audit process and Peer Review
The City Auditor prepares a Proposed Annual Workplan using a variety of techniques. These techniques include conducting a Citywide Risk Assessment and soliciting input from Council Members, Charter Officers, Department Heads, Division Managers, and City Staff. The City Auditor submits the Proposed Audit Workplan to the City Council Audit Committee for review and subsequent submission to the City Council for approval. Once the City Council approves the City Auditor's Workplan the City Auditor assigns staff to the identified audit assignments. City Council members may at any time make requests directly to the Audit Committee to add audit assignments to the City Auditor's Approved Audit Workplan.
The City Auditor follows Generally Accepted Government Audit Standards (GAGAS) when conducting the performance audits and special assignments included in his or her Approved Audit Workplan. In order to satisfy GAGAS requirements, the City Auditor typically performs the following steps:
- Holds an Entrance Conference with the representatives of the audited entity to discuss the purpose, scope, and process of the audit and to address any questions or concerns the representatives have.
- Conducts a Preliminary Survey to gain an understanding of:
- The nature and profile of the programs being audited and the needs of potential users of the audit report;
- Internal control as they relate to the inherent risks associated with the program being audited. Such inherent risks relate to a program's ability to 1) safeguard its assets 2) comply with laws, rules, regulations, policies and procedures 3) accomplish its goals and objectives 4) produce reliable financial and management information and 5) operate economically and efficiently;
- The reliability of the program's information systems;
- Legal and regulatory requirements, contract provisions or grant agreements, and potential fraud or abuse that are significant within the context of the audit objectives; and
- The results of previous audits that directly relate to the current audit.
- Conducts a Risk Assessment. A risk assessment is a product of our-risk based audit approach, which seeks to test internal controls and helps identify threats inherent to the auditee's activities. In performing a risk assessment we try to assess whether management has an adequate system of internal controls in place to address the risk that is inherent to the entities operations. The results of this assessment are then used to help prepare a written Audit Program.
- Conducts Fieldwork or the execution of the written audit program during which the City Auditor or staff performs procedures to develop the elements of a finding for inclusion in the audit report. These elements include:
- Criteria - the required or desired state or expectation of a program or operation;
- Condition - the situation that exists;
- Effect - the impact or potential impact of any differences between the Criteria and Condition;
- Cause - the reason/s for the difference between the Criteria and Condition; and
- Recommendations - Actions to correct reported differences between Criteria and Condition that are designed to eliminate or mitigate identified Effects.
- Prepares a Draft Report at the conclusion of Fieldwork which provides background information on the audit subject and findings which contain the elements described above. The City Auditor provides a copy of the Draft Audit Report to representatives of the audited entity for review and comment during the Exit Conference stage of the audit process.
- Schedules an Exit Conference with representatives of the audited entity to receive their input and comments on the Draft Audit Report. To ensure technical accuracy and fairness to the audited entity, the City Auditor incorporates any needed changes to the Draft Audit Report identified during the Exit Conference into the Final Audit Report. The City Auditor then allows the representatives of the audited entity a reasonable period of time to prepare a written response for inclusion in the Final Audit Report.
- Issues the Final Audit Report simultaneously to the City Council, the audited entity, and the public.
- Presents the Final Audit Report to the Audit Committee for its review and approval. The Audit Committee then forwards the Audit Report along with any Committee modifications to the City Council for concurrence. The City Auditor presents the Audit Report at the first City Council meeting following the Audit Committee meeting.
- Monitors and reports to the Audit Committee on a semiannual basis the Implementation status of City Council approved recommendations.
Even the Office of the City Auditor gets audited through the process known as Peer Review. GAGAS requires that audit organizations receive an external peer review at least once every three years. This process provides assurance that established policies, procedures, and applicable standards are being followed. In addition, peer review determine whether an audit organization's internal quality control system is in place and operating effectively.