Frequently Asked Questions
How often do you audit an area?
The frequency of audits usually depends on the level of risk associated with the area. A high-risk area may be audited more frequently than a low-risk area.
Why is an area considered high risk?
Internal Audit calculates risk by reviewing and analyzing key risk factors, such as: size of budget, number of employees, impact on citizens, time since last audit, results of last audit, changes in management, etc.
Who audits the auditor?
Internal Audit participates in both internal and external quality assurance assessments. Internal assessments include ongoing monitoring of the performance of the internal audit activity and periodic self-assessments. External assessments are done every five years or less, and are conducted by a qualified, independent audit team from outside of the organization. The County's independent audit advisory committee oversees this work. A report with findings and recommendations for improvement is issued to the Board of Supervisors and is posted on this website. (See “About the Office” / “Peer Review”)
What does scope mean?
The scope of an audit refers to the breadth of the review (how many processes/functions are included). Most audits include an initial planning phase in which the area’s control environment is reviewed at a high level. Areas that appear to have weak controls are selected for audit testing (i.e., included in the audit scope).
What is an audit finding?
An audit finding consists of audit results and conclusions based on appropriate analysis and evaluation. (The term "observation," "issue" or "exception" may also be used in audit reports.) Audit findings may be positive (e.g., "...no duplicate payments were found...") or negative (e.g., "...vendor overpayments were found..."). Findings usually result in recommendations that will assist an area to better achieve its business objectives.
What is an action plan?
Most audit reports include the actions an area will take to implement audit recommendations. Action plans usually include target completion dates.
What is audit follow-up?
On a regular basis, Internal Audit determines the status of all open audit recommendations. Follow-up is an important part of the audit process. At the Board of Supervisor's request, Internal Audit prepares an annual report showing all recommendations outstanding for more than one year.
What is a performance audit?
A performance audit is the systematic assessment of a program, function, or operation. A performance audit evaluates economy, efficiency, effectiveness, and compliance.
Who receives audit reports?
When complete, audit reports are usually sent to The Board of Supervisors, the County Manager, the Citizen’s Audit Advisory Committee, the audited area, and other interested parties. Reports are also available to the public on Internal Audit's web site.
To whom does the County Auditor report?
The Director of Internal Audit (County Auditor) reports directly to the County Board of Supervisors, with an advisory reporting relationship to the Board-Appointed, Citizens Audit Advisory Committee.
What is the difference between the Auditor General and Internal Audit?
The County Board of Supervisors established an Internal Audit department to provide an objective and independent assessment of the County's system of internal controls. This assessment is carried out by Internal Audit through financial, performance, and information systems audits and reviews. Internal Audit evaluates the adequacy of the internal control environment, the operating environment, related accounting, financial, and operational policies, and reports the results accordingly.
The Auditor General is an Office of the State of Arizona. It is primarily responsible for an annual audit of the financial statements produced by the County (Comprehensive Annual Financial Report).