Handbook of Operating Procedures 3-1020
Internal Audit Office Charter
The University of Texas at Austin
Executive Sponsor: Office of the President
February 9, 2009
- Organizational Structure
- The Internal Auditor is a vital part of the University and functions in accordance with the policies established by the President, Chancellor, System Administration, and the Board of Regents. The director of the Office of Internal Audits (“director”) reports to the President of The University. The organizational status and the support accorded to the director by the executive management are major determinants of the scope and value of the internal audit function to the institution.
- UT Austin maintains an institutional audit committee. The Internal Audit Committee Charter has been developed and approved.
- The Office of Internal audits provides independent, objective assurance, and consulting services designed to add value and improve UT Austin's operations. The Office was established within The University of Texas System to evaluate and improve the effectiveness of risk management, control, and governance processes as a service to the Board of Regents through the Audit, Compliance, and Management Review Committee (“ACMR”), management of The University of Texas System, and management of UT Austin to assist all entities in accomplishing their objectives.
- The Office of Internal Audits is responsible for providing executive management with information about the adequacy and effectiveness of the institution's system of internal administrative and accounting controls and the quality of operating performance when compared with established standards.
To provide for the independence of the director, he or she reports directly to the president and must be free of all operational and management responsibilities that would impair his or her ability to review independently all aspects of UT Austin (per the Texas Internal Auditing Act, Chapter 2102, Texas Government Code). The director has an indirect reporting relationship to the UT System chief audit executive (“CAE”).
- The director must have a high degree of independence and not be assigned duties or engage in any activities that the Office would normally be expected to review or appraise. To accomplish these activities the director is authorized to have full, free, and unrestricted access to all functions, activities, property, information systems, personnel, and records (including medical). The examination of patient medical records must serve a genuine audit need; and individual patients should not be identified in any audit report.
- The director is not authorized to perform any operational duties, initiate or approve accounting transactions external to the Office of Internal Audits, or direct the activities of any employee not employed by Internal Audit, except to the extent such employees have been appropriately assigned to auditing teams or to otherwise assist Internal Audit.
- Scope of Activities
- The scope of work of the Office of Internal Audits is to determine whether UT Austin's network of risk management, control, and processes, as designed and represented by management, is adequate and functioning in a manner to help ensure:
- Risks, including strategic ricks, are appropriately identified and managed;
- Significant financial, managerial, and operating information is accurate, reliable, and timely;
- Employees' actions are in compliance with policies, standards, procedures, and applicable laws and regulations;
- Resources are acquired economically, used efficiently, and adequately protected;
- Programs, plans, and objectives are achieved; and
- Quality and continuous improvement are fostered in UT Austin's control process.
- Opportunities for improving management control may be identified within Internal Audit’s scope of work. The opportunities will be communicated to the appropriate level of management.
Internal Audit has responsibility to:
- Develop a flexible annual work plan using an appropriate risk-based methodology, including any risks or control concerns identified by management, and submit that plan to the president, Internal Audit Committee, and the UT System CAE for coordination and submission to the ACMR of the Board of Regents for review and approval; and submit for approval any changes in the approved annual audit plan to the president, Internal Audit Committee, and the UT System CAE for submission to the ACMR of the Board of Regents.
- Implement the annual work plan, as approved, including as appropriate any special projects requested by executive management of UT Austin, UT System officials, or the Board of Regents.
- Have and maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this charter and the Texas Internal Auditing Act.
- Evaluate and assess significant merging/consolidating functions and new or changing services, processes, operations, and control processes coincident with their development, implementation, and/or expansion.
- Communicate the results of engagements promptly and to the appropriate individuals.
- Issue periodic reports to the president and Internal Audit Committee summarizing results of audit activities.
- Keep the president and Internal Audit Committee informed of emerging trends and successful practices in internal auditing.
- Assist in the investigation of significant issues within UT Austin and notify appropriate members of executive management of the results.
- Conduct special audits and special consultations requested by the Board of Regents, president, or Internal Audit Committee.
- Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to UT Austin.
- Ensure that an appropriate internal quality control system is in place and undergoes an external peer review of its auditing and attestation engagement practices at least once every three years by reviewers independent of the audit organization in accordance with UT System Policy UTS129.
- Provide consulting and advisory services as appropriate.
- Guide UT Austin on control self-assessments by assisting managers with risk self-assessments and conducting self-audits.
- Provide information to the UT System CAE as required or requested to fulfill the System-wide audit oversight and reporting responsibilities.
- File internal audit reports and related responses or action plans with the UT System Audit Office, the Office of the Governor, the State Auditor's Office, the Sunset Advisory Commission, and the Legislative Budget Board within two weeks after their presentation to the Internal Audit Committee.
- Prepare the annual report required by the Texas Internal Auditing Act (Chapter 2102, Texas Government Code) and submit the report to the president, Internal Audit Committee, UT System Audit Office, the Office of the Governor, the State Auditor's Office, the Sunset Advisory Commission, and the Legislative Budget Board.
In order to fulfill the responsibilities for keeping executive management aware of issues at the institutional level and following-up to ascertain that appropriate action is taken on findings/recommendations included in internal audit reports, the System Audit Office maintains a series of "System-wide" tracking systems. The tracking systems are described below:
- Significant Findings Tracking System
There are two types of audit findings/recommendations: reportable and significant. A "reportable" audit finding/recommendation should be included in an audit report if it is material to the operation, financial reporting, or legal compliance of the audited activity, and the corrective action has not been fully implemented. "Significant" audit findings/recommendations are reportable audit findings/recommendations that are deemed significant at the institutional level by the Internal Audit Committee or Committee designee. Significant audit findings/recommendations are submitted to and tracked by the System Audit Office. Quarterly, the chief business officer is asked for the status of implementation. A summary report is provided to the Internal Audit Committee, UT System, and the ACMR of the Board of Regents.
Note: UT Austin is responsible for maintaining a tracking system for "reportable" findings. The Office of Internal Audits will follow up on findings for which corrective action has not been accomplished.
- External Audit Findings Tracking System
Quarterly, the chief business officer is asked for the status of implementation of outstanding recommendations made by the State Auditor's Office and other external auditors. A summary report is provided to the Internal Audit Committee, UT System, and the ACMR of the Board of Regents.
- Tracking – Other
In an effort to assist executive management in remaining aware of issues at UT Austin, the System Audit Office maintains the "fraud" and "audit plan monitoring" tracking systems.
- Fraud Tracking
The director must provide a status on the frauds reported to the System Audit Office in accordance with UT System Policy UTS118. The results are communicated to the Internal Audit Committee, UT System Audit Office, and the ACMR of the Board of Regents.
- Audit Plan Monitoring
The director must provide the UT System CAE a quarterly status report of the progress on the annual audit plan. A summary report is provided to the UT System Institutional Audit Committee and the ACMR of the Board of Regents.
- Standards of Audit Practice
The Institute of Internal Auditors Standards for the Professional Practice of Internal Auditing and the Code of Ethics, and generally accepted governmental auditing standards, shall serve as guidelines for internal audit activities as required by the Texas Internal Auditing Act.
Source: Revised previous HOP Chapter 2, Section 9 Internal Audit Charter
Previously HOP 1.C.5