Department Resources

The thought of an audit makes many people nervous. IA believes that we all share the same goal of delivering services to citizens in the most efficient and productive manner. Review the Audit Process to learn about how we conduct audits and what you should expect.

Audits vary in their scope and purpose, but most typically progress through the same stages.  They also tend to rely on the same types of information, particularly in the initial phase. In order to make the audit go as smoothly as possible, your department can follow the steps below:

• Collect background information about the activity being audited. For nearly all audits, the auditor will review:
  • Relevant performance measures or strategic plan,
  • Applicable policies and procedures for major operations or processes,
  • Financial or budgetary reports,
  • Relevant contracts, agreements, or grants
  • Any past audits or reviews, either by the City itself, state or federal government, or consultants.
• Identify key contacts that the auditor will work with. Decide whether any of these staff members should attend the opening meeting where the audit's scope will be discussed.
• Inform other staff members know about the audit. Let them know about its scope and what information they may be asked to provide. Emphasize the importance of providing access to all necessary employees and records.
• Identify a temporary workspace for the auditor during the fieldwork phase of the audit.
• Foster a professional and constructive working environment. The audit is designed to identify opportunities for departments to strengthen their performance. Cooperation between the department and audit staff are necessary if the audit is to be effective.
• Be available: Questions often arise during an audit. It is helpful to assure that qualified and knowledgeable personnel are available to answer questions and clarify information during the audit, in addition to being present during the audit debriefing.

During the exit conference, you should be given a copy of the draft report. The exit conference is an opportunity to correct any factual errors or assumptions in the audit so that the audit reflects that information. The exit conference also provides an opportunity for you to discuss how you will implement the recommendation made in the audit.

After the exit conference, the auditor will revisit any issues raised at the exit conference and will then forward a final draft to the department director for a response. The director typically has two weeks to write a response that will be included in the final audit report.

Audit responses are usually short and present action plans for addressing the concerns identified in the audit. After each recommendation, the department states whether it agrees or disagrees with the recommendation(s). If the department does not agree with the recommendation(s), it should propose an alternative solution to the problems identified in the audit. If the department agrees with the recommendation(s), the response should include:

• How the recommendation(s) in the report will be implemented;
• Who will be responsible from the department for implementing the recommendation(s);
• When the implementation will be completed.

Sample audit responses:

Recommendation: Conduct monthly or annual reconciliation of revenue received from tenants.

Department Response: Agree. Department accounting staff will reconcile revenue reports from suppliers and tenants every month beginning immediately. This reconciliation will be reviewed by the supervising accountant.

Recommendation: The department should routinely review the schedules and responsibilities of staff working a large amount of overtime.

Response: Agree. Our oversight department will conduct an audit every six months of 100 hour reports to insure they are being conducted properly and to ensure appropriate corrective/disciplinary action is being taken. The results of the first audit covering the first half of 2020 will be presented to the department director around July 15, 2020.

Recommendation: Agencies should ensure that they have virus protection software installed on all their data systems and PCs. The anti-virus software definitions should be regularly updated at least monthly or more frequently when major virus attacks are discovered.

Response: Disagree. We disagree on the monthly minimum update period. Any virus software must check for new updates every day, without user intervention. The security consultant may choose to publish detailed procedures or guidelines.

For additional examples of report responses, see actual reports that have been recently released. (link to completed reports)

Internal controls are the tools a department has to ensure that their program is functioning properly and efficiently. Controls help departments increase the likelihood that they will be able to achieve their goals by minimizing risks. Internal controls are also used to verify the reliability of financial information and deter fraud.

Filling out a time sheet every week that is also reviewed by a supervisor is a simple internal control used to ensure employees stay on task and use time appropriately. Creating a review panel to evaluate construction bids is a more sophisticated control designed to protect the integrity of the public bidding process. Having employees sign a code of conduct is a "soft" control designed to promote ethical behavior in the workplace.