Audit Activities

We provide independent, objective evaluations to help protect university resources, improve operations, and support institutional goals. Our work includes audits that assess internal controls, compliance, efficiency, and risk; consulting services tailored to management’s needs such as reviewing client-prepared responses to external audit reports, training, data analysis, and process improvement; investigations into potential fraud or misconduct; and oversight of emergency state appropriations. Each service is designed to promote accountability, transparency, and continuous improvement across the university.

An Annual Audit Plan is prepared each summer for the following fiscal year. As required by statute, this plan is based upon an assessment of risk, which is performed by the Office of Internal Audit in the period preceding plan development.

Typically, the risk assessment process includes interviewing managers to develop a “baseline” of information about activities, objectives, risks, and mitigating controls. This process takes about 30 minutes. In some years, managers will be asked merely to update the information with any changes. This assessment is NOT an audit. Rather, it collects information to enable the Office of Internal Audit to determine where it can best spend its resources.

This Risk Assessment, supplemented by information from management and the Board of Regents, is used by the Office of Internal Audit to develop the Annual Audit Plan, which is submitted to the Board of Regents for their approval at the August Board meeting.

Changes to the plan, however, are often required to adapt to changing circumstances and unidentified risks.

View the Audit and Compliance Plan for Fiscal Year 2025

Our audit process is structured, collaborative, and aligned with TSUS policies. It begins with scheduling and a formal notification to management, followed by an entrance meeting to outline objectives. Fieldwork may involve document review, interviews, and site visits, with full access granted to activities, records, property, infrastructure, and personnel. The documents and information obtained during our evaluations are safeguarded and handled in a professionally responsible and confidential manner. Potential issues and recommendations will be discussed with management throughout the evaluation. Draft reports are shared with management for feedback and response, including corrective action plans and timelines. Final reports are distributed to university and system leadership, TSUS Board of Regents, and state officials. We also conduct quarterly follow-up activities on the status of management’s resolution of open issues and report progress to the Board of Regents.

Internal Audit investigates allegations of fraud, waste, or abuse reported through the System hotline, the State Auditor’s Office, and/or other sources. These reviews are handled confidentially, with information shared only on a need-to-know basis. Employees are required to cooperate fully and may be asked to sign attestations regarding the testimony provided and a confidentiality form.

The Director, Office of Internal Audit, maintains an overview of all audit activities at the institution. The Director interfaces with outside agencies, such as the State Auditor’s Office. He/she should be kept informed about all audit activities on campus and should be provided with copies of all audit reports.

In the event that agencies, such as the State Auditor’s Office, notify component management about upcoming audits or send draft or final audit reports to components, recipients are requested to provide copies to the local Audit Director, unless the agency has already included the director on the copy list.

Our consulting services are advisory in nature and offered at the request of management, with objectives and scope tailored collaboratively. Services may include reviewing audit responses, delivering training, analyzing data, or supporting risk assessments. While these engagements often follow a similar process to audits, they are flexible in nature. Feedback may be requested through a satisfaction survey to help us improve future services.

An Internal Audit Annual Report is prepared in accordance with the Texas Internal Auditing Act (TIAA).  The TIAA requires certain state agencies and higher education institutions to submit an internal audit annual report each year by November 1st to the Governor, the Legislative Budget Board, the State Auditor's Office (SAO), and the entity's governing board and chief executive. 

In 2013, House Bill 16 became law and amended Chapter 2102 of the Texas Government Code to require state agencies, including institutions of higher education, to post on the agency's Internet website the internal audit annual report.  A state agency is not required to post information contained in the agency's internal audit plan or annual report if the information is excepted from public disclosure under Chapter 552 of the Texas Government Code. 

View the TSUS Internal Audit Annual Report for fiscal year ending August 31, 2024.