Frequently Asked Questions
Based upon input from the Internal Audit Committee, executive management, and the UT System Audit Office, an annual audit plan is developed that contains the scheduled projects for the upcoming fiscal year. The Office of Auditing and Consulting Services performs three types of engagements:
Assurances Services/Audits are objective examinations of evidence for the purpose of providing an independent assessment on control processes, risk management, and governance for the university. These services are outlined in our annual audit plan and include operational, financial, compliance, and information technology audits.
Consulting Services/Special Requests are advisory and other service activities including counsel, advice, facilitation, process design, and training. The objective of consulting services is to add value in the development or modification of processes, procedures, and controls to minimize risk and achieve objectives. The nature and scope of particular consulting services are agreed upon with management.
The Office of Auditing & Consulting Services acts as an in-house consultant on internal control matters and provides guidance on control aspects of new systems and procedures. We offer consulting services based on management requests and the availability of resources. Typically, consulting services do not follow the same reporting process as formal audits. Management may request a review and results of the review can either be verbal or in a written memo. Please direct questions and requests for consulting services or audits to the Chief Audit Executive at (210) 458-4237.
Investigations evaluate allegations of suspected and reported fraudulent and/or dishonest activities. When the investigation substantiates suspected criminal activity, the UTSA Police Department will be notified for further action.
Here are the phases of a typical audit:
1. Planning
You will receive notification of the audit and an entrance conference may be scheduled to discuss our procedures, schedule, scope, and answer any questions.
We then conduct interviews to gain an understanding of the process and request relevant documents such as policy and procedures manuals.
In addition, a risk assessment is performed. Based on the high risk areas identified and the information obtained in planning, we develop audit objectives which are shared with you before we begin our fieldwork.
2. Fieldwork
We conduct detailed testing/procedures to achieve the audit objectives. Fieldwork procedures can include documenting procedures, obtaining an understanding of certain processes and/or testing a sample for certain attributes. Our office discusses any issues identified during fieldwork.
3. Draft Report
You will receive a draft audit report for review and an exit conference may be scheduled to discuss the audit observations and clarify any ambiguities. If the report contains any audit observations, you will provide us with written management action plan(s) approved by your supervisor, an implementation date(s), and the person(s) responsible for implementing the action plan. Management action plans are included in the final report and forwarded to the appropriate vice president for review and comments as well.
4. Issuance of Final Report
After the report has been reviewed by the UTSA Internal Audit Committee and signed by the President, the report is distributed to the required external agencies and appropriate management. Priority observations will be reported to the Audit, Compliance, and Management Review Committee of the Board of Regents.
5. Follow-up
Quarterly, our office will follow up on the audit observations to ensure appropriate corrective action has been taken and report the results to the Internal Audit Committee.
State law requires that a team of external reviewers perform a quality assurance review of internal audit operations every three years. For a copy of our most recent quality assurance review, please see the 2023 External Quality Assessment Report.
