The URL can be used to link to this page

Home My WebLink About09.c. Receive introduction to the internal audit process and audit plan for 2019 Page 1 of 7 Item 9.c. ,ek CENTRAL SAN SANITARYCENTRAL CONTRA COSTA , . July 11, 2019 TO: HONORABLE BOARD OF DIRECTORS FROM: ERICA BROOKS PETERS, SENIOR INTERNALAUDITOR REVIEWED BY: PHILIP LEIBER, DIRECTOR OF FINANCE AND ADMINISTRATION ROGER S. BAILEY, GENERAL MANAGER SUBJECT: RECEIVE INTRODUCTION TO THE INTERNALAUDIT PROCESS AND AUDIT PLAN FOR 2019 Attached is the presentation for the above item. Strategic Plan Tie-In GOAL ONE: Provide Exceptional Customer Service Strategy 3- Maintain a strong reputation in the community GOAL THREE: Be a Fiscally Sound and Effective Water Sector Utility Strategy 2- Manage costs ATTACHMENTS: 1. Internal Audit Presentation July 11, 2019 Special Board Meeting Agenda Packet- Page 186 of 241 .-APOW Gly' 01 INTRODUCING THE INTERNAL AUDIT PROCESS rU ` `- 'c*AM Internal Audit Methodology and Phases 2019 Audit Plan Internal Audit Plan Maturity Model Annual Audit Plan Framework 2020 Audit Plan Key Dates Q& A Page 3 of 7 Internal Audit Methodology- Three Phases Risk Based Internal Audits Audit Planning Internal Audit Report Control Testing Audit Planning — Phase I Identify and confirm objectives, risks, scope and project timeline. Gathering Preliminary Information • Information gathering • Internal controls questionnaire • Identify preliminary risks •Scope and objectives Controls Risk Assessment • Understand the process • Results in business process flow/narrative • Map risks to controls • Determine key controls to test • Identify preliminary internal control opportunities • Determine testing strategy July 11, 2019 Special Board Meeting Agenda Packet- Page 188 of 241 • A sample of Sample questions Test identified transactions will be will be discussed Testing results will controls. selected from a with the auditee as be shared with the report of testing is auditee. population data. performed. Auditee will be kept informed of potential Auditee will be able to The final audit report will control opportunities in review the draft of the be shared with Executive advance of the draft audit audit report and respond. Management and the Board. report. Page 5 of 7 What to Expect During an Audit • Interviews and observations • Data (i.e. system reports or supporting documents) Audit Requests • Confirmation of processes and controls OL �4 14 111111, A F • Project scheduling Audit Timing • Ongoing coordination L-,,A 2019 Calendar Year Internal Audits" Audit Timeline Revenue Controls Part I In progress Contract Management Summer 2019 Revenue Controls Part 11 Fall 2019 IIIIIIIIIIIIIIIIIL **The Internal Audit Plan is flexible and subject to change based on events or issues brought to Internal Audit's attention.The contract(s)to be included in the Contract Management audit will be determined at a later date.Please note that the Audit Plan represents approximately 60%of the total project work for 2019.Beginning in the summer of 2019,other projects will include consulting on the ERP implementation to assist Management with the approach on redesigning the control framework and completion of the 2020 Audit Plan.Audits may be performed by Internal Audit,Central San staff supervised by Internal Audit and/or external consultants. July 11, 2019 Special Board Meeting Agenda Packet- Page 190 of 241 Page 6 of 7 The Annual Audit Plan Maturity Model /� Manage and Optimize(FY21 +Future Years) - The annual audit planning Mature the Function(FY19& process is mature with a FY20) consistently improving -Develop the list of auditable framework. Build the Base (through entities and the framework used -Internal Audit is fully FY18/19) to build the Audit Plan. aligned with Management -Establish the Internal Audit - Build a risk-based Audit Plan for Strategies and ERM at Central San. (IA)Function through 2020. completion of the Board Policy Improve the annual audit -IA is compliant with and administrative procedure, planning process and align the "Institute of Internal i.e.IA Charter. Auditors'(IIA)standards Audit Plan with Central San's fiscal -Develop the Audit Plan based year. with a Quality Assurance on known processes and program in place. management requests. -Introduce the framework and methodology of the Internal Audit Function to Management. Annual Audit Plan Framework ControlInternal • ERM Strategic Risk Assessment • Identify Auditable • Operational Level RiskEntities F- Executive . Map Potential Audits Management Surveys to Risk and Rank • Operational Management Central San's Interviews Management Risk Audit Universe Assessment io July 11, 2019 Special Board Meeting Agenda Packet- Page 191 of 241 Page 7 of 7 2020 Audit Plan - Target Key Dates Final Audit Plan Presentations Executive Management 11/2019 Managers 12/2019 Board 01/2020 July 11, 2019 Special Board Meeting Agenda Packet- Page 192 of 241