The State Auditor’s Office regularly audits 168 state agencies, boards and commissions ranging from the largest departments, such as the Department of Social and Health Services, to small boards and commissions. State agencies include all public colleges and universities in Washington. The State Auditor's Office also audits more than 2,000 local governments ranging from the largest counties to the smallest special-purpose districts. The timing and scope of audits are based on risk analyses that consider such factors as size, analytical procedures and prior audit history.
Communication between the Auditor's Office and entities makes the audit process smoother and more efficient.
The State Auditor's Office is committed to maintaining positive relationships and open communication with all entities we audit. Communication may take several forms, including meetings between the Washington State Auditor or designees and the entity's executive or designees to discuss items of concern or public interest.
The Auditor's Office will designate a primary point of contact to be available throughout the audit to respond to the entity's requests for information on the status of work or concerns about the work's scope or approach. In turn, the Auditor's Office expects each entity to designate a point of contact who has appropriate knowledge about the entity's relevant programs and is able to facilitate timely completion of the audit.
The entity-designated audit liaison will facilitate meetings such as entrance and exit conferences, identify and ensure that the Auditor's Office meets with the appropriate entity representatives, resolve issues and coordinate entity responses to draft audit recommendations. The entity's liaison also facilitates other audit-related requests.
The Auditor's Office will establish with the audit liaison or entity management a schedule to discuss audit status and other relevant issues identified throughout the audit, including changes in the scope or objectives.
The entity's audit liaison plays an important role in communicating the entity's understanding of audit related matters. The Auditor's Office values the independence of internal auditors and recommends that entities assign others to act as liaisons. The audit liaison must have knowledge and familiarity of the audit scope and objectives and be accessible to the audit staff.
What Clients Can Expect
- Clear explanation of the audit's scope and objectives.
- Open and frequent communication throughout the audit.
- A chance to respond to the potential findings and recommendations and to have that response incorporated into the audit report.
- The Auditor's Office will treat confidential information with the same care that is required of the audited entity.
- An audit conducted in accordance with GAGAS. A thorough and understandable audit report.
What We Expect From Clients
- Timely response to meeting requests.
- Timely and unhindered access to data, records, employees and officials.
- Timely management response to audit findings and recommendations.
- Raising any questions or concerns about audit issues before findings and recommendations are developed.
- Instituting recommendations to improve accountability and open government for the citizens of Washington.
Top of page
Access To Records
In order to carry out the responsibilities of the State Auditor, state law requires unhindered and timely access to all entity records, whether in a paper, film or electronic format. The State Auditor should not be charged a fee by an entity to obtain records.
Timely and unhindered response to requests for information makes the audit process more streamlined and cost effective, which benefits the audited entity, the Auditor's Office and the public.
The State Auditor's Office has the authority by law to subpoena records that are needed to conduct an audit. However, this is the last, and most costly, option that will be pursued by the Office.
Top of page
The State Auditor's Office and any of its contractors give confidential information the same level of protection that is required of the agencies being audited.
Employees of the State Auditor's Office are required to maintain confidentiality regarding personal data in accordance with the Governor's Executive Order 00-03, unless that information is subject to disclosure under the state Open Public Records Act, Chapter 42.56 RCW. Exemptions to disclosure may be found in the Act and in other sections of state law.
The audited entity may request the Auditor's Office to enter into data sharing or confidentiality agreements when audits involve sensitive data or issues. Such requests will be considered by the Office on a case-by-case basis.
When responding to a public records request after an audit report is issued, audit documentation will be thoroughly reviewed to determine if it contains information exempt from disclosure.
All items exempt from disclosure will be redacted prior to their release. Any applicable exemption will be specifically identified. Appeals of denials of public records may be made to the state Attorney General's Office.
Top of page
During the course of the audit, issues may arise that require a discussion between the audited entity and the Auditor's Office.
Any questions or concerns should be resolved as soon as they are identified, and, whenever possible, before the Auditor's Office has formulated findings, conclusions and/or recommendations.
The Auditor's Office encourages issue resolution to occur between the audit manager and the entity liaison. If resolution does not occur, the entity should contact the Director of Audit or the Director of Special Investigations. lf resolution at that level is not successful for audits of state entities, the Governor's Office will be asked to encourage cooperation from the entity. If the issue involves a local entity, that entity's legislative body, such as a city or county council, will be asked to encourage cooperation.
Top of page
The first stage of the audit consists of assessing risk and planning procedures that will address that risk. This stage occurs prior to the entrance conference.
To complete the risk assessment and the plan, auditors may need to interview or survey entity staff members to gain basic information about the entity, program or system that is being audited. In general, the auditor will directly contact entity staff to schedule interviews. The auditor may request assistance from the entity's audit liaison in contacting the appropriate entity personnel.
In addition, auditors may request the entity's assistance in accessing financial or other information for preliminary analytical procedures.
Prior to beginning on-site fieldwork, the Auditor's Office will notify the entity's liaison of the planned audit. At the liaison's request other parties within the entity will be notified. When the work involves more than one entity, the Auditor's Office will notify the individual entities of the intent to start such work. Notification will include:
- Type of audit.
- Program, fund or activity being audited.
- Estimated start date.
- Entrance conference target date.
- Audit team or contractor staff.
- Audit liaison with relevant contact information.
- Preliminary audit objectives and/or risk factors.
Top of page
Entrance conferences are the first in a series of opportunities for communication between auditors, state and local elected officials and the audited entity's management.
The Auditor's Office liaison will coordinate an entrance conference with the entity's audit liaison. The entity is expected to provide appropriate personnel or designees to attend the entrance conference in a timely fashion after the request by the Auditor's Office.
At the entity's expressed preference, the Auditor's Office will schedule all formal entrance conferences with the Audit Committee Chair.
At a minimum, auditors will address the following items during entrance conferences:
- Identification of the audit manager and other staff, including any contractors working on the audit.
- Auditor and contracted staff responsibilities.
- Key objectives and scope of the audit.
- Nature, timing and extent of planned field work.
- Procedures for keeping entity management informed of the audit's progress, including regular updates, changes in the scope or objectives, problems, potential findings and/or recommendations.
- Information requests that can be readily identified, such as data access or access to individuals.
- Expected timeline of the audit.
- The type of audit report to be issued and the level of assurance to be provided.
- Any concerns from the entity's management.
- Estimated audit costs (does not apply to performance audits).
- Communications required by professional auditing standards for audits of financial statements at local governments.
Top of page
Audit Progress Meetings
Progress meetings and pre-exit conferences will be scheduled as jointly determined by the State Auditor's Office and the audited entity. Information shared at such meetings may include status reports of the audit process, potential findings or recommendations and preliminary evidence.
If the audited entity has any concerns with any information presented, it must provide such concerns and any evidence in a timely fashion.
The intent of open communication between the Auditor's Office and the audited entity is to ensure that the audited entity is fully aware of all significant matters before the report is drafted.
Top of page
Exit conferences are routinely scheduled between the Auditor's Office, the audited entity management and state and local elected officials.
Exit conferences are held before the Auditor's Office issues the final audit report. Items that are not significant enough to include in the report but that provide stronger internal controls or promote operational efficiency may be communicated in a management letter or as an exit item.
The Auditor's Office will coordinate the exit conference with the entity's audit liaison. The entity is expected to provide appropriate personnel or designees to attend the exit conference in a timely fashion after requested by the Auditor's Office.
At a minimum, the following items are addressed at the exit conference:
- The audit objectives, scope and methodology.
- Acknowledgement of areas where the entity has demonstrated significant improvements and areas with no concerns noted.
- Recognition of best practices, if identified.
- Draft findings and management letters. These items are considered final when the Auditor's Office publishes the report.
- Conclusions and recommendations
- Audit reports to be issued and the report process, including the timeline for entity response.
- Audit costs, if applicable.
Communication of significant issues to the governing body of local governments as required by professional auditing standards.
If the audited entity declines the formal exit conference, the reasons for not holding the conference will be explained in the audit documentation. The exit conference information will be communicated to the audited entity in writing in place of an exit conference.
Top of page
Final Report Notification
The Auditor's Office will give the audited entity an opportunity to review the draft audit report and provide a response prior to issuing the final report.
The audited entity generally is expected to provide a formal written response to findings, conclusions or recommendations, preferably in an electronic format. The time frame for the response is determined by the audit manager. The Auditor's Office establishes a reasonable period of time to respond to the audit report.
The Auditor's Office expects entities to provide a single response that concisely states agreement or disagreement with the audit findings, conclusions or recommendations. If an audited entity does not agree with audit findings or recommendations or believes action is not required, the response must include specific reasons why the entity will not take action.
For performance audits, responses will include the entity's plan for implementing recommendations, a contact person and an estimated date of completion.
Performance audit reports may also contain the views of officials who have oversight responsibility for the audited entity and those who are responsible for implementing audit recommendations. In such cases, the Auditor's Office encourages one unified response from all responsible officials.
The Auditor's Office may elect to print excerpts of lengthy responses and refer readers elsewhere for the complete text.
After the entity's response has been incorporated into the audit report or the deadline for entity response has passed, the Auditor's Office will notify the audit liaison or the entity executive of the report's scheduled release date.
Top of page
Audit Report Distribution
Each entity receives a copy of its audit report. Reports are also available at: http://www.sao.wa.gov/EN/Reports/Pages/default.aspx.
Top of page
Audit Report Resolution
State Financial, Federal Single And Accountability Audits
The Office of Financial Management is responsible for follow-up on audits of state agencies to ensure that corrective action is taken within six months of the issue of an audit finding. Agencies are expected to work closely with OFM to resolve findings. OFM annually reports the status of state agency audit resolution for the preceding year to the appropriate legislative committees, the State Auditor and the Attorney General by December 31.
The Auditor's Office will follow up during entity audits to determine if the prior audit's recommendations have been addressed or resolved. If issues have not been resolved, the Office will use its discretion to determine the level of reporting.
Local Government Audits
As a normal course of action, the Auditor's Office will follow up on previous findings during the next normally scheduled audit.
Initiative 900 requires that the state Legislature or corresponding local legislative body hold at least one public hearing within 30 days of the issue of a performance audit report to consider the findings of the audit and to receive comments from the public.
The audited entity is responsible for follow-up and corrective action on all performance audit findings and recommendations.
The Governor may require progress reports from any audited entity under her authority until resolution occurs.
Entities under the authority of an elected official other than the Governor may be required to provide progress reports until resolution has occurred. Additionally, an annual report will be submitted by the corresponding legislative body detailing the status of the resolution of the Auditor's recommendations.
The Joint Legislative Audit Review Committee will annually issue a report by July 1 detailing the status of the legislative follow up of the State Auditor's recommendations for state entities.
For local government entities, the responsibility lies with the corresponding legislative body. Reports will include justification for recommendations not followed and details of corrective action.
The Auditor's Office may request status reports from entities on specific audits or findings. Reports should be provided within 15 business days.
Top of page