City auditor outlines 2025–26 audit plan, says full audits require council direction
Get AI-powered insights, summaries, and transcripts
Subscribe
Summary
City Auditor Listiano presented the proposed fiscal year 2025–26 audit plan, describing planned operational audits, follow-ups and the office's other functions; he said a single council member cannot unilaterally order a full audit and that council-level direction would be requested for any additional full audits.
City Auditor Listiano presented the city auditor's proposed audit plan for fiscal year 2025–26 to the Mesa City Council on July 8, describing the office's work-in-progress, the audits planned for the next year, follow-up reviews and other departmental activities.
Listiano said the audit office's projects in progress include a citywide take-home vehicle audit, a citywide special pay program review, a post-construction cost review of the ASU building across the street, and a Mesa Arts Center revenue audit. He also listed planned audits of the police department's mental health services support team, human resources hiring and recruitment practices, and the city attorney's Victims of Crime Act (VOCA) program.
The auditor described the first planned audit as a citywide public records request review administered by the City Clerk's office; Listiano said the clerk helps administer the program but that responsibilities also lie with other departments and that the police department maintains a separate public-records process. He said other planned operational audits include water-resources annual ordering and reporting, the police off-duty employment program, facilities management work-order processes and code compliance case management.
Nut graf: The auditor framed the office's priorities as operational and performance audits that test policies, procedures and internal controls rather than duplicating comprehensive financial audits already performed by external auditors. He told council members the office follows a risk-based approach and that any full audit requested by a council member would be brought to the full council for direction before being added to the audit schedule.
Listiano also identified follow-up reviews scheduled for next year: recommendations from a prior IGA cost-recovery audit; a second follow-up on the Department of Innovation and Technology's software and application asset management; a DOIT remote access audit; a DOIT cybersecurity audit; the police criminal investigations case-management follow-up; and the transportation street-maintenance follow-up. He described recurring and other activities: a biennial cash-handling audit, an annual credit-card security review (operational and technical components split between the auditor's office and DOIT), management of the city's fraud-and-ethics hotline (speakupmesa.com), consulting work, and the ability to add unscheduled audits at the request of the city manager or council.
On the process for council-initiated requests, Listiano told Councilmember Spilsbury that he would not start a comprehensive audit at the direction of a single council member; instead the office asks for council consensus and would return to council for direction before scheduling such work. Councilmember Adams asked about the types of audits the office performs; Listiano said the office primarily performs operational or performance audits focused on policies, procedures and controls and that external auditors handle comprehensive financial statement audits.
Ending: Listiano said he solicits ideas from council members when preparing the annual plan and applies a risk-based method to prioritize audits; he also said the office can perform smaller research tasks without scheduling a full audit. No formal council action was recorded on the audit plan during the study session.