Internal Audit

Administrative Rule
Council: Administrative Services Council
Board Policy Reference: CDC, Accounting - Audits
Effective date: 08/19/21

Value Statement

The Austin Community College District (“ACC” or “the College”) seeks to achieve efficient and effective operations that comply with all laws, rules, regulations and accepted standards, and employs an internal audit program to help realize these goals.

Administrative Rule

The Internal Audit Program (“the program”) is an independent appraisal function established to examine and evaluate the College activities as a service to its administration. It is a managerial control which functions by measuring and evaluating the effectiveness of other controls.

The program is established by the Chancellor with reporting responsibility to the Board of Trustees (“the Board”). The program’s responsibilities are defined by the Chancellor and the Board as part of their oversight role. The program shall assist the Chancellor in the effective discharge of their duties by furnishing objective analyses, appraisals, and recommendations related to the activities reviewed, and will help the College to accomplish its objectives by bringing a systematic approach to evaluate and improve the effectiveness of risk management, internal controls, and processes.  

The program will govern itself by adherence to the Institute of Internal Auditors’ mandatory guidance including the Definition of Internal Auditing, the Code of Ethics, and the International Standards for the Professional Practice of Internal Auditing (Standards). This mandatory guidance constitutes principles of the fundamental requirements for the professional practice of internal auditing and for evaluating the effectiveness of the program’s performance.

The program will adhere to the Institute of Internal Auditors’ Practice Advisories, Practice Guides, and Position Papers as well as to the College’s relevant policies and procedures and industry best practices for internal audit.


The program, with strict accountability for confidentiality and safeguarding records and information, is authorized full, free, and unrestricted access to any and all of the College’s records, physical properties, and personnel pertinent to carrying out any engagement. All employees are requested to assist the program in fulfilling its roles and responsibilities.

The program will also have free and unrestricted access to the Chancellor.


The program will report functionally to the Chancellor and administratively (i.e. with respect to day-to-day operations) to the Executive Vice President (EVP) of Finance and Administration who will: 

  • Approve the risk based internal audit plan,
  • Approve the internal audit budget and resource plan,
  • Receive communications from the internal auditor on the program’s performance relative to its plan and other matters,
  • Approve decisions regarding the appointment and removal of the internal auditor,
  • Approve the remuneration of the internal auditor,
  • Make appropriate inquiries of management and the internal auditor to determine whether there is inappropriate scope or resource limitations.

The internal auditor will communicate and interact directly with the Chancellor and the Board, including in executive sessions and between Board meetings as appropriate.

Independence and Objectivity:

The program will remain free from interference by any element in the organization, including matters of audit selection, scope, procedures, frequency, timing, or report content to permit maintenance of a necessary independent and objective mental attitude.

Internal auditors will have no direct operational responsibility or authority over any of the activities audited. Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair the internal auditor’s judgment.

Internal auditors will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors will make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments.

The internal auditor will confirm with the Chancellor, at least annually, the organizational independence of the program.


The scope of internal auditing encompasses, but is not limited to, the examination and evaluation of the adequacy and effectiveness of the College’s governance, risk management, compliance and internal controls as well as the quality of performance in carrying out assigned responsibilities to achieve the organization’s stated goals and objectives. This includes:

  • Evaluating risk exposure relating to achievement of the College’s strategic objectives,
  • Evaluating the reliability and integrity of information and the means used to identify, measure, classify, and report such information,
  • Evaluating the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on the organization,
  • Evaluating the means of safeguarding assets and, as appropriate, verifying the existence of such assets,
  • Evaluating the effectiveness and efficiency with which resources are employed,
  • Evaluating operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned,
  • Monitoring and evaluating governance processes,
  • Monitoring and evaluating the effectiveness of the College’s risk management processes,
  • Evaluating the quality of performance of external auditors and the degree of coordination with internal audit,
  • Performing consulting and advisory services related to governance, risk management and control as appropriate for the organization,
  • Reporting periodically on the program’s purpose, authority, responsibility, and performance relative to its plan,
  • Reporting significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by the Chancellor or the Board,
  • Evaluating specific operations at the request of the Chancellor, as appropriate,
  • Ensuring compliance with Board Policy CDC, Accounting: Audits.

Internal Audit Plan:

At least annually, the internal auditor will submit to the EVP of Finance and Administration and the Chancellor an internal audit plan for review and approval. The internal audit plan will consist of a work schedule as well as budget and resource requirements for the next fiscal year. The internal auditor will communicate the impact of resource limitations and significant interim changes to the EVP of Finance and Administration and the Chancellor.

The internal audit plan will be developed based on a prioritization of the audit universe using a risk-based methodology, including input of the EVP of Finance and Administration and the Chancellor. The internal auditor will review and adjust the plan, as necessary, in response to changes in the organization’s business, risks, operations, programs, systems, and controls. Any significant deviation from the approved internal audit plan will be communicated to the EVP of Finance and Administration and the Chancellor through periodic activity reports.

Reporting and Monitoring:

A written report will be prepared and issued by the internal auditor or designee following the conclusion of each internal audit engagement and will be distributed to the EVP of Finance and Administration, the Chancellor and others as appropriate. Following the completion of the internal audit plan for each fiscal year, the internal auditor will prepare and distribute the Annual Internal Audit Report to the EVP of Finance and Administration, the Chancellor, and the Texas State Auditor’s Office per Texas Government Code, Section 2102.015.

The internal audit report may include management’s response and corrective action taken or to be taken in regard to the specific findings and recommendations. Management’s response, whether included within the original audit report or provided thereafter (i.e. within thirty days) by management of the audited area should include a timetable for anticipated completion of action to be taken and an explanation for any corrective action that will not be implemented.

The program will be responsible for appropriate follow-up on engagement findings and recommendations. All significant findings will remain in an open issues file until cleared.

The internal auditor will periodically report to the EVP of Finance and Administration and the Chancellor on the program’s purpose, authority, and responsibility, as well as performance relative to its plan. Reporting will also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by the EVP of Finance and Administration and the Chancellor. 

Quality Assurance and Improvement Program:

The program will maintain a quality assurance and improvement program that covers all aspects of the program. The program will include an evaluation of its conformance with the Definition of Internal Auditing and the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The program also assesses its efficiency and effectiveness and identifies opportunities for improvement.

The internal auditor will communicate to the EVP of Finance and Administration and the Chancellor on the program’s quality assurance and improvement program, including results of ongoing internal assessments and external assessments conducted at least every five years.

Back to Top