Under the Internal Audit Charter, Internal Audits serves an independent internal examination function for the Board of School Commissioners, which has full authority to review, evaluate, and report on the performance of City Schools operations and activities.
Compliance audits examine the adequacy of departments' compliance with City Schools policies and external requirements, including federal and state laws and regulations. Audit recommendations typically address the need for improvements in processes and procedures to ensure compliance with applicable policies, laws, and regulations.
Financial audits examine accounting for and reporting of financial transactions, including commitments, authorizations, and receipt and disbursement of funds. This type of audit verifies that sufficient accounting controls exist over assets, liabilities, revenues, and expenditures and that there are adequate controls over the acquisition and use of resources.
Information technology audits examine the internal control environment of automated information-processing systems and how people use those systems. These audits typically evaluate system input, output, and processing controls; back-up and recovery plans; system security; and computer facilities.
Internal control reviews examine whether departments are conducting their financial and business processes under an adequate system of internal controls, as required by City Schools policies, procedures, and best practices.
Internal investigations focus on allegations of violations of City Schools policies, federal laws, or state laws that may result in disciplinary action or prosecution. Allegations of theft or misuse of City Schools assets, white-collar crimes, and conflicts of interest are examples addressed by internal investigations.
Operational audits examine whether a department's resources are being used in the most efficient and effective ways to fulfill City Schools' mission and objectives. An operational audit can include elements of a compliance audit, financial audit, and information technology audit.
Planning. Each school year, the internal audit director performs a risk assessment of City Schools' operations, activities, and schools. The assessment considers factors such as district goals and objectives; financial implications; adequacy of internal control processes and procedures; prior audit findings; significant changes in operations, systems, or personnel; complaints; operational concerns expressed by the Board or CEO; and availability of internal audit resources. An annual audit plan is then developed by the audit director and approved by the Board, documenting audit methodology and an overview of the scope of coverage.
Notification. The CEO is notified directly of all upcoming internal audits by email announcement from the audit director, with copies to the chief of staff and responsible officer. The officer shall inform appropriate staff.
Introductory meeting. An introductory meeting between Internal Audit management, the responsible officer, and designated members of management is coordinated and scheduled through the chief of staff's office. The purpose is to discuss the audit scope and objectives, obtain an overview of the department, identify key departmental personnel for further discussions, and provide an opportunity for management to discuss issues or areas that may require audit attention.
Preliminary survey. The assigned audit staff review the department’s internal control structure using a variety of tools and techniques to gather and analyze information about the department’s operations. The review helps the auditor better understand departmental operations and determine areas with high risks.
Field work — Testing. This phase concentrates on the testing of critical procedures and transactions performed by the department on a regular basis. The auditor determines whether the controls identified during the preliminary survey are operating properly through testing.
Communication. Internal Audit management may provide periodic written updates to the CEO, chief of staff, and responsible officer concerning the audit status, including audit progress, preliminary findings or issues, problems encountered, and projected completion.
Audit findings and recommendations. To ensure internal audit findings and recommendations are presented accurately, Internal Audit staff members discuss and validate findings with responsible personnel and management. The goal is to ensure an accurate understanding of issues that were identified during the audit.
Draft report. At the close of field work, the audit manager and director review all findings, recommendations, and supporting documentation in detail. A draft report is issued directly to the CEO, with copies to the chief of staff and responsible officer.
Exit meeting. Within a week after the draft report is issued, an exit meeting between Internal Audit management, the responsible officer, and designated members of management is scheduled through the chief of staff's office. The purpose is to clarify the draft report findings and recommendations and allow for management's feedback.
Management response to audit findings and recommendations. The responsible officer is required to respond in writing to the draft report findings and recommendations within 10 business days after the exit meeting. Written responses to audit findings and recommendations will not be accepted without the chief of staff's approval. In the event the 10-day deadline must be extended, the audit director will inform the Board's Audit Committee.
Final report. The audit director reviews management's written responses to determine if they adequately address the risks and recommendations associated with the findings. When determined, a final report is prepared and distributed to the CEO, chief of staff, responsible officer, chief legal counsel, and members of the Board's Audit Committee. The final audit report is for internal use only.
Follow-up review. A follow-up review may be performed to verify the resolution of the audit findings. Corrective actions described to resolve the findings may be tested to ensure results were achieved.