Annual Risk Assessment and Audit Plan Fiscal Year 2015/2016



Similar documents
TABLE OF CONTENTS BACKGROUND AND INTRODUCTION... 5 PURPOSE... 5 SCOPE... 6 RISK ASSESSMENT PROCESS... 6

HUMAN RESOURCES DEPARTMENT

Periodic risk assessment by internal audit

How To Run A City Hall Program

KANSAS CITY, MISSOURI RESPONSES TO THE FISCAL YEAR 2013 AUDIT MANAGEMENT LETTER

Chapter 5. Planning the Audit Engagement

Risk Management and Internal Audit Specialized Training Course Audit Risk Assessment Methodology

GUIDELINE INFORMATION MANAGEMENT (IM) PERFORMANCE MEASUREMENT

Department of Audit and Compliance. Quality Self-Assessment

Comprehensive Risk Assessment and Developing the Audit Plan

Internal Audit and Advisory Services DRAFT

Internal Audit Risk Assessment Process May 9, 2014

Mission Human Resources

Department of Public Works and Environmental Services Division of Solid Waste Disposal and Resource Recovery

Report to the Audit Committee

City of West Palm Beach Florida. Budget In Brief Fiscal Year 2015

GOVERNANCE AND MANAGEMENT OF CITY COMPUTER SOFTWARE NEEDS IMPROVEMENT. January 7, 2011

Internal Audit RFP 2013 Questions and Answers

AUDIT REPORT. Federal Energy Regulatory Commission's Fiscal Year 2014 Financial Statement Audit

Enterprise Resource Planning

September 28, Audit s Role in Governance, Risk Management and Internal Control

Division of Insurance Internal Control Questionnaire For the period July 1, 2013 through June 30, 2014

Department of Motor Vehicles

FOR FISCAL YEAR ENDED JUNE

Department of Consumer Affairs Cash Disbursements by Agency Checks

Montgomery County, Maryland

The University of Texas Southwestern Medical Center TAC 202 Compliance. Internal Audit Report 15:31

Office of the CIO. Department Description. Goals and Objectives

Financial Statement Analysis: An Introduction

How to gather and evaluate information

Technical Competency Framework for Information Management (IM)

TTC AUDIT COMMITTEE REPORT NO.

MNsure Compliance Program Strategic Plan. December 17, 2014

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Internal Controls Over Financial Reporting.

Audit of Financial Reporting Controls

AUDIT REPORT INTERNAL AUDIT DIVISION. Invoice Processing in UNAMID. Internal controls over invoice processing were inadequate and ineffective

RHODE ISLAND DEPARTMENT OF ENVIRONMENTAL MANAGEMENT FY WORK PLAN - OFFICE OF MANAGEMENT SERVICES

Control Environment Questionnaire

EDUCATION AND CULTURE - REGULATION OF PRIVATE TRADE SCHOOLS

INFORMATION TECHNOLOGY

Internal Controls and Risk Management Report

Payroll Process Final Audit Report Report Nr. 13/12 August 30, 2012

Internal Audit Activity Update


System Director of Facilities Management and General Services

Human Resources: Compensation/Rewards

NASA Financial Management Requirements Volume 9, Chapter 4 April 2005 CHAPTER 4 RISK ASSESSMENTS

Department of Public Safety and Correctional Services Criminal Injuries Compensation Board

RISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION

Managing Approvals in Expenses. Understanding Approvals

Risk Assessment Questionnaire

Table of Contents: Chapter 2 Internal Control

Unrecorded Payables/Receivables

Class Specification Accounts Payable/ Receivable Supervisor

International Financial Reporting Standards (IFRS) Survey Results and Staff Recommendations

Office of Public Affairs Business Process Audit Final Report

Communicating the Value of Energy Efficiency Projects to Financial Decision Makers in Not-For-Profit Markets

An organization properly establishes and operates its control over risks regarding the information system to fulfill the following objectives:

SCOPE OF WORK FOR PERFORMING INTERNAL CONTROL AND STATUTORY/REGULATORY COMPLIANCE AUDITS FOR RECIPIENTS OF SPECIAL MUNICIPAL AID

Transcription:

Annual Risk Assessment and Audit Plan Fiscal Year 2015/2016 Office of the Internal Auditor May 2015

Table of Contents Introduction... 3 Risk Assessment Process... 3 Interpreting Risk Assessment Results... 4 FY 2015/2016 Audit Schedule... 5 2

Introduction Government Auditing Standards and the Institute of Internal Auditor s Standards encourage the chief audit executive to establish a risk based approach to determine the priorities for Internal Audit activities. The Internal Auditor has completed a FY 2015 2016 Citywide Risk Assessment as a means to help identify, measure, and prioritize the City s potential audits based on the level of risk to the City. Each potential audit s score was considered when selecting audits for the Internal Auditor s work plan. Additional factors such as City initiatives, management concerns, and available audit hours were also considered when developing the Internal Auditor s work plan. Risk Assessment Process Risk assessment is a process of systematically ranking the relative impact of a variety of risk factors. A risk factor is an observable or measurable indicator of conditions or events that could adversely affect an entity. The first step in creating the City s risk assessment model is to define the audit universe. The audit universe is a listing of all the significant Auditable Units or Activity Groups. A list of City Departments, Agencies and their primary Activity Groups was developed from the 2015 2016 Recommended Budgets and from interviews with City management. (See Attachment 1 for Risk Assessment Model containing list of ranked Activity Groups) The next step was to identify and rank the major risk associated with each of the City s Activity Groups. To achieve this, a Departmental Risk Assessment Questionnaire was used to measure the following impact and probability risk factors: Impact Factors % Weight Mission critical to meet goals. 25% Failure to meet goals lead to public displeasure. 12.5% Public interface. 12.5% Revenue measure. 25% Expenditure measure. 25% Probability Factors % Weight Complexity Full Time Equivalents 10% Complexity Activity supports other departments. 15% Cash or cash convertible. 30% Internal Controls. 25% Regulatory Compliance. 20% 3

A risk score of low (1), medium (3) and high (5) was assigned to each risk factor for every Activity Group. The scores assigned to the risk factors were derived from discussions with management while completing the Departmental Risk Assessment Questionnaire. The final step in completing the risk assessment was to calculate the Total Impact Factors and Total Probability Factors by summing the (individual risk factors) x (the risk factor percentages). Then the Total Risk Scored is calculated by summing the Total Impact Factors and Total Probability Factors. Some changes from the prior year s activity groups and risk model are as follows: There were three (3) additional activity groups added to last year s risk assessment bringing the total to eighty six (86) activity groups. The three new activities are as follows: 1. Police Department Special Detail, Off Duty Assignments 2. Police Department Towing and Storage Contract 3. Human Resources Workers Compensation GIS Mapping and Risk Management (Property Insurance, OSHA and Safety Training) activities were moved under the City Manager s Department to reflect organizational changes. A few risk factor rankings were adjusted based upon a better understanding of the City s internal controls. Interpreting Risk Assessment Results The weighted scores for the ten risk factors were tabulated for each significant Departmental Activity Group identified in Attachment 1 - Risk Assessment Model. The list of Activity Groups on the Risk Assessment Model was then sorted from high to low risk as determined by the Total Risk Score. A high risk score does not mean that an Activity Group is being managed ineffectively but merely indicates that the services or functions provided are by nature a high risk activity because of such factors as having a large amount of revenues and expenditures, high degree of public interest or interface, high degree of complexity, or having cash or cash convertible assets involved in the activity. The overall results identify the activities with the highest risk factors that may warrant and benefit from additional management action or audit services. 4

FY 2015/2016 Audit Schedule Schedule Hours Self-Funded Liability Insurance (carryover from prior year) 280 Golf Course 320 Fuel Card Usage 240 Capital Assets 240 Verification of Narcotics Disposal 40 Total Budgeted Audit Hours 1120 Total Available Audit Hours (1) 1107 Resource Over - (Short) (13) (1) See Attachment 2 for calculation of Total Available Audit Hours. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information