Audit

Audit and accounting are closely related, but very different in nature. Unlike accounting which collects large quantities of financial data and summarizes it into understandable portions; audit evaluates the completeness, compliance and utility of the information accounting assembles. Audit is investigative, emphasizing proof, and support for financial data. It is rooted in logic, not necessarily math. In short, accounting tells you what happened, auditing tells you if it is complete and makes sense.

Annual Audit Plan

External Quality Assessment of Internal Audit Activity – April 2017

Internal Audit

Internal Audit provides reliable and objective evaluations as well as business and financial advisory services to the Board of Supervisors and County management. Under the direction of the elected County Auditor-Controller, Internal Audit is able to maintain independence from the Board of Supervisors ensuring greater transparency and impartiality.

Each year the Internal Audit Division prepares an annual Risk Assessment and Internal Audit Plan which is reviewed by the Audit Oversight Committee. The Audits to be conducted within the Annual Audit Plan are determined by the Director of Internal Audit. In addition, The Auditor-Controller has the authority to conduct an Audit of any County department at will if there is cause for concern or if a credible accusation is made via a whistleblower.

Audit Reports

Legally Mandated Audits

The Internal Audit Division performs the Auditor-Controller’s legally mandated Audits required by the Government Code. These include quarterly reviews and an annual Audit of the Treasury Statement of Assets, the biennial Audit of the Probation Department’s books and accounts, monitoring of Special District financial statements, and investigation of cash losses reported by County management.

Monitor Treasurer Investment Portfolio

At the request of the Treasury Oversight Committee, Audit has the additional responsibility for monthly monitoring of the investment portfolio for compliance with the Investment Policy Statement. The Auditor-Controller is responsible for risk identifcation and establishing and maintaining a system of internal controls. This Unit helps to meet that mandate by providing vital auditing and internal control services to Auditor-Controller management, which assists the Auditor-Controller in meeting its departmental objectives.

Internal Controls Audit

The objective of the Internal Control Audit (ICA) team is to review business processes and information technology to ensure County assets are safeguarded from fraud, waste, and abuse and to evaluate opportunities for improvement. The ICA Team provides professional services to County executives and management to: (1) evaluate the adequacy of internal controls over various business cycles and processes (e.g., cash receipts), (2) review compliance with applicable laws and regulations, and (3) improve effectiveness and efficiency of business operations.

Our audits are conducted in conformance with the International Standards for the Professional Practice of Internal Auditing prescribed by the IIA. Also, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Controls – Integrated Framework Principles is applied in audits to evaluate departmental application of the framework’s five components of internal controls (control environment, risk assessment, control activities, information & communication, and monitoring activities) inclusive of 17 control principles and 77 points of focus.

Information Technology Audits

The Cybersecurity threat landscape is poised to grow in size and complexity especially with the advent of web based applications, Cloud computing, and transformation of business processes with remote connectivity to the Internet. It is critical that the County recognizes emerging threats and continuously evaluates its IT infrastructure security posture. Internal Audit attends the Countywide Cybersecurity Joint Task Force as a key advisory member to IT Executive Council on all matters of Cybersecurity policy, procedure development, implementation, and enforcement.