The OC Internal Audit Department conducts a comprehensive, interactive countywide Risk Assessment for purposes of establishing the annual Audit Plan. The Risk Assessment consists of a general risk assessment for critical business processes common throughout the County (e.g. cash receipts and disbursements, accounts receivables and payables, purchasing and contract administration, payroll, budgets, etc.) and an information technology inventory and assessment where key systems are identified and rated as to levels of risk. The Risk Assessment includes reviews of Business Plans; meetings with the Board of Supervisors and the County Executive Office; and meetings and/or correspondence with all departments/agencies to obtain their input on risks affecting their respective areas.
The annual Audit Plan is presented to the Audit Oversight Committee (AOC) for approval each year and the activity is tracked and monitored at each quarterly meeting of the AOC.