Saturday, September 1, 2012

Trimet actually audits itself (how ridiculous)

Audit Planning and Risk Assessment Process

In determining which areas to audit, we develop an annual risk-based dynamic audit plan designed to test high and moderated rated areas. A dynamically based audit plan allows us to adjust our schedule as necessary to incorporate emerging issues and significant changes within the agency.
Biennially, we update our risk assessments and evaluate each auditable area based on several criteria, including:
  • Legal/compliance considerations - Risk of significant regulations and/or legal requirements, and costly penalties/fines for non compliance.
  • Control environment - Degree of management experience and monitoring, early warning systems or quality assurance programs established, and/or the results of prior audit/regulatory reviews.
  • Size - Financial reporting risk and the unit's annual revenue, annual expense total, asset size, annual operating expense, and/or number of transactions.
  • Complexity - Complexity of the unit's processes, degree of specialized skill required, significant dependencies on other units/processes, degree of external/market risk factors, and/or significant systems used by the area.
In developing our audit plan, we also seek input from the Executive Directors regarding areas of concern within their specific areas or other areas within the Agency as a whole.

Follow-Up Process

Our audit follow-ups consist of reviews, interviews, and/or sample testing to verify whether management's corrective actions to control weaknesses are functioning as intended. A Semi-Annual Management Action Plan Status Report is distributed to management and Executive Directors to promote accountability and to ensure that appropriate attention and resources are allocated to facilitate timely resolution of management's action plans.


Erik H. said...

The problem with TriMet's auditing process is that it is internal. There are no external audits at TriMet, so any audit is basically at the whim of the GM. If he doesn't like the audit he can fire the auditor and start anew. Which defeats the whole purpose of the audit.

Note, that at Metro and the City of Portland, the auditor is an entirely separate position that is elected - not hired or appointed. So while they are considered employees of the district (itself questionable), they can't be touched by the Mayor, Executive, Council or Board. If they don't like the audit they can pound sand. However - the auditor has no enforcement capability, like a federal Inspector General, so all they really do is shuffle paper.

Anonymous said...

Enron Accounting Lives!

Jason McHuff said...

the auditor has no enforcement capability, like a federal Inspector General, so all they really do is shuffle paper.

They at least bring things to light, and professional journalists say that "sunshine is the best disinfectant"

Jason McHuff said...

Also, I thought internal auditing was very common (not at all saying that it's the only thing needed)