The Maryland-National Capital Park and Planning Commission

The Audit Process

The audit process is generally an eleven step procedure as outlined below. Please click through the steps in order to better understand the process.


The management of the area to be audited receives an announcement letter which summarizes the scope and objective of the audit and the auditor(s) assigned to the project. This letter signals the starting of the fieldwork phase of the audit.

Back to Top


Before the opening meeting the in-charge auditor will take the necessary steps to learn about your facility/unit.   The in-charge auditor may send you a preliminary checklist. This is a list of documents (e.g. organization charts, financial statements) that will help the auditor learn about your unit before planning the audit.
After reviewing the information, the auditor will plan the review, conduct an engagement risk assessment, draft an audit plan, and schedule an opening meeting.

Back to Top

Risk Workshop

If appropriate, the Chief Internal Auditor and the in-charge auditor will plan and conduct a risk workshop.  Risk workshops are typically conducted for facility reviews.  The purpose of the risk workshop is to:

  • Assist the in-charge auditor in assessing inherent risks (impact and likelihood) and identifying controls for the unit
  • Assist the in-charge auditor in developing audit scope
  • Raise risk awareness with unit management and personnel in understanding the risks and controls applicable to the facility
  • Provide a tool for unit management to begin a risk management process for their respective areas

Back to Top

Opening Meeting

The opening meeting should include senior management and any administrative staff that may be involved in the audit. During this meeting, the scope of the audit will be discussed. You should feel free to ask the auditors to review areas that you are concerned about. The time frame of the audit will be determined, and you should discuss any potential timing issues (e.g. vacations, deadlines) that could impact the audit. It doesn't take as much of your time as you might expect!

Back to Top


After the opening meeting, the auditor will finalize the audit plan and begin fieldwork. Fieldwork typically consists of talking with staff, reviewing procedure manuals, learning about your business processes, testing for compliance with applicable Commission policies and procedures and laws and regulations, and assessing the adequacy of internal controls. You should make your staff aware that the auditor will be scheduling meetings with them.

Back to Top


Throughout the process, the auditor will keep you informed, and you will have an opportunity to discuss issues noted and the possible solutions.

Back to Top

Report Drafting

After the fieldwork is completed, the auditor will draft a report. The report consists of several sections and includes: the distribution list, the follow-up date, a general overview of your facility/unit, the scope of the audit, the overall conclusion, and detailed commentary describing the findings and recommended solutions. You should read the draft report carefully to make sure there are no errors. If you find a mistake, inform the auditor right away so that it can be corrected before the final report is issued.

Back to Top

Management Response

Once the report is finalized, we will request your management responses. The response consists of 3 components: whether you agree or disagree with the problem, your action plan to correct the problem, and the expected completion date.

Back to Top

Closing Meeting/Exit Conference

A closing meeting will be held so that everyone can discuss the audit report and review your management responses. This is an opportunity to discuss how the audit went and any remaining issues.You will be asked to complete a survey assessing OIA’s performance.  Please take the time to complete, feedback is important to us, since it can help us improve the audit process.  Link to survey

Back to Top

Report Distribution

The OIA is required to send all final audit reports to the Audit Committee and to the Commission’s Chair and Vice-Chair along with management’s complete written response received in connection with the draft audit report.  The OIA will also provide a copy of the final audit report to each Appointed Officer of the M-NCPPC and the affected Department Director(s).

Back to Top


Follow-up reviews are performed on an issue-by-issue basis and typically occur shortly after the expected completion date, so that agreed-upon corrective actions can be implemented. The purpose of the follow-up is to verify that you have implemented the agreed-upon corrective actions. The auditor will interview staff, perform tests, or review new procedures to perform the verification. You will then receive a letter from the auditor indicating whether you have satisfactorily corrected all problems or whether further actions are necessary.

Back to Top