Audit - Frequently Asked Questions
What are the functions and responsibilities of the Office of Auditing and Consulting Services?
What does the Institutional Internal Audit Committee do?
Why was I selected to be audited?
What are the types of audits performed?
Are the internal auditors responsible for maintaining UTSA's System of Internal Controls?
Are auditors looking for fraud when performing audits?
What is the reporting process?
Can UTSA personnel seek advice from the Office of Auditing & Consulting Services?
Who audits the Office of Auditing & Consulting Services?
What should I do if I suspect fraud?
What are the functions and responsibilities of the Office of Auditing and Consulting Services?
The mission of the Office of Auditing and Consulting Services is to "Provide assurance and consulting services designed to add value and improve UTSA's operations". The Internal Audit Activity Charter approved by UTSA's Institutional Audit Committee and the UT System Policy on Internal Audit Activities (UTS129) outlines the roles and responsibilities of the internal auditing function.
What does the Institutional Internal Audit Committee do?
The Audit Committee Charter provides further details regarding the roles and responsibilities of the Institutional Internal Audit Committee.
Why was I selected to be audited?
The Office of Auditing & Consulting Services has established a comprehensive audit plan for UTSA utilizing risk assessment. The current audit plan is based on a five-year cycle. While all major activities are scheduled for audit in this cycle, the audit frequency can vary depending upon associated risks. An annual audit schedule is approved by the Institutional Internal Audit Committee to ensure that objectives, scope and allocated audit hours support management goals.
How long will an audit take?
The length of the audit varies. The lead auditor assigned to the audit will give a reasonable estimate of time needed to complete the audit.
What are the types of audits performed?
Audit projects can be placed into four categories: financial audits, compliance audits, operational audits, and Information Technology (IT) audits.
Financial audits address questions of accounting and reporting of financial transactions, including commitments, authorizations and receipt and disbursement of funds.
Compliance audits determine the degree of adherence to laws, policies, and procedures.
Operational audits review operating information and the means used to identify, measure, classify, and report such information; review the means for safeguarding assets; ascertain whether results are consistent with management's goals and objectives and whether the operations are being carried out as planned; appraise the economy and efficiency with which resources are employed; and review the systems established to ensure compliance with policies, procedures, plans, laws, and regulations.
IT audits evaluate system input, output and processing controls, backup and recovery plans and system data and physical security.
What are internal controls?
Internal controls can be categorized as either accounting controls or administrative controls.
Accounting controls are designed to safeguard UTSA assets and ensure the accuracy of financial records.
Administrative controls are designed to promote operational efficiency, effectiveness, and adherence to UTSA policies and procedures.
The Office of Auditing & Consulting Services reviews the adequacy of both accounting and administrative controls during audit engagements.
Are the internal auditors responsible for maintaining UTSA's System of Internal Controls?
No. University management is responsible for maintaining an adequate system of internal controls. Internal auditors independently evaluate the adequacy of the existing internal control systems by analyzing and testing controls. The Office of Auditing & Consulting Services makes recommendations to management to improve controls based on system testing and control analysis.
What is the audit process?
When an activity is scheduled for audit, an announcement letter is sent to the responsible parties. The auditor will then schedule an entrance conference to discuss the objective and scope of the audit. At this initial meeting, responsible parties should take the opportunity to discuss any concerns or questions they may have about the audit and how they can facilitate the review process.
A typical audit has several stages, including preliminary review, fieldwork, and reporting. The auditor flowcharts and evaluates the system and its controls, collects data and performs testing, documents the work performed and the conclusions reached, and issues an audit report.
Are auditors looking for fraud when performing audits?
Auditors are not specifically searching for the existence of fraud. However, while conducting audits in accordance with the Institute of Internal Auditor's "Standards for the Professional Practice of Internal Auditing," improper activities may be identified.
A good system of internal controls and a control conscious organizational environment will reduce this risk.
What is the reporting process?
During the audit and at the conclusion of the fieldwork, the auditor will discuss any findings noted during the audit process. The responsible parties will receive a draft audit report for review and, if required, an exit conference will be scheduled. The conference is an opportunity to discuss the audit findings, clarify any ambiguities and, if necessary, modify the report. If the report contains recommendations, written responses detailing corrective action, a projected implementation date, and the responsible party will be required. The response is included in the body of the report. Significant findings are reported to UT System as well as the Audit Committee and the President.
All audit information is treated as confidential and is reported only to those within the institution who need to know. The final report and response are distributed to appropriate management personnel, theistic Internal Audit Committee, the President, and UT System Administration.
Can UTSA personnel seek advice from the Office of Auditing and Consulting Services?
Yes. The Office of Auditing & Consulting Services acts as an in-house consultant on internal control matters and provides guidance on control aspects of new systems and procedures. Please direct questions and requests for audits to the Director of Auditing & Consulting Services at (210)
458-4237.
Who audits the Office of Auditing & Consulting Services?
The Office of Auditing & Consulting Services is not immune to being audited. Members of the State Auditor's Office annually review internal audit activity. In addition, every three years, a team of auditors from outside UTSA performs a Quality Assurance Review as required by state law.
Please view our Quality Assurance Review Report.
What should I do if I suspect fraud?
You may also report fraud through the UTSA Hotline at (877) 888-0002, via the web, or provide a written compliant to:
Office of Institutional Compliance and Risk Services
One UTSA Circle
San Antonio, Tx 78249.
University policy and federal and state laws protect individuals who provide information regarding possible illegal activities in the workplace from retaliation. Every UTSA faculty and staff member has an ethical and moral responsibility to report suspected waste, fraud, abuse, and other illegal activities or unethical conduct.
Additional information may be found within the UT System Fraud Policy.