Internal Audit
About Internal Audit Program
This program provides independent strategic risk-based auditing services. The core function of this program is to improve internal controls and provide reasonable assurance of reliable financial reporting, effective and efficient operations, legal and regulatory compliance, fraud investigation and deterrence, and the safeguarding of County assets.
Below are the list of reports available since September 2009.
Search the reports by entering keyword, or sort the table by clicking the column heads.
| Date | Title | Department | Description |
|---|---|---|---|
| 02/21/2025 | Contract Management Audit | REC | The Office of Internal Audit conducted an audit of Montgomery County Government’s (County) contract management processes related to two contracts between the County and a Contractor (collectively, audit). The Contractor has two active contracts with the County, each managed and administered by the Montgomery County Department of Recreation (REC). REC is responsible for contract management duties, including ensuring funding is disbursed to support programs and initiatives defined within the respective contract scopes of service and ensuring the Contractor adheres to the specifications, terms, conditions, and price documented in the respective contract. The audit focused on the following within REC: 1) processes and controls when managing the in-scope contracts; 2) compliance with respective contract terms and County requirements; and 3) compliance with respective contract scopes of service. Five areas of improvement were identified to strengthen processes and compliance activities within REC: 1) development of department-specific policies and procedures; 2) workload distribution of contract management responsibilities; 3) alignment with County Accounts Payable policy requirements; 4) enhanced retention of supporting documentation provided by the Contractor; and 5) enforcement of executed contract terms to ensure contractor/vendor compliance. |
| 09/30/2024 | Data Security and Governance Audit | TEBS | The Office of Internal Audit conducted a data security and governance audit across selected departments of Montgomery County (the County). The County’s IT functions are both centralized and de-centralized. Therefore, each department reviewed has unique Data Security and Governance responsibilities with varying amounts of assistance from Technology and Enterprise Business Solutions (TEBS). The audit assessed data governance policies, procedures, training, awareness, privacy impact assessment, business management of data, data use and retention, electronic and physical record management, transfer of data, data at rest, third-party interaction with data, and applicable incident response considerations. Opportunities exist to improve control design and operational effectiveness to mitigate those risks more effectively in the following areas: (1) Data classification policy and procedure management; (2) Security awareness training; (3) Data privacy policy and procedure management; (4) Third-party contract management respective to expectations for management and treatment of PII; and (5) Third-party system periodic review. |
| 07/31/2024 | Procurement Card Targeted Internal Control Review - Community Engagement Cluster | CEC, FIN | The Office of Internal Audit conducted a targeted internal control review of the Community Engagement Cluster's (CEC) purchasing card (PCard) and employee expense functions. The County’s PCard and employee expense programs are administered through Accounts Payable within the Controller Division of the Department of Finance. Each County department is responsible for administration of these programs within their department. CEC’s PCard functions include processes and internal controls to mitigate fraud risks. Opportunities exist to improve control design and operational effectiveness to mitigate those risks more effectively in the following areas: (1) PCard management and operations; (2) Employee expense management and operations; (3) PaymentNet information retention; (4) Departmental PCard and employee expense policies and procedures; (5) PCard and employee transactional analyses. |
| 05/31/2024 | Procurement Card Targeted Internal Control Review - Department of General Services | FIN, DGS | The Office of Internal Audit conducted a targeted internal control review of the Department of General Services (DGS) purchasing card (PCard) and employee expense functions. The County’s PCard and employee expense programs are administered through Accounts Payable within the Controller Division of the Department of Finance. Each County department is responsible for administration of these programs within their department. DGS’s PCard functions include processes and internal controls to mitigate fraud risks. Opportunities exist to improve control design and operational effectiveness to mitigate those risks more effectively in the following areas: (1) PCard management and operations; (2) PaymentNet information retention; (3) Departmental PCard and employee expense policies and procedures; (4) PCard and employee transactional analyses. |
| 05/31/2024 | Contract Management Audit | DGS, DOT, FRS | The Office of Internal Audit conducted an audit of the County's contract management processes related to three contracts between the County and a Contractor. The Contractor has three active contracts with the County, each managed and administered by a contracting department: Department of General Services, Division of Facilities Management; Montgomery County Department of Transportation, Division of Parking Management; and Montgomery County Fire and Rescue Service, Support Services Division. Each contracting department is responsible for contract management duties including ensuring goods, services, or construction are received, and the contractor adheres to the specifications, terms, conditions, and price documented in the contract. The contracting departments contract administration operations include processes and internal controls to mitigate risks, and procedures aimed to comply with contractual terms, scopes of service, and County requirements. Opportunities were identified for the contracting departments to improve internal controls and compliance efforts in the following areas: (1) Alignment with contractual scope of services; (2) Adherence to contract terms and administration requirements; (3) Adherence to County Accounts Payable policy requirements; (4) Enhanced work order and invoice documentation procedures; and (5) Formalized contract management procedures. |
| 09/29/2023 | Information Technology Governance Evaluation | TEBS | The Office of Internal Audit conducted an evaluation of the County's IT governance program. The County’s IT functions are both centralized and de-centralized. Therefore, each department reviewed has unique IT governance responsibilities with varying amounts of assistance and oversight from the Department of Technology and Enterprise Business Solutions (TEBS). This evaluation assessed the policies and procedures surrounding the County's IT governance program, its alignment with organizational objectives, the identification and management of risks, the optimization of IT investments, the identification of IT performance metrics, and the effective management of IT resources. Opportunities exist to further enhance the existing IT governance process and structure, by enhancing or implementing processes within the IT governance program in coordination with TEBS and departmental IT functions, specifically in the following areas: (1) Implementation of risk assessment framework to evaluate the adequacy of internal controls across departmental IT functions; (2) Enhanced communication between TEBS and departmental IT functions regarding major changes to the IT management framework and IT-related systems; (3) Enhanced focus on IT-related positions and hiring process within IT functions; (4) Enhanced management of responsibility matrix between TEBS and departmental IT functions; (5) Implementation of a formalized IT strategic planning template and process; (6) Strengthening the management of innovation, quality, and technology within departmental IT functions; (7) Integration of business continuity and continuity of operations planning across departmental IT functions; (8) Enhanced tracking and review processes for assets managed by departmental IT functions; and (9) Enhanced standards for IT project intake and management processes. |
| 08/30/2023 | Cash Management – Targeted Internal Control Review, Alcohol Beverage Services | ABS | The Office of Internal Audit conducted a targeted internal control review (review) of the Montgomery County Alcohol Beverage Services’ (ABS) cash management function. ABS is the alcohol wholesaler of beer, wine, and spirits for Montgomery County and operates 26 retail stores throughout the County and one warehouse. ABS’ cash management function includes receiving, processing, and depositing related receipts, from such transactions as retail sales and vendor bulk purchases. Alcohol Beverage Services’ cash management operations includes processes and internal controls to mitigate fraud risks. Opportunities exist to enhance internal control design and operational effectiveness to more effectively mitigate those risks, specifically in the following areas: (1) Established and enhanced cash management policies and procedures; (2)Improved segregation of duties related to cash management responsibilities; (3) Enhanced formalized review procedures and document retention; (4) Improved physical cash security measures; (5) Improved access management review documentation. |
| 08/28/2023 | Marriott Conference Center Management Agreement Cost and Revenue Sharing Audit | CEX | The Office of Internal Audit conducted an audit of the Cost and Revenue Sharing Agreement and related terms specified in Exhibit F of the Management Agreement (Agreement) between Montgomery County and Marriott Hotel Services, Inc., effective January 29, 2003, as amended. Montgomery County Government (the County) is the leasehold owner of land where the Montgomery County Conference Center (Conference Center) and Bethesda North Marriott Hotel (Hotel) are located. Both the Hotel and Conference Center are intricately adjoined. The County maintains ownership of the Conference Center while Brookfield Properties (Brookfield), a Real Estate Investment Trust, is the designated owner of the Hotel. Brookfield is also responsible for paying a monthly land lease fee to the County as owner of the Hotel. Marriott International is responsible for managing both the Hotel and Conference Center operations. Marriott’s management and oversight of the Agreement includes tasks focused on adhering to contractual terms. Opportunities exist to improve Marriott’s internal processes to mitigate risks and improve compliance in the following areas: (1) Enhanced garage revenue reporting; (2) Enhanced event revenue reporting; and (3) Enhanced cost allocation reporting. |
| 08/28/2023 | Cash Management – Targeted Internal Control Review, Montgomery County Police Department, Vehicle Recovery Section | MCPD | The Office of Internal Audit conducted a targeted internal control review (review) of the Montgomery County Police Department (MCPD), Vehicle Recovery Section (VRS) cash management function. MCPD VRS stores and maintains vehicles that have been towed at the direction of MCPD and cash receipts include fees from towing, storage, and administrative costs as well as the proceeds from vehicles sold at auction. VRS’ cash management function includes receiving, processing, and depositing cash receipts from fees paid by customers picking up their vehicles or by customers buying vehicles at auction. MCPD’s VRS cash management operations include processes and internal controls to mitigate fraud risks. Opportunities exist to enhance internal control design and operational effectiveness to more effectively mitigate those risks, specifically in the following areas: (1) Enhanced cash management policies and procedures; (2) Enhanced formalized review procedures; (3) Improved access management review procedures. |
| 10/14/2022 | Cash Management Targeted Internal Control Review - Department of Recreation | REC | The Montgomery County Office of Internal Audit (MCIA) conducted an internal control review of the County’s Department of Recreation’s cash management functions. Recreation helps the County by providing high quality, diverse, and accessible programs, services, and facilities that enhance the quality of life for all ages, cultures, and abilities. Recreation’s cash management function includes receiving, processing, and depositing recreation-related cash receipts, from such transactions as pool passes and daily admissions, program classes, clinics, workshops, and facility rentals. In calendar year 2021, Recreation recorded approximately $545,000 of cash receipts. While Recreation's cash management program includes functions and internal controls to mitigate fraud risks, opportunities exist to further strengthen controls, specifically in the following five areas: 1. Enhanced segregation of duties related to cash management responsibilities; 2. Enhanced formalized review procedures; 3. Improved access management review documentation; 4. Enhanced County cash management policies and procedures; and 5. Improved physical cash security measures. |
Showing 1 to 10 of 85 entries