Audit Buzz Newsletter

June 2026

Office Updates

In this issue, we summarize the June 15 Audit Committee meeting; provide an article on Shifting Internal Audit Frameworks in Today’s Modern Age; and offer a training opportunity. Audit Buzz will take a short break in the summer and we will return in the fall!

Prior editions of Audit Buzz are archived here on Office of Auditor General (OAG) website.

We appreciate the continued cooperation and courtesy shown to our staff by Fairfax County Public Schools (FCPS) management and employees during all audit engagements.

Here is a challenge to test your audit knowledge, before we begin this issue:

Say What You See

*Hint: This is one of the OAG pillars of work

June 15 Audit Committee Meeting Summary

At the June 15 Audit Committee meeting, OAG presented the following items:

Fiscal Year (FY) 2026 Business Process Audit (BPA) Summary and BPA reports for Bryant Alternative High, Lewis High, Marshall High, Office of Facilities Management, and Waples Mill Elementary - These five audits include three high risk, seven moderate risk, and five low risk findings. These findings are related to the Student Auto Sales program, purchasing process, and sufficient documentation.
FY 2026 Quarter 1 (Q1) and Quarter 2 (Q2) Continuous Monitoring Results – OAG presented the results of the continuous monitoring procedures conducted for appropriated and non-appropriated transactions. During Q1 and Q2 of FY 2026, out of 112 sites (one school was audited in both quarters), 70 sites had no exceptions; 21 sites had exceptions noted in four or fewer areas; and 22 sites did not have any transactions appear in the sample of transactions. As part of the procedures, OAG visited 34 sites in person. Key exceptions were related to non-bank reconciliations, purchasing process, bank reconciliations and timely payment.
FY 2026 Hourly Employee Structure and Stipends Audit - This audit includes three moderate risk findings related to the current decentralized and manual workflows for hourly structure and stipends. These workflows do not fully ensure efficiency, effectiveness, and equity. For example, the current Temporary Assignment Online Time Information Form (HR-11) process is structured in a way that could result in pay disparities and inconsistencies in the authorization, application, and overall efficiency and effectiveness of hourly pay bands. In addition, the manual verification of homebound and home-based teachers may allow for unauthorized payroll expenditures and limit effective monitoring of instructional hours caps and effective student cancellations. Lastly, the stipend process does not include a control to verify that stipends are tied to an existing active activity. The framework also does not include automated mechanisms to prevent stipend payments from exceeding regulatory limits; identify conflict stipend assignments; or ensure equitable distribution.
Audit Follow-Up - OAG presented the follow-up status of open audit recommendations as of April 30.

Knowledge Hive

Shifting Internal Audit (IA) Frameworks in Today’s Modern Age

How does the ninth-largest school system in the United States preserve alignment across thousands of moving parts? For some, hearing the word “audit” makes them think of a reactive, policing function. However, in today’s climate of rapid digital transformation, internal audit should proactively drive alignment and value. Office of Auditor General (OAG) serves as the internal audit body at FCPS. Shifting oversight from traditional compliance to a digitally powered, purpose-driven partnership keeps pace with change and ensures FCPS stays on mission while handling risk.

What Others Have Done in The Internal Audit Industry

Source: https://www.deloitte.com/us/en/services/audit-assurance/articles/future-of-internal-audit-4-0.html

Deloitte, one of the "Big Four" global professional services networks that provides audit, consulting, tax, financial advisory, and risk advisory services, has signified a critical shift moving from their Internal Audit 3.0 Framework, based on Assure, Advise, and Anticipate, to the Internal Audit 4.0 Framework. IA 4.0 is not a total overhaul but adds a fourth pillar: Accelerate. This enables audit to keep pace with risk by directly embedding learning and emerging risk-sensing into its role. OAG follows Generally Accepted Government Auditing Standards, and does not follow Deloitte’s IA framework 4.0; however, OAG always considers technological changes in its risk assessment process.

Managing the Risks of Automation

Source: https://www.deloitte.com/content/dam/assets-zone3/us/en/docs/services/risk-advisory/2024/us-advisory-assurance-by-design-5x5-insights-and-actions.pdf

Auditors must be aware of emerging risks as more organizations adopt Software-as-a-Service (SaaS) models and Artificial Intelligence (AI) tools. "Assurance by Design" embeds controls into technology initiatives, moving audit from reactive to preventive. FCPS is expanding automation across functions such as attendance, transportation, security, and finance, so auditors work to understand these tools to prevent errors or bias and protect organizational soundness and student outcomes.

Re-visiting the Three Lines of Defense

In the February 2025 OAG Audit Buzz Newsletter, we discussed the "Three Lines of Defense" model. Technology is shifting these traditionally rigid boundaries toward continuous monitoring.

First Line: Day-to-day operational management, such as administrators and staff carrying out policies.
Second Line: Oversight functions, including risk management and compliance teams that monitor the first line.
Third Line: Internal audit, providing independent assurance on the effectiveness of the first two lines. The internal audit profession is looking to adopt digital tools such as automated Quality Assurance (QA) and real-time dashboards (Power BI, Qlik, Tableau) to enable effortless collaboration. This collaboration is important since most risks originate in operations; intelligent assurance enables early detection of financial and operational risks before they worsen.

Building a Cross-Functional Workforce for the Future

Modern organizational data volumes make manual audits unsustainable. In large public entities like FCPS, where most of the budget is for salaries, tech-driven error prevention, especially in payroll and procurement, is vital. The future of audit demands a “Purple Person”, with hybrid skills in business (Blue) and technology (Red):

SMEs (Subject Matter Experts): Individuals with deep technical knowledge in emerging fields.
Relationship management: The ability to influence and lead through collaboration.
Technological literacy: Mastery of contemporary digital tools and "Assurance by Design."

Agile mindsets have the skill set to adapt to change. Technology alone is not enough. Auditors must be goal-oriented and interpret data within the context of organizational strategy. In the future, it will become increasingly likely that this mindset will be incorporated into audit work.

Did You Know?

OAG Outreach and Education: Continuing Professional Education (CPE) Opportunity - Root Cause Analysis: Getting to the Bottom of Challenges

OAG aims at providing regular training to all staff members, covering topics related to mitigating financial and process risks to FCPS. Scenarios will be provided during the training where staff members can take what they learn back to work. OAG is a certified National Association of State Boards of Accountancy (NASBA) Continuing Professional Education (CPE) provider, on behalf of FCPS. FCPS can award employees with CPE credits required to maintain professional certification status.

Course Details: By the end of this session, participants will be able to understand key tools used in Root Cause Analysis and apply these tools to challenges (specifically related to audits and controls) they encounter in their daily work.

Format and Date/Time: Synchronous online training via Zoom, on July 24 (Friday), from 9 a.m. to 12 p.m. Three CPE credits will be awarded for the entire training.

FCPS employees may sign-up here July 24, 2026 Training.

Fraud, Waste & Abuse Hotline:

(571) 423-1333 (anonymous voicemail)
InternalAudit@fcps.edu (email is not anonymous)

Online Submission Form

[Answer: Internal Audit ]

Office of Auditor General Website | Audit Buzz Archive

Update your subscriptions, modify your password or email address, or stop subscriptions at any time on your Subscriber Preferences Page or Unsubscribe from All Topics. You will need to use your email address to log in. If you have questions or problems with the subscription service, please visit subscriberhelp.govdelivery.com.


This email was sent to npkvdejmf6@niepodam.pl using GovDelivery Communications Cloud on behalf of: Fairfax County Public Schools · 8115 Gatehouse Road · Falls Church, VA 22042