Frequently Asked
Questions
- What are the functions and responsibilities of
the
Office of Auditing and Consulting Services?
- What does the Audit
Committee do?
- Why was I selected
to be audited?
- How long will the
audit take?
- What are the types
of audits performed?
- What are internal
controls?
- Are the internal
auditors responsible for maintaining UTSA's
System
of Internal
Controls?
- What is the audit
process?
- Are auditors
looking for fraud when performing audits?
- What is the
reporting process?
- Can UTSA personnel
seek advice from
the Office of Auditing & Consulting Services?
- Who audits the
Office of Auditing & Consulting Services?
- What should I do if I suspect fraud?
- What are the functions and responsibilities of the
Office of Auditing and Consulting Services?
The mission of the Office of Auditing and Consulting Services is to "Provide assurance and consulting services designed to add value and improve UTSA's operations. The Internal Auditing Charter approved by the President and the UT System Policy on Internal Audit Activities (UTS129) outlines the roles and responsibilities of the internal auditing function.
Top
- What does the Audit Committee do?
The Audit Committee serves to ensure that the
internal audit coverage for the University of Texas at San Antonio
adequately encompasses the breadth of operations; that the executive
management of the institution is fully aware of the audit activities
and findings; that the scope of an audit or information from an
audit is not restricted; and that the audit function is responsive
to management and is conducted with efficiency and professionalism. The Audit Committee Charter provides further details regarding the roles and responsibilities of the Audit Committee.
Top
- Why was I selected to be audited?
The Office of Auditing & Consulting
Services has established a comprehensive audit plan for UTSA
utilizing risk assessment. The current audit plan is based on a
five-year cycle. While all major activities are scheduled for audit
in this cycle, the audit frequency can vary depending upon
associated risks. An annual audit schedule is approved by the Audit
Committee to ensure that objectives, scope and allocated audit hours
support management goals.
Top
- How long will the audit take?
The length of the audit varies. The lead
auditor assigned to the audit will give a reasonable estimate of
time needed to complete the audit.
Top
- What are the types of audits
performed?
Audit projects can be placed into four
categories: financial audits, compliance audits, operational audits,
and Information Technology (IT) audits.
- Financial audits address questions of
accounting and reporting of financial transactions, including
commitments, authorizations and receipt and disbursement of
funds.
- Compliance audits determine the
degree of adherence to laws, policies, and procedures.
- Operational audits review operating
information and the means used to identify, measure, classify,
and report such information; review the means for safeguarding
assets; ascertain whether results are consistent with
management's goals and objectives and whether the operations are
being carried out as planned; appraise the economy and
efficiency with which resources are employed; and review the
systems established to ensure compliance with policies,
procedures, plans, laws, and regulations.
- IT audits evaluate system input,
output and processing controls, backup and recovery plans and
system data and physical security.
Top
- What are internal controls?
Internal controls can be categorized as either
accounting controls or administrative controls.
- Accounting controls are designed to
safeguard UTSA assets and ensure the accuracy of financial
records.
- Administrative controls are designed to
promote operational efficiency, effectiveness, and adherence to
UTSA policies and procedures.
The Office of Auditing & Consulting
Services reviews the adequacy of both accounting and administrative
controls during audit engagements.
Top
- Are the internal auditors
responsible for maintaining
UTSA's systems of internal control?
No. University management is responsible for
maintaining an adequate system of internal controls. Internal
auditors independently evaluate the adequacy of the existing
internal control systems by analyzing and testing controls. The
Office of Auditing & Consulting Services makes recommendations
to management to improve controls based on system testing and
control analysis.
Top
- What is the audit process?
When an activity is scheduled for audit, an
announcement letter is sent to the responsible parties. The auditor
will then schedule an entrance conference to discuss the objective
and scope of the audit. At this initial meeting, responsible parties
should take the opportunity to discuss any concerns or questions
they may have about the audit and how they can facilitate the review
process.
A typical audit has several stages, including
preliminary review, fieldwork, and reporting. The auditor flowcharts
and evaluates the system and its controls, collects data
and performs testing, documents the work performed and the
conclusions reached, and issues an audit report.
Top
- Are auditors looking for fraud when
performing audits?
Auditors are not specifically searching for the
existence of fraud. However, while conducting audits in accordance
with the Institute of Internal Auditor's "Standards for the
Professional Practice of Internal Auditing," improper
activities may be identified.
A good system of internal controls and a
control conscious organizational environment will reduce this risk.
Top
- What is the reporting process?
During the audit and at the conclusion of the
fieldwork, the auditor will discuss any findings noted during the
audit process. The responsible parties will receive a draft audit
report for review and, if required, an exit conference will be
scheduled. The conference is an opportunity to discuss the audit
findings, clarify any ambiguities and, if necessary, modify the
report. If the report contains recommendations, written responses
detailing corrective action, a projected implementation date, and
the responsible party will be required. The response is included in
the body of the report. Significant findings are reported to UT
System as well as the Audit Committee and the President.
All audit information is treated as
confidential and is reported only to those within the institution
who need to know. The final report and response are distributed to
appropriate management personnel, the Audit Committee, the
President, and UT System Administration.
Top
- Can UTSA personnel seek advice from
the Office of Auditing & Consulting Services?
Yes. The Office of Auditing & Consulting
Services acts as an in-house consultant on internal control matters
and provides guidance on control aspects of new systems and
procedures.
Please direct questions and requests for audits
to the Director of Auditing & Consulting Services at (210)
458-4237.
Top
- Who audits the Office of Auditing
& Consulting Services?
The Office of Auditing & Consulting
Services is not immune to being audited. Members of the State
Auditor's Office annually review internal audit activity. In
addition, every three years, a team of auditors from outside UTSA
performs a Quality Assurance Review as required by state law.
Please view our Quality Assurance Review Report
Top
- What should I do if I suspect fraud?
If you suspect fraud, you should report the information to your supervisor, Auditing and Consulting Services, or the University Police.
You may also report fraud through the UTSA Hotline at (877) 888-0002, via the web, or
provide a written compliant to:
Office of Institutional Compliance and Risk Services
One UTSA Circle
San Antonio, Tx 78249.
University policy and federal and state laws protect individuals who provide information regarding possible illegal activities in the workplace from retaliation. Every UTSA faculty and staff member has an ethical and moral responsibility to report suspected waste, fraud, abuse, and other illegal activities or unethical conduct.
Additional information may be found within the UT System Fraud Policy.
Top
|
