Types of Services
The Office of Internal Audit (OIA) provides Audits, Management Advisory Services and Training.
An audit is an examination and analysis of an organization, program, function or activity. Our audits are performed in accordance with Generally Accepted Government Auditing Standards (GAGAS), issued by the Government Accountability Office. The OIA completes several different types of audits.
A key operational objective of the OIA is the completion of our current audit work plan. The work plan is developed through a periodic risk assessment of all areas of the Commission. These areas, collectively, are known as the "Audit Universe" and include components such as major mission processes, organizational units, major activities, systems, and programs. A performance audit refers to a comprehensive examination of a facility, operating unit, or activity/process to evaluate its internal controls.
Investigative Engagement (Fraud, Waste, & Abuse)
An investigative engagement is an audit to investigate an intentional breach of a legal or equitable duty or the violation of federal, state, local laws or M-NCPPC policies which results in damage to the agency in any way, including without limitation, the misappropriation of any M-NCPPC property/resources including cash. In cases where fraud is suspected or proven, the OIA has the responsibility to investigate in accordance with Commission Practice 3-31, Fraud, Waste, and Abuse. Commission management may also request a special investigative engagement to assure specific policy and procedures are being completed, (e.g., review of purchase card transactions, surprise petty cash counts, etc.).
Information Technology Audits
Information Technology (IT) audits are conducted to ensure that M-NCPPC's information technology and business systems are adequately controlled, monitored, and assessed. These controls assist in providing for the confidentiality, availability, and integrity of organizational systems, processes, and information, irrespective of specific hardware, software, or business process utilized.
At the completion of an audit, the Follow-up Phase begins. During this phase, the OIA determines if planned corrective actions have been implemented by Management.
At the end of the audit, management provides implementation dates for corrective actions. After the implementation date, an auditor contacts appropriate personnel and establishes times to review completed corrective actions. The auditor evaluates the corrective action, reviews procedural changes and performs limited testing, as applicable, to determine if the action taken addresses the concern presented in the report.
Management Advisory Services
In addition to ongoing audit services, the OIA strives to be a key advisor for M-NCPPC management. In this role, auditors share good ideas and help prevent potential problems from becoming actual problems. The audit staff is available for consultations on interpretations of procedures or for performance of other objective analysis or measurement.
As part of its advisory services, the OIA is available to assist management in planning, designing, or implementing new systems or organizational restructuring.