The URL can be used to link to this page

Home My WebLink About03.b. Receive introduction to internal audit process and audit plan for 2019 and 2020 Page 1 of 7 Item 3.b. CENTRAL SAN Y-109-ITMEN ME June 18, 2019 TO: ADMINISTRATION COMMITTEE FROM: ERICA BROOKS PETERS, SENIOR INTERNALAUDITOR REVIEWED BY: PHILIP LEIBER, DIRECTOR OF FINANCE AND ADMINISTRATION ROGER S. BAILEY, GENERAL MANAGER SUBJECT: RECEIVE INTRODUCTION TO INTERNALAUDIT PROCESS AND AUDIT PLAN FOR 2019 AND 2020 Attached is the presentation for the above item. Strategic Plan Tie-In GOAL ONE: Provide Exceptional Customer Service Strategy 3- Maintain a strong reputation in the community GOAL THREE: Be a Fiscally Sound and Effective Water Sector Utility Strategy 2- Manage costs ATTACHMENTS: 1. Presentation June 18, 2019 Regular ADMIN Committee Meeting Agenda Packet- Page 24 of 67 .-APOW Gly' 01 INTRODUCING THE INTERNAL AUDIT PROCESS rU ` `- 'c*AM Internal Audit Methodology and Phases 2019 Audit Plan Internal Audit Plan Maturity Model Annual Audit Plan Framework 2020 Audit Plan Key Dates Q& A Page 3 of 7 Internal Audit Methodology Risk Based Internal Audits Audit Planning Internal Audit Report Control Testing Audit Planning Phase Identify and confirm objectives, risks, scope and project timeline. Gathering Preliminary Information • Information gathering • Internal controls questionnaire • Identify preliminary risks •Scope and objectives Controls Risk Assessment • Understand the process • Results in business process flow/narrative • Map risks to controls • Determine key controls to test • Identify preliminary internal control opportunities • Determine testing strategy June 18, 2019 Regular ADMIN Committee Meeting Agenda Packet- Page 26 of 67 2 • A sample of Sample questions Test identified transactions will be will be discussed Testing results will controls. selected from a with the auditee as be shared with the report of testing is auditee. population data. performed. Auditee will be kept informed of potential Auditee will be able to The final audit report will control opportunities in review the draft of the be shared with Executive advance of the draft audit audit report and respond. Management and the Board. report. Page 5 of 7 What to Expect During an Audit • Interviews and observations • Data (i.e. system reports or supporting documents) Audit Requests • Confirmation of processes and controls OL �4 14 111111, A F • Project scheduling Audit Timing • Ongoing coordination L-,,A 2019 Calendar Year Internal Audits" Audit Timeline Revenue Controls Part I In progress Contract Management Summer 2019 Revenue Controls Part 11 Fall 2019 IIIIIIIIIIIIIIIIIL **The Internal Audit Plan is flexible and subject to change based on events or issues brought to Internal Audit's attention.The contract(s)to be included in the Contract Management audit will be determined at a later date.Please note that the Audit Plan represents approximately 60%of the total project work for 2019.Beginning in the summer of 2019,other projects will include consulting on the ERP implementation to assist Management with the approach on redesigning the control framework and completion of the 2020 Audit Plan.Audits may be performed by Internal Audit,Central San staff supervised by Internal Audit and/or external consultants. June 18, 2019 Regular ADMIN Committee Meeting Agenda Packet- Page 28 of 67 4 Page 6 of 7 The Annual Audit Plan Maturity Model /� Manage and Optimize(FY21 +Future Years) - The annual audit planning Mature the Function(FY19& process is mature with a FY20) consistently improving Develop the Audit Universe and framework. Build the Base (through the Audit Plan Framework. -Internal Audit is fully FY18/19) Build arisk-based Audit Plan for aligned with Management Strategies and ERM at -Establish the Internal Audit 2020. Central San. (IA)Function through -Improve the annual audit completion of the Board Policy planning process and align the -IA is compliant with and administrative procedure, Audit Plan with Central San's fiscal "Institute of Internal i.e.IA Charter. Auditors'(IIA)standards year. -Develop the Audit Plan based with a Quality Assurance on known processes and program in place. management requests. -Introduce the framework and methodology of the Internal Audit Function to Management. Annual Audit Plan Framework ControlInternal • ERM Strategic Risk Assessment • Identify Auditable • Operational Level RiskEntities F- Executive . Map Potential Audits Management Surveys to Risk and Rank • Operational Management Central San's Interviews Management Risk Audit Universe Assessment June 18, 2019 Regular ADMIN Committee Meeting Agenda Packet- Page 29 of 67 5 Page 7 of 7 2020 Audit Plan - Target Key Dates Final Audit Plan Presentations Executive Management 11/2019 Managers 12/2019 Board 01/2020 June 18, 2019 Regular ADMIN Committee Meeting Agenda Packet- Page 30 of 67 6