Citizen Portal
Sign In

El Paso ISD internal audit outlines risk‑based plan, adds cybersecurity to priorities

El Paso Independent School District Audit Committee · January 30, 2026
AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

Internal Audit presented a 10‑step, risk‑based audit plan for FY 2026–27, adding technology and cybersecurity as a formal risk factor in response to new Institute of Internal Auditors guidance. The plan will be submitted to the board in April and take effect in July 2026.

Miss Martinez, representing El Paso Independent School District’s internal audit office, presented the audit office’s 10‑step, risk‑based methodology for developing the district’s annual audit plan and announced the addition of technology and cybersecurity as a formal risk factor.

The office described the audit plan as a roadmap that “defines the work that we’re doing in internal audit for the coming year,” and said the risk assessment portion of the methodology—made up of the first five steps—drives prioritization. Auditable units are drawn from two categories: organizational units (departmental) and enterprise/mission‑critical cross‑functional processes. Each unit will be scored across a set of risk factors on a 1‑to‑3 scale, with 3 indicating the highest risk.

The cybersecurity addition was tied to updated professional guidance. “Our professional standards from the Institute of Internal Auditors have really prioritized risk related to technology and cybersecurity,” Miss Martinez said, noting the topical requirement becomes effective next month. The audit office said the new factor will be applied across departments—payroll, HR, academics and special programs—because cybersecurity risk can arise wherever data is stored or processed.

Internal audit said it gathers inputs through management questionnaires and meetings with senior leaders and the superintendent, and it solicits board feedback before finalizing priorities. The office plans to submit the audit plan to the board in April for approval, with the plan effective beginning July 2026.

The presentation also previewed the upcoming attendance audit, which will include a risk assessment tied to a Texas Education Agency requirement that students who reach a specified number of absences be coded as “at risk.” Miss Martinez said the audit will review the district’s coding process and how follow‑up is handled as the district transitions to a 90% attendance expectation next year.

The audit office highlighted that the board‑approved plan initially listed 15 engagements in April 2025 but has since expanded to 23 engagements for the fiscal year. At the time of the report the office said the plan was 43% complete, representing 10 finished engagements, 8 in progress and 5 not yet started.

Next steps: internal audit will finalize scoring and proposed engagements with leadership and submit the plan to the board in April.