Office of Internal Audit
Internal Audit Approach
When Internal Audit initiates an audit, audited entities can expect that Internal Audit will deliver services in the spirit of its vision, which is to become a valuable management resource that facilitates the promotion of good governance by performing high quality audit, assurance, consulting, and investigative work. Internal Audit:
- Addresses key enterprise risks central to TDOT’s strategies and objectives
- Applies audit work commensurate with material risks
- Helps improve internal controls, transparency, and accountability of operations
- Promotes a tone of openness, cooperation, and mutual trust within TDOT
- Places emphasis on areas that have heightened sensitivity to management and citizens of Tennessee.
Risk Management Based Methodology
TDOT Internal Audit Model utilizes a risk management based approach to ensure audit resources are deployed on the business unit, function, process, or activity with the greatest risks. This approach results in vitally useful audit reports and allows us to:
- Share with you what Internal Audit have learned from auditing other functions
- Help TDOT’s governance structure and management address risk and strengthen internal controls
- Constantly improve our quality because of the insight and wisdom Internal Audit gains from our partnership with you.
This approach begins with the internal auditor partnering with management and Strategic Planning to understand the entity-wide risks resulting from business strategies and objectives. The result of this collaborative effort is an annual audit plan that defines the work Internal Audit will deliver throughout the year. Because new issues arise year-round, the annual audit plan cannot be the final plan. Internal Audit will periodically reassess the audit plan, adjusting priorities as needed to address changing needs.
No Surprises
At the inception of an audit, audited entities can expect a “no surprises” approach. TDOT Internal Audit focuses on auditing issues, not people, and on developing solutions, not placing blame. Issues are discussed as identified and sensible action plans are developed in collaboration with the audited entity. The final report is the culmination of a cooperative effort between the Office of Internal Audit and management of the audited entity to find a satisfactory action plan and approach for addressing audit observations.
Governance Reporting and Follow-up
Audited entities can be assured that the audit report will help audited entities understand how the unit, function, process, or activity performs and whether internal controls are effective in both design and operations so that it will highlight areas for improvement. Internal Audit does not stop after issuing the report. Internal Audit follows up on action plans to assure governance and management that the issues identified are addressed through the implementation of pragmatic solutions.
Sharing Knowledge
From this process, repeated across audit areas, come our ability to share what Internal Audit has learned about risks and internal controls. You will have access to the Internal Audit Resource Center that identifies and enumerates internal control Best Practices. Our knowledge sharing capability is a great part of our strategic focus, because the stronger TDOT’s internal controls are, the better the citizens of Tennessee are served.
