Internal Audit Approach
When Internal Audit initiates an audit, audited entities can expect that Internal Audit will deliver services in the spirit of its vision, which is to become a valuable management resource that facilitates the promotion of good governance by performing high quality audit, assurance, consulting, and investigative work. Internal Audit:
Risk Management Based Methodology
TDOT Internal Audit Model utilizes a risk management based approach to ensure audit resources are deployed on the business unit, function, process, or activity with the greatest risks. This approach results in vitally useful audit reports and allows us to:
This approach begins with the internal auditor partnering with management and Strategic Planning to understand the entity-wide risks resulting from business strategies and objectives. The result of this collaborative effort is an annual audit plan that defines the work Internal Audit will deliver throughout the year. Because new issues arise year-round, the annual audit plan cannot be the final plan. Internal Audit will periodically reassess the audit plan, adjusting priorities as needed to address changing needs.
At the inception of an audit, audited entities can expect a “no surprises” approach. TDOT Internal Audit focuses on auditing issues, not people, and on developing solutions, not placing blame. Issues are discussed as identified and sensible action plans are developed in collaboration with the audited entity. The final report is the culmination of a cooperative effort between the Office of Internal Audit and management of the audited entity to find a satisfactory action plan and approach for addressing audit observations.
Governance Reporting and Follow-up
Audited entities can be assured that the audit report will help audited entities understand how the unit, function, process, or activity performs and whether internal controls are effective in both design and operations so that it will highlight areas for improvement. Internal Audit does not stop after issuing the report. Internal Audit follows up on action plans to assure governance and management that the issues identified are addressed through the implementation of pragmatic solutions.
From this process, repeated across audit areas, come our ability to share what Internal Audit has learned about risks and internal controls. You will have access to the Internal Audit Resource Center that identifies and enumerates internal control Best Practices. Our knowledge sharing capability is a great part of our strategic focus, because the stronger TDOT’s internal controls are, the better the citizens of Tennessee are served.