What is internal auditing?
Internal auditing is an
independent, objective assurance and consulting activity
designed to add value and improve an organization's operations.
It helps an organization accomplish its objectives by bringing a
systematic, disciplined approach to evaluate and improve
effectiveness of risk management, control and governance
What does the Internal Audit Section do?
Internal Audit Section evaluates effectiveness and program
compliance within the Department of Environmental Protection (DEP).
It provides analyses, research, recommendations, counsel and
coordinates activities that ensure accountability.
Internal controls are policies and
procedures designed to minimize risks and provide reasonable
assurance regarding the achievement of objectives in the
following internal control categories:
- Effectiveness and efficiency of
- Reliability of financial reporting.
- Compliance with
laws and regulations.
Examples of internal controls include segregation of
duties, authorization of transactions, documentation to support
transactions and safeguarding IT resources and assets.
Under what authority are audits conducted?
Section 20.055, Florida Statutes (F.S.), governs the Office of
Inspector General (OIG) and establishes OIG as the central point
for coordination of and responsibility for activities that
promote accountability. Audits are conducted in accordance with
the current professional practice framework published by the
Institute of Internal Auditors (IIA). Where appropriate, the
Internal Audit Section adheres to the standards developed by the
Comptroller General of the United States and codified in the
Government Auditing Standards, Generally Accepted Auditing
Principles (GAAP) and Generally Accepted Auditing Standards (GAAS).
What types of issues do audits address?
are conducted to make sure adequate records are maintained,
funds are properly spent and amounts are properly recorded.
Examples include audits of state contracted funds to protect our
drinking water from petroleum contamination, audits of state
parks' fee collections, audits of personal cell phone
disbursements and audits of motor vehicle fleet maintenance.
How are audits and other projects
The Director of Auditing coordinates the
development of an annual Audit Plan. The process identifies the
audit universe (DEP programs) and selects topics using risk
assessment criteria. These topics are included in the plan and
scheduled for audit, based on risk prioritization methodology
and audit resources. Both a long range strategic and a one year
plan are included in the Audit Plan. In addition, the Internal
Audit Section responds to requests from DEP management at any
What are risk assessment criteria?
Risk assessment criteria includes management interest, prior
audit history, fraud and IT risk, and audit staff feedback.
Describe the steps used in
conducting an audit project.
The audit process involves planning the audit (which includes
completing a risk assessment), conducting fieldwork and writing
the report. Before a final audit report is issued, internal
reviews are conducted and an exit conference is convened to
discuss the draft report with program management. After the exit
conference, a preliminary report is provided to management,
which has 20 working days to submit a written response. Those
affected by the audit, pursuant to 20.055, F.S., are also
provided an opportunity to respond to the preliminary audit. The
final report includes the response received from management and,
if applicable, the substantially affected. Reports are prepared
and distributed to the Office of the Chief Inspector General,
the DEP Secretary, appropriate management, Office of the Auditor
General and other interested parties.
Does the audit section provide
services other than audits?
The Internal Audit Section provides a variety of services. In
addition to audits, staff reviews performance measures to
determine if measured data reporting is reliable and valid.
Other projects include organizational assessments, reviews,
investigation support, research, management advisory services
and review of annual single audits received by the agency. The
Internal Audit Section also designs projects to meet the needs
of DEP management.
How many audits and other projects are
conducted each year?
The Internal Audit Section completes more than 200 projects each
year that vary in length of time. On average, 70 audits and
reviews are completed each year.
large is the audit section?
The Internal Audit Section consists of twelve
staff, including eleven auditor positions and one supervisory
position. Three staff deal exclusively with the petroleum
storage tank cleanup program.
If DEP program staff
receive a single audit report from a local government or a non
profit organization, what should they do with it?
DEP program areas receiving single audit reports should review
procedures necessary to ensure grant compliance and then forward
the reports to the Office of Inspector General's Internal Audit
Section (Mail Station 41). The Internal Audit Section reviews
these reports to ensure compliance with federal and state
requirements. The Internal Audit Section will provide copies of
Schedules of State and Federal Awards to grant management for
comparison with program financial records. The Internal Audit
Section also reports significant findings relating to DEP grants
to program areas for management decisions and follow-ups.
I notified if my program, contract or grant is going to be
audited by the Internal Audit Section?
When an audit or review is initiated, the
Internal Audit Section notifies the subject or client of the
audit with an interoffice memorandum (internal subjects) or a
letter (external subjects). Internal Audit staff may also meet
with the subject or client to discuss the scope and objectives
of the audit or review. How will I know what the auditors find
during the audit? Prior to the end of fieldwork, the Internal
Audit staff will discuss the tentative findings with DEP
management responsible for the area being audited. A written
synopsis of the tentative findings may be provided to the
subject or client to correct any misunderstanding of the facts
involving the findings. Sometimes the client has additional
information that could change the auditor's perception of a
tentative finding. Questions regarding tentative findings can be
resolved through this process. For issues that remain
unresolved, the auditor will prepare a draft report of the audit
findings. A formal exit conference will be held to discuss
accuracy and content of the draft report.
How can I get
more information about the audit process?
For more information
about the audit process, see DEP Directive 260 or call the
Office of Inspector General at 850-245-3151.
How do I report
A person can report fraudulent activity in several ways. These
include in writing, telephone call, e-mail, or by reporting the
incident to the OIG or to any DEP supervisor. Below is a link to
the Office of Inspector General's reporting form, which is
recommended but not required.
Fraud Report Form [DOC - 102
- Mail form to: Office of Inspector General
3900 Commonwealth Boulevard, MS 41
Tallahassee, FL 32399-3000
- To speak with a member of the Office of Inspector
General call (850) 245-3151.
- Our office is located at:
Department of Environmental Protection
Office of Inspector
3800 Commonwealth Boulevard, (DEP Carr Building) Room