Internal Audit

Internal Audit Mission Statement

Collaborate with DIR leadership to fulfill the agency’s core mission by providing independent and objective audit services designed to add value and improve the effectiveness of risk management, control, and governance processes.

Internal Audit is DIR's independent, objective assurance, and consulting activity designed to add value, improve DIR's operations, and help DIR accomplish its objectives. The Director of Internal Audit guides the Internal Audit Office and reports functionally to the Board, through the Finance and Audit Subcommittee, and administratively (i.e. for day-to-day operations) to the DIR Executive Director. This reporting relationship helps assure independence and promotes comprehensive audit coverage and adequate consideration of audit recommendations. Working in partnership with the DIR Executive Leadership Team (ELT), Internal Audit provides the ELT with assurance on whether:

  • Risks are appropriately identified and managed.
  • Significant financial, operational, and compliance information is accurate, complete, and timely.
  • Processes are in compliance with agency policies, procedures, applicable laws, and regulations.
  • Resources are acquired economically, used efficiently, and protected adequately.
  • Programs and support functions are monitored and achieved in line with DIR's goals and strategic objectives.
  • Quality and continuous improvement are fostered in DIR's control processes.
  • Controls are in place to prevent or detect occurrences of fraud, waste or abuse.

Based on the results of audit and consulting projects, Internal Audit makes recommendations to the ELT for consideration and implementation.

The Texas Government Code §2102, known as the Texas Internal Auditing Act, requires the Internal Audit Program to conform to the Generally Accepted Government Auditing Standards (GAGAS), the Standards for the Professional Practice of Internal Auditing, and the Code of Ethics contained in the Professional Practices Framework promulgated by the Institute of Internal Auditors. These standards provide a framework for performing high-quality audit work with competence, integrity, objectivity, and independence to provide accountability and help improve government operations and services. In addition, the standard facilitate consistent development, interpretation, and applications of concepts, methodologies, and techniques useful to the audit profession.

Internal auditors must possess the knowledge, skills, and other competencies needed to perform their work with proficiency and due professional care. Thus, internal auditors may be certified as: 

  • Certified Internal Auditor (CIA)
  • Certified Information Systems Auditor CISA)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Government Auditing Professional (CGAP)
  • Certified Public Accountant (CPA)
  • Certified Fraud Examiner (CFE)
  • Other

How does Internal Audit do the work? conducting assurance services:

    • Performance audits
    • Compliance audits
    • System security audits and data reliability assessments
    • Safeguarding of assets audits
    • Financial controls audits
    • Due diligence engagements
    • Other

… by conducting consulting and non-audit services:

    • Advisory services
    • Participation as non-voting members on DIR workgroups/ committees/ governance boards
    • Facilitate risks and controls self-assessment sessions
    • Training services
    • Other
  1. Planning
    • Gain an understanding of the activity under audit
    • Conduct the Entrance Conference
    • Assess risk and controls
  2. Fieldwork
    • Test and analyze
    • Prepare routine updates
    • Develop audit issues
  3. Reporting
    • Develop the audit report
    • Conduct the Exit Conference
    • Obtain management responses
    • Obtain DIR Board approval
    • Issue/distribute the audit report
  4. Follow-up
    • Obtain management assertions
    • Validate status of recommendations

All agency policies, activities, programs, property, personnel, and records are eligible and subject to audit by DIR Internal Audit. Internal Audit has full, free, and unrestricted access to any and all of the agency's activities, programs, property, personnel, and records relevant to any subject under audit or review, and the work of other internal and external assurance providers.

Internal Audit is authorized to allocate its resources, determine the objectives and scope of its audit services, establish its audit procedures and techniques, set the timeframes required to accomplish its audit projects, and determine the content of its audit reports. Internal Audit is free from interference in determining the scope of the audit services, performing work, and communicating the results.

Internal Audit Annual Plans

Internal Audit annual plans, issued by the DIR Internal Audit Office, are presented below and organized by released date.

PDF (185.02 KB)
Last Updated: 08-27-2021

DIR Internal Audit Plan FY2021

DOCX (96.94 KB)
Last Updated: 01-20-2021

Internal Audit Annual Reports

Internal Audit annual reports, issued by the DIR Internal Audit Office, are presented below and organized by released date.

PDF (272.87 KB)
Last Updated: 08-27-2021

DIR Internal Audit Annual Report FY2020

Internal Audit Reports

Internal Audit reports, issued by the DIR Internal Audit Office, are presented below and organized by released date.

Audit Reports by External Entities

Audit reports issued by external entities such as third-party providers (for DIR) or by oversight government entities, are presented blow and organized by released date.

PDF (734.81 KB)
Last Updated: 01-20-2021

PDF (50.25 KB)
Last Updated: 01-20-2021

About File Formats

Some documents on this page are in the PDF format. Please download the Adobe Reader in order to view these documents.