What to Expect: FAQs for Commerce Employees and Managers
Under the Inspector General Act of 1978, as amended, OIG is authorized to carry out various reviews to "promote economy, efficiency, and effectiveness in the administration of, and ... prevent and detect fraud and abuse in ... [the Department's] programs and operations."
As part of our mission, we conduct reviews that involve employees, management officials, and affected departmental programs and operations. The findings from our audits, evaluations, and inspections help the Department improve its programs and operations as well as prevent or detect fraud, waste, or abuse.
This set of frequently asked questions (FAQs) is intended to give Commerce employees and managers helpful information regarding the nature and scope of OIG audit, evaluation, and inspection activities, as well as their obligations and rights in connection with these activities. In the interest of transparency, we're providing these FAQs to promote greater understanding of our processes.
Q: What professional standards apply to OIG's audits and other reviews?
A: An audit conforms to GAO's Government Auditing Standards (2007), which requires that we plan and perform the audit to obtain sufficient, appropriate evidence that will provide a reasonable basis for our findings and conclusions based on our audit objectives. Inspections and evaluations conform to the Council of Inspectors General on Integrity and Efficiency's Quality Standards for Inspection and Evaluation (January 2012), which defines inspections and evaluations simply as reviews that do not constitute an audit or a criminal investigation. (For further details, please see FAQs About OIG Investigations.)
Q: What do OIG reviews accomplish?
A: Audit, inspection, and evaluation objectives may vary widely—a review might even have more than one objective. Objectives can include
assessments of program effectiveness, economy, and efficiency;
internal control, which includes the plans, policies, methods, and procedures adopted by management to meet its missions, goals, and objectives;
compliance with laws and regulations; or
Q: How does OIG decide what to audit or review?
A: Each fall, we create and submit an audit plan to the Department outlining the work we hope to accomplish during the next fiscal year. The plan is modified during the year as necessary to respond to unanticipated requests and issues. We may decide to perform an audit based on a number of factors:
The audit may be required by law. For instance, every fall we assess the effectiveness of the Department's IT security controls under the Federal Information Security Management Act of 2002.
If an issue or program is of interest to Congress, the Secretary of Commerce, or the current administration, they may ask us to perform an audit.
Some audits are based on issues we have determined to be high priority for the Department or operating unit, as communicated in our annual Top Management Challenges report to the Secretary and Congress.
We may initiate an audit if we uncovered significant issues during a previous review, or if we have determined that the program or office is higher risk.
Q: What is the audit process? What can an agency office expect?
A: After we decide to perform an audit and the job is approved by our management, we follow this process.
Q: If OIG finds something, how does it decide whether the finding is a problem?
A: The elements needed for an issue to be considered a finding depend on the objectives of the audit. An effect (or potential effect) of a risk, a lack of internal control, a quality control issue, or other problem may demonstrate the need for corrective action.
Q: Will the agency have a chance to respond to or rebut OIG findings?
A: Yes, although the form may vary. We usually discuss preliminary findings with agency staff as we identify them during our fieldwork. Agency staff can, and should, work with us during fieldwork to ensure that our information is factually correct and to promptly resolve any issues or miscommunications.
After fieldwork, we issue the draft report. If we determine that it is appropriate or necessary to obtain comments, under our professional standards (and the particular circumstances) an agency generally has between 15 and 30 days to return written comments on it. An agency can use its response to provide updates on steps already taken to address a proposed action or to point out areas of disagreement with our findings or recommendations. Remember that an agency must support any disagreements included in the response.
We will consider the response to the draft as we create our final report and revise the report as appropriate. In most cases, we will include agency comments as an appendix to the final report.
Q: How long will it take to see the final product?
A: While it depends on the individual project, we generally issue a final report between 8 months and a year after the audit announcement date. However, we may shorten or extend this timeline
based on the significance of the issues we uncover,
when Congress requests a report by a particular date, or
if the operational timeline for the area under audit changes (if, for example, we are auditing certain milestones of a program and the milestone dates are extended).
Q: What happens when the final report is issued?
A: The head of the operating unit or office being audited and any other stakeholders receive a PDF of the report via e-mail. A small number of hard copies may also be sent to primary stakeholders. We also send PDFs of reports to staff on the pertinent congressional committee or subcommittee. Finally, we post a PDF of the report on the OIG website for public viewing. If the report contains proprietary information or other information that is not appropriate for public release under applicable law, it may be redacted before we post it, or we may clear only the abstract of the report (what we call a Report in Brief) for public release.
Q: What is an audit action plan and why does an agency need to give OIG one?
A: When we issue the final report, we request in the transmittal memorandum that you prepare an action plan to address any recommendations we've made. The plan should describe the specific actions the agency has taken, or plans to take, in response to our recommendations, as well as a schedule for completion. Department Administrative Order (DAO) 213-5 allows the agency 60 days to provide the plan (unless we state otherwise in the memo).
The Department tracks its operating units' progress against the recommendations in our audits, evaluations, and other reviews. Congress also asks for periodic reports on the status of any recommendations that have not been implemented by the operating unit. Therefore, it is important that the agency submit a complete plan within the mandatory time frame and provide updates at the required intervals.
Q: To whom may questions or issues about OIG's audit and evaluation process be addressed?
A: Any questions or issues may be addressed with OIG's Principal Assistant Inspector General for Audit and Evaluation, Andrew Katsaros, at 202.482.7859.