} ADMINISTRATIVE TRAINING
Introduction to Internal Audit
“Partnering in Risk Management”
– UT Southwestern
Medical Center at Dallas
Mission Statement
The Office of Internal Audit is an
independent appraisal function
established within the Medical Center and
charged to examine and evaluate its
activities as a service to the Medical
Center.
Internal Audit Objectives
• Evaluate the adequacy of
management’s internal control structure
• Evaluate the economy and efficiency of
the Medical Center’s operations
• Assess the extent of compliance with
applicable laws, regulations, policies
and procedures
• Evaluate the adequacy, reliability and
effectiveness of financial and personnel
reporting systems
Internal Audit Objectives
(continued)
• Appraise the quality of management’s
performance in meeting goals and
objectives
• Perform reviews directed toward
creating ways of reducing costs
• Investigate management’s concerns
relating to fraud, embezzlement and
theft
• Verify the existence and ensure proper
safeguarding of assets
Who is Audited and Why?
Audits are determined applying a risk assessment
model. Risk factors considered include:
•
•
•
•
•
•
Quality of internal controls
Financial impact
Internal impact (employees)
External impact (public)
Complexity of operations
Recent change in management
An audit plan is developed based on the identified risks.
The plan is presented to the Audit Committee for review
and approval
Audit Types and Objectives
Overview
• The objective is to obtain and
document background information
about the client or function
• Normally performed before a
scheduled audit
• IA may obtain organizational charts,
job descriptions, policies and
procedures, listing of accounts, etc.
„
Audit Types and Objectives
„
„
„
„
„
„
„
„
„
„
Internal Controls Review
Risk Based
Financial
Operational or Performance
Program
Compliance
Information Systems
Consultation
Special/Fraud
Follow-up
Audit Process
„
„
„
„
„
„
„
„
Audit notification and
request for information
Questionnaire
Fluctuation analysis
Research
Entrance conference
Risk assessment
Fieldwork
Communication of
results/audit report
Planning and Preliminary
Review
AUDIT NOTIFICATION
About two weeks before
the audit begins, the
appropriate personnel
will be notified.
Planning and Preliminary
Review
REQUEST FOR
INFORMATION
„
„
„
„
„
„
„
„
Organization Chart
Listing of Employees
Listing of Accounts
Mission Statement
Long Range Plans
Department Policies and
Procedures
Information, Brochures, etc.
ANY OTHER IDEAS?
Planning and Preliminary
Review
„
„
„
ENTRANCE CONFERENCE
Discuss scope, timing of audit.
Explain report process.
Ask department head for areas
of concern, high risk areas, etc.
Risk Assessment
To determine the level of
risk in the department’s
system of internal controls.
Fieldwork Steps
„
„
„
Revenues, Expenditures,
Payroll/Human Resources,
Consumable/Resale
Inventory, Equipment,
Petty Cash, etc.
Test areas as determined
in the planning meeting.
Sample size will be
determined based on risk
assessment and auditor’s
judgment.
Should further testing be
performed?
Communication of Results/
Audit Report
„
„
„
„
„
Results are communicated throughout the
audit, i.e. No Surprises
Recommendations are formally
communicated by finding sheets
Responses are reviewed and may be
included in the audit report
Rough draft of the audit is sent to
management for feedback and error
correction
Exit conference is scheduled to discuss the
proposed changes to the report,
implementation dates, etc.
Communication of Results/
Audit Report
„
„
„
Final report is issued
Audit reports are sent to the President,
Executive Vice President for Business
Affairs, client and appropriate supervisors
President then forwards copies of the
reports to UT System
Summary
Request feedback to training sessions
„ Questions/Comments
„ You may obtain additional information
by calling the Office of Internal Audit at
214-648-6106
„
QUESTIONS?
Please complete the critique.
Thank you.