I.    Introduction (GAS 5.02)

The purpose of this audit manual is to provide a description of the duties and responsibilities of the Office of the County Auditor (office), and to establish internal policies and procedures for the office. This audit manual is a reference and guide for office staff, to ensure that our audit work is conducted in accordance with government auditing standards (GAS).

This manual describes the audit function of the office, it’s authority to conduct audits, and the general way in which audits are planned, organized, carried out, and reported by the office. In addition, this audit manual serves to guide employees of the office in the conduct of their work and to ensure that the office meets accepted government auditing standards, commonly referred to as the Yellow Book 2018 Revision, issued by the U.S. Government Accountability Office (GAO).

Periodically, the policies and procedures of this audit manual will be reviewed by the County Auditor and the staff to ensure that this audit manual is appropriate and complete. An electronic version of this audit manual and accompanying form is stored on the office share drive titled Audit Manual.

This audit manual is not a contract of employment between the office and itʻs employees. The office maintains an administrative manual for itʻs at will, exempt employees.

II.   Mission

It is our mission to serve the Council and citizens of Hawai’i County by promoting accountability, fiscal integrity, and openness in local government. Through performance and/or financial audits of County agencies and programs, the Office of the County Auditor examines the use of public funds, evaluates operations and activities, and provides findings and recommendations to elected officials and citizens in an objective manner. Our work is intended to assist County government in its management of public resources, delivery of public services, and stewardship of public trust.

III.  Authority, Responsibilities, and Independence

(Authority – GAS 5.06, Responsibilities – GAS 5.05, 5.07, Independence – GAS 3.18)

History

Independence. The Office of the Legislative Auditor was established on December 1, 2008, by a charter amendment approved by a majority vote of the Hawaiʻi County citizens.

Name Change. The Office of the Legislative Auditor changed its name to the Office of the County Auditor by a 2020 charter amendment approved by a majority vote of the Hawaiʻi County citizens.

Investigation. The Office of the County Auditor was granted investigative authority to conduct investigations of fraud, waste, or abuse within county operations by a 2022 charter amendment approved by a majority vote of Hawaiʻi County citizens.

Authority and Responsibilities

The Hawaiʻi County Charter as amended) § 3-18 provides:

(a)  There is established within the legislative branch an independant office of the county auditor to be headed by a county auditor who shall be appointed by the county council and shall serve for a period of six years and thereafter until a successor is appointed. The council, by a two-thirds vote of its membership, may remove the county auditor from office at any time for cause.

(b)  The county auditor shall possess adequate professional proficiency for the office demonstrated by relevant certification, such as certification as a certified internal auditor or certified public accountant or an advanced degree in a relevant field and at least three years of general auditing experience which shall include a minimum of one year’s experience in the field of government auditing. A certified internal auditor or certified public accountant shall be preferred. All financial audits shall be conducted by a certified public accountant.

(c)  The county auditor shall submit an annual budget to the county council. The county auditor on behalf of the county council shall hire the necessary staff for which appropriations have been made by the county council.

(d)  The county auditor shall conduct or cause to be conducted:

(1)  The annual financial audit of the county, as required in Article X, Financial Procedures, Section 10-13, Post Audit.

(2)  Performance and/or financial audits of the funds, programs, services, and operations of any county agency, executive agency, or program, as set forth by the county auditor in an annual audit plan that shall be transmitted to the county council and the mayor and filed with the county clerk as a public record.

(3)  Follow-up audits and monitoring of responses to audit recommendations by audited entities.

(4)  Investigations of fraud, waste or abuse within count operations, when the county auditor determines that the allegation of fraud, waste or abuse warrants investigation. The county auditor may provide findings and recommendations to the appropriate county official or officials after completing the investigation.

(e)  For purposes of this section, “county agency” or “executive agency” includes any office, department, board, commission, agency, semi-autonomous agency, or other governmental unit of the county in the executive or legislative branch that is supported in whole or in part, by county funds.

(f)  For purposes of carrying out the duties prescribed in subsection (d), the county auditor shall have:

(1)  Full, free, and unrestricted access to any county officer or employee.

(2)  Full, free, and unrestricted access to and authority to examine and inspect any record of any county agency, executive agency, or program except for any record protected from disclosure by law, rule, or privilege.

(3)  Full, free, and unrestricted access to and authority to examine and inspect any property, facility, or equipment of any county agency, executive agency, or program pertinent to the audit or to a contract.

(4)  Full, free, and unrestricted access to and authority to administer oaths and subpoena witnesses and compel the production of records pertinent thereto. If any person subpoenaed as a witness or compelled to produce records shall fail or refuse to respond thereto, the proper court, upon request.

(g)  The county auditor shall conduct or cause to be conducted all audits in accordance with government auditing standards and shall set forth final audit findings and recommendations in written reports, copies of which shall be transmitted to the county council and the mayor and filed with the county clerk as public records.

Independence (GAS 3.18)

The Office of the County Auditor must be independent in fact and appearance, and free from personal, external, and organizational impairments. Independence enhances the Office’s credibility with the public and is critical to ensuring audit findings, opinions, conclusions, judgments, and recommendations are impartial.

Objectivity

The Office of the County Auditor conducts all audits objectively, factually, and without preconceived ideas, notions, biases, or vested interests regarding the audit subject. Additionally, the Office bases all conclusions and recommendations on a full review of relevant information and on open-minded consideration of opposing points of view.

Technical Accuracy

The Office of the County Auditor utilizes strict quality assurance programs to ensure staff exercise due professional care, adequately plan audits, and prepare workpapers that contain sufficient and compelling evidence to support any statements of fact in its reports.

IV.  Audit Services

Performance Audits

The Office of the County Auditor conducts performance audits in accordance with Generally Accepted Government Audit Standards (GAGAS). Auditors examine, review, analyze, or perform other procedures on a broad range of subjects such as internal controls, the reliability of performance measures, and compliance with requirements of specified laws, regulations, rules, policies, procedures, contracts, or grants.

Performance Audits include: (1) an Economy and Efficiency Review, and (2) a Program Review. An Economy and Efficiency Review determines if the audited entity has acquired its resources for the best possible price and used those acquired resources efficiently. A Program Review, on the other hand, determines whether the audited entity has achieved its goals and objectives and provided services to its program recipients effectively.

Government services cover a broad and variable spectrum. Therefore, the audit objectives for a Performance Audit must be designed to address the unique services that are the subject of the audit. In its broadest context, audit objectives might involve assessments of: effectiveness, efficiency, economy, compliance, data reliability, policies, procedures, prospective evaluations, or risk assessment.

Whistleblower Investigations

County staff or members of the public may submit tips by calling the Whistleblower Hotline toll-free at 1-808-480-8213 (Fraud and Waste), 1-808-480-8279 (Abuse) or online at  https://www.hawaiicounty.gov/our-county/legislative/office-of-the-county-auditor/inquiry-and-complaint/intake-form#!.

In addition, tips may be submitted directly to the County Auditor or any OCA staff in person, over the phone, in writing, or by email; complaints are handled pursuant to Section 4 of this policy Whistleblower Program Procedures.

V.   Non-Audit Services

The Office of the County Auditor may perform the following non-audit services or routine activities, provided it do not impair the office’s independence. To ensure quality and limit the potential for impairments to the office’s independence, deviations to these procedures will be approved by the County Auditor.

Monitoring of Nonprofit Grants-in-Aid. Section 2 Article 25 of the Hawaiʻi County Code, Appropriation of Funds to Nonprofit Organizations reserves the right of the County Auditor to gain access to facilities, personnel, records, report, files, and other related documents in order that the program, management, and fiscal practices of the nonprofit organization may be monitored and evaluated to assure the proper and effective expenditure of public funds.

The office may monitor and evaluate to assure the proper and effective expenditure of public funds by analyzing data and information related to budgetary issues, fiscal forecasting, and planning, including the County’s past, current, proposed revenues, and expenditures to detect anomalies and to detect and prevent non-compliance with applicable laws or governance.

Other Non-Audit Services

• Participate in committees, task forces, or focus groups as an expert in a purely advisory and non-voting capacity to advise management on issues based on the auditor’s knowledge or to address urgent problems.

   

• Provide tools or methodologies such as benchmarking studies and internal control assessment methodologies that can be used by management.

   

• Provide targeted and limited technical advice to management to assist them in activities such as answering technical questions or providing training, implementing audit recommendations, implementing internal controls, and providing information on good business practices.

The County Auditor must approve all requests for non-audit services. The County Auditor will evaluate the impact on independence of any previously performed non-audit services before accepting prospective engagements. If the County Auditor concludes that performing the requested non-audit service would impair the Office's independence, he or she will inform the requestor and decline to perform the work.

Before agreeing to provide non-audit services to an audited entity, the office should determine whether providing such a service, either by itself or in aggregate with other non-audit services, would create a threat to independence of any GAGAS audit performed. A critical component of this determination is consideration of management’s ability to effectively oversee the non-audit service to be performed. The auditor should determine that the audited entity has designated an individual who possesses suitable skills, knowledge, and experience, and that the individual understands the services to be performed to sufficiently oversee them. The individual is not required to possess the expertise to perform or re-perform the services. If the audited entity is unable or unwilling to oversee the service, the auditor should conclude that providing the service impairs independence.

In connection with non-audit services, the auditor should obtain an agreement from the audited entity’s management that management assumes all management responsibilities, oversees the services, evaluates the adequacy and results of services provided, and accepts responsibility for the results. The auditor should also establish and document their understanding with the audited entity’s management or those charged with governance, as appropriate, regarding the following:

• Objectives of the non-audit service;
• Services to be provided;
• Management’s acceptance of its responsibilities;
• The auditor’s responsibilities; and
• Any limitations of the non-audit service.

Auditors are prohibited from performing management responsibilities for organizations they audit. Examples of activities that are considered management responsibilities and would therefore impair independence if performed for an audited entity include: 

• Setting policies and strategic direction for the audited entity.
• Directing and accepting responsibility for the actions of the audited entity’s employees in the performance of their routine, recurring activities.
• Having custody of an audited entity’s assets.
• Reporting to those charged with governance on behalf of management.
• Deciding which of the auditor’s or outside third party’s recommendations to implement.
• Accepting responsibility for the management of an audited entity’s project.
• Accepting responsibility for designing, implementing, or maintaining internal control.
• Providing services that are intended to be used as management’s primary basis for making decisions that are significant to the subject matter of the audit.
• Developing an audited entity’s performance measurement system when that system is material or significant to the subject matter of the audit.
• Serving as a voting member of an audited entity’s management committee or board of directors.

When performance of a required non-audit service impairs independence with respect to a required engagement, auditors should disclose the nature of threats that could not be eliminated or reduced to an acceptable level and modify the GAGAS compliance statement accordingly.

Phase 5: Report Writing and Distribution

Auditors should issue audit reports in a form that is appropriate for its intended use, either in writing or in some other retrievable form. Audit reporting consists of the procedures outlined below and will generally follow the process as presented. However, the nature of audit work requires flexibility, and the following steps should be considered part of a fluid process:

Drafting the Audit Report

The auditor prepares a draft Audit Report that incorporates the decisions reached during the Pre-Draft Conference. Staff submits the completed draft Audit Report to the County Auditor for review and editing, which should include:

• An introduction statements including an Executive Summary or equivalent, with a succinct summary of the information contained in the report presented
• A statement of compliance with GAGAS
• A statement of audit objectives
• A description of the audit scope and methodology (describe techniques in sufficient detail so users understand how audit objectives were addressed)
• A discussion of Audit Findings and Conclusions
  • Audit Findings begin with a root cause or problem statement
  • Effect of the problem statement
  • Recommendations for necessary or desirable action
• Noted instances of waste, fraud, or abuse
• The nature of any confidential or sensitive information submitted
• Report conclusions

Reference Draft Audit Report

The auditor will prepare a copy of the Referenced Draft Audit Report, fully referenced to supporting workpapers and evidence prepared during the audit. All report content, including background, findings, conclusions, supporting evidence, etc. should be linked to supporting workpapers.

Peer-Reviewing the Audit Report

Each report will be reviewed by another employee in the office who was not substantially involved in the audit assignment. Comparing the Referenced Draft Audit Report to the supporting workpapers to ensure compliance with GAGAS evidence standards and is one of the most important audit quality assurance steps in the County Auditor’s audit process.

According to GAGAS section 9.17(a), referencing confirms the accuracy of facts, figures, and dates, and ensures findings are adequately supported by the evidence in the audit documentation, and that the conclusions and recommendations flow logically from the evidence.

During the review process, the reviewer observes notes related to evidence which identifies questions or comments related to the adequacy and sufficiency of the evidence supporting the report. The auditor who prepared the Referenced Draft Audit Report must respond to all reference notes to the satisfaction of the reviewer. Failure to do so will result in amendments to or elimination of items from the draft report. When the reviewer is satisfied with the auditor’s responses to the reference notes, he or she initials the Review Note and signifies the issue is resolved. In the event the auditor and the reviewer(s) disagree on whether the auditor’s response resolves the concern, the County Auditor will make the final determination.

Any changes made to the Draft Audit Report after the peer-review should be reviewed and, if necessary, re-referenced.

The draft report is then forwarded to the County Auditor for final review and approval. This final review process may be approved anytime up and until report publication.

Finalizing the Audit Report

Forward a copy of the Draft Audit Report to representatives of the audited entity and any other appropriate officials (e.g., Corporation Counsel) for review prior to the Exit Conference. The auditee(s) are normally allowed ten business days to offer input regarding, misstatements, inaccuracies, or omissions, and provide a written response to be included in the final Audit Report.

If the auditee does provide input which requires substantial revisions, the County Auditor may grant an extension to the management response so that management statements accurately reflect the current draft version.

Auditor incorporates any agreed upon changes to the Draft Audit Report.

If the auditee does not provide a written response within the time frame afforded, the County Auditor will reserve the right to issue the audit report to the Council without a response. If the auditee provides a response that the County Auditor believes is inaccurate or misleading, the County Auditor reserves the right to include a rebuttal to the response in the final Audit Report.

The office offers to conduct an Exit Conference with representatives of the audited entity and any other appropriate entities to discuss their input and comments regarding the audit and the draft report. To ensure technical accuracy and fairness to the audited entity, the County Auditor incorporates any agreed upon changes to the Draft Audit Report. This step may be unnecessary depending on the degree of collaboration during the draft review process, and the auditee may choose to opt out of a formal exit.

The County Auditor may meet with Councilmembers, if necessary, to inform them a report is forthcoming and alert them as to the report findings and recommendations.

Release the final Audit Report simultaneously to the county council, mayor, the audited entity, county clerk, and the public.

Council Presentation

If asked to present, provide a presentation of the final Audit Report to County Council at the committee meeting determined to be most appropriate, which may also hear testimony from the audited entity as well as other interested parties.

Additionally, present to those charged with governance, of the audited entity.

Reporting Confidential or Sensitive Information

Some information may be prohibited from public disclosure or may otherwise be excluded from a report due to confidentiality or sensitivity. Considering the broad public interest in the program or activity under audit assists auditors when deciding whether to exclude information from publicly available reports. For example, circumstances associated with public safety, privacy, or security concerns could justify the exclusion of certain information from a publicly available or widely distributed report. When this occurs, the auditor should disclose in the report that certain information has been omitted and circumstances that make the omission necessary. When considering whether to omit certain information, auditors should evaluate whether it could distort the audit results or conceal improper or illegal practices and revise the report language as necessary to avoid report users drawing inappropriate conclusions from information presented. In circumstances when information is classified or otherwise prohibited from general disclosure by federal, state, or local laws or regulations the auditor may issue a separate classified or limited use report containing such information and distribute that report only to persons authorized by law or regulation (GAGAS 9.61, 9.62, 9.63).

Discovery of Insufficient Evidence after Report Release

If, after an Audit Report is issued, it is determined that the report lacked sufficient, appropriate evidence to support findings or conclusions, the County Auditor should notify appropriate officials (Management and Council), remove the report from the County Auditor’s website, and post a public notice that the report was removed. The County Auditor should then decide whether to do more audit work to reissue the report with revised findings and conclusions (GAGAS 9.68).

III.  Audit Documentation

Auditors should prepare and maintain audit documentation related to planning, conducting, and reporting on the audit. Documentation should be sufficient to enable an experienced auditor who has had no previous connection with the audit to ascertain whether the evidence that supports the auditor’s judgment and conclusions is adequate. Audit documentation should contain support for findings, conclusions, and recommendations. Documentation collected during the audit may be retained in the form of both electronic files and hard copy workpapers.

Audit workpapers are essential to a successful audit, as they provide the principal evidentiary support for the audit report and related conclusions. They document whether the audit objectives were achieved, facilitate review and evaluation of the work performed, provide a central ongoing reference during the audit so the audit can proceed effectively and efficiently, and provide a reference for audit follow-up.

Source documents too voluminous to be incorporated in working papers, should accompany them and auditors should identify the specific documents they examined in the work papers, copy relevant data, and/or include samples of documents to facilitate the reviewer’s understanding of what the auditors did. Auditors are not required to include copies of, or list detailed information from, every document they examined when those documents are not used to support the Audit Report, Findings, or Recommendations.

The form and content of audit documentation may vary depending on the circumstances of the audit. Workpapers should include:

• Purpose Statement
• Scope Description
• Indexed Evidence
• Cross-indexed Audit Program. If an audit step is omitted or not applicable, this should be explained in the workpapers
• Workpapers to document the work performed to support significant judgments and conclusions, including descriptions of records examined, interviews conducted, procedures performed, sampling, and other selection criteria used
• Documentation of supervisory review
• Any departures from GAGAS requirements and the impact on the audit and the auditors’ conclusions
• Cross-indexed and referenced copy of the Audit Report

   

Documentation Storage and Availability

GAGAS sections 5.22, 5.42, and 5.58 require that audit organizations establish information systems controls concerning accessing and updating electronically maintained audit documentation. Audit workpapers are stored in the “Audits” Folder on the department’s shared drive. Access to these drives is limited to office staff. Auditors should make appropriate individuals and audit documentation available to other auditors and reviewers upon request, subject to applicable laws and regulations.

Confidential Workpapers

Subject matter in workpapers that is deemed confidential should be handled with care, clearly identified as confidential, and stored as a separately document from non-confidential work papers. Confidential electronic and paper documents shall be labeled “confidential.” Any hard copy confidential paper files shall be locked in secure areas of the office. Consistent with GAGAS, the Auditor shall not publicly disclose any information received during an audit that is considered confidential by state or federal law.

IV.   Findings of Illegal Acts, Noncompliance, Abuse, or Fraud

Auditors should exercise due professional care in pursuing indications of possible illegal acts so as not to interfere with potential investigations, legal proceedings, or both.  Under some circumstances, laws, regulations, or policies require auditors to report indications of certain types of illegal acts to law enforcement or investigatory authorities before extending audit steps and procedures. Auditors may also be required to withdraw from or defer further work on the audit or a portion of the audit in order not to interfere with an investigation. Whether a particular act is actually fraud or noncompliance within provisions of laws, regulations, contracts, or grant agreements may have to await final determination by a court of law or other adjudicative body.

 Therefore, when auditors disclose matters that have led them to conclude an illegal act is likely to have occurred, they should take care not to imply that they have made a determination of illegality. The following GAGAS sections provide guidance on such findings:

• GAS section 9.35, “Auditors should report a matter as a finding when they conclude, based on sufficient, appropriate evidence, that noncompliance with provisions of law, regulations, contracts, and grant agreements either has occurred or is likely to have occurred that is significant within the context of the audit objectives.”
• GAS section 9.36, “Auditors should communicate findings in writing to audited entity officials when the auditors detect instances of noncompliance with provisions of laws, regulations, contracts, and grant agreements that are not significantly within the context of the audit objectives but warrant the attention of those charged with governance.”
• GAS section 9.40, “Auditors should report a matter as a finding when they conclude, based on sufficient, appropriate evidence, that fraud either has occurred or is likely to have occurred that is significant to the audit objectives.”
• GAS section 9.41, “Auditors should communicate findings in writing to audited entity officials when the auditors detect instances of fraud that are not significant within the context of the audit objective but warrant the attention of those charged with governance.”

However, instances may arise where the auditor is concerned that publicly reporting information concerning fraud, noncompliance with provisions of laws, regulations, contracts, or grant agreements, or abuse may compromise investigative or legal proceedings. In accordance with GAGAS sections 9.39 and 9.44, auditors in these instances may consult with authorities or legal counsel about any potential on investigative or legal proceedings. Auditors may limit their public reporting to matters that would not compromise those proceedings and, for example, report only on information that is already a part of the public record.

If evidence indicates that an illegal act, noncompliance, fraud, or abuse has occurred, the County Auditor will determine whether additional work needs to be performed or whether audit work should be suspended as a result of the finding and determine whether a referral should be made to the Prosecuting Attorney’s Office and/or Law Enforcement regarding potential investigations or legal proceedings.

GAS section 9.45 states in part, “Auditors should report known or likely noncompliance with provisions of laws, regulations, contracts, and grant agreements or fraud directly to parties outside the audited entity in the following two circumstances.

a.  When audited entity management fails to satisfy legal or regulatory requirements to report such information to external parties specified in law or regulation…

b.  When audited entity management fails to take timely and appropriate steps to respond to noncompliance with provisions of laws, regulations, contracts, and grant agreements or instances of fraud that (1) are likely to have a significant effect on the subject matter and (2) involve funding received directly or indirectly from a government agency…”

In such instances, the Office of the County Auditor will contact the department, and or Corporation Counsel to discuss the matter (and to the extent possible provide documentation) and will document those discussions in the workpapers. If formal notifications and letters are appropriate to the circumstances, the Office will retain those documents as workpapers.

V.    Communication Logs

Auditors are encouraged to keep records of communications with employees, related entities, and external organizations regarding audit work. Communication logs help record the responsiveness of these various parties, organize workpapers, and track the flow of audit information.

VI.   Audit Recommendation Follow-up

The Office of the County Auditor maintains a dashboard that details the implementation status of recommendations. When a department claims it has met the conditions of a recommendation, the office requests evidence of status or otherwise corroborates the claim.

Recommendations are classified based on the responsible party’s progress:

• Pending: A new recommendation that auditors have not yet followed up on.

   

• Resolved: Although the department did not implement the audit recommendation, it implemented an alternative solution/mitigating/compensating control that fully addressed the applicable audit finding or risk.

   

• Implemented: Department has fully completed the audit recommendation. We reviewed sufficient and appropriate evidence to support all aspects of the recommendation.

   

• Partially Implemented: Department has made significant progress. We reviewed sufficient and appropriate evidence to support key aspects of the audit recommendation.

   

• Not Implemented: Sufficient and appropriate evidence was unavailable to support key aspects of the recommendation or department has no plans to implement the recommendation.

   

• Not Applicable: The risk associated with the recommendation no longer exists or is no longer applicable.

Interactive dashboards with information related to all recommendations issued by the office can be found on the Office of the County Auditor’s website at https://www.hawaiicounty.gov/our-county/legislative/office-of-the-county-auditor

I.     Background

In 2017, an audit of the County’s hiring practices identified the need to establish an independent whistleblower program and system to allow confidential complaints to be reported. Proactively, the Office of the County Auditor piloted two confidential hotlines for tips alleging fraud, waste, or abuse beginning in January 2022 and ending in June 2023.

During the pilot phase, inherently high-risk tips were considered as part of OCA’s ongoing risk assessment in determining if a tip was the basis for a future performance audit. Often, the improper use of government resources or positions is discovered thanks to reports by employees and other community members.

The Office of the County Auditors’ Whistleblower Program was established in November 2022, by a charter amendment approved by the majority of Hawaii County citizens, allowing the county auditor to conduct or cause to conduct:

Investigations of reports of fraud, waste or abuse within county operations, when the county auditor determines that the allegation of fraud, waste or abuse warrants investigation. The county auditor may provide findings and recommendations to the appropriate county official or officials after completing the investigation.

II.    Purpose

The purpose of the Office of the County Auditor’s Whistleblower Program and Fraud Hotline is to identify and deter improper conduct that impairs the integrity, efficiency, or effectiveness of County government. The Auditor’s Office operates two fraud, waste, and abuse hotlines to enable employees and the public to submit confidential tips about suspected fraud, waste, inefficiency, or abuse.

III.   References

• HRS Chapter 378 Part V. Whistleblowers’ Protection Act
  • HRS §378-61 Definitions
  • HRS §378-62 Discharge of, threats to, or discrimination against employee for reporting violations of law
  • HRS §378-70 Protected disclosure by a public employee
• HRS §92F-13 Government records; exceptions to general rule
• Hawaii County Charter Section 3-18(d)(4) effective 11/8/2022

IV.   General Definitions

“Fraud” involves an intentional deception or misrepresentation, by act or omission, which results or could result in a benefit for a person or entity to which the person or entity is not entitled.

Some examples of fraud may include but are not limited to; theft, forgery, falsifying records, and bribery.

“Waste” involves the needless, careless, or extravagant expenditure of County funds, or the misuse or mismanagement of County resources or property. Waste does not have to involve a private use or personal gain and can be intentional or unintentional.

“Inefficiency” involves an inability to do something in a well-organized or competent way, or the failure to implement processes as intended with minimal wasted time or resources.

“Inefficiency” may also occur when the design of a program or policy fails to produce desired outcomes, despite the resources invested.

Some examples of waste may include but are not limited to ignoring competitive bidding requirements, purchasing overpriced equipment from a favored vendor, purchasing unnecessary goods or services.

“Abuse” involves the improper use of a county position or the improper use or destruction of County records or resources.

Some examples of abuse may include but are not limited to awarding government contracts to family or friends, receiving, or asking for gifts from vendors/contractors, or using a vendors written specification to eliminate competitive bidding.

V.    General Terms

To further the purposes of the Fraud Hotline, the Auditor’s Office interprets “fraud,” “waste,” “inefficiency,” and “abuse” broadly. The definitions and examples used in this policy are general in nature. The Auditor’s Office encourages anyone with information about the improper use of County resources or positions to submit a tip to the Fraud Hotline.

County employees and community members may use the Fraud Hotline to submit a tip regarding suspected fraud, waste, inefficiency, or abuse. The Fraud Hotline uses online and telephone reporting systems to accept tips. Tip can be submitted online at:

https://www.hawaiicounty.gov/ourcounty/legislative/office-of-the-county-auditor/inquiry-and-complaint.

Tips related to fraud and waste can be submitted by phone by calling: 1-808-480-8213. Tips related to abuse can be submitted by phone by calling: 1-808-480-8279.

The Fraud Hotline accepts confidential tips, or a person who submits a tip may choose to identify themselves.  All County employees are expected to disclose suspected waste, fraud, abuse, and corruption, and to report observed unlawful or improper actions by any County official, employee, board member, commissioner, or volunteer.

VI.   Confidentiality

OCA personnel operating the hotlines do not track the phone number, internet provider, or location of a person submitting a tip unless a person chooses to voluntarily submit such information. The identity of a person submitting a tip to hotlines is confidential. However, a person submitting a tip may choose to waive confidentiality. If a person who submits a tip identifies themselves, the Auditor’s Office is required and committed to treating their identity as confidential and will protect it from disclosure unless ordered otherwise by a court or in response to a public records appeal to the District Attorney, or if the person waived confidentiality.

Absolute confidentiality cannot be guaranteed in every circumstance. The investigation into the tip is confidential until the investigation is complete. The OCA may share information about the tip with management, departments, or divisions and other agencies as needed to conduct the investigation and/or make referrals to other investigative entities.

After the investigation is complete, the OCA may publicly disclose information about the investigation but will not release the identity of the person who submitted the tip.

VII.  Cooperation with Investigations; Retaliation Prohibited

County employees are expected to cooperate with the OCA during hotline investigations. The Hawaii County’s Charter, as amended, gives the OCA full, free, and unrestricted access to any county officer or employee, record, property, facility, or equipment, except when protected by law, rule, or privilege.

Hawaii Revised Statutes §378-61 and §378-70 provides whistleblower protections and prohibits retaliation against employees for filing hotline tips or for cooperating with investigations.

Some protections include:

Hawaii Revised Statutes [§378-62] Discharge of, threats to, or discrimination against employee for reporting violations of law.

An employer shall not discharge, threaten, or otherwise discriminate against an employee regarding the employee’s compensation, terms, conditions, location, or privileges of employment because:

(1)  The employee, or a person acting on behalf of the employee, reports or is about to report to the employer, or reports or is about to report to a public body, verbally or in writing, a violation or a suspected violation of:

(A)  A law, rule, ordinance, or regulation, adopted pursuant to law of this State, a political subdivision of this State, or the United States; or

(B)  A contract executed by the State, a political subdivision of the State, or the United States, unless the employee knows that the report is false; or

(2)  An employee is requested by a public body to participate in an investigation, hearing, or inquiry held by that public body, or a court action.

Hawaii Revised Statutes [§378-70] Protected disclosure by a public employee.

(a)  In addition to any other protections under this part, a public employer shall not discharge, threaten, or otherwise discriminate against a public employee regarding the public employee’s compensation, terms, conditions, location, or privileges of employment because the public employee, or a person acting on behalf of the public employee, reports or is about to report to the public employer or a public body, verbally or in writing:

(1)  Any violation or suspected violation of a federal, state, or county law, rule, ordinance, or regulation; or

(2)  Any violation or suspected violation of a contract executed by the State, a political subdivision of the State, or the United States, unless the employee knows that the report is false.

(b)  Every public employer shall post notices pertaining to the application of sections 378-70 and 396(e), as shall be prescribed by the department of labor and industrial relations, in conspicuous places in every workplace.

VIII.  Hotline Procedures

The Office of the County Auditor (OCA) is responsible for administering the Hotlines.

OCA prepares educational materials that explain the purpose of the Hotlines and how to file tips.

Upon receipt of a Hotline tip, OCA will log the tip and promptly conduct an initial review. During the initial review, OCA will evaluate the tip, gather preliminary facts, as needed, and asses how to address the tip.

OCA may close a case without further action, as determined by the county auditor. Some examples to close a case may include but are not limited to:

• The tip is outside the scope of the Hotline or is not sufficiently connected to a county department, employee, program, or service.
• The tip does not include enough credible information to investigate. 
• The tip appears to involve a matter that has already been resolved. The tip appears to be trivial, frivolous, intended to harass or annoy, or otherwise not made in good faith.

Alternatively, when another resolve exists, OCA may:

• Request additional information from the person who submitted the tip, using the Fraud Hotline case management system to the extent the information exists. 
• Gather information from other county divisions, departments, agencies, and/or outside entities. 
• Refer the tip to, a department, law enforcement, or other agency for investigation or another response. 
• Conduct an independent and impartial investigation into the tip or investigate some allegations and refer other allegations to another agency for investigation or another response. 
• The County Auditor determines an audit is warranted. Conducts or causes to conduct an audit in accordance with generally accepted government auditing standards.

Take any other action to investigate, review, and/or respond to the tip. OCA will monitor written case information into the Hotline case management system to ensure confidentiality, consistency, and complete follow-up. OCA will document the outcome of all initial reviews and investigations through the case management system.

If OCA refers a tip, or allegations stemming from a tip to another agency for investigation, OCA may monitor the agency’s investigation, receive updates, and review investigative findings, and may provide information or assistance, upon request, to the other agency.

OCA is required to maintain the confidentiality of confidential and legally privileged county information and records, except as required by law.

IX.  Tips Deemed Out of Scope, Items OCA Does Not Investigate:

Non-jurisdiction (e.g., Maui County, Department of Education, or Court system administered by the State of Hawaii) or as determined by the County Auditor. OCA may redirect a claimant to the appropriate jurisdiction or governing authority.

Matters Pending Litigation and/or Ongoing Investigation:

When the county auditor identifies potential conflicts of interest and/or threats to independence (e.g., self-interest, self-review, bias, familiarity, undue influence, management participation and structural threat) and determines if such threats and/or impairments to independence cannot be mitigated.  

Employment or Labor Issues that:

• Does not involve fraud, waste, inefficiency, or abuse
• Involve employee or applicant discrimination complaints
• Are subject to collective bargaining agreement grievance procedures (e.g., tips related to wages, benefits, hours, working conditions, or imposed discipline)
• Can be appealed to the County’s Merit Appeals Board

OCA will generally refer persons submitting tips involving such employment or labor issues to the Department of Human Resources, applicable collective bargaining unit or governing authority.

Tips Involving Criminal Activity

OCA supports the full investigation of conduct that may be criminal, as well as the criminal prosecution of offenders, to deter future violations and seek restitution for the County.

While reviewing or investigating a Hotline tip, if OCA reasonably suspects that fraud or other criminal activity may be occurring or may have occurred, OCA will contact the department to lead an investigation of the suspected individuals in accordance with the County’s Internal Complaint Procedures and OCA will review completed investigation and results.

If the department head is suspected to be involved, then OCA will contact the administration and corporation counsel to lead an investigation and OCA will review completed investigation and results. If OCA is unsure about whether fraud or other criminal activity may be occurring or may have occurred, OCA may consult with law enforcement before contacting the subject(s) of the investigation.

X.   Fraud Hotline Investigations: Interviewing Employees

OCA may interview County employees during Hotline reviews.

OCA is committed to protecting the rights of County employees during interviews and will follow standard County interview procedures.

OCA will either make an audio recording or document interviews with County employees.

OCA may independently interview any official or employee with information related to a Hotline tip if there is no reason to believe that the employee could face discipline because of the investigation. If OCA reasonably believes that an official or employee could face discipline related to a tip or investigation:

• OCA will coordinate the interview with the employee’s human resources the department, and a bargaining unit representative where applicable. OCA may interview such an employee without a department representative. 
• If approved by corporation counsel. If the department has unreasonably delayed the interview, OCA must notify department management of the date and time of the scheduled interview and give the department an opportunity to have a representative participate in the interview.

XI.   Public Records

OCA will not include confidential information in any reports that may be subject to public disclosure and should avoid including sensitive information in such reports.

Unless the person who submitted the Hotline tip has waived confidentiality, OCA may not identify the person in any reports or otherwise disclose their identity.

Before releasing records related to a Fraud Hotline investigation, OCA will determine whether any information should be withheld in accordance with applicable law. For example:

Hawaii Revised Statute Uniform Information Practices Act [§92F-13] Government records; exceptions to general rule. This part shall not require disclosure of:

(1)  Government records which, if disclosed, would constitute a clearly unwarranted invasion of personal privacy. 

(2)  Government records pertaining to the prosecution or defense of any judicial or quasi-judicial action to which the State or any county is or may be a party, to the extent that such records would not be discoverable. 

(3)  Government records that, by their nature, must be confidential for the government to avoid the frustration of a legitimate government function. 

(4)  Government records which, pursuant to state or federal law including an order of any state or federal court, are protected from disclosure; and 

(5)  Inchoate and draft working papers of legislative committees including budget worksheets and unfiled committee reports; work product; records or transcripts of an investigating committee of the legislature which are closed by rules adopted pursuant to section 21-4 and the personal files of members of the legislature. 

Upon completion of a Hotline investigation, OCA shall determine, in writing, whether fraud, waste, inefficiency, or abuse may be occurring or may have occurred.

If OCA determines that waste, inefficiency, or abuse did not occur:

• No further action required by OCA. A written determination may be limited to a summary in the case management system. OCA is not required to report the determination.

If OCA determines that waste, inefficiency, and/or abuse may be occurring or may have occurred:

• OCA submits a draft findings memo, which includes OCAs’ findings and any recommendations for addressing the causes of the waste, inefficiency, and/or abuse, to the department head and appropriate governing authority.

• OCA gives the department a reasonable opportunity to respond. A ten business day deadline is standard. OCA will include a brief statement by the department, if one is provided, in the final findings’ memo.

• OCA may revise the draft findings memo to address the department’s response or for any other purpose determined by the county auditor.

• OCA prepares a written determination that briefly explains the Hotline tip, OCA’s findings and recommendations, and the department’s response.

• Before releasing the written determination to council and/or the public, OCA may provide advance, courtesy copies to the mayor and department head.

• OCA may notify the claimant about the outcome of the investigation.

• As part of it’s annual monitoring of audit quality this section will be reviewed for improvements.

This section of the Policy and Procedures Manual describes general office procedures for the Office of the County Auditor.

I.     Office Hours

Normal working hours are 7:45 a.m. to 4:30 p.m., with one 45-minute lunch, and one ten-minute breaks during each half of the workday, Monday through Friday, in a manner consistent with the County’s Time and Attendance Policy.

The County Auditor may approve other alternate work schedules on a case-by-case basis. Such requests should be made in writing and discussed with the County Auditor. Each employee is expected to be punctual and to adhere to their approved work schedule.

II.    Time Reporting

To be paid correctly and minimize instances of reversals and adjustments, employees are responsible for submitting requests for absences and turning in timesheets which reflect any variance from normal attendance. The Administrative Assistant provides a level of oversight by tracking and entering their hours worked into the County’s EDEN system within two days of a pay period closing on the 15^th and end of each month. Timecards are approved by the County Auditor according to the payroll schedule.

III.   Working Away from The Office

Office staff may occasionally work remotely at the discretion of the County Auditor. Alternate work locations are evaluated on a case-by-case basis. Employees working outside of the office are expected to complete as much work as they would do while in the office and ensure the security of work documents. The County Auditor may decide to limit or not allow an employee to work away from the office if there are concerns about that employee’s performance.

Employees may work from their personal computers or take home their office laptop. To facilitate access to audit files, employees may work with the County’s Information Technology Department to establish access to OCA’s shared drive through a Virtual Private Network (VPN).

Time worked away from the office shall be counted as regular time in both EDEN and on the employee’s timesheet. However, a calendar event in Microsoft Outlook should accompany the time worked out-of-office.

IV.    Staff Meetings

The County Auditor conducts periodic staff meetings. During this time, the County Auditor and staff will provide updates on recent work and discuss any work-related issues. In addition to discussing assigned work, meetings are also an opportunity to share office-related ideas and concerns.

V.     Vacation, Sick Leave, and Leave of Absence

Planned leave, such as vacation and personal business, of 8 hours or more should be approved in advance by the County Auditor. Leave less than 8 hours may be requested informally but should be obtained at least 24 hours in advance. Staff is requested to notify the County Auditor as soon as practical or by 8:45 a.m. regarding sick leave.

VI.    Flexible Work Schedules

Full-time, salaried employees are expected to work 40 hours per week. The job requirements may necessitate work occurring during hours outside of the normal schedule.

These circumstances are recognized by allowing some flexibility in the work schedule so that, with the approval of their supervisor, employees who work more than 40 hours in a workweek may occasionally be allowed to reduce their work schedule by the same number of hours, or less, within the same bi-weekly pay period. For good cause shown, and with the approval of the County Auditor, the reduced work schedule may occur in a subsequent pay period. The employee must:

1)  Work in an assignment that allows such flexibility with consideration of internal and external customer needs, operational requirements, and status of current assignments.

2)  Be in good standing and performing at a satisfactory or higher level.

This policy applies to working in and out-of-office. When seeking approval to work outside of the office for specific dates, employees shall inform in writing of planned personal appointments or obligations for those days and approval is at the sole discretion of the County Auditor.

VII.   Flextime Appointed

An employee may earn and take flextime only with the pre-approval or the County Auditor. Accumulated flextime that is not taken before an employee leaves the County will be forfeited and no monetary compensation will be made. Document flex in a manner consistent with the Legislative Branch’s Flextime Policy.

VIII.  Use of Computer Equipment, email, Internet, and Telephone

The County’s policy on acceptable use of information technology resources is contained in the Information Technology Resource Policy.

IX.    Contact with the County Council and the News Media

The County Auditor is the point of contact with members of the County Council and with the news media. Any request for information should be routed to the County Auditor. The County Auditor may, at their discretion, delegate the responsibility to staff for specific issues.

X.     Public Records Requests

The Office of the County Auditor manages public records requests in a manner consistent with the State of Hawaii’s Office of Information Practices (OIP) Request to Access a Government Record.

Some records and information generated by the Office the County Auditor are confidential and must be protected from disclosure as outlined by Hawaiʻi Revised Statutes (HRS) 92F-13, the State’s Whistleblower Protections HRS §§378-61, 378-70, and the County’s Whistleblower Protection Policy section 4, herein. Due to the obligation of the office to protect confidential information, the County Auditor will manage all records requests from the public.

XI.    Professional Appearance and Conduct

It is the policy of the Office of County Auditor to promote an attitude of professionalism and competence. Professional appearance and conduct help to convey these attributes. As such, the audit staff should dress appropriately when on the job and treat other employees with courtesy and respect. Staff is expected to dress business casual. More formal dress may be required depending on circumstances, e.g. meeting with County Councilmembers or public events. All staff members are representatives of the Office of the County Auditor and should present themselves accordingly.

The success of any audit is due in part to the cooperation and assistance of County staff. As such, it is important to remember that these employees are working for their respective departments and that their primary duty is to fulfill their daily assignments. Therefore, staff auditors should be courteous and understanding of employee time constraints. If an auditor needs an employee to perform a major task, this should be discussed with the County Auditor in advance.

Staff members are responsible for keeping their work areas neat and orderly. Care must be exercised to avoid exposure of confidential or potentially sensitive documents.

XII.   Performance Appraisals

Pursuant to County policy, the County Auditor conducts annual performance evaluations for all regular staff including an evaluation of past performance, areas for improvement, performance objectives for the coming year, opportunities for improving skills, and targeting appropriate training. Performance planning and appraisal is normally conducted prior to setting individual employee compensation.

XIII.  Monitoring Department Budget

The County Auditor, or designee, is responsible for approving hardcopy invoices. The Administrative Assistant enters signed invoices into EDEN. The County Auditor reviews and approves the entry of the Office’s electronic financial transaction entries in EDEN and monitoring the spenddown of the office’s budget.

XIV.   Calendars, Appointments, Meetings

Staff will maintain their electronic Outlook calendar up to date to facilitate scheduling of appointments and meetings by others.

XV.    Travel

All in-state travel must be approved in advance by the County Auditor.  All out-of-state travel must be approved in advance by the Council Chair.  Approved travel must be in accordance with the County’s applicable Travel, Reimbursement, and Procurement Policies.

XVI.   Outside Employment

Employees who would like to seek supplemental employment should notify the County Auditor in writing so that a determination can be made as to if a conflict of interest may arise, to what degree, and how to overcome.

XVII.  Gifts

It is contrary to the County’s Code of Ethics and GAO’s generally accepted government auditing standards for any Office of the County Auditor employee to accept gifts or gratuities from any individual, business, or organization doing business with, seeking to do business with, seeking permits from, or seeking other entitlements from the County.

XVIII. County Vehicle Loan

The County allows employees the use of County vehicles for official business.  If using a county vehicle, mileage reimbursement does not apply.  Refer to County vehicle loan form and procedures.

XIX.   Updates and Results of Annual Monitoring of Quality

In accordance with GAGAS section 5.44, the Office of the County Auditor will periodically analyze and summarize the results of its monitoring procedures. Such analysis will be conducted at least annually. Such analysis should identify any systemic or repetitive issues needing improvement, along with recommendations for corrective action. Following such analysis, the following section of this manual will note that a review occurred, the results of the review, and whether the manual was revised accordingly. The history of such revisions will be noted below. If no revisions are needed in a given year, a notation will be so indicated.