Internal Audit Frequently Asked Questions
TDOT Internal Audit Model utilizes a risk management based approach to ensure audit resources are deployed on the business unit, function, process, or activity with the greatest risks. This approach begins with the internal auditor partnering with management and Strategic Planning to understand the entity-wide risks resulting from business strategies and objectives. The result of this collaborative effort is an annual audit plan that defines the work Internal Audit will deliver throughout the year. Because new issues arise year-round, the annual audit plan cannot be the final plan. Internal Audit will periodically reassess the audit plan, adjusting priorities as needed to address changing needs.
When Internal Audit initiates an audit, audited entities can expect that Internal Audit will deliver services in the spirit of its vision, which is to become a valuable management resource that facilitates the promotion of good governance by performing high quality audit, assurance, consulting, and investigative work. Internal Audit:
- Addresses key enterprise risks central to TDOT’s strategies and objectives
- Applies audit work commensurate with material risks
- Helps improve internal controls, transparency, and accountability of operations
- Promotes a tone of openness, cooperation, and mutual trust within TDOT
- Places emphasis on areas that have heightened sensitivity to management and citizens of Tennessee.
An audit report will be issues that will help audited entities understand how the unit, function, process, or activity performs and whether internal controls are effective in both design and operations so that it will highlight areas for improvement. Internal Audit does not stop after issuing the report. Internal Audit follows up on action plans to assure governance and management so that the issues identified are addressed through the implementation of pragmatic solutions.
From this process, repeated across audit areas, comes our ability to share what Internal Audit has learned about risks and internal controls. You will have access to the Internal Audit Resource Center that identifies and enumerates internal control Best Practices. Our knowledge sharing capability is a great part of our strategic focus. Because the stronger TDOT’s internal controls are, the better the citizens of Tennessee are served.
Some risks are inherent in the environment of the entity, but most can be addressed with an appropriate system of internal control. Internal Control includes a range of activities that may include approvals, authorizations, verifications, reconciliations, segregation of duties, reviews of operating performance, and security of assets that are implemented to mitigate risk. Effective internal control will include a well-developed control environment, an effective and secure information system, and appropriate control and monitoring activities.
TDOT Internal Audit focuses on auditing issues, not people, and on developing solutions, not placing blame. Issues are discussed as identified and sensible action plans are developed in collaboration with the audited entity. The final report is the culmination of a cooperative effort between the Office of Internal Audit and management of the audited entity to find a satisfactory action plan and approach for addressing audit observations.
If you suspect fraud, call us and leave a message. The TDOT Integrity Hotline is always open. You can also click on the link below for specific instructions.
TDOT Integrity Hotline: 855-801-0137
Report Fraud, Waste or Abuse of TDOT Resources
Internal Auditing is an independent and objective assurance and consulting activity guided by a philosophy of adding value to improve the financial and operational functions of the Tennessee Department of Transportation (TDOT). It assists the department in accomplishing its objectives by bringing a systematic and disciplined approach to evaluating and improving the effectiveness of the organization's risk management, control, and governance processes. The Office provides audit, assurance, consulting, and investigative services in carrying out assigned responsibilities to achieve stated goals and objectives.