The Office of Internal Audit was created on August 26, 2003 when the Boise City Council enacted Ordinance No. 6260, establishing the Office and its placement within City operations. Title 1, Chapter 12, Article A of the Boise City Code defines the Office and establishes its authorities, duties, and responsibilities.
The Office of Internal Audit conducts its work in substantial compliance* with two separate, overlapping sets of standards. Standards for the internal audit industry have been established by the most widely-recognized authority within that industry – The Institute of Internal Auditors. Additionally, since the Office operates in an environment that may involve Federal funding sources, specific government auditing standards established by the Office of Management and Budget also may apply. These standards, from both the private and the public sectors, have been incorporated into the Office’s policies and procedures to the extent practical, and provide guidance for the day-to-day conduct of audit-related activities.
*Industry standards require regular peer reviews within their compliance requirements. Due to budget constraints within a municipal government environment, the conduct and frequency of peer reviews may not always be achieved in conformance with the standards.
Internal Audit functions as an independent, objective assurance and consulting service. The Office strives to add value and improve the organization’s operations by bringing to bear a systematic and disciplined approach to the evaluation of risk management processes, activity-level controls, and governance processes.
Through a series of planned audits and assessments, Internal Audit reviews activities to determine:
- The effectiveness of controls that provide for the protection and safeguarding of assets.
- The reliability of the organization’s financial information.
- The effectiveness and efficiency of internal processes.
- The level of compliance achieved with internal policies and procedures; and with laws, rules, and regulations.
Audit resources are allocated based on perceived or demonstrated levels of risk. Open and effective channels of communications are maintained to ensure that management, the City Council, and ultimately the citizens of Boise are informed of audit-related activities and findings.
The Office of Internal Audit is effectively chartered through Boise City Code. Title 1, Chapter 12, Article A of the code sets forth the following authorities and responsibilities for the Office:
- The Office of Internal Audit is accountable only to the City Council and the citizens of Boise.
- City Code provides a mechanism for the appointment, and the removal of the Director and staff.
- The Office is responsible for review of financial transactions, policies, and practices; and for compliance with applicable laws, rules, and regulations.
- Internal Audit, the Director, and staff are independent from all other City departments.
- Internal Audit will not be unduly influenced by others.
- The Director and members of the Office have access to all staff, records, and information necessary to fulfilling their duties.
- Internal Audit will have the full cooperation of all City employees.
- The Director will report all findings and activities to the public, the Council, the Mayor, and relevant members of the management team as specified.
Through the authorities, responsibilities, and accountabilities spelled out within City Code, the Office of Internal Audit is well-positioned within the organization to fulfill its mission, goals, and objectives.
The Office of Internal Audit will provide valuable assurance-related services to management, to the City Council, and ultimately to the citizens of Boise.
- Internal Audit will provide the City Council with information relevant to operations, organizational controls, governance activities, compliance, and the achievement of objectives.
- Internal Audit will conduct all activities on an independent and objective basis.
- The Director and staff will be free from any operational responsibilities.
- The Office will, with Council approval, execute an annual program of audits and reviews.
- Internal Audit has the right to review all aspects of operations and will respect that right.
- Internal Audit has full access to all relevant records, property and personnel.
- Internal Audit will safeguard all information and resources entrusted to it.
- Results will be reported to management, the Mayor, the City Council, and the citizens of Boise.
- Internal Audit will promote an environment that provides for growth and advancement of staff.
The Office of Internal Audit will abide by the following general performance standards.
- The Internal Audit function is properly positioned within the organizational hierarchy.
- Internal Audit will secure resources necessary to accomplish its goals and objectives.
- Staff members will possess an appropriate level of expertise for any work contemplated.
- A risk-based audit plan will be prepared annually, approved by City Council, and followed.
- The audit plan will be flexible to accommodate significant emerging issues or areas of interest.
- Comprehensive policies and procedures will guide audit activities and standardize work product.
- Audits will be performed with independence, objectivity; proficiency; and due professional care.
- Activities will ensure appropriate audit evidence and supporting material is gathered.
- All work will be supervised; and work product will be properly reviewed and approved.
- Material facts that impact the conduct or reporting of audit activities will be disclosed.
- Activities will be coordinated with other assurance providers to avoid duplication of efforts.
- Activities will, to the extent practical, comply with industry and government audit standards.
- Internal Audit will not provide services that entail accepting either managerial or functional responsibility over any area that could be subject to subsequent audit.
Internal Auditors assigned to the Office will adopt appropriate personal standards of conduct. The following list defines those expectations that have been established for Internal Auditors:
- Comply with the Code of Ethics of the Institute of Internal Auditors.
- Comply with Boise City’s Code of Ethics; Boise City Code, Title 1, Chapter 21.
- Maintain technical competencies and proficiencies.
- Attain relevant professional certifications.
- Maintain effective communications – both verbal and written.
- Exercise due professional care.
- Perform services only in areas of demonstrated competency.
- Know and comply with applicable standards of performance.
- Be independent and objective when performing audit work.
- Respect and protect information that has been entrusted to the Auditor.
- Avoid conflicts of interest, or impairment to independence and objectivity.
- Avoid any activity that will conflict with the interests of the organization or the public.
Planning and Budgeting
Generally accepted auditing standards provide for the development of a formal work plan for each engagement contemplated. Proper planning of audits and reviews is essential to the effective conduct and completion of the work. The Auditor will also remain cognizant of human resource requirements, and the time allotted to complete the work.
The Internal Auditor that is tasked to complete an audit or review is primarily responsible for planning and developing a work plan and program for that assigned engagement. Planning should include consideration of a variety of information sources – an assessment of risks, the control environment, entity objectives, previous audits, reference materials, the results of visits or interviews, and other relevant sources of information.
Conducting Audits and Engagements
Audits are initiated through the release of an Engagement Memorandum that provides the auditee with information relevant to project scope, objectives, criteria, communications, post-audit follow-up, and any known limitations or impairments that could impact the audit.
During fieldwork, auditors complete Work Programs that were created during the Planning phase (see above). The Work Programs specify the work to be performed and the documentation and other materials that are to be gathered to achieve the objectives established for the project. In every case, the auditor will gather evidence and documentation that is adequately supports any findings or recommendations arising from the project or provided to the audit client.
As this phase of work is completed, auditors also provide their client(s) with observations and recommendations through interim communications. These communications can take one of several forms – from verbal recommendations to written comments, and on to the communication of formal Audit Findings that will require corrective action on the part of the auditee.
The Office has also implemented a series of continuous or regularly-occurring review activities that are referred to as Continuous Auditing. These reviews consist of an array of targeted, pre-defined audits or analyses that occur varying intervals – daily, weekly, monthly, and quarterly. These activities allow for more frequent monitoring of activities, and the identification of variances or anomalies more quickly. Corrective action can then be pursued more-timely to prevent re-occurrence going forward.
Once field work has been completed, and all work has been finalized, Internal Auditors may schedule Exit Reviews with audit clients. The purpose of these exit meetings is to review the results of the audit, and to address any misconceptions or misunderstandings that may exist. It also allows management to provide additional pertinent information, and / or updates on any corrective actions they may have implemented during the review.
The Office has implemented procedures to ensure that audit activities receive an appropriate level of supervision and oversight. Processes that are incorporated into the Office’s activities include:
- Detailed procedures ensure that work is accomplished consistent with established standards.
- Various tools, such as checklists and templates provide guidance to ensure that all qualitative and quantitative standards are met.
- Procedures also provide for the review and approval of all work product upon completion.
- The Director of Internal Audit supervises Internal Auditor(s) during all audit-related activities through a combination of individual oversight and monitoring protocols.
- Audit Reports are subject to review and approval by select members of City Council, as well as by management prior to their final release.
Industry practice requires that follow-up activities occur after the completion of each audit or review. The purpose of follow-up is to determine whether management is actively pursuing corrective actions that may be necessary. If corrections are necessary, the determination is made as to whether satisfactory progress is being made toward resolving identified weaknesses or deficiencies. Follow-up, as with other audit-related activities, must be properly managed in order to provide the highest level of value possible to the organization.
At the culmination of each scheduled audit, all unresolved Audit Findings are documented as “open” items. All Findings will remain “open” until they have been successfully resolved. Resolution is verified through various activities appropriate to the issue(s) involved; and may range from simple verbal inquiries up to the performance of a second audit to confirm current conditions. The status of all unresolved issues, as well as issues recently resolved, is reported to the City Council annually. These reports are included with Audit Reports occurring by fiscal year. (See the following section for additional information.)
The results of each scheduled audit project are communicated via formal Audit Reports. Audit Reports undergo review by Internal Audit, by management, and by select members of the City Council before they are finalized and released. Reports typically include the following sections:
- Title Page
- Scope and Methodologies
- Evaluation and Comments
- Findings and Recommendations
- Management Participants
- Appendices / Attachments (if any)
City Code sets out Internal Audit’s reporting responsibilities. Audit Reports and findings are communicated upon project completion as follows:
- To the City Department(s) involved
- To the Mayor
- To City Council
- To the public
City Code also requires a quarterly reporting process:
- A summary of all quarterly audit activities is provided to City Council
- A summary of all quarterly audit activities is made available to the public
All Audit Reports, as well as summaries of quarterly audit activities are available to the public via posting to the City’s web site.
© 2019 City of Boise. All rights reserved.
Message Sent Successfully!
Message Failed To Send.
Send a Message to Internal Auditor
The Office of Internal Audit encourages the citizens of Boise, City management, and City staff to contact us with any questions, comments, issues, or concerns they may have. Internal Audit staff will respond to each communication received, perform follow up appropriate to the situation, and seek a final disposition that is commensurate with the original concern(s) expressed. Any correspondence received will be held in confidence to the extent possible, and in a manner consistent with professional standards.