IIA Professional Standards require the Internal Audit function to create an Annual Audit Plan based on a documented risk assessment. The Annual Audit Plan is a measurable, yet flexible commitment to performance and provision in a formal document approved and issued by the City Controller. The Audit Plan is derived from, and connects to, the identified risks associated with an Enterprise Risk Assessment, which includes a universe of auditable entities. The Plan may be amended with the approval of the City Controller. (For more information on Audit Planning and Risk Assessments, see Procedures 220.10, 220.20, and 220.40.
Below is the current Annual Audit Plan and Plans of the 4 previous Fiscal Years: