In order to meet the responsibilities and objectives as set forth in the Audit Charter and Mission Statement, Internal Audit performs reviews and audits of varying types and scopes. Each fiscal year an annual audit plan is developed and submitted to the Secretary's Office for review and approval. The audit plan is based on a risk assessment methodology, as well as requests from management.
The following types of audit services are provided by Internal Audit:
- Compliance Audits measure the agency's compliance and adherence to policies, plans, procedures, laws, regulations, contracts and other requirements. In addition, these audits determine if employees are following the proper procedures and guidelines and are in compliance with the agency's policies and procedures.
- Financial Audits determine the reliability of accounting and financial information and transactions such as payroll, purchasing and receipt and disbursement of funds. These audits verify there are sufficient controls over cash and cash-like assets, and there are adequate process controls over the acquisition and use of resources. They also serve as a measure of internal controls and conformity with generally accepted accounting principles.
- Operational/Performance Audits are reviews of resources and processes to determine if they are being used in the most effective and efficient manner to achieve the agency's goals and objectives, as well as offering recommendations for improvement where needed.
- Information Technology Audits evaluate the quality of the controls and safeguards over the information technology resources and critical data of the agency, and ensure adherence to management's policies. IT audits typically evaluate system input and output, processing controls, recovery plans and system security. IT audits can focus on existing systems as well as systems in the developmental stage.
- Management Requests are conducted in response to requests by departmental management for various reasons such as gathering data, identifying internal controls, performing financial audits, investigating unusual occurrences, etc. Direct consultation with management is important to ensure their objective for the audit is met.
- Consultations/Advisory Services are reviews and interpretations of policies and evaluations of specific processes and controls in order to offer an opinion on how internal controls might be strengthened. In addition, we provide technical assistance by demonstrating expertise in applying research based knowledge and content, best practices, resources, and current technology to address the needs of the agency.
- Investigative Audits are typically requested on an as-needed basis by management, or are requested by anonymous tips. Investigative audits focus on things such as alleged misconduct, non-compliance with established polices and laws, misuse of the agency's resources, and theft or abuse of assets.
- Internal Control Reviews are reviews of systematic measures (such as checks and balances, and methods and procedures) instituted by the agency to conduct business in an orderly and efficient manner, safeguard its assets and resources, prevent and detect fraud and abuse, ensure accuracy and completeness of data, and ensure adherence to policies and procedures.
- Risk Assessments provide an overview or information to determine the level and extent of subsequent auditing that may be needed, ranging from no audit work necessary, needed audit of specific functional areas, or a scheduled audit.
- Follow-Ups determine if corrective action has been taken on major findings identified in a prior audit. Follow-ups are typically scheduled at least three months after the audit report is published.