Guidance on Management Responses
Management Responses provide the platform for clients to express their views and insight regarding an audit’s findings. Internal Audit is committed to working with clients to establish reasonable and effective approaches for resolving matters. As part of that process, Internal Audit issues a draft report to the client upon completion of fieldwork. The draft report will formally list audit findings and proposed recommendations to rectify them. The client is to provide a formal “Management Response” for each finding and recommendation listed, which should include the following:
- Understanding of the finding
The client’s acknowledgement that he/she understands the finding and rationale behind it. (This can be expressed verbally with Internal Audit and noted within exit conference minutes.)
- The Position of the Client
If in consensuses with the finding – To validate their commitment to rectify the finding, clients should cite specific actions that they will be taking. These steps should be “measureable” (i.e. able to track progress) as well as clearly stipulate who, including position and titles within the department, will be accomplishing what task(s). A key to having successful recommendation completion involves having an organized, clear break-down of these action steps.
If in non-agreement with the finding – The client must clearly identify his/her position and reason(s) for it – e.g. listing if there are any circumstances beyond the client’s control, any operational restrictions (such as budgetary, staffing limitations) that prohibit the client in following-though, or any legitimate matters that may demerit the finding of which the auditor has not been informed of prior.
- Targeted Implementation Date
The implementation date is a specific date provided by the client and agreed-upon by Internal Audit in which the recommendation is to be fully completed by. There should be serious consideration when determining the implementation date – taking into account any foreseeable obstacles to complete the recommendation (e.g. client’s commitment to other tasks, inability to pull appropriate resources). There are ramifications to missing the implementation date, so it is important the client sets a realistic timetable and a date that he/she is confident can be adhered to. Clients are advised to keep Internal Audit informed of any issues that arise that prohibit meeting an implementation date. The date ideally should fall on a business day as opposed to a holiday, weekend, etc.
- Responsible Party
The listed Responsible Party is the assigned staff (likely manager or director level) that is to be directly involved with and seeing that the recommendation is followed-through. This person is Internal Audit’s “go-to” person to inquire on the status of the recommendation. The Responsible Party is held accountable for missing an implementation date, and thus, addressing the Institutional Audit Committee when/if the situation warrants.
Need to know more?
More resources and information is at your fingertips!
If you are aware of a fraudulent act that was committed by a member of the UT Arlington campus community, you have the responsibility to notify either your supervisor, the appropriate Administrator, Department of Internal Audit or UT Arlington Police Department. Employees who in good faith report unlawful activity are protected by the Texas Whistle-Blower Act against retaliation.
To report fraud, waste or abuse at UT Arlington, contact the Ethics Hotline at 1-877-507-7314, or email firstname.lastname@example.org. You can also contact the State Auditor’s Office at:
1-800-TXAUDIT (1-800-892-8348), or online at http://sao.fraud.state.tx.us/.