Skip to Search Skip to Global Navigation Skip to Local Navigation Skip to Content

Quality Assurance Reviews

A Quality Assurance Review (QAR) evaluates the procedures a department has in place to mitigate the risk of fraud.

In addition, QAR's verify the accuracy of the Department Manager's responses to the Fiscal Management Sub Certifications and Management Certifications (Certification) and is in accordance with UT System financial accountability mandates. The Certifications are used to assess a department’s system of internal controls in relation to the criteria in UTSA’s Management Assessment Tool. Each department manager will provide an opinion as to whether their department’s system of internal control is adequately designed, properly executed, effective, there are no misstatements or omissions in the financial information provided, and all frauds known to them have been reported and appropriately addressed.

QAR - Frequently Asked Questions

Why and how were we chosen to be reviewed?
Department Managers from each Vice President's area are selected based on a risk assessment that considers several variables, e.g., funding levels, complexity of transactions, Certification responses, etc. Given the large scope of this initiative and our available resources, a limited number of Department Managers are selected for each Vice President's area each fiscal year. All Department Managers will eventually be selected for a QAR.

Approximately 20% of active Department Managers are selected annually for a QAR using a risk assessment based on multiple criteria. All Department Managers identified as “high risk” based on the risk assessment are selected for a QAR that year, with a goal of every Department Manager receiving a QAR at least once every five years.


How are we notified if we have been selected for a QAR?
You will receive an email and/or a call from the Compliance Management Analyst II in the Office of Institutional Compliance and Risk Services stating that you have been selected for a QAR and a request to schedule a time for the meeting to be performed.


How does our department prepare for a QAR?
Department Managers should review the policies and suggestions found in the Management Assessment Tool. In addition, approximately one week prior to the QAR you will be provided with questionare that will include the areas that will be reviewed. The reviews are based primarily from the answers on the annual Certification. To access the questionaire, please click here.


How long will the review last?
We do our best to ensure minimal disruption of the day to day activities of the department. The interview with the Department Managers will take approximately one hour.


What kind of report will I receive?
Each Department Manager (and their immediate supervisor) will receive a report that assigns a code to the various areas reviewed. The code is as follows:

  • Red dot - significant departure from university policy, procedures and/or best practices;
  • Yellow dot - moderate departure from university policy, procedures and/or best practices;
  • Green dot - compliant with or non-significant departure from university policy, procedures and/or best practices.

The report is then quantified into an overall ranking of the risk of fraud in that department (i.e. significant risk, moderate risk or low risk). Click here for a sample report.

Update: Currently, we are not issuing an overall risk level since our scope of work is limited. We plan to include the overall risk level rating when we begin focusing on more risk areas.


How is this different from an audit?
This is not an audit, nor does is substitute for an audit. The purpose of this review is to provide, in a consultative manner, an objective evaluation of internal controls in the area and to alert the Department Manager to potential risks.  A QAR is a “proactive” approach to monitoring internal controls so that Department Managers are aware of risks and can ensure they are adequately mitigated before weaknesses are identified in an audit.