sometimes, this process can be completed on an informal basis via e-mail, telephone or other forms of communication.
- Report Distribution - Final audit reports are addressed to the President, with copies distributed to appropriate Component management, the Chancellor and other System Office executives, the Board of Regents, and state officials.