HomeMy WebLinkAboutItem No. 1 PPP 11-06-2024 Audit Ad Hoc Committee - Vasquez + Company LLP11/5/2024
1
Entrance Presentation to the Ad Hoc
Audit Committee
Internal Audit Services
(October 1, 2024 to September 30, 2025)
November 6, 2024
1
Roger Martinez
Lead Partner
Cristy CaniedaPartner
Audit Seniors and Staff
Emer Jayson FabroAudit Manager
Orange County Sanitation District
Engagement Team
Jason Tagasa
IT Manager
/ENGAGEMENT TEAM
0
1
11/5/2024
2
2
/Projects Previously Performed
• Risk Assessment
• Capital Improvement Program (CIP) – Administration
• Cyber Security
• Procurement Card Management Program
• Expense Management – Overtime
• Revenue Management (Capital Facilities Capacity Charges – Cities Review)
• Construction Change Orders
• Accounts Payable Vendor Review
According to the RFP, the following internal audits have
been performed in the last five (5) years:
3
Risk Assessment
Review and Update Current Agency Wide
Risk Assessment.
ACH Vendors Review
Review current internal control processes for
setting up new vendors on the ACH and provide
feedback/recommendations.
Internal Audits
Perform operational audits, internal
control reviews, audits designed todetect potential fraud or malfeasance,
audits of other governmental agencies
providing services on behalf of OC San,
any other revenue enhancement audit,
and any special audit as directed bymanagement.
The number of audits each year varies
depending on the size and complexity
of areas chosen based on current needsor focus. Based on the approved
purchase order, we are scheduled to
conduct two (2) audits.
/SCOPE OF WORK - INTERNAL AUDIT SERVICES
2
3
11/5/2024
3
4
Clearly define the objectives and scope of the risk assessment
to ensure alignment with organizational goals.
Assess financial, operational, and compliance risks within
departments.
Define Objectives and Scope
Collect relevant information about the organization’s structure,
processes, and environment.
Review organizational charts, process maps, and previous
audit reports.
Understand the Organization
Identify potential risks that could impact the organization’s
objectives such as supplier fraud, procurement delays, and
non-compliance with regulations.
Identify Risks
/RISK ASSESSMENT PLAN
5
Evaluate the likelihood and impact of each identified risk.
Use a risk matrix to rate risks for both likelihood and impact.
Assess Risks
Rank risks based on their assessment scores to focus on the
most significant ones.
Prioritize risks with high likelihood and high impact.
Prioritize Risks
Develop strategies to mitigate or manage the identified risks.Develop Risk Mitigation Strategies
/RISK ASSESSMENT PLAN, CONTINUED
4
5
11/5/2024
4
6
Document the risk assessment process, findings, and
mitigation plans.
Prepare a report to communicate the results to management
and the board.
Document and Report
Regularly monitor the identified risks and the effectiveness of
mitigation strategies.
Periodically review and update the risk assessment to reflect
changes in the organization or its environment.
Schedule quarterly reviews to update the risk assessment
and adjust mitigation plans as needed.
Monitor and Review
/RISK ASSESSMENT PLAN, CONTINUED
7
QUESTIONS
6
7