The County Auditor established a quality assurance program to provide assurance that the audits meet generally accepted auditing standards, fairly and objectively report results, and are conducted by highly trained professionals. Audit elements addressed in this QA program are:
- Organizational Independence
- Auditor Independence
- Qualified & Trained Staff
- Audit Planning/Audit Selection
- Risk Analysis
- Objective analysis and reporting
- Peer Review
According to Board of County Commissioners Resolution 080-94 (the Audit Charter) the County Auditor reports directly to the Board of County Commissioners, the highest level of management in Johnson County government. The audit office is independent of all other County offices and has full authority to audit any County department.
Auditor independence as defined in the U.S. Government Accountability Office’s government auditing standards requires auditors to be free from personal impairments to their independence that could affect or appear to affect their impartiality. The standards also require the audit organization to institute quality controls to ensure auditors do not have personal impairments. Our staff must declare their independence and report any impairment or potential impairment on every audit assignment. Personal impairment certifications are maintained on file in the individual audit work papers. Auditors who report a personal impairment will not be assigned to the audit if a review by the County Auditor confirms the impairment.
Qualified and Trained Staff:
All staff must meet general qualification standards. These would include possessing a college degree in financial related fields, criminal justice field, and management analysis fields including public administration. Staff must maintain a steady pace of continuing education meeting the standards of most accrediting organizations (GAO, AICPA, IIA, CGFM, CFE, etc.). As a minimum, all staff must maintain 80 hours of continuing education every 2 years. The County Auditor maintains a centralized data base for training achieved, and individuals are required to input appropriate data. Staff is encouraged to seek advanced degrees and professional certifications such as CPA, CIA, CGFM, CFE, CIS etc.
Audit Planning/Audit Selection:
Audits are selected based on risk analysis. An annual audit plan is prepared by the County Auditor and presented to the BOCC for approval. This plan must be presented no later than the 2nd week of the plan year. Sources for audit topics vary but usually come from an assessment of risk by the County Auditor. The County Auditor must also solicit suggestions from each Commissioner no later than December 15 of the preceding plan year. The County Auditor can also consider requests from County departments. Such requests will be reviewed in light of other audits identified through the risk analysis for priority. Usually, a request for audit will receive sufficient priority to be included provided the topic has the potential to add value to the governance of the County.
Individual audit starts will be planned with appropriate processes to include research, survey and verification of audit issues as they develop. To ensure planning meets standards, auditors are required to complete a Quality Control Checksheet for Planning and file in the workpapers.
All proposed audits are weighed in terms of risk. Elements included in the risk assessment are contribution of the program to:
- Efficiency/effectiveness of governance
- Customer service to constituency
- Potential embarrassment to County
- Budget to total program
The risk assessment is updated annually and audit subjects are added throughout the year. All risk factors are measured in terms of High, Medium and Low risk to the County. Additionally, there is an ongoing risk assessment of agencies as audits are started which includes the agency’s assessment of risk within their own programs. These risks are valued in terms of potential, actual or no risk.
During the risk analysis process, potential audit topics are documented to ensure auditors think through the audit before starting it. This process includes preparing Audit Proposal and Audit Approach documents that serve as a guide to the audit subject. These documents discuss the nature of the audit, inputs and outputs of the audited program or entity, expected outcomes of the program and audit approach to the program. These documents identify potential risk scenarios to focus early audit attention.
Objective analysis and reporting:
The audit process requires objective review and reporting. To ensure objectivity, the office audit manual requires review and analysis of audit results with the auditee at specific review points throughout the audit. Auditee personnel are encouraged to give feedback (positive or negative) on the issues identified in the audit and auditors are required to consider feedback before arriving at conclusions. Draft reports are prepared and discussed with auditee personnel to ensure a basic understanding of the issues, to attempt to gain agreement with the issues and recommendations, and to ensure the audit position is correct and objectively stated in the report. Objectivity includes presenting the auditee’s position fairly in the report. This is usually done by reference to their position or by including their comments in the audit report or both.
An audit report is the end product of audits completed by the County Auditor. There are several types of reports; formal, quick reaction, and memorandum. The formal report format should be used for most reports. Quick Reaction reports are used to notify management of matters requiring immediate attention. The subject of quick reaction reports may be included in a formal report if occurrences fall within the scope of the audit in which case the report will acknowledge any corrective action taken by the auditee. The memorandum report is rarely used but can be used to report audit results with no findings. Quality control measures for audit reports include report referencing to ensure workpaper statements support statements in the report. There will be a referencing certification maintained in the Certifications file of the workpapers. Additionally, auditors will be required to complete a quality control checksheet for reports to ensure all the report elements have been included. The County Auditor’s review of audit reports includes ensuring objectivity and fair presentation of the auditee’s position.
Peer review is a process where an independent review is given to the audit operation to attest to compliance with generally accepted government auditing standards. Peer review is governed by several of the certification boards and is a required element of the GAO standards. Absent a peer review, the audit report must disclose that peer review has not been accomplished. In such instances, peer review can be substituted by an internal inspection program that provides for independent review of audit work by staff who did not participate in the audit. This office conforms to an inspection program. Annually, an audit is selected for inspection using Association for Local Government Auditors peer review audit programs. A staff member not involved in the audit conducts the peer review according to peer review guidance and prepares a report for the County Auditor. The inspection includes detailed review of workpapers, interviews of staff and managers on the audit, report referencing, staff qualifications and adherence to certification procedures for the audit. The County Auditor reviews the inspection report and takes corrective action when warranted.
The audit profession requires the highest degree of ethics. The County Auditor will ensure staff receives at least 2 hours of ethics training every 2 years. Forums for such training will be the myriad of professional training seminars offered, County provided classroom training, and/or required reading.