Internal Auditing is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of The University of Texas at Dallas. The mission of internal audit is to enhance and protect organizational value by providing risk-based and objective assurance, advice and insight. Internal audit assists The University of Texas at Dallas in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the organization’s governance, risk management, and internal control.
Internal Audit Activity Charter
The Institute of Internal Auditors’ Implementation Guides, Practice Guides, Supplemental Guidance, and Position Papers will also be adhered to as applicable to guide operations. In addition, the internal audit activity will adhere to The University of Texas at Dallas relevant policies and procedures and the internal audit activity’s standard operating procedures manual.
The CAE will communicate and interact directly with the institutional audit committee, including in executive sessions and between committee meetings, as appropriate. Responsibilities of the institutional audit committee are outlined in its charter (PDF).
Internal auditors will have no direct operational responsibility or authority over any of the activities audited. Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair internal auditor’s judgment. Internal auditors may provide assurance services where they have previously performed consulting services provided the nature of the consulting did not impair objectivity, and provided individual objectivity is managed when assigning resources to the engagement.
Internal auditors will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors will make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments.
The CAE will confirm to the UT System CAE, at least annually, the organizational independence of the internal audit activity and its staff members. The UT System CAE reports this to the ACRMC.
- Developing relationships throughout the organization to become a trusted advisor to management on risk management and internal control matters.
- Maintaining a professional audit staff with sufficient knowledge, skills, abilities, experience, and professional certifications.
- Evaluating risk exposure relating to achievement of the organization’s strategic objectives.
- Evaluating the reliability and integrity of information and the means used to identify, measure, classify, and report such information.
- Evaluating the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on the organization.
- Evaluating the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
- Evaluating the effectiveness and efficiency with which resources are employed.
- Evaluating operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
- Monitoring and evaluating governance processes.
- Monitoring and evaluating the effectiveness of the organization’s risk management processes.
- Evaluating the quality of performance of external auditors and the degree of coordination with internal audit, as applicable.
- Performing consulting and advisory services related to governance, risk management and control as appropriate for the organization. Such services include management requests, participation on institutional committees, and participation on implementation teams for information technology projects and business process improvements.
- Evaluating specific operations at the request of the institutional audit committee or management, as appropriate.eveloping a flexible, annual audit plan using an appropriate risk-based methodology, including any risks or control concerns identified by management, and submitting that plan to the President and institutional audit committee for review and approval on an annual basis. UT System provides guidance and feedback on the annual audit plans, and the UT System Board of Regents approves the System-wide annual audit plan;
- Conducting investigations of significant suspected fraudulent activities in accordance with the fraud policy outlined at UTS 118 – Dishonest or Fraudulent Activities.
The internal audit plan will be developed based on a prioritization of the audit universe using a risk-based methodology, including input of senior management and the institutional audit committee. The CAE will review and adjust the plan, as necessary, in response to changes in the internal audit resource levels or the organization’s business, risks, operations, programs, systems, and controls. Any significant deviation from the internal audit plan will be communicated to and approved by the institutional audit committee through periodic activity reports.
Communication of the engagement results may vary in form and content depending upon the nature of the engagement and the needs of the client. A formal internal audit report will include management’s response and corrective action taken or to be taken in regard to the specific findings and recommendations. Management’s response should include a timetable for anticipated completion of action to be taken and an explanation for any corrective action that will not be implemented.
The internal audit activity will be responsible for appropriate follow-up on management’s action plans to address engagement findings and recommendations and reporting the results to appropriate management members and the institutional audit committee. All significant findings will remain as open issues until reviewed and cleared by internal audit.
Internal audit will fulfill reporting requirements for audit reports and the annual report, including the annual audit plan, as prescribed by the Texas Internal Auditing Act.
The CAE will periodically report to the institutional audit committee on the internal audit activity’s purpose, authority, and responsibility, as well as performance relative to its plan. Reporting will also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the institutional audit committee.
The CAE will communicate to the institutional audit committee on the internal audit activity’s quality assurance and improvement program at least annually, including results of ongoing internal assessments and external assessments conducted at least every three years.