SALEM — Secretary of State Dennis Richardson said this week he wants his office to pursue audits on controversial topics.
Although the Republican has claimed he will run the office in a nonpartisan manner, his office’s audit choices may be under wider scrutiny than usual in a state with a heavily Democratic government.
Richardson said he asked the head of the audits division why there hadn’t been an audit of programs such as Cover Oregon, the state’s failed health insurance exchange.
“The answer was that the process from the previous audit division director was, that if it is controversial, then that means that the Legislature is already aware of it and is looking at it and so we don’t need to be involved, we’ll go audit something that’s not controversial or where there’s no publicity,” Richardson said.
Richardson said he understood that position, but that having been a legislator, he knows legislators have limited staff. His goal is to assemble a team within the audit division to audit agencies or programs when problems become public.
“I think we need to have a small group of the auditors whose workload allows them to be utilized to go toward the fire if there’s a fire burning somewhere,” Richardson said.
He cited the Columbia River Crossing and the Business Energy Tax Credit (BETC) program administered by the Oregon Department of Energy as other examples.
The BETC program was audited by an outside firm last year, and the Legislature convened a joint committee to review the energy department.
Richardson also said he wanted to conduct audits on government projects as they unfold — although he did not yet have details Thursday about what sort of projects would fit the bill. Ideally, he said, such audits would look both at finances and processes.
There are detailed procedures in place for deciding which programs to audit every year, according to documents provided by the Secretary of State’s Office.
Audits are divided into three types — information technology, performance and financial audits.
Some financial audits are required every year. The statewide single audit, for example, is required so the state can receive funding from the federal government.
Performance audits often make news. Typically they are more digestible, containing written recommendations for agency or program improvements.
Auditors keep notes of potential audit topics while they are conducting other audits and keeping track of current events. Those ideas are kept in a database that describes the agency or program, the issue, and potential questions to ask as part of an audit.
Requests for audits can also come from legislators, agency directors, or the state’s hotline for complaints of fraud and waste.
Every year, the auditing team reviews the database of ideas — ranging in the hundreds — and whittle it down to 30 to 40 “priority topics,” which in turn are reviewed by managers.
The audit division director, the deputy director and performance audit managers vote on the topics and then the team discusses the most popular ideas to determine about a dozen topics for the upcoming year.
Then the secretary of state and deputy secretary review the list and give feedback, which might prompt further discussion or adjustments to the audit schedule.
The criteria used in evaluating program choices are varied, but can be summarized in three ways: The complexity of the audit, potential public benefit — including public safety issues, cost savings and “key challenges” for the state as a whole — and risk.
“We are on the lookout for topics that are high risk, where we suspect the controls in place over a program are weak and where the resulting effects would be large,” according to documentation from the Secretary of State’s Office.
The office also, according to internal documents, prefers to “focus our performance audits on program improvement rather than identification of past wrong-doing.”
Auditors also consider the scope of the audit, methods, and whether there is reliable data available; whether patterns or repeated problems emerge within a certain agency; and if an issue is time-sensitive.