Internal Audit - Mission Statement and Charter
Audit Mission Statement
Provide assurance and consulting services designed to add value and improve UTSA's operations.
Mission and Scope of Work
The mission of The University of Texas at San Antonio (UTSA) Office of Auditing and Consulting Services is to “provide assurance and consulting services designed to add value and improve UTSA’s operations”. It helps the institution accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, operational, and governance processes.
The scope of work of Auditing and Consulting Services is to determine whether UTSA’s network of risk management, control, and processes, as designed and represented by management, is adequate and functioning in a manner to help ensure:
- Risks are appropriately identified and managed
- Significant financial, managerial, and operating information is accurate, reliable, and timely
- Employees’ actions are in compliance with policies, standards, procedures, and applicable laws and regulations
- Resources are acquired economically, used efficiently, and adequately protected
- Programs, plans, and objectives are achieved
- Quality and continuous improvement are fostered in the institution’s control process
The Office of Auditing and Consulting Services performs four types of engagements:
- Assurances Services/Audits are objective examinations of evidence for the purpose of providing an independent assessment on control processes, risk management, and governance for the university. These services are outlined in our annual audit plan and include operational, financial, compliance, and information technology audits.
- Consulting Services/Special Requests are advisory and other service activities including counsel, advice, facilitation, process design, and training. The objective of consulting services is to add value in the development or modification of processes, procedures, and controls to minimize risk and achieve objectives. The nature and scope of particular consulting services are agreed upon with management. Consulting services may include participation on various committees and task forces, including but not limited to, the design/development of new business and computer systems.
- Investigations are conducted to evaluate allegations of suspected and reported fraudulent and/or dishonest activities. When the investigation substantiates suspected criminal activity, the University Police Department will be notified for further action.
- Follow-up is performed quarterly on recommendations to ensure management has taken appropriate corrective action.
Additionally, if the Office of Auditing and Consulting Services does not have the specialized knowledge, skills or other competencies to perform a certain engagement, it may be necessary to engage an external service provider. The Institutional Internal Audit Committee will approve the hiring of an external service provider.
AccountabilityThe Executive Director of Audit, Compliance, and Risk Services is designated as the Chief Audit Executive of UTSA.
The Executive Director of Audit, Compliance, and Risk Services, in the discharge of his/her duties, shall be accountable to the UTSA President and the Institutional Internal Audit Committee to:
- Provide assessments on the adequacy and effectiveness of the organization’s processes for controlling its activities and managing its risks in the areas set forth under the mission and scope of work
- Report significant issues related to the processes for controlling the activities of the organization and its affiliates, including potential improvements to those processes, and provide information concerning such issues through resolution
- Periodically provide information on the status and results of Auditing and Consulting Services’ annual work plan and the sufficiency of department resources
- Coordinate UTSA’s interaction with the State Auditor’s Office and other external audit entities
To provide for the independence of the internal auditing activity, the Executive Director of Audit, Compliance, and Risk Services reports directly to the UTSA President and must be free of all operational and management responsibilities that would impair his/her ability to review independently all aspects of the institution (per the Texas Internal Auditing Act, Section 2102, Government Code). The Executive Director of Audit, Compliance, and Risk Services also has an indirect reporting relationship to the University of Texas System (UT System) Chief Audit Executive who has responsibility for oversight of the internal auditing activity for the UT System and has the reporting responsibility for all institutions to the Audit, Compliance, and Management Review Committee of the Board of Regents. The Institutional Internal Audit Committee will provide input to the President on the hiring and dismissal of the Chief Audit Executive in consultation with the UT System Chief Audit Executive.
Auditing and Consulting Services has responsibility to:
- Develop a flexible annual work plan using an appropriate risk-based methodology, including any risks or control concerns identified by management, and submit that plan to the UTSA President, Institutional Internal Audit Committee, and the Audit, Compliance, and Management Review Committee of the Board of Regents for review and approval as well as periodic updates
- Implement the annual work plan, as approved, including as appropriate any special projects requested by executive management of the institution, UT System officials, or the Board of Regents
- Have and maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this charter and the Texas Internal Auditing Act
- Evaluate and assess significant merging/consolidating functions and new or changing services, processes, operations, and control processes coincident with their development, implementation, and/or expansion
- Issue periodic reports to the President and Institutional Internal Audit Committee summarizing results of audit activities
- Keep the President and Institutional Internal Audit Committee informed of emerging trends and successful practices in internal auditing
- Assist in the investigation of significant issues within the institution and notify appropriate members of executive management of the results
- Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the institution
- Conduct quality assurance reviews in accordance with professional Internal Auditing standards and periodically take part in an external peer review
- Provide consulting and advisory services as appropriate
- Guide the institution on control self-assessment by assisting managers with risk self-assessment and conducting self-audits
- Provide information to the UT System Chief Audit Executive as required or requested to fulfill the System-wide audit oversight and reporting responsibilities
- File internal audit reports and related responses or action plans with the UT System Audit Office, the Office of the Governor, the State Auditor’s Office, Sunset Advisory Commission, and the Legislative Budget Board within two weeks after their presentation to the Institutional Internal Audit Committee
- Prepare the annual report required by the Texas Internal Auditing Act (Section 2102, Government Code) and submit the report to the UTSA President, UT System Audit Office, the Office of the Governor, the State Auditor’s Office, Sunset Advisory Commission, and the Legislative Budget Board
Auditing and Consulting Services staff are authorized to:
- Have full, free, and unrestricted access to all functions, activities, records, property and information systems
- Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives
- Obtain the necessary assistance of personnel in units where they perform audits, as well as other specialized services from within or outside the institution
- Perform any operational duties
- Initiate or approve accounting transactions external to Auditing and Consulting Services
- Direct the activities of any UTSA employee not employed by Auditing and Consulting Services, except to the extent such employees have been appropriately assigned to auditing teams or to otherwise assist the auditors
Standards of Audit Practice
The activities of Auditing and Consulting Services will meet or exceed the International Standards for the Professional Practice of Internal Auditing of The Institute of Internal Auditors and uphold the principles of integrity, objectivity, confidentiality, and competency as defined in The Institute of Internal Auditors Code of Ethics. Auditing and Consulting Services will also abide by generally accepted government auditing standards, the Texas Internal Auditing Act, and University of Texas System guidelines and applicable UT System Policies.