REPORT TO COUNCIL
SUBJECT
Title
Study Session: Overview of the Citywide Risk Assessment and Proposed 2024 and 2025 Internal Audit Work Plans
Report
BACKGROUND
Per Section 909 of the City Charter, and SCCC Section 2.29.010, the City Auditor's duties and responsibilities include conducting in-depth financial and performance audits, overseeing the City's performance management system, auditing and approving all bills, invoices, payrolls, demands or charges against the City government before payment and, with the advice of the City Attorney, making reports to the City Council as to the regularity, legality and correctness of such claims, demands or charges. The City Auditor's Office conducts its work under the auditing standards prescribed by the Institute of Internal Auditors (IIA). The IIA International Standards for the Professional Practice of Internal Auditing (Standards) requires the City Auditor's Office to "establish a risk-based plan to determine the priorities of the internal audit activity, consistent with the organization's goals" and consider the input from senior management and a governing board.
DISCUSSION
In 2022, the City Auditor's Office engaged Baker Tilly US, LLP (Baker Tilly) to conduct a citywide risk assessment and prepare an annual audit work plan for the next five years. The purpose of the internal audit risk assessment is to develop an audit plan that assigns internal audit resources to the activities that add the most value to the City. The risk assessment process involves identifying and measuring risks associated with the audit universe (a list of specific departments, functions, processes, programs, etc. that can be subject to an audit, i.e. auditable units). Risk is defined as "the possibility of an event or condition occurring that will have an impact on the ability of an organization to achieve its objectives." The risk assessment is an ongoing process and will be updated each year. These updates may alter previously identified ...
Click here for full text