The URL can be used to link to this page

CC 07-02-2024 Special Meeting Item No. 1 Enterprise Risk Assessment Final Report and Internal Audit Work Plan_Staff PresentationCC 07-02-2024 Special Meeting #1 Enterprise Risk Assessment Final Report and Internal Audit Work Plan Presentation City of Cupertino FY 24-25 Internal Audit Program and Enterprise Risk Assessment City Council Meeting July 2024 • The City retained Moss Adams to serve as the designated Internal Auditor and conduct projects focusing on: • Risks • Internal controls • Efficiency and effectiveness • Best practices • Compliance • Work is being completed under appropriate industry standards (IIA, GAGAS, AICPA) Internal Audit Overview 2 Role of Internal Audit 3 Source: IIA Holistic Internal Audit Program Components Tracking & ReportingCOpportunitiesBProgram InputsA • Enterprise Assessments • Employees and Residents • Performance Metrics • Risks • Controls • Compliance • Performance • Findings & Recommendations • Fraud, Waste, and Abuse Hotline • Corrective Actions • Implementation • Validation 4 StatusFocus Area 2021, 2024Enterprise Risk Assessments 2Internal Controls Projects Completed 5Performance/Efficiency Projects Completed 133Policies Reviewed 52Recommendations Delivered 21Ethics Hotline Reports To Come in 2025 Recommendations Validated Internal Audit Program Review 2024 Enterprise Risk Assessment 6 As the City’s internal auditor, Moss Adams conducted its triennial Enterprise Risk Assessment (ERA). The ERA was conducted between December 2023 and May 2024 and focused on identifying, categorizing, and evaluating risks that may interfere with the City’s ability to achieve its mission. Assessing Risks 7 Risk Assessment Results 8 O VERALL R ISK L EVELRISKCATEGORY HighFunding and Economics Moderate to HighCapital Improvement Program Moderate to HighCompliance and Financial Reporting Moderate to HighHuman Resources Moderate to HighPlanning and Strategy ModerateAsset Management ModerateGovernance ModerateInternal Controls ModerateManagement and Leadership ModerateOperations and Service Delivery ModerateOrganization and Staffing ModeratePolicies and Procedures ModerateProcurement and Contracting ModerateReputation and Public Perception ModerateRisk Programs Low to ModerateAccounting and Finance Low to ModerateEthics and Fraud, Waste, and Abuse Low to ModerateInformation Technology Low to ModeratePublic Safety and Security TrajectoryPreparednessLikelihoodImpact FlatModerate to HighHighHighFunding and Economics High Risk Categories 9 TrajectoryPreparednessLikelihoodImpact Increasing – LowLow to ModerateModerateModerate to HighCapital Improvement Program FlatLow to ModerateModerate to HighModerateCompliance and Financial Reporting Increasing – LowModerateModerate to HighHighHuman Resources Increasing – Low ModerateModerate to HighModeratePlanning and Strategy Moderate to High Risk Categories 10 1. Grants Management Internal Controls Review Assess the internal controls in place over the City’s grants management activities (including applications, review, administration, and reporting). (16 weeks, $25,000) 2. Special Revenue Fund Process Review Document the process used for special revenue fund accounting, identify gaps compared to best practices, and conduct testing of prior years’ accounting. (16 weeks, $18,000) 3. Recommendation Validation Process Establishment Inventory prior internal and external audit recommendations, collaborate with City staff to develop a tracking mechanism and process to report and validate recommendation implementation. (20 weeks, $10,000) 4. Ongoing Internal Audit Services Attend Audit Committee and Council meetings, prepare status reports, manage internal audit program, and monitor FWA hotline. ($7,000) Recommended Internal Audit Projects 11 The material appearing in this presentation is for informational purposes only and is not legal or accounting advice. Communication of this information is not intended to create, and receipt does not constitute, a legal relationship, including, but not limited to, an accountant-client relationship. Although these materials may have been prepared by professionals, they should not be used as a substitute for professional services. If legal, accounting, or other professional advice is required, the services of a professional should be sought. 12 • Government Finance Officer’s Association (GFOA) •GFOA Best Practices Guide on Audit Committees • Institute of Internal Auditors •IIA Publication “The Audit Committee: Internal Audit Oversight” • U.S. Government Accountability Office (GAO) • American Institute of Certified Public Accountants • Association of Certified Fraud Examiners Resources