RISK ASSESSMENT REPORT Internal Audit Department

Similar documents
Required Supplementary Information

CODE STATUS CLASS TITLE NE

DUPAGE COUNTY CLASSES ASSIGNED TO SALARY RANGES EXEMPT

ORGANIZATIONAL CHARTS/ SALARY AND POSITION SUMMARIES

INTRODUCTION Budget. FY 2016 Budget. Annual Budget Process

MARION COUNTY FY BUDGET APPENDIX I POSITIONS BY DEPARTMENT, TITLE AND SALARY RANGE

SPECIAL AND DEDICATED FUNDS 2014

How To Tax Property In Denton

Chapter 1. Framework and Function of County Government. Grimes County Courthouse

Yamhill County Personnel Monthly Salaries

BEFORE THE BOARD OF COUNTY COMMISSIONERS OF COWLITZ COUNTY, WA

Maryland Courts, Criminal Justice, and Civil Matters

CUMBERLAND COUNTY CLASSIFICATION PAY PLAN (FISCAL YEAR ) JOB CLASSIFICATION LIST - GRADE ORDER

2016-AP-0001 Fiscal Year 2016 Annual Risk Assessment and Audit Plan

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

Bell County, Texas. Approved Budget

City of Naperville Strategic Technology Plan. August 26, 2014

Table of Contents Revised Budget - Public Defense Board

County of Sonoma Agenda Item Summary Report

Washtenaw County Emp Standard Salary for Transparency Report

Expenditure Account Descriptions

CITY OF CHESAPEAKE ORGANIZATION

Contact Information: 3911 Morse Street. Metro: Fax:

R E M A I N I N G B U D G E T D E T A I L A N A L Y S I S

CLARION COUNTY 2016 BUDGET

Position Listing Effective July 1, 2009

Positions on Issues. League of Women Voters of San Diego County

TRINITY COUNTY FY 2011 BUDGET

October 21, Ms. Joan A. Cusack Chairwoman NYS Crime Victims Board 845 Central Avenue, Room 107 Albany, New York

PERFORMANCE APPRAISAL SYSTEM

CHAPTER 91: LANGUAGE ACCESS

Budget Introduction Proposed Budget

FISCAL COURT OF SPENCER COUNTY, KENTUCKY JULY 1, 2011 THROUGH JUNE 30, 2012 BUDGETED APPROPRIATIONS

August 2014 Report No

FISCAL YEAR

COOS COUNTY ANNUAL FINANCIAL REPORT For the Fiscal Year Ended June 30, 2005 With Independent Auditors' Report

DOUGLAS COUNTY GOVERNMENT Salary Publication June 2015

BREVARD COUNTY FY BUDGET-IN-BRIEF

Employee Salaries, 2012

SENATE BILL 1486 AN ACT

HEALTH INSURANCE ALLOCATIONS 1/

Criminal Justice Services Department Programs and Services

CITY OF PLANO General Compensation Plan FY

DEPARTMENT OF POLICE

Chapter 3. Justice Process at the County Level. Brooks County Courthouse

CITY OF GRANTS PASS ORGANIZATIONAL CHART

GENERAL SERVICES AGENCY GOALS, OBJECTIVES AND ACCOMPLISHMENTS FISCAL YEAR

CLASS FAMILY: Business Operations and Administrative Management

CLERK & COMPTROLLER, PALM BEACH COUNTY CLASS DESCRIPTION CLASSIFICATION TITLE: MANAGER FINANCE SERVICES GENERAL DESCRIPTION OF DUTIES

TABLE OF CONTENTS BACKGROUND AND INTRODUCTION... 5 PURPOSE... 5 SCOPE... 6 RISK ASSESSMENT PROCESS... 6

AUDIT OF THE MACOMB COUNTY SHERIFF S OFFICE EQUITABLE SHARING PROGRAM ACTIVITIES MOUNT CLEMENS, MICHIGAN EXECUTIVE SUMMARY*

Homeland Security and Protective Services CIP Task Grid

AID TO CRIME LABORATORIES

BENTON COUNTY OFFICE OF PUBLIC DEFENSE

NOTES: TOWN OF SOUTHAMPTON. Salaries of Elected Officials TOWN OF SOUTHAMPTON - SALARY CHARTS ADMINISTRATIVE AND ADMINISTRATIVE SUPPORT 2015 BUDGET

STATE POLICE TROOPER

Information Services and Technology FY Performance Plan

At A Glance. Contact. Two Year State Budget: $122 million - General Fund

TASA Summary of House Interim Charges Related to Public Education 84th Legislative Session November 2015

APPENDIX C OF MEMORANDA OF AGREEMENT BETWEEN COUNTY OF SAN DIEGO AND THE SERVICE EMPLOYEES INTERNATIONAL UNION, LOCAL 221 (SEIU)

COUNTY ADMINISTERED - JOBS AND GRADE REPORT

ATTORNEY. City Attorney. Deputy Criminal Division. Deputy Civil Division. Administration. Admin. Support. Administrative Analysis

DISTRICT ATTORNEY Michael A. Ramos

ORANGE COUNTY GOVERNMENT POSITIONS BY DEPARTMENT SUBJECT TO ETHICS LAW FINANCIAL DISCLOSURE (Effective June 2015)

Juvenile Justice Decision Point Chart

Based on assignment, possession of a current and valid Massachusetts Class 3 Motor Vehicle Operator s License.

Illinois Family Violence Coordinating Councils

The Department of Justice

Chief Judge of the State of New York. Chief Administrative Judge. Deputy Chief Administrative Judge (Management Support)

JUVENILE JUSTICE SYSTEM

FY 2015 Annual Audit Report

Criminal Justice 101. The Criminal Justice System in Colorado and the Impact on Individuals with Mental Illness. April 2009

Montgomery County, Maryland

COUNTY ADMINISTERED - JOBS AND GRADE REPORT

APPENDIX B DEFINITION OF SUGGESTIONS

DOUGLAS COUNTY GOVERNMENT Salary Publication June 2014

Transcription:

RISK ASSESSMENT REPORT Internal Audit Department June 2013 Internal Audit Department Analyzes Risk and Prioritizes Audit Work About This Report Professional auditing standards require the County Auditor to assess risks challenging the County and to communicate Internal Audit s risk assessment activities, audit plans, and resource requirements to the County Board of Supervisors (Board). As the County s governing body, the Board determines that audit resources are sufficient, that internal controls are in place and working as intended, and that there is reasonable assurance the Board s strategic objectives will be met. This report describes how the County Auditor analyzes the County s risk environment, prioritizes audit areas, and prepares an annual audit plan for approval. Highlights Risk, control, and governance largely determine an organization s ability to achieve its objectives. County management is responsible for managing risk by implementing internal controls and providing reasonable assurance that they are operating as intended. Internal Audit assesses risk by analyzing conditions that can impair the County s ability to achieve its key objectives. Acting under the Board s authority, Internal Audit develops an audit plan to review controls that County management has implemented to address and mitigate risks. There are over 300 audit areas included in Internal Audit s countywide schedule. Risk Management Environment 2 Risk Assessment Process 4 Risk Assessment Cycle 5 Audit Resources and Plan 6 1 Audit Universe 7

RISK MANAGEMENT ENVIRONMENT Risk, control, and governance largely determine an organization s ability to achieve its objectives. Risk is the possibility a future event will impact the achievement of objectives. Control is action taken by leadership to manage risk and increase the likelihood that objectives will be met. The cost of mitigating risks may cause organizations to accept a higher risk. Risk appetite is the level of risk an organization is willing to accept. Good governance requires successfully balancing business strategy and risk. An effective control environment includes the following essential roles: Managers and supervisors are the first line of defense against risk. They are the risk owners and managers. They initiate and monitor controls to mitigate risk. Without managers support, employees cannot be effective at controlling the risk they encounter daily. Risk control and compliance functions, such as, Finance, Budget, Risk Management, Procurement, Office of Enterprise Technology, and Human Resources, are the second line of defense. They are the facilitators, overseeing risk and monitoring the implementation of countywide risk management practices. Internal Audit is the third line of defense, the independent evaluators that spot check the effectiveness of governance, risk management, and internal controls. Internal Audit evaluates how effective the first and second lines of defense are in achieving risk management and control objectives. Controlling Risk is an Enterprise-Wide Responsibility Managers and Supervisors Risk Control and Compliance Functions Internal Audit 1 st Line of Defense 2 nd Line of Defense 3 rd Line of Defense Source: IIA January 2013 Position Paper 2

Leadership s risk appetite determines how robust it wants each line of defense to be. Risk appetite determines the level of audit resources provided to address high-risk and other audit areas. Additional resources can increase audit frequency, which can help to mitigate organizational risk. If an area is not audited for a long period, control weaknesses may go undetected, thus putting the organization at greater risk. Leadership should consider audit frequency as part of its risk appetite. Audits help deter risk. If leadership desires to lower its risk appetite, then leadership is indicating its desire for more audits and will allocate resources accordingly. Internal Audit assigns risk level based on several factors such as budget size, financial impact, and leadership input (described in detail on the next page). The following table shows the County s average audit frequency by risk level based on current audit resources: Audit Risk Level Average Years Between Audits Examples High 6.6 Medium 7.4 Low 8.7 Assessor s Office Countywide Network Security Countywide Payroll Sheriff s Office Treasurer s Office Countywide Fleet Equipment Services Library District Medical Examiner Recorder s Office Countywide Software Licensing Countywide Travel Education Services Legal Advocate Parks and Recreation 3

RISK ASSESSMENT PROCESS Internal Audit assesses risk by analyzing conditions that can impair the County s ability to achieve its key objectives. Our annual risk assessment process helps us develop an audit plan that most effectively uses limited audit resources. We identify the audit universe (all auditable County areas see page 7 for a list of agencies key programs and activities). We compile this list by reviewing the County s organization chart, budget book, financial data, and Comprehensive Annual Financial Report (CAFR) audited by the Arizona Auditor General. We evaluate each area s risk level (high, medium, or low) using criteria, such as: Budget Size Listed in Annual Business Strategies. Financial Impact Small agencies may have large monetary transactions. Leadership Input The County Auditor gathers input from Board members and other County officials via interviews or surveys. Citizen Impact Some activities present high-risk to citizens. Examples: background checks for Head Start workers, shortages of flu vaccine, and backlogs in construction permits. Mandated Audits Some areas require audits on a regular basis. For example, the Arizona Supreme Court requires Minimum Accounting Standards reviews of Justice Courts and other areas every three years. Visibility Internal Audit keeps track of news media and other indicators of citizen interest in specific County programs and activities. Additional Considerations Each year, new challenges or risks become evident and must be considered. For example, as County smart phone usage becomes widespread, the network s exposure to unauthorized access also increases. Using the assessed risk levels, we develop a tentative audit plan for the upcoming year by performing the following: Balance assigned risk levels (high, medium, low) with the length of time that has elapsed since the most recent audit of each area. A longer elapsed time reduces Internal Audit s deterrence effect and therefore increases risk in that area. Calculate available audit resources based upon size of audit staff. Estimate and assign audit resources needed for top priority audit areas. Discuss the tentative plan with the County s Citizen s Audit Advisory Committee. Discuss the tentative audit plan with County leadership and adjust as necessary. Seek formal Board approval for the audit plan prior to the start of the new fiscal year. 4

INTERNAL AUDIT S RISK ASSESSMENT CYCLE Analyze Risk & Prepare Plan Follow Up on Recommendations Board Approves Audit Plan Publish Audit Reports Conduct Audit Work 5

AUDIT RESOURCES AND PLAN Acting under the Board s authority, Internal Audit reviews controls that County management has implemented to address and mitigate risks. Our body of work provides observations and recommendations that assist the Board in making decisions that govern Maricopa County. Internal Audit uses the following resources to conduct its annual audit plan: Internal Personnel External Specialists 20 positions (2 positions are part-time) $324,000 for subject matter experts $180,000 for Sheriff s Office audits $144,000 for specialized audit work in areas, such as, network security, engineering, health care, construction, actuarial services, etc. FY 2014 AUDIT PLAN Agency Audits Animal Care and Control - Adoptions Animal Care and Control - Outreach Animal Care and Control - Revenues Correctional Health - Info Technology (IT) Correctional Health - Inmate Assessments Correctional Health - Pre-Booking/Intake Correctional Health - Procurement MCSO Detention - Intake and Classification MCSO Detention - Jail Per Diem MCSO Detention - Jail Utilization Countywide Audits Contracts & Intergovernment Agreements Network Security - Active Directory Single Audit Monitoring Special Requests Accounting Reviews Agua Fria Justice Court Arcadia Biltmore Justice Court Downtown Justice Court Encanto Justice Court Estrella Mountain Justice Court Maryvale Justice Court South Mountain Justice Court West McDowell Justice Court Juvenile Probation Department Superior Court Finance Cash Handling Superior Court Law Library Superior Court Self Service Centers Non-Audit Reports Annual Audit Follow-Up Annual Audit Risk Assessment Annual Financial Condition Report Annual Performance Report 6

AUDIT UNIVERSE FY 2013 Audits KEY FY 2014 Audits Operational Audit Areas Adult Probation - Administration/Accounting Adult Probation - Assessment/Development Adult Probation - Community Supervision Adult Probation - IT Systems Adult Probation - Other Activities Air Quality - Compliance Air Quality - IT Systems Air Quality - Monitoring Air Quality - Other Activities Air Quality - Permitting Animal Care & Control - Adoptions Animal Care & Control - Community Outreach Animal Care & Control - Field/Facilities Animal Care & Control - Finance Animal Care & Control - IT Systems Animal Care & Control - Revenues Animal Care & Control - Shelter Operations Assessor - Administration/Records Assessor - GIS/Mapping Assessor - IT Systems Assessor - Other Activities Assessor - Personal Property Assessor - Real Property Board of Supervisors Board of Supervisors Clerk Business Strategies - Benefits Business Strategies - Economic Development Business Strategies - Other Activities Capital Improvement Program Clerk of the Superior Court - Financial Mgmt. Clerk of the Superior Court - IT Systems Clerk of the Superior Court - Other Activities Clerk of the Superior Court - Records Constables Contract Counsel Correctional Health - Clinics & Medications Correctional Health - Inmate Health Assess. Correctional Health - Information Technology Correctional Health - Pre-Booking/Intake Correctional Health - Procurement County Attorney - Administration/Finance County Attorney - Check Enforcement County Attorney - County Counsel County Attorney - Enforcement Support County Attorney - IT Systems County Attorney - Other Activities County Attorney - Prevention/Victims County Attorney - Prosecution County Attorney - RICO County Call Center County Manager's Office Education Services - Consortium Education Services - Educ. Support Services Education Services - IT Systems Education Services - Other Activities Education Services - School District Elections Education Services - School District Payroll Elections - Ballot Preparation 7

Elections - Ballot Tabulation Government Relations Elections - IT systems Housing - IT Systems Elections - Other Activities Housing - Other Activities Elections - Voter Registration Housing - Public Housing Emergency Management - IT Systems Housing - Section 3 Emergency Management - Other Activities Housing - Section 8 Emergency Management - Preparedness Human Resources - Compensation Environmental Services - Env. Health Human Resources - Employee Developmt. Environmental Services - IT Systems Human Resources - Employee Relations Environmental Services - Other Activities Human Resources - Emp. Serv. & Diversity Environmental Services - Vector Control Human Resources - IT Systems Environmental Services - Water/Waste Human Resources - Other Activities Equipment Services - Fleet Management Human Resources - Payroll/Records Equipment Services - Fuel Human Resources - Protective Services Equipment Services - IT Systems Human Services - Community Services Equipment Services - Other Activities Human Services - Grants Equipment Services - Parts Human Services - Head Start Facilities Management - Development Human Services - IT Systems Facilities Management - IT Systems Human Services - Other Activities Facilities Management - Maintenance Human Services - Workforce Development Facilities Management - Operations Innovation and Collaboration Facilities Management - Other Activities Integrated Criminal Justice Info. System Finance - Financial Reporting Internal Audit Finance - Financial Services Justice Courts - Administration Finance - IT Systems Justice Courts - Collections Finance - Other Activities Justice Courts - Finance/Accounting* Finance - Real Estate Justice Courts - Other Activities Financial Industrial Development Authority Justice System Planning Flood Control - Capital Improvement Juvenile Probation - Administration Flood Control - Flood Hazard Plan Juvenile Probation - Detention Flood Control - IT Systems Juvenile Probation - Finance/Accounting Flood Control - Other Activities Juvenile Probation - IT Systems/iCIS Flood Control - Permitting Juvenile Probation - Other Activities 8

Juvenile Probation - Supervision Law Library - Superior Court Legal Advocate - Contracts Legal Advocate - Other Activities Legal Defender - Contracts Legal Defender - IT Systems Legal Defender - Other Activities Library District - Branch Operations Library District - IT Systems Library District - Other Activities Library District - Support Services Management & Budget - Budget Development Management & Budget - CIP Oversight Management & Budget - IT Systems Management & Budget - Other Activities MCSO - Aviation MCSO - Civil & Extradition MCSO - Communications MCSO - Contracts MCSO - Crime Lab MCSO - Detention Jail Centers MCSO - Detention Capital Improvement MCSO - Detention Custody Support MCSO - Detention Food Factory MCSO - Detention Intake & Classification MCSO - Detention Jail Utilization MCSO - Detention Laundry MCSO - Enforcement Support MCSO - Expenditures MCSO - HR & Compliance MCSO - Inmate Fund Canteen System MCSO - Internal Affairs MCSO - Investigations MCSO - IT Governance MCSO - IT Security MCSO - Jail Management System MCSO - Jail Per Diem MCSO - Other Activities MCSO - Patrol Division MCSO - Patrol IGAs MCSO - Patrol IT Systems MCSO - Payroll MCSO - Property & Evidence MCSO - Revenue & Business Services MCSO - RICO MCSO - Training Division MCSO - Warehouse/Surplus MCSO - Weapons & Ammo Medical Examiner - Investigations Medical Examiner - IT Systems Medical Examiner - Lab Services Medical Examiner - Medical Exams Medical Examiner - Other Activities Non-Dept. - Capital Projects Non-Dept. - Contingency Non-Dept. - Infrastructure Non-Dept. - Other Activities Non-Dept. - State Contributions/MOE Non-Dept. - Taxes Office of Communications OET (Enterprise Technology) - Adv. Svcs. OET - Help Desk OET - Infrastructure and Communications OET - Other Activities OET - Security OPS (Procurement Services) - IT Systems 9

OPS - Other Activities OPS - Procurement OPS - Purchasing Cards OPS - Records Management OPS - Reprographics Parks and Rec. - Fees & Other Revenues Parks and Rec. - IT Systems Parks and Rec. - Other Activities Parks and Rec. - Parks Operations Parks and Rec. - Planning and Development Planning and Dev. - Building Permits Planning and Dev. - Fees Planning and Dev. - Inspections Planning and Dev. - IT Systems Planning and Dev. - Land Use Planning Planning and Dev. - Other Activities Public Advocate - Delinquency Public Advocate - Dependency Public Advocate - IT Systems Public Advocate - Mental Health Public Advocate - Other Activities Public Defender - Indigent Representation Public Defender - IT Systems Public Defender - Other Activities Public Fiduciary - Conservatorship Public Fiduciary - Decedent Services Public Fiduciary - Guardianship Public Fiduciary - Investigations Public Fiduciary - IT Systems Public Fiduciary - Other Activities Public Health - Clinical Services Public Health - Community Health Services Public Health - Community Supp./Education Public Health - Disease Control Public Health - IT Systems Public Health - Other Activities Recorder - Document Operations Recorder - IT Systems Recorder - Other Activities Recorder - Public Records Research & Reporting - IT Systems Research & Reporting - Other Activities Research & Reporting - Surveys Risk Management - Claims Risk Management - Environmental Risk Management - IT Systems Risk Management - Loss Control Risk Management - Other Activities Risk Management - Safety Special Projects and Public Outreach Svcs. Stadium District - Contracts Stadium District - Events Stadium District - Facilities Management Stadium District - IT Systems Stadium District - Other Activities Stadium District - Revenues Superior Court - Civil Justice Superior Court - Court Fin./Cash Handling Superior Court - Criminal Justice Superior Court - IT Systems Superior Court - Law Library Superior Court - Self Service Centers Sustainability Transportation - Engineering Transportation - IT Systems Transportation - Operations & Development 10

Transportation - Other Activities Transportation - Project Management Transportation - Traffic Management Treasurer - Accounting Treasurer - Client Services Treasurer - Investment Services Treasurer - IT Systems Treasurer - Other Activities Treasurer - Tax Services Waste Resources - Fees Waste Resources - IT Systems Waste Resources - Other Activities Waste Resources - Solid Waste Countywide Audit Areas Accounts Payable Annual Risk Assessment* Audit Follow-Up* Capital Improvements Cash Contracts* Contracts - Construction Contracts - Health Care Programs Contracts - IGAs/Other* Cost Allocation (Internal Service Funds) Data Centers/Disaster Recovery Data Privacy and Security E-Commerce Exit/Entrance - New Leadership Expenditures Financial Condition Report* Grant Management Internet Usage Inventories IT Governance Leases Network Security - Active Directory Network Security - End Point Network Security - Mobile Client Network Security - Virus Detection Network Security - Web Applications Network Security - Wireless OnBase Work Flow and Application Payroll Performance Measure Certification Procurement/Purchasing Purchasing Cards/e-Payments Records Retention Revenues - Franchise Fees Revenues - Grants Revenues - Highway User Revenue Funds Revenues - Licenses/ Permits/Fines Revenues - Property & Sales Tax/IGA Revenues - Vehicle License Tax Single Audit Monitoring* Software License Special Requests* Travel Vehicle Usage * On approved audit plan for both FY 2013 and FY 2014. 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information