2021 Audit Plan

Planned AuditsDescription

Auditor’s Letter

I am pleased to present the Denver Auditor’s 2021 Audit Plan for the City and County of Denver. Our city is facing challenges we never could have expected due to the COVID-19 pandemic, the resulting budget shortfalls, and the need to make systemic changes in government to support our diverse community. Our function as an independent agency assuring accountability for the people could not be more important.

Agencies are facing increased pressure to spend large amounts of emergency federal funding, cut local budgets where possible, move resources into programs where need is highest, and achieve all essential functions of local government while many are adjusting to working and supporting their families from home. Our office is ready to help ensure the city is properly managing program performance to continue delivery of essential services without losing necessary controls that protect against the misuse of public resources.

The independent audit function serves as a tool for good government, transparency, and accountability in the city. My office’s professional assessment of city operations acts as a safeguard for taxpayer dollars and as a reminder for every city agency to expect proper scrutiny.

As a certified public accountant, I am bound by a code of ethics and professional standards. In determining the Audit Plan, I bring the obligations of my professional license as well as the voters’ trust.

My office has crafted an Audit Plan that incorporates risk-based performance, financial, information technology, and contract compliance objectives into a variety of audits and informational reports for 2021. The plan delivers value and impact for Denver and will be conducted with the highest professional standards. The Audit Plan is a flexible document that may change throughout the year due to unexpected circumstances, as we saw in 2020 when COVID-19 impacted operations across the city.

Based on an overall risk assessment, I am pleased to share the important work we have for the year ahead. In 2021, our focus will be on helping our city recover effectively from the COVID-19 pandemic; address systemic racism through diversity, equity, and inclusion; and support the people in our community with the most need. Audits on our plan include the Department of Public Safety, Denver parks program management, COVID-19 relief funding and small business loans, and medical support and shelters for people experiencing homelessness.

I look forward to carrying out these audits to deliver independent, transparent, and professional oversight, thereby conserving the public’s investment in the City and County of Denver. I am committed to providing ongoing information on how tax dollars are spent and how government operates on behalf of everyone who cares about the city, including its residents, workers, and decision-makers.

I thank the residents of Denver for their support of a comprehensive Audit Plan. Please feel free to contact me at auditor@denvergov.org or 720-913-5000 with questions.

Sincerely,
Denver Auditor Timothy M. O’Brien, CPA

2021 Planned Audits

Public Safety

Denver Police Department Operations

This audit will assess the efficiency and effectiveness of the Denver Police Department’s management and operations. This may include a review of officer compliance
with department requirements, the Support Team Assisted Response program, information technology systems’ security, and other programs and initiatives.

Denver County Jail Renovation

This audit will assess the construction process and contract remodel of building 24 at the Denver County Jail.

Department of Finance

COVID-19 Relief Funding

This audit will look into the city’s financial control framework associated with funding for COVID-19 response efforts. This will include a review of CARES Act funding, FEMA funding, and any other funding associated with COVID-19 relief.

Denver Economic Development & Opportunity

Small Business Loans and Grants

This audit will assess the effectiveness and efficiency of providing small business loans and grants.

Clerk & Recorder's Office

Campaign Finance

This audit will review the internal controls and management associated with the city’s campaign finance processes and procedures.

Records Management

This audit will review the process and controls the Clerk and Recorder’s Office uses to store, track, and access records the office maintains.

Denver International Airport

Accounting and Finance Management

Planned audits involving the airport will evaluate the internal control environment associated with the financial functions at the airport.

Airport Parking Shuttle System

This audit will review the airport parking shuttle service contract for the economy of services provided.

PROPworks Revenue System

This audit will review the internal control environment around the PROPworks system, which the airport uses for multiple revenue streams. This may include an information technology general controls assessment.

Human Services

Child Welfare Placement

This audit will review the city’s oversight of out-of-home placement care services.

Cultural Facilities

Solid Waste Recycling

This audit is part of a series exploring city oversight and the efficiency, effectiveness, and financial operations of Scientific & Cultural Facilities District Tier 1 recipients under the cooperative agreements with the city.

Department of Transportation & Infrastructure

Solid Waste Recycling

This audit will review the efficiency and effectiveness of the recycling and composting program.

Department of Housing Stability

City Shelter

This audit will assess the efficiency and effectiveness of the city’s shelter system for people experiencing homelessness.

Public Health & Environment

Medical Examiner’s Office

This audit will review the Medical Examiner’s Office’s operations for efficiency and effectiveness, as activity in the office has recently increased.

Office of Children's Affairs

Scholarship Program – Voter-Approved Tax

This audit will review the college affordability tax scholarship program voters approved in 2018.

Denver Water

Denver Water

This audit will review the city’s legal relationship with Denver Water and accounts established by Denver Charter and ordinance.

Parks & Recreation

Park Management Plan

This audit will review the department’s five-year park management plan in response to 2018 ballot measure 2A.

Golf Enterprise Fund

This audit will assess operations and internal controls associated with the Golf Enterprise Fund. This may include the management of golf courses, clubhouses, and programs supported by the enterprise fund.

Technology Services
Network Access

This audit will review the change management and access controls that manage the citywide network.

Disaster Recovery The audit will review the IT systems disaster recovery plan to evaluate its ability to restore critical systems in a timely manner.
Cybersecurity

This continued assessment program examines the city’s vulnerability to cybersecurity attacks and security breaches, using information from previous results and addressing newly identified potential risk areas.

Vendor Management

This audit will review Technology Services’ vendor management activities. This may include a review of vendor negotiations, monitoring practices, and vendor management best practices.

Citywide

Contracting Practices

The continuation of this audit series will review the economy, efficiency, and effectiveness of the city’s complex contracting processes.

Transparency

This audit will review the timeliness, accuracy, and completeness of the city’s public notice requirements regarding issues and changes that impact Denver residents.

Diversity, Equity, and Inclusion

This audit will review the city’s approach to ensuring that diversity, equity, and inclusion are included in city programs, directives, and community outreach to the residents of Denver.

City Council Operations

This audit will review City Council operations and resources.

Grant Audits

The continuation of this audit series will review city grants for compliance with grant terms and expenditures. This will include assessing grants specific to COVID-19 relief. It may include a review of the effective and efficient use of the city’s financial system of record, Workday, to manage grant activity.

Medical Support for People Experiencing Homelessness

This engagement will review the effectiveness and efficiency of providing medical support services to people experiencing homelessness.

Workday Financial System Practices

This audit will review how effectively and accurately city agencies use Workday’s capabilities.

Remote Work

The city rapidly transitioned to remote work in March 2020 due to the COVID-19 pandemic. This engagement will review the framework the city created for the remote work environment, and the impacts it had on the city and workers.

Contracting Process for COVID-19 Response

This audit will review select contracts for goods and services associated with COVID-19 relief.

Contracts and Agreements

As required under Denver Charter, this continued audit series will review selected city contracts and agreements to evaluate and ensure performance, value, and proper city oversight.

Financial Audits

These audits will review city agencies’ accounting processes including assessing compliance with standards and internal control requirements. This may include reviews of specific transactions, accounts, and financial reporting practices.

Construction Audits

These audits will focus on different aspects of various construction projects and practices. Selections may include projects at the airport, city capital construction projects, or bond projects. Audits may include a review of the rules and regulations around construction, internal controls, and project management practices.

2021 Follow-Up Audits

All audits by the Auditor’s Office provide recommendations for improvement, to which the audited agency must agree or disagree. For recommendations that were agreed to by the responsible entity, we complete a follow-up audit after the agreed- upon recommendation implementation date. Each follow-up audit will assess the status and quality of implementation for each recommendation.

 

Plan Description

The vision of the Denver Auditor’s Office is to deliver value and impact for Denver by performing audits that follow the highest professional standards. Our mission is to deliver independent, transparent, and professional oversight — safeguarding and improving the public’s investment in the City and County of Denver. Our work is performed on behalf of everyone who cares about the city, including its residents, workers, and decision-makers.

The independent audit function is key to transparency and accountability in Denver’s government. Denver’s elected Auditor serves as a check and balance in the strong-mayor system. The Auditor and the Auditor’s Office provide an important and valued function for Denver, a responsibility that requires a high level of expertise and professionalism. The 2021 Audit Plan reflects Auditor O’Brien’s steadfast commitment to continuous improvement by enhancing the value, products, staffing, communications, and overall positive impact of the Denver Auditor’s Office on behalf of Denver’s residents, businesses, and visitors.

The Denver Charter states the Auditor shall conduct:

  • Financial and performance audits of the City and County of Denver in accordance with generally accepted government auditing standards;

  • Audits of individual financial transactions, contracts, and franchises; and

  • Audits of financial and accounting systems and procedures, including records systems, revenue identification, and accounting and payment practices, for compliance with generally accepted accounting principles, best financial management practices, and any applicable laws and regulations governing the financial practices of the City and County of Denver.

The 2021 Audit Plan ensures broad audit coverage throughout the city while also addressing specific performance, financial, contractual, information technology, and regulatory risks. According to the charter, the ultimate decision to perform any audit shall be at the sole discretion of the Auditor. Our approach to scheduling audits is flexible and subject to change throughout the year based on newly identified risks.

Integrated audits incorporate elements of performance, financial, and information technology auditing. This produces a more effective outcome through a holistic audit approach with a focus on improving governance, compliance, performance, and operations.

Integrated auditing incorporates diverse approaches:

  • Performance Auditing – We identify opportunities to improve the efficiency and effectiveness of city activities. Our performance audits also assess the viability or strength of the internal control environment of the city’s agencies and programs. We conduct policy analysis and evaluation and may assess the city’s ability to mitigate risk. We may also select performance audits that align with the city’s major strategic initiatives.
  • Financial Auditing – The 2021 Audit Plan continues our focus on the overall financial management and fiscal activities of the city. These audits will assess the financial internal control environment, compliance with city polices, financial governance, accounting and reporting practices, and high-risk financial transactions.
  • Information Technology Auditing – Our audits will continue to address identified information technology risks by focusing on the effectiveness of cybersecurity defense, data protection, and management of critical systems and applications.
  • Contract Compliance Auditing – The 2021 Audit Plan reflects a continued emphasis on auditing city contracts for compliance with contract terms and fulfillment of the scope of work.

As part of Auditor O’Brien’s original vision for the Auditor’s Office, the Audit Analytics Program expands the office’s risk assessment and auditing capability and continues leading- edge audit practices to provide greater value and impact. Using data science tools, our team sorts through large numbers of transactions and entire data sets to identify the highest risks, instead of relying entirely on sampling.

  • Audit Analytics – The Auditor’s Office uses quantitative and qualitative risk-finding analytics of audit-related data and applies techniques such as surveys or sampling methodologies to support audits of city processes and internal controls. Audit analytics can be used to ensure data is accurate, consistent, and complete; to identify, analyze, and create graphic visual representations of anomalies and patterns; to build statistical models; and to support audit teams as they synthesize analytical results in audit reports.
  • Continuous Auditing – Continuous auditing is an audit analytics method that allows auditors to directly connect with city data systems, use an entire data population rather than samples, and automate ongoing analyses of that data. These ongoing analyses of data systems
    are used to identify high-risk areas and test controls in the city’s financial and operational systems in a timely fashion. The information gained from continuous auditing helps inform audits and the annual risk assessment. It can help audit teams to improve efficiencies in planning and fieldwork by identifying trends and exceptions earlier than through traditional methods.

The city’s management is responsible for establishing internal controls to detect and prevent fraud for each city entity. Although fraud detection is not a primary responsibility of the Auditor’s Office, our audits consider the possibility that fraud, waste, or abuse may be occurring.

Audit follow-up activities are conducted for every audit to assess whether city personnel implemented the agreed- upon audit recommendations for improvement and impact.

The Auditor’s Office regularly issues follow-up audit reports to the Audit Committee and the City and County of Denver’s operational management on the status of audit findings and of our recommendations for improved business practices.

Our office measures the audit recommendation acceptance rate as an indicator of the degree to which the city is using information provided by our audit reports to mitigate identified risks and to enhance efficiency, effectiveness, and economy of operations.

Although the Auditor’s Office operates independently from other city entities, Auditor O’Brien and Auditor’s Office leadership meet regularly throughout the year with City Council members, the mayor, other elected officials, city agency leaders, neighborhood groups, and civic leaders to solicit input regarding risks. The objective of this strategy is to improve services and stewardship of city resources.

Determining What to Audit

Developing the annual Audit Plan is an ongoing process — conducted by assembling ideas from a variety of internal and external sources, examining a broad range of city activities and data, and then assessing risk factors in tandem with additional considerations. This approach results in a diverse list of agencies, programs, activities, and contracts that auditors examine to determine whether these are operating efficiently, effectively, and in accordance with the law and program or contract requirements. Some agencies could be audited more frequently than others depending on the assessed risks.

In developing a list of potential audits and other types of analyses, ideas come from a variety of sources:

  • Assessments of operations and controls in previous internal
    and external audit reports, including independent audits of the city’s Comprehensive Annual Financial Report, single audits, and audit management letters.
  • Input from community members, elected officials, Audit Committee members, external auditors, and agency managers and staff.
  • Consideration of current local events, financial conditions, major capital projects, and public policy issues.
  • Consideration of risks identified in other government audits that could emerge in Denver.

A robust audit plan assesses a broad range of city activities including:

  • Organizational units within a city agency, such as a division or a department;
  • Individual city programs and offices.
  • Transaction cycles or processes that affect more than one city function or agency, such as contract procurement, purchasing, cash handling, fines, taxes, and assessments or key technology processes.
  • Individual financial statement accounts or transactional activities, such as grant programs, construction in progress, tax- funded programs, and special revenue funds.
  • City functions that operate like for-profit entities, such as Denver International Airport and other entities associated with enterprise funds.
  • Contracts and agreements between the city and third parties.

Our office identifies and prioritizes potential audits and other assessments using a risk-based approach by examining a variety of factors that may expose the city to fraud, misappropriation of funds, liability, or reputational harm. Accordingly, risk factors are assessed by reviewing:

  • Significant changes that have occurred in the city.
  • Time since the last audit of an area.
  • Size of agency, program, activity, or contract.
  • Size of budget.
  • Compliance and regulations.
  • Pending or recent legislation.
  • Complexity of transactions.
  • Fiscal sustainability.
  • Critical information technology systems, including hardware and software.
  • Management accountability.
  • Quality of internal control systems.
  • Age of programs, operations, or contracts.
  • Public health and safety.
  • Critical infrastructure.
  • Short- and long-term strategic risks.
  • Related litigation.
  • Relevant case law.
  • Emerging risk areas.

We periodically evaluate and modify risk factors, as necessary.

After we finalize the Audit Plan, new information may come to light. As we experienced in 2020, unanticipated events may occur, and initiatives, priorities, and risks within the city may change. The flexible nature of the Audit Plan as a living document provides the discretion to change course when it is in the best interest of the city.

The Auditor’s Office extends its gratitude and appreciation to the Mayor’s Office, City Council, the Audit Committee, members of the city’s agency leadership, and members of the public for providing input on the 2021 Audit Plan and for supporting the general mission of our office throughout the year.

Auditor's Authority

The Denver Auditor’s Office provides independent oversight of how tax dollars are spent to fund the city’s many services, initiatives, and programs. Article V of the Denver Charter establishes this independence and provides for the Auditor’s general authority and duties. The charter also establishes the Audit Committee, through which we report our audit findings.

Our History – Originally, the Auditor served as the general accountant for the city, maintaining the city’s financial records and paying city expenses, including payroll. In November 2006, Denver voters approved an amendment to the city charter, completely changing the duties of the Auditor that had been in place since 1904. Based on this charter revision, accounting and payroll functions moved in June 2007 to the Controller’s Office under the chief financial officer. This revision, plus other ordinances, authorized the Auditor to conduct audits of any entity using city dollars. Today, Denver’s elected Auditor oversees one of the most structurally independent government audit functions in the country.

Several key components serve as the cornerstone for Denver’s auditing framework. These elements provide the Auditor with the independence that results in the office’s ability to conduct meaningful audits.

  • Elected Auditor – The City and County of Denver has an elected Auditor who is independent from all other elected officials and operational management.
  • Audit Committee – The Denver Charter establishes an independent Audit Committee, chaired by the Auditor, with six other members appointed by the mayor, City Council, and the Auditor.
  • Comprehensive Access – The Denver Charter and city ordinance authorize the Auditor to have access to all officers, employees, records, and property maintained by the City and County of Denver, and to all external entities, records, and personnel related to their business interactions with the city.
  • Audit Response Requirements – City ordinance requires that audited agencies formally respond to all audit findings and recommendations, establishing the Auditor’s ability to work in conjunction with these agencies while maintaining independence.
  • Adherence to Professional Audit Standards ― The Auditor’s Office conducts all audits in accordance with generally accepted government auditing standards published by the U. S. Comptroller General.