Frequently Asked Questions

An area can be selected for audit based on:

1. Risk Assessment - The Office of Internal Audit and Management Analysis develops an annual audit plan based on risk assessments. Areas with the highest risk are given high priority.
2. Mandated Audits - These audits are required by authoritative entities, such as the Federal Government, Board of Regents, and University Administration.
3. Requests - The Office of the President or other University Administrators may request an audit of an area.

1. Financial Audits - address questions of accounting and reporting of financial transactions, including commitments, authorizations, and receipt and disbursement of funds.
2. Compliance Audits - determine the degree of a department's adherence to laws, policies and procedures.
3. Performance Audits - examine the use of resources to evaluate whether those resources are being utilized in the most efficient and effective ways to fulfill the department's and University's mission and objectives.
4. Investigative Audits - focus on alleged irregular conduct to determine whether civil or criminal violations of state or federal laws have occurred. Internal theft, misuse of Baylor assets and/or conflicts of interest are examples of reasons for investigating.

Yes. For non-routine audits Internal Audit provides notice via phone or e-mail. For routine annual audits the departments are already aware of the audits to be performed in their area.

Yes. After your department is notified, the assigned auditor will schedule an entrance meeting to discuss the purpose, scope of the audit, and the expected start and completion date. You should take the opportunity at this meeting to discuss any concerns or questions you may have about the audit and to determine how you can facilitate the review process.

During the audit, the auditor assigned will keep you informed of audit progress. At the conclusion of the fieldwork, the auditor will schedule an exit conference to discuss the audit results. You will be provided with a draft of the audit report for your review and discussion in the exit conference. This gives you the opportunity to determine if additional discussion of the audit recommendations is necessary, to clarify any ambiguities, and if necessary, modify the report draft. If audit recommendations are made, your response to the recommendation(s) is required. The response should include:

• Agreement or disagreement with the recommendation.
• If agreement, the plan of action and estimated implementation date.
• If disagreement, your basis for the disagreement.

All audit information is treated as confidential and reported only to those within the institution who need to know. All final reports, including your responses, are distributed to the Vice President and Chief Compliance and Risk Officer. Reports are also distributed to the Vice President and other administrators responsible for the area audited. In addition, the Audit, Compliance, and Risk Management Committee of the Board of Regents is provided a summary report of audit results during their regularly scheduled meetings.

In addition to being audited by Internal Audit, some departments may also be audited by external auditors during their routine annual audits. While we try to eliminate or reduce duplication of effort by coordinating our schedule with these other auditors, we have no control over their audit plans. Consequently, an area or department may occasionally be reviewed more than once during the year.