Internal Audit

Information about file formats

Internal Audit Mission Statement

Collaborate with DIR leadership to fulfill the agency’s core mission by providing independent and objective audit services designed to add value and improve the effectiveness of risk management, control, and governance processes.

Internal Audit is DIR's independent, objective assurance, and consulting activity designed to add value, improve DIR's operations, and help DIR accomplish its objectives. The Director of Internal Audit guides the Internal Audit Office and reports functionally to the Board, through the Finance and Audit Subcommittee, and administratively (i.e. for day-to-day operations) to the DIR Executive Director. This reporting relationship helps assure independence and promotes comprehensive audit coverage and adequate consideration of audit recommendations. Working in partnership with the DIR Executive Leadership Team (ELT), Internal Audit provides the ELT with assurance on whether:

  • Risks are appropriately identified and managed.
  • Significant financial, operational, and compliance information is accurate, complete, and timely.
  • Processes are in compliance with agency policies, procedures, applicable laws, and regulations.
  • Resources are acquired economically, used efficiently, and protected adequately.
  • Programs and support functions are monitored and achieved in line with DIR's goals and strategic objectives.
  • Quality and continuous improvement are fostered in DIR's control processes.
  • Controls are in place to prevent or detect occurrences of fraud, waste or abuse.

Based on the results of audit and consulting projects, Internal Audit makes recommendations to the ELT for consideration and implementation.

The Texas Government Code §2102, known as the Texas Internal Auditing Act, requires the Internal Audit Program to conform to the Generally Accepted Government Auditing Standards (GAGAS), the Standards for the Professional Practice of Internal Auditing, and the Code of Ethics contained in the Professional Practices Framework promulgated by the Institute of Internal Auditors. These standards provide a framework for performing high-quality audit work with competence, integrity, objectivity, and independence to provide accountability and help improve government operations and services. In addition, the standard facilitate consistent development, interpretation, and applications of concepts, methodologies, and techniques useful to the audit profession.

Internal auditors must possess the knowledge, skills, and other competencies needed to perform their work with proficiency and due professional care. Thus, internal auditors may be certified as: 

  • Certified Internal Auditor (CIA)
  • Certified Information Systems Auditor CISA)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Government Auditing Professional (CGAP)
  • Certified Public Accountant (CPA)
  • Certified Fraud Examiner (CFE)
  • Other

What does Internal Audit do? 

Audit Cycle: Annual Risk Assessment, Annual Plan, Conduct Audits, Issue/Distribute Audit Reports, Annual Report

How does Internal Audit do the work?

...by conducting assurance services:

    • Performance audits
    • Compliance audits
    • System security audits and data reliability assessments
    • Safeguarding of assets audits
    • Financial controls audits
    • Due diligence engagements
    • Other

… by conducting consulting and non-audit services:

    • Advisory services
    • Participation as non-voting members on DIR workgroups/ committees/ governance boards
    • Facilitate risks and controls self-assessment sessions
    • Training services
    • Other

Assurance Services

Objective examinations of evidence for the purpose of providing an assessment on governance, risk management, and control processes for the organization.

Consulting Services

Advisory and related client service activities, the nature and scope of which are agreed with the client, are intended to add value and improve an organization's governance, risk management, and control processes without the Internal Auditor assuming management responsibility

Source: The IIA: International Standards for the Professional Practice of Internal Auditing 

What is the audit process?

  1. Planning
    • Gain an understanding of the activity under audit
    • Conduct the Entrance Conference
    • Assess risk and controls
  2. Fieldwork
    • Test and analyze
    • Prepare routine updates
    • Develop audit issues
  3. Reporting
    • Develop the audit report
    • Conduct the Exit Conference
    • Obtain management responses
    • Obtain DIR Board approval
    • Issue/distribute the audit report
  4. Follow-up
    • Obtain management assertions
    • Validate status of recommendations

What is Internal Audit's authority?

All agency policies, activities, programs, property, personnel, and records are eligible and subject to audit by DIR Internal Audit. Internal Audit has full, free, and unrestricted access to any and all of the agency's activities, programs, property, personnel, and records relevant to any subject under audit or review, and the work of other internal and external assurance providers.

Internal Audit is authorized to allocate its resources, determine the objectives and scope of its audit services, establish its audit procedures and techniques, set the timeframes required to accomplish its audit projects, and determine the content of its audit reports. Internal Audit is free from interference in determining the scope of the audit services, performing work, and communicating the results.

Internal Audit Annual Plans

Internal Audit annual plans, issued by the DIR Internal Audit Office, are presented below and organized by released date.

DATE NUMBER TITLE
​Oct 2016
​16-302 ​Fiscal Year 2017 Internal Audit Annual Plan (1220 KB)
​Oct 201515-302​ ​Fiscal Year 2016 Internal Audit Annual Plan (722 KB)
​Sept 2015​14-503Fiscal Year 2015 Internal Audit Annual Plan (Amended) (561 KB)
​Oct 2014​14-503Fiscal Year 2015 Internal Audit Annual Plan (482 KB)
​May 2014--​Fiscal Year 2014 Internal Audit Annual Plan (Amended) (80.6 KB)
​Oct 2013-- Fiscal Year 2014 Internal Audit Annual Plan (553 KB)
​Aug 2012--​Fiscal Year 2013 Internal Audit Annual Plan (82.5 KB)
​Oct 2011​--Fiscal Year 2012 Internal Audit Annual Plan (54 KB)
​Aug 2010​--Fiscal Year 2011 Internal Audit Annual Plan (48.2 KB)


Internal Audit Annual Reports

Internal Audit annual reports, issued by the DIR Internal Audit Office, are presented below and organized by released date.

​DATENUMBER​​TITLE
​Oct 2016
​16-303Fiscal Year 2016 Internal Audit Annual Report (17.18 M​B)
​Oct 2015​15-303 ​Fiscal Year 2015 Internal Audit Annual Report (3.71 MB)
​Oct 2014​-- ​Fiscal Year 2014 Internal Audit Annual Report (1.70 MB)
​Oct 2013​-- ​Fiscal Year 2013 Internal Audit Annual Report (454 KB)
​Oct 2012​-- ​Fiscal Year 2012 Internal Audit Annual Report (890 KB)
​Oct 2011​--Fiscal Year 2011 Internal Audit Annual Report (693 KB)

 

Internal Audit Reports

Internal Audit reports, issued by the DIR Internal Audit Office, are presented below and organized by released date.

​DATENUMBERTITLE
​Jun 2017
​17-103
Xerox Print Mail Process (261 KB)
​Nov 2016
​15-103
Enterprise Contract Management (743 KB)
​Aug 2016
​16-101 ​DIR Governance Assessment (3 MB)
​Jul 2016
​16-102DIR Ethics Evaluation (392 KB)
​Oct 2015
​15-102Performance Measures (387 KB)
​Aug 2015​14-101​ Cooperative Vendors Audit (212 KB)                 
​Jun 2015​15-301.2 Follow-up Audit on the SAO Report 12-004​ (187 KB)           
Jun 201515-301.1 Follow-up Audit on the SAO Report 14-007​ (187 KB)
​May 2014​14-201 Key Performance Measures Audit​ (518K)
​May 2014​13-105CISO/Network Security Operations Audit
​May 2014​13-103 Enterprise Contract Management Section Audit
​May 2013​12-102 Statewide Project Delivery Audit​
​Nov 2012​12-201 Texas.gov Process Audit
​Aug 2012​11-104 Finance and Accounting Reconciliation​
​Apr 2012​11-102 Data Center Services Invoicing Process​
​Aug 2011​11-101Contract Establishment and Monitoring Process

 

Audit Reports by External Entities

Audit reports issued by external entities such as third-party providers (for DIR) or by oversight government entities, are presented blow and organized by released date.

DATE NUMBER TITLEAUTHOR
​Aug 2016
​-Texas.Gov Financial Audit Report for CY2015​Horne, for DIR
​Jul 2015​380263 Texas.Gov Financial Report for Sept. 2013 - Dec. 2014 (Texas.gov)​KPMG, for DIR
​Jul 2015​380285 ​Master Work Order Financial Report for FY2014 (Texas.gov)​KPMG, for DIR
​Jul 2015​389311Master Work Order Financial Report for Sept. 2014 - Dec. 2014 (Texas.gov)​KPMG, for DIR
​Jul 2014​293526 TexasOnline Annual Financial Report for FY2013 (Texas.gov)  KPMG, for DIR​
​Jul 2014​293528 ​Master Work Order Financial Report for FY2013 (Texas.gov)KPMG, for DIR​
​Oct 201314-007 An Audit Report on the Information and Communications Technology Cooperative Contracts Program at DIRState Auditor's Office​
​Aug 2013​193782 TexasOnline Annual Financial Report for FY2012​ (Texas.gov)​KPMG, for DIR
​Jun 2013​193764Master Work Order Financial Report for FY2012 (Texas.gov)​KPMG, for DIR
​Mar 2013​13-026An Audit Report on Selected State Entities’ Compliance with Requirements Related to the Historically Underutilized Business (HUB) Program and the State Use ProgramState Auditor's Office​
​Jul 2012​52980TexasOnline Annual Financial Report for FY2011 (Texas.gov)​KPMG, for DIR
​Jul 2012​52979Master Work Order Financial Report for FY2011 (Texas.gov)​KPMG, for DIR
​Jul 2012​12-047 A Report on Statewide Processes Intended to Assist State Entities in Developing Major Information Resources Projects​State Auditor's Office​
Jul 2012​​-- ​DIR Communications Technology Services Division Performance Audit as of July 19, 2012​KPMG, for DIR
​Oct 2011​12-004 An Audit Report on the Information and Communications Technology Cooperative Contracts Program at DIR​State Auditor's Office​