State Auditor Susan Montee has been generating headlines for the audit reports her office has been releasing about the City of St. Louis. Audits of 19 City departments have been reported thus far, with a handful – including the Mayor’s Office – yet to come.
At the public release of one report, a community member asked why State audits were needed when the City had its own internal auditing mechanism in the Comptroller’s Office.
The American decided to take the opportunity to discuss the differences of internal and external audits with Kenneth M. Stone, chief of internal audits for Comptroller Darlene Green.
The American: So we’re coming toward the end of the audit process from the State Auditor’s Office that was triggered by a citizen petition. I’m looking for a comparison of how the City’s auditors in the Comptroller’s Office work compared to how a ballot initiative-triggered State audit works.
Kenneth M. Stone: As an internal auditor, we tend to look at future events. Our focus is what’s going on currently and what can we do in the future to make the City more efficient, while external auditors are looking at historical perspective: What did your financial statements reveal? What operations were happening last month, last year?
We’re internally more directly concerned with preventing fraud, whereas my external brethren will discover fraud as a by-product of their investigation.
Another thing is we try to review activities constantly. We are constantly trying to look at procedures and operations and make sure we gather all efficiencies and economies of scale that we can, whereas my external brethren will come in once a year at most. Sure, we appreciate their comments and we appreciate their feedback, but it’s not a consistent basis.
One other thing we don’t have that the State had this year is we don’t have an unlimited budget. They can go wherever their audit takes them. We have a nice-sized internal audit staff, but we have so much ground to cover and limited time to do it in. We have to cover an entire City, and federal grants and obligations.
American: You’re focused on future events. What’s an example of that?
Stone: Let me give you one we are just in the process of wrapping up, and we’ll have an exit interview soon: the cost structure of providing services for one department. We’re looking at recovering the costs that will take to provide this service; so down the line are we actually providing a service that we’re recouping our costs?
Another future engagement would be the operations of a department. They may come to us and say, “We’re not really sure, from a management standpoint. Could you provide us management services?” Sure. So that’s again a futuristic aspect of our audit. We’re looking for what we can do to make you operate more efficiently.
American: You say your internal audits are more directly concerned with preventing fraud. Can you think of any recent examples where you managed to do that?
Stone: There was a fraud that occurred at the Justice Center. Some enterprising ex-inmate got a hold of the banking codes and withdrew some money from a restricted account. And so we investigated the damages on how much was lost and how much we recovered from the banks and from the suspect. Well obviously, if he was a petty crook, we couldn’t recover too much from him, but we did manage to recover some from the bank because we thought they were at fault.
American: That came through the fraud hotline?
Stone: Yes, it did. If we discover something that we think is a fraud, we can’t adjudicate it, we can’t say you’re guilty of a fraud. We think there’s a significant preponderance of evidence, so we’ll tell the comptroller, she’ll talk to the Circuit Attorney’s Office, and they’ll make a decision on whether they are going to pursue it, and then the police department will get involved.
American: I think you were joking a bit, but you said you think the state auditor has unlimited funds. Of course, City taxpayers are paying for the current audit.
Stone: Yes, they are!
American: So it’s nice when you’re working on someone else’s time and dime, isn’t it? But you said you think you have a nice-sized internal staff. What is the size of the staff?
Stone: Now we’re at 17, including myself. Right now I have 15 auditors, one administrative assistant and myself. And we’re looking to replace one of our managers who just left.
American: What is the trigger mechanism for internal audits? Obviously a fraud report could trigger it, but do you also have an internal schedule of going through City departments?
Stone: There are three parts to the internal audit section. One part we do annually is the fiscal monitoring section, like all the government grants that we receive throughout the year and we disburse. Part of the grant contract will require an audit, so we engage in the audit of monitoring grantees.
Second part is process review. And that’s basically looking at City departments and their operations. We do a risk analysis every year, risk assessments, looking at every department in the City.
First of all, how many dollars are they spending in that unit? The higher the dollars spent, the more risk we assign. The more revenue coming through, again, we’ll assign a higher risk factor. Then we look at the last time we did an audit of that unit and what were the results of our prior audit. If we have findings that we need to follow up on and have not gotten back to that unit, again it’s a risk factor.
So we basically look at risk factors and we grade out the units, and the ones with the highest risk factor, we audit them if we can. Again, we are limited because we don’t have a large enough staff to audit the City all at once. So we have to rotate our audit effort over a period of years. So with hopefully a three- or four-year period we’ve touched, communicated with every department in the City in some form or fashion, whether it’s a detailed operational audit, an audit of their grant, an audit of their cash receipts, an audit of their disbursements, payroll examinations.
The third part of my audit effort is special projects. The fraud hotline would be a part of special projects. Sometimes we get requests from some City units, not to do an audit, but to help out. We also provide management services. We have a very diversely trained staff. I have MBAs, PhDs, CPAs, and other certified people on my staff. So I have a very diverse and educated staff, and we think we can handle most problems that come up such that if you have a need for management consulting service, give us a call.
To report fraud to the Comptroller’s Office, call 314-641-8600 or visit http://stlouis.missouri.org/citygov/comptroller/fraud.html.