Audit Committee authority, duties, and members

Section 34 of the Charter Laws establishes the Audit Committee. It states:

"There shall be an audit committee whose members are appointed by the city commission. The members shall be commissioners or citizens or a combination of both. The audit committee will oversee the activities of the auditor and the audit department. The commission shall provide by ordinance for the organization and duties of the audit committee."

As stated, the Audit Committee oversees, in an advisory capacity, the audit activities of the Inspector General and assists the City Commission in its supervision of the audit function. The bylaws of the Audit Committee are located at Code of Ordinances, Article XIII, Chapter 2. They provide the operating framework for the committee and the operations of the Office of Inspector General’s Audit division. The Audit Committee is intended to be an intermediary between the City Commission and the Inspector General to prevent any undue pressure that might be exerted by a Commissioner in the selection of audit projects. The Audit Committee is responsible for recommending the selection of external auditors to the City Commission and negotiating the fee for the annual financial audit.

The Audit Committee is comprised of five members who are appointed by the City Commission. Committee members are Sunny Phillips (Chair), David Reid, John Kirk, Nate Newton and Patricia Griffin.

The formal definition of an audit by the Institute of Internal Auditors is that internal auditing is “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.”

An audit can also be thought of as a review of an organization or process to assess compliance with laws, policies, procedures, and/or best practices and help management ensure business processes are conducted efficiently and effectively.

Audits conducted by the OIG are governed by City Commission Policy #104 (Audit Policy) which directs the audit work of the Inspector General to include responsibilities for planning audits, exercising due professional care for each engagement, and for reporting instances of irregularities to the City Commission and others.

Audits typically consist of three main parts, a survey phase, a fieldwork phase, and a reporting phase. Each of those phases is described in detail in the following paragraphs:

Survey Phase

The beginning of any audit is known as the survey phase. Our first contact with an auditee (i.e., office/area audited) will be in the form of an engagement letter. We will then have an entrance conference that will enable you to meet with us face to face, discuss your thoughts and concerns regarding the planned audit, and possibly help refine the scope of the audit that will make it more beneficial to you and City management. We also begin to set up our workpapers, which will be our support for what we say in our audit report (good and bad).

During the survey phase we 1) prepare a survey audit program, 2) accumulate background information about the audited topic/area, 3) identify and assess the risks in the audit area, and 4) prepare for the rest of the audit.

• Survey Audit Program - We use a standard survey audit program. However, we modify this program based on what we know about the audit topic and may further modify it during the survey process as we learn more.
• Background Information - In order to perform an audit, we need to gain an understanding of what we are going to audit. This is done by accumulating background information. We have several sources for information that we use to assist with this; industry/trade associations, the internet, and the federal government are examples of information sources. We also look at similar audits conducted by other governments/businesses. This is a very good source of information as it can give examples of issues that may be encountered during the audit and possible solutions for those issues.
• Identification and Assessment of Risks - By the time we get to the point of identifying and assessing the risks in the audit area, we are beginning to work much closer with you. We are talking with you about what you do and how you do it, looking at the documents you use to do your job, and getting first-hand knowledge of the area/process. We also may be conducting analytical procedures, such as comparing data over several periods in order to identify any trends. It is at this point that we are identifying risks that could negatively impact the area/process, control strengths and weaknesses, and opportunities for improvement in effectiveness and efficiency.

By the time we complete the survey phase of the audit, we have a good understanding of the operations and risks of the audit area and are ready for the fieldwork phase of the audit.

Fieldwork Phase

In the simplest terms, the fieldwork phase is where we "test" what we have learned during the survey phase.

This testing enables us to be able to draw conclusions and form opinions about the area/process. Without testing and verifying what we learned or noted during the survey phase, it would not be appropriate for us to form the conclusions and recommendations we do in our audit reports.

The types of tests we perform are as varied as the operations of the City, and we tailor our tests to suit the individual circumstances of each audit. A couple of the more common types of tests we may perform include:

• Transaction Testing - This is where transactions are examined to determine if they were executed in accordance with established policies and procedures, controlling laws and regulations, and/or good business practices. The specific test criteria applied to sampled transactions will vary depending on various factors such as the type of transaction, the purpose and objectives of the audit, and the department or process that is being audited.
• Control Testing - Controls are procedures and processes that are in place to help ensure that City goals and objectives are met. (Another way of saying this is that controls are the rules put in place to help reduce the risk that “bad things” could happen.) Examples of controls include specific procedures or functions that are performed or a document or record that is used to record a transaction. We test those controls to see if they are functioning as intended by management.

Various procedures are used to test transactions and controls. Those procedures can be classified into the following basic categories:

• Inquiries and Interviews - Discussions are held with employees involved in the applicable area or process. For example, we may meet with employees executing and recording transactions or performing certain processes to further our understanding obtained during the survey phase and to evaluate the pertinent controls.
• Inspections - Inspections involve examining and reviewing records or documents.
• Observations - Observations are very similar to inspections. However, rather than looking at records and documents, we will observe processes and people in the performance of their assigned jobs.

In summary, fieldwork is where we gather evidence to draw conclusions about your department/process and to support what we are going to say in our audit report.

The Reporting Phase

Audit reports from the Office of Inspector General are issued to the City Commission and are published on the OIG's site for public access.

We produce several types of audit reports. The type of report produced depends on the objective of the audit and nature of the work we performed.

Prior to issuance of a report, we provide management, in the form of an exit conference, an opportunity to discuss the issues and conclusions in the audit report, identify any errors we may have made, and make any comments or suggestions. The exit conference is held with the Assistant City Manager and/or department director and any staff that may have expertise or knowledge relevant to the audit report. As part of the exit conference, we request management provide:

1. An action plan that lays out the steps management will take to address the issues and recommendations in the report, and
2. A written response to the audit from the applicable Appointed Official.

After any issues resulting from the exit conference are resolved, the action plan is received, and the Appointed Official’s response is received, a “final draft” of the audit report is prepared and submitted to all Appointed Officials (City Manager, City Treasurer-Clerk, or City Attorney) for final review. After that, the report is issued to the City Commission and released to the public.

What audits are planned for the OIG?

Both City Commission policy and professional auditing standards require the preparation of an annual audit work plan by the Office of the Inspector General. More specifically, City Commission Policy 104.03.V. requires the submittal of the annual audit plan to the City Commission for approval, following the Plan’s approval by the City’s Audit Committee.

2023 Audit Plan

Auditing Standards

The Office of Inspector General is committed to discharging its responsibilities in a professional manner. To that end, the OIG has adopted and follows the two preeminent sets of professional auditing standards.

Government Auditing Standards (known as the Yellow Book) provides a framework for performing high-quality audit work with competence, integrity, objectivity, and independence to provide accountability and to help improve government operations and services.

International Standards for the Practice of Internal Auditing (known as the Red Book) are a set of principles-based, mandatory requirements consisting of statements of core requirements for the professional practice of internal auditing.

Peer Reviews

Both Governmental Auditing Standards and Standards for the Professional Practice of Internal Auditing require periodic external assessments (peer reviews) of the audit work performed by the Audit division of the OIG. Those peer reviews serve as a means for OIG to demonstrate its adherence to the highest levels of professionalism and its compliance with those auditing standards.  We have consistently received unqualified opinions (the highest level of assurance) on our work.

Recent Peer Reviews:

2021 | 2017 | 2014 | 2011 | 2009 | 2006

Audit Program (Survey or Fieldwork) - An audit program is the plan for the audit and typically identifies all the activities and tests to be conducted in the audit. Audits will typically have both a survey and a fieldwork audit program.

Auditee - An auditee is the department, process, or individual that is being audited.

Auditor in Charge (AIC) - The auditor in charge is the person responsible for the specific audit in question and can be any level of auditor in the Office of Inspector General.

Conclusion - An audit conclusion is the opinion of the auditor and is based on the audit objectives, the results of audit testing, and the audit findings.

Criteria - Audit criteria are the rules, policies, procedures, or other requirements used as a basis to which we compare when conducting audit testing.

Evidence - Audit evidence includes the documents, information gained through interviews, or any other information that supports audit testing and conclusions. Audit evidence should be relevant, reliable, appropriate, and sufficient to provide a reasonable basis for conclusions or opinions.

Findings/Observations - Audit findings or observations are the results of the audit testing. The term audit findings/observations can refer to audit results that are either “good” or “bad” and are typically thought of by auditors as representing either compliance or noncompliance with the applicable test criteria. However, typically auditors use the term(s) to note instances where audit testing shows noncompliance with the criteria.

Follow-up - Audit follow-up is an assessment of management’s action to address the findings/observations in the audit report.

Independence - Independence is when an auditor is free from conditions (real or perceived) that threaten an auditor’s ability to complete an audit in a unbiased manner.

Internal Controls - Internal controls are the policies, procedures, rules, and practices put in place to ensure management’s objectives and/or goals are accomplished.

Management - From an audit perspective, Management refers to those charged with governance of the department or process being audited.

Objectives - Audit objectives define the purpose of the audit or why the audit is being conducted.

Recommendations - An audit recommendation is the suggestion made by an auditor to address a finding/issue/observation.

Report - An audit report is the document or some other method of communicating the results of the audit. Audit reports communicate the audit’s scope, objectives, methodology, the finding/observations, and the auditor’s conclusions.

Risk - When referred to by auditors, risk is a threat that can prevent a department or process from accomplishing its mission or goals.

Sample - An audit sample is a subset of the items that are being tested.

For example, if an audit was testing purchases made by P-Card, it would not be practical or reasonable to test all P-Card purchases made within the City. The auditor will select a limited number of those purchases (a sample) for testing and make a conclusion about all P-Card purchases from the purchases tested.

Sample items can be selected randomly or judgmentally.

Scope - The audit scope defines what is being audited. Typically, the scope identifies the department or process that is being audited and timeframe that is covered.

Workpapers - Audit workpapers are the documents, records, or other evidence collected during an audit to support the findings/observations and conclusions of the audit.