Loading...
HomeMy WebLinkAboutItem No. 1 PPP 11-06-2024 Audit Ad Hoc Committee - Vasquez + Company LLP11/5/2024 1 Entrance Presentation to the Ad Hoc Audit Committee Internal Audit Services (October 1, 2024 to September 30, 2025) November 6, 2024 1 Roger Martinez Lead Partner Cristy CaniedaPartner Audit Seniors and Staff Emer Jayson FabroAudit Manager Orange County Sanitation District Engagement Team Jason Tagasa IT Manager /ENGAGEMENT TEAM 0 1 11/5/2024 2 2 /Projects Previously Performed • Risk Assessment • Capital Improvement Program (CIP) – Administration • Cyber Security • Procurement Card Management Program • Expense Management – Overtime • Revenue Management (Capital Facilities Capacity Charges – Cities Review) • Construction Change Orders • Accounts Payable Vendor Review According to the RFP, the following internal audits have been performed in the last five (5) years: 3 Risk Assessment Review and Update Current Agency Wide Risk Assessment. ACH Vendors Review Review current internal control processes for setting up new vendors on the ACH and provide feedback/recommendations. Internal Audits Perform operational audits, internal control reviews, audits designed todetect potential fraud or malfeasance, audits of other governmental agencies providing services on behalf of OC San, any other revenue enhancement audit, and any special audit as directed bymanagement. The number of audits each year varies depending on the size and complexity of areas chosen based on current needsor focus. Based on the approved purchase order, we are scheduled to conduct two (2) audits. /SCOPE OF WORK - INTERNAL AUDIT SERVICES 2 3 11/5/2024 3 4 Clearly define the objectives and scope of the risk assessment to ensure alignment with organizational goals. Assess financial, operational, and compliance risks within departments. Define Objectives and Scope Collect relevant information about the organization’s structure, processes, and environment. Review organizational charts, process maps, and previous audit reports. Understand the Organization Identify potential risks that could impact the organization’s objectives such as supplier fraud, procurement delays, and non-compliance with regulations. Identify Risks /RISK ASSESSMENT PLAN 5 Evaluate the likelihood and impact of each identified risk. Use a risk matrix to rate risks for both likelihood and impact. Assess Risks Rank risks based on their assessment scores to focus on the most significant ones. Prioritize risks with high likelihood and high impact. Prioritize Risks Develop strategies to mitigate or manage the identified risks.Develop Risk Mitigation Strategies /RISK ASSESSMENT PLAN, CONTINUED 4 5 11/5/2024 4 6 Document the risk assessment process, findings, and mitigation plans. Prepare a report to communicate the results to management and the board. Document and Report Regularly monitor the identified risks and the effectiveness of mitigation strategies. Periodically review and update the risk assessment to reflect changes in the organization or its environment. Schedule quarterly reviews to update the risk assessment and adjust mitigation plans as needed. Monitor and Review /RISK ASSESSMENT PLAN, CONTINUED 7 QUESTIONS 6 7