Audit Standards & Process
The Office of Audit Services evaluates and contributes to the improvement of governance, risk management, and control processes. The nature of the activities is determined by a risk assessment process undertaken annually with the input of senior management and the Board of Regents. In addition to audits and other assurance engagements, other value-added work may be performed to assist in the management of risks, add value, and improve the Texas Tech University System’s operations.
The Texas Internal Auditing Act requires that our office follow the International Standards for the Professional Practice of Internal Auditing (IIA Standards) and the Code of Ethics contained within the International Professional Practices Framework of The Institute of Internal Auditors. The Act also requires that we conform to generally accepted government auditing standards.
IIA Standard 2110 requires internal auditors to evaluate and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives:
- Promoting ethics and values within the organization;
- Ensuring effective organizational performance management and accountability;
- Communicating risk and control information to appropriate areas of the organization; and
- Coordinating the activities of and communicating information among the board, external and internal auditors, and management.
IIA Standards 2120.A1 and 2130.A1 require internal auditors to evaluate risk exposures and the adequacy and effectiveness of controls in responding to risks within the organization’s governance, operations, and information systems regarding the:
- achievement of the organization’s strategic objectives;
- reliability and integrity of financial and operational information;
- effectiveness and efficiency of operations and programs;
- safeguarding of assets; and
- compliance with laws, regulations, policies, procedures, and contracts.
Audits are performed in three general phases: planning, fieldwork, and reporting. While auditors usually notify the appropriate level of university management as to the timing, staffing, and scope of engagements included in the annual audit plan, the performance of certain procedures (e.g., cash or inventory counts) or certain engagements (e.g., fraud investigations) may be unannounced.
Audit reports are generally addressed to the client management personnel with direct responsibility for the area, function, or department audited, with additional distribution to higher level management. Copies of final reports are normally sent to the executive to whom the individual responsible for the audited area reports, the President, the Chancellor, and the Audit Committee of the Board of Regents. Depending on the subject matter of the report, other individuals may also receive the report.
As required by IIA Standards, our office has instituted a continuous quality control program that includes self-assessments, performance measures, client evaluations, staff evaluations, and external quality assessments conducted by experienced higher education audit professionals.