Skip Navigation and Go To Content

New Client Guide

See below for some general frequently asked questions concerning our auditing process.

Why am I being audited?

Relax! You aren't being singled out for something you did or didn't do.

All UTHealth Houston activities are subject to audit. We select audits based upon factors such as the size of your operation, the time elapsed since your last audit, and recent critical system and organizational changes. A prioritized list of audits is developed and reviewed annually with UTHealth Houston management.

Your area is being audited because it is considered important to the UTHealth Houston success.

What's in it for me?

There are many benefits of having an audit conducted of your area. It is difficult to find the time to stand back and thoroughly review your systems or practices and we provide assurance that operating and control systems in your area have been objectively reviewed. Additionally, we are aware of effective methods used throughout the UTHealth Houston to help ensure achievement of important goals.

If the audit identifies relatively minor issues, you can feel confident your practices are working to help UTHealth Houston achieve its goals in a well-controlled manner. If the audit identifies control issues, we will work with you to develop the most practical recommendations for needed enhancements or improvements.

What will the audit atmosphere be like?

A little anxiety is natural during an audit. Our audit approach is designed to ensure fairness and objectivity. We are trained to conduct our work in a friendly, constructive, and positive manner.

How should I prepare for my audit?

You should prepare and provide any information such as written procedures, transaction records, and reports related to your function that will help us understand the audited area. 

We will meet with you periodically during the engagement to ask questions and review the preliminary results of the audit.  We will make every attempt to be flexible in meeting your time requirements.

Who will be performing the audit in my area?

The audit will be conducted by one or more of our auditors. The number and type of auditors will depend on the nature of the audited area.

We are a team comprised of professionals with experience and certifications in internal auditing, information system auditing, public accounting, fraud detection, healthcare, and government auditing. We ensure the skills and experience of each auditor is matched to the type of audit to provide you with great service.   

How will the audit begin?

An Engagement Notice will be communicated to management over the audited area.

At the beginning of the engagement, we will introduce ourselves and other key employees who will participate in the engagement. Employee interviews will then be scheduled to obtain an understanding of each applicable audited area of the engagement.

What will happen during the audit interviews?

We begin by explaining the objectives of the interview and then ask you to explain how you perform certain tasks. We may ask questions to clarify job practices and identify internal controls built into your duties. We may ask you to walk through your job responsibilities and provide supporting documentation as appropriate. 

What should I tell and show the internal auditor?

You should respond directly and specifically to our questions. If you don't fully understand the question, please ask us to clarify so we can avoid misunderstandings.   You should explain the typical way you complete your job functions and describe  transactions you process and items you receive from/give to others. 

Is there anything I should not tell or show the internal auditor?

We have the authority to review all practices and records relevant to the audited area. If you have a concern about providing records, we will discuss and determine the best path forward.  We handle all records in a discreet and professional manner.

How will the internal auditor evaluate whether my practices are satisfactory?

We have the authority to review all practices and records relevant to the audited area. If you have a concern about providing records, we will discuss and determine the best path forward.  We handle all records in a discreet and professional manner.

What happens if problems surface?

The internal auditor will review preliminary concerns with you to ensure all of the facts are correctly understood. Other employees may be consulted to determine if their practices offset any risk that might be present. After all of this careful review, audit testing will be conducted to validate and size the extent of any problems.

What happens during audit testing?

We will review a sample of transactions during audit testing. Transaction testing is a natural part of the audit process and you may be asked to provide documents for us to review. Please provide the requested items as quickly as possible. We will compare each item to the related predefined performance standard or management expectation.

You will be given an opportunity to review all exception items and provide additional information or documents to clear them, if applicable.

What happens after the audit testing stage?

If control issues are identified, we will work closely with you and your management to properly interpret the testing results and reach an agreement on the facts. A meeting will be held to discuss and communicate all issues identified during the engagement and get your feedback.

What will appear in the audit report?

The most important control issues will be included in the audit report and we will work with you to identify practical recommendations to be considered in your management action plans.

We will prepare a draft report to be reviewed by you and/or your management. A meeting will be held at the end of the engagement to discuss the draft report and recommendations.  Once the report is finalized, it will be distributed to senior management.

What happens after our engagement is finished?

Audits provide value when they result in positive enhancements or improvements to  identified areas of risk. On a quarterly basis, we verify management action plans have been implemented by obtaining and reviewing supporting documentation.  Updates are then reported to the Audit Committee. 

Your area may be audited again in the future based on the normal audit selection process as previously described.