29 June 2021

ON THE MESA CITY COUNCIL AGENDA: Proposed Audit Plan FY 2021/2022

Now that the first-half of 2021 is over with after tomorrow, what wasn't done for internal audits can get some overdue attention now.
Top FAQs for Internal Audits - BizzSecure
Looks like 'the time has been adjusted' and scheduled for a City Council Meeting on July 8, 2021
ITEM 2-a
__________________________________________________________________________________________
Proposed Audit Plan Fiscal Year 2021/2022 
( Page 1 of 2 )
Mission 
The City Auditor’s office provides audit, consulting, and investigative services to identify and minimize risks, maximize efficiencies, improve internal controls, and strengthen accountability to Mesa’s citizens. 
==================================================================
AN INSERT FROM AN EARLIER POSTS ON THIS BLOG
December 2020
FIRST LOOK: Mesa City Annual Financial Review Fiscal Year Ending June 2020 > Impact of Coronavirus Aid, Relief and Economic Security
This CAFR is an internal audit report prepared by the city's Financial Services Department that covers the first half of the calendar year and the end of the the fiscal year in June 2020 - four months into the COVID-19 Pandemic. We are now six months more into unpredictable stronger economic impacts that have destroyed the long-term prior planning strategies as well as the overall budget predictions, estimates and forecasts.
File #: 20-1230   
Type: Presentation Status: Agenda Ready
In control: Audit, Finance and Enterprise Committee
On agenda: 12/14/2020
Title: Hear a presentation, discuss, and provide a recommendation on the City's Comprehensive Annual Financial Report (CAFR) for Fiscal Year Ended June 30, 2020.
Attachments:

1. Presentation,

 2. 2020 CAFR

1 PRESENTATION:
2 2020 CAFR DOCUMENT  
11.8MB 191 Pages
Financial Services Department
14 December 2020
_____________________________________________________________________________
FOR THE INTEREST OF READERS OF THIS BLOG:
5 Ways Internal Audit Can Fail to Adequately Serve Its Organization
 
 
==================================================================
Four Ways to Get More Value from Your Internal Audits - The Auditor
Audit Plan Purpose and Considerations 
The Audit Plan is a Council-approved document which outlines the planned activities of the City Auditor’s office for the year. 
Factors considered when selecting audits may include: 
 Requests or suggestions received from the City Council or City Manager
 Statutory mandates and/or volume of regulations (highly regulated vs. unregulated)
 Prior audit history or lack thereof
 Activities commonly susceptible to fraud
 Complexity of operations, significant changes in operations, or high turnover
 Cash handling volume and number of locations
 Impact and likelihood of potential adverse events (risk management/control failures) 
 
The Audit Plan intentionally exceeds our capacity by approximately 20%, to provide flexibility to adjust the timing of a project to accommodate the needs of the client, while also managing our resources most efficiently. 
Audits which are not completed in the current year may be carried forward to the next year, as is the case with one of this year’s audits*. 
 
Audits Planned for FY 2021/2022 
Audit Subject Area Initial Objectives 
Understanding Premium Audits and Why Compliance Is Important | Zeiler  Insurance Services, Inc.
* Falcon Field - Leases 
Determine whether effective controls are in place to ensure revenues are accurately calculated, recorded, and collected; to prevent or detect errors, fraud, waste, or abuse, and ensure compliance with policies, statutes, and other applicable requirements. 
PRCF – Mesa Tennis Center 
Determine whether effective controls are in place to ensure all due fees and charges are accurately calculated, recorded, and collected. 
Police Department – Property and Evidence 
Determine whether effective controls are in place to ensure that property and evidence are properly documented, secure, and available when needed; and ensure compliance with applicable policies, statutes, and other requirements or recommended practices. 
Police Department – Criminal Investigations Case Management 
Determine whether effective controls are in place to ensure that cases are properly assigned, investigated, and disposed of in accordance with applicable policies, statutes, and other requirements
DoIT – Remote Access 
Determine whether effective controls are in place to ensure risks related to remote access to the City’s network are minimized and connectivity between the network and remote users is secure.
( Proposed Audit Plan Fiscal Year 2021/2022 Page 2 of 2)
 
Transportation – Street Maintenance 
Determine whether effective controls are in place to ensure proper maintenance of City streets in accordance with applicable policies, statutes, and other requirements
Services/Housing & Community Development – VASH Program 
Determine whether effective controls are in place to properly administer the Veteran Affairs Supporting Housing Voucher (VASH) program in accordance with applicable policies, statutes, and other requirements. 
 
FY 2020/2021 Work in Progress (as of 6/30/2021) 
 DoIT – Software/Application Management 
 Fleet – Parts Management 
 Business Services/Purchasing Division – Procurement Processes 
 Police Department – Badging/Security Access 
 PCI DSS 
Annual Review Follow-up Reviews Due in FY 2021/2022 
 PRCF – Convention Center Revenues 
 HR/Employee Benefits – Claims Admin. Contract 
 Transient Lodging Tax 
 Engineering – CMAR Projects 
 Engineering – JOC Projects 
 Police – Photo Safety Program 
 MFMD – Medical Transportation Services & Billing 
_____________________________________________________________________________________
The objective of each follow-up review is to verify that corrective actions 
agreed to in response to the audit were: 
1) Implemented as agreed
2) Effective in resolving the underlying audit findings 
 
Other Activities 
> Citywide Cash Audits 
Unannounced audits of cash handling sites citywide throughout the year. 
> Payment Card Industry Data Security Standards (PCI DSSReview 
   Annual review of payment card acceptance sites for PCI DSS compliance. 
> Fraud & Ethics Hotline Investigations 
Monitor the City’s Fraud & Ethics Hotline and conduct investigations when necessary
 
Consulting Services 
Provide independent consulting/advisory services
data collection
validation, or analysis
internal control reviews
risk analyses
financial statement reviews
etc. as needed. 
 
Unscheduled Audits 
As directed by the City Council or City Manager, conduct unscheduled audits, which may arise due to unforeseen circumstances.
__________________________________________________________________________________________
File #:21-0727   
Type:PresentationStatus:Agenda Ready
In control:City Council Study Session
On agenda:7/1/2021
Title:Hear a presentation, discuss, and provide direction on the proposed Audit Plan for FY 2021/22.
Attachments:1. Presentation,
2. FY 2021-2022 Audit Plan (Proposed)
 
PRESENTATION
City Auditor 
Proposed FY 2022 Audit Plan 
City Council Study Session July 1, 2021 
Joseph Lisitano, City Auditor
Audit Plan Overview:
• Current work in progress 
• Audits planned for FY 2022 
• Follow-up reviews due in FY 2022 
• Other activities
==============================================
• Current work in progress 
Current work in progress: 
• DoIT – Software/Application Management 
• Business Services/Purchasing – Procurement Processes 
• Fleet – Parts Management 
• Police – Badging Security Access 
• PCI DSS Annual Review
• Audits planned for FY 2022 
• Follow-up reviews due in FY 2022 
• Other activities
• Audits planned for FY 2022 
New audits: 
• *Falcon Field – Leases 
• PRCF – Mesa Tennis Center 
• Police Department – Property and Evidence 
• Police Department – Criminal Investigations Case Management 
*Carried over from FY21 Audit Plan
• DoIT – Remote Access 
• Transportation – Street Maintenance 
• Community Services/Housing & Community Development – VASH Program
 
• Follow-up reviews due in FY 2022 
Follow-up reviews: 
• *PRCF – Convention Center Revenues 
• *HR/Employee Benefits – Claims Admin. Contract 
• Transient Lodging Tax • Police – Photo Safety Program 
*Delayed in FY 21 due to COVID-19
• MFMD – Medical Transportation Services and Billing 
• Engineering – CMAR Projects 
• Engineering – JOC Projects
• Other activities 
Follow-up reviews: 
• MFMD – Medical Transportation Services and Billing 
• Engineering – CMAR Projects 
• Engineering – JOC Projects
• Citywide Cash Handling Audits (continuous) 
• PCI DSS Annual Review 
• Fraud & Ethics Hotline Investigations 
• Consulting (limited reviews, other projects, etc.) 
• Unscheduled Audits (if requested by City Manager or City Council)
Questions or changes?

No comments:

No comment