What is internal auditing?
Internal auditing is an
independent, objective assurance and consulting activity
designed to add value and improve an organization's operations.
It helps an organization accomplish its objectives by bringing a
systematic, disciplined approach to evaluate and improve
effectiveness of risk management, control and governance
What does the Internal Audit Section do?
Audit Section evaluates effectiveness and program compliance
within the Department of Environmental Protection (DEP). It
provides analyses, research, recommendations, counsel and
coordinates activities that ensure accountability.
Internal controls are policies and procedures
designed to minimize risks and provide reasonable assurance
regarding the achievement of objectives in the following
internal control categories:
- Effectiveness and efficiency of
- Reliability of financial reporting.
- Compliance with
laws and regulations.
Examples of internal controls include
segregation of duties, authorization of transactions,
documentation to support transactions and safeguarding IT
resources and assets.
Under what authority are audits conducted?
Section 20.055, Florida Statutes (F.S.), governs the Office of
Inspector General (OIG) and establishes OIG as the central point
for coordination of and responsibility for activities that
promote accountability. Audits are conducted in accordance with
the current professional practice framework published by the
Institute of Internal Auditors (IIA). Where appropriate, the
Internal Audit Section adheres to the standards developed by the
Comptroller General of the United States and codified in the
Government Auditing Standards, Generally Accepted Auditing
Principles (GAAP) and Generally Accepted Auditing Standards (GAAS).
What types of issues do audits address?
Audits are conducted to
make sure adequate records are maintained, funds are properly
spent and amounts are properly recorded. Examples include audits
of state contracted funds to protect our drinking water from
petroleum contamination, audits of state parks' fee collections,
audits of personal cell phone disbursements and audits of motor
vehicle fleet maintenance.
How are audits and other projects
The Director of Auditing coordinates the development
of an annual Audit Plan. The process identifies the audit
universe (DEP programs) and selects topics using risk assessment
criteria. These topics are included in the plan and scheduled
for audit, based on risk prioritization methodology and audit
resources. Both a long range strategic and a one year plan are
included in the Audit Plan. In addition, the Internal Audit
Section responds to requests from DEP management at any time.
What are risk assessment criteria?
Risk assessment criteria
include management interest, prior audit history, fraud and IT
risk, and audit staff feedback.
Describe the steps used in
conducting an audit project.
The audit process involves planning
the audit (which includes completing a risk assessment),
conducting fieldwork and writing the report. Before a final
audit report is issued, internal reviews are conducted and an
exit conference is convened to discuss the draft report with
program management. After the exit conference, a preliminary
report is provided to management, which has 20 working days to
submit a written response. Those affected by the audit, pursuant
to 20.055, F.S., are also provided an opportunity to respond to
the preliminary audit. The final report includes the response
received from management and, if applicable, the substantially
affected. Reports are prepared and distributed to the DEP
Secretary, appropriate management, Office of the Auditor General
and other interested parties.
Does the audit section provide
services other than audits?
The Internal Audit Section provides
a variety of services. In addition to audits, staff review
performance measures to determine if measured data reporting is
reliable and valid. Other projects include organizational
assessments, customer satisfaction surveys, reviews,
investigation support, research, management advisory services
and review of annual single audits received by the agency. The
Internal Audit Section also designs projects to meet the needs
of DEP management.
How many audits and other projects are
conducted each year?
The Internal Audit Section completes more
than 200 projects each year that vary in length of time. On
average, 40 audits and reviews are completed each year.
large is the audit section?
The Internal Audit Section consists
of twelve staff, including eleven auditor positions and one
supervisory position. Four staff deal exclusively with the
petroleum storage tank cleanup program.
If DEP program staff
receive a single audit report from a local government or a non
profit organization, what should they do with it?
areas receiving single audit reports should review procedures
necessary to ensure grant compliance and then forward the
reports to the Office of Inspector General's Internal Audit
Section (Mail Station 41). The Internal Audit Section reviews
these reports to ensure compliance with federal and state
requirements. The Internal Audit Section will provide copies of
Schedules of State and Federal Awards to grant management for
comparison with program financial records. The Internal Audit
Section also reports significant findings relating to DEP grants
to program areas for management decisions and follow-ups.
I notified if my program, contract or grant is going to be
audited by the Internal Audit Section?
When an audit or review
is initiated, the Internal Audit Section notifies the subject or
client of the audit with an interoffice memorandum (internal
subjects) or a letter (external subjects). Internal Audit staff
may also meet with the subject or client to discuss the scope
and objectives of the audit or review. How will I know what the
auditors find during the audit? Prior to the end of fieldwork,
the Internal Audit staff will discuss the tentative findings
with DEP management responsible for the area being audited. A
written synopsis of the tentative findings may be provided to
the subject or client to correct any misunderstanding of the
facts involving the findings. Sometimes the client has
additional information that could change the auditor's
perception of a tentative finding. Questions regarding tentative
findings can be resolved through this process. For issues that
remain unresolved, the auditor will prepare a draft report of
the audit findings. A formal exit conference will be held to
discuss accuracy and content of the draft report.
How can I get
more information about the audit process?
For more information
about the audit process, see DEP Directive 260 or call the
Office of Inspector General at 850-245-3151.
How do I report
A person can report fraudulent activity in
several ways. These include in writing, telephone call, e-mail,
or by reporting the incident to any DEP supervisor. Below is a
link to the Office of Inspector General's reporting form, which
is recommended but not required.
Fraud Report Form [DOC - 102
- Mail form to: Office of Inspector General
Boulevard, MS 40
Tallahassee, FL 32399-3000
- To speak with a member of the Office of Inspector
General call (850) 245-3151.
- Our office is located at:
Department of Environmental Protection
Office of Inspector
3800 Commonwealth Boulevard, (DEP Carr Building) Room