Audit Resources

The Governor’s Office provides training, including best practices and management tools, to state agencies to help them host performance audits. GMAP staff also provide advice and assistance to agencies throughout the audit process and help coordinate the agency’s written response. Following an audit, GMAP staff assist agencies with reporting on their audit action plan at GMAP forums.

For questions, please contact Kimberly Cregeur at (360) 902-0888 or via email.

Best Practices
Management Tools
Standards and Protocols
Examples

Best Practices

Surviving a Performance Audit. Secretary Mary Selecky and Assistant Secretary Laurie Jinkins of the Department of Health gave this presentation at the Governor’s Leadership Conference on November 6, 2007. The DOH performance audit is considered a model audit by both the administration and the State Auditor’s Office. This is our first “real life” example of how to host a successful I-900 performance audit.

How to Host a Performance Audit: Helpful Tips and Best Practices. This report explains the phases of an audit and provides tips and best practices for each phase. There is also a summary PowerPoint training based on the report.

Best Practices for Entrance Conferences. At the start of an audit, the auditors will meet with agency staff for an entrance conference. This document includes four best practices for agencies to consider for the entrance conference.

Management Tools

We recommend agency liaisons use the following templates to track and monitor data requests, possible issues, and agency resources.

• Data request sheet
• Issue log
• Resource tracking sheet

Guidelines for Reporting on Performance Audit Action Plans. After an audit is completed, the audited agency will provide status reports on the action plan during regularly-scheduled Governor GMAP forums.

Standards and Protocols

Yellow Book Standards. Audits conducted by the Joint Legislative Audit and Review Committee and the State Auditor’s Office are governed by specific audit standards. These standards pertain to both financial and performance audits and are issued by the United States Government Accountability Office. These Generally Accepted Government Auditing Standards are also known as GAGAS, or Yellow Book standards.

Statewide Protocols. The Auditor’s Office issued protocols that cover all of their audits for both state and local government. Agency staff should become familiar with the contents to understand expectations for both audit and agency staff.

Issue Resolution. This protocol document was created in November 2006. It outlines the formal issue resolution process between agencies and the State Auditor’s Office. Its principles also are applicable to issue resolution with other auditing entities.

Examples

Data confidentiality agreement. Some audit topic areas will require access to sensitive or confidential information. A data confidentiality agreement helps safeguard the auditors, the agency, and protected information.

Agency’s written response for an audit report. Audit reports include a written response by the agency to the findings and conclusions in the report. The response should be coordinated, constructive, succinct, and include an action plan to address findings.

Agency action plan.  Agencies create an action plan to address findings in the performance audit report.  An action plan should include who should do what by when.  This example also includes whether the action recommended in the report can be completed within existing resources or authority.

Agency handout for the public hearing. I-900 audits require a public hearing. Agencies are encouraged to provide a one-page handout for legislative members that focuses on the steps being taken to address audit findings.