What We Do
Internal auditing focuses on identifying risks that threaten the ability of an organization to accomplish its mission. The Auditor’s Office conducts independent audits of city agencies to help mitigate identified risks in order to enhance efficiency and effectiveness, reduce costs, and improve the quality of services.
- Audit Reports
- Annual Audit Plan
- Audit Committee
- Audit Selection Process
- Auditor's Authority
- Additional Resources
The results of conducted audits are communicated through formal audit reports, which communicate findings and recommendations for improvement to the audited agency, oversight officials, and the public. Additionally, the Auditor’s Office conducts follow-up work to verify that corrective actions have been taken to address findings, and publishes follow-up reports.
Audits from 2015 – present can be found here.
Audits prior to 2015 can be found here.
The Annual Audit Plan is a list of potential audits of City departments, programs, or contracts developed from an ongoing process of assessing potential risks and collecting input from a variety of sources.
Determining What to Audit
A high-quality and transparent annual audit plan is critical for meeting the mission of the Denver Auditor’s Office. Developing the plan is an ongoing process, conducted by assembling ideas from a variety of sources, examining a broad range of City activities, and then assessing risk factors in tandem with some additional considerations. By evaluating potential audits from a variety of perspectives, the Auditor’s Office seeks to provide widespread audit coverage both in terms of the types of audits performed and the entities assessed. This approach results in a diverse list of departments, programs, activities, and contracts that are examined to determine the extent to which they are operating efficiently, effectively, and in accordance with program or contract requirements.
In developing a list of potential audits, ideas come from a variety of sources:
- Assessments of operations and controls derived from previous internal and external audits, including independent audits of the City’s Comprehensive Annual Financial Report (CAFR), the audit of federal compliance, and audit management letters;
- Input from the community, elected officials, Audit Committee members, operational management, and staff;
- Benchmarking against the audit priorities of other governmental entities;
- Consideration of current local events, financial conditions, major capital projects, and public policy issues; and
- Established industry risk-assessment criteria, including from the U.S. Government Accountability Office and the Institute of Internal Auditors.
A robust audit plan will assess a broad range of City activities, including:
- Organizational units within a City agency, such as a division or a department;
- Individual City programs and activities;
- Transaction cycles or processes that affect more than one City function or department, such as contract procurement and purchasing, cash handling, human resources, and/or information technology;
- Individual financial statement accounts and transactional areas, such as capital assets, leave liability, accounts payable, and payroll;
- City functions that operate similarly to for-profit entities, such as Denver International Airport and the Golf Enterprise Fund; and
- Contracts and agreements between the City and third parties.
Potential audits are identified and prioritized using a risk-based approach by examining a variety of factors that may expose the City to fraud, misappropriation of funds, liability, or reputational harm.
Accordingly, risk factors are assessed by reviewing:
- Size of department, program, activity, or contract
- Size of budget
- Compliance and regulations
- Pending or recent legislation
- Complexity of transactions
- Fiscal sustainability
- Critical IT systems, including hardware and software
- Management accountability
- Quality of internal control system
- Age of program, operation, or contract
- Audit history
- Public health and safety
- Critical infrastructure
- Short-term and long-term strategic risks
- Related litigation
- Relevant case law
- Emerging risk areas
Risk factors are periodically evaluated and modified as necessary. In tandem with risk-based considerations, some additional considerations also provide practical guidance in determining which audits to pursue. First and foremost, resource constraints within the Auditor’s Office inherently limit the amount of audit work performed in one year. Furthermore, deference is given to the unique interests and responsibilities of the Auditor as an elected official and the risks the Auditor identifies as a priority to serve the interests of the City and its people. After the plan is finalized, new information may come to light; situations, initiatives, priorities, and risks within the City may change. The flexible nature of the audit plan as a living document provides the discretion to change course when it is in the best interest of the City.
The Auditor’s Office extends its gratitude and appreciation to the Mayor’s Office, the City Council, the Audit Committee, members of the city’s operational management, and members of the general public for providing input on the 2017 Audit Plan and for supporting the general mission of our Office throughout the year.
Originally, the Auditor served as the general accountant for the City, maintaining the City’s financial records and paying City expenses, including payroll. However, in November 2006, Denver voters approved an amendment to the City Charter, changing the duties of the Auditor that had been in place since 1904. Based on this Charter revision, accounting and payroll functions moved to the Controller’s Office under the Chief Financial Officer in June 2007. This revision plus other ordinances authorized the Auditor to conduct audits of any entity using City dollars. Today, Denver’s Auditor oversees one of the most structurally independent government audit functions in the country.
Several key components serve as the cornerstone for Denver’s auditing framework. These elements provide the Auditor with the independence that results in the Office’s ability to conduct high-impact audits.
- Elected Auditor ― The City and County of Denver has an elected Auditor who is independent from all other elected officials and operational management.
- Audit Committee ― The City Charter establishes an independent Audit Committee, chaired by the Auditor, with six other members appointed by the Mayor, City Council, and Auditor.
- Comprehensive Access ― City Charter and Municipal Code authorize the Auditor to have access to all officers, employees, records, and property maintained by the City and County of Denver, and to all external entities, records, and personnel related to their business interactions with the City.
- Audit Response Requirements ― City ordinance requires that audited City and County departments formally respond to all audit findings and recommendations, establishing the Auditor’s Office’s ability to work in conjunction with these departments while maintaining its independence.
- Adherence to Professional Audit Standards ― The Auditor’s Office conducts all audits in accordance with Generally Accepted Government Auditing Standards promulgated by the United States Comptroller General.