Internal Audit Services and Process

  • Core services

    Compliance audits examine the adequacy of departments' compliance with City Schools policies and external requirements, including federal and state laws and regulations. Audit recommendations typically address the need for improvements in processes and procedures to ensure compliance with applicable policies, laws and regulations.

    Financial audits examine accounting for and reporting of financial transactions, including commitments, authorizations and receipt and disbursement of funds. This type of audit verifies that sufficient accounting controls exist over assets, liabilities, revenues and expenditures and that there are adequate controls over the acquisition and use of resources.
    Information technology audits examine the internal control environment of automated information processing systems and how people use those systems. These audits typically evaluate system input, output and processing controls; backup and recovery plans; system security; and computer facilities.
    Internal control reviews examine whether departments are conducting their financial and business processes under an adequate system of internal controls, as required by City Schools policies, procedures and best practices.
    Internal investigations focus on allegations of violations of City Schools policies, federal and state laws that may result in disciplinary action or prosecution. Allegations of theft or misuse of City Schools assets, white-collar crimes and conflicts of interest are examples addressed by internal investigations. 

    Operational audits examine whether a department's resources are being used in the most efficient and effective ways to fulfill City Schools' mission and objectives. An operational audit can include elements of a compliance audit, financial audit and information technology audit.


    1. Planning
    Each school year, the internal audit director performs a risk assessment of City Schools' operations, activities and schools. The assessment considers factors such as City Schools goals and objectives; financial implications; adequacy of internal control processes and procedures; prior audit findings; significant changes in operations, systems or personnel; complaints; operational concerns expressed by the Board or CEO; and availability of internal audit resources. An annual audit plan is then developed by the audit director and approved by the Board. The plan documents audit methodology and a comprehensive overview of the scope of coverage of City Schools' operations and activities. The plan is executed to assist the Board in fulfilling their oversight duties relating to specific compliance with Maryland Education Article Sections 4-303.

    2. Notification
    The CEO is notified directly of all upcoming internal audits through an internal announcement (via email) from the audit director, with copies to the chief of staff and responsible officer. The officer shall inform appropriate staff.

    3. Introductory meeting
    An introductory meeting between Internal Audit management, the responsible officer and designated members of management is coordinated and scheduled through the chief of staff's office. The purpose of an introductory meeting is to discuss the audit scope and objectives, obtain an overview of the department, identify key departmental personnel for further discussions and provide an opportunity for management to discuss issues or areas that may require audit attention.

    4. Preliminary survey
    The assigned audit staff will review the department’s internal control structure using a variety of tools and techniques to gather and analyze information about the department’s operations. The review helps the auditor better understand the department operations and determine areas with high risks.

    5. Field work — Testing
    This phase concentrates on the testing of critical procedures and transactions performed by the department on a regular basis. The auditor determines whether the controls identified during the preliminary survey are operating properly through testing.

    6. Communication
    Internal Audit management may provide periodic written updates to the CEO, chief of staff and responsible officer concerning the audit status, including audit progress, preliminary findings or issues, problems encountered and projected completion.

    7. Audit findings and recommendations
    To ensure internal audit findings and recommendations are presented accurately, Internal Audit staff discusses and validates findings with responsible personnel and management. The goal is to ensure an accurate understanding of issues that were identified during the audit.

    8. Draft report
    At the close of field work, the audit manager along with the audit director will review all findings, recommendations and supporting documentation in detail. A draft report is issued directly to the CEO, with copies to the chief of staff and responsible officer.

    9. Exit meeting
    Within a week after the draft report is issued, an exit meeting between Internal Audit management, the responsible officer and designated members of management will be coordinated and scheduled through the chief of staff's office. The purpose of an exit meeting is to clarify the draft report findings and recommendations and allow for management's feedback.

    10. Management response to audit findings and recommendations
    The responsible officer is required to respond, in writing, to the draft report findings and recommendations within 10 business days after the exit meeting, in accordance with the (Board policy EAA). Written responses to audit findings and recommendations will not be accepted without the chief of staff's approval. In the event the 10-day deadline must be extended, the audit director will inform the Board's Audit Committee.

    11. Final report
    The audit director will review management's written responses to determine if responses adequately address the risks and recommendations associated with the findings. When determined, a final report is prepared and distributed to the CEO, chief of staff, responsible officer, chief legal counsel and members of the Board's Audit Committee. The final audit report is for internal use only.

    12. Follow-up review
    A follow-up review may be performed to verify the resolution of the audit findings. Corrective actions described to resolve the findings may be tested to ensure results were achieved.