Home   Institutional Compliance   Quality Assurance Reviews
Institutional Compliance and Risk Services

Quality Assurance Reviews

A Quality Assurance Review (QAR) evaluates the procedures a department has in place to mitigate the risk of fraud.

In addition, QAR's verify the accuracy of the Department Manager's responses to the Fiscal Management Sub Certification and is in accordance with UT System financial accountability mandates. The Certification is used to assess a department’s system of internal controls in relation to the criteria in UTSA’s Management Assessment Tool. Each department manager will provide an opinion as to whether their department’s system of internal control is adequately designed, properly executed, effective, there are no misstatements or omissions in the financial information provided, and all frauds known to them have been reported and appropriately addressed.

QAR - Frequently Asked Questions

Why and how were we chosen to be reviewed?
Approximately 20% of active Department Managers are selected annually for a QAR using a risk assessment based on several variables, e.g., funding levels, complexity of transactions, Certification responses, etc. All Department Managers identified as “high risk” based on the risk assessment are selected for a QAR that year, with a goal of every Department Manager receiving a QAR at least once every five years. 

How are we notified if we have been selected for a QAR?
You will receive an email and/or a call from the Compliance Management Analyst in the Office of Institutional Compliance and Risk Services stating that you have been selected for a QAR and a request to complete a QAR Questionnaire to begin the review. To access a sample questionnaire, please click here

How does our department prepare for a QAR?
Department Managers should review the policies and suggestions found in the Management Assessment Tool and the Financial Guidelines. In addition, the initial email request will include the areas that will be reviewed. The reviews are based primarily from the answers on the annual Certification.

The following is a sample of items that may be reviewed: 

  • Monthly reconciliations
  • One Card transactions
  • Cash Handling process 
  • Capital Asset Management (i.e. Inventory Records)
  • Internal controls (I.e. Segregation of Duties, Information Security, Training) 

How long will the review last?
We do our best to ensure minimal disruption of the day-to-day activities of the department. This will be an electronic review, all information will be collected via email or similar form. The review period depends on the department’s response, usually a week. If the department does not provide a response or evidence by the assigned deadline, QAR will be closed and be assessed as a significant level of risk.

What kind of report will I receive?
Each Department Manager (and their immediate supervisor) will receive a report that assigns a code to the various areas reviewed. The code is as follows:

  • Red dot - significant departure from university policy, procedures and/or best practices;
  • Yellow dot - moderate departure from university policy, procedures and/or best practices;
  • Green dot - compliant with or non-significant departure from university policy, procedures and/or best practices.

The report is then quantified into an overall ranking of the risk of fraud in that department (i.e. significant risk, moderate risk or low risk). Click here for a sample report.

How is this different from an audit?
This is not an audit, nor does it substitute for an audit. The purpose of this review is to provide, in a consultative manner, an objective evaluation of internal controls in the area and to alert the Department Manager to potential risks.  A QAR is a “proactive” approach to monitoring internal controls so that Department Managers are aware of risks and can ensure they are adequately mitigated before weaknesses are identified in an audit.