Title
Receive a report of the Auditor Controller’s County-wide Risk Assessment and provide direction or support approval of Fiscal Year 2019-20 proposed Internal Audit Plan.
Report
RECOMMENDATION:
It is recommended that the Budget Committee:
Receive a report of the Auditor Controller’s County-wide Risk Assessment and provide direction or support approval of Fiscal Year 2019-20 proposed Internal Audit Plan.
SUMMARY/DISCUSSION:
On September 25, 2018, the Board of Supervisors (Board), through Resolution No. 18-316, approved the Internal Audit Policy and revised Budget Committee Roles and Responsibilities recommended by the CAO’s Office.
On December 12, 2018 the Board approved the Auditor-Controller Internal Audit Division’s (IAD) Internal Audit Policies and Operations Manual and the Fiscal Year 2018-19 Internal Audit Plan. The 2018-19 plan included a county-wide risk assessment project for the purpose of assisting the IAD in developing a risk-based internal audit plan for fiscal year 2019-20 that ensures the priorities of the internal audit function are in line with the County’s objectives.
Ideally, a risk assessment should include a comprehensive evaluation of risks in the context of existing internal controls designed to mitigate those risk. Given the time and resource constraints in completing such a comprehensive project, to include surveying departmental activities, the IAD, determined that evaluating risk at a high-level is most prudent at this time.
Risk were identified through discussion with the Board of Supervisors and selected members of executive management (members). The risk assessment includes an executive summary (Attachment A) which provides descriptions of the risk assessment. The Risk Register (Attachment B) is the primary component of risk assessment and details the unique risk descriptions identified and their corresponding risk ratings. Risk descriptions included, are stated at their inherent level and are not statements of weakness within the related department or countywide activities. In summary, a total of 62 risks were identified and accumulated from input received by members. Certain risks were identified by multiple participants. In those instances, the IAD combined all responses within a single risk description resulting in a total of 23 unique risks. Risk were rated by aggregating members responses, by risk, and applying an impact factor to the quantity of response.
Using the results of the risk assessment, the IAD developed an internal audit plan (Attachment D) that is risk-based and aligned with the County’s strategic initiatives as required by IIA Standard 2120 - Risk Management. The internal audit plan includes four (4) audits brought-forward from prior year’s schedule and twenty-one (21) newly identified audits and projects resulting from the County’s 2019 Risk Assessment. The eight highest rated audits have been included in the 2019-20 plan with three projects assigned to the IAD and five projects identified as potential projects for outside consultants/auditors. The remaining audits not containing budgeted hours are proposed audits for consideration in future years. Lastly, the plan includes consideration for special projects and TOT audits.
OTHER AGENCY INVOLVEMENT:
This Board Report and related materials are in-line with the Internal Audit Policy and the Institute of Internal Auditors, International Professional Practices Standards, which require the IAD to present an Internal Audit Plan based on prioritization using a risk-based assessment of County programs and operations.
FINANCING:
There are no financing implications as a result of this report.
BOARD OF SUPERVISORS STRATEGIC INITIATIVES:
The internal audit activity is a key cog in the risk management framework. The mission of the Auditor-Controller’s Internal Audit Division is to help Monterey County’s Board of Supervisors and Department Heads achieve their stated initiatives and goals by providing effective audit and consulting services designed to provide objective assurance, advice, and insight.
Mark a check to the related Board of Supervisors Strategic Initiatives
_x_ Economic Development
_x_ Administration
_x_ Health & Human Services
_x_ Infrastructure
_x_ Public Safety
Prepared by: Harvey Howells, Chief Deputy Auditor-Controller, Internal Audit Division,
755-5493
Approved by: Rupa Shah, Auditor-Controller, 755-5099
Attachments:
Budget Committee Report
Attachment A - FY2019/2020 Risk Assessment - Executive Summary
Attachment B - FY2019/2020 Risk Assessment - Risk Register
Attachment C - FY2019/2020 Risk Assessment - Risk Ratings
Attachment D - FY2019/2020 Proposed Internal Audit Plan