2023 Audit Plan

Image of the City and County Building and the cover of the 2023 Audit Plan.

Auditor’s Letter

I am pleased to present the Denver Auditor’s 2023 Audit Plan for the City and County of Denver. As we continue our hard work on meaningful audits that are important to our community, I am also looking forward to the new projects in the year ahead.

This year’s Audit Plan once again incorporates risk-based performance, financial, information technology, cybersecurity, contract compliance, and audit analytics techniques into our integrated auditing approach. My team of professionals adheres to the highest standards and are recognized as leaders in the nation for local government auditing work. The Audit Plan delivers value and impact for Denver and will be conducted with the highest professional standards.

As with every year, some audits were started in 2022 and will be completed in 2023. These include our homeless encampments audit, a look at construction in the Great Hall at Denver’s airport, and our detailed look at child welfare placement. These audits were on the 2022 Audit Plan and remain a priority on the coming year’s plan while our work is ongoing.

Additionally, affordable housing, city shelters, and residential permitting remain high priorities in the community and will remain on my plan going forward. I also plan to renew my office’s efforts to examine the Denver City Council’s operations, despite significant challenges in working with council leadership. No government entity is above independent scrutiny and I intend to conduct this audit in alignment with the Generally Accepted Government Auditing Standards the people of Denver empower me to follow on every audit.

Meanwhile, I have added more projects to the plan in response to concerns from city leaders and my constituents. I am directing my audit teams to look at on-call contracts in the city to ensure proper oversight and accountability. I also heard from constituents who remain concerned about whether the city is living up to its goals to support disadvantaged businesses and businesses owned by women and people of color. Our audit work will assess whether this program is supporting Denver business owners equitably.

Our function as an independent agency assuring accountability for the people we serve could not be more important. Auditing can help ensure efficiency and effectiveness — and encourage equity — for programs and agencies across the city.

The independent audit function serves as a tool for good government, transparency, and accountability in the city. My office’s professional assessment of city operations acts as a safeguard for taxpayer dollars and is a reminder for every city agency to expect proper scrutiny.

Our audit recommendations are intended to help city agencies find ways to improve the work they do. When agencies take our work seriously and make expeditious changes, everyone wins.

As a certified public accountant, I am bound by a code of ethics and professional standards. In determining the Audit Plan, I bring the obligations of my professional license as well as the voters’ trust.

I am pleased to share the important work we have for the year ahead, which is based on a broad risk assessment.

The Audit Plan is a flexible document that may change throughout the year because of unexpected circumstances and emerging risks. In any year, changes could impact the Audit Plan due to the need for emergency audits, changes or delays in scheduling, or decreased risks because of changes and improvements within city organizations.

I look forward to the year ahead as we continue delivering independent, transparent, and professional oversight, thereby conserving the public’s investment in the City and County of Denver. I am committed to providing ongoing information on how public dollars are spent and how government operates on behalf of everyone who cares about the city, including its residents, workers, and decision-makers.

I thank the residents of Denver for their support of a comprehensive Audit Plan. Please feel free to contact me at auditor@denvergov.org or 720-913-5000 with questions. 

Sincerely,

Auditor's Signature

Denver Auditor Timothy M. O’Brien, CPA

2023 Planned Audits

Citywide

Homeless Encampments
This audit will evaluate Denver’s oversight of encampments of people experiencing homelessness. This may include reviewing program costs, encampment cleanup processes and costs, and community impact.

On-Call and Professional Services Contracts
This audit will review how the city procures and renews contracts with on-call and professional services vendors.

City Council

City Council Operations
This audit will review the Denver City Council’s operations and resources.

Clerk & Recorder's Office

Security of City Voting Systems
This audit will assess how well city voting systems comply with security requirements and how well the Denver Elections Division safeguards election equipment and data from cyber attacks. This may include reviewing system security policies and procedures, information technology general controls, and equipment-monitoring processes.

Denver Economic Development & Opportunity

Division of Small Business Opportunity
This audit will review hot the city certifies businesses owned by people of color, women, and other disadvantaged populations as part of the equity goals in the competitive contracting process.

Denver Fire Department

Paramedic Response Time
The audit will assess the response times of Denver Health’s ambulances. This may include reviewing Denver Health’s operating agreement with the city, response-time data, and industry standards.

Denver Human Services

Child Welfare Placement
This audit will review Denver County’s oversight of child protection and prevention services

Denver International Airport

Business Technologies Operations
This audit of the airport’s Business Technologies Division may include reviewing vendor negotiations, monitoring practices, policies and procedures, and vendor management best practices.

Great Hall Construction

This audit will review Denver International Airport’s construction management practices related to the ongoing Great Hall construction project.

PROPworks Revenue System
This audit will review the internal controls around the PROPworks system, which the airport uses for multiple revenue streams. This may include an information technology general controls assessment.

Denver Museum of Nature & Science

Scientific & Cultural Facilities District Tier 1

This audit is part of a series exploring city oversight and the efficiency, effectiveness, and financial operations of Scientific & Cultural Facilities District Tier 1 recipients under their cooperative agreements with the city.

Denver Police Department

Police Department Operations
This audit will assess the efficiency and effectiveness of the Denver Police Department’s management and operations. This may include reviewing of officers’ compliance with department requirements, programs and initiatives impacting public safety, and the security of systems.

Department of Community Planning and Development

Residential Permitting
This audit will assess the efficiency and effectiveness of the permitting process for residential dwellings.

Department of Finance

Employee Separation Process
This audit will review the city’s separation process for when employees leave their jobs with the city. This may include reviewing how accurately and timely the city pays out paid time off, sick time, and vacation time to former employees.

Journal Entries
This audit will review the city’s financial processes for journal entries. This review will assess city staff enter information into the city’s system of record from outside systems, as well as assess high-risk journal entries and the validity of account balances.

Department of Housing Stability

Affordable Housing
This audit will review how the department uses its funding for affordable housing projects. It may also assess the efficiency and effectiveness of how the department creates and manages such projects.

City Homeless Shelters
This audit will assess the efficiency and effectiveness of the city’s system for sheltering people experiencing homelessness.

Department of Public Health and Environment

Caring for Denver Foundation
This audit will review the oversight of the Caring for Denver Foundation. This may include reviewing fund management practices, compliance with city ordinance, and policies and procedures.

Department of Public Safety

Public Safety Systems and Applications
This audit will assess critical software applications that Public Safety staff use. This may include reviewing records management systems and information technology general controls, as well as how the department procures new applications and how it collaborates with the city’s Technology Services agency.

Department of Transportation & Infrastructure

Fleet Management
This audit will evaluate the city’s fleet management program. This may include reviewing how the city maintains and replaces city vehicles, internal controls over fuel distribution, and inventory management.

Office of Children’s Affairs

College Affordability Scholarship Program
This audit will review the tax-supported college affordability scholarship program Denver voters approved in 2018.

Office of Human Resources

City and County of Denver Self-Insured Drug Plan
This assessment will review the effectiveness of the city's self-insured drug plan. This may include reviewing costs associated with premiums, drug costs, plan accessibility, and how well the plan benefits city employees.

Technology Services

Network Access
This audit will review the change management and access controls that manage the citywide network.

Information Technology Risk Management
This audit will assess how well the city’s Technology Services agency and other city agencies maintain a risk management database. The audit will assess the city's compliance with its own risk management policy and compare the agency’s efforts with industry frameworks and best practices.

Audit Series (Citywide)

Cybersecurity
This continued assessment program examines the city's vulnerability to cybersecurity attacks and security breaches, using information from previous results and addressing newly identified potential risk areas. 

Construction Audits
This continued series of audits focuses on various risks in construction projects and Practices, such as rules and regulations around construction, internal controls, and project management practices. Selections may include projects at the airport, city capital construction projects, or bond projects.  

Financial Audits
These audits review city agencies’ accounting processes including assessing compliance with standards and internal control requirements. This may include reviewing of specific transactions, accounts, and financial reporting practices.

Contracts and Agreements
As required under Denver Charter, this continued audit series reviews selected city contracts and agreements to evaluate and ensure performance, value, and proper city oversight.  

Grant Audits
The continued of this audit series reviews selected city grants for compliance with grant terms and expenditures. This will include assessing grants specific to pandemic recovery relief as well as other grants throughout the city. 

2023 Follow-Up Audits

All audits by the Auditor’s Office provide recommendations for improvement, to which the audited agency must agree or disagree.

We complete a follow-up audit after the agreed-upon implementation date set by the responsible entity. Each follow-up audit assesses the status and quality of implementation for each recommendation and identifies lingering risks for future audit consideration. 

            

Plan Description

The vision of the Denver Auditor’s Office is to deliver value and impact for Denver by performing audits that follow the highest professional standards. Our mission is to deliver independent, transparent, and professional oversight — safeguarding and improving the public’s investment in the City and County of Denver. Our work is performed on behalf of everyone who cares about the city, including its residents, workers, and decision-makers.

The independent audit function is key to transparency and accountability in Denver’s government. Denver’s elected Auditor serves as a check and balance on the strong-mayor system. The Auditor and the Auditor’s Office provide an important and valued function for Denver, a responsibility that requires a high level of expertise and professionalism. The 2023 Audit Plan reflects Auditor O’Brien’s steadfast commitment to continuous improvement by enhancing the value, products, staffing, communications, and overall positive impact of the Denver Auditor’s Office on behalf of Denver’s residents, businesses, and visitors

Auditing under the Denver Charter

The Denver Charter states the Auditor shall conduct:

  • Financial and performance audits of the City and County of Denver in accordance with generally accepted government auditing standards;

  • Audits of individual financial transactions, contracts, and franchises; and

  • Audits of financial and accounting systems and procedures, including records systems, revenue identification, and accounting and payment practices, for compliance with generally accepted accounting principles, best financial management practices, and any applicable laws and regulations governing the financial practices of the City and County of Denver.

The 2023 Audit Plan ensures broad audit coverage throughout the city while also addressing specific performance, financial, contractual, information technology, and regulatory risks. According to the charter, the ultimate decision to perform any audit shall be at the sole discretion of the Auditor. Our approach to scheduling audits is flexible and subject to change throughout the year based on newly identified risks.

Integrated Auditing

Integrated audits incorporate elements of performance, financial, and information technology auditing. This produces a more effective outcome through a holistic audit approach with a focus on improving governance, compliance, performance, and operations.

Integrated auditing incorporates diverse approaches, including:

  • Performance Auditing – We identify opportunities to improve the efficiency and effectiveness of city activities. Our performance audits also assess the viability or strength of the internal control environment of the city’s agencies and programs. We conduct policy analysis and evaluation and may assess the city’s ability to mitigate risk. We also conduct prospective analysis to help agencies complete their policies and procedures and mitigate future risk.

  • Financial Auditing – The 2023 Audit Plan continues our focus on the overall financial management and fiscal activities of the city. These audits will assess the financial internal control environment, compliance with city polices, financial governance, accounting and reporting practices, and high-risk financial transactions.

  • Information Technology Auditing – Our audits will continue to address identified information technology risks by focusing on the effectiveness of cybersecurity defenses, data protection, data privacy, and management of critical systems and applications.

  • Contract Compliance Auditing – The 2023 Audit Plan reflects a continued emphasis on auditing city contracts for compliance with contract terms and fulfillment of the scope of work.

Data Analytics/Continuous Auditing Program

As part of Auditor O’Brien’s original vision for the Auditor’s Office, the Audit Analytics Program expands the office’s risk assessment and auditing capability and continues leading- edge audit practices to provide greater value and impact. Using data science tools, auditors sorts through large numbers of transactions and entire data sets to identify the highest risks, instead of relying entirely on sampling.

  • Audit Analytics – The Auditor’s Office uses quantitative and qualitative risk-finding analytics of audit-related data and applies survey and sampling methodologies to support audits of city processes and internal controls. Audit analytics can be used to ensure data is accurate, consistent, and complete; to identify, analyze, and create graphic visual representations of anomalies and patterns; to build statistical models; and synthesize analytical results in audit reports.

  • Continuous Auditing – Continuous auditing is an audit analytics method that allows auditors to directly connect with city data systems, use an entire data population rather than samples, and automate ongoing analyses of that data. These ongoing analyses of data systems are used to identify high-risk areas and test controls in the city’s financial and operational systems in a timely fashion. The information gained from continuous auditing helps inform audits and the annual risk assessment. It can help audit teams to improve efficiencies in planning and fieldwork by identifying trends and exceptions earlier than through traditional methods.

Anti-Fraud Focus

The city’s management is responsible for establishing internal controls to detect and prevent fraud for each city entity. Although fraud detection is not a primary responsibility of the Auditor’s Office, our audits consider the possibility that fraud, waste, or abuse may be occurring.

Audit Follow-up Program

Audit follow-up activities are conducted for every audit to assess whether city personnel implemented the agreed upon audit recommendations for improvement and impact.

The Auditor’s Office regularly issues follow up audit reports to the Audit Committee and the City and County of Denver’s operational management on the status of audit findings and our recommendations for improved business practices.

Our office measures the audit recommendation acceptance rates and recommendation implementation rates as indicators of the degree to which the city is using information provided by our audit reports to mitigate identified risks and to enhance efficiency, effectiveness, and economy of operations.

Focus on Flexibility, Transparency, and Responsiveness

Although the Auditor’s Office operates independently from other city entities, Auditor O’Brien and Auditor’s Office leadership meet regularly throughout the year with City Council members, the mayor, the clerk and recorder, city agency leaders, neighborhood groups, and civic leaders to solicit input regarding risks. Our objective is to improve services and stewardship of city resources.

     

Determining What to Audit

Developing the annual Audit Plan is an ongoing process including: assembling ideas from a variety of internal and external sources, examining a broad range of city activities and data, and then assessing risk severity and other considerations. This approach results in a diverse list of agencies, programs, activities, services, systems, grants, and contracts that auditors examine to determine whether these are operating efficiently, effectively, and in accordance with both the law and any defined requirements. 

In developing a list of potential audits and other types of analyses, risks to prioritize come from a variety of sources:

  • Assessments of operations and controls in previous internal and external audit reports, including independent audits of the city’s Comprehensive Annual Financial Report, single audits, and audit management letters.
  • Input from community members, elected officials, Audit Committee members, external auditors, and agency managers and staff.
  • Consideration of current local events, financial conditions, major capital projects, and public policy issues.
  • Consideration of risks identified in other government audits that could emerge in Denver.

A robust audit plan assesses a broad range of city activities including:

  • Organizational units within a city agency, such as a division or a department;
  • Individual city programs and offices.
  • Transaction cycles or processes that affect more than one city function or agency, such as contract procurement, purchasing, cash handling, fines, taxes, and assessments or key technology processes.
  • Individual financial statement accounts or transactional activities, such as grant programs, construction in progress, tax- funded programs, and special revenue funds.
  • City functions that operate like for-profit entities, such as Denver International Airport.
  • Contracts and agreements between the city and third parties.

Our office identifies and prioritizes potential audits and other assessments using a risk-based approach by examining a variety of factors that may expose the city to fraud, misappropriation of funds, liability, or reputational harm. Accordingly, risk factors are assessed by reviewing:

  • Significant changes that have occurred in the city.
  • Time since the last audit of an area.
  • Size of agency, program, activity, or contract.
  • Size of budget.
  • Compliance and regulations.
  • Pending or recent legislation.
  • Complexity of transactions.
  • Fiscal sustainability.
  • Critical information technology systems, including hardware and software.
  • Management accountability.
  • Quality of internal control systems.
  • Age of programs, operations, or contracts.
  • Public health and safety.
  • Critical infrastructure.
  • Short- and long-term strategic risks.
  • Equity.
  • Related litigation.
  • Relevant case law.
  • Emerging risk areas.

We periodically evaluate and modify risk factors, as necessary.

After we finalize the Audit Plan, new information may come to light. As we experienced in 2020 and 2021, unanticipated events may occur, and initiatives, priorities, and risks within the city may change. The flexible nature of the Audit Plan as a living document provides the discretion to change course when it is in the best interest of the city.

The Auditor’s Office extends its gratitude and appreciation to the Mayor’s Office, City Council, the Audit Committee, members of the city’s agency leadership, and members of the public for providing input on the 2023 Audit Plan and for supporting the general mission of our office throughout the year.

Auditor's Authority

The Denver Auditor’s Office provides independent oversight of how tax dollars and other funding resources are spent on the city’s many services, initiatives, and programs. Article V of the Denver Charter establishes this independence and provides for the Auditor’s general authority and duties. The charter also establishes the Audit Committee, through which we report our audit findings.

Our History – Originally, the Auditor served as the general accountant for the city, maintaining the city’s financial records and paying city expenses, including payroll. In November 2006, Denver voters approved an amendment to the city charter, completely changing the duties of the Auditor that had been in place since 1904. Based on this charter revision, accounting and payroll functions moved in June 2007 to the Controller’s Office under the chief financial officer. This revision, plus other ordinances, authorized the Auditor to conduct audits of any entity using city dollars. Today, Denver’s elected Auditor oversees one of the most structurally independent government audit functions in the country.

Several key components serve as the cornerstone for Denver’s auditing framework. These elements provide the Auditor with the independence that results in the office’s ability to conduct meaningful audits.

  • Elected Auditor – The City and County of Denver has an elected Auditor who is independent from all other elected officials and operational management.

  • Audit Committee – The Denver Charter establishes an independent Audit Committee, chaired by the Auditor, with six other members appointed by the mayor, members of City Council, and the Auditor.

  • Comprehensive Access – The Denver Charter and city ordinance authorize the Auditor to have access to all officers, employees, records, and property maintained by the City and County of Denver, and to all external entities, records, and personnel related to their business interactions with the city. 

  • Audit Response Requirements – City ordinance requires that audited agencies formally respond to all audit findings and recommendations, establishing the Auditor’s ability to work in conjunction with these agencies while maintaining independence.

  • Adherence to Professional Audit Standards ― The Auditor’s Office conducts all audits in accordance with

    the Generally Accepted Government Auditing Standards published by the U. S. Comptroller General. These standards contain requirements and guidance on important topics such as ethics and independence.

        

 Tim_mug.png

AUDITOR TIMOTHY O'BRIEN, CPA
Denver Auditor


Denver Auditor´s Office

201 W. Colfax Ave. #705 Denver, CO 80202
Emailauditor@denvergov.org
Call: 720-913-5000
Follow us on Facebook     Connect with us on Twitter
Read our social media policy

Auditor´s Office Logos for Footer

Back to top