How do we decide what to audit?
The Multnomah County Auditor's Office uses a risk matrix to determine which areas may need our attention. Anyone who works or lives in Multnomah County can share audit ideas with us and we will run this through the risk matrix. The matrix asks questions about each program, such as:
- What is the annual budget?
- How many employees do they have?
- Does the program enable other County programs to function?
- Have there been any significant changes?
- How many vulnerable or under-served people depend on the program for basic needs?
- Does the public care about this program?
- What is the life and safety impact if program does not meet its mission?
- Is there external oversight other than the Auditor's Office?
- What is the program's score on the ethics survey that our office conducts every other year?
Based on the answers to these questions, we create a risk score. This information is evaluated by the County Auditor, who then creates an annual audit schedule.
Why do we conduct audits?
We conduct audits to help ensure that County government is efficient, effective, equitable, transparent, and fully accountable to its citizens. Our audits result in recommendations for improvement government. We do this work in service to the public, the Board of County Commissioners, and the managers and staff members involved in the areas we audit.
What is a performance audit?
County Charter guides our office to emphasize performance audits. Performance audits test the reliability of assumptions and principles that are used in County decision-making. Through our audits, we independently verify management decisions that affect the quality and cost of services. We measure the efficiency and success of County activities. We evaluate the safekeeping of County assets. This testing, measuring, and evaluating can be laborious and time-consuming, but the results often translate into significant cost savings, service improvements, or reduced risks to County assets.
How do we conduct audits?
All audits must comply with the Generally Accepted Government Auditing Standards that the U.S. Government Accountability Office developed. Audits follow three basic phases: survey, fieldwork, and reporting.
The survey phase is a general look at all of a department’s or program’s operations. The department director receives written notice that an audit is starting, and the auditors schedule an introductory meeting with the management team. These meetings allow us to explain the purpose, process, and timeline of the audit. At this time, we make arrangements for access to information systems and key personnel. We also gain a general understanding of program areas and anticipated results, as well as the problems program personnel face in carrying out their mission.The audit team reviews all available information about the program as well as professional literature, and conducts interviews with staff and others who have knowledge about the operation and program results. Usually the team meets with management first and staff directly involved with providing services later. This is to first gain a broad understanding of the program and proceed to a more complex understanding. Many times the team will “ride along” with line staff to get a “hands-on” perspective. During this phase the auditors decide if there are areas which could benefit from in-depth analysis. At the end of survey, the auditors brief department management to describe their audit work, issues identified during the survey, and areas needing further audit work.
If we identify significant issues during survey, the audit team will begin more detailed information gathering and analysis. At the end of fieldwork we also meet with department management to review results.
We develop a report that contains our findings and recommendations. We prepare a draft report for department management to review. We meet with managers to discuss the report and ensure that the information is clear and accurate. Department management also has the opportunity to prepare a written response, which is included in the final audit report. When we present our report to the Board of County Commissioners, we invite management to participate. All of our reports are available to the public.
In our reports, we try to recognize the accomplishments and good efforts of the organizations we audit. However, by design, auditors focus on areas for improvement and we give these the most attention in our reports.
To better resolve issues, we regularly brief the managers we are auditing on the results of our efforts. We are also ready to provide them with more detailed explanations of our audit activities and results to assist them in addressing our recommendations.
What Information do Auditors Want to See?
The simple answer is everything, but auditors usually start with a number of basic things to review. These include:
- Mission statements
- Strategic plans
- Annual reports
- Management reports
- Organizational charts
- Staff duties or job descriptions
- Written policies and procedures
- Performance standards
- Key results or other standards
- Data files
- Filing systems
- Applicable statutes and rules
- Contracts and grants
- Budgets and documentation
- Audits and outside reviews
- Professional literature
We ask managers to direct us to these documents and other relevant information about the program, or to others who might be able to provide them. We can take special precautions to protect information which is subject to confidentiality laws.