Office of Internal Audit Services
The Office of Internal Audit Services (IAS) provides independent, objective assurance and advisory services designed to add value and improve the CPUC's operations. The Chief Internal Auditor reports to the Commissioners, through the Audit Committee, and under general direction of the President. IAS operates under the revised internal audit charter approved by the Audit Committee on June 27, 2019.
- Assurance - the core role of Internal Audit
- Financial, operational, compliance, and information technology risk-based audits.
- Monitoring of remediation plans and follow up audits.
- Advise management on change initiatives, control effectiveness, enhancements to risk management and the design of assurance mechanisms.
- Special management reviews and investigations of alleged noncompliance, fraud, waste, and abuse.
- Anticipating and assessing risks
- Assist business owners in understanding risks and in crafting preventive mitigating controls.
- Assess Audit Risks and develop Internal Audit Plan.
What to Expect From an Internal Audit
IAS takes an open, collaborative approach in performing audits on CPUC programs and functions. IAS will always keep auditees informed on the audit progress and what we find throughout an audit unless there is suspected illegal activity or specific confidentiality requirements. This allows for corrective actions to be taken immediately and for IAS to help CPUC make positive, effective changes.
IAS recommends and obtains approval from the Audit Committee for audits to be conducted annually. The step-by-step audit process is as follows:
- An engagement memo is sent to the auditee (typically the Division Director of the audited program) informing them of an upcoming audit and scheduling an entrance conference to discuss the audit.
- An entrance conference is held to discuss the objectives, scope, and logistics of the audit.
- Interviews and meetings are held so the auditors may gain an understanding of the audited area.
- Based on these interview and meetings, the auditors develop risks to the audited area. These risks are confirmed with the auditee.
- High-risk areas or functions are then tested to determine if the controls implemented by the auditee to reduce those risks exist and are working as intended.
- An exit conference is held to discuss the findings. However, IAS will continuously update the auditee of the findings throughout the audit, so nothing in the exit conference should come as a surprise.
- A draft audit report is prepared and shared with the auditee. The auditee has 14 calendar days to respond in writing, including what corrective actions they intend to take.
- A final audit report, including the auditee's response, is issued and a summary is shared at the next Commission meeting.
- IAS will perform periodic monitoring on Management's corrective action plans to ensure timely remediation. These monitoring activities are reported to the Commission through the Audit Committee.
- A follow-up audit may be conducted.
- February 2022: Internal Controls Over Contract Management
- January 2022: Follow-Up of Corrective Actions for External Audits Conducted on the Contracting Process
- September 2020: Internal Control over Expense Reimbursements
- September 2020: Compliance Review of Travel Advances
- September 2020: Independent Assessment of the Travel Policy and Guide
- July 2020: LifeLine Third Party Administrator Contract Management
- March 2020: Review of Internal Control over the Employee Separation Process
- March 2020: Internal Control over the Business Continuity Plan and Technology Recovery Plan
- May 2019: Internal Control Audit Over Inventory
- May 2018: Report on Deaf and Disabled Telephone Program
- October 2017: Report on Energy Savings Assistance (ESA) Program
- October 2017: Report on Records and Document Management
- April 26, 2017: Report on California High Cost Fund B Report
- November 2016: Report on CARE Program
- November 2016: Report on California High Cost Fund A
- January 2016: Report on Emergency Preparedness
- October 2015: Report on Workforce Planning
- January 2015: Report on the Motor Pool
- Government Code sections 13885 to 13888 - Internal Audits
- Public Utilities Code Section 307.6 - Chief Internal Auditor, CPUC's chief audit executive
- State Administrative Manual Section 20040 - Internal Audit Organizations
- International Standards for the Professional Practice of Internal Auditing