What is internal auditing?
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve effectiveness of risk management, control and governance processes.

What does the Internal Audit Section do?
The Internal Audit Section evaluates effectiveness and program compliance within the Department of Environmental Protection (DEP). It provides analyses, research, recommendations, counsel and coordinates activities that ensure accountability.

What are internal controls?
Internal controls are policies and procedures designed to minimize risks and provide reasonable assurance regarding the achievement of objectives in the following internal control categories:

• Effectiveness and efficiency of operations.
• Reliability of financial reporting.
• Compliance with laws and regulations.

Examples of internal controls include segregation of duties, authorization of transactions, documentation to support transactions and safeguarding IT resources and assets.

Under what authority are audits conducted?
Section 20.055, Florida Statutes (F.S.), governs the Office of Inspector General (OIG) and establishes OIG as the central point for coordination of and responsibility for activities that promote accountability. Audits are conducted in accordance with the current professional practice framework published by the Institute of Internal Auditors (IIA). Where appropriate, the Internal Audit Section adheres to the standards developed by the Comptroller General of the United States and codified in the Government Auditing Standards, Generally Accepted Auditing Principles (GAAP) and Generally Accepted Auditing Standards (GAAS).

What types of issues do audits address?
Audits are conducted to make sure adequate records are maintained, funds are properly spent and amounts are properly recorded. Examples include audits of state contracted funds to protect our drinking water from petroleum contamination, audits of state parks' fee collections, audits of personal cell phone disbursements and audits of motor vehicle fleet maintenance.

How are audits and other projects selected?
The Director of Auditing coordinates the development of an annual Audit Plan. The process identifies the audit universe (DEP programs) and selects topics using risk assessment criteria. These topics are included in the plan and scheduled for audit, based on risk prioritization methodology and audit resources. Both a long range strategic and a one year plan are included in the Audit Plan. In addition, the Internal Audit Section responds to requests from DEP management at any time.

What are risk assessment criteria?
Risk assessment criteria include management interest, prior audit history, fraud and IT risk, and audit staff feedback.

Describe the steps used in conducting an audit project.
The audit process involves planning the audit (which includes completing a risk assessment), conducting fieldwork and writing the report. Before a final audit report is issued, internal reviews are conducted and an exit conference is convened to discuss the draft report with program management. After the exit conference, a preliminary report is provided to management, which has 20 working days to submit a written response. Those affected by the audit, pursuant to 20.055, F.S., are also provided an opportunity to respond to the preliminary audit. The final report includes the response received from management and, if applicable, the substantially affected. Reports are prepared and distributed to the DEP Secretary, appropriate management, Office of the Auditor General and other interested parties.

Does the audit section provide services other than audits?
The Internal Audit Section provides a variety of services. In addition to audits, staff review performance measures to determine if measured data reporting is reliable and valid. Other projects include organizational assessments, customer satisfaction surveys, reviews, investigation support, research, management advisory services and review of annual single audits received by the agency. The Internal Audit Section also designs projects to meet the needs of DEP management.

How many audits and other projects are conducted each year?
The Internal Audit Section completes more than 200 projects each year that vary in length of time. On average, 40 audits and reviews are completed each year.

How large is the audit section?
The Internal Audit Section consists of twelve staff, including eleven auditor positions and one supervisory position. Four staff deal exclusively with the petroleum storage tank cleanup program.

If DEP program staff receive a single audit report from a local government or a non profit organization, what should they do with it?
 DEP program areas receiving single audit reports should review procedures necessary to ensure grant compliance and then forward the reports to the Office of Inspector General's Internal Audit Section (Mail Station 41). The Internal Audit Section reviews these reports to ensure compliance with federal and state requirements. The Internal Audit Section will provide copies of Schedules of State and Federal Awards to grant management for comparison with program financial records. The Internal Audit Section also reports significant findings relating to DEP grants to program areas for management decisions and follow-ups.

How am I notified if my program, contract or grant is going to be audited by the Internal Audit Section?
When an audit or review is initiated, the Internal Audit Section notifies the subject or client of the audit with an interoffice memorandum (internal subjects) or a letter (external subjects). Internal Audit staff may also meet with the subject or client to discuss the scope and objectives of the audit or review. How will I know what the auditors find during the audit? Prior to the end of fieldwork, the Internal Audit staff will discuss the tentative findings with DEP management responsible for the area being audited. A written synopsis of the tentative findings may be provided to the subject or client to correct any misunderstanding of the facts involving the findings. Sometimes the client has additional information that could change the auditor's perception of a tentative finding. Questions regarding tentative findings can be resolved through this process. For issues that remain unresolved, the auditor will prepare a draft report of the audit findings. A formal exit conference will be held to discuss accuracy and content of the draft report.

How can I get more information about the audit process?
For more information about the audit process, see DEP Directive 260 or call the Office of Inspector General at 850-245-3151.

How do I report fraudulent activity?
A person can report fraudulent activity in several ways. These include in writing, telephone call, e-mail, or by reporting the incident to any DEP supervisor. Below is a link to the Office of Inspector General's reporting form, which is recommended but not required.

Fraud Report Form [DOC - 102 KB]

• Mail form to: Office of Inspector General
  3900 Commonwealth Boulevard, MS 40
  Tallahassee, FL 32399-3000
  Phone: (850) 245-3151
• To speak with a member of the Office of Inspector General call (850) 245-3151.
• Our office is located at:
  Florida Department of Environmental Protection
  Office of Inspector General
  3800 Commonwealth Boulevard, (DEP Carr Building) Room 180
  Tallahassee, FL