All projects are unique. However, our typical process consists of three phases:
The purpose of the preliminary assessment is to gain an understanding of the program or activity being reviewed. We look at written procedures, memoranda, organizational charts, budgets, and any other source documents that may describe the activity. We interview staff and collect information to identify potential areas of risk and then develop an audit program. We try to identify some of the major risks associated with the activity while assessing the internal controls that management has in place to mitigate those risks.
During this phase the audit team gathers evidence and performs testing procedures. Auditors use numerous techniques including observing, interviewing, sampling, analyzing, and verifying.
All findings are discussed with management throughout the process. Findings are then consolidated to present to management in a formal draft report. The findings include the condition (what is), criteria (what should be), cause (what happened), effect (why is this important), and recommendations. The members of city management directly responsible for affecting changes as recommended in the draft report are given the opportunity to review the draft report and to prepare a written response to each of the findings. Management's responses are then included in the written report. The draft report is then presented to the Mayor and any other committees or associations that are in charge of the department being reviewed. Finally the report is presented to the City's Audit Committee and published on the City's website as a final public document.