City Auditor

Services

Audits

Audits of departments, activities, functions, programs, operations, computer systems and contracts are conducted to evaluate:

• Adequacy of internal controls to prevent or detect fraud.
• Safeguarding of assets, from loss, damage or inappropriate use.
• Compliance with laws, regulations, policies, contracts, grant terms, etc.
• Accuracy of reported financial and performance information.
• Economy and efficiency of operations.
• Accomplishment of specified goals and objectives.

Audit topics are identified and selected using a risk-based approach. Topics are selected annually.

Audit findings and recommendations are reported to the Council Audit, Finance & Enterprise Committee, City Manager and the department being reviewed. A follow-up audit may be preformed 9 to 12 months after initial report to determine if management has complied with the recommendations.

Consulting

Consulting encompasses a wide array of non-audit services, including but not limited to:

• Providing general guidance on internal controls and related matters, including application-level IT controls.
• Reviewing credit card acceptance sites for compliance with PCI DSS.
• Performing limited reviews and analyses of financial statements submitted by potential contractors in connection with RFQs.
• Observing MesaStat presentations and, as resources permit, periodically reviewing financial/performance data and measures presented by staff.
• Performing periodic random reviews of Council Reports, to ensure that the information provided to decision-makers is accurate and complete.

Consulting services may or may not result in formal reports, but findings are always reported to management. When appropriate, findings may also be reported to the Audit, Finance & Enterprise Committee.

Investigations

We are responsible for ensuring that all reports received through the Fraud and Ethics Hotline are adequately investigated. However, we also investigate allegations that come to us directly. Administered by a third-party, the hotline provides anonymity; however, direct reporting is often more effective in that we are usually provided with more complete information. We pledge to honor all requests for anonymity to the extent allowable by law.

How We Decide What to Audit

Each fiscal year, an Audit Plan is approved by the City Auditor, City Manager, Mayor, and Audit, Finance & Enterprise Committee. The Audit Plan is developed based on a combination of many factors, including but not limited to the following:

• Requests and/or suggestions made by the Mayor, other Councilmembers, the City Manager and/or members of the Executive Management Team.
• Federal and/or state mandates.
• Risk assessments, which include consideration of:
  • Prior audit history or lack thereof.
  • Knowledge of existing internal control systems.
  • Complexity of operations.
  • Regulation levels (highly regulated vs. unregulated activities).
  • Cash handling volume and number of locations.
  • Impact of potential findings on public perception.
  • Activities most commonly susceptible to fraud.

Peer Review

The City Auditor’s Office follows Generally Accepted Government Auditing Standards (GAGAS) and are issued by the Comptroller General of the United States. These standards require audit organizations to receive an external peer review at least once every three years. The objective of a peer review is to determine whether an audit organization is following its established policies and procedures and applicable auditing standards. The City Auditor’s peer review is conducted through the Association of Local Government Auditors (ALGA).

2025 Peer Review(PDF, 2MB)

2022 Peer Review(PDF, 1MB)