Audit Work Plan - 2003 - FINAL Jan 6 03
12 Pages
English
Downloading requires you to have access to the YouScribe library
Learn all about the services we offer

Audit Work Plan - 2003 - FINAL Jan 6 03

-

Downloading requires you to have access to the YouScribe library
Learn all about the services we offer
12 Pages
English

Description

STAFF REPORTJanuary 6, 2003To: Audit CommitteeFrom: Auditor GeneralSubject: Audit Work Plan - 2003 Purpose:To provide City Council with details of the Auditor General's work plan for the year endedDecember 31 2003.Financial Implications and Impact Statement:There are no financial implications resulting from the receipt of this report.Recommendation:It is recommended that the 2003 work plan for the Auditor General’s Office, as set out in thisreport, be received for information.Background:At its meeting of May 21, 22 and 23, 2002, City Council approved Clause No. (1) of Report No.(7) of the Policy and Finance Committee establishing the Office of the Auditor General andtransferring the internal audit function of the City Auditor to the Chief Administrative Officer, asrecommended in the report of Mr. Denis Desautels, the former Auditor General of Canada. Thereport also recommended that the Chief Administrative Officer, working with the AuditorGeneral, in consultation with the City Solicitor and the Commissioner of Corporate Services,report back on specific implementation actions.A report dated November 4, 2002, entitled “Implementation of the Auditor General and InternalAudit Functions” was approved by City Council on November 26, 27 and 28, 2002. Included inthe recommendations approved by Council was a draft by-law setting out provisions for theAuditor General’s responsibilities, term of office, selection, compensation, annual audit plan, ...

Subjects

Informations

Published by
Reads 21
Language English

Exrait

STAFF REPORT
January 6, 2003
To: Audit Committee
From: Auditor General
Subject: Audit Work Plan - 2003

Purpose:
To provide City Council with details of the Auditor General's work plan for the year ended
December 31 2003.
Financial Implications and Impact Statement:
There are no financial implications resulting from the receipt of this report.
Recommendation:
It is recommended that the 2003 work plan for the Auditor General’s Office, as set out in this
report, be received for information.
Background:
At its meeting of May 21, 22 and 23, 2002, City Council approved Clause No. (1) of Report No.
(7) of the Policy and Finance Committee establishing the Office of the Auditor General and
transferring the internal audit function of the City Auditor to the Chief Administrative Officer, as
recommended in the report of Mr. Denis Desautels, the former Auditor General of Canada. The
report also recommended that the Chief Administrative Officer, working with the Auditor
General, in consultation with the City Solicitor and the Commissioner of Corporate Services,
report back on specific implementation actions.
A report dated November 4, 2002, entitled “Implementation of the Auditor General and Internal
Audit Functions” was approved by City Council on November 26, 27 and 28, 2002. Included in
the recommendations approved by Council was a draft by-law setting out provisions for the
Auditor General’s responsibilities, term of office, selection, compensation, annual audit plan, and
other matters as required to implement the Auditor General function.- 2 -
The Auditor General reports directly to City Council through the Audit Committee and has the
mandate to conduct compliance, value for money, and financial (excluding attest) audits of all
programs, activities and functions of departments and agencies, boards and commissions. The
Auditor General is also responsible for the oversight of the work of the external attest auditors.
This report addresses the Auditor General's annual audit work plan for 2003.
Included in the by-law passed by City Council, establishing the office of the Auditor General are
the following provisions relating to the annual audit work plan.
The Auditor General shall:
- Have full carriage and control of and be fully responsible for the conduct of the Auditor
General's Office.
- Be responsible for carrying out financial (excluding attest), compliance and performance
audits of all programs, activities and functions of all City departments, agencies, boards,
and commissions, and the offices of the Mayor and members of Council.
- The Auditor General shall submit an annual audit plan to Council.
- No deletions or amendments to the annual audit plan shall be made except by the Auditor
General, however, Council may add to the annual audit plan by a two-third’s majority
vote.
In addition to the above the following specific responsibilities of the Auditor General were
approved by City Council:
The Auditor General shall:
- conduct or cause to be conducted, audits on behalf of City Council in the areas of
compliance, financial (excluding attest) program or value for money, information
technology infrastructure, environment and sustainability and other audits as appropriate;
- undertake forensic investigations including suspected fraudulent activities;
- oversee the work of external auditors performing financial statement/attest audits;
- examine problems and carry out assignments identified by the Auditor General, or
approved by two-third’s majority resolution of Council;
- provide assurance that the information technology infrastructure contains adequate
controls and security by ensuring the existence of such controls in existing systems,
assessing overall computer security including business continuity (emergency) planning;- 3 -
- coordinate audit activities with internal auditors and any contracted work to ensure
efficient and effective use of audit resources; and
- manage the fraud hotline; refer issues to departmental management and the Internal Audit
Division as appropriate.
Comments:
The Work Plan of the Auditor General for 2003 consists of the following:
- Attest or Financial Audits
- Audit Projects Requested by City Council
- Audit Projects Identified by the Auditor General
- Annual Recurring Audits
- Follow-up Audits
- Fraud or Fraud Related Investigations
- Coordination and Oversight of the City’s External Attest Audit
Attest or Financial Audits
The year 2003 is a transitional year for the newly established Auditor General’s Office. Attest
audits for the year ended December 31, 2002, for Community Centres, Arenas and Business
Improvement Areas are being conducted during 2003, and will likely continue until the end of
the year. This has previously been reported to the Audit Committee and City Council. Details of
these financial audits are included in Appendices 1, 2 and 3.
The Auditor General’s Office (previously the City Auditors office) has been conducting attest
audits of Community Centres, Arenas and Business Improvement Areas since amalgamation. In
addition the Auditor General’s Office has also been conducting attest audits on a wide range of
provincial subsidy claims relating to various programmes such as Homes for the Aged and
Public Health.
Attest audits, for these entities for years subsequent to 2002 fiscal year ends, will be the
responsibility of external public accounting firms as was previously approved by City Council.
The reason for this is two fold:
a) The new Municipal Act in subsection 296 (4) in relation to attest audits, provides that for
years ending subsequent to December 31 2002:
“ the auditor of a municipality shall not be an employee of the municipality or of a local
board of the municipality.” Consequently, this subsection clearly precludes the Auditor
General, an employee of the City, from performing attest audits in the future.
b) In creating the Auditor General function in the City, and in accordance with the
recommendations of Mr. Denis Desautels, Council specifically excluded attest audits
from the Auditor General’s responsibilities.- 4 -
As a result of the foregoing, the Auditor General’s Office, for fiscal year ends subsequent to
December 31 2002, will no longer conduct any attest audits for the City or any of its Agencies,
Boards, Commissions or Special Purpose Bodies. The transition of these audits from an
“internal” to “external” is currently in process.
In accordance with the contractual arrangement with the external auditors, the Auditor General
will provide 1,000 hours of audit assistance to the external auditor in connection with the City’s
2002 financial audit. This is consistent with prior years. This assistance will not be provided for
fiscal years subsequent to December 31, 2002.
Audit Projects Requested by Council
Included in the Auditor General’s 2003 work plan are projects previously requested by City
Council and which remain outstanding. The majority of these projects are either currently in
progress or are in the preliminary planning stage. These projects are as follows:
a) Review of the Investigation of Sexual Assaults – Toronto Police Service
One of the recommendations contained in the City Auditors report relating to the “Jane Doe”
audit was a requirement that “the City Auditor be requested to conduct a follow-up audit in
regard to the status of the recommendations contained in the report, the timing of such audit to be
consistent with the time frame outlined in the report of the Chief of Police. The City Auditor be
required to report directly to the Toronto Police Services Board in regard to the results of the
follow-up audit”.
This audit is in progress and is scheduled for completion in mid 2003.
b) Performance Audit – The Public Complaints Process, Toronto Police Services
The Auditor General conducted a Performance Audit on the Toronto Public Complaints process
and issued a report to the Police Services Board dated August 2002. The Police Services Board
requested that the Auditor General conduct an annual audit on the complaints process and report
directly to the Board. While the 2002 audit was a detailed performance audit, future annual
audits will be compliance in nature only.
c) Access and Equity Audit
In December 1999, City Council adopted the recommendations of the Final Report of the Task
Force on Community Access and Equity which required that, “once in each term of Council, the
City Auditor oversee an internal audit of the performance by the Corporation as a whole in
achieving its access, equity and human rights goals”.
A detailed Terms of Reference have been developed and the Auditor General has participated in
a number of Community Meetings in regard to this project. It is anticipated that this project will
be submitted to Audit Committee at either its July or September 2003 meeting.- 5 -
d) Review of Race Relations Practices of the Toronto Police Services
City Council directed the “City Auditor, within his mandate to the Toronto Police Services
Board, to undertake an updated audit of Police policies, procedures, programs and practices that
impact on racial minorities similar to that undertaken by the former Metro Auditor, Allan
Andrews, in 1992, including an audit of the implementation of recommendations made at that
time, and report back to Council of the City of Toronto, through the Policy and Finance
Committee, on its findings and request the Board’s co-operation in this audit.”
e) Various Investigations
The Auditor General has contracted with two external forensic accounting firms to conduct work
on two specific projects requested by Council. This work is underway with a reporting deadline
likely for July 2003. These projects were as follows:
- An investigation into “what prompted the decision for the sale of the City’s telephone
system and its replacement by the Centrex Phone System”;
- An investigation into two specific contracts addressing the following issues:
- “the process that was followed for selection of the firms;
- whether these firms were in a position to hire other consultants;
- we firms met the terms of reference;
- the number of contracts awarded to these firms in the past five years;
- the special expertise offered by these firms to the City of Toronto;
- whether this expertise was available within the City’s staff;
- whether food/hotel accommodation was included in initial terms, and if not
whether the dollar amount was specifically identified with a maximum amount
allowed; and
- whether any efficiencies resulted from these contracts.”
The external forensic auditors responsible for this work are reporting directly to the Auditor
General’s Office.
Audit Projects Identified by the Auditor General
In the past, projects identified by the Auditor General and appearing on the annual audit work
plan were based on the results of a risk assessment exercise completed at the time of
amalgamation. This risk assessment exercise was supplemented by input from Council
members, Audit Committee members and depending on the circumstances, by audit and
management staff. However, now with a more stable environment, an accumulated knowledge
of client operations and the transition to the Auditor General’s Office, it has been determined that
this is an opportune time to revisit refine and implement a more formal risk assessment
methodology to further identify those high priority audits. This approach to planning audits and
prioritising audits is considered a “best practice” within the audit profession and is specifically- 6 -
referred to in the standards promoted by international auditing organizations such the Institute of
Internal Auditors and the Information Systems Audit and Control Association and Foundation.
Specifically, the risk analysis process begins by establishing the audit universe and continues
with a ranking exercise by applying predefined risk factors against each audit unit. After
examining approximately 70 possibilities, the following risk factors (in alphabetical order) were
selected by the Auditor General and the Directors of Audits on the basis of relevance with
respect to the nature and objectives of our reviews and the political and reporting environment in
which we operate.
1. Adequacy of Policies and Procedures
2. Competence/Integrity of Management and Staff
3. Complexity of Operations
4. Dollar Impact/Materiality
5. Existence of a Business Plan
6. Liquidity of Assets
7. Major System Change
8. Political Exposure/Adverse Publicity
9. Potential for Liability (penalties, litigation)
10. Quality of Internal Control System
Applying a consistent scoring system across the entire City-wide organization ensures that audit
resources will be focused on those areas with the highest risk. A quantitative approach to
prioritize potential audits, which pose the greatest risk and liability to the City, increases our
ability to allocate scarce audit resources more effectively. As well, it will indicate, given the
current staff complement, the time required for the office to cycle through all the audit units.
We recognize there are inherent risks and limitations associated with any method or system of
prioritizing audits. The risk factors and scoring process will be periodically evaluated and
modified, if necessary, in order to improve the audit plan. While the above process is standard
generally accepted audit practice, we intend validating this methodology with the City’s external
auditors.
The annual work plan for 2003 has identified the following projects as being priority audits.
Certain of these audits are either in progress or are in the early planning stage.
- Review of Procurement Processes at the City of Toronto
- SAP Financial and Human Resources/Payroll Information Systems – Post
Implementation Review
- Fleet Operations Review (two separate phases)
- Hostel Services Review
- Recreation Program- CLASS Registration and Permitting System Application Review
- Review of City Environmental Liabilities
- Outstanding Property Taxes Receivable Review
- Parks and Recreation – Cost Controls
- Transportation Division – Selected Application System Reviews- 7 -
- Review of Mainframe Operations
- Corporate Services – Oracle Database Environment
Annual Recurring Audits
The Investment Policy and Procedures approved by City Council in January 1998 requires that
the “Treasurer of the City shall establish an annual process of independent review by the City’s
Auditor. This policy will provide assurance of compliance with governing legislation, this
investment policy and procedures established by the Treasurer of the City.”
This audit is done on an annual basis by the Auditor General’s Office
Follow-up Audits
A normal part of any audit process is the follow-up of audits previously completed. Follow-up
audits are conducted to ensure that issues identified in audit reports have been addressed. It is
anticipated that the following follow-up audits will be conducted in 2003.
- Police Services – Controls Relating to Overtime and Premium Pay (Audit originally
conducted in January 2000)
- Parking Enforcement Unit Review (Audit originally conducted in January 2000)
- Community Services Grants Program Review (Audit originally conducted in February
2001)
- Tipping Fees Review – Solid Waste Management Review (Audit originally conducted in
February 2001)
Fraud or Fraud Related Investigations
The Fraud and Waste Hotline program is an ongoing initiative administered and operated by the
Auditor General’s Office. Following a Hotline six-month pilot project, City Council established
the Fraud and Waste Hotline as a permanent program in the City of Toronto.
Our work plan for 2003 includes the administration of complaint intake, electronic tracking of
complaints and disposition of complaints received, which in turn may result in no action,
referrals to departments or investigations being conducted.
Currently, complaints may be received anonymously through the telephone on the Fraud and
Waste Hotline or forwarded by written letter. The program is currently being expanded to permit
the reporting of complaints on-line.
The extent of work in this area is unpredictable and essentially relates to the volume of calls
received on the fraud hotline. In addition, fraud investigations can be initiated by the Auditor- 8 -
General’s Office either as a result of issues identified by staff from the Auditor General’s Office
or by concerns raised by departmental management or Council members.
Coordination and Oversight of the City’s External Attest Audit
The responsibilities of the Auditor General include the coordination and oversight of the City’s
external audit. This is a new responsibility for the Auditor General’s office and in this context it
is important for Council to understand that the Auditor General does not have the authority to
direct the work of the external auditor. The Auditor General can request that certain additional
work be conducted in specific areas but he can not direct that certain work not be conducted.
The work of the external auditor forms the basis of an independent audit opinion on the City’s
financial statements and as such the work that they do must satisfy this objective.
The major coordination role essentially relates to a number of areas such as:
- the timing of the audits for the City, as well as its Agencies, Boards and Commissions;
- the identification of problem areas which may require the resources of the Auditor
General’s Office;
- the issue of management letters and the resolution of matters contained in the various
management letters; and
- the coordination and preparation of reports for Audit Committee and Council.
The relationship of the Auditor General’s Office and the external auditors office is important
particularly in the context of ensuring that high risk areas are addressed as well as ensuring that
there is no duplication of audit work being conducted by either party. In many respects, the
working relationship between both parties is essentially a continuation of the present
arrangement.
Conclusions:
The year 2003 is a transitional year for the office of the Auditor General. Attest audits will
continue to be conducted for much of 2003. The Auditor General will likely issue in excess of
80 individual audit opinions on various City financial statements. In many cases these financial
statement audits will likely necessitate the issue of a management letter on internal control
related issues.
In addition to encompassing certain high priority and high risk projects, the work plan as
presented also allows the Auditor General the flexibility to undertake ad hoc requests from
Council as well as the need for unscheduled audit work pertaining to special reviews and fraud
related investigations.- 9 -
Contact:
Jeffrey Griffiths, Auditor General
Tel: (416) 392-8461, Fax: (416) 392-3754
E-Mail: Jeff.GRIFFITHS@toronto.ca
Jeffrey Griffiths
Auditor General
dl/cg
List of Attachments:
Appendix 1: Financial Audits of Community Centres and Arenas
Appendix 2: Financial Audits of Business Improvement Areas
Appendix 3: Other Statutory Audits
C:\DATA\Audit\2003\Reports\AG's Office\Audit Work Plan - 2003 - FINAL Jan 6 03.doc- 10 -
Appendix 1
Auditor General’s Office 2003 Work Plan
FINANCIAL AUDITS OF
COMMUNITY CENTRES AND ARENAS
Presently, the Auditor General is responsible for the following financial and statutory audits:
Community Centres
1. 519 Church Street Community Centre
2. Applegrove Community Complex
3. Cecil Street Community Centre
4. Central Eglinton Community Centre
5. Community Centre 55
6. Eastview Neighbourhood Community Centre
7. Harbourfront Community Centre
8. Ralph Thornton Community Centre
9. Scadding Court Community Centre
10. Swansea Town Hall Community Centre
Arenas
1. McCormick Playground Arena.
2. Forest Hill Memorial Arena.
3. George Bell Arena.
4. Leaside Memorial Arena.
5. Moss Park Arena.
6. North Toronto Memorial Arena.
7. Ted Reeve Community Arena.
8. William H. Bolton Arena.