> Commission Home > Our Departments > Central Administrative Services > Office of Internal Audit > Internal Audit FAQs
Internal Audit FAQs
Here are some of the most frequently asked questions about the internal audit function at M-NCPPC.
What Is Internal Audit?
As defined by the Institute of Internal Auditors (IIA), "Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
What are the roles of internal auditors?Internal Auditors' roles include monitoring, assessing, and analyzing organizational risk and controls, and reviewing and confirming compliance with policies, procedures, and laws. Working in partnership with management, internal auditors provide the board, the audit committee, and executive management assurance that risks are mitigated and that the organization's corporate governance is strong and effective. When there is room for improvement, internal auditors make recommendations for enhancing processes, policies, and procedures."
The Office of Internal Audit exists by charter to assist M-NCPPC and the Audit Committee in effectively fulfilling their responsibilities. We are charged with examining and evaluating the policies, procedures, and systems which are in place to ensure: the reliability and integrity of information; compliance with policies, plans, laws, and regulations; the safeguarding of assets; and, the economical and efficient use of resources. In simpler words, we're here to help.
The Chief of Internal Audit (CIA) has a dual-reporting relationship. The CIA reports to the Commission’s Chair and Vice-Chair functionally, while reporting to the Executive Director administratively.
External auditors can be government auditors or independent public accounting firms that the agency hires. Independent public accounting firms review the annual M-NCPPC consolidated financial statements to ensure the information presented accurately portrays the agency's financial condition. Internal auditors sometimes look at the same data or perform some of the same steps as external auditors. If there is a problem, it's better to find it and fix it before external auditors review our practices.
Each year, the OIA performs a comprehensive risk assessment. With input from management and key stakeholders, audit risk areas, such as purchase card processes, information systems or facilities are identified. The OIA then decides which areas to audit based on the results of the assessment and the audit resources available. The final audit plan is approved by the Audit Committee.
Internal auditors primarily look for compliance with Commission policies and sound internal controls. By following these policies we help protect the agency from unnecessary risks and help ensure sound business practices are consistent throughout all departments. However, not all internal controls can be codified in policy. If we find control weaknesses, we make recommendations to implement a control, even though it may not be specifically required by policy.
We will make recommendations for improvement. The recommendations are realistic because we want you to implement them. It is the responsibility of management to weigh possible additional costs of implementing our recommendations in terms of benefits to be derived and the relative risks involved.
Yes! If you are concerned about an area in your department, we will try to make time for an examination of the area. (Please see Management Advisory Services for information.) We're also available to do presentations and training for your department.
We budget between 200 and 400 hours for a typical audit, depending on size and complexity. We normally have one auditor leading the audit, and auditors will sometimes have more than one audit in process at a time, so an audit could take from two to six months to complete.
The OIA is required to send all final audit reports to the Audit Committee and to the Commission’s Chair and Vice-Chair along with management’s complete written response received in connection with the draft audit report. The OIA will also provide a copy of the final audit report to each Appointed Officer of the M-NCPPC and the affected Department Director(s).
The Generally Accepted Government Auditing Standards (GAGAS) by the Government Accountability Office states that each audit organization performing audits in accordance with GAGAS must have an external peer review at least once every 3 years.
M-NCPPC has a confidential hotline. The system is anonymous for reporting illegal and unethical activities. Call toll-free at 1-800-363-5524 or visit http://www.reportlineweb.com/mncppc.
If you contact us directly, your identity will be kept confidential within the legal limits of the law. We will not reveal our sources to the person being investigated; and we always try to corroborate any accusations with our own observation.