Texas Southern University » About TSU » Administration » Internal Audit » Functions of Auditing

Functions of Audit

The Office of Internal Audits conducts independent and objective reviews of University operations and procedures and reports findings and recommendations to the TSU Board of Regents, the President and other executive officers, as appropriate. In order to accomplish our objectives, we must perform the following on a continual basis:

 
  • Evaluate the adequacy of the internal control structure.
  • Assess compliance with written policies and procedures.
  • Evaluate the reliability of accounting and reporting systems and procedures.
  • Verify the existence of assets and ensure proper safeguards for their protection.
  • Investigate reported occurrence of fraud, embezzlement, theft, waste, etc., and recommend controls to prevent or detect such occurrences.
  • Review general controls and computer security procedures in the Data processing Division and any user department with access to the administrative mainframe computer.
 
In performing these activities, the auditor is authorized to have full, free, and unrestricted access to all property, personnel and records (including medical) relevant to the subject under review. The Board of Regents, via the TSU Internal Audit Charter, grants this authority.
 
 
FAQ:
 
 
HOW IS AN AREA SELECTED TO BE AUDITED?
 
Risk Analysis - The Office of Internal Audits has developed an audit plan utilizing risk analysis to identify the major areas needing audit attention. Each year the audit staff evaluates the top risk areas and determines which should be included in the annual audit plan. The Board of Regents approves the plan.
 
General Operational Audits - These audits are conducted annually or once every two years as required by state law. Samples of various transactions (accounting, inventory, long-distance calls, payroll, personnel, petty cash, etc.) are reviewed to verify their accuracy and compliance with procedures. These reviews are used to identify weaknesses, which warrant more in-depth audit coverage.

Special Projects - These projects are audits or investigations that are conducted upon request. These include specific requests by TSU Regents, administration, departments, and investigations based on information obtained from various sources.
 
 
WHAT HAPPENS DURING AN AUDIT?
 
The audit process includes the following steps:
 
Notification Letter - With few exceptions, auditees are notified in writing when their area is selected for an audit. Due to the nature of some audit work, we may give little or no advance notice. These letters are sent to the president, the Vice President of the area being audited as well as to the appropriate Dean, Chairperson, or Director. The notification letter states scope and objectives to be accomplished in the audit.
 
Entrance Conference - Depending on the type of audit and the amount of audit work planned, an entrance conference may be scheduled with the head of the department to discuss the purpose and scope of the audit. This may also be accomplished via telephone if the auditee so desires. We encourage auditees to discuss any concerns or questions they have about the audit. Together, the auditee and the auditors determine the departmental personnel and data needed to conduct the audit.
 
Audit Work - It will often be necessary for the auditors to be in your area to review departmental records and conduct interviews of departmental personnel. The interviews are necessary for the auditor to become familiar with the department's operations and procedures. We realize each person's time is valuable so we attempt to arrange meetings in advance and to work around scheduling conflicts. Written policies and procedures may also be requested to aid the auditor in understanding the operations. The duration of the audit will vary depending upon its scope. Limited scope audits may take only a week or two while broad scope audits may take several months. The level of cooperation received from the auditee also has a bearing on the duration of the audit. Access to personnel and records is important for the prompt completion of our work.
 
 
Communicating Results - The results and recommendations are communicated to the auditee via Interim Audit Memorandums (IAMs), Management Advisories (MAs), informal letters to the department, and/or informal verbal communication. Our recommendations are intended to benefit the area and the University. The purpose of the IAM is to establish, in writing, whether the auditee understands and agrees with the conclusions drawn from the audit tests, observations, and inquiries. The auditee is provided the opportunity to agree or disagree with the conclusions and to provide, in writing, their own proposed resolutions and estimated implementation date. The purpose of the MA is to offer suggestions for improving controls in a specified area. These are not included in the audit report.
 
Exit Conference - If the auditee agrees, an exit conference may be held to discuss the audit findings. Those attending usually include the auditors, the Dean, Chairperson, or Director, as well as anyone from the department that the auditee wishes to invite.
The exit conference provides an opportunity to resolve any questions or concerns the auditee may have about the findings and to resolve any other issues before the final audit report is released. We encourage the auditee to request an exit conference because it brings closure to the audit process.
 
Final Audit Report - The final audit report will include the findings, recommendations, and management's responses. Each report contains a schedule, which summarizes each recommendation, lists the responsible party, and gives the estimated date or implementation. Copies of the final report are distributed to TSU Board of Regents, the President, applicable Vice Presidents, the head of the audited unit, the State Auditor’s Office, the Office of the Governor, and the Legislative Budget Board.
 
Follow-up Reviews - There will be occasions when action to resolve a finding will not be accomplished until after the audit work is finished. Our professional standards require that we follow-up on previously reported findings to determine whether corrective action was taken as planned by the auditee.
 
 
WHAT PROFESSIONAL STANDARDS DO INTERNAL AUDITORS FOLLOW?
 
The Office of Internal Audits provides a high level of professional service to the University by (1) following established professional standards, and (2) ensuring that its auditors have appropriate technical proficiency and educational background. The following guidelines are used to perform internal audit activities:
 
  • The Texas Internal Auditing Act
  • Government Auditing Standards published by the United States General Accounting Office (GAO)
  • The Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors, Inc.
  • College and University Business Administration published by the National Association of College and University Business Office
  • Code of Ethics as set forth by the Institute of Internal Auditors, Inc.
 
Auditors participate in the following professional association and certification programs:
 
  • Certified Public Accountant (CPA)
  • Certified Internal Auditor (CIA)
  • Certified Information Systems Auditors (CISA)
  • Certified Fraud Examiner (CFE)
  • Certified Government Financial Mangers (CGFM)
 
Addition, auditors are required to attend continuing education classes relevant to the services they provide.
 
 
WHO AUDITS THE AUDITORS?
 
The Office of Internal Audits is not immune to being audited. Members of the State Auditor's Office annually review internal audit activity. In addition, every three years, a team of auditors from outside The University performs a Quality Assurance Review as required by law.

© 2009 Texas Southern University, all rights reserved
3100 Cleburne Street, Houston, TX 77004
Phone: 713-313-7011