Internal Audit Services

Creation of Tarlac State University Internal Audit Service

The TSUIAS was created on February 13, 1995 through Administrative Order no. 11, s. 1995 entitled “Creation of an Internal Audit Service (IAS) tasked to promote efficiency, economy, effectiveness and accountability in the operations of the University.

On July 16, 2015, TSU Administrative Order no. 52, s. 2015 entitled “Functions of the Internal Audit Service” was issued to align the functions of TSUIAS with Philippine Government Internal Auditing Manual.

Mission

The Tarlac State University Internal Audit Service (TSUIAS) shall provide independent and objective advice to the University President on matters related to internal control system to be used in decision making towards effective, efficient, economical and ethical operations of the University.

Legal Bases for Internal Audit

The establishment of the internal audit function is based on the Philippine Constitution, laws and related issuances.

The creation of the IAS was first mandated under Republic Act (RA) No. 3456 (Internal Auditing Act of 1962), as amended by RA No. 4177, s. 1965. With the reorganization of the Executive Branch of government under Presidential Decree (PD) No. 1, s. 1972, the IAS was effectively abolished or dissolved with its merger with the Management Division of the Financial and Management Service of departments, said division being the surviving entity. Consequently, there was no longer an IAS under RA No. 3456, as amended, by virtue of PD No. 1.

Thereafter, the Administrative Code of 1987, as amended, mandated the creation of the present IAS and provided the corresponding internal audit functions, making the same as an integral part in the organizational structure of the Department of Public Works and Highways (DPWH). Essentially, the present IAS created under the Administrative Code of 1987, as amended, is different and distinct from the IAS under RA No. 3456, as amended, which was further abolished by PD No. 1. Accordingly, the IAS based on the Administrative Code of 1987, as amended, and the functions defined therein were subsequently adopted and applied across other departments, agencies, government-owned or -controlled corporations (GOCCs) and local government units (LGUs) through various executive issuances. Subsequent administrative orders mandated government entities to strengthen their internal control systems and organize systems and procedures in coordination with the Department of Budget and Management (DBM).

Functions and Services of the Internal Audit Service

1. Advise the University President on all matters relating to management control and operations audits;
2. Conduct management and operations audits of Colleges, Offices and Units relative to their functions, programs, projects, activities with outputs, and determine the degree of compliance with their mandate, policies, government regulations, established objectives, systems and procedures/processes and contractual obligations;
3. Review and appraise systems and procedures, organizational structures, asset management practices, financial and management records, reports and performance standards of the University;
4. Analyze and evaluate management deficiencies, and assist the top management by recommending realistic courses of action; and
5. Perform such other related duties and responsibilities as may be assigned or delegated by the University President or as may be required by law.

Scope of Work

Pursuant to the Administrative Code of 1987, as amended, the IAS is responsible for the conduct of a comprehensive audit of various activities of the University.  It shall conduct compliance audit, management audit, and operations audit relative to the entire operations of the University.

Inasmuch as the scope of internal audit is broad such that the University operations, programs and projects, including their systems and processes, are subject to it, the IAS should refrain from participating in the operations and processes of another unit as this is in conflict with the post-audit (ex post facto or after the fact/transaction) function of the internal audit.

The IAS is not responsible for or required to participate in activities which are essentially part of the regular operating functions or the primary responsibility of another unit in the organization. These include management and process improvements of operating and support services systems, such as quality management, HRM, and financial management, which are the responsibilities of the operating and support services units concerned.

The following examples of activities are considered as non-internal audit functions that should not be undertaken by the IAS:

1. Conduct of internal quality audit as part of the ongoing implementation of the QMS;
2. Participation in procurement procedures, including membership in the Bids and Awards Committee, its secretariat or technical working group;
3. Preparation or review of draft policies, guidelines, standards or operating procedures of other offices;
4. Review and certification of financial reports before approval by the agency head;
5. Pre-audit of vouchers and counter-signature of checks;
6. Inspection of deliveries, although the internal auditor may, as part of his examination, observe inspection;
7. Preparation of treasury and bank reconciliation statements;
8. Development and installation of systems and procedures, except in exceptional cases wherein the internal auditor may assist by way of giving suggestions;
9. Conduct of physical inventories; and
10. Maintenance of property records.

Authority and Confidentiality

Based on the audit objectives, the University President authorizes internal auditors to have full, free and unrestricted access to all functions, premises, assets, personnel, records, and other documents and information that the IAS head considers necessary in undertaking internal audit activities without the need of a written request.

All records, documentation and information accessed in the course of undertaking internal audit activities are to be used solely for the conduct of these activities. The internal auditor should respect the confidentiality of information acquired while performing the audit activities and should not use or disclose any such information without proper and specific authority unless there is a legal or professional right or duty to disclose.

Confidentiality is not only a matter of disclosure of information. It also requires that the internal auditor acquire information in the course of the audit neither uses nor appears to use that information for personal advantage or for the advantage of a third party.

The IAS head and the individual internal audit staff are responsible and accountable for maintaining the confidentiality of the information they receive during their work.

In case the IAS receives a request for a copy of internal audit plans, reports and other related or supporting documents, the requesting entity, whether an internal or external party, should only be given the same after proper authorization by the University President. In addition, access to such documents should be in accordance with agency-specific policies on security of information and disclosure.

Types of Internal Audit Performed by the Internal Audit Service

1. Compliance Audit

            Compliance audit is the evaluation of the degree of compliance of supervision or control with laws, regulations, managerial policies, systems and processes of government, including compliance with accountability measures, ethical standards and contractual obligations.

It also covers the determination of whether or not all other internal control components are well designed and properly implemented.

This type of audit is a necessary first step to, and part of, management and operations audits.

Compliance audit should be distinguished from compliance review which is the periodic review conducted by the heads of operating and support offices/units to ensure that operations and processes follow laws, regulations, policies, procedures, or other requirements. It is not enough that a unit regularly reviews the level of its performance, they must also review its compliance with laws and regulations, among others.

2. Management Audit

Management audit is a separate evaluation of the effectiveness of internal controls adopted in the operating and support services units/systems to determine whether or not they achieve the control objectives over a period of time or as of a specific date. It includes the determination of the degree of compliance of control or supervision with laws, regulations, managerial policies, accountability measures, ethical standards and contractual obligations covering specific timeframes.

It is a review and appraisal of the systems and processes, organizational and staffing structures, operations and management practices, records, reports and performance standards of the agencies/units covered.

Management audit focuses on results, evaluating the effectiveness and suitability of supervision or control by reviewing or appraising existing measures and methods. It includes compliance audit and root cause analysis. When performed correctly, it is a potentially useful evaluation method because it can be the basis of corrective or preventive measures.

3. Operations Audit

Operations audit is a separate evaluation of the outcome, output, process and input to determine whether government operations, programs and projects are effective, efficient, ethical and economical (4Es). It likewise includes the determination of the degree of compliance of supervision or controls with laws, regulations, managerial policies, accountability measures and contractual obligations.

The importance of assessing the 4Es of government operations is to contribute to better public services, accountability and governance. The matter of outcomes, outputs, processes, and inputs, as well as their correlation with the goals of effectiveness, efficiency, ethicality and economy of operations are the focus in the evaluation.

Essential to the conduct of operations audit is the assessment of progress with respect to processes, projects and programs, and their respective outputs and outcomes or impact/change towards improving the condition of intended beneficiaries. This is the work back approach of operations audit wherein the evaluation is done on the outcome-output-processes-input as they relate to the 4Es.