Audits are conducted by the process listed below:
Selection of Audit Areas
The City Auditor's management team selects areas for audit. Requests for audits may come from City Council, the Mayor, department heads, employees and citizens.
Initially the auditor and department director confer to discuss audit objectives. The auditor inquires about management's objectives and any areas management wishes to have examined. If staff time is available, we include those areas in the audit. If time does not allow, we will make every attempt to schedule a review of those areas at a later date.
In this phase the auditor gathers background information, obtains an understanding of the organization's mission, structure, goals, policies and procedures, and begins benchmarking other entities practices in the same area(s). The auditor must interview departmental staff regarding written and unwritten procedures followed.
Using this information and the stated goals of the program to be audited, the auditor performs a risk analysis to decide which elements of the program are most important to audit, and finally, develops audit objectives (questions to be answered) and audit steps to achieve the objectives.
Once the objectives and work plan are completed, the auditor(s) collects data, measures performance and analyzes data to accomplish the audit objectives. Often, the auditor will ask the organization's staff to help retrieve documentation from files or computer records and to provide schedules needed in the audit.
What does an auditor look for?
The primary emphasis in our work is to evaluate the internal control system in place. In other words, we identify and test the procedures management has implemented to ensure it reaches its objectives.
Secondly, the auditor looks for ways of promoting efficiency and effectiveness within the department/program. At times the evaluation of a particular program may be the focus of an entire audit.
Finally, the auditor assesses financial reliability and compliance with applicable laws and regulations.
The audit staff will make every attempt to accommodate departmental schedules and work load.
The audit report consists mainly of recommendations based on the auditor's 'findings'. The auditor prepares an audit comment ("finding") when the auditor concludes that an action or condition existed that:
- Was contrary to management's orders or city policies.
- Did not help a program reach it goals.
- Was not efficient or effective.
- Was not in compliance with laws and regulations.
Our policy is to discuss each comment with the proper departmental staff, as well as with management. There will be no surprises in the final report.
We furnish a draft of the report to various members of the organization's management before publication to solicit written responses and comment. The Internal Auditor invites management to:
- Correct factual errors or misinterpretations of what occurred,
- Provide data showing why the comment is not valid, and
- Create written responses (to be included in the report) to the recommendations, saying
- What will be done about the comment
- Who is responsible for implementing the recommendation
- When it will be completed
Top 10 Suggestions for a Smoother Audit
• Make sure you have up-to-date policies and procedures.
• Ensure authorization limits are communicated to your department.
• Ensure all assets are safeguarded at all times.
• Establish document control.
• Ensure approval signatures are visible on all required documentation.
• Make sure data is only accessible by authorized personnel.
• Understand your department's risks.
• Ensure adherence to City Code and to Departmental Policies and Procedures.
• Establish objectives and measures for your department and for major programs.
• Track performance to evaluate your success!