CHAPTER 2102. INTERNAL AUDITING
GOVERNMENT CODE
TITLE 10. GENERAL GOVERNMENT
SUBTITLE C. STATE ACCOUNTING, FISCAL MANAGEMENT, AND PRODUCTIVITY
CHAPTER 2102. INTERNAL AUDITING
Sec. 2102.001. SHORT TITLE. This chapter may be cited as the
Texas Internal Auditing Act.
Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1,
1993.
Sec. 2102.002. PURPOSE. The purpose of this chapter is to
establish guidelines for a program of internal auditing to assist
agency administrators and governing boards by furnishing
independent analyses, appraisals, and recommendations about the
adequacy and effectiveness of a state agency's systems of
internal control policies and procedures and the quality of
performance in carrying out assigned responsibilities. Internal
auditing is defined as an independent, objective assurance and
consulting activity designed to add value and improve an
organization's operations. It helps an organization accomplish
its objectives by bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk management,
control, and governance processes.
Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1,
1993. Amended by Acts 2003, 78th Leg., ch. 380, Sec. 1, eff.
Sept. 1, 2003.
Sec. 2102.003. DEFINITIONS. In this chapter:
(1) "Administrator" means the executive head of a state agency.
(2) "Assurance services" means an examination of evidence for
the purpose of providing an independent assessment of risk
management, control, or governance processes for an organization.
Assurance services include audits as defined in this section.
(3) "Audit" means:
(A) a financial audit described by Section 321.0131;
(B) a compliance audit described by Section 321.0132;
(C) an economy and efficiency audit described by Section
321.0133;
(D) an effectiveness audit described by Section 321.0134; or
(E) an investigation described by Section 321.0136.
(4) "Consulting services" means advisory and related client
service activities, the nature and scope of which are agreed upon
with the client and are intended to add value and improve an
organization's operations. Consulting services include counsel,
advice, facilitation, and training.
(5) "State agency" means a department, board, bureau,
institution, commission, or other agency in the executive branch
of state government.
Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1,
1993. Amended by Acts 1997, 75th Leg., ch. 1122, Sec. 11, eff.
Sept. 1, 1997; Acts 2003, 78th Leg., ch. 380, Sec. 2, eff. Sept.
1, 2003.
Sec. 2102.004. APPLICABILITY. (a) Sections 2102.005-2102.012
apply only to a state agency that:
(1) has an annual operating budget that exceeds $10 million;
(2) has more than 100 full-time equivalent employees as
authorized by the General Appropriations Act; or
(3) receives and processes more than $10 million in cash in a
fiscal year.
(b) Sections 2102.013 and 2102.014 apply to each state agency
that receives an appropriation and that is not described by
Subsection (a).
Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1,
1993. Amended by Acts 2001, 77th Leg., ch. 804, Sec. 1, eff.
Sept. 1, 2001; Acts 2003, 78th Leg., ch. 291, Sec. 1, eff. June
18, 2003.
Sec. 2102.005. INTERNAL AUDITING REQUIRED. A state agency shall
conduct a program of internal auditing that includes:
(1) an annual audit plan that is prepared using risk assessment
techniques and that identifies the individual audits to be
conducted during the year; and
(2) periodic audits of the agency's major systems and controls,
including:
(A) accounting systems and controls;
(B) administrative systems and controls; and
(C) electronic data processing systems and controls.
Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1,
1993. Amended by Acts 1997, 75th Leg., ch. 1122, Sec. 12, eff.
Sept. 1, 1997.
Sec. 2102.006. INTERNAL AUDITOR; STAFF. (a) The governing
board of a state agency or the administrator of a state agency
that does not have a governing board shall appoint an internal
auditor.
(b) An internal auditor must:
(1) be a certified public accountant or a certified internal
auditor; and
(2) have at least three years of auditing experience.
(c) The state agency shall employ additional professional and
support staff the administrator determines necessary to implement
an effective program of internal auditing.
(d) The governing board of a state agency, or the administrator
of a state agency if the state agency does not have a governing
board, shall periodically review the resources dedicated to the
internal audit program and determine if adequate resources exist
to ensure that risks identified in the annual risk assessment are
adequately covered within a reasonable time frame.
Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1,
1993. Amended by Acts 2001, 77th Leg., ch. 804, Sec. 2, eff.
Sept. 1, 2001; Acts 2003, 78th Leg., ch. 380, Sec. 3, eff. Sept.
1, 2003.
Sec. 2102.007. DUTIES OF INTERNAL AUDITOR. (a) The internal
auditor shall:
(1) report directly to the state agency's governing board or the
administrator of the state agency if the state agency does not
have a governing board;
(2) develop an annual audit plan;
(3) conduct audits as specified in the audit plan and document
deviations;
(4) prepare audit reports;
(5) conduct quality assurance reviews in accordance with
professional standards as provided by Section 2102.011 and
periodically take part in a comprehensive external peer review;
and
(6) conduct economy and efficiency audits and program results
audits as directed by the state agency's governing board or the
administrator of the state agency if the state agency does not
have a governing board.
(b) The program of internal auditing conducted by a state agency
must provide for the auditor to:
(1) have access to the administrator; and
(2) be free of all operational and management responsibilities
that would impair the auditor's ability to review independently
all aspects of the state agency's operation.
Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1,
1993. Amended by Acts 2001, 77th Leg., ch. 804, Sec. 3, eff.
Sept. 1, 2001.
Sec. 2102.008. APPROVAL OF AUDIT PLAN AND AUDIT REPORT. The
annual audit plan developed by the internal auditor must be
approved by the state agency's governing board or by the
administrator of a state agency if the state agency does not have
a governing board. Audit reports must be reviewed by the state
agency's governing board and the administrator.
Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1,
1993. Amended by Acts 2001, 77th Leg., ch. 804, Sec. 4, eff.
Sept. 1, 2001.
Sec. 2102.009. ANNUAL REPORT. The internal auditor shall
prepare an annual report and submit the report before November 1
of each year to the governor, the Legislative Budget Board, the
Sunset Advisory Commission, the state auditor, the state agency's
governing board, and the administrator. The state auditor shall
prescribe the form and content of the report, subject to the
approval of the legislative audit committee.
Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1,
1993. Amended by Acts 1997, 75th Leg., ch. 1122, Sec. 13, eff.
Sept. 1, 1997.
Sec. 2102.0091. REPORTS OF PERIODIC AUDITS. (a) A state agency
shall file with the Sunset Advisory Commission, the budget
division of the governor's office, the state auditor, and the
Legislative Budget Board a copy of each report submitted to the
state agency's governing board or the administrator of the state
agency if the state agency does not have a governing board by the
agency's internal auditor.
(b) Each report shall be filed not later than the 30th day after
the date the report is submitted to the state agency's governing
board or the administrator of the state agency if the state
agency does not have a governing board.
(c) In addition to the requirements of Subsection (a), a state
agency shall file with the budget division of the governor's
office, the state auditor, and the Legislative Budget Board any
action plan or other response issued by the state agency's
governing board or the administrator of the state agency if the
state agency does not have a governing board in response to the
report of the state agency's internal auditor.
Added by Acts 1999, 76th Leg., ch. 281, Sec. 7, eff. Sept. 1,
1999. Amended by Acts 2001, 77th Leg., ch. 804, Sec. 4, eff.
Sept. 1, 2001.
Sec. 2102.010. CONSULTATIONS. An internal auditor may consult
the state agency's governing board or the administrator of the
state agency if the state agency does not have a governing board,
the governor's office, the state auditor, and legislative
agencies or committees about matters affecting duties or
responsibilities under this chapter.
Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1,
1993. Amended by Acts 2001, 77th Leg., ch. 804, Sec. 4, eff.
Sept. 1, 2001.
Sec. 2102.011. INTERNAL AUDIT STANDARDS. The internal audit
program shall conform to the Standards for the Professional
Practice of Internal Auditing, the Code of Ethics contained in
the Professional Practices Framework as promulgated by the
Institute of Internal Auditors, and generally accepted government
auditing standards.
Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1,
1993. Amended by Acts 2003, 78th Leg., ch. 380, Sec. 4, eff.
Sept. 1, 2003.
Sec. 2102.012. PROFESSIONAL DEVELOPMENT. (a) Subject to
approval by the legislative audit committee, the state auditor
may make available and coordinate a program of training and
technical assistance to ensure that state agency internal
auditors have access to current information about internal audit
techniques, policies, and procedures and to provide general
technical and audit assistance to agency internal auditors on
request.
(b) The state auditor is entitled to reimbursement for costs
associated with providing the services under the terms of
interagency cooperation contracts negotiated between the state
auditor and each agency. The costs may not exceed those allowed
by the General Appropriations Act. Work performed under this
section by the state auditor is subject to approval by the
legislative audit committee for inclusion in the audit plan under
Section 321.013(c).
Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1,
1993. Amended by Acts 2003, 78th Leg., ch. 785, Sec. 33, eff.
Sept. 1, 2003.
Sec. 2102.013. ANNUAL RISK ASSESSMENT; REPORT. (a) A state
agency described by Section 2102.004(b) shall conduct each year a
formal risk assessment consisting of an executive management
review of agency functions, activities, and processes.
(b) The risk assessment must:
(1) evaluate the probability of occurrence and the likely effect
of financial, managerial, and compliance risks and of risks
related to the use of information technology; and
(2) rank risks according to the probability of occurrence and
likely effect of the risks evaluated.
(c) The state agency shall submit the written risk assessment to
the state auditor in the form and at the time prescribed by the
state auditor.
Added by Acts 2003, 78th Leg., ch. 291, Sec. 2, eff. June 18,
2003.
Sec. 2102.014. EVALUATION OF RISK ASSESSMENT REPORTS; AUDITS.
(a) Based on risk assessment and subject to the legislative
audit committee's approval of including the work described by
this subsection in the audit plan under Section 321.013(c), the
state auditor shall:
(1) evaluate each report submitted under Section 2102.013;
(2) identify agencies with significant financial, managerial, or
compliance risk or significant risk related to the use of
information technology; and
(3) recommend to the governor that the identified agencies
obtain an audit to address the significant risks identified by
the state auditor.
(b) The governor may order an agency identified under this
section to:
(1) obtain an audit under governmental auditing standards;
(2) submit reports and corrective action plans as prescribed by
Section 2102.0091; and
(3) report to the state auditor the status of the agency's
implementation of audit recommendations in the form and
addressing issues as prescribed by the state auditor.
(c) The governor may provide funds to agencies as necessary to
pay the costs of audits ordered under this section from any funds
appropriated to the governor for this purpose.
Added by Acts 2003, 78th Leg., ch. 291, Sec. 2, eff. June 18,
2003.