During the course of the Countywide Risk Assessment, it became apparent to the IAD that a general lack of understanding of business processes and practices and internal controls was widespread. Due to the nature of the many and varied risks, time was of the essence. It was decided that the best course of action to ascertain and address the highest risks in the shortest time possible was to perform a high level review of the operations of each of the identified audit population.
 |
To address internal control implementation and management. | |
|
|
To encourage development of department-specific policies and procedures. | |
|
|
To review current or recommend development of new disaster recovery plans and make recommendations on best practices. | |
|
|
to address the numerous security issues inherent in a government workplace. |
The audit scope for all of the preliminary audits is the same: An overview and evaluation of the existing policies, processes, procedures, contracts and internal control structure utilized by the department/agency for a particular period of time.
Audit Objectives
The audit objectives remain the same for the majority of the preliminary audits as does the scope. However, audit objectives can be changed or enhanced depending on the department’s current operation. The objectives for the preliminary audits are:
| 1. | To obtain and review the current policies and procedures. | |
| 2. | to review the internal control structure through employee interviews and observation. | |
| 3. | To perform a general overview of existing contracts in the department/agency. | |
| 4. | To perform a general overview of the physical environment and security of the facilities, data, records and departmental personnel. |
Results
The IAD is working to complete its audit schedule of preliminary audits
and has performed the majority of the follow-ups for the completed
preliminary audits. Follow-up to the audits are normally done within six to
nine months after an audit is approved by the Audit Committee. The IAD has
noted improvement in the following areas:
|
|
Initial development and /or updating of operational policies and procedures | |
|
|
Improved security measures | |
|
|
Improved safekeeping of confidential documents | |
|
|
Segregation of duties issues addressed | |
|
|
Tightening of cash handling controls | |
|
|
Reconciliation of accounts being performed | |
|
|
Human resources policies and procedures development | |
|
|
Performance evaluations conducted | |
| These improvements to basic business practices and mandated areas within a six to nine month time period (some changes were made during the course of the audits) are encouraging. This audit model has confirmed IAD’s original supposition that quickly addressing as many of the major challenges as possible that were identified in the risk assessment would measurably improve County operations. In addition, IAD can be utilized as a source that can be tapped to address each department’s performance upgrade and enhancement. | ||