Audit Process Overview
Internal Auditing Defined
The IIA defines internal auditing as “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
Each operational component of the OIG follows the Principles and Standards for Offices of Inspector General, as published by the Association of Inspectors General. Internal Audit conducts assurance and consulting projects in accordance with International Standards for the Professional Practice of Internal Auditing (Standards) as published by the IIA and also follows Governmental Auditing Standards published by the U.S. General Accounting Office.
The Standards are a set of principles-based, mandatory requirements consisting of:
- Statements of core requirements for the professional practice of internal auditing and evaluating the effectiveness of performance that are internationally applicable at organizational and individual levels.
- Interpretations clarifying terms or concepts within the Standards.
The purpose of the Standards is to:
- Guide adherence to the mandatory elements of the International Professional Practices Framework.
- Provide a framework for performing and promoting a broad range of value-added internal auditing services.
- Establish the basis for the evaluation of internal audit performance.
- Foster improved organizational processes and operations.
In accordance with auditing standards and pursuant to § 20.055(6)(i), F.S., Internal Audit develops annual audit plans based upon its annual risk assessment. Through the risk assessment process, auditors consider qualitative information from Department managers and review quantitative data to assign risk scores to the Department’s auditable entities. Qualitative factors may include program complexity, newness, susceptibility to fraud, prior audit findings, and other risk-related factors. Quantitative factors considered may include time since last audit, program budget, and number of staff assigned to the activity.
Elements of an Audit Finding
Auditors develop audit findings to communicate the audit results. Audit findings consist of five primary elements:
- Condition – “What is wrong?” or “What is different from what should be?”;
- Criteria – “What should be?”;
- Root Cause – The reason for the difference between “What is?” and “What should be?”;
- Effect – “What is the impact of this condition?”; and
- Recommendation – Specific action necessary to correct the reported condition.