What are the functions and responsibilities of the Internal Audit Department?
The mission of the Internal Audit Department is to assist the Austin Independent School District Board of Trustees, Superintendent, and other members of management by providing value-added auditing services using an independent, risk-based approach. The Internal Audit Department responsibilities include determining the adequacy, efficiency and effectiveness of the District's internal control structure; reviewing the reliability and integrity of management, financial and operating information; reviewing the systems established to ensure compliance with policies, regulations, procedures and laws; reviewing the means of safeguarding the assets of the District; appraising the economy and efficiency with which resources are employed; reviewing operations or programs to determine whether results and outcomes consistent with established objectives and goals (performance measures) are being achieved; participating in the design of major information systems; and providing advisory and training services for District components as required or requested to ensure fiscal and administrative integrity of the District. In addition, the Internal Audit Department is responsible for investigating fraud and other illegal activities.
Why and how was our department chosen for audit?
The Internal Audit Department develops an annual audit plan based on risk and significance. The Board of Trustees, as well as Austin Independent School District management can also recommend areas of interest to be reviewed. The audit plan is presented to the Board of Trustees and the Superintendent.
What is the audit reporting process and timeline?
The reporting process is ongoing throughout the audit process. During the audit, the audit team will provide updates regarding findings and audit status. At the conclusion of the fieldwork, the auditor will discuss any findings noted during the audit process at the end of fieldwork meeting with responsible parties. This meeting is an opportunity for the client to discuss the findings and clarify any specific areas. The Exit Conference Draft, a draft presentation of the audit report, will then be provided to the director of the area reviewed usually within 30 days of the end of fieldwork meeting. The audit client will be given two weeks to provide feedback. The report is then revised and the draft is issued to the client requesting written responses. There is a 30-day time period for providing the responses. Client responses will be included in the final report. Once responses are received, the Internal Audit Department will issue the final report. The final audit reports are distributed to appropriate management personnel; included in the executive summaries presented to the Board of Trustees.
How long will the audit take?
Audits vary in length depending on the area being reviewed, the detail being tested and the structure of the organization. Some follow-up audits may take only a few hours whereas some District-wide audits can take several months to complete. Internal Audit makes every effort to inform clients of the timeline for their particular audit and provide updates to keep administrators aware of the audit status.
What is the audit client's responsibility once the audit report is issued?
Prior to issuance of the final report, audit clients are requested to provide a target date for implementation of audit recommendations. Audit clients have a responsibility to address all audit recommendations, to take appropriate action to insure recommendations are implemented within their area, and to notify Internal Audit of the progress.
What can the audit client do to prepare for an audit once they are aware they are on the schedule to be audited?
Once an audit is scheduled, the audit client can assist the audit team by preparing some information pertinent to their organization in advance. Some standard information that is helpful in the audit process includes a current organization chart (with current staff names and positions); key staff phone numbers, email addresses and points of contact for areas being reviewed; chart of accounts; and pertinent written policies and procedures. The client can provide a risk assessment matrix if one is available. The auditor may also request other relevant information depending on the type audit being performed.
Can an audit be requested?
Yes. Concerned parties can request audits for areas of interest or concern. Refer to HOTLINE WEBPAGE
What is a follow-up audit?
The follow-up process is a review performed by the audit team to verify the status of prior audit report recommendations. Follow-up audits review only specific areas from the prior audit to ensure recommendations have been implemented and the controls are working. While a follow-up is mainly addressing prior audit issues, during the process some issues could arise outside the normal scope of the follow-up.
Are follow-up audits performed on all audits and if so, how soon after the audit is completed can the follow-up be expected?
Follow-up reviews will be performed on all audits. Follow-up audits will be completed when the client notifies the Internal Audit Department of the implementation of the prior report's recommendation and as audit teams become available to perform a review.
What are the types of audits performed?
- Financial Reviews - evaluate the accounting and reporting of financial transactions, including commitments, authorizations and receipts, and disbursement of funds.
- Compliance Reviews - determine the degree of adherence to laws, policies, and procedures.
- Operational Reviews - examine operating information and the means used to identify, measure, classify, and report such information; review the means for safeguarding assets; ascertain if results are consistent with management's objectives and goals and if the operations are being carried out as planned; appraise the economy and efficiency with which resources are employed; and review the systems established to ensure compliance with policies, procedures, plans, laws, and regulations.
What are internal controls?
Internal control is a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
- Effectiveness and efficiency of operations
- Reliability of financial and management reporting
- Compliance with applicable laws and regulations
Are Internal Auditors Responsible for Internal Controls?
Management is responsible for maintaining an adequate system of internal control. Internal auditors independently evaluate the adequacy of the existing internal control systems by analyzing and testing controls. The Internal Audit Department makes recommendations, based on their review, to management to improve controls.
Are auditors looking for fraud when performing audits?
According to Standard 1220 of the International Standards for the Professional Practice of Internal Auditing, internal auditors have a responsibility "to exercise due professional care in performing audit work to the degree that fraud may be present in activities covered in the normal course of audit work." As part of the assurance activities, auditors of Internal Audit watch for potential fraud risks, assess the adequacy of related controls and make recommendations for improvement. However, it is management's responsibility to identify potential areas of risk and to be aware of the possibility of fraudulent acts in these areas.
Where and how do I report allegations of fraud?
If you suspect fraud, waste or abuse, you may report the information to any of the following:
- Your immediate supervisor or anyone in your chain of command
- The AISD Police Department
- The AISD Director of Internal Auditing
- The Anonymous Reporting Hotline
Where do I get more information on the policies, regulations, rules, and procedures applicable to my operations?
The Internal Audit Website provides access to Austin Independent School District Policies and Regulations as well as links to other information provided by related agencies that have their own Intranet sites which detail policies and procedures for their specific areas.