What is the function of the Internal Audit Office? 

The function of the Internal Audit Office is to provide auditing services to ensure the adequacy and effectiveness of the department’s system of internal controls and the quality of performance by various operations. In short, the Internal Audit Office strives to support the department’s mission by upholding the highest professional standards and ethical values in performing quality auditing and consulting services in a manner that best safeguards and enhances the department’s operational, financial and reputable status.

What is IAO’s authority?

The Internal Audit activities are being carried out by the Chief Internal Auditor, who works under the direction of and reports directly to the Superintendent of Education and the Guam Education Board (GEB).

1. The chief internal auditor is authorized to establish the annual audit plan and the scope of audit activities and shall report to the superintendent and GEB on matters that warrant direct attention or action by the superintendent and GEB.
2. The chief internal auditor and internal audit staff shall have full, free, and unrestricted access to all GDOE records, either manual or electronic and physical property as required for the conduct of their audit responsibilities.  IAO may seek information from employees, all of whom are directed to cooperate with the IAO’s requests. 
3. All documents and information provided to the internal auditors shall be handled in the same prudent manner as expected of those who are normally accountable for them.

What is the difference between external and internal auditors?

Internal auditors are employees of the organization and most often assist management by conducting operational audits. External auditors are outside of the organization and most often perform financial audits.

What are the different types of audits? 

1. Financial Audits - address questions of accounting, recording, and reporting of financial transactions. Reviewing the adequacy of internal controls also falls within the scope of financial audits.
2. Compliance Audits - seek to determine if departments are adhering to Local and Federal laws and Department wide rules, regulations, policies, and procedures.
3. Operational/Performance Audits - examine the use of department resources to evaluate whether those resources are being utilized in the most efficient and effective way to fulfill the department's mission and objectives. An operational audit may include elements of a compliance audit, a financial audit, and an information systems audit.
4. Investigative Audits - are performed when appropriate. These audits focus on alleged violations of federal and local laws and of GDOE policies and regulations. This may result in prosecution or disciplinary action. Audits precipitated by internal theft, misuse of GDOE assets, and conflicts of interest are examples of investigative audits.
5. Information Technology (IT) Audits - address the internal control environment of automated information processing systems and how these systems are used. IT audits typically evaluate system input, output and processing controls, backup and recovery plans, and system security, as well as computer facility reviews.

What can be audited?

Items that can be audited include, but are not limited to:

• Cost or Pricing Data - The Government of Guam (GovGuam) may, at reasonable times and places, audit the books and records of any person who has submitted costs or pricing data. (Title 5 of the Guam Code Annotated (GCA), Chapter 5, Section 5241(a))
• Contracts - GovGuam is entitled to audit the books and records of a contractor or any subcontractor under any negotiated contract or subcontract other than a firm fixed price contract to the extent that such books and records relate to the performance of such contract or subcontract. (5 GCA, Chapter 5, Section 5241(b))

What are internal controls?

Internal controls are processes designed by an organization’s board, management and other personnel to provide a reasonable assurance that objectives in the following areas are being achieved:

• Effectiveness and efficiency of operations
• Reliability of financial reporting
• Compliance with applicable laws and regulations
• Safeguarding of assets

Is IAO responsible for maintaining the GDOE’s systems of internal controls?

No. GDOE management is responsible for maintaining an adequate system of internal control. IAO independently evaluates the adequacy of existing internal control systems by analyzing and testing controls, and makes recommendations to improve controls based on this analysis.
Why is my division or school selected for an audit? 
An audited entity is typically selected based on its risk (i.e. handle high number of transactions, manages funds, has control of inventory, etc.), statute requiring an audit of the entity, and/or requests from citizens.

What happens during an audit?

Depending on the nature of the audit, an audit can last from 3 months to 1 year. Audits typically occur in stages. 

1. Planning - Acquiring approval to initiate the audit, gathering preliminary background information on the audited entity, and developing audit steps by considering current resources.
2. Engagement - Sending audit notice to the audited entity and meeting with the entity’s management and designated points of contact to discuss the purpose of the audit, introduce the audit team, and request for documentation.
3. Fieldwork - Analyzing data, selecting sample transactions, and reviewing documentation against rules and regulations.
4. Draft Report - Writing and communicating preliminary results of the audit. 
5. Exit Conference - Meeting with the audited entity’s management to obtain feedback on the draft report.
6. Final Draft and Report Issuance - Finalizing the report and obtaining approval for the report. Only the Superintendent can approve the issuance of the Internal Audit Office (IAO)’s reports.
7. Recommendations Follow-up - Following up on the audited entity’s corrective action plan and implementation of audit recommendations.