The URL can be used to link to this page

Home My Public Portal About151.2 - Executive Offices - City Attorney's Office - Office of Audit Services and Management Support PolicyExecutive Offices Office of Audit Services and Management Support Section 151.2 Policies and Procedures Manual Page 1 151.2 SUBJECT: POLICY - OFFICE OF AUDIT SERVICES AND MANAGEMENT SUPPORT :1 OBJECTIVE: Provide an explanation of the audit services and management support function. :2 AUTHORITY: This procedure amended by City Council amended July 9, 2007, Item A-2; amended January 28, 2013, Item A-3; amended March 11, 2019, Item A-1. :3 DIRECTION: The Audit Services and Management Support Director, as an appointed official, serves at the pleasure of, and receives direction from the Mayor. FUNCTIONS: A. Role and Responsibilities 1. Audit Services and Management Support performs independent, objective assurance (i.e., audit) and advisory (i.e., consulting) activities designed to add value and improve the City’s operations. It helps the City of Orlando accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. 2. The fundamental objective of Audit Services and Management Support is to assist City managers to discharge their responsibilities effectively. This objective is met by furnishing City management with analyses, appraisals, and recommendations concerning the activities reviewed. 3. Audit Services and Management Support meets its objective by performing audits and consulting services, as described herein. Audits will be conducted in accordance with the International Standards for the Professional Practice of Internal Auditing (Standards). Any variances from these standards will be documented. B. Independence and Objectivity 1. The Office of Audit Services and Management Support shall be organizationally independent as defined by the standards. The Office Director is responsible directly to the Mayor for the performance of audits and consulting services and for the independent reporting of findings and recommendations. 2. City Code Chapter 2 Article XVII created the Audit Board to advise the City Council on financial and audit matters. The Audit Board is comprised of five members appointed by the Mayor and confirmed by City Council. The Audit Board meets periodically with the Office Director and other City officials. Its purpose and duties are defined in City Code and further described in the Procedures of the Audit Board. Each employee assigned to Audit Services and Management Support should be independent and objective in performing his or her work. Office staff shall have an impartial, unbiased attitude and avoid conflicts of interest. If independence is impaired, this fact will be disclosed as required by the standards. C. Scope 1. Audit Services and Management Support’s scope of operations encompasses every phase and sector of City operations. This requires going beyond the Executive Offices Office of Audit Services and Management Support Section 151.2 Policies and Procedures Manual Page 2 accounting and financial records to obtain an understanding of the operations under review. 2. Audit Services and Management Support must have full access to all City of Orlando records, properties, and personnel. Accordingly, all officers and employees of the City shall furnish to Audit Services and Management Support any information and records within their custody and respond to any questions regarding powers, duties, activities, organization, property, financial transactions, and methods of business. In addition, access shall be provided by all employees of the City for the inspection of all City property, equipment, and facilities within their custody and to observe any operations for which they are responsible. The confidentiality of information gathered is subject to the public records laws of the State. Florida Statutes section 119.0713 2(b) states that audit working papers and notes related to audits are confidential until the audit is completed and the report becomes final or when an investigation is no longer active. After the report is finalized, whether the document is a public record will depend on other applicable laws. D. Role of City Management 1. Each Department Director, Division Manager, and Office Head is responsible for instituting and maintaining a system of internal controls over his or her area of responsibility. Internal controls include the processes and procedures for planning, organizing, directing and controlling City operations, and the systems put in place for measuring, reporting, and monitoring program performance. Internal control procedures should be designed to provide reasonable assurance that a program is effective and efficient, that operational information about the program is valid and reliable, that program implementation is consistent with applicable laws, regulations, contract provisions and grant agreements and that assets and resources utilized are safeguarded. 2. Audit Services and Management Support is charged with periodically appraising the soundness of these controls and testing to determine whether they are operating as intended. Internal control objectives that are significant within the context of the audit objectives should be assessed and tested to determine whether specific internal control procedures have been properly designed and placed in operation. E. Relations with City Management Audit Services and Management Support will inform the Chief Administrative Officer, Chief Financial Officer, City Attorney or Chief of Staff (collectively, Executive Management) as well as the appropriate Department Directors, Office Heads and/or Division Managers of the nature and purpose of an audit or non-audit service before beginning. F. Planning Executive Offices Office of Audit Services and Management Support Section 151.2 Policies and Procedures Manual Page 3 1. Audit Services and Management Support shall, on an annual basis, develop a risk-based plan of operations to determine its priorities, consistent with the City of Orlando’s goals. This will be given to the Audit Board for review and comment and submitted to the Mayor for approval. 2. The plan shall include identification of each project to be conducted in terms of the programs, functions, and activities to be reviewed. In the event Audit Services and Management Support receives a request to perform an audit or consulting service not included in the annual plan of operations, the Office Director will consider accepting such request based on the staff resources available and whether the review will add value and/or improve the City’s operations. The projects accepted will be added to or substituted for a project in the annual plan of operations. In addition, the annual plan of operations may be amended during the year at the direction or the approval of the Mayor. G. Types of Audit Services 1. Revenue Audits These include audits of external entities to determine their compliance with City ordinances and agreements and to determine whether they have remitted the proper revenue due to the City. Included in these audits are applicable businesses, entities, or other government organizations that provide City residents and businesses with taxable services or that collect revenues on behalf of the City. Taxable services may include, but are not limited to solid waste disposal, and water, electric, and gas utilities. These businesses, entities or other government organizations are responsible for remitting to the City a tax, franchise fee or other payment based on sales to their City customers or on some other method. Such audits are intended to ensure that the businesses, entities or other government organizations are properly remitting these taxes and fees to the City on a timely basis. 2. Performance Audits These are periodic audits that include a review of Department, Division or Office procedures and operations to address: a) The effectiveness of a program or activity and whether it is achieving its goals and objectives; b) The economy and efficiency of a program or activity, including whether it is acquiring, protecting and using its resources in the most productive manner. c) The adequacy and functionality of the internal controls established by a program or activity to support the accomplishment of its mission, goals and objectives; and d) The conformance of the operations of a program or activity to applicable laws, regulations, policies, and industry standards in all material respects. 3. Financial Audits Executive Offices Office of Audit Services and Management Support Section 151.2 Policies and Procedures Manual Page 4 The primary purpose of a financial audit is to determine whether an entity’s financial statements are presented in conformance with generally accepted accounting principles (GAAP) or using a basis of accounting other than GAAP. Financial audits may include providing special reports for portions of financial statements or reviewing interim financial information. The Office assists the external auditors to conduct the annual external audit required by City Code Article VI Section 2.33. The Office will also perform financial audits upon request by City officials. 4. Fraud Assessment and Investigations The principal mechanism for deterring fraud is internal control. Primary responsibility for establishing and maintaining internal control rests with City management. In planning its audits, Audit Services and Management Support will assess the risks of potential significant fraud within the context of its audit objectives. This will include discussions between management and members of the audit team about potential fraud risks and the opportunity for fraud to occur. Audit procedures will be designed based on this assessment. Any allegations of wrongdoing or fraud should be reported by City management and other personnel to Audit Services and Management Support. When fraud is suspected, an independent investigation may be performed as provided in Section 151.3. Information Systems (IS) Audits Whenever possible, use of the latest information systems technology will be utilized to perform audit activities most efficiently. In addition the following types of IS audits may be performed: a) Existing Applications - These audits are performed to determine that existing computer applications function in an accurate and efficient manner, and include adequate internal controls. b) New Applications - These are reviews of new computer applications to help ensure that internal controls of the application being developed are adequate. Participation may include a review of the system development methodology and the effectiveness and efficiency of the system being implemented. It may also include a review of the new system to determine whether there are features in the system that would improve the ability to audit it after implementation. Primary responsibility for sound internal controls over systems being developed rests with the sponsor and the implementation committee. The sponsor is generally the person most familiar with the operational and internal control objectives of the new system. Audit Services and Management Support staff may participate as independent advisors with the implementation committee. This independence is necessary so that the application may be audited objectively after implementation. Executive Offices Office of Audit Services and Management Support Section 151.2 Policies and Procedures Manual Page 5 c) General Controls Review - These include a review of IS controls which affect all computer applications. Examples of areas that may be reviewed include computer security, disaster recovery, program change controls, and quality control procedures. 5. Compliance Audits These are audits that may be performed to ensure compliance with Federal or State laws and/or the requirements of Federal or State grants. H. Types of Consulting Services All consulting services provided by Audit Services and Management Support will be documented as such in advance. This documentation will include the objectives of the consulting service engagement, the scope of work, and any deliverables. Audit Services and Management Support will also document its consideration of a possible effect on its ability to perform any ongoing, planned or future audits of the area under review, as more fully described in the standards. Any reports resulting from consulting services will specifically state that the report is not an audit. The following are explanations of the types of non-audit services provided by the Office of Audit Services and Management Support: 1. Special Reviews These consulting services are carried out in conformance with the specifications of the requesting party. A Special Review may include an assessment of a particular function or activity of an Office, Department, or Division. In these instances, the level of involvement by Audit Services and Management Support is limited and does not rise to the level normally experienced in an audit. For example, Special Reviews might be undertaken to advise management on specific and limited operational, organizational or performance questions. Such activities include evaluating/analyzing organizational units, structures, functions or systems. Special reviews often result in a report. 2. Advisory Services These are consulting services where Audit Services and Management Support is asked to provide information or data to a requesting party without providing verification, analysis or evaluation of the information or data. The work does not usually provide a basis for conclusions, recommendations or opinions on the information or data. These services may or may not result in the issuance of a report. I. Request for Assistance City departments requiring the assistance of Audit Services and Management Support should direct all such requests to the Office Director who will determine whether the requested assistance can be provided and when it can be scheduled. J. Reports Executive Offices Office of Audit Services and Management Support Section 151.2 Policies and Procedures Manual Page 6 1. An “Exit” conference will be held with the top level of management and appropriate staff of the area reviewed to discuss the identified issues and related recommendations. 2. After the Exit conference, it is the responsibility of the assigned staff to develop an original draft of the report. The report is to communicate, in a clear and concise manner, the objectives, scope, methodology, and significant issues and recommendations to management. Its preparation should be of the highest quality in every detail as to substance, form, and content, as well as wording and punctuation. If the report is an audit, it will state whether it was made in accordance with the standards. 3. The Office Director is responsible for reviewing the original draft and making changes deemed appropriate. The resulting draft will normally be submitted to the management of the function being audited. 4. Official written responses to specific report recommendations are requested from management to be included in the issued report. The responses should include the degree of agreement or acceptance of each recommendation. The preferred methods follow: a) "Concur." Management is in full agreement with the recommendation; b) " Partially Concur." Management is in agreement with a portion of the recommendation; and c) " Do Not Concur." Management is in total disagreement with the recommendation. Management of the area reviewed is requested to provide an action plan including details of the management actions taken/to be taken along with actual/target implementation dates. The responses should be forwarded to Audit Services and Management Support after obtaining the responsible Department Director’s concurrence with the proposed action plan. 5. Two weeks are usually allowed for management to provide written responses to the recommendations. If management does not provide responses in the requested timeframe, the report may be issued without responses at the discretion of the Office Director. K. Report Distribution The normal report distribution will be to the Mayor, Chief of Staff, City Attorney, Chief Administrative Officer, Chief Financial Officer and senior management (Office Head, Division Manager, Department Director). Any other City programs (areas) identified in the report may be included in the distribution. L. Follow-up 1. Within twelve months of issuance of a report, Audit Services and Management Support will notify management of its responsibility to report the status of its action plan included in the original report. Executive Offices Office of Audit Services and Management Support Section 151.2 Policies and Procedures Manual Page 7 2. Management shall report the status of the action plan to Audit Services and Management Support for review and distribution to the original report recipients. The report generally shall be in a matrix format and may include comments regarding the implementation status of the recommendations. 3. Audit Services and Management Support will review the status report submitted by management to determine unfulfilled actions or whether additional follow-up may be needed. 4. Once per year, Audit Services and Management Support shall report any management actions that have not been implemented to City Executive Management. M. Ethics Audit Services and Management Support is relied upon by management in fulfilling its stewardship obligation and, therefore, office personnel must maintain high standards of conduct, honor and character so that credibility and integrity are not open to question. All auditors will subscribe to the Codes of Professional Ethics and Standards as promulgated by the Institute of Internal Auditors and the American Institute of CPAs as applicable. N. Records Retention Audit Services and Management Support shall retain for the required number of years a complete file of each audit and consulting service report made under its authority in accordance with the Florida records retention law. The file should include audit work papers and other supportive material directly pertaining to the report. :5 FORMS: None. :6 COMMITTEE RESPONSIBILITIES: None. :7 REFERENCE: This procedure adopted by City Council March 31, 1980, Item 16 (as Section 115.2); amended June 28, 1982, Item 21; amended August 15, 1983, Item 8A-16; amended October 21, 1991, Item 2/G; amended April 19, 1993, Item VV; amended August 11, 1997, Item 6-A; amended January 24, 2000, Item 4LL, amended November 26, 2001; amended August 9, 2004, Item A4; amended July 9, 2007, Item A2; amended January 28, 2013, Item A-3. :8 EFFECTIVE DATE: This procedure effective March 11, 2019.