Types of Audits
Internal Audit’s primary activity is the audit and review of county business operations and other matters, as outlined below. However, the complete range of services provided by Internal Audit as shown below may also include special projects and consultations.
Operational audits consist of auditing operating processes and procedures with the internal controls that mitigate specific risks. These audits examine the use of resources to determine if they are being used in the most effective and efficient manner to fulfill the county’s mission and objectives.
These audits determine the degree to which areas within the county apply the mandated federal, state and county laws, regulations, policies, and practices. Recommendations usually require improvements in processes and controls used to ensure compliance with regulations.
These audits review accounting and financial transactions to determine if commitments, authorizations, and the receipt/disbursement of funds are properly and accurately recorded and reported.
This type of audit also determines if there are sufficient controls over cash and other assets, and that there are adequate process controls over the acquisition and use of resources. Unlike external financial audits, internal financial audits do not prepare nor express professional opinions on the material correctness and fairness of the financial statements.
These audits are conducted to identify existing control weaknesses, assist in determining the amount of loss and recommending corrective measures to prevent additional losses. Internal Audit will also work with law enforcement and outside agencies to determine if misconduct has occurred. These types of investigations can encompass misuse of county funds or assets, fraud, or potential conflicts of interest.
The purpose of these audits is to evaluate the accuracy, effectiveness, and efficiency of the county’s electronic and information processing systems. Technology audits are typically comprised of automated controls, system implementation reviews, penetration testing, change management, disaster recovery plans, system back up procedures, physical system security, and the general security of data.
These reviews focus on the effectiveness and/or efficiency of processes and programs. No findings are determined; the report is an unbiased, independent statement of the facts uncovered.
Internal Audit offers training in ethics and internal controls. Training may take the form of formal classroom type training, Control Risk Self-Assessment facilitation, newsletters, and bulletins.
Internal Audit will receive requests from senior county management and the Board of Commissioners from time to time. These requests vary in nature and scope and may take on components of many of the services described above.
As requested by senior county management, Internal Audit will support the county’s contracted external audit firm by performing audit steps and other procedures. Internal Audit will not perform sufficient work in these areas to issue separate findings, recommendations, and conclusions.
From time to time, Internal Audit may initiate or agree to management requests to perform special projects. These projects will have an agreed to scope and durations, and in no way compromise the independence of Internal Audit. Examples include process mapping, cost/benefit analysis and research on accounting issues.