How are audits selected?

Each year, an audit plan is developed based on a risk assessment process. Audits are selected based on risks, state/federal/other requirements, special requests, or changes in leadership. The audit plan is approved by UT Dallas executive management, the Audit Committee, and ultimately the UT System Board of Regents.
A copy of the most recent audit plan is located under “Audit Plans and Reports.”

What are internal controls?

Internal controls are typically designed by management to provide assurance over:

  • Effectiveness and efficiency of operations
  • Reliability of financial reporting
  • Compliance with applicable laws and regulations

Some examples of internal controls include separating the duties between the preparation and approval of cost center reconciliations, ensuring supervisory authorization for business expenses, and ensuring monitoring procedures exist to ensure compliance with federal grants.

What happens in an audit?

When an area is selected for review, the following process generally occurs:

Audit Planning

The auditor in charge of the project and his/her team will perform planning procedures to gain an understanding of the audit area, including preparing a risk assessment.

Entrance Conference

This is a meeting between the manager(s) of the area being audited and the audit team. In the meeting we explain what we expect to happen in the audit and give you the opportunity to share any concerns you may have. For example, if you would like us to review a particular process or procedure in your unit, let us know at this meeting and we will try to include it in our audit.


During this phase, we will perform audit work on the areas discussed in the entrance conference.

Exit Conference

Throughout our review we will try to be open regarding what we find and plan to recommend in the audit report. Once we complete the fieldwork, we will meet informally with departmental management to discuss our preliminary results. If we have misinterpreted anything in the review, or if you disagree with our conclusions, you have the opportunity to let us know so that we can make clarifications before issuing our report.

Report Writing

After the exit conference, a draft report will be written stating what we did, what we found, and any recommendations resulting from the work performed.

Priority of Audit Recommendations

  • A high priority recommendation is defined as one that may be material to operations, financial reporting, or legal compliance. This would include an internal control weakness that does not reduce the risk of irregularities, illegal acts, errors, inefficiencies, waste, ineffectiveness, or conflicts of interest to a reasonable low level. These recommendations are shared with the UT System Board of Regents and monitored on a quarterly basis.
  • Medium priority recommendations are included in the audit reports and are considered important to the area being audited. These recommendations are monitored at least annually.
  • Low priority recommendations are typically either verbal comments made during an exist conference or mentioned without request for a written response in the audit report.

Management Response

When we have completed a draft of the report, we will send a copy to the responsible person for his or her review and comment. Management’s response to the recommendations is requested within two weeks of receipt of the report. Upon receipt of management’s responses, the final draft with responses is sent to the Vice President over the area(s) audited for their approval. If no responses are received within in month of being sent, the report is sent to the President for appropriate disposition.

Reporting Process

The final report is sent to the responsible parties, the Institutional Audit Committee, UT System, and various state agencies (Legislative Budget Board, State Auditor’s Office, Sunset Advisory Commission, and the Governor’s Office).

Follow-up Process

Based on the estimated dates of implementation, we will follow up to ensure that the audit recommendations have been implemented.

Can UT Dallas personnel seek advice or request consulting reviews from Internal Audit?

Yes. The Office of Internal Audit is your in-house consultant for all internal control matters and will provide guidance on controls over new or existing systems and processes. Please direct any questions to the Institutional Chief Audit Executive at (972) 883-4876.
Internal Audit offers consulting reviews based on management requests and the availability of resources. Typically, consulting reviews do not follow the same reporting process as formal audits. Management may request a review and results of the review can either be verbal or in a written memo to the requestor. Examples of consulting reviews include:

  • Participation of internal audit staff on implementation teams
  • Reviews of processes
  • Investigations of potential risks

What do I do if I suspect fraud?

If you suspect fraud, you should report the information to your supervisor, the Office of Internal Audit, the UT Dallas hotline, or the State Auditor’s Office Hotline. Reporting information is located below.
University employees have an ethical responsibility to report any suspected waste, fraud, abuse, illegal activities, or unethical conduct. University policy and UT System policy and federal and state laws protect employees who provide information regarding possible fraudulent activities in the workplace from retaliation.

Who audits the Office of Internal Audit?

State law requires that a team of external reviewers perform a quality assurance review of internal audit operations ever three years. UT System and the State Auditor’s Office also review our work as considered necessary. For a copy of our most recent quality assurance review, please see UTD FY18 Internal Audit Annual Report (PDF).

What is the Different between Internal Audit and Compliance?

Learn about the differences.