The mission of the Office of Internal Audit is to provide independent, objective audit/review and risk assessment services designed to add value and improve the operations of the Maryland-National Capital Park and Planning Commission (M‑NCPPC). It helps the M-NCPPC accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management, and internal control processes, compliance with all applicable rules and regulations and reliable financial reporting.
For purposes of this document, M-NCPPC (the agency) means all departments, facilities, and affiliated organizations.
The scope of work of the Office of Internal Audit is to determine whether the M‑NCPPC’s risk management, control, and governance processes, as designed and represented by management, are adequate and functioning in a manner to ensure:
- Risks are appropriately identified and managed.
- Interaction with the various governance groups occurs as needed.
- Significant financial, managerial, and operating information is accurate, reliable, and timely.
- Operations are in compliance with the M-NCPPC’s policies, standards, procedures, and applicable laws and regulations.
- Resources are acquired economically, used efficiently, and adequately protected.
- Programs, plans, and objectives are achieved.
- Quality and continuous improvement are fostered in the organization’s control process.
- Significant legislative or regulatory issues impacting the organization are recognized and addressed properly.
The Office of Internal Audit Chief shall be accountable to the Chair, Vice Chair of the Commission and the Audit Committee to:
- Report significant issues related to the processes for controlling the activities of the M-NCPPC and its affiliates, including potential improvements to those processes, and provide information concerning such issues.
- Provide information periodically on the status and results of the annual audit plan and the sufficiency of Internal Audit resources.
The Office of Internal Audit Chief and staff of Internal Audit have responsibility to:
- Develop a flexible annual audit plan using appropriate risk-based methodology, including any risks or control concerns identified by management, and submit that plan to the Audit Committee for review and approval.
- Implement the annual audit plan, as approved, including, and as appropriate, any special tasks or projects requested by the Board and the Audit Committee.
- Maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of the M-NCPPC.
- Establish a quality assurance program by which the Office of Internal Audit Chief assures the operation of internal auditing activities.
- Evaluate and assess new or changing services, processes, operations, and controls concurrent with their development, implementation, and/or expansion.
- Determine how efficiently and effectively the departments are carrying out their functions of planning, organizing, directing and controlling.
- Determine the reliability and integrity of financial information and the means used to identify measure, classify and report such information.
- Determine the adequacy and effectiveness of the systems of internal accounting and operating controls.
- Review established systems to ensure compliance with those laws, regulations, policies, plans and procedures, which could have a significant impact on operations and reports, and determine whether the organization is in compliance.
- Review the means of safeguarding assets and, as appropriate, verify the existence of such assets.
- Appraise the economy and efficiency, with which resources are employed, identify opportunities to improve operating performance, eliminate waste and duplication, and recommend solutions to problems where appropriate.
- Review operations and programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
- Perform consulting services, beyond internal auditing assurance services, to assist management in meeting its objectives. These may include facilitation, process design, training, and advisory services.
- Coordinate Internal Audit efforts with those of the M-NCPPC’s external auditors.
- Participate in the planning, design, development, implementation and operation of major computer-based systems to determine whether (a) adequate controls are incorporated in the systems, (b) thorough system testing is performed at appropriate stages, (c) system documentation is complete and accurate, and (d) the needs of user departments are met. Conduct post-installation evaluations of major data processing systems to determine whether these systems meet their intended purposes and objectives.
- Review compliance with the M-NCPPC’s guidelines for ethical business conduct and ensure that the highest standards of personal performance are met.
- Maintain regular contact with the Audit Committee and the Executive Committee to share concerns, problems and/or opportunities identified in the audit reports to facilitate timely remedial or other action.
- Report to the Audit Committee, Executive Committee and those members of management who should be informed, or who would take corrective action, the results of audit examinations, the opinions formed, and the recommendations made.
- Evaluate any plans or actions taken to correct reported conditions for satisfactory disposition of audit findings. If the corrective action is considered unsatisfactory, hold further discussions to achieve acceptable disposition.
- Provide adequate follow-up to ensure appropriate corrective action is taken and that it is effective.
- Conduct quality assurance peer reviews.
- Perform special projects at the request of the Audit Committee and Board.
- Issue periodic reports to the Audit Committee and the Executive Committee summarizing results of audit activities.
- Inform the Audit Committee and the Executive Committee of emerging trends and successful practices in internal auditing.
- Provide a list of significant measurement goals and results to the Audit Committee and the Executive Committee.
- Assist in the investigation of significant suspected fraudulent activities within the M-NCPPC and notify the Audit Committee and the Executive Committee of the results.
The Office of Internal Audit Manager and staff of Internal Audit are authorized to:
- Have unrestricted access to all functions, records, property, and personnel. Have full and free access to the Audit Committee.
- Allocate budgeted resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives.
- Obtain the necessary assistance of personnel in units of the organization where they perform audits, as well as other specialized services from within or outside the organization.
Limitation of Authority
The Office of Internal Audit Chief and staff of Internal Audit are not authorized to:
- Perform any operational duties for the organization or its affiliates.
- Initiate or approve financial transactions external to Internal Audit.
- Direct the activities of any organization employee not employed by Internal Audit, except to the extent such employees have been appropriately assigned to auditing teams or to otherwise assist the internal auditors.
In performing their functions, the Internal Audit Director and staff have no direct authority over, or responsibility for, any of the activities reviewed.
Internal auditors will not develop and implement procedures, make management decisions, or engage in any other activity which could be reasonably construed to compromise their independence.