Audit Plan

Audits

Audit Plan Purpose & Considerations: The Audit Plan is a Council-approved document which outlines the planned activities of the City Auditor’s office for the year. It is developed based on a combination of key risk factors, as well as direction provided by the City Council and City Manager. Changes in scope or complexity of individual audits, or other unforeseen circumstances, may impact our ability to complete all work on the plan. Factors considered when selecting audits may include:

  • Requests and/or Suggestions received from the City Council or City Manager
  • Statutory mandates and/or regulation levels (highly regulated vs. unregulated activities)
  • Prior audit history or lack thereof
  • Activities commonly susceptible to fraud
  • Complexity of operations or significant changes in operations or organizational structure
  • Technological advances or challenges
  • Cash handling volume and number of locations
  • Impact & likelihood of potential adverse events (risk management/control failures)

The Audit Plan intentionally exceeds our capacity by approximately 20%, to provide flexibility to adjust the timing of a project to accommodate the needs of the client, while also managing our resources most efficiently.

Audits Planned for FY 2024/2025

 Area Description
* Human Resources – Hiring & Recruitment Practices Determine whether Human Resource’ hiring and recruiting practices are consistent with industry standards and are sufficient to comply with applicable policies, statutes, and other requirements.
* City Attorney – VOCA Program Determine whether effective controls are in place to properly administer the Victims of Crime Act Crime Victim Assistance Program in accordance with applicable policies, statutes, and other requirements.
* City Clerk – Public Record Requests Evaluate the effectiveness of the public records request process administered by the City Clerk’s Office to comply with applicable policies, statutes, and other requirements.
* Police Department – Mental Health Services Team Evaluate the internal controls of the Mental Health Services Team and determine whether they are operating effectively in accordance with applicable policies, statutes, and other requirements.
* Water Resources – Annual Ordering and Reporting Review the processes and procedures in place for the Water Resources Department’s annual water ordering and reporting process to ensure compliance with applicable polices, statutes, other requirements; and identify any potential efficiencies with the ordering and reporting process.
Police Department – Off-Duty Employment Program Evaluate the internal controls over off-duty employment to ensure internal controls are in place and operating effectively to ensure compliance with applicable policies and are adequate to monitor the program.

* These audits were not completed during the previous audit period and will be carried forward to this year’s audit plan.

FY 2023/2024 Work in Progress

(as of 6/30/2024)

Area
Objectives
Police Department – Criminal Investigations Case Management Determine whether effective controls are in place to ensure that cases are properly assigned, investigated, and disposed of in accordance with applicable policies, statutes, and other requirements.
DoIT - Cybersecurity
Determine whether effective controls are in place that would help prevent, deter, and/or respond to cyberattacks.
DoIT - Remote Access
Determine whether effective controls are in place to ensure risks related to remote access to the City’s network are minimized and connectivity between the network and remote users is secure.
Citywide - Take Home Vehicles
Determine whether effective controls are in place to ensure that employee use of city-owned vehicles is done in accordance with applicable policies, statutes, and other requirements.
Citywide - Special Pay Programs
Determine whether effective controls are in place to ensure that special pay programs are administered and approved in accordance with applicable policies, statutes, and other requirements.
Citywide - Intergovernmental Agreements Cost Recovery
Determine whether effective controls are in place for select City of Mesa intergovernmental agreements to ensure costs are recovered in accordance with the applicable agreement and any other applicable policies, statutes, and other requirements.
Engineering / Financial Services - Community Facilities Districts
Determine whether issued bonds for the City’s Community Facilities Districts were used to only reimburse projects in compliance with applicable policies, statutes, and other requirements.
Engineering - ASU Facilities at Mesa City Center Post-Construction
Determine the City’s total cost incurred, and funding sources used, for design, construction, and any related capital improvements for the Arizona State University Facilities as Mesa City Center.
Arts & Culture - Mesa Arts Center Revenues
Determine whether effective controls are in place to ensure all due fees and charges are accurately calculated, recorded, and collected. The audit may also include other operational and contract performance objectives.

Follow-up Reviews Due in FY 2024/2025

The objective of follow-up reviews is to ensure that corrective action plans that were agreed to in response to the audit were implemented as agreed and effective in resolving the underlying audit findings. The following follow-up reviews are due in FY 2024/2025:

  • DoIT – Software/Application Management
  • Police Department – Badging/Security Access
  • Transportation Department – Street Maintenance

Other Activities

In audition to audits, the City Auditor also performs the following activities:

  • Biennial Citywide Cash Handling Audits – Unannounced audits of cash handling sites throughout the year. Report issued every two years.
  • Annual Credit Card Security Review – Annual review of payment card acceptance sites for PCI DSS compliance.
  • Fraud & Ethics Hotline Investigations – Monitor the City’s Fraud & Ethics Hotline and conduct investigations when necessary. Issues can be reported at speakupmesa.com or 1-866-820-7812.
  • Consulting Services – Provide independent consulting/advisory services; internal control reviews, risk analyses; financial statement reviews; etc. as needed.
  • Unscheduled Audits – As directed by the City Council or City Manager, conduct unscheduled audits, which may arise due to unforeseen circumstances.