City of Mesa
Home MenuAudit Plan
Mission: The City Auditor’s office provides audit, consulting, and investigative services to identify and minimize risks, maximize efficiencies, improve internal controls and strengthen accountability to Mesa’s citizens.
Audit Planning Process: The Audit Plan is a Council-approved document which outlines the planned activities of the City Auditor’s office for the year. It is developed based on a combination of key risk factors, as well as direction provided by the City Council and City Manager. Changes in scope or complexity of individual audits, or other unforeseen circumstances, may impact our ability to complete all work on the plan. Factors considered when selecting audits may include:
- Requests and/or Suggestions received from the City Council or City Manager
- Statutory mandates and/or regulation levels (highly regulated vs. unregulated activities)
- Prior audit history or lack thereof
- Complexity of operations or significant changes in operations or organizational structure
- Technological advances or challenges
- Cash handling volume and number of locations
- Impact & likelihood of potential adverse events (risk management/control failures)
- Activities commonly susceptible to fraud
The Audit Plan intentionally exceeds our capacity by approximately 20%, in order to provide flexibility to adjust the timing of a project to accommodate the needs of the client, while also managing our resources most efficiently. It also lets us adapt to changing circumstances and priorities during the year. If necessary, audits may be carried forward to the next Plan year, as is the case with three* of this year’s audits.
|
FY 2020/2021 Audits |
|
|---|---|
|
Audit Subject |
Initial Objectives |
|
*Business Services/Purchasing Division – Procurement Processes
|
Determine whether effective controls are in place to prevent or detect errors, fraud, waste, or abuse, and ensure compliance with policies, statutes, and other applicable requirements. |
| *DoIT - Software/ Application Management | Determine whether effective controls are in place to ensure all applications used to conduct City business are licensed, inventoried, and meet City IT security standards. |
| *Engineering – Job Order Contracting (JOC) |
Determine whether JOC projects are administered in accordance with established criteria; and whether there are effective internal controls to prevent or detect errors, fraud, waste, or abuse. |
| Police Department - Badging/Security Access | Determine whether effective controls are in place to ensure that building/suite access is managed appropriately to prevent unauthorized access to City facilities. |
|
Falcon Field - Leases |
Determine whether effective controls are in place to ensure revenues are accurately calculated, recorded, and collected; to prevent or detect errors, fraud, waste, or abuse, and ensure compliance with policies, statutes, and other applicable requirements. |
|
|
|
FY 2019/2020 Work in ProgressAs of 6/30/2020 |
|
|
|
|
Follow-Up Reviews Due in FY 2019/2020 |
|
| Audit Subject | Initial Objectives |
|
The objective of each follow-up review is to verify that corrective actions agreed to in response to the audit were: 1) Implemented as agreed; and 2) Effective in resolving the underlying audit findings. |
Other Activities |
|
| Activity | Description |
| Citywide Cash Audits | Unannounced audits of cash handling sites citywide are conducted throughout the year. |
| Payment Card Industry Data Security Standards (PCI DSS) Operational Review |
Annual review of payment card acceptance sites for PCI DSS compliance. |
| Fraud & Ethics Hotline Investigations |
Monitor the City’s Fraud & Ethics Hotline and conduct investigations when necessary. |
|
|
Provide independent consulting/advisory services; data collection, validation and/or analysis; internal control reviews; risk analyses; financial statement reviews; etc. as needed. |
| Unscheduled Audits |
As directed by the City Council or City Manager, conduct unscheduled audits, which may arise due to unforeseen circumstances. |