|
In 2000, the newly elected Executive, James B. McCarthy, sponsored legislation to create an Audit Committee and Internal Audit Department to oversee the operations and performance of the County as a whole. The voters, by a resounding majority, approved it.
DIn Atramento Internal Audit Department The Summit County Internal Audit Department (IAD) officially hung out its shingle and opened for business on July 29, 2002. The Director and his assistant walked into their new office accompanied by maintenance men who told them to be careful not to touch the walls because the paint was still wet. Two desks lay on the floor in pieces. No chairs were to be found. This pretty much set the tone for the first few months of work. The department was on their own – setting out on an adventure to learn about Summit County, one of the largest counties in Ohio. They ordered supplies, put up pictures, signed forms for network/email access (even though they didn’t have computers) to get the department up and running.
Fast forward, two years—at the 12/17/04 Audit Committee meeting, Bernard Zaucha, IAD Director, informed the Committee that Summit County Internal Audit Department will proudly celebrate its three year anniversary as a County department in February 2005. What we had accomplished in that short time period was phenomenal. The IAD conducted a Countywide risk assessment and performed 18 preliminary audits to date, along with 11 special projects and 11 follow-up audits.
Countywide Risk Assessment
To begin life as a department that was looked upon by the County as independent and accountable only to the Audit Committee, we decided to perform a Countywide risk assessment in conjunction with an outside auditing firm.
Risk Assessment is a process used to assign a number or score to potential audit areas based upon specific risk factors related to an auditee’s operations, internal controls, and liability to the County. Dollar amounts of budgeted expenditures, complexity of transactions, time since the last audit, management experience and compliance with laws and regulations are some examples of specific risk factors used to formulate the risk assessment model and audit plan. Forty (40) governmental entities were identified during the risk assessment and were incorporated into an audit plan.
Preliminary (Snapshot) Audits
Due to the nature of the many and varied risks identified in the risk assessment, it was determined that the best way to ascertain and address the highest risks in the shortest time possible was to perform a high level review of the operations of each of the identified audit population and called them “snapshot” audits. IAD anticipated developing comprehensive internal audit programs in conjunction with the preliminary audit reviews and to begin to stock the shelves of its permanent file library.
IAD’s goal in performing these reviews has been:
- To address internal control implementation and management;
- To encourage development of department-specific policies and procedures;
- To review current or recommend development of new disaster recovery plans and make recommendations on best practices; and
- To address the numerous security issues inherent in a government workplace.
Follow-up Audits
IAD began the follow-up reviews approximately six months after the snapshot audits were completed to monitor the progress of management’s action plans.
Internal Controls
We have mentioned “internal controls” several times and would like to explain what they are and why they are important. The professional organization formed to examine fraudulent financial reporting and make recommendations for improvement was COSO (sponsored by five major professional associations in the United States, the American Accounting Association, American Institute of Certified Public Accountants, Financial Executives International, The Institute of Internal Auditors, and the Institute of Management Accountants website). COSO defines internal control as:
…a process, affected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
- Effectiveness and efficiency of operations.
- Reliability of financial reporting.
- Compliance with applicable laws and regulations.
What Internal Control Can Do
- Help an entity achieve its performance and profitability targets
- Prevent loss of resources
- Help ensure reliable financial reporting.
- Help ensure that the enterprise complies with laws and regulations
- Avoid damage to its reputation and other consequences
- Help an entity get to where it wants to go, and avoid pitfalls and surprises along the way.
Support Resource
The Audit Committee was informed that we would like the department to become more involved as a supporting player of the County, rather than a police force. The IAD can offer departments assistance with reviewing functions and processes and recommending solutions in such areas as:
- Internal Controls
- Information Systems
- Strategic Planning
- Cash Handling
- Segregation Of Duties
- Purchasing
- Payroll
- Internal Audit Functions
- Cost Benefit Analysis
- Strategic Planning
- Due Diligence
- Project Management
- Other Management Areas
These value-added solutions, in addition to audit services, provide departments and agencies with information on strong business principles, best practices, and models for use where applicable in Countywide operations.
|
