El Paso ISD internal audit outlines risk‑based plan, adds cybersecurity to priorities
January 30, 2026 | EL PASO ISD, School Districts, Texas
This article was created by AI summarizing key points discussed. AI makes mistakes, so for full details and context, please refer to the video of the full meeting. Please report any errors so we can fix them. Report an error »
Miss Martinez, representing El Paso Independent School District’s internal audit office, presented the audit office’s 10‑step, risk‑based methodology for developing the district’s annual audit plan and announced the addition of technology and cybersecurity as a formal risk factor.
The office described the audit plan as a roadmap that “defines the work that we’re doing in internal audit for the coming year,” and said the risk assessment portion of the methodology—made up of the first five steps—drives prioritization. Auditable units are drawn from two categories: organizational units (departmental) and enterprise/mission‑critical cross‑functional processes. Each unit will be scored across a set of risk factors on a 1‑to‑3 scale, with 3 indicating the highest risk.
The cybersecurity addition was tied to updated professional guidance. “Our professional standards from the Institute of Internal Auditors have really prioritized risk related to technology and cybersecurity,” Miss Martinez said, noting the topical requirement becomes effective next month. The audit office said the new factor will be applied across departments—payroll, HR, academics and special programs—because cybersecurity risk can arise wherever data is stored or processed.
Internal audit said it gathers inputs through management questionnaires and meetings with senior leaders and the superintendent, and it solicits board feedback before finalizing priorities. The office plans to submit the audit plan to the board in April for approval, with the plan effective beginning July 2026.
The presentation also previewed the upcoming attendance audit, which will include a risk assessment tied to a Texas Education Agency requirement that students who reach a specified number of absences be coded as “at risk.” Miss Martinez said the audit will review the district’s coding process and how follow‑up is handled as the district transitions to a 90% attendance expectation next year.
The audit office highlighted that the board‑approved plan initially listed 15 engagements in April 2025 but has since expanded to 23 engagements for the fiscal year. At the time of the report the office said the plan was 43% complete, representing 10 finished engagements, 8 in progress and 5 not yet started.
Next steps: internal audit will finalize scoring and proposed engagements with leadership and submit the plan to the board in April.
The office described the audit plan as a roadmap that “defines the work that we’re doing in internal audit for the coming year,” and said the risk assessment portion of the methodology—made up of the first five steps—drives prioritization. Auditable units are drawn from two categories: organizational units (departmental) and enterprise/mission‑critical cross‑functional processes. Each unit will be scored across a set of risk factors on a 1‑to‑3 scale, with 3 indicating the highest risk.
The cybersecurity addition was tied to updated professional guidance. “Our professional standards from the Institute of Internal Auditors have really prioritized risk related to technology and cybersecurity,” Miss Martinez said, noting the topical requirement becomes effective next month. The audit office said the new factor will be applied across departments—payroll, HR, academics and special programs—because cybersecurity risk can arise wherever data is stored or processed.
Internal audit said it gathers inputs through management questionnaires and meetings with senior leaders and the superintendent, and it solicits board feedback before finalizing priorities. The office plans to submit the audit plan to the board in April for approval, with the plan effective beginning July 2026.
The presentation also previewed the upcoming attendance audit, which will include a risk assessment tied to a Texas Education Agency requirement that students who reach a specified number of absences be coded as “at risk.” Miss Martinez said the audit will review the district’s coding process and how follow‑up is handled as the district transitions to a 90% attendance expectation next year.
The audit office highlighted that the board‑approved plan initially listed 15 engagements in April 2025 but has since expanded to 23 engagements for the fiscal year. At the time of the report the office said the plan was 43% complete, representing 10 finished engagements, 8 in progress and 5 not yet started.
Next steps: internal audit will finalize scoring and proposed engagements with leadership and submit the plan to the board in April.
Don't Miss a Word: See the Full Meeting!
Go beyond summaries. Unlock every video, transcript, and key insight with a Founder Membership.
✓
Get instant access to full meeting videos
✓
Search and clip any phrase from complete transcripts
✓
Receive AI-powered summaries & custom alerts
✓
Enjoy lifetime, unrestricted access to government data
30-day money-back guarantee
