The Office of the Auditor General's (OAG) audit process consists of four phases: Planning, Fieldwork, Reporting and Follow-up. These phases are aligned with and support the OAG’s conformance with the Institute of Internal Auditors’ International Standards for the Professional Practice of Internal Auditing.
The planning phase includes obtaining an understanding of the area or subject under audit (e.g., through document reviews and interviews) as well as developing a formal risk assessment. The audit’s scope, objectives, and criteria are defined. An audit plan and audit procedures are developed in order to meet the audit’s objectives.
In the fieldwork phase, audit procedures are performed to develop findings and conclude on the audit’s objectives. Various types of evidence gathering techniques such as interviews, inspections, transaction testing, and data analyses are applied. Preliminary audit findings are discussed with management to validate conclusions, develop recommendations, and solicit management action plans.
During the reporting phase, the audit report is developed and presented to City management (CMO), the Audit Committee and City Council. The Audit Committee and City Council receive audit reports throughout the year, as audits are completed. Audit reports are also published to the OAG’s website.
Follow-up procedures evaluate the corrective action that management has taken in response to an audit recommendation. Follow-up procedures are performed once management indicates that the action plan has been completed. During the follow-up phase, evidence is gathered to assess whether the original audit findings have been resolved. Follow-up status is reported to the Audit Committee semi-annually.
The following is performed on a quarterly basis:
- Obtains an update from each department on the status of the outstanding recommendations within their purview; and
- Performs their own reviews and provides an update to the OAG.
- Reviews the update to determine which audit recommendations remain outstanding and which have been completed.
- Once a recommendation is assessed as complete by management, the OAG performs inquiry of management to confirm the steps taken to implement the recommendations and may perform further tests to support our conclusions.
- After our review is performed, we communicate our findings and next steps with management.
If a recommendation is assessed as not started or as in-progress, management provides the OAG with an explanation and a revised implementation date. The results of these procedures, with areas of high risk highlighted, are included in our semi-annual status report, which is communicated to Audit Committee and City Council.
Refer below for a depiction of the audit recommendation follow-up process flow.