Internal Audit


The Internal Audit Department provides an independent assessment function within the city of Rocky Mount that assists the management team. The Internal Audit Department conducts financial, performance and compliance audits in order to provide accountability to the public and promote the efficient and effective use of city resources and operations. Reporting directly to the city manager, the Internal Audit Department performs value-added, risk-based audits designed to independently review, test and evaluate the city's operations.

Our audits involve a systematic review of an area's activities and the development of objectives to evaluate performance and identify opportunities for improvement in their effectiveness and efficiency. We conduct our audits in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to ensure a reasonable basis for our judgments and conclusions regarding the organization, program, activity or function under audit. An audit also includes assessments of applicable internal controls and compliance, with requirements of laws and regulations when appropriate to satisfy the audit objectives.


To provide an independent appraisal function within the city and to assist members of the management team in the effective discharge of their responsibilities by furnishing them appraisals, recommendations and pertinent, relevant information concerning the activities and/or areas under review.


To provide assurance that the city of Rocky Mount’s Internal Audit Department operates at a high professional level, the department adheres to the Government Auditing Standards, 2011 Revision (the “Yellow Book”) set forth by the Comptroller General of the United States. These standards, referred to as generally accepted government auditing standards, “pertain to auditors’ professional qualifications, the quality of audit effort, and the characteristics of professional and meaningful audit reports.”

Code of Ethics

Government Auditing Standards (GAS 1.12) states "Conducting audit work in accordance with ethical principles is a matter of personal and organizational responsibility.  Ethical principles apply in preserving auditor independence, taking on only work that the auditor is competent to perform, performing high-quality work, and following the applicable standards cited in the audit report.  Integrity and objectivity are maintained when auditors perform their work and make decisions that are consistent with the broader interest of those relying on the auditors' report, including the public." The ethical principles that guide the work of auditors who conduct audits in accordance with Government Audit Standards are: a) the public interest; b) integrity; c) objectivity; d) proper use of government information, resources and position and e) professional behavior.

The city of Rocky Mount's Internal Audit Department also subscribes to the Code of Ethics of the Institute of Internal Auditors.  The purpose of the IIA's Code of Ethics is to promote an ethical culture in the profession of internal auditing.  A code of ethics is necessary and appropriate for the profession of internal auditing, founded as it is on the trust placed in objective assurance about risk management, control and governance.  The Code of Ethics extends beyond the definition of internal auditing to include two essential components: Principles that are relevant to the profession and practice of internal auditing; and Rules of conduct that describe behavior norms expected of internal auditors.  These rules are an aid to interpreting the Principles into practical applications and are intended to guide ethical conduct of internal auditors.

Annual Risk Assessment and Audit Plan

The Annual Risk Assessment is the result of a methodical, quantitative approach to audit scheduling. Seven key risks are assessed for each audit, which are then weighted to derive a total risk score. The purpose of the assessment is to provide assurance that a minimum level of audit coverage is occurring in major risk areas of the city. Risk in this context is defined as the element of uncertainty that gives rise to the loss of control over city assets or processes, thereby exposing the city to undesired results. Based on the results of the risk assessment and input from the city's administrators and department directors, an Annual Audit Plan is proposed to the City Manager, who provides the final approval of the audit plan.