Campus Fog

Internal Audit Frequently Asked Questions

What is the difference between Internal Audit and Institutional Compliance at UT Permian Basin?

UT System Policy UTS 129, Internal Audit Activities, clarifies the roles of Institutional Compliance and Internal Audit in managing institutional risks.

Internal Audit's Relationship to the Institutional Compliance Function

Internal Audit is an independent function of the governance process of the University of Texas System. It provides periodic assurance to the Board of Regents and executive management on the component institution's ability to achieve its objectives.

Compliance is a function of management and is part of the control structure of the organization, whereas internal auditing is a function independent of management and evaluates the control structure - a key difference between the two functions.

Internal Audit may provide consulting and assurance services to the Compliance function. Consulting services may include: providing information and best practices in the design of the Compliance function; providing advice and information in the design of monitoring plans; providing training and educational services; and providing facilitation services for self-assessments of the Compliance function. Assurance services may include: audits of the Compliance program design; audits of the Compliance monitoring plans; audits of Compliance issues; and inspections of the monitoring plans.

For additional information on UT Permian Basin's Institutional Compliance Program, please visit their website.

How do I report suspected activities?

There are several ways to report suspected fraudulent activities:

  • Notify your supervisor or department head.
  • Call the University Police (432) 552-2786 if you witness or have knowledge of a theft.
  • Notify the Office of Internal Audit at (432) 552-2698
  • Call UTPB hotline 1-888-228-7725
  • Call the State Auditor's Office hotline (800) 892-8348 or anonymously submit a report to them online.

Per the requirements of UTS 118, the Office of Internal Audit is responsible for investigating all allegations of suspected or possible fraud. Fraud includes theft of funds or equipment, misappropriation or misuse of assets, misreporting of financial and grant information, and other fiscal irregularities. It also includes misreporting/ theft of time.

What happens during an audit?

  • Engagement Memo- With few exceptions, audit clients are notified in writing when their area is selected for review. These letters are sent to the vice president of the area being audited as well as to the appropriate dean, chairperson, or director. The engagement memo states the date, time, and place of the entrance conference and the objectives to be accomplished in the audit. Due to the nature of some audit work, we may give little or no advance notice.
  • Entrance Conference- An entrance conference is scheduled with the head of the department to discuss the purpose and scope of the audit. We encourage audit clients to discuss any concerns or questions they may have about the audit. Audit clients may also request a review of those areas of most concern to them be included as part of the audit activity.
  • Audit Work- Written policies and procedures may be requested to aid the auditor in understanding departmental operations; however, it is often necessary for auditors to reside in the department office(s) to conduct interviews and review departmental records. In order to minimize disruption of daily operations, we try to schedule meetings in advance to avoid potential scheduling conflicts.
  • Duration of audits- These vary depending upon scope. Hence, limited scope audits require less time than audits with broader scopes, which could lengthen the audit time period. Additionally, the level of cooperation from auditees and access to personnel and records has a direct bearing on the duration of audits.
  • Communicating Results- Audit results are presented to audit clients via verbal or written communication and usually include recommendations intended to benefit the area under review and the University. Audit clients have an opportunity to discuss concerns identified within the audit and to concur or disagree with conclusions and recommendations. In any event, audit clients are required to provide, in writing, proposed resolutions including reasonably expected implementation dates.
  • Exit Conference- An exit conference is held to discuss audit findings. Attendees include the auditors, members of management responsible for oversight and operation of the area under review, as well as those individuals who will have a direct or indirect involvement in resolving audit concerns identified. The exit conference provides an opportunity to clear and resolve questions or concerns pertaining to findings, or other issues, before the final audit report is released.
  • Final Audit Report- The final audit report includes findings and recommendations along with management's responses. Copies of the report are distributed to the president, appropriate vice presidents, the audited unit's manager, and the System Audit Office. Audit findings are also included in a summary of all UT component reports provided to the chancellor and the Audit Committee of the Board of Regents.
  • Follow-up Reviews- Our professional standards require that we follow-up and report on previously reported findings to determine if corrective action was taken and audit concerns were resolved.

Who audits the auditors?

Oversight of the Internal Audit Office is performed by the Institutional Audit Committee and the UT System Audit Office. In addition, a Quality Assurance Review, or peer review, is performed every three years by qualified auditors (external to the organization) in accordance with Professional Standards.

Also, in most instances, audit clients have an opportunity to evaluate the quality of service provided by our department by completing an evaluation form which we use to identify ways to improve our services.