GOVERNMENT CODE


TITLE 10. GENERAL GOVERNMENT


SUBTITLE C. STATE ACCOUNTING, FISCAL MANAGEMENT, AND PRODUCTIVITY


CHAPTER 2102. INTERNAL AUDITING


Sec. 2102.001. SHORT TITLE. This chapter may be cited as the Texas Internal Auditing Act.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993.

Sec. 2102.002. PURPOSE. The purpose of this chapter is to establish guidelines for a program of internal auditing to assist agency administrators and governing boards by furnishing independent analyses, appraisals, and recommendations about the adequacy and effectiveness of a state agency's systems of internal control policies and procedures and the quality of performance in carrying out assigned responsibilities. Internal auditing is defined as an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 2003, 78th Leg., ch. 380, Sec. 1, eff. Sept. 1, 2003.

Sec. 2102.003. DEFINITIONS. In this chapter:

(1) "Administrator" means the executive head of a state agency.

(2) "Assurance services" means an examination of evidence for the purpose of providing an independent assessment of risk management, control, or governance processes for an organization. Assurance services include audits as defined in this section.

(3) "Audit" means:

(A) a financial audit described by Section 321.0131;

(B) a compliance audit described by Section 321.0132;

(C) an economy and efficiency audit described by Section 321.0133;

(D) an effectiveness audit described by Section 321.0134; or

(E) an investigation described by Section 321.0136.

(4) "Consulting services" means advisory and related client service activities, the nature and scope of which are agreed upon with the client and are intended to add value and improve an organization's operations. Consulting services include counsel, advice, facilitation, and training.

(5) "State agency" means a department, board, bureau, institution, commission, or other agency in the executive branch of state government.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1997, 75th Leg., ch. 1122, Sec. 11, eff. Sept. 1, 1997; Acts 2003, 78th Leg., ch. 380, Sec. 2, eff. Sept. 1, 2003.

Sec. 2102.004. APPLICABILITY. (a) Sections 2102.005-2102.012 apply only to a state agency that:

(1) has an annual operating budget that exceeds $10 million;

(2) has more than 100 full-time equivalent employees as authorized by the General Appropriations Act; or

(3) receives and processes more than $10 million in cash in a fiscal year.

(b) Sections 2102.013 and 2102.014 apply to each state agency that receives an appropriation and that is not described by Subsection (a).

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 2001, 77th Leg., ch. 804, Sec. 1, eff. Sept. 1, 2001; Acts 2003, 78th Leg., ch. 291, Sec. 1, eff. June 18, 2003.

Sec. 2102.005. INTERNAL AUDITING REQUIRED. (a) A state agency shall conduct a program of internal auditing that includes:

(1) an annual audit plan that is prepared using risk assessment techniques and that identifies the individual audits to be conducted during the year; and

(2) periodic audits of the agency's major systems and controls, including:

(A) accounting systems and controls;

(B) administrative systems and controls; and

(C) electronic data processing systems and controls.

(b) In conducting the internal auditing program under Subsection (a), a state agency shall consider methods for ensuring compliance with contract processes and controls and for monitoring agency contracts.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1997, 75th Leg., ch. 1122, Sec. 12, eff. Sept. 1, 1997.

Amended by:

Acts 2019, 86th Leg., R.S., Ch. 953 (S.B. 65), Sec. 14, eff. September 1, 2019.

Sec. 2102.006. INTERNAL AUDITOR; STAFF. (a) The governing board of a state agency or the administrator of a state agency that does not have a governing board shall appoint an internal auditor.

(b) An internal auditor must:

(1) be a certified public accountant or a certified internal auditor; and

(2) have at least three years of auditing experience.

(c) The state agency shall employ additional professional and support staff the administrator determines necessary to implement an effective program of internal auditing.

(d) The governing board of a state agency, or the administrator of a state agency if the state agency does not have a governing board, shall periodically review the resources dedicated to the internal audit program and determine if adequate resources exist to ensure that risks identified in the annual risk assessment are adequately covered within a reasonable time frame.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 2001, 77th Leg., ch. 804, Sec. 2, eff. Sept. 1, 2001; Acts 2003, 78th Leg., ch. 380, Sec. 3, eff. Sept. 1, 2003.

Sec. 2102.007. DUTIES OF INTERNAL AUDITOR. (a) The internal auditor shall:

(1) report directly to the state agency's governing board or the administrator of the state agency if the state agency does not have a governing board;

(2) develop an annual audit plan;

(3) conduct audits as specified in the audit plan and document deviations;

(4) prepare audit reports;

(5) conduct quality assurance reviews in accordance with professional standards as provided by Section 2102.011 and periodically take part in a comprehensive external peer review; and

(6) conduct economy and efficiency audits and program results audits as directed by the state agency's governing board or the administrator of the state agency if the state agency does not have a governing board.

(b) The program of internal auditing conducted by a state agency must provide for the auditor to:

(1) have access to the administrator; and

(2) be free of all operational and management responsibilities that would impair the auditor's ability to review independently all aspects of the state agency's operation.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 2001, 77th Leg., ch. 804, Sec. 3, eff. Sept. 1, 2001.

Sec. 2102.008. APPROVAL OF AUDIT PLAN AND AUDIT REPORT. The annual audit plan developed by the internal auditor must be approved by the state agency's governing board or by the administrator of a state agency if the state agency does not have a governing board. Audit reports must be reviewed by the state agency's governing board and the administrator.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 2001, 77th Leg., ch. 804, Sec. 4, eff. Sept. 1, 2001.

Sec. 2102.009. ANNUAL REPORT. The internal auditor shall prepare an annual report and submit the report before November 1 of each year to the governor, the Legislative Budget Board, the state auditor, the state agency's governing board, and the administrator. The state auditor shall prescribe the form and content of the report, subject to the approval of the legislative audit committee.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 1997, 75th Leg., ch. 1122, Sec. 13, eff. Sept. 1, 1997.

Amended by:

Acts 2019, 86th Leg., R.S., Ch. 573 (S.B. 241), Sec. 1.18, eff. September 1, 2019.

Sec. 2102.0091. REPORTS OF PERIODIC AUDITS. (a) A state agency shall file with the division of the governor's office responsible for budget and policy, the state auditor, and the Legislative Budget Board a copy of each report submitted to the state agency's governing board or the administrator of the state agency if the state agency does not have a governing board by the agency's internal auditor.

(b) Each report shall be filed not later than the 30th day after the date the report is submitted to the state agency's governing board or the administrator of the state agency if the state agency does not have a governing board.

(c) In addition to the requirements of Subsection (a), a state agency shall file with the division of the governor's office responsible for budget and policy, the state auditor, and the Legislative Budget Board any action plan or other response issued by the state agency's governing board or the administrator of the state agency if the state agency does not have a governing board in response to the report of the state agency's internal auditor.

(d) If the state agency does not file the report as required by this section, the Legislative Budget Board or the division of the governor's office responsible for budget and policy may take appropriate action to compel the filing of the report.

Added by Acts 1999, 76th Leg., ch. 281, Sec. 7, eff. Sept. 1, 1999. Amended by Acts 2001, 77th Leg., ch. 804, Sec. 4, eff. Sept. 1, 2001.

Amended by:

Acts 2013, 83rd Leg., R.S., Ch. 1312 (S.B. 59), Sec. 50, eff. September 1, 2013.

Acts 2019, 86th Leg., R.S., Ch. 573 (S.B. 241), Sec. 1.19, eff. September 1, 2019.

Sec. 2102.010. CONSULTATIONS. An internal auditor may consult the state agency's governing board or the administrator of the state agency if the state agency does not have a governing board, the governor's office, the state auditor, and legislative agencies or committees about matters affecting duties or responsibilities under this chapter.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 2001, 77th Leg., ch. 804, Sec. 4, eff. Sept. 1, 2001.

Sec. 2102.011. INTERNAL AUDIT STANDARDS. The internal audit program shall conform to the Standards for the Professional Practice of Internal Auditing, the Code of Ethics contained in the Professional Practices Framework as promulgated by the Institute of Internal Auditors, and generally accepted government auditing standards.

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 2003, 78th Leg., ch. 380, Sec. 4, eff. Sept. 1, 2003.

Sec. 2102.012. PROFESSIONAL DEVELOPMENT. (a) Subject to approval by the legislative audit committee, the state auditor may make available and coordinate a program of training and technical assistance to ensure that state agency internal auditors have access to current information about internal audit techniques, policies, and procedures and to provide general technical and audit assistance to agency internal auditors on request.

(b) The state auditor is entitled to reimbursement for costs associated with providing the services under the terms of interagency cooperation contracts negotiated between the state auditor and each agency. The costs may not exceed those allowed by the General Appropriations Act. Work performed under this section by the state auditor is subject to approval by the legislative audit committee for inclusion in the audit plan under Section 321.013(c).

Added by Acts 1993, 73rd Leg., ch. 268, Sec. 1, eff. Sept. 1, 1993. Amended by Acts 2003, 78th Leg., ch. 785, Sec. 33, eff. Sept. 1, 2003.

Sec. 2102.013. ANNUAL RISK ASSESSMENT; REPORT. (a) A state agency described by Section 2102.004(b) shall conduct each year a formal risk assessment consisting of an executive management review of agency functions, activities, and processes.

(b) The risk assessment must:

(1) evaluate the probability of occurrence and the likely effect of financial, managerial, and compliance risks and of risks related to the use of information technology; and

(2) rank risks according to the probability of occurrence and likely effect of the risks evaluated.

(c) The state agency shall submit the written risk assessment to the state auditor in the form and at the time prescribed by the state auditor.

Added by Acts 2003, 78th Leg., ch. 291, Sec. 2, eff. June 18, 2003.

Sec. 2102.014. EVALUATION OF RISK ASSESSMENT REPORTS; AUDITS. (a) Based on risk assessment and subject to the legislative audit committee's approval of including the work described by this subsection in the audit plan under Section 321.013(c), the state auditor shall:

(1) evaluate each report submitted under Section 2102.013;

(2) identify agencies with significant financial, managerial, or compliance risk or significant risk related to the use of information technology; and

(3) recommend to the governor that the identified agencies obtain an audit to address the significant risks identified by the state auditor.

(b) The governor may order an agency identified under this section to:

(1) obtain an audit under governmental auditing standards;

(2) submit reports and corrective action plans as prescribed by Section 2102.0091; and

(3) report to the state auditor the status of the agency's implementation of audit recommendations in the form and addressing issues as prescribed by the state auditor.

(c) The governor may provide funds to agencies as necessary to pay the costs of audits ordered under this section from any funds appropriated to the governor for this purpose.

Added by Acts 2003, 78th Leg., ch. 291, Sec. 2, eff. June 18, 2003.

Sec. 2102.015. PUBLICATION OF AUDIT PLAN AND ANNUAL REPORT ON INTERNET. (a) Notwithstanding Section 2102.003, in this section, "state agency" means a board, commission, department, institute, office, or other agency in the executive branch of state government that is created by the constitution or a statute of this state, including an institution of higher education as defined by Section 61.003, Education Code.

(b) Subject to Subsection (c), at the time and in the manner provided by the state auditor, a state agency shall post on the agency's Internet website:

(1) the agency's internal audit plan approved as provided by Section 2102.008; and

(2) the agency's annual report required under Section 2102.009.

(c) A state agency is not required to post information contained in the agency's internal audit plan or annual report if the information is excepted from public disclosure under Chapter 552.

(d) A state agency shall update the posting required under this section at the time and in the manner provided by the state auditor to include a detailed summary of the weaknesses, deficiencies, wrongdoings, or other concerns, if any, raised by the audit plan or annual report.

(e) A state agency shall update the posting required under this section to include a summary of the action taken by the agency to address the concerns, if any, that are raised by the audit plan or annual report.

Added by Acts 2013, 83rd Leg., R.S., Ch. 840 (H.B. 16), Sec. 1, eff. June 14, 2013.