Internal Auditor
The Internal Audit Office was established in accordance with the City Charter, Article 3, Section 30. The City Internal Auditor is appointed by the City Council and reports to an Audit Committee composed of the Mayor, two City Council members, and two citizen members with expertise in accounting, finance, or auditing. The office is organizationally independent from city administration, with a reporting structure that ensures separation from the management of programs and functions subject to audit.
The Internal Audit Office is led by Ty Elliott, a Certified Internal Auditor, Certified Fraud Examiner, and Certified Government Audit Professional. Elliott holds both a Bachelor of Science and a Master of Public Administration from Brigham Young University.
Function
The City Internal Auditor is responsible for conducting independent audits of City departments, offices, boards, programs, activities, and agencies to determine whether:
- There are indications of fraud, abuse, or illegal acts.
- Management has established adequate internal controls to safeguard City assets.
- City resources and public funds are used economically, efficiently, and effectively.
- Financial and other reports fairly, accurately, and fully disclose all information required by law.
- Programs, activities, functions, and policies are achieving their intended results or benefits.
Each year, the City Internal Auditor prepares an annual audit plan to guide the allocation of limited audit resources to areas offering the greatest benefit to the City of College Station. In developing this plan, the City Internal Auditor considers:
- Financial and performance risk assessments.
- Results of external financial audits.
- Requests and suggestions from the City Council and City management.
- Feasibility of potential audit topics and availability of resources.
An overview of the audit process can be found here.
Audit Recommendations
The Internal Audit Office is committed to strengthening transparency and accountability in City operations by providing clear, actionable recommendations in its audit reports. These recommendations are designed to reduce the risk of fraud, waste, and abuse, while promoting efficient and effective use of public resources.
Since 2007, the City Internal Auditor has issued more than 200 recommendations to address identified risks and control weaknesses. These recommendations serve as a roadmap for City departments to enhance their processes, improve internal controls, and ensure adherence to best practices and/or comply with regulations.
Status Updates
To promote continuous improvement, the Internal Audit Office conducts annual follow-up reviews on the status of all audit recommendations. During these reviews, the office collaborates with City departments to evaluate progress toward implementing each recommendation. The results are published in the Recommendation Follow-Up: Progress Report.
This report provides:
- An overview of all recommendations issued by the City Internal Auditor since the office’s formation.
- The current status of each recommendation—fully implemented, partially implemented, or pending.
- A record of whether management concurred with each recommendation.
- Details of actions taken to address identified issues.
For more information, refer to the most recent Recommendation Follow-Up: Progress Report below.
Recommendation Follow-Up: Progress Report
Accolades and Awards
Peer Review
To comply with Generally Accepted Government Auditing Standards (GAGAS), audit organizations are required to undergo an external peer review at least once every three years. A peer review is an independent assessment conducted by qualified professionals from other audit organizations to evaluate whether the office’s audit work conforms to professional standards. The review focuses on audit quality, compliance with GAGAS, and the effectiveness of internal quality control processes. Peer reviews help ensure accountability, maintain public trust, and promote continuous improvement within audit functions.
The Internal Audit Office most recently completed a peer review in 2025, which resulted in the highest possible rating of Pass, indicating full compliance with GAGAS.
Previous Peer Review Results:
Knighton Award
In addition, the Internal Audit Office periodically submits audit reports to the Association of Local Government Auditors (ALGA) for review as part of the Knighton Award program. The Knighton Award was developed in 1995 as a way to recognize exceptional performance audit reports, and to help audit shops continue to improve their performance audit programs.
The Internal Audit Office has received five Knighton Awards:
- 2024 Exemplary Winner:
Segregation of Duties within ERP Role-Based Access - 2021 Distinguished Winner:
Payroll Audit - 2019 Distinguished Winner:
Parkland Dedication Audit - 2017 Distinguished Winner:
Performance Audit of Public Works Sanitation Division - 2015 Exemplary Winner:
Streets Maintenance Audit
Audit Reports
Internal audit reports are published to promote transparency, strengthen accountability, and provide stakeholders with clear insight into how City programs and services are operating. By sharing the results of completed audits, the Internal Audit Office helps the City Council, management, and the public understand whether key processes are functioning as intended, whether resources are being safeguarded, and where improvements are needed to reduce risk and enhance performance.Top of Form
The Internal Audit Office issues several types of audit reports to meet different oversight needs. These engagements range from providing objective assurance on controls and compliance, to delivering advisory guidance on emerging issues, to assessing organizational risks, and to verifying whether management has implemented corrective actions. The sections below outline the types of work performed by the Internal Audit Office.
Advisory Services – Services through which internal auditors provide advice to an organization’s stakeholders without providing assurance or taking on management responsibilities. The nature and scope of advisory services are subject to agreement with relevant stakeholders. Examples include advising on the design and implementation of new policies, processes, systems, and products; providing forensic services; providing training; and facilitating discussions about risks and controls.
Assurance Services – Services through which internal auditors perform objective assessments to provide assurance. Examples of assurance services include compliance, financial, operational/performance, and technology engagements. Internal auditors may provide limited or reasonable assurance, depending on the nature, timing, and extent of procedures performed. Follow-up work may also be elevated to an assurance engagement if previously identified risks persist.
Risk Assessment – The identification and analysis of risks relevant to the achievement of an organization’s objectives. The significance of risks is typically assessed in terms of impact and likelihood.
Follow-up Audits – Procedures performed to determine whether management has implemented agreed-upon action plans and whether those actions have effectively addressed the underlying findings. Follow-up work may be conducted selectively based on the significance of the associated risks.