Ideas Worth Sharing: Your Department Has Been Selected for an Audit

Posted on January 4, 2017

In this series, ELGL members share initiatives, policies, and programs that are transforming local government. Sign up here to share your idea. Previous articles include  addressing homelessness in Los AngelesFine Tuning Coppell with the SEED Leadership, A Community Effort in America’s Most Diverse City, and Using Open Data to Engage the Community in Indianapolis

By: Sam Naik (LinkedIn), Office of the City Auditor, TX, City of Austin

So your department, office, division, or program has been selected for an audit. You and your coworkers might be worried that a team of humorless scolds is coming by to tell you how to do your jobs. But have no fear! As auditors, our job is to work with you to make whatever you do more efficient and effective, so that all of us can provide the best service possible to our residents. Also, we have a great sense of humor.

I wanted to write this post for ELGL to help other local government employees understand what auditors do, what the audit process looks like, and how the auditee (which can be anything from an entire department to just a single fee) fits in.


The first thing you should know is that most organizations that audit government entities operate under generally accepted government auditing standards (GAGAS). These standards are created by the federal Government Accountability Office (GAO) and published as the Government Auditing Standards, better known as the Yellow Book. These standards set out requirements for every part of an audit, from auditor independence (you can’t audit a department if your brother is the director) to reporting confidential information (don’t do it, but say that you had to leave it out).

The standards also require that we get ourselves audited every three years through a peer review process. My office is a member of the Association of Local Government Auditors (ALGA), and every three years they send three auditors from other local government audit offices to look over our past work and make sure we’re following standards.


The first (and usually longest) stage of any audit is planning. Planning is all about gathering information and assessing what possible problems (or risks, as we call them) exist in the auditee so that we can decide what we’re going to look at more closely in the next stage.

As auditors we can gather some of this information ourselves from budget documents, government websites, and other sources. But to learn what’s really going on, we need to speak with the people who do the work every day. We’ll usually meet with employees individually. In the planning stage, we might ask you things like:

  • Can you help us understand what you do?
  • Can you describe how [the process being audited] works?
  • Are there any other people in your department or elsewhere in the organization you think we should talk to?
  • Are there any issues we didn’t ask you about that you think we should look into?

Once we’ve gathered enough information to decide what the biggest risks are, we move on to fieldwork.


In the fieldwork stage, we perform testing on the big risks we picked at the end of planning. These tests can be very mundane (reviewing receipts to see if the office collected all the fees it was supposed to) or very elaborate (calling other contractors to compare their rates to the rate on the actual contract). Testing allows us to obtain evidence – information we can clearly document and trust. We use this information in the report that comes in the final stage.

During fieldwork, we’ll probably ask you for documentary or physical materials for us to test. We might ask for receipts for a set of cases that we selected, or a list of all incident reports over the past year and how long it took to resolve each one. We might just ask you to show us in person how you do part of your job.

Once we’ve finished our testing, we’ll come back to you and show you what we think looks wrong – you can tell us if it actually is. Once you’ve agreed with us on what’s wrong, we’ll use that to develop findings. A finding contains four elements that summarize the problem: condition (what’s happening), criteria (what should be happening), cause, and effect. These findings make up the report. We also create recommendations that address the cause in each finding.


In the last stage of an audit, we write and present a report of our findings. Audit shops vary in how long their reports are – in Austin we try to keep ours under five pages, but I’ve seen reports from other cities over sixty pages! Once we’ve developed a draft report and draft recommendations, we meet with you to make sure you agree with what we found and what we’re recommending. If not, we work with you to get to that agreement. Management from your department will then send us a response to those recommendations. In their response, they’ll tell us whether they agree with the recommendations and, if they do, how they’re going to implement them

After that, all that remains is to present the report. In most cases, this means giving a presentation to an audit committee of the governing body (City Council, County Commission, etc). Management from your department will usually present with us so they can be on hand to answer questions about how the auditee is going to proceed.


Implementing the recommendations from an audit is what gives our work value – if we find out something’s not working but no one tries to fix it, all we’ve done is waste paper. To check if those recommendations are being put into place, we conduct follow-up audits. We use the original management response as our basis for the follow-up – we check if they did what they told us they would do.

Although each audit shop does follow-up differently, here’s how we do it in Austin: every year we select a set of recommendations we consider to be high risk (if they weren’t implemented, big problems would persist) and reach out to the responsible departments. If the department tells us they implemented the recommendation, we try and get proof. Depending on the recommendation, this could be as simple as asking for a copy of the policies and procedures we recommended they create or as complex as doing the fieldwork we did in the actual audit over again to make sure there are no problems. After that, we follow the normal reporting process.

I hope this has helped you understand a bit better what it means to be audited – mainly, that we’re not out to get you. We’re here to help.

Close window