So what can we expect from the independent audit approved by the State Budget Committee in April?
Step One: Initial Risk Assessment
Expected to be completed for the State Budget Committee’s July meeting.
First, Deloitte will conduct a “Financial Operational Risk Assessment,” which will include the following:
1. The adequacy of the DOR’s internal IT and financial controls
2. The adequacy of the DOR’s current IT systems, policies and procedures
3. The adequacy of the DOR’s current financial policies and procedures
4. The adequacy of the IT, financial and auditing organizational structure
“The risk assessment should incorporate the various aspects of risk, including, but not limited to, size (both dollars and number of transactions), complexity of operations, control weaknesses, and the propensity for human error. Given that the scope of the audit could be fairly broad, the selected firm will be asked to assist in prioritizing the review of the DOR’s numerous processes, IT programs, and funds.” (Quoted from the state’s Request for Information.)
Step Two: Draft Audit Plan
Next, based on the results of the initial risk assessment, a “Draft Audit Plan” will be completed detailing the proposed scope of the audit, including a timeline and a specific list of deliverables.
Step Three: Audit
Finally, the Dept. of Revenue’s (DOR) internal controls as well as IT and financial policies and procedures will be audited. Highlights of what the audit will include as described in the state’s Request for Information:
- Determine whether proper controls (IT and financial) are in place and are working as they should.
- Determine whether the DOR’s organizational structure is appropriate.
- Determine whether the DOR’s internal audit structure and procedures (e.g., criteria and methodologies for selecting audit work) are appropriate and adequate.
- Review DOR’s interactions with other state agencies that manage revenues. Determine whether adequate communications and collaboration exists. Also determine whether lines of responsibility and accountability are clear between state agencies. Evaluate whether sufficient “checks and balances” exist.
- Assessment of the revenues flowing into and out of the collections fund, including a reconciliation of the fund. Ensure that all revenue streams flowing into the fund have been properly identified. Ensure that all revenue streams are being properly and timely transferred to their appropriate funds.
- Review of the collection and distribution processes for other local revenues.
- Recommendations that can be implemented to reduce risk associated with such complex systems in the future. The recommendations may include administrative and legislative changes, and should include both preventive and detective controls in order of priority that can be implemented or strengthened.