Role of the OCA
Types of Reports and Audits
The City Charter requires the Office of the City Auditor to conduct all of its audits under Government Auditing Standards. The City Auditor reports to and is accountable to the Audit Committee. The City Auditor must be appointed by the City Council, from those identified by the Audit Committee. The City Auditor must have access to, and authority to examine any and all records, documents, systems, and files of the City and other property of any City department, office, or agency, whether created by the Charter or otherwise. There are three main types: financial statement audits, attestation engagements, and performance audits.
The City of San Diego hires an outside independent audit firm to perform the City’s financial statement audit of the City’s Annual Comprehensive Financial Report (ACFR). The City Auditor oversees the contract for the outside independent audit firm.
The City Auditor conducts performance audits of the City’s departments, agencies, and their activities. Under Government Auditing Standards, performance audits provide objective analyses so that management and those charged with governance and oversight can use the information to improve program performance and operations, reduce costs, facilitate decision making, and contribute to public accountability.
A performance audit is a dynamic process that includes consideration of applicable standards throughout the course of the audit. Performance audit objectives may vary widely. Examples of performance audit objectives may include, but are not limited to:
- Assessing the extent to which legislative, regulatory, and/or organizational goals and objectives are being achieved;
- Analyzing the relative efficiency and effectiveness of a program or activity;
- Evaluating whether the audited entity is following sound procurement practices;
- Assessing the reliability, validity, and/or relevance of performance measures concerning program effectiveness and results; and
- Determining if program activities are in compliance with laws, regulations, contract provisions, grant agreements, and other requirements.
- The Office of the City Auditor may also perform some attestation engagements based on agreed-upon procedures, which consists of specific testing procedures performed on a subject matter. An example of an attestation engagement includes our annual Central Stores agreed-upon procedures review, which is currently performed by an outside audit firm and overseen by the Office of the City Auditor.
- Additionally, we perform other non-audit services such as investigating complaints received through the City’s Fraud Hotline regarding allegations of fraud, waste, and abuse. We perform investigations following the procedures recommended by the Association of Certified Fraud Examiners for allegations of improper financial activity, fraud, waste and/or abuse that appear to be material in nature.
Types of audit documents OCA presents to the Audit Committee for consideration:
Audit Document | City Auditor Action |
---|---|
1. Audit Reports | All audit reports will be made public and copies distributed simultaneously to the Audit Committee members, Mayor, City Council members, City Attorney, and administration officials. All audit reports will be placed on the City Auditor's public website. |
2. Annual Audit Work Plan | At the beginning of each fiscal year, the City Auditor will propose an annual audit work plan that will identify all proposed audits to be undertaken throughout the year. The work plan will identify 1) all audits in progress; 2) audits not started; 3) required annual audits, such as the Annual Inventory Audit; 4) on-going audit assignments, such as the Fraud, Waste and Abuse Hotline; 5) newly proposed audits based on the Citywide Risk Assessment model; and 6) input from the Mayor, City Council, and Administration on potential audit subjects. Additional information will include audit type and estimated audit hours. Audit requests received during the fiscal year will be addressed through the Audit Committee. |
3. Annual Activities and Accomplishments Report | Annually, the City Auditor's Office will make public a record of its activities and accomplishments. For example, beginning in January 2023, the City Auditor will issue an annual report for the period January 1, 2022 to December 31, 2022, with the following information: Audit authority and responsibility. Mission statement. Information on types of audits performed. Benefits to city, in terms of cost savings and increased revenues, or strengthening internal controls in comparison to audit costs. Audit recommendations by type-Improve operations or program effectiveness or improve economy and effectiveness. Office information, including budget and number of personnel. Audit work plan and Citywide Risk Assessment process. Organizational chart. Staff information including education, certifications, and work experience. Noteworthy recognition, appointments, and awards. Website information and statistics. Summary of audit work performed - executive summary of audit reports. Most recent peer review report. |
4. Fraud, Waste, and Abuse Hotline Quarterly Report | On a quarterly basis, the City Auditor will provide a summary report to the Audit Committee regarding the number of calls to the hotline, category of calls received, and call disposition. |
5. Monthly Reports | Each month, the City Auditor will issue a report to the Audit Committee. The report will contain 1) a listing of issued audit reports and memorandums; 2) a listing of all ongoing audit assignments, including information on audit status, hours, and target issuance date; 3) approved audits not started; and 4) a listing of significant City Auditor and staff activities and accomplishments. |
6. Recommendation Follow-Up Report | To ensure recommendations are implemented on a timely basis, the City Auditor will undertake a bi-annual recommendation follow-up process to track the status of all previously issued audit recommendations. For example, in October 2022, the City Auditor will prepare a report on the status of all recommendations for the previous 6-month period ending June 30, 2022. |
7. Risk Assessment | On an annual basis, the City Auditor's Office will conduct a Citywide Risk Assessment to identify potential audit subjects. The City Auditor's Office will complete a Citywide Risk Assessment to help identify, measure, and prioritize the City's potential audits based on the level of risk to the City. The results of the completed Citywide Risk Assessment will be utilized in preparing the City Auditor's annual work plan. When a City Activity Group is selected to be audited, we will perform a more in-depth risk assessment to ensure our audit procedures cover the areas of highest risk for that Activity Group. |
Standards
The Office of the City Auditor adheres to standards and guidelines when completing all work products. Additionally, many of our staff hold certifications from ACFE and IIA. The following are standards to which OCA conducts its work and/or some organizations staff certifications are issued from:
Government Auditing Standards (The Yellow Book)
The Yellow Book is used by auditors of government entities. It outlines the requirements for audit reports, professional qualifications for auditors, and audit organization quality control.
Association of Certified Fraud Examiners
The Association of Certified Fraud Examiners (ACFE) is the world’s largest anti-fraud organization. The ACFE delivers training, offers the CFE credential and fosters a dynamic, global community of anti-fraud professionals.
Association of Local Government Auditors (ALGA)
ALGA empowers the local government auditing community through excellence in advocacy, education, communication, and collaboration to protect and enhance the public good while embracing diversity, equity, and inclusiveness.
The Institute of Internal Auditors
The Institute of Internal Auditors (IIA) is an international professional association whose mission is to provide dynamic leadership for the global profession of internal auditing. The IIA offers the Certified Internal Auditor (CIA) certification.
Information Systems Audit and Control Association (ISACA)
ISACA is a professional membership organization committed to the advancement of digital trust by empowering IS/IT professionals to grow their skills and knowledge in audit, cybersecurity, emerging tech and more.