The following criteria are considered when selecting audit areas:
- potential savings or improvement
- interest of Council or public
- evidence of problems
- potential for loss or risk
- time since last audit
- quality of performance measures
- audit staff resources
How is an audit conducted?
The department director receives written notice of the audit start and an introductory meeting is scheduled with the management team. At the meeting, the auditors who will be conducting the audit are introduced and the purpose, process, and timeline of the audit are explained. The auditors make arrangements for access to information systems and key personnel. They can also gain a general understanding of program areas and results, as well as the any problems or concerns management might have.
Audits follow three basic phases: Survey, fieldwork and reporting.
The survey phase of the audit is a general look at all the operations of the department or program. The audit team reviews all the available information about the program and professional literature and conducts interviews with staff and others with knowledge about the operation and results of the program. Typically, the team meets with management initially, then staff directly involved with providing services later. This is to first gain a broad understanding of the program and proceed to a more complex understanding. Many times, the team will "ride along" with line staff to get a "hands-on" perspective.
During this phase, the auditors determine if there are areas that could benefit from in-depth analysis. At the end of survey, the auditors brief department management, describing their audit work, issues identified during the survey, and areas needing further audit work.
If significant issues have been identified during survey, the audit team will then begin more detailed information gathering. Auditors will focus their work to obtain an in-depth understanding of the issues. At the end of fieldwork, auditors meet again with department management to review results.
The audit report communicates the findings and recommendations. It is carefully prepared and information validated. Each fact is checked by an auditor uninvolved in the audit work. Once this is completed, auditors provide a draft to department management for their review. The auditors meet with managers to discuss the report to insure that the information is clear and accurate. The draft may be modified in response to the feedback and comments. The final report is a public document. It is posted on the website and presented to the Council. Management's formal written response is included in the final report, and management is invited to join the Metro Auditor in presenting Council with the findings, recommendations, and actions taken.
Have an idea for an audit?
The Metro Auditor welcomes suggestions for future audits, suggestions for improvements in Metro's services or kudos for jobs well done. Suggestions can be made by calling 503-797-1892 or by email to firstname.lastname@example.org.
Contacts to the Office of the Auditor, either via email or telephone, may be anonymous. We encourage you to give your name and telephone number as it enables us to follow up on your suggestion, if necessary. If confidentiality is a concern, let us know.
Public records law
It is the Auditor's policy not to disclose the individual source of suggestions. However, email, phone messages and documents sent to the Auditor are considered "public records" and may be subject to disclosure when requested.
Public records law allows some exemption from this disclosure requirement, such as, "information submitted to a public body in confidence and not otherwise required by law to be submitted, where such information should reasonably be considered confidential, the public body (Metro Auditor) has obliged itself in good faith not to disclose the information, and when the public interest would suffer by disclosure."
The Auditor takes the position that suggestions or information that comes to the Auditor, via email or other means, with a request for anonymity meet the exemption criteria if such data is not otherwise required by law to be disclosed.
However, this is a legal matter that must be evaluated on a case-by-case basis.
Learn more about Oregon public records law on the State of Oregon website