Title
a. Support approving the Auditor-Controller’s Internal Audit Charter, Policy and Operations Manual, Fiscal Year 2018-19 Internal Audit Plan; and,
b. Support funding for external consulting resource to conduct County-wide Risk Assessment via RFP for a one-time cost not to exceed $50,000; and,
c. Support $7,400 to fund the initial procurement of customary, audit working papers software, related training, and analytical software; and,
d. Support Board approval of a separate Audit Committee Charter to govern the Budget Committee’s audit oversight activities; or support Board approval to enhance the Budget Committee’s existing policies, procedures, and roles and responsibilities to include required criteria recommended by the Institute of Internal Auditors.
Report
RECOMMENDATION:
It is recommended that the Budget Committee of the Board of Supervisors:
a. Support approving the Auditor-Controller’s Internal Audit Charter, Policy and Operations Manual, Fiscal Year 2018-19 Internal Audit Plan; and,
b. Support funding for external consulting resource to conduct County-wide Risk Assessment via RFP for a one-time cost not to exceed $50,000; and,
c. Support $7,400 to fund the initial procurement of customary, audit working papers software, related training, and analytical software; and,
d. Support Board approval of a separate Audit Committee Charter to govern the Budget Committee’s audit oversight activities; or support Board approval to enhance the Budget Committee’s existing policies, procedures, and roles and responsibilities to include required criteria recommended by the Institute of Internal Auditors.
SUMMARY/DISCUSSION:
On September 25, 2018, the Board of Supervisors (Board), through Resolution No. 18-316, approved the Internal Audit Policy and revised Budget Committee Roles and Responsibilities recommended by the CAO’s Office. Resolution No. 18-316 reaffirms the Board’s sole authority under Government Code section 26883 and establishes the Boards decision to retain authority to conduct and assign audits to the Auditor Controller’s Internal Audit Division, the County Administrative Office, or County Counsel, as deemed appropriate. Lastly, this resolution establishes processes for approving the internal audit plan, internal audit and project requests, and reporting of related results.
The Internal Audit Policy requires compliance with Government Code Title 1, Division 4, Chapter 1, Article 8, Section 1236, which mandates those performing County audits to do so under the general and specific standards prescribed by the Institute of Internal Auditors (IIA), or, the Government Auditing Standards issued by the Government Accountability Office of the Comptroller General.
In line with the IIA Standards, the Auditor-Controller’s Internal Audit Division (IAD) has developed an Internal Audit Charter (Attachment A), Policy and Operations Manual (Attachment B), and fiscal year 2018-19 Internal Audit Plan, (Attachment C), for review and approval by the Board. Note that a risk-based internal audit plan could not be developed for fiscal year 2018-19 as the IAD has only recently been established. The fiscal year 2018-19 internal audit plan has been developed based on requests made by Division Management. The internal audit plan also includes assurance audits to be performed by external accounting firms. The External Audit Resources schedule list those audits scheduled, or anticipated, to be performed by an external firm and includes their corresponding due dates and budgeted amounts.
Also, contained within the fiscal year 2018-19 Internal Audit Plan is a County-wide Risk Assessment engagement. IIA Standards require the establishment of a risk-based audit plan to determine the priorities of the internal audit activity consistent with the County’s goals. The Risk Assessment is scheduled to commence on January 1, 2019 with the goal of completion by March 30, 2019 in preparation for the fiscal year 2019-20 Budget. Given time constraints and limited IAD resources, the IAD is requesting the Risk Assessment be performed by an external consulting resource who is competent and knowledgeable of IIA and Government Auditing Standards. The IAD will oversee and manage the effort internally through the RFP process. The initial costs to contract for these services is estimated to be at, or below, $50,000. On-going, the Risk Assessment will be monitored and updated by the IAD. All updates, modifications, or changes to the Risk Assessment will be approved by the Board. The RFP process is preferred to save time given the tight timeframe of completing the Risk Assessment and preparing the fiscal year 2019-20 Internal Audit Plan prior to March 2019 Budget deadlines.
IIA Standards also require the IAD establish and maintain a system to monitor the disposition of audit and consulting results communicated to management, follow-up on management action plans to ensure they have been effectively implemented, or, that management has accepted the risk of not implementing corrective action. The IAD is requesting $7,400 to procure customary, audit working papers software, related training, and analytical tool as follows:
1. Caseware Working Papers, $3,600
2. Caseware Working Papers training $1,700
3. Audimation IDEA Single User License, $2,100
Annual future cost to maintain two working papers licenses is 3,600.
Lastly, IIA Standards require the IAD to assess and make appropriate recommendations to improve the organizations governance processes. The IAD performed a detailed Gap Analysis (Attachment D.3) noting that many of the elements contained in the IIA’s Model Audit Committee Charter guidance (Attachment D.1) are not contained in the County’s existing Internal Audit Policy and Budget Committee Roles and Responsibilities documents. The IAD has included an Executive Summary of the Gap Analysis (Attachment D.2) highlighting substantial differences the IAD believes warrants serious consideration. The IAD is recommending that the Board adopt an Audit Committee Charter completely separate from the Budget Committee Roles and Responsibilities. In this way, the roles and responsibilities bestowed on the Committee will be complete, clearly delineated, and focused on governance, risk, and, internal control activities required of high-performing Audit Committees. To facilitate this process, we prepared an Audit Committee Charter Template (Attachment D.4) and Supplemental (Attachment D.5) containing the recommended criteria.
OTHER AGENCY INVOLVEMENT
The internal audit activity has only recently been approved, by the Board, to perform operational and performance audits of County departments. This Board Report and related materials are in-line with the CAO’s Internal Audit Policy and the Institute of Internal Auditors, International Professional Practices Standards, and Generally Accepted Government Auditing Standards as prescribed by the Comptroller General. The CAO’s office has reviewed and provided input to this report and related attachments.
FINANCING:
The Board has approved $100,000 budgeted in CAO Other General Expenses fund (001-CAO014-8039-6601) for outside firms to conduct audits as determined by the BC. The Auditor-Controller is requesting $57,400 of the funding be used for the Risk Assessment and Software leaving a balance of $42,600 for outside firms to conduct audits. The ongoing cost of $3,600 to maintain software licenses will be funded through departmental budget requests.
BOARD OF SUPERVISORS STRATEGIC INITIATIVES:
The internal audit activity is a key cog in the risk management framework. The mission of the Auditor-Controller’s Internal Audit Division is to help Monterey County Board of Supervisors and Department Heads achieve their stated initiatives and goals by providing effective audit and consulting services designed to provide objective assurance, advice, and insight.
Check the related Board of Supervisors Strategic Initiatives
_x_Economic Development
_x_Administration
_x_Health & Human Services
_x_Infrastructure
_x_Public Safety
Prepared by: Harvey Howells, CPA, CIA, Chief Deputy, Auditor-Controller,
Internal Audit Division, 755-5493
Approved by: Rupa Shah, CPA, Assistant Auditor-Controller, 755-5099
Attachment A - Internal Audit Charter
Attachment B - Internal Audit Policy and Operations Manual
Attachment C - FY2018-2019 Internal Audit Plan
Attachment D.1 - Institute of Internal Auditors’ Model Audit Committee Charter
Attachment D.2 - Gap Analysis Executive Summary
Attachment D.3 - Gap Analysis
Attachment D.4 - Audit Committee Charter Template
Attachment D.5 - Audit Committee Charter Supplemental
Attachment E - Budget Committee PPT