The Audit Process

The entrance memo includes the following information:

Management's Responsibility for Control

Management is responsible for devising, implementing and ensuring the adequacy, effectiveness and efficiency of controls. OIA functions most effectively when it is able to objectively review, analyze and interpret management's information, conditions, procedures, organization and controls. Management should encourage personnel to be open with the auditors when discussing issues. Often an issue raised by an auditor's internal control review can be satisfied by some alternate control procedure of which the auditor may be unaware.

OIA Staff Members Assigned to the Project

Generally the team will consist of an Auditor, the Internal Auditor and the Director.

Preliminary Information

Prior to beginning the audit fieldwork, we will need information and documents useful to plan the audit, including the Self-Assessment Questionnaire. We will begin conducting meetings with personnel in your area to gain an understanding of the divisions, procedures and information systems related to the audit.

Self-Assessment Questionnaire

This document is sent out with the Entrance Memo, in the planning and information gathering stage of the audit process. We ask you answer all the questions as completely as possible. Your answers will assist us in understanding the key objectives and risks of your area. We will develop our audit objectives and scope using your responses. Objectives are what the audit is intended to accomplish. Some of our general audit objectives are to evaluate:

• Controls, policies and procedures
• Actual and budgeted expenditures
• Compliance with department policies and procedures, City rules, regulations and Ordinances, State Statues and other applicable rules and regulations
• Performance measures

The scope is the boundary of the audit and is directly tied to the audit objectives. The scope defines:

• Subject matter that the auditor will assess and report on
• Necessary documents or records
• Program, process, contract, or operation being audited
• Time period being audited
• Locations that will be audited

Entrance Conference

When we have received the completed Self Assessment Questionnaire, and have established our scope and objectives, we will call to arrange an entrance conference. During the entrance conference we will discuss our scope, audit objectives and solicit your input with respect to the nature, timing and extent of audit work.

Audit Fieldwork

The principal objectives will be accomplished by:

• Control reviews which require discussions with and observations of the personnel responsible for various operating and accountability functions to evaluate the existence and adequacy of internal controls.
• Detailed testing, which requires review of transaction documentation and observation of events to evaluate compliance with existing contractual, departmental and City policies and procedures.

Audit Findings and Issues

An Audit Finding is defined as an area of potential control weakness, policy violation, financial misstatement, or other problematic issue identified during the audit. Documentation of all Audit Findings will be maintained to reflect the discussion of these findings with auditee management during the course of the audit. When further review and discussion with auditee management determines that the Audit Finding is valid, it will be included in the Audit Report. The Audit Report will reflect all of the issues developed during the audit.

Developing Recommendations

Throughout the audit, OIA personnel will discuss findings with auditee management. The objective of these discussions is to communicate audit findings/issues and obtain agreements on resolution by joint formulation of recommendations. While developing audit issues, the auditor will present the apparent root cause and how the issue can best be resolved. Thus, when reviewing a draft of the issue for the first time, auditee management should take this into consideration and feel free to discuss modifications of the proposed recommendations to more closely reflect a feasible solution, if appropriate.

Management Review of Audit Work

All audit work documentation is reviewed by the Internal Auditor prior to the issuance of the Final Report. This review is performed to ensure that all issues are documented completely and that all numbers and computations contained in the report are accurate. The Final Report is sent out only after being reviewed by the Director.

Discussion Draft Report

A Discussion Draft Report consists of the issues identified during the audit along with the respective details and recommendations. The Discussion Draft is distributed to the Department Director and related management of the department prior to the Exit Conference. Auditee management will have an opportunity to comment on the content of the Discussion Draft of the audit report prior to final issuance.

Exit Conference

At the conclusion of the audit, a formal meeting is held with the management of the department to discuss the details of the Audit Findings and Recommendations that will be contained in the Final Report. The auditees will be furnished with copies of the Discussion Draft Report prior to the Exit Conference meeting. Any additional comments or questions will be addressed at this time.

Preliminary Draft Report

The Preliminary Draft Report is prepared for the auditee's technical review and includes any changes agreed-upon during the Exit Conference. The Preliminary Draft is distributed to the audited Department Director and management, Chief Administrative Officer (CAO), Chief Financial Officer (CFO), Department of Finance and Administrative Services (DFAS) Director, Chief Operations Officer (COO) and Chief Public Safety Officer (CPSO), if applicable. The department responsible for the finding will be required to submit a written response to the Preliminary Report within 14 days. Those responses will be included in the Final Report.

Final Report

After auditee management has been given an opportunity to respond to the Preliminary Draft, the Final Draft Report is presented to the Accountability in Government Oversight Committee for approval. Upon approval of the Final Draft by the Accountability in Government Oversight Committee (AGO), a Final Report is issued. The Final Report is distributed to the audited Department Director and management, Mayor, City Council, CAO, CFO, DFAS Director, COO and CPSO, if applicable. Final Reports are considered public information and will be available to anyone requesting a copy as well as on the City's website.

Post-Audit Communication

Following the Final Report issuance, the audited department will be asked to complete a Post Audit Survey to help OIAI evaluate the effectiveness of the audit process.

Audit Follow-Up

The auditee Responses in the audit report should specify the completion dates and other measures that will determine the success of implementation. It is the responsibility of auditee management to ensure the Recommendations are completed and the audit findings are resolved in a timely manner. OIA will perform an audit follow-up to determine the status of all open report issues approximately one year after the audit is completed. OIA management will provide audit follow-up reports to the AGO.

Audit Principles

One of OIAI's objectives is to maintain good working relations with the auditee. Our scope and objectives are communicated and management's concerns are considered prior to the performance of any auditing procedures. We strive to maintain a free flow of both formal and informal communications to develop recommendations that are effective and helpful for the auditee. Because we recognize that additional time is required of the auditee personnel during an audit, we wish to express our appreciation for your efforts in helping us complete the audit as efficiently as possible.

Confidentiality

The auditor will maintain the confidentiality of audit information during the course of audit work, ensuring that proper security is provided, and limiting dissemination to only necessary contacts.