The Maryland-National Capital Park and Planning Commission
 > Commission Home > Our Departments > Central Administrative Services > Office of Internal Audit > Internal Audit Services Provided

Internal Audit Services Provided

Types of Services


An audit is an examination and analysis of an organization, program, function or activity. Our audits are performed in accordance with Generally Accepted Government Auditing Standards (GAGAS), issued by the Government Accountability Office. The OIA completes several different types of audits.

Planned/Performance Audit
A key operational objective of the OIA is the completion of our current audit work plan. The work plan is developed through a periodic risk assessment of all areas of the Commission. These areas, collectively, are known as the “Audit Universe” and include components such as major mission processes, organizational units, major activities, systems, and programs.

A performance audit (or planned audit) refers to a comprehensive examination of a facility, operating unit, or activity/process to evaluate its internal controls.

Investigative Engagement
An investigative engagement is an audit to investigate an intentional breach of a legal or equitable duty or the violation of federal, state, local laws or M-NCPPC policies which results in damage to the Commission in any way, including without limitation, the misappropriation of any M-NCPPC property/resources including cash.

In cases where fraud is suspected or proven, the OIA has responsibility to investigate the matter in accordance with Commission Practice 3-31, Fraud, Waste, & Abuse.

Commission management may also request a special investigative engagement to assure specific policy and procedures are being completed, (e.g. review of purchase card transactions, surprise petty cash counts, etc.)

Information Technology Audits
Information Technology (IT) audits are conducted in accordance with generally accepted IS audit standards and guidelines to ensure that the Commission’s information technology and business systems are adequately controlled, monitored, and assessed.

These controls assist in providing for the confidentiality, availability, and integrity of organizational systems, processes, and information, irrespective of specific hardware, software, or business process utilized.

When appropriate the OIA follows Information Technology – Security Techniques – Code of Practice for Information Security Management (ISO/IEC 27002).

Follow-Up Audit
At the completion of an audit, the follow up phase begins. During this phase an auditor from the OIA determines if planned corrective actions, recommended during the audit, were implemented by Management.

Commission management provides implementation dates for corrective actions at the end of the audit. After the implementation date, an auditor contacts appropriate personnel and establishes times to review completed corrective actions. The auditor evaluates the corrective action, reviews procedural changes and performs limited testing, as applicable, to determine if the action taken addresses the concern presented in the report.

Back to Top

Management Advisory Services

Apart from the ongoing audit services, OIA strives to become a key advisor for Commission management.  In this role, auditors help to disseminate good ideas and prevent potential problems from becoming actual ones.  Through their understanding of the Commission’s environment and applicable procedures and governance, the audit staff is available for consultations on interpretations of procedures or for performance of other objective analysis or measurement.

As part of its advisory services, OIA is available to assist management in the planning, design, or implementation of new systems or organizational restructuring within their departments.  OIA can also assist managers in advising and interpreting Commission policies and suggest appropriate departmental procedures which would ensure compliance with those policies.

The depth of these reviews vary significantly resulting in a variety of presentations of the results including a short phone call or email message, a short memorandum, or an extensive memorandum that includes various recommendations.

Back to Top 


OIA staff is available to assist units in meeting their training objectives.  Samples of topics covered include petty cash, and ethics, fraud, waste & abuse.
If you would like OIA to assist in training, please contact the Chief Internal Auditor.

Back to Top