Attachment 1

Office of the City Auditor – 2008 Annual Work Plan

Office of the City Auditor

2008Annual Work Plan

Introduction

Bylaw 12424, City Auditor Bylaw, established the position of City Auditor and defined the powers, duties, and functions to be fulfilled by the person holding that position. The City Auditor is responsible for all internal auditing activities within City Programs and City Agencies. The City Auditor:

  • Provides independent, objective assurance and advisory services designed to add value and improve the City’s programs;
  • Assists the City to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes; and
  • Coordinates fraud investigation activities within City Programs or City Agencies.

Bylaw 12424 states that the City Auditor will submit to Council an Annual Work Plan for review and approval. The Annual Work Plan outlines the scope of work the Office of the City Auditor (OCA) intends to conduct during the year.

The OCA’s 2008 Annual Work Plan includes information describing audit projects within the following work categories:

Comprehensive Branch Reviews determine whether a department, service or program operates efficiently, effectively and economically and whether risks are minimized. Results from Branch Reviews should be used both by the Administration and by Council to assist them in improving the manner in which each Branch delivers its services as well as in helping to determine program priorities.

Prioritized Projects are areas where the OCA has determined that there are strategic, operational, governance, and project risks faced by an organizational unit that would benefit by an audit. All risk-based audits begin with identification of goals and risks that could keep the organization from reaching its goals.

Investigations are designed to prove or refute alleged fraudulent behaviour or misconduct by a City employee or other party. In the case of criminal acts, such as fraud, evidence must satisfy legal requirements before being turned over to the Edmonton Police Service. In June 2006, City Council approved City Policy C522, Fraud and Misconduct – Reporting, Investigation and Whistleblower Protection. This Policy incorporates a hotline as an additional channel for City employees to report suspected fraud and misconduct. The City Auditor will provide periodic reports to the Audit Committee related to overall hotline activity.

Cash-Handling Reviews determine whether cash resources are handled in a manner consistent with established City requirements and are appropriately safeguarded against loss.

Information Technology Reviews allow the OCA to provide proactive control-related advice and feedback during information technology systems development to ensure that appropriate safeguards are in place prior to implementation. Information Technology Reviews also include use of computer assisted audit techniques that allow the OCA to analyze large amounts of data on corporate systems. The OCA uses some of those techniques to provide ongoing monitoring to ensure that specific controls are working as intended.

Follow-up Reviews are normally conducted between six months and two years following the date management projected to complete their action plan(s). The purpose of these reviews is to ensure that management action plans have been satisfactorily implemented or addressed.

Emerging Issues are audits or studies that are not listed in the OCA’s Annual Audit Plan. These may be identified by the OCA during a scheduled audit, by City Council, by the Administration, or by a member of the public. As stated in the City Auditor Bylaw, with the exception of projects directed by Council, emerging issues will be addressed at the discretion of the City Auditor.

Corporate Projects are avenues used by the OCA to provide proactive involvement in corporate initiatives such as Freedom of Information and Protection of Privacy and the Environmental Management System. By serving on selected committees, the OCA is able to ensure that leading practice and control-related input receive appropriate attention throughout the project.

Overview of 2008 Work Plan

The OCA’s 2008 Annual Work Plan includes projects that address a wide range of areas and are consistent with the City Auditor’s guardian role and agent of change role. Potential audit projects were identified through suggestions from City Council members, Senior Management Team, members of City Administration, discussion with the City’s external auditor, observations made by audit staff during the course of 2007, and reviews of audits conducted in other jurisdictions. The OCA compiled a list of potential projects and through a risk assessment process, selected the highestpriority projects for inclusion in the 2008 Annual Work Plan.

The three branches the OCA has scheduledto complete comprehensive branch audits in 2008 are Human Resources Branch (Corporate Services Department), Planning & Policy Services Branch (Planning & Development Department), and Streets Engineering Branch (Transportation Department). By selecting these branches, the OCA ensures a strong presence in each department as it cycles through all City Branches. In the past few years, the OCA completed the following comprehensive branch reviews:

Assessment and Taxation Branch – Planning & Development Department

Development Compliance Branch – Planning & Development Department

Transportation Planning Branch – Transportation & Streets Department

Edmonton Transit – Transportation & Streets Department

Social & Recreation Services Branch – Community Services Department[1]

Mobile Equipment Services Branch – Corporate Services Department

Land & Buildings Branch - Asset Management & Public Works Department

The number of projects undertaken may be impacted by a need to adjust the scope of one or more audit projects planned for completion in 2008. Adjustments to the annual work plan will be made accordingly and changes in the number of projects that can be completed will be reported to the Audit Committee. The OCA plans to complete the following 30 projects in 2008.

# / Title / Description
Branch Audits
1 / Human Resources Branch / This branch audit is a carry forward from the 2007 Annual Plan. The audit began in the fall of 2007 and will be completed in 2008. Given demographic trends, global competitive pressures and skills shortages, the OCA will review the resource planning strategies and key activities that Human Resources has in place to attract, develop and retain a highly skilled workforce for the corporation.
2 / Planning and Policy Services Branch / The Planning and Policy Services Branch is responsible for the provision of a long term,comprehensive vision and related processes to ensure the efficient use of land through zoning increating a community that is safe, healthy, attractive, vibrant and sustainable, while meetingemerging community priorities and statutory requirements.
3 / Streets Engineering Branch / The Streets Engineering Branch operates and maintains a safe and reliable road network. Major activities include roadway maintenance, construction, roadway design, mapping and engineering services.
Prioritized Projects
4 / Ice Bookings / The OCA will review the City’s ice allocation and booking processes. This review will include assessing whether the process provides fair and equitable access to ice and offers a balanced program to citizens.
5 / 23 Avenue/Capital Project Process / The OCA will review the process that was followed on the 23 Avenue project. The review may include reviewing how the project was done, the conditions surrounding the project, reasonability of the timelines, approval process, tendering process and other relevant processes related to this project.
6 / Waste Collection Cost Comparison / This audit will entail a full cost comparison of contracted service delivery and City resourced service delivery as they relate to service levels. This would include the examination of cost elements including overhead costs, to be applied towards comparisons.
7 / Expense Claim Review / The OCA will review the City’s processes and controls over expense claim submissions and payments. This review will assess whether corporate policies and procedures are adequate and being followed.
8 / Fire Inspection Unit / The OCA will review the operationsof the Fire Inspection section to assess the adequacy of controls in the fire inspection process. This section does operate with the guidance of a Quality Management Plan.
9 / Fraud Awareness Training / Economic Crime Awareness courses were initiated in 1998 to make city employees aware of potential indicators of economic crimes and to report any suspicions through appropriate channels. In 2008, the OCA will work with the Administration and the Edmonton Police Service to redesign and enhance delivery of the fraud awareness training. This will include encouraging city employees to use the city’s reporting channels, including the Fraud and Misconduct hotline, when they witness or become aware of potential fraud or misconduct.
10 / Payroll - Employee Time Review & Approval / This audit will document and examine the payroll review and approval processes used throughout various city departments to provide assurance that staff are paid appropriately.
11 / Continuous Monitoring Application Development / Continuous monitoring is an audit methodology that leverages the use of technology to perform ongoing audit testing of 100 percent of transactions versus a sample of transactions to test controls. This project will identify and assess areas where this audit methodology could be applied and develop automated applications for those with the highest impact.
12 / Journal Vouchers - External Audit Assistance / The OCA will assist the City of Edmonton’s external auditors, Deloitte, in the audit of the City’s financial statements. We will be performing regular testing of journal vouchers throughout the year as part of the Financial Statement Audit.
13 / Financial Control Testing - External Audit Assistance / The OCA will assist the City of Edmonton’s external auditors, Deloitte, in the audit of the City’s financial statements. We will be performing Financial Control testing as part of the Financial Statement Audit.
14 / Financial Substantive Testing – External Audit Assistance / The OCA will assist the City of Edmonton’s external auditors, Deloitte, in the audit of the City’s financial statements. We will be performing financial substantive testing as part of the Financial Statement Audit.
15 / Financial Reporting Computer Testing – External Audit Assistance / The OCA will assist the City of Edmonton’s external auditors, Deloitte, in the audit of the City’s financial statements. We will be performing financial reporting computer testing as part of the Financial Statement Audit.
Investigations
16 / Investigation Projects / Investigations arise from tips received and/or field observations by OCA staff. The purpose of those investigations is to establish proof or refute allegations of fraudulent or unethical behaviour.
17 / Hotline Administration / In June 2006, City Council approved City Policy C522, Fraud and Misconduct – Reporting, Investigation and Whistleblower Protection. This Policy incorporates a hotline as an additional channel for City employees to report suspected fraud and misconduct. The City Auditor will provide periodic reports to the Audit Committee related to overall hotline activity.
Cash Handling Audits
18 / Parking Meter Revenues / The OCA will conduct a comprehensive process review of cash received from City parking meters and follow these amounts through to the Coin Processing Centre and ultimately into the Bank and the corporate accounting records (SAP).
19 / Coin Processing Centre / The OCA last reviewed the Coin Processing Centre in 1999. In 2008 we will conduct a full review of the Coin Processing Centre to assess the current level of compliance with established City policies and procedures and to evaluate the adequacy and effectiveness of controls. This will include reviewing the status of the recommendations made in the 1999 review.
Information Technology Projects
20 / Integrated Identity Management / The Information Technology Branch (ITB) has commenced a multi-year initiative with the goal of providing the ability for citizens and employees to access City information and services using a single identifier for authorized access to critical systems. The OCA will provide proactive risk and control related advice to the governance committee consisting of staff from the ITB, business areas and other corporate groups. The OCA’s overall objective will be to ensure that all potential risks have been identified, and automated and procedural controls have been implemented to minimize the risk of unauthorized access to City information and services.
21 / Information and Related Technology Control Framework / Effective management of information and related technology is critically important to the survival and success of an organization. The OCA will plan, organize and facilitate a risk and control re-assessment by the Information Technology Branch (ITB) using an international set of generally accepted Control Objectives for Information and Related Technology (COBIT). The last assessment was undertaken in 2004. It resulted in action plans and initiatives that have assisted the ITB in better responding to environmental and technology changes and complying with international standards.
22 / PeopleSoft Strategy / One of the projects identified in the Information Technology Branch’s 2007 – 2009 Business Plan is to develop a PeopleSoft Strategy and evaluate the future direction of PeopleSoft within the City’s human resource environment. The OCA will share its knowledge on risks and controls and provide proactive risk and control-related advice to the staff involved in this project.
Follow-up Reviews
23 / Internet Usage / A review to assess the degree of implementation of the four outstanding recommendations from the 2007 audit.
24 / Development Compliance Branch Review / A review to assess the degree of implementation of the 17 outstanding recommendations from the 2005 audit.
25 / Street Light Poles / A review to assess the degree of implementation of the three outstanding recommendations from the 2007 audit.
26 / Transit Information Centre Cash Handling / A follow-up review in 2007 observed that all of the recommendations contained in our original report are in progress, but not complete. As a result controls over cash handling have improved, but further enhancements are still necessary. The OCA will follow up on all of these recommendations again in the spring of 2008.
27 / EPS Governance Follow Up / A review to assess the degree of implementation of the remaining six outstanding recommendations from the 2007 follow-up review.
Emerging Issues
28 / Emerging Issue Projects / The OCA allocates hours for emerging issues (which includes special projects and changes in project scope) in each year’s audit work plan. If the OCA finds during the year that it doesn’t need a portion of the planned resources, then potential projects that did not make it into the work plan will be re-evaluated and undertaken as time becomes available. In the event that emerging issues require more resources than planned, we may defer some projects for consideration during development of our 2008 Audit Work Plan. As stated in the City Auditor Bylaw, with the exception of projects directed by Council, the City Auditor will address emerging issues at his discretion.
Corporate Projects
29 / FOIP Steering Committee / The OCA will continue its proactive involvement on the steering committee to provide risk and control-related input with the objective of providing assurance that a reasonable level of controls has been implemented or considered and to help improve the City's compliance with FOIP requirements.
30 / Environmental Policy Coordinating Committee / The OCA will continue its proactive involvement on the steering committee. The OCA’s role is to provide assurance that a reasonable level of controls have been implemented or considered and to help improve the processes being considered to ensure compliance with ISO 14001 environmental management system standards.

Report 2007OCA009 – Attachment 1 – Page 1 of 9

[1] In its 2005 Annual Work Plan, the OCA scheduled a comprehensive audit for the City-Wide Services Branch of the Community Services Department.Prior to the start of the audit, the City-Wide Services Branchwas merged with the Neighbourhood Social & Recreation Services Branchto form the Social & Recreation Services Branch. Consequently, the OCA’s audit scope expanded to coverwhat had previously been two branches within the Community Service Department.