FAQs

What types of services do we perform?

The Internal City Auditor performs a variety of audits including operational and compliance audits to determine that:

  • Activities or programs are performed in an efficient and effective manner.
  • Tasks and functions are performed in compliance with applicable laws, policies and procedures.
  • Revenues are being properly collected, deposited and accounted for.
  • Resources, including funds, property and personnel are adequately safeguarded, controlled and used in an effective and efficient manner.
  • Operating and administrative procedures, practices and systems are being utilized adequately.

 

How do we ensure our independence?

Our independence is established through organizational status.  The Internal City Auditor works with management and reports directly to City Council.  Audit work is carried out freely and objectively.

 

 

How do we determine what to audit?

An annual risk assessment is performed by the Internal City Auditor.  The risk assessment is a combination of the following tasks:

  • Evaluation and ranking of the City's functional areas.
  • Discussions with Management about areas of concern.
  • Requests from Management and City Council.

Selections are made based on risk level (high, medium, low) timing or urgency, and audit hours available.

 

What is our basic audit process?

Auditors perform a risk assessment for each operational audit. A risk assessment at this level includes a series of general audit steps designed to assist the auditor in identifying a potential list of threats.  For each of the threats, the Auditor assigns an inherent risk rating, identifies the internal controls in place to mitigate the threats, assesses the strength of the internal controls and assigns a vulnerability rating.  A fieldwork audit program is designed for those threats having a medium or high vulnerability rating.

 

How do we follow-up on management’s action plans?

As a part of our audit process, management provides an action plan and expected completion date for each recommendation.  Rather than performing a follow-up audit, Auditors will follow-up on each action plan as they come due.