The Audit Process

The entrance memo includes the following information:

Department Management’s Responsibility for Control and Access to Records

As auditee management, you and your staff are responsible for devising, implementing and ensuring the adequacy, effectiveness, and efficiency or controls. City officials, employees and contractors are also required by the Accountability in Government ordinance (§2-10-16 R.O.A. 1994) to provide full and unrestricted access to all city offices, employees, records, information, data, reports, plans, projections, matters, contracts, memoranda, correspondence, electronic data, property, equipment and facilities, and any other materials within their custody to the auditor.

Preliminary Information

The enclosed Self-Assessment and Information Technology questionnaires are vital in helping us develop our audit scope and objectives. Please answer all questions as completely as possible, and attach documents to further explain your processes and procedures. We will begin conducting meetings with personnel in your area to gain an understanding of the operations, procedures, and information systems related to your audit.

Objectives and Scope

Objectives are what the audit is intended to accomplish. Some of our general audit objectives are to evaluate:

• Controls, policies, and procedures
• Actual and budgeted expenditures
• Compliance with applicable procedures, rules, regulations, ordinances, and statutes.

The scope is the boundary of the audit and ties directly to the audit objectives. The scope defines:

• Subject matter that the auditor will assess and report on
• Program, process, contract, or operation being audited
• Time period being audited
• Locations being audited

Entrance Conference

When we have established our objectives and scope we will arrange a face-to-face entrance conference. The purpose of the conference is to discuss our scope, audit objectives, and solicit your input with respect to the nature, timing and extent of audit work.

Audit Fieldwork

The audit objectives will be accomplished by:

• Control reviews, which require discussions with and observations of the personnel responsible for various operating and accountability functions to evaluate the existence and adequacy of internal controls.
• Detailed testing, including review of transaction documentation and observation of events to evaluate compliance with existing contractual, departmental, and Applicable regulations.

Audit Findings and Recommendations

An audit finding is an area of potential control weakness, policy violation, financial misstatement, or other issue identified during the audit. You will be updated by email, twice a month, on any findings. We will review and discuss the potential findings with you and appropriate staff to determine if the audit findings are valid and should be included in the audit report. The auditor will work with you to determine the apparent root cause and to determine a feasible solution to the issues identified.

OIA Management Review of Audit Work

In compliance with Generally Accepted Government Auditing Standards (GAGAS), we review all audit work and documentation to ensure that issues in the report are documented completely and all numbers and computations are accurate.

Exit Conference and Discussion Draft

When a draft report is complete, a formal meeting is held with you to discuss the details of the discussion draft. The discussion draft consists of the issues identified during the audit along with the respective details and recommendations. The discussion draft is distributed only to you and related management prior to the exit conference. This is your opportunity to provide comments, ask questions, point out any errors in fact, and discuss the presentation of issues.

Preliminary Draft

The preliminary report draft will be submitted for your technical review, and includes any changes agreed upon during the exit conference. You are required to submit your response To the report recommendations to the CAO within ten days. Your response to the audit report should specify the completion dates and other measures that will determine the success of implementation of the audit recommendations. The CAO will forward the response to OIA within four days. All responses will be included in the final report.

Final Report

The final draft report is presented to the Accountability in Government Oversight (AGO) Committee for approval. The CAO asks that you or your designee attend this meeting to answer any questions related to the response. Upon approval of the final draft by the AGO Committee, a final report is issued. Final reports are public information and are available to anyone requesting a copy and are posted on the City’s website. You will receive a copy of the final report.

Post-Audit Survey

Following the issuance of the final report, you will be asked to complete a post audit survey to help OIA evaluate the effectiveness of the audit process.

Audit Follow-Up

It is the responsibility of auditee management to ensure the recommendations are implemented and the audit findings are resolved in a timely manner. OIA will perform an audit follow-up to determine the status of all open report issues approximately one year after the audit is completed. OIA will continue to perform audit follow-ups until all recommendations have been implemented or otherwise resolved. OIA will provide follow-up reports to the AGO Committee, the CAO, and the City Council. Follow-up reports are public information.

Confidentiality

GAGAS standards require the auditor to maintain the confidentially of audit information during the course of audit work, ensuring that proper security is provided, and limiting dissemination to only necessary contacts.

You may share this document with your staff. Any comments for improvement are welcome, as we continually seek to improve our audit processes.