The 2018 Audit Plan consists of integrated audits that incorporate performance, financial, information technology, and fraud-detection objectives. The Plan is flexible and could change as conditions evolve. Auditor O’Brien meets regularly with elected officials, agency leadership, and community members to gather input related to operational risks so as to concentrate the work of the Auditor’s Office in areas where it will have the greatest impact.
Download the 2018 Audit Plan
I am pleased to present the Denver Auditor’s 2018 Audit Plan for the City and County of Denver.
My office has crafted an Audit Plan that incorporates risk-based performance, financial, information technology, and contract compliance objectives into a variety of audits and informational reports during 2018. The plan delivers value and impact for Denver and will be conducted with the
highest professional standards.
In drafting this plan, we considered input from a wide range of sources and people. My staff and I met with Denver elected officials and management to gain a better understanding of their unique operational risks and challenges. We perform continuous auditing of diverse data sources to identify existing or emerging risks, allowing us to concentrate our work in areas where it will have the greatest impact. I will continue the added focus on city contracts and operating agreements to make sure taxpayers are getting the deliverables they
Our work in 2018 will continue to implement a data analytics program to improve the quality of data gathered in the City. This will strengthen our audit analysis and recommendations and provide the tools to identify trends. We will also continue to tap professional resources in the community by competitively bidding audits and assessments that require specialized expertise, such as cybersecurity testing.
Denver residents appreciate the complete independence that comes from having an elected Auditor answerable only to the voters. As a Certified Public Accountant, I am bound by a code of ethics and professional standards. In determining the Audit Plan, I bring the obligations of my professional license as well as the sacred trust of the voters.
I look forward to carrying out these audits to deliver independent, transparent, and professional oversight, thereby safeguarding the public’s investment in the City and County of Denver. I am committed to providing ongoing information on how tax dollars are spent and how government operates on behalf of everyone who cares about the City, including its residents, workers, and decision-makers.
I thank the residents of Denver for their support of a comprehensive Audit Plan. I am confident that once the 2018 Audit Plan is executed, residents will benefit from the resulting City improvements. Please feel free to contact me at firstname.lastname@example.org or 720-913-5000 with questions.
Auditing under the Denver Charter
The Charter provides that the Auditor shall conduct:
- Financial and performance audits of the City and County of Denver in accordance with Generally Accepted Government Auditing Standards;
- Audits of individual financial transactions, contracts, and franchises; and
- Audits of financial and accounting systems and procedures, including records systems, revenue identification, and accounting and payment practices, for compliance with generally accepted accounting principles, best financial management practices, and any applicable laws and regulations governing the financial practices of the City and County of Denver.
The 2018 Audit Plan, like the past two Audit Plans, ensures broad audit coverage throughout the City while also addressing specific performance, financial, contractual, systems, and regulatory risks. According to the Charter, the ultimate decision to perform any audit shall be at the sole discretion of the Auditor.
Integrated audits incorporate elements of performance auditing, financial auditing, information technology auditing, and contract compliance auditing. The 2018 Audit Plan is aligned with the national focus in the public sector on strengthening and improving organizational governance, internal control environments, transparency, quality of services, financial reporting, and fraud prevention activities. We blend our integrated capabilities to align our audit activities with this focus and to assure that the City is operating in the most effective and efficient manner possible while simultaneously championing the growth of our team of dedicated auditors.
Integrated auditing incorporates diverse approaches to accomplish audit coverage:
- Performance Auditing – In addition to identifying opportunities to improve the efficiency and effectiveness of City activities, performance audits also assess the City’s ability to mitigate risk. We select performance audits that align with the City’s major strategic initiatives, which focus on transportation and mobility, housing affordability, and behavioral health, as well as public safety, sustainability, and customer service. The performance audit focus in the 2018 Audit Plan reflects these priorities as carried out in various City departments and programs.
- Financial Auditing – The 2018 Audit Plan has a strong focus on the condition, accounting, and overall financial management activities of the city. Our 2018 audits will assess the general financial control environment and critical City fiscal activities, including financial governance, reporting practices, and high-risk financial transactional areas.
- Information Technology (IT) Auditing – This year’s IT audits will continue to focus on the effectiveness of cybersecurity, data security, and critical systems in support of our ongoing communications with the City’s Technology Services department to address IT risks.
- Contract Compliance Auditing – The 2018 Audit Plan reflects a continued emphasis on auditing City contracts to assess the scope of work and the efficiency and timeliness of services delivered by third parties.
Data Analytics and Continuous Auditing Program
As part of Auditor O’Brien’s original vision for the Auditor’s Office, the Data Analytics and Continuous Auditing Program expands the Office’s risk assessment and auditing capability, and continues leading-edge audit practices to provide greater value and impact.
- Data Analytics – The Auditor’s Office uses Data Analytics to review audit-related data to provide improved understanding of City processes and internal controls. For example, data analytics can be used to ensure that data is accurate, consistent, and complete or on information technology systems to inform our audit work. For example, auditors may use data analytics to test internal controls to ensure processes and safeguards are appropriately implemented to minimize risk, detect mistakes, and identify possible suspicious transactions.
- Continuous Auditing – Continuous auditing is a specific data analytics methodology to identify high risk areas of the City in an efficient and timely manner. It provides the City with timely feedback of anomalies or outliers in the City’s processes and transactions. The Auditor’s Office regularly analyzes data from the various IT systems that contain key City operational processes and financial transactions, and evaluates related information technology system controls.
The City’s operational management is responsible for establishing internal controls to detect and prevent fraud for each City entity. Although fraud detection is not a primary responsibility of the Auditor’s Office, we work to identify risk areas and offer recommendations to prevent fraud. By highlighting potential gaps within internal control systems, the opportunity for fraud can be reduced. The Auditor’s Office incorporates the Government Accountability Office’s Anti-Fraud Framework into its assessment practices.
Audit Follow-up Program
Audit follow-up activities are conducted for every audit, using auditing techniques to assess whether City personnel implemented the agreed-upon audit recommendations for improvement and impact. The Auditor’s Office regularly issues follow-up audit reports to the Audit Committee and the City and County of Denver’s operational management on the status of audit findings and on our recommendations for improved business practices. Our office measures the audit recommendation implementation rate as an indicator of the degree to which the City is utilizing information provided by our audit reports to mitigate identified risks and to enhance efficiency, effectiveness, and economy of operations.
Focus on Flexibility, Transparency, Responsiveness, and Collaboration
As described throughout the 2018 Audit Plan, the concepts of flexibility, transparency, responsiveness, and collaboration are core tenets of operations within the Auditor’s Office. Although the Auditor’s Office operates independently from other City entities, Auditor O’Brien and Auditor’s Office leadership meet regularly throughout the year with the Mayor, City Council members, other elected officials, city personnel, neighborhood groups, and civic leaders to solicit input regarding risks facing the City. The collective objective of this collaboration is to improve services and stewardship of City resources.
2018 Planned Audits
|Audits Required in Municipal Code||The Auditor’s Office conducts audits required under the Denver Revised Municipal Code.|
|Procurement Practices||The audit will assess the internal controls associated with the City’s procurement practices. The audit may include a review of the Master Purchase Order process and resulting agreements to assess whether purchases are in the best interest of the City. The audit may also include a review of bidding practices to ensure the City is in alignment with internal policy and procedure and applicable City rules.|
|Contracting Practices||The audit will review the economy, efficiency, and effectiveness of the City’s complex contracting process.|
|Contracts and Agreements||The Auditor’s Office will audit selected City contracts and agreements as required under Denver City Charter, §5.2.1, to evaluate and ensure performance, value, and proper City oversight.|
|Financial Audits||The Auditor’s Office will conduct audits of some of the City’s financial balances, transactions and processes, including their related internal controls, to determine whether the transactions were properly accounted for and reported in the City’s Comprehensive Annual Financial Report (CAFR) and the internal control systems are efficient and effective.|
|Cybersecurity||The assessment will examine the City’s vulnerability to cybersecurity attacks and information theft. The assessment will build on the results of the 2016 and 2017 cybersecurity assessments by examining additional areas of potential vulnerability, including an updated security risk analysis of the City’s system infrastructure.|
|Homeless Services||This audit will examine the efficiency and effectiveness of certain homeless services. This audit may include an analysis of the effects of certain social policies and may also assess the resources dedicated to addressing homelessness and the collaboration among agencies citywide.|
|Indirect Cost Accounting Practices||The audit will review how indirect costs are calculated and cost recoveries are managed and allocated to various City funds and programs.|
|Workday Financial Implementation||The audit will review the implementation of the Workday financial system, including conversion of data from PeopleSoft, as well as system access and change management controls.|
|Procurement Card Expenditure Process||The audit will assess the efficiency and effectiveness of the controls over procurement card transactions, including a focus on specific risks identified during the continuous auditing effort.|
Arts and Venues
|Concessions Contract Audit||The audit will examine the financial performance and contract compliance between the City and the third-party vendor that provides concessions service and facilities management for some of the City’s Arts and Venues locations.|
|Property Tax Assessment Process||The Assessor’s Office is implementing a new system to track and report on all property taxes assessed and collected on behalf of the City and all other property taxing entities within the City’s boundaries. The audit will analyze the efficacy of the processes and controls the City uses to assess and collect taxes. The audit will also examine implementation and controls around the new property tax system.|
|County Court Operations||The Auditor’s Office will review the County Court’s governance structure and examine processes, such as administration, information technology, and collection of fines and penalties.|
|Scientific and Cultural Facilities District Tier I Organizations||This audit will be part of an audit series exploring efficiency, effectiveness, and financial operations of an SCFD Tier 1 recipient under the operating agreement with the City.|
Denver International Airport
|Security Operations Center||This audit will evaluate the documentation, standardization of processes and detection and response capabilities of Denver International Airport’s Information technology Security Operations Center.|
|Airport Security and Coordination Practices||The audit will assess the effectiveness of coordination and communication practices of Denver International Airport’s Airport Security function with federal agencies such as Transportation Security Administration and the Department of Homeland Security. This audit will also review internal controls in place for airport security’s badging processes.|
|Financial and Administration Management||The audit will assess the effectiveness and organizational structure of the financial and administrative management areas of Denver International Airport, including a review of the overall internal control environment.|
|Airport Hotel Revenue||The audit will review the Westin Denver International Airport Hotel contract with the airport to assess whether the hotel is in compliance with the revenue-sharing agreement established in the contract.|
Office of Economic Development
|Workforce Development||The audit will review the effectiveness and efficiency of Workforce Development Services and associated third-party providers. The audit may include a review of the internal control environment, monitoring of workforce services providers, training, and the effectiveness and efficiency of privatizing the workforce development function.|
|Affordable Housing Fund||The Auditor’s Office may audit the efficiency, effectiveness, and financial operations of the recently established Affordable Housing Fund.|
|Debt Management||Bonds issued by the City to fund major capital projects are subject to bond covenants and regulatory compliance requirements through maturity many years later. The audit assesses the City’s oversight and compliance practices for outstanding bonds and other debt instruments.|
|Capital Assets – Buildings and Equipment||The audit reviews the accuracy and internal controls over the classification, recording, and inventory of the City’s purchased or constructed buildings and equipment as reported in the City’s Comprehensive Annual Financial Report.|
|Denver Employees Retirement Plan Actuarial Valuation||This evaluation will review the actuarial valuation, including the assumptions and process used to calculate the net pension liability for the Denver Employees Retirement Plan as reported in the City’s Comprehensive Annual Financial Report.|
|Employee Compensation and Benefits||The assessment will review the Office of Human Resources’ recent external assessment evaluation of the City’s compensation and benefits philosophy.|
|Community Center Board Mill Levy Expenditure Compliance||The audit will review the oversight, management, and effectiveness of expending the dedicated mill levy funding for Denver’s Community Center Board (CCB). The audit may include a review of Denver Human Services’ oversight and monitoring of the funds directed to the CCB, as well as the impact of state regulations that will change the way CCBs operate.|
|Workers’ Compensation||The audit will examine the self-insurance funding, reinsurance coverage, and claims management processes to ensure that the City’s Workers’ Compensation Program is in compliance with the applicable state statutes.|
|Department of Public Safety – Use of Force||The audit will review the extent to which the use-of-force policies of the Department of Public Safety have been implemented and may also assess the effectiveness of those policies.|
|Data Centers||The audit will evaluate the City’s data centers, including those serving the Denver International Airport, against federal standards to ensure the security and availability of these technology assets.|
|Disaster Recovery||The audit will review the Information Technology systems disaster recovery plan to evaluate its ability to restore critical systems in a timely manner.|
|Network Access||The audit will review the change management and access controls in place to manage the citywide network system.|
Monitoring - Citywide
|All audits by the Auditor’s Office provide recommendations for improvement, to which the audited agency must respond whether they agree or disagree. For recommendations that were agreed to by the responsible entity, we complete a follow-up audit after the agreed-upon recommendation implementation date. Each follow-up audit will assess the status and quality of implementation for each recommendation.|
of Financial and
Data Using Analytics
|Throughout the year, the Auditor’s Office will assess possible risk areas by working with departments to analyze specific data relevant to ongoing audits as well as analyzing general financial and operations information. Data analytics and audit tools will be used to identify anomalies in the data for further review.|