The University of Texas at Dallas
close menu

Audit and Advisory Services

FAQs

UT Dallas > Audit and Advisory Services > About Us > FAQs

How are audits selected?

Each year, an audit plan is developed based on a risk assessment process. Audits are selected based on risks, state/federal/other requirements, special requests, or changes in leadership. The audit plan is approved by the UT Dallas Audit Committee and ultimately the UT System Board of Regents. A copy of the most recent audit plan is located under “Audit Plans and Reports.”

What are internal controls?

Internal controls are typically designed by management to provide assurance over:

  • Effectiveness and efficiency of operations.
  • Reliability of financial reporting.
  • Compliance with applicable laws and regulations.

Some examples of internal controls include separating the duties between the preparation and approval of cost center reconciliations, ensuring supervisory authorization for business expenses, and ensuring monitoring procedures exist to ensure compliance with federal grants.

What happens in an audit?

When an area is selected for review, the following process generally occurs:

Audit Planning

The auditor in charge of the project and his/her team will perform planning procedures to gain an understanding of the audit area, including preparing a risk assessment.

Entrance Conference

This is a meeting between the manager(s) of the area being audited and the audit team. In the meeting we explain what we expect to happen in the audit and give you the opportunity to share any concerns you may have. For example, if you would like us to review a particular process or procedure in your unit, let us know at this meeting and we will try to include it in our audit.

Fieldwork

During this phase, we will perform audit work on the areas discussed in the entrance conference.

Exit Conference

Throughout our review we will try to be open regarding what we find and plan to recommend in the audit report. Once we complete the fieldwork, we will meet informally with departmental management to discuss our preliminary results. If we have misinterpreted anything in the review, or if you disagree with our conclusions, you have the opportunity to let us know so that we can make clarifications before issuing our report.

Report Writing

After the exit conference, a draft report will be written stating what we did, what we found, and any recommendations resulting from the work performed.

Observation Risk Rankings

  • Priority observations: if not addressed immediately, a priority observation has a significant probability to directly affect the achievement of a strategic or important operational objective of UT Dallas or the UT System as a whole.  These observations are reported to and tracked by the UT System Audit, Compliance, and Risk Management Committee (ACRMC).
  • High-risk observations: substantially undesirable and pose a high probability of adverse effects to UT Dallas either as a whole or to a division/school/department level.
  • Medium-risk observations: considered to have a moderate probability of adverse effects to UT Dallas either as a whole or to a division/school/department level.
  • Low-risk observations: considered to have a low probability of adverse effects to UT Dallas either as a whole or to a division/school/department level.
  • Minimal observations: considered of minimal risk, and the observations are verbally shared with management during the audit or at the concluding meeting.

Management Responses

After the exit conference, we will send a draft of the report to the responsible person(s) and vice president(s) for review and comment. Management’s responses and approval to issue are requested within three weeks of receipt of the draft report.

Reporting Process

The final report is sent to the responsible parties, the Institutional Audit Committee, UT System, and various state agencies (Legislative Budget Board, State Auditor’s Office, Sunset Advisory Commission, and the Governor’s Office).

Follow-up Process

Based on the estimated dates of implementation, we will follow up to ensure that management’s action plans have been implemented and report the results to the Audit Committee.

Can UT Dallas personnel seek advice or request advisory reviews from Internal Audit?

Yes. The Office of Audit and Advisory Services is your in-house consultant for all internal control matters and will provide guidance on controls over new or existing systems and processes. Please direct any questions to the Institutional Chief Audit Executive at 972-883-4876.

The office offers advisory reviews based on management requests and the availability of resources. Typically, advisory reviews do not follow the same reporting process as formal audits. Management may request a review and results of the review can either be verbal or in a written memo to the requestor. Examples of advisory reviews include:

  • Participation of internal audit staff on implementation teams.
  • Reviews of processes.
  • Investigations of potential risks.

What do I do if I suspect fraud?

If you suspect fraud, you should report the information to your supervisor, the Office of Audit and Advisory Services, the UT Dallas hotline, or the State Auditor’s Office Hotline. Reporting information is located below.

University employees have an ethical responsibility to report any suspected waste, fraud, abuse, illegal activities, or unethical conduct. University policy and UT System policy and federal and state laws protect employees who provide information regarding possible fraudulent activities in the workplace from retaliation.

Who Audits the Auditors?

State law requires that a team of external reviewers perform a quality assurance review of internal audit operations every three years. UT System and the State Auditor’s Office also review our work as considered necessary. For a copy of our most recent quality assurance review, please contact the Chief Audit Executive.

What is the Different between Internal Audit and Compliance?

Learn about the differences.

About Us