An annual risk assessment is performed by the Internal Audit to develop its annual audit plan. Risk assessment is performed because it is not practical, possible, or economical to audit all agency programs, operations, activities, and functions. Available audit resources are spent in areas that represent the greatest risk.
The annual risk assessment includes gathering information from the Commissioner and THECB executive management team to ensure development of an audit plan that best and most effectively addresses issues of control, risk management, and governance for the agency.
Annual Audit Plan
Internal Audit develops the annual audit plan based on the results of the THECB annual risk assessment. Internal audit reviews the results of the risk assessment and develops a list of potential audit projects to address the highest risk areas noted on the risk assessment.
Proper planning of audits helps ensure that major business risks are adequately considered and addressed during the audit, including those identified during the Annual Risk Assessment. Planning requires thorough definition of objectives and how they can be attained while establishing a balance between the audit scope and objectives, time frame, and staff availability to ensure optimum use of internal audit resources.
Audit objectivities are broad statements that define the intended audit accomplishments.Audit procedures are the work methods used to attain audit objectives.Together, audit objectives and audit procedures define the scope of work to be performed. The primary objectives of internal auditing are to ensure:
•The reliability and integrity of information
•Compliance with policies, plans, procedures, laws and regulations
•The safeguarding of assets
•The economical and efficient use of resources
•The accomplishment of established objectives and goals for operations or programs
Fieldwork is a systematic process of gathering evidence about the project area or activity under review, then objectively assessing to determine if established criteria and/or good business practices are being followed. The results obtained during fieldwork are communicated to management in the audit report. A field work program is developed based on the results in planning phase.
The report is the official document by which management is apprised of audit results.Information contained in a report is often the basis of management decisions; therefore, it is imperative that issues are presented with the highest degree of accuracy. Once released, audit reports become public documents. Final report is issued electronically to the client first and then to the AOC chair, Board Chair, and Board Vice Chair before presenting to the AOC meeting. Once presented in the AOC meeting, the report is electronically sent to the oversight bodies within 30 days of the AOC meeting.