Specifications include, but are not limited to: develop an annual risk assessment of City operations. This assessment will identify and evaluate risks; evaluate the effectiveness and sustainability of existing controls; ensure additional controls are implemented if risks are too high; and prioritize further resources (audits) if needed. The selected firm shall develop an annual audit plan for the upcoming year based on the risk assessment findings. The audit plan shall identify the audits to be completed by the selected firm and the City’s internal auditor. The selected firm shall provide the City’s internal auditor the estimated audit hours and cost for each audit to be completed by the firm. The risk assessment and audit plan shall be presented at a meeting of the Audit Committee and City Council, either in person or remotely. In coordination with the City’s internal auditor, the selected firm shall test and evaluate projects based on the audit plan. At the conclusion of each evaluation completed by the selected firm, an audit report will be provided verbally, either in person or remotely, by the selected firm to the Audit Committee and City Council (separately). At a minimum, the report shall include the objective, background, significant findings of risk exposure and/or control deficiencies, recommendations for correcting each significant finding, and management’s response to the recommendations. The selected firm shall also provide guidance and feedback to the City’s internal auditor to ensure their audit objectives are achieved and quality is assured. In the event the selected firm believes there is fraud and/or theft that has been or may have been committed, the selected firm must immediately notify the chair of the Audit Committee or the City’s internal auditor.
