Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword or section
Like this

Table Of Contents

0 of .
Results for:
No results containing your search query
P. 1
Audit of HISD Inspector General's Office

Audit of HISD Inspector General's Office

|Views: 774|Likes:
Published by enm077486
audit done by Institute of Internal Auditors, 2013
audit done by Institute of Internal Auditors, 2013

More info:

Published by: enm077486 on Jul 30, 2013
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Internal Audit Quality Assessment Presented To: Houston Independent School District 
 July 2013
Table of Contents
PageExecutive Summary
Opinion as to Conformance to the
Objectives / Scope / Methodology
Conformance Summary
3Conformance Gaps Noted and Associated Recommendations 7Attachment A
Conformance Rating Criteria
45Attachment B
Acronyms Used in Report
Executive Summary
Under the
International Standards for the Professional Practice of Internal Auditing (“Standards”)
an external quality assessment (“EQA”) of an internal audit
activity must be conducted at least once every five years by a qualified assessor or assessment team from outside the organization. The qualified assessor orassessment team must demonstrate competence in both the professional practice of internal auditing and the EQA process. The Houston Independent School
District (“HISD”) Board Audit Committee selected the Institute of Internal Auditors (“IIA”) to lead the review of the Office
Inspector General (“Internal Audit”).
The review was concluded on March 28, 2013 and provides management with information about Internal Audit as of that date. Future changes inenvironmental factors and actions by personnel, including actions taken to address recommendations, may have an impact upon the operation of Internal Auditin a manner that this report did not and cannot anticipate. Considerable professional judgment is involved in evaluating the findings and developingrecommendations. Accordingly, it should be recognized that others could evaluate the results differently, and draw different conclusions. The criteria used todetermine conformance to the
are defined on page 36 of this report and are consistent with the guidance provided by the IIA in their
Quality  Assessment Manual, Sixth Edition
Opinion as to Conformance to the
It is our overall opinion that Internal Audit does not conform to the
“Does Not Conform” means the assessor has concluded that the internal audit
activity is not aware of, is not making good-faith efforts to comply with, or is failing to achieve many / all of the objectives of the
While an InternalAudit charter is in place to establish the purpose, authority, and responsibility of Internal Audit, it is outdated and not consistent with requirements of the
. While Internal Audit reports functionally to the Board and administratively to the Superintendent, the nature of the functional reporting relationshipis not described in the charter. The charter is not consistent with the Definition of Internal Auditing, the IIA Code of Ethics, and the
and is not updatedperiodically and approved by the Board. This is a critical element to ensure functional reporting is effective and organizational independence is achieved.Documentation of planning and preliminary risk assessment at an engagement level does not support that work is done with due professional care and IT auditresources and skills need to be evaluated. The CAE has not established, documented and maintained a Quality Assurance and Impro
vement Program (“QAIP”)
that includes the required elements of internal and external assessment and communication of the results of such assessments.The annual risk assessment and audit planning process is not effective in prioritizing areas for audit. There is limited input from key stakeholders whenconducting the risk assessment and developing the annual audit plan, the plan is not clearly linked with an entity-wide view of risk, and there is no linkagebetween audit plan objectives and supporting resource requirements. The annual audit plan is not shared with key stakeholders in the organization beyond theBoard Audit Committee. Concepts of governance, risk management, and control are not specifically addressed in the audit plan. An internal audit methodologyhas not been specifically defined and documented for Internal Audit to ensure that infrastructure and processes are consistent with the
and that workcan be performed efficiently, effectively, consistently, and with a high level of quality. Planning for individual engagements, supported by an engagement levelrisk assessment, is not defined and or documented in audit work papers. Audits are executed based upon an approved work program, but are inconsistent interms of quality and level of documentation supporting conclusions. Audit reports could be enhanced by including recommendations for management actionand by improving timeliness, especially related to E-Rate matters. There is no formal follow-up process to monitor the status of observations raised during theaudit reporting process.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->