Public Sector Auditing My Homework and Discussion Answers

8/10/2019 Public Sector Auditing My Homework and Discussion Answers

1/25


2/25

This means that the primary beneficiaries of the governmental entity are the public while theprimary beneficiaries of the private entity are its owner(s). Governmental sectors regulate theprivate sectors within its jurisdiction to make sure that certain standards are upheld for thewell-being of the public.

2. The balance sheet and income statement are powerful tools of accountability for the privatesector because they are operating for profit. The governments set goals and how they can besuccessfully reached are the governments powerful tools of accountability.

3. A private sector business will go out of business once it is not profitable. Once a governmentprogram outlives its usefulness, they are cancelled. Because of this, auditors serve severalpurposes in the accountability process, such as ensuring appropriate internal controls aresuccessfully in place, reporting to the public on activities of government managers, reporting toother levels of government on use of funds, and reporting on the results of operations andfinancial position of the government.

4. Private sectors do not have any particular geographic constraints or commitments likegovernmental sectors do. A private entity can relocate their business to a different state orcountry while bringing the assets, jobs, and revenue with them to the new site.

5. Private sectors usually operate with objectives that can be clearly measured in a model ofeconomic efficiency. The government sector cannot always do this because certain goals cannotalways be measured based on establishing one program or factor. However, the government hasan annual performance report review to see if the performance goals were or were not met andthe reasoning. Each year these results areas compared to the goals and the results from thethree previous years.

6. The private sector operates without the checks and balances of the government sector, but theSEC requires them to disclose financial and other information to the public to provide investors ofknowledge for making judgment on the risk of investment.

7. Government entities are lawfully required to conduct their business through open, transparentprocesses to ensure accountability to the citizens.

What is the meaning of independence from the perspective of the government auditor and

why is independence so important?

The key principle for government auditors is the principle of serving the public interestand honoring the public trust. For them to be successful in this, they must have independence.

Independence from the perspective of the government auditor is the ability to exercise objectiveand impartial judgment on all issues associated with conducting the audit and reporting on thework. Independence is important to auditors and audit organizations because withoutindependence, their options, findings, conclusions, judgments, and recommendations will all beimpartial and viewed in a negative light. Once a third party concludes that an auditor is not

independent, their audit would hold no merit. Auditors independence should last the period ofthe professional engagement.

An auditor, whether government or public, must be independent in all matters of auditwork. This would include independence of mind and appearance. Independence of mind wouldmean they would not let their personal feelings or opinions shape their judgment in the actions

they take to properly come to a conclusions in the auditing process. Meaning, the auditor wouldnot let their decisions in the audit be clouded by any preconceived ideas of individuals, groups,

organizations, or the role of the business. Independence of appearance would refer to a third partyhaving no reason or circumstances in which they would claim an audit organization to becompromised. This means that as the auditor, they would assess the professional qualifications

and independence of that specialist prior to use. For example, auditors would be threatening their


3/25

independence if they or a member of their audit team had a direct financial interest in the auditedentity. This would also apply in the case of using another auditors completed audit work, which is

related to the current audit objectives, to avoid duplication efforts. If a specialist is used during anaudit, they should be independent as well.

The auditor should not be afraid to report on the activities of the managers that they areauditing while making audit reports available to the public. If the report is not made available to

the public or the entity, there should be valid reasons for not doing so.Government auditors are paid by the government. Usually, they are independent from

management. They will chose the audit program, function, or activity and may not needmanagements approval to do the audit. Sometimes, government auditors may even havesubpoena power to force the managements compliance of the audit and may report it to the

public. With this independence, the government auditor can take an objective view and lay it all

out on the table.It is the responsibility of the audit organization to establish policies and procedures on

independence to warrant assurance that the audit organization and its employees are independentand comply with legal and ethical requirements. Also, these standards are put in place to help to

identify and evaluate any circumstances that would create threats to the independence. Byrecognizing these situations, the auditing company can either eliminate the treats or reduce them

by applying safeguards. If the threat is big enough, the auditing company may need to withdrawalfrom the audit entirely.

Professional judgment is key to auditors independence. Auditors must use their

professional judgment in applying conceptual framework to determine independence in certainsituations. This would include anything that would be a threat to the appearance of independence.In compliance with GAGS, the audit organization will need to have an external peer review

performed by reviewers independent of their organization while being reviewed at least onceevery 3 years.

Ch. 2

Why do we need auditing standards?Auditing standards have been known to be broad-based. They set the general tone and directionof the audit profession. Having audit quality is critical for financial markets to run smoothly. Auditstandards are important to establishing a stability in the audit market while balancing audit prices.In addition, audit standards also prevent audit quality from decreasing below a given point.Auditing standards are needed to provide a foundation and framework for performing audits thatwill help to improve operations and services. Having auditing standards as a foundation for thecredibility of auditorswork is important, especially in emphasizing how essential theindependence of the audit organization and its individual auditors is. In addition, auditingstandards foundation is needed to emphasize the importance of the exercise of professionaljudgment in the performance of work and the preparation of related reports; the competence ofstaff, and quality control assurance as well. These standards are also needed to ensure thatthe right route is taken in making the necessary decisions to help build a better future outcome forthe entity. According to the Yellowbook, auditing standards provide the foundation for auditors tolead by example in areas such as independence, transparency, accountability, and quality.Yellowbook also describes how the GAGAS encompasses requirements and guidance dealing

with ethics, independence, auditors professional judgments and competence, quality control,performance of the audit, and reporting.

As previously mentioned, the standards assist auditors in accurately obtaining andassessing evidence that is used to report valid results that can lead to changes which lead toimproving business operations. This is because the audit standards now encourage reporting onaccomplishments. Several organizations have developed their set of standards which are set bydifferent groups that apply to them, usually in accordance to their location. Overall, auditstandards are needed to provide a minimum guidance for auditors to use for determining theextent of audit steps and procedures that should be applied to reach the goal of the audit


4/25


5/25

objectives. For the entity to be able to meet such missions, goal, and objectives, they must havereasonable assurance in the management plans, methods, and procedures. Internal control

objectives could be relevant when coming to a conclusion of why a programs performance hasbeen unsatisfactory. For example, if a company did not comply with certain laws and regulations,they would be seen as having insufficient internal controls. In the past, it was unlikely thatmanagement would set performance related internal controls. It was not until the importance of

performance measures had been made that entities started to improve on these matters. The lastobjective is compliance with legal and other requirements. This objective relates tomanagements ability to abide by the requirements establish by laws, regulations, contracts,and/or grant agreements. These requirements can be either financial or nonfinancial. Since theobjectives are interrelated, compliance with a particular or regulatory requirement may lead to anincreased economy and help to produce a desired result.

Lastly, the Yellowbook adds another objective of performance audits as being important,the prospective analysis audit objective. While it is usually not classified as being one of the

broad objectives embraced by performance audit, I thought it should be mentioned. Prospectiveanalysis audit objectives relates to concluding information that is based on assumptions about

events that may occur in the future, along with possible actions that the entity may take inresponse to the future events. An example of this would include: providing conclusions based on

current and projected trends and future possible impact on government programs.

Ch. 3

Why is the Treadway Commission so important?The Treadway Commission, or the National Commission on Fraudulent Financial Reporting, wasformed in 1985 and funded by the AICPA, AAA, FEI, IIA, and NAA. It was used to study privatesector financial reporting in the U.S while trying to pinpoint the factors leading to fraud in financialreports and ways to reduce its frequency. In addition, the Treadway Commissions'recommendation focused on various components, such as: (1) the tone set by top management,(2) the internal accounting and audit functions, (3) the audit committee, (4) management andaudit committee reports, (5) the practice of seeking second opinions from independent publicaccountants, and (6) quarterly reporting. A major recommendation, that the Commission made,was that there would be cooperation in developing guidance on internal controls by the

organizations that funded them. Because of this recommendation, in 1985, the Committee ofSponsoring Organizations (COSO) of the Treadway Commission was formed; and, in 1992, theycreated the report called Internal Control-Integrated Framework. This report, also called theCOSO report, defined the elements of internal control and much so that it great impacted theaudit process. COSO defines internal control, in the report, as "a process developed bymanagement to provide reasonable assurance regarding the achievement of objectives in thefollowing areas: (1) effectiveness and efficiency of operations; (2) reliability of financial reporting;and (3) compliance with applicable laws and regulations." It also notes that there are fiveinterrelated components to having an effective internal control system and, at some point, theyshould all be reviewed in an audit. These five interrelated components are (a) the controlenvironment, (b) the assessment of risk, (c) the specific control activities, (d) the information andcommunication system, and (e) the system for monitoring performance. The influence that thisreport had on corporate governance and on internal auditing was immensely importance, but itwas not always effective like they hoped it would be. Most importantly, the Treadway Commissionis needed for its issuance of a framework for identify, assessing, and managing risks. In ourtextbook it states that their report, the COSO report, "provides a management framework, keyprinciples and concepts, a common language, and other direction and guidance to help managersand auditor better understand this topic." The Treadway Commission established a generalinternal control model that companies and organizations could use to assess their controlsystems.

From 1987-1997, COSO supported follow-up research that investigated fraudulent financialreporting. The COSO report pointed out that both upper management participation in the fraud


6/25

and the presence of a weak audit committee and board of directors are common factors infraudulent activities. This information made companies want to conduct studies as well. After I dida little research, I found that Ernst & Young issued a general international fraud study report in2000. It stated that 82 percent of employees committed frauds with management being involvedin one third of those. A 1999 COSO study also stated that fraudulent reporting is usuallycommitted by improperly recognizing revenues and improperly making valuations of assets. Forexample, Enron made misstatements of assets and liabilities by using special purpose entities tomake it where certain activities were not listed on their balance sheet. WorldCom capitalizedexpenses as assets improperly.

In 2013, an updated version of the report was created. This new framework reflects thetechnology and globalization better, but still uses the original five components as the foundationfor the updated version. However, they added seventeen specific principles that spread acrossthose five main components of internal controls. This is one of the most important additions; andthese articulated principles were added for an auditor to use for checking on the efficiency of theinternal controls. Overall, the Treadway Commission is so important because of the studies theyhave done in financial reporting while looking into factors that lead to fraud and fraud reductionmethods. The framework that they created was commonly used throughout for defining theelements of internal controls and identifying, assessing, and managing the risks involved.

Why are there limitations on internal control?Many people may view internal control as being able to ensure that an entity will not fail and willalways achieve its goals successfully. It is almost like they see it as a cure for all current andpotential business problems, but they are mistaken. There are limitations on internal control forvarious reasons, but, mainly because, there needs to be regular monitoring of the efficiency ofinternal control systems. By having these limitations, it shows that an internal control system isnot guaranteed. There are various elements that can factor into a delinquency on the competenceof the controls and this shows that no internal control system can provide absolute assurance. Itcan only provide reasonable assurance that management objectives will be achieved. Chapter 3of our reading states that "this assurance can be maintained if (a) management continuouslymonitors the effectiveness of the controls in place, taking into consideration the costs andbenefits associated with those controls and (b) auditors provide independent assessments thatthe control system is working". These limitations help to make certain that good internal controls

are in place and that things within the entity occur as they should. In addition, these limitationsalso make sure that public organizations are operated in the most economical and effective wayand in accordance to the highest ethical standards. To ensure this, many states legislatures andlocal governments enacted stricter conflict-of-interest laws, codes of ethics, mandatoryinformation disclosure acts for public employees, freedom-of-information statutes, andopen-meeting laws.

A level of confidence in financial information reported on the financial statements is provided byhaving internal controls. Internal controls restrict individual employee access to influencing thefigures or distorting the financial data. Internal controls are essential for accounting employeeswho work with the company's financial information on a regular basis. However, internal controlsare not surefire and that is why there are limits to internal control policies and procedures put intoeffect by companies. Additionally, human error, misunderstandings, fatigue and stress are all

examples of human error. These human errors and system omissions, lack oftraining/communication, lack of management support, resource constraints, or lack of systemflexibility play a major role in reasons why limitations are needed. For example, a breakdown ofinternal control systems could be the result of an employee not being knowledgeable aboutcertain aspects of their job. This could be minimized by having training when starting the job andfollow up training throughout time. Moreover, the cost of implementing a specific control shouldnot exceed the expected benefit of the control. An organization that produces dependablefinancial reporting and noticeably complies with the laws and regulations that apply to it are saidto have effective internal controls. Some limitation are inherent in all internal control systems, likejudgment, breakdowns, management override, and collusion. This means that failure could result


7/25

in even an effective system of internal controls. As previously states, reasonable assurance doesnot provide absolute assurance.

Describe why an internal control system can only provide reasonable assurance, rather than

absolute assurance, that an organization will achieve its objectives.No internal control system can provide absolute guarantee that there will be no material

misstatements; however, they can provide reasonable assurance. Absolute assurance is notachievable because of the nature of audit evidence and the characteristics of fraud. Thus, an audit

conducted in accordance with GAAS may not detect a material misstatement. Reasonableassurance is provided by having managers take certain steps by using common control techniquesto make sure that program objectives are achieved. Having reasonable internal controls also

provides management with the appropriate balance between risk of certain business tactics andthe level of control that is required to make sure those business needs are met. The book uses this

example: you cannot be absolutely sure, no matter how good your internal control system maybe, that all pilferage will be prevented. But you can be reasonably sure that large amounts ofpilferage will be either prevented or detected in a timely manner, provide you put in place a good

security system, check to see whether it works, and periodically compare the amounts that aresupposed to be on hand with the amounts actually on hand. Lastly, the cost of a control should

not exceed the benefit to be derived from it. There are various elements that can factor into adelinquencyon the capability of the controls and this shows that no internal control system canoffer absolute assurance. It can only deliver reasonable assurance that management objectives

will be achieved. Chapter 3 says that "this assurance can be maintained if (a) managementcontinuously monitors the effectiveness of the controls in place, taking into consideration the

costs and benefits associated with those controls and (b) auditors provide independentassessments that the control system is working". Cost/benefit realities, collusion amongemployees, judgment, breakdowns, management override, and external events beyond an

organizations control are just some of the reasonswhy internal control cannot provide reasonableassurance. These inherent limitations mean that failure could result in even an effective system ofinternal controls.In addition, the COSO report answers this question best.

Internal control is a process,effected by an entitys board of directors, management, andother personnel, designed to provide reasonable assuranceregarding the achievement ofobjectives relating to operations, reporting, and compliance. It also goes on to say thatthe term reasonable assurance rather than absolute assurance acknowledges thatlimitations exist in all systems of internal control, and that uncertainties and risks may

exist, which no one can confidently predict with precision. Absolute assurance is notpossible. Reasonable assurance does not imply that an entity will always achieve itsobjectives. Effective internal control increases the likelihood of an entity achieving itsobjectives. However, the likelihood of achievement is affected by limitations inherent inall internal control systems, such as human error and the uncertainty inherent in

judgment. Additionally, a system of internal control can be circumvented if peoplecollude. Further, if management is able to override controls, the entire system may fail. In

other words, even an effective system of internal control can experience a failure.

Ch. 4

How does the control environment affect your daily life?It is important to note that the control environment sets the tone of an organization and sets the

foundation for the other components of internal control. Furthermore, it provides structure andregulation within the company. Factors of the control environment are important to it influencingemployees every day life and setting the tone for the organization, such as integrity, ethicalvalues and competence of the entity's people; management's philosophy and operating style; theway management assigns authority and responsibility, and organizes and develops its people;


8/25

and the attention and direction provided by the board of directors." By having a good controlenvironment, managers send the message that internal controls apply to everyone in thebusiness and are also an essential part of operations. By having a weak control environment,there can be an overwhelming effect on the way other controls work and this all starts with thetone at the top and is followed by the employees ability to follow it. A negative tone (controlenvironment) set by a manager can be as small as when a manager takes various extendedcigarette breaks on the clock and his employees believing it was okay for them to do it as well.This may anger those employees who do not smoke and make them not perform work to theirfullest potential.

What is the significance of assessing risk in the internal control process?COSO says that every entity faces a variety of risks from external and internal sources that mustbe assessed. The likelihood that an incident will arise that negatively influences the ability toreach objectives is the definition of a risk. Risk assessment obligates an organization todetermine the prominent risks that are essential to reaching their goals and objectives first, andthen analyzing them. Objectives are identified by management within various divisions thatcorrespond to operations, reporting, and conformance of clearly recognizing and analyzing risksto the objectives. Before implementing any tactics to attain a certain objective, a manager mustthink about the variety of potential strategies and then assess the risks inherent in each. Every sooften, the manager ought to re-examine the risk and make revisions as conditions change. Both

the internal and external sources might cause risk to emerge and make internal controlineffective. Risk assessment and internal control work together because risk assessment impactsthe nature and degree of the controls and plans implemented to handle such risks.

A number of the governments actions are susceptible to considerable risk because thegovernment exists to protectthe health, safety, and welfare of its citizens. The method fordiscovering risks may vary. In addition, an update to the directory of risks may be made becauseof new policies that are presented or because of information that appears in audit reports oradditional agency reviews. Throughout the risk assessment process, the manager needs to focuson the probability that something will go wrong and the effect of it going wrong. If there is a highprobability for something to go wrong and there is a high chance for potential impact, then you willwant to dedicate more of your resources to that. If the likelihood is low and the impact isnegligible, the area warrants a relatively smaller share of resources. Risks and opportunities gohand-in-hand with each other and managers need to realize that. By not identifying opportunities

to improve operations, reaching a businesss objectives can be affected just as much as failing toidentify risks would. Lastly, not counting audits required by state regulations, activities that haveelevated levels of residual risk are usually chosen for audits.

The control environment is often described as "the tone at the top." Describe what that

phrase means, as well as its implications for establishing the scope of a performance audit.

(8/10 never discussed how the tone from the top effects the audit scope).

The Treadway Commission refers to the tone at the top as by saying:"The tone set by top managementthe corporate environment or culture within which

financial reporting occursis the most important factor contributing to the integrity of thefinancial reporting process. Notwithstanding an impressive set of written rules and procedures, ifthe tone set by management is lax, fraudulent financial reporting is more likely to occur."

The tone at the top is the idea, the approach, and the beliefs the board of directors exhibit

throughout the business. It is the most important element of the control environment. An examplemust be set by management because whatever tone they set will have a trickle-down effect on therest of the employees. The managements tone will usually effect if the employees will be more

inclined to uphold certain values or not. In addition, the company should have communicationthroughout it with reward to preferable performance. Management can take the necessary steps to

create and maintain a good ethical environment within the company by conveying to employeeswhat is expected of them, leading by example, providing a secure system for reporting


9/25

infractions, and providing incentives for integrity. This will encourage other employees to act inthe same manner of demonstrating honesty and integrity. Having a good tone at the top would

mean having consistency among statements, assertions and explanations of the management andits actions. By having these key elements, they form the pieces of the tone at the top. Some seethe tone at the top as a part of the internal control environment, while others see it as equal to theinternal control environment.The starting point of every audit or risk assessment is typically the

tone at the top.By having a good tone at the top, fraud can be prevented by a well-working internal

control system and can also have a positive influence on the financial results of a business.Therefore, it is necessary to include it in the audit scope. Businesses with an effective corporategovernance policy function better than those that do not. The tone at the top is almost invisible toan outside auditor. Because of this, an auditor would find it valuable to add a baseline, which

would be the tone at the tops starting point for improvement. Assurance of an ethical andsuccessful tone at the top is needed not only by the public, but also by their board, shareholders,

and investors. Because an internal auditor can offer independence and objectivity, they couldpotentially be asked to assess the reliability of the assurance that management provides.

Furthermore, it is key to scope what is critical to your business before giving assurance on it. Before developing on the core themes, this scope should start with them. For example, the central

theme for a financial services company could start with the ethics of the organization. The bestway to preserve an organizations good reputation is by having the right tone at the top.

Ch. 5

Why would an audit organization have an annual audit plan?An annual audit plan is critical for meeting the goals, objectives, and mission of the auditorganization and irreplaceable to keep the audit organizations financial house in order.Furthermore, it will ensure compliance with applicable laws and regulations. Through the annualaudit plan, it can assess efficiency, economy, effectiveness, and program accomplishments. Theannual audit plan is usually developed from an audit risk assessment. Hence, it helps to prevent,detect, and deter fraud and abuse while helping to determine the audit level of priority for a selectprogram or function. It is driven by risk assessment results and Internal Audit resources with theintention of addressing the highest risk areas given the resources available to the audit

department. The annual audit plan goal is to identify practical step change solutions that cancontribute towards maximizing the value that organizations can derive from their investments inmanaging risks.

An annual audit plan is created by managers because of the scarcity of resources. The scopeof an audit can be established with the help of the audit plan by pinpointing the program orfunction that needs to be audited. And the resources needed to do so. Annual audit planbenefits the organization through various ways. Such ways include (1) establishing whatagencies, programs, contracts or other areas will be highlighted for audits on an annual basis; (2)authorizing an effective allocation of limited audit resources; (3) specifying a flexible foundationfor managing audit employees; (4) projecting an estimated timetable for starting and finishingaudits for the year; (5) eliminating the possibility for overlapping audits within the audit divisionand with other audit organizations; (6) providing an recognizable basis for the role of the auditdivision and justification for procuring budgetary funds.

What are some benchmarks that can be used in determining program effectiveness?Please be specific.Benchmarks are used as a measurement for performance by using a specific indicator that willresult in a "metric of performance" that is then compared to others. Benchmarking would befurther explained as taking a measurement of internal processes against an external standard. Itis one of a manager's best tools for deciding whether the company is performing certain functionsand activities efficiently, whether its costs are parallel to those of competitors, and whether itsinternal activities and business processes need to be improved. By running a financial analysis,you would be able to make a comparison of the results in order to assess a firm's overall


10/25

competitiveness, efficiency and productivity. Some items that are used for comparison could be"how material are purchased, suppliers are paid, inventories are managed, employees aretrained, or payrolls are processed; how fast the company can get new products to market; at howthe quality control function is performed; at how customer orders are filled and shipped; and athow maintenance is performed." An example of a benchmark might be the act of simultaneouslyexamining similar operations at two or more entities thus giving an auditor the opportunity tocompare each of them and identify the best practices. The most common divisions to bemeasured in benchmarking are quality, time, and cost. Usually, companies will take benchmarkson with a view toward all of improvements that may be offered. I found such improvements orbenefits to include "reducing labor cost, streamlining the work flow through redesigned businessprocesses and common administrative systems, improving data center operations throughconsolidation and downsizing, cooperative business and information technology planning,implementing new technology, outsourcing some assignments and functions, redesigning thedevelopment and support processes, and restructuring and reorganizing the informationtechnology functions. "

After extensive research, I found that there are various types of benchmarks and they aredriven by motivating factors which involves different comparisons. For example, some of themajor types of benchmarks include metric benchmarks (uses reference points of quantitativemeasures for comparison), best-practice/process benchmarks (focuses on identifying outstandingtechniques), information technology (like data processing, systems analysis, programming,

end-user support, and networks), infrastructure benchmarks (networks and data/information),application benchmarks (system analysis, development and maintenance programming, andfunctionality), and strategy benchmarks (skills assessment, information technology strategy,business-technology alignment, and description of roles and responsibilities). Most often, provenbusiness best practice benchmarks will be used to accelerate the development of solutions andlink them to solutions to the overall business strategies. This well help to assure effective andefficient execution of the best-practice-based process for improvement. For instance, these wouldinclude process elimination, improved planning, and performance management. The chapterrefers to short-term and long-term targets and the performance of similar-type entities as beingpossible benchmarks that are used to evaluate the performance of an entity (performancemeasurement systems). Other types of benchmarking are to internally or administratively setstandards or to examine records for similar organization and set competitive standards. Anorganization can determine whether or not a program is meeting its objectives once a benchmark

has been set.In addition, there are many motivators that drive the various types of benchmarks like cost,

quality, competition, and goal setting (which are motivators for application and infrastructurebenchmarks). An advantage of benchmarking is that it facilitates the process of change, clearlylaying out the types of solutions external organizations have used and providing a globalperspective on how part of the company affects the whole. Furthermore, it helps to focus onimprovement in the areas that can make actual gains, which converts into added value to thecompany and also its employees.

Describe the purpose of making a preliminary survey. Discuss how making a preliminary

survey relates to the preparation of the audit program.

By making and doing a preliminary survey, you are planning the audit. Furthermore, your

purpose in doing so is for the preliminary survey to help assist the preparation of an audit

program. The audit program is "a statement of major audit objective and/or areas of auditconcentration, and major audit steps within each objective or major audit area." By doing a

preliminary survey, it allows you to get basically acquainted with the "entity's goals and

objectives, management control environment, control practices, reporting system, and riskassessment process". According to the Department of Internal Auditing at Georgia Tech'swebsite, typical steps taken during the preliminary survey of the area under review in order to

become familiar with the policies and procedures which may impact the area being audited are(1) gain understanding of existing procedures through observation, by discussions with staff, or

review of documentation; (2) identify existing internal and accounting controls applicable to the


11/25

area being audited; (3) establish the scope of the audit based on information obtained and riskassessment; (4) review applicable policies and/or procedures; and (5) prepare an audit program

which outlines the nature and the extent of audit tests that will be performed.Whether the entity, program, or function has been audited before will partially determine

the scope of the preliminary survey. If there had been a previous audit then the auditor shouldreview the permanent file and devote the preliminary survey to making updates to the permanent

file. The preliminary survey will reveal the changes in entity policies and practices which iswhere updates to the permanent file will need to be made. In addition, the auditor will also needto assess whether there has been a change in key personnel and, if so, decide whether the changehas affected the control environment.

The preliminary survey will also include getting familiar with the entity's basic policiesand controls. A key purpose of audit is to verify that the stated control or system element does

actually exist and is working the way it should. Before doing so, you should already have a goodunderstanding of the entity's mission, goals, and objectives, which will help you focus on what to

expect in that part of the preliminary survey (like possible risk). The chapter states that to plan aperformance audit, you must: "(a) understand the missions, objectives, and goals of the agency,

program, or function being audited; (b) assess the risk of ineffective or inefficient performance;and (c) prepare audit program that helps you reach conclusions about the entity's performance."

Before any of this is done, a preliminary survey has to be done first. The preliminary survey isused to help you reach some possible conclusions about the entity's control environment and itsother internal controls. However, these conclusions will not be your final conclusions . Additional

work will need to be done like gathering evidence.The section of the preliminary survey that involves getting familiar with basic policies

and controls has a purpose of helping you make a preliminary assessment of risk so that the major

areas of audit emphasis can be selected. Although this is not a major part of the preliminarysurvey, since detailed audit programs can be prepared while working in the individual selected

audit areas, the policies and controls that are risky should be extensively reviewed andquestioned. In addition, a brief "walk-through" of the entity's facilities (observing the employees,their general attitude, security measures, and the nature of facilities) should be included in the

preliminary survey to help in preparing the audit program. The auditor should also meet

important managerial personnel to get a acquainted with the entity's control systems and get ageneral understanding of those controls. Getting copies of important control system relateddocuments, like policy manuals and managerial reports, will help you plan the audit steps. At thisstage the goal should be to know a vast array of information about "the entity's goals and

objectives, the control environment, the major strategies and controls, and the monitoring systemin order to select areas for audit concentration."

Once the preliminary survey is complete, the auditor would be ready to complete the restof the steps in the annual audit such as assessing audit risk, establish the major audit objectives,listing the major audit areas, and estimating the amount of time to spend in satisfying major

objectives and performing each major audit area. Because of the preliminary survey, you maydecide to devote limited effort to a particular area when preparing the audit and in the gathering

data stage of the audit.

As listed above, in the preliminary survey, the internal auditor becomes acquainted withthe auditee to help in deciding how much reliance can be placed on the internal control systems.By doing so, it allows the auditor to initially determine whether to extend or limit audit tests. Inclose, the preparation of the audit program is the next step after completing the preliminary

survey, in order to determine the extent of audit tests to be performed during fieldwork.

Ch. 6

Why should the audit report be in writing?Audit reports should be written for the purpose of: 1. communicating the results of audits to


12/25

officials at various levels of government, 2. making the results less susceptible tomisunderstanding, 3. making the results available for public inspection where applicable, and 4.facilitating follow-up to determine whether appropriate corrective actions have been taken. Inaddition, GAS and the Standards for the Professional Practice of Internal Auditing requires awritten report of the audit results. By having the written reports, it can help ensure publicaccountability and an auditor will know that all the elements that are needed/required to be in theaudit report are included. The audit report will set out the findings in an appropriate form that iseasy to understand and free from vagueness or ambiguity. Information should only be includedthat is supported by competent and relevant audit evidence (independent, objective, fair andconstructive). By having recommendations written, it is easier for the entity to look back to seehow they should take action and where the actions recommended are appropriate. If an auditreport is not done in writing the next best thing would be to have an oral report with writtendocumentation and the worst option, rather than not report at all, would be to have only an oralreport. The possibility of human error and misinterpretation are subject to any oral report. Inconclusion, the audit reports in writing are overall the most competent because they are morereliable than any oral representation.------- Oral presentation can be video tapes, making itposition to distribute and documented for future reference. Just as you will need a good writerfrom present a good audit report an astute and eloquent speaker can deliver an oral audit report.The only issue with that is, it will not need the requirement of Government Auditing Standard aswell as Standard for Professional Practice of Internal Auditors. With the oral presentation

wouldn't we miss out on some of the feedback of the people not able to make it. I think it isimportant for everyone to hear the information and respond in the closing conference. I havehad some experience with receiving and responding to draft reports. Sometimes we get acouple of drafts before the final version. Sometimes several agencies have to respond to anaudit so it can take 6 months or more after an audit to get through all the drafts iterations and getto the final.Oral reports should serve to supplement written reports - versus take there place. Oralreports could be used to introduce a report and its' findings or it could be used to addressemergency issues. In addition, an oral report could be also transcribed into meeting notes insteadof being video recorded. Although with meeting notes you face misinterpretations ormisunderstandings.

What type of tone should an audit report have?In the chapter, it is said that evidence must be presented in an unbiased manner (objective) so

report users can be persuaded by the facts. The report should be fair and not misleading; resultsshould be placed in the proper perspective. The tone should be such as to encouragedecision-makers to act on the findings and recommendations. The GAS says the report shouldbe balanced with what you say and how you say it, or with content and tone. The tone of an auditreport is very tricky. It can easily make or break how the audience/management reacts to it. Inaddition, being unbiased is very hard if there is error/risk due to management performance.Finding the right tone for a situation of that matter is hard because you do not want to come offtoo lenient or too tough. A high quality audit report would bring about both clarity for the auditcommittee members and nuance for the auditee. The overall best route to take would be one that1. says what you have to say, 2. is written clearly, concisely and understandably, 3. is concludedsensibly, 4. involves the auditees in validation and recommendation, and 4. drops information thatis irrelevant. By doing each of these, the audit report will be shorter, lighter, concise, and moreappreciated by the audience.

Why are management comments of the audit findings included in the audit report?By having management comments of the audit findings included in the audit report, the

auditor is ensuring that a report is fair, complete, and objective. Managements input is alsoimportant to show that recommendations are reasonable and free of any errors ormisrepresentations. By doing so, the report is not only showing the auditors opinions and views,

but also the opinions and views of those responsible for making the future changes for the entity(management). Management is usually asked to not only comment on the audit findings but alsoon conclusions and recommendations and tell what corrective actions they plan to take. If


13/25

management decides not to implement corrective actions suggested in the recommendations, theyshould otherwise describe the alternative steps they will take to address the issues that led to the

audit findings. In addition to this, management should include an estimate of the date for whenthe corrective action will be complete. The auditor should review that the time frame forcorrective action is reasonable. In addition, there are chance that management may have opposingcomments to the reports findings. In this situation, an auditor may agree and then modify the

report accordingly; or the auditor may believe the comments are not valid and then the auditorwould state the reasons for the disagreement in a fair and objective manner.

Ch. 7 & 8

Describe the basic objectives of a good inventory management system, covering both

availability of inventory and physical accountability for inventory.

Maintaining good inventory management principles/procedures will ensure the

efficiency and timely deliver of high quality inventory data. There must be controls in place to

obtain an appropriated justification for items in inventory which must be documented. The two

basic objectives of inventory management are supply control and inventory control. Supply

control covers the availability of inventory to meet anticipated program needs. Inventory

control covers accountability for items received and various other aspects of physical

accountability. These functions require effective operating-type and sage guarding controls.

The chapter states that to determine the best way to evaluate whether the basic

objectives are being achieved you must ask these questions:

a. Supply control: for program effectiveness, "(1) are supplies available when

needed?"; and for efficiency, "(2) are supplies stocked in quantitative greatly

beyond immediate need, needlessly increasing inventory carrying costs and risks

of obsolesces? To make sure supply controls are effective, you must analyze

records for specific items of stock while showing quantities available in relation

to past and projected future use. The main objective of inventory management

is to maintain inventory at appropriate level to avoid excessive or shortage of

inventory because both the cases are undesirable for business. Therefore,

having effective supply control ensures that sufficient quantities of supplies and

materials will be on hand to meet program needs while also not having the

stock being high and carrying unnecessary inventory carrying costs. By keeping

the right amount of inventory on hand you are ensuring availability of supplies

and materials at the lowest possible carrying costs. To have a good inventory

management system, you must know when to order and how much to order.

b. Inventory control: "Is everything that is supposed to be in inventory actually

on hand and in condition suitable for use? Inventory shortages could result from

weakness in security, record-keeping, or storage procedures." To make sure

inventory controls are effective, you must physically count the stock and

physically observe security this ensures that quantities received are accurately

recorded, accounted for until used, stored in an accessible manner, and kept

sage from loss due to theft, damage, and deterioration. To have an effective

inventory control, you must have cost-effective receiving, storing, and

accounting systems with periodic physical counts of inventories, comparison of


14/25

those counts with perpetual inventory records, and tracking down the causes of

disparities between the two.

Without good inventory management controls, program performance can be

undermined and result in extensive loss from poor controls over the acquisition and storage of

inventory. A good inventory management system would keep investment in inventory at

optimum level; reduce the losses of theft, obsolesces and wastage, etc.; and make arrangement

for sale of slow moving items. Some additional idea for a good inventory management system

would be having well organized location names; location labels that are easy to read; unique,

short, and unmistakable item numbers; units of measure; a good starting point; software that

tracks all inventory activity; good policies; and employees who know and follow the good

policies.

Describe the major risks of loss (either from direct loss or from the failure to earn revenues)

inherent in the management of accounts receivable, cash, and investments.

"Weak procedures and lack of discipline can cause inordinate delays in converting

accounts receivable into a form of investment. And the honest but unwary employee can easily

cause the loss of huge amounts of funds by making foolish investments." Furthermore, to

prevent delays in converting accounts receivable into a form of investment or cash, procedures

and controls can be developed to ensure that. The procedures and controls can consist of

"accurate bills being sent out timely to all persons who are supposed to be billed; accountability

maintained over all outstanding receivable until the cash is collected or appropriate authority is

received to reduce or write off the receivable; follow-up for non-payment is prompt and

effective; and payment remittances are deposited promptly."

Because cash has a value as a medium of exchange and a time value, the government

can lose money by it being stolen or by the delays in investing cash. To prevent future lost, the

government would use cost/beneficial safeguarding-type controls to provide reasonable

assurance against loss due to theft and would use operating-type controls to help the

investment manager earn interest on cash by maximizing the amount of cash available for

investment. Because an auditor could be embarrassed by the failure to detect theft of cash, they

should be concerned with both administrative controls regarding forecasting and timely deposit

of cash and safeguarding controls designed to prevent theft or to detect it quickly. Effective cash

forecasting and certain investment techniques would bring about a balance between the two. In

cash forecasting, serious loss can happen if you are investing for period beyond the point that

cash is needed.

For investments, they all will involve a risk to some degree and whatever the investment

yields will directly relate to the assumed risk. Managers sometimes think that investment gains

are a tempting alternative to raising governmental revenues through taxation, but they do not

realized that the potential for loss through risky investment ventures is just as great as the

potential for gain. In addition, deposits are subject to credit risk and U.S. Treasuries and

corporate equities are subject to market risks. The objectives of investment management are (1)

"controlling risk-assessing how much risk to take in a given situation and knowing the degree of

risk inherent in each potential type of investment" and (2) "to ensure that investment practices

entail the exercise of prudence and due professional care." The chapter gives the various types


15/25

of risks that might result in unwarranted loss such as:

"Market risk relates to uncertainty surrounding an investment's ability to maintain its

market value during the period the investment is held. Market risk can be affected by

many factors such as the type of security held and the length of the period for which it is

held.

Credit risk is the risk that the other party to the investment transaction might not fulfill

its contractual obligations. Credit risk can be reduced by various means such as

obtaining collateral and having the collateral held by the investor's agent.

Liquidity risk is the risk that the investment cannot be sold timely at a fair price to meet

the investor's operational needs. Investing in long-term debt securities when cash is

needed in the short term may increase the yield, but expose the investor to losses if

rising interest rates cause prices to decline just when the cash is needed.

Operational risk is the risk of loss resulting from weak internal controls, human error,

or management failure. The failure of management to assess the other risks related to

investments and the lack of investment oversight are common causes of major

investment losses."

Ch. 9Discuss the basic procurement objectives and possible sub-objectives in a centralizedpurchasing system that the procurement manager might establish at a local schooldistrict.The best way to describe the basic objectives or goals in any procurement is to say that yourobjective or goal is to obtain the right product, in the right quantity, at the right time, from the rightsource, at the right price. However, what is right is determined on the entity and itscircumstances.

Right product: This would mean that the product is meeting the reasonable (not wanted)needs of the user or the consumer in terms of functionality and quality. A sub-objective in thecentralized purchasing system for the local school district may be that they have a ranked list ofalternative items choices for each product needed. The type of product needed would be put in

order to what is most reasonable and the most reasonable choice would be picked to purchasewhen available. Let's take the book's example of bulbs for instance. LED bulbs may be the bestoption, but CFL bulbs are just as sufficient because they are cheaper and last long.

Right quantity: This would mean that the amount of supply items or services being boughttake into consideration such factors as procurement administrative time and delivery time,storage costs, alternative uses of funds, ordering costs, and vendor discounts for quantitypurchases. A sub-objective in the centralized purchasing system for the local school district maybe to create a ranking system that describes storage ability. For example, milk needs to beordered for childrens lunches and so does pencils for the faculty. Milk expires quickly and mustbe refrigerated so you may not order as much inventory as pencils because pencils do not expire.In addition, pencils can be stores easier because of their size.

Right time: This would mean that the delivery of the supply item is done in sufficient time sothe service that it is needed for will not be disrupted or that the service procured will be providedin sufficient time so that time deadlines will be met. A sub-objective in the centralized purchasing

system for the local school district may be to create a system that is used to determine when toorder certain items based on existing inventory. When an inventory comes below a certain point,the system would alert you that it is time to order more products. For example, a teacher mayneed to get a product from the supply closet, but first, she must put into a computer basedprogram that she is taking out however many of that product. Then she would get a printed slip toactually get the product from the closet. That way there is a way to easily keep up with whatinventory exist. In addition, taking inventory on a regular basis is important to know when it is theright time to order. Some products may need to be inventories more often than others.

Right source: This would mean that the vendor selected to provide the item of supply or


16/25


17/25

likely to be obtained. In addition, did the request for proposals generate a reasonable number ofproposals from qualified contractors? How many proposals were received and what amountswere proposed?

C. Choosing Bid: The process for choosing the bid was best for selecting the best and mostresponsible bid/bidder and the contract was awarded to the best bidder/bid. If not, there shouldbe a very reasonable cause given for choosing otherwise.

D. Bid Reconciliation: This would compare the bid to the final contract to ensure that it sayswhat was promised in the contract. This would be the first step in getting what was promised tothe delivery stage. If this is not the case, this may lead to uncovering fraud or contract changes.The fundamental promises shall remain intact or there may be a deficiency within the biddingprocess.

E. Contract Compliance: This would ensure that all key contract objectives are met. First, allcontractual terms should be highlighted including identifying the risk that the contract poses.Then, audits steps should be define that will ensure the contract is running like it should. Forexample, auditing for IT standards, auditing payments, or auditing for trade/volume discounts.The procurement department and management should be asked if they thought any fraud wasinvolved in the process. Furthermore, did the procedures for evaluating the contract appear to

result in an honest evaluation and in the award of the contract to the entity that made the mostadvantageous proposal to the government agency, considering quality of service as well asprice?

F. Award: There should be a policy in which a contract may be awarded when only one bid isreceived that is reliable. A policy of not awarding a contract on which a single bid is receivedencourages the submission of complementary bids. There should be a a file of completed bidresponses and notification of the award.

Discuss why preparing complete and unambiguous specifications is important in procuring

the construction of a governmental office building. (9/10)The nature and quality of the specification can notably influence the price paid, the degree to

which competition is achieved, and the capability to hold the contractor liable for performance. It is

important in procuring the construction because problems in the specification process can createconstruction delays and large cost overruns. In addition, there can be delays in completing contracts,

disputes over intent, lack of contractor accountability, and other administrative headaches. By failing to

detect corruption in a timely manner, it can result in paying for undelivered supplies. Failure to select the

right source may jeopardize achievement of an agency mission. Also, it is important for buyers to state

the specifications clearly in the contract and to have sufficient inspection procedures to guarantee receipt of

products or services of the quality ordered. All of this would hold supplier and contractors accountable.

Furthermore, having a standardization of specification could result in major cost savings. If they are

obligated to buy the same type of item, where appropriate, there would be no unnecessary ordering cost or

the increased prices that are due to the failure and inability to acquire vendor discounts for quantity

purchases. When using the IFB, detailed written specifications are needed to ensure that all contractors are

bidding on the same item. For construction contracts, using specifications that are complete and accurate

before the contract is awarded is the best way to avoid change orders.

Some risks involved in the specification phase of the procurement phase are as follows:

1. Failure to full express requirement or failure to freeze design. This problem, which may occur in

construction and in systems installation contracts, expose the entity to delivery delays and change orders.

Change order can be costly because price changes are negotiated under conditions that place the buyer in a

weak bargaining position.

2. Failure to standardize requirements among users of similar-type products within the entity, resulting in

excessive procurement administration costs and higher prices; also, establishing requirements for a higher

level of quality than actually needed to do the job.

3. Establishing specifications or conditions that factor a particular supplier or contractor, thereby


18/25

weakening competition and probably increasing prices.

To avoid problems in preparing specifications before soliciting proposals to perform contracts,

these controls and strategies are some examples of what should be used: Research value analysis and

standardization, planning and coordination, freezing requirements before solicitation, writing

specifications in a way that enhances competition and reduces cost.

Ch. 10

Why should accurate records be required at the State Department of Transportation for themaintenance and repair of state-owned vehicles?By having an effective control over the scheduling of maintenance projects, management will beable to notice forthcoming problems. With accurate records, the records and reports can provideevidence that can be analyzed to see where the maintenance problems arise from. In addition torecording specific maintenance and repair projects, they should be evaluated and prioritized aswell. By having maintenance priorities within an entity, it calls for considering public safety, abilityto provide desired service level, the potential for further damage if the situation causing the needfor a repair project is not promptly fixed, and other matters. State-owned vehicles require routinepreventive maintenance and these details, along with repairs, should be kept in detailed assetmaintenance and repair histories records. These records should show acquisition date, nature ofmanufacturer warranty, date, type, and cost of repair activity. These records serve managerial

control purposes such as: 1. By keeping track of dates, they help sche dule preventivemaintenance; 2. By keeping track of age, costs and type of repair, they aid in determiningwhether it is time to replace assets rather than to keep repairing them; 3. By showing type offrequency of repair, they help determine whether supplier warranties about assets and theircomponents should be enforced; and 4. By showing type and cost of maintenance and repaircosts, they help call attention to possible maintenance inefficiencies. When referring tomaintenance accounting and reporting, the chapter states that agencies should report regularlyon the condition of the state-owned vehicles to management and to the public. Agencies shouldalso estimate the cost of need maintenance by establishing asset condition standards anddetermining costs to return the assets to acceptable condition based on the standards. Theyshould report the performance implications - the risks to safety and likely economic losses - of notdoing necessary maintenance. Lastly, by using their reporting system that c overs the efficiencyand effectiveness of capital asset maintenance, management will use these records to respond

promptly to emerging problems. Having a good performance measurement system is key toproviding the basis for much of managements reporting needs. In addition, these reports will helpprovide information in the event of future audits.

Describe the objectives of an audit of the effectiveness of the city's pothole repair programand what steps would you take to accomplish those objectives. The first objective would be to determine if the city has used all reasonable means to identifypotholes. The next objective would be to see if street repair crews repair potholes in the mosteffective and efficient manner. The third objective would be to see if street repair crews aredeployed in the most efficient and effective manner. The last objective would be to determinewhether traveling crews provide the City with the most efficient use of resources to fill potholes. Iwould identify the best practiced used by other pothole repair programs. To achieve the auditobjectives, I would interview management and observe operations through ride-alongs and

auditor observations. You could even perform a mileage analysis by reviewing a sample of thedaily routes. Next, I would conduct interviews with departmental personnel and examine andanalyze the management information system reports and records from the maintenance andrepair areas in addition to seeing if the program had a set of guidelines related to timeliness forthe repairs and review it. A record I would request would be the number of potholes that werereported and repaired segregated by month within the fiscal year. To determine their timeliness inrepairing the potholes, I would review a random weeksworth of reported potholes for threedifferent months and check for maintenance backlogs. In addition to these, I would survey severalcities regarding street repair process and equipment used and review the citys street servicesdepartments (that does the pothole repair program) most recent performance audit report.


19/25

You are assigned to audit the effectiveness of the vehicle maintenance division of the

sanitation department of a large city. Without describing the specific audit steps, discuss the

major matters that you would cover in such an audit.My major matter in the audit would be to decide if services should continue to be

provided in house versus contracting with vehicle maintenance facilities in the private sector. In

addition to this, I would look into what the financial feasibility of contracting with the privatesector for the Citys sanitation department vehicle maintenance needs are. The sanitation vehicles

are very big and there is a lot that could go wrong. Someone may need to be more specialized towork on such vehicles. A question I would ask is are private contractors available that arequalified to work on specialized equipment such as the sanitation department vehicles? I would

gather a list of pros and cons and basic financial analysis of contracting out service delivery. Inaddition, I would look into the use of technology and equipment to see if the proper and/or

adequate equipment and software is being used for tracking and performing maintenance onvehicles and for keeping up with vehicle maintenance history. Some goals and initiatives I wouldhave for the vehicle maintenance division would be to improve the effectiveness and performanceof vehicle maintenance, increase the mean distance between vehicle failures, upgrade inventoryand maintenance systems to enhance the preventative maintenance accuracy, improve the

response time for road service calls, add more standards that will ensure that preventativemaintenance inspections and repairs are done in a timely manner, and make sure there are safety

inspections done to review the work of the vehicle maintenance division of the sanitationdepartment. Another concern would be to check if there is a plan in place formaintenance/operations in the event that there is bad weather like snow or ice. Lastly, if there is

establishment of fleet assignment and retention policies, then a study should be conducted withthe intent to reduce the sanitation vehicle fleet size.

Ch. 11

Describe the basic goals and objectives of a program that calls for the city to annuallyinspect all elevators in commercial buildings.The chapter says that goals, objectives and strategies of inspection programs might beexpressed in narrative or in quantitative terms in various documents. They may be expressed in

legislation, in legislative findings or executive department proposals for legislation, in executivebudgets proposing appropriations for a particular year, in agency requests for appropriations, orin departmental regulations or action plans. For annual commercial building elevator inspectionsdone by the city, there are various basic goals and objectives for doing so. For example,improving the safety of the riding public on the elevators and promoting their safety, checking theelevators technology for possible needed upgrades, keeping the environment safe and healthyfor employees, ensuring all required tests are performed by qualified persons, making sure theelevators are maintained in accordance with safety codes, other codes, laws, and rules are someof the basic goals and objectives used here. They should have a main goal of making sure anyproblems with the elevators are found and fixed before they are up and running again becausethe citizens safety are at risk. There should also be an established system that identifies andtracks elevators in the city to make sure they are safe to ride and that they have been inspectedwith successful results. If inspections are failed, internal controls must provide procedures for the

city to enforce the code by establishing methods of recourse for dealing with instances ofnon-compliance. Records of inspections must be maintained and the inspection certificatesshould be on display at all times in elevators so everyone knows they are up to date and safe toride. There should be policies and procedures that show the criteria for getting the elevatorlicensed, rules for a passing the inspection and for failure to make corrective action based onviolation, and methods for file complaints or accidents. The book states that long-term goalsregarding inspection activities may be stated specifically in legislation or may be deducted fromthe broad missions assigned by an agency. Annual performance objectives should be developedas a result of the budget process. It should cover, to the extent feasible, both outcomes and


20/25

outputs, and stated in quantified terms. An example of this would be a building code of the cityrequiring the inspection of elevators. Program managers should establish specific goals at thebeginning of the year, track performance during the year, and seek to explain and act ondeviations for the goals. To successfully manage for results, they should be concerned with theperformance of the inspection staff in qualitatively and quantitatively for achieving the inspectionssaid goals and objectives. Control system and operating strategies should be in place for the useof meeting the goals and objectives of the inspection programs and to deal with the risks that maybe involved. The list of these controls and strategies are listed and discussed in detail starting onpage 265. -----these inspections must include elevators that warrant condemnation, and anadditional objective might include elevator replacement initiations. If an elevator requirescondemnation, the inspection agency has a case that might take longer to close, and require adifferent approach to follow up. Thank you and have a nice weekend.

A county consumer affairs agency is responsible for inspecting scales at retail grocerystores, as well as weights shown on store-packaged meats , poultry, and fish. You areassigned to see if the agency's system for enforcing the results of its inspections iseffective. Describe elements of a good inspection enforcement system.Without enforcement of the inspection, the inspection itself can be useless. One of the variousways inspection programs can be enforced are sending violation notices out promptly afterinspection with required responses and specific deadline dates for the corrective action. In

addition, other ways for enforcement include levying sufficiently severe fines and other penaltiesin accordance to specific violations (accounting controls needed here for guaranteed collection),re-inspecting, and publicity. The codes should be relevant and the response time to complaintsshould be quick and sufficient.

Here are some of the various ways that I would check to make sure that the inspectionenforcement system is working well. I would first make sure the previously mentionedenforcements were in place by checking inspection logs. This could be used to not only check forcorrective actions of violations, but also to make sure that the fine and penalty given were/aresufficient enough for the violation. Codes should also be checked for sufficiency and to see if theyneed to be updated. By checking the annual caseload for enforcements, you can see how longeach case took to resolve. For cases that were the result of a complaint, several residents whofiled the complaints should be contacted to be surveyed on whether their complaints were

resolved in a timely manner, whether their complaints were resolved in general, and if theyactually received feedback on their complaints. In addition to this, staff members that are a part ofthe enforcements should be interviewed. This analysis of information would be used to identifyoptions for performance improvements. Lastly, a good idea would also be to perform abenchmarking analysis with other cities and examine proactive programs in those cities.

The mayor of a large city asks the city auditor to make a performance audit of an agency

responsible for inspecting the sanitary conditions of all restaurants to make certain that the

unit is "operating efficiently." Describe three specific audit steps that the auditor might

plan to comply with the mayor's request. (9/10)

First, a review of the files, policies, and procedures for the restaurant and theirinspections would be very helpful. Relevant internal controls and audit procedures should be

reviewed, such as identifying relevant laws and regulations for the state and sanitary codes(which are needed for this audit to be successful). This would help to assess the inspection

program areas and competencies that may not be observable at the actual restaurant. An exampleof this would be having documents of long-term corrective operation that would be hard to assesswithout this review. A sample of inspector activity reports should be checked for being accurateand up-to-date. These should include ones that resulted in serious violations as well. As an

auditor, having a ride-along or shadowing a field inspection of the agency would be the next auditstep to be taken. A joint inspection (acting as if the auditor was not there) would help in the


21/25

understanding of the agencys approach to the inspection and help to reduce the riskof havinginaccurate conclusions about their actions. Having a series of field-check several times in the

audit, including inspections that are reported as recently completed, is a good addition to this step.This way, the auditor can trace the results of the inspections they made to the ones reported by theagency inspectors activity reports. By doing so, the reliability of data can be assessed. The thirdaudit step to be performed would be to check into the enforcement process for corrective actions.

If the inspection fails, they should be punished accordingly. Such enforcements would bepromptly sending out violation notices with required responses and deadlines, levying sufficientsevere fines and penalties according to the specific violation, re-inspections should be done tomake sure these are corrected, and having such publicity enforcements like inspection results

being fully disclosed to the public. For this audit step, complaints by customers should also bechecked into and made sure the customers were happy with the enforcement process. In addition,

having a benchmarking analysis with other inspection agencies would aid in this step.

Ch. 12

Of all the programs described in Chapter 12 what would be the most difficult to audit andwhy?I agree with the others who said the Homeless Housing and Assistance Program (HHAP) would

be the most difficult to audit. As the book states, HAAP "authorizes grants to not-for-profitcorporations, charitable institutions, and local governments to acquire, construct or rehabilitatehousing for the homeless state residents." This four phase program is very in depth and wouldtake an extreme effort and huge amount of time to audit. These phases include 1. ProjectApplication and Evaluation; 2. Project Development; 3. Project Construction; and 4. ProjectOperation. Each phase has various steps within the phases as well. When an auditor begins theauditing process, they should evaluate each phase in relation to goals, risks, and controls of theprograms. For project application and evaluation, you would need to assess and fulfill programneeds, seek project applicants, and evaluate and select project applicants. When auditing theseeking and selecting the project applicants, you would need to look into whether the peoplewere literally homeless with no alternative housing options. For the Project Development andConstruction phases, an auditor would monitor progress in the phases (This "could include siteacquisition, zoning and planning board approvals, construction design and cost estimation andobtaining and evaluating competitive bids. Delays in any of these phases could delay construction

and achievement of the basic program goal.)" and monitor construction contractor performance.Lastly, for the project operation phase, an auditor would monitor for contract compliance, evaluateproject sponsor reporting, coordinate with other agencies, perform site visits, and evaluateperformance measurements. This would include making sure there are procedures implementedthe verify that the project sponsors remain financially viable for the 20-30 year period that theyare required to maintain this type of program. The project should continue to serve the targetpopulation group while the population that is served should continue to receive appropriatesupport services. In addition, thie property should continue to be well maintained and meet safetystandards. As mentioned above, project sponsors must operate the program for 20 to 30 yearsafter completing construction or rehabilitation (the construction could take several years by itselfwith a risk of a more lengthy process in the construction phase with zoning issues, permits, andweather delays). During this time, they should provide needed social service for the tenants.During an audit, you would normally like to interview the staff, but, with this project lasting 20-30

years, the staff will/can change multiple times. This would add to the difficulty of the audit processas well. In addition, as for any of these programs in Chapter 12, there are various risks involved.

Why is a strong internal control system necessary for social services and healthprograms?The Social Services and Health programs use public funds/monies; therefore, strong internalcontrols are essential for them. By having these strong internal controls, they help to preventfraud and misuse of funds while ensuring the programs are effective and efficient. The programsare usually always considered high risk. In addition, they play an important role in the integrityand accuracy of financial reports. By having strict controls, it also helps non-profits reach an


22/25

acceptable ratio between expenditures for program activities and allocations for program support.(delete almost always considered high risk).

You are assigned to audit the state agency responsible for overseeing juvenile delinquency

prevention programs. The state finances programs in each of its 20 counties. All counties

are required to have an intensive counseling program directed as high-school aged youths

considered to be at "high risk" and a recreation program directed at the general youthpopulation.

Required: You are a state auditor assigned to audit the efficiency and effectiveness of the

program. You plan to visit the state agency and a sample of the counties. Describe four

controls or strategies you would expect the state to institute as part of its oversight process.

As an auditor, I would expect there to be various controls in place, but some more than

others. First, I would expect there to be a requirement for the counties to submit their programplans for the year to the oversight agency. Programs should be planned based on research and riskassessment. Having written plan will ensure that the county programs are complying with

requirements. These program plans would include a list of the types of juvenile delinquencyprevention programs that the county needs and how they plan on meeting that need. These plans

should be reviewed and approved by the oversight agency. When approving or denying theseplans, the oversight agency should take into consideration which counties and programs aresuccessful and unsuccessful and the reasons for their success or failure. Next, the oversight

agency should have a certain basis they follow that makes funds available to the counties in lightof programs needs. The control should be in place to ensure that available funds are used in a

cost-effective manner. In addition to this monitoring of funds, contract awards and terms shouldbe researched for effectiveness and fairness. There should be consistency between plans andcontract awards. By having monitoring of the fund, this would help to decrease the risk for the

potential for siphoning off large amounts of funds into administrative costs, rather than programservices. The third control or strategy would be to analyze and gather data to evaluate programoutcomes and have a system to monitor accomplishments. The accomplishments of the individual

programs should be monitored as well as the individual program providers. Reasons for success

or failure should be determined too with these finding for each county reported to the state. Thereshould be collaborative program efforts that draws on public, private, and volunteer resources.When monitoring the service providers, there should be reporting requirements in place. Ifservice providers did not fulfill their reporting requirements, the counties should follow up anddetermine the reasons for success or failure. The effectiveness of the individual service provider

should be assessed against the contract costs. Lastly, there should be an effective reward systemfor those counties who have effective performance and then violation procedures for those whoare unsuccessful and break requirements or commit fraud as well. For example, closing a centerwhen its operation is no longer justified and transferring its State funds appropriated to fundcommunity-based programs or other juvenile delinquency prevention programs. The book states

that the key for success lies in strong, pro-active management that closely plans, monitors, andassess program performance, develops a way to reward effective performance, ferrets out the

stronger from the weaker programs and providers, and shares information among counties andservice providers. This statement sums up the best controls and strategies that I, as an auditor,would expect the state to instate as part of its oversight process.

Ch. 13

What audit steps would you perform to verify the attendance and dropout rate? As the chapter states, an analysis at the three levels of the state oversight agency, a sample ofthe school districts, and a sample of individual schools within the sampled school district must bedone in performing an audit on the attendance and dropout rates program. In addition, therewould be a requirement to have extensive discussion with key program personnel and analysis


23/25

of records at all three levels. These three steps are the main overall steps involved: 1. Preliminary Survey at the State Oversight Board:2. Analysis of School District Program Plans and Annual Performance Reporting, and of

Oversight Agency Program Monitoring:3. Analysis of School District and Individual School Attendance Improvement Practices:

Below is a breakdown of each audit step I would perform, assuming it is a regular audit.

First, I would do a review of the records and procedures related to the graduation anddropout rates (this includes a review of laws and department regulations, reporting requirementsimposed on school districts, and the procedures used by the state education agency to overseeattendance and dropout incidence). This would also help to analyze whether the state agencyacts in a proactive manner by analyzing the rates over time and among districts with periodicmeeting held with districts that help to identify best practices and taking special actions for poorlyperforming districts. If there is no district-by-district time series analyses of attendance anddropout rates, the auditor should make such analysis to determine trends and to compareperformance among districts with similar socio-economic characteristics. Then I would interviewthe Division of Instructional and Information Technology (DIIT) officials (who are in charge of thecomputer systems) to gain an understanding of the process of compiling student data and theResearch and Policy Support Group (RPSG) officials (who perform the graduation ratecalculations) to gain an understanding of the graduation-rate calculation process. To gain an

understanding of the process of updating student transcripts, I would review the computersystems' manuals and interview school officials. Furthermore, to gain an understanding of thecontrols in place to prevent unauthorized changes of student information, officials in charge oftheir computer systems databases should be interviewed. To ensure that the computer processeddata were complete and accurate, the computer program language used to compile the list of allstudents in the audited date range should be examined and the data from that time would bereviewed for invalid deletions or entries. The accuracy of the computer systems' database filelisting of students in that date range should be checked by reviewing student files at ten sampledschools.

Principals, assistant principals, guidance counselors, and program chairs at five school,one from each district/borough/county, should be interview. The i

Documents

Public Sector Auditing My Homework and Discussion Answers