Internal Audit

Information about file formats

Internal Audit Mission Statement

Collaborate with DIR leadership to fulfill the agency’s core mission by providing independent and objective audit services designed to add value and improve the effectiveness of risk management, control, and governance processes.

Internal Audit is DIR's independent, objective assurance, and consulting activity designed to add value, improve DIR's operations, and help DIR accomplish its objectives. The Director of Internal Audit guides the Internal Audit Office and reports functionally to the Board, through the Finance and Audit Subcommittee, and administratively (i.e. for day-to-day operations) to the DIR Executive Director. This reporting relationship helps assure independence and promotes comprehensive audit coverage and adequate consideration of audit recommendations. Working in partnership with the DIR Executive Leadership Team (ELT), Internal Audit provides the ELT with assurance on whether:

• Risks are appropriately identified and managed.
• Significant financial, operational, and compliance information is accurate, complete, and timely.
• Processes are in compliance with agency policies, procedures, applicable laws, and regulations.
• Resources are acquired economically, used efficiently, and protected adequately.
• Programs and support functions are monitored and achieved in line with DIR's goals and strategic objectives.
• Quality and continuous improvement are fostered in DIR's control processes.
• Controls are in place to prevent or detect occurrences of fraud, waste or abuse.

Based on the results of audit and consulting projects, Internal Audit makes recommendations to the ELT for consideration and implementation.

The Texas Government Code §2102, known as the Texas Internal Auditing Act, requires the Internal Audit Program to conform to the Generally Accepted Government Auditing Standards (GAGAS), the Standards for the Professional Practice of Internal Auditing, and the Code of Ethics contained in the Professional Practices Framework promulgated by the Institute of Internal Auditors. These standards provide a framework for performing high-quality audit work with competence, integrity, objectivity, and independence to provide accountability and help improve government operations and services. In addition, the standard facilitate consistent development, interpretation, and applications of concepts, methodologies, and techniques useful to the audit profession.

Internal auditors must possess the knowledge, skills, and other competencies needed to perform their work with proficiency and due professional care. Thus, internal auditors may be certified as: 

• Certified Internal Auditor (CIA)
• Certified Information Systems Auditor CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Government Auditing Professional (CGAP)
• Certified Public Accountant (CPA)
• Certified Fraud Examiner (CFE)
• Other

What does Internal Audit do? 

How does Internal Audit do the work?

...by conducting assurance services:

• Performance audits
  
• Compliance audits
• System security audits and data reliability assessments
• Safeguarding of assets audits
• Financial controls audits
• Due diligence engagements
• Other

… by conducting consulting and non-audit services:

• Advisory services
• Participation as non-voting members on DIR workgroups/ committees/ governance boards
• Facilitate risks and controls self-assessment sessions
• Training services
• Other
  

Assurance Services

Objective examinations of evidence for the purpose of providing an assessment on governance, risk management, and control processes for the organization.

Consulting Services

Advisory and related client service activities, the nature and scope of which are agreed with the client, are intended to add value and improve an organization's governance, risk management, and control processes without the Internal Auditor assuming management responsibility

Source: The IIA: International Standards for the Professional Practice of Internal Auditing 

What is the audit process?

1. Planning
   
• Gain an understanding of the activity under audit
  
• Conduct the Entrance Conference
• Assess risk and controls
  
2. Fieldwork
   
• Test and analyze
• Prepare routine updates
• Develop audit issues
3. Reporting
   
• Develop the audit report
  
• Conduct the Exit Conference
  
• Obtain management responses
• Obtain DIR Board approval
• Issue/distribute the audit report
  
4. Follow-up
   
• Obtain management assertions
  
• Validate status of recommendations
  

Internal Audit Annual Plans

Internal Audit annual plans, issued by the DIR Internal Audit Office, are presented below and organized by released date.

Internal Audit Annual Reports

Internal Audit annual reports, issued by the DIR Internal Audit Office, are presented below and organized by released date.

Internal Audit Reports

Internal Audit reports, issued by the DIR Internal Audit Office, are presented below and organized by released date.

Audit Reports by External Entities

Audit reports issued by external entities such as third-party providers (for DIR) or by oversight government entities, are presented blow and organized by released date.