Meeting documents
Audit Committee (DCC)
Thursday 13 March 2008
Meeting: Audit Committee (County Hall, Durham - Committee Room 4 - 13/03/2008 09:30:00 AM)
Item: A4 Internal Audit Plan 2008/09
 | |
| Report of the Head of Internal Audit and Risk Management | |
1. This report provides a summary of the proposed 2008-09 Operational Internal Audit Plan. The report advises Members of the resource available for Internal Audit and seeks approval to the content of the audit plan for the financial year 2008/09.
2. The report also assists the Council in its statutory responsibility to ensure the proper administration of its financial affairs.
Statutory Background to Internal Audit (IA)
3. The Accounts and Audit (Amended) (England) Regulations 2006 place a requirement upon every local authority to maintain an adequate and effective IA of their affairs.
4. The County Treasurer as the Authority’s Chief Financial Officer has a duty under S151 of the Local Government Act 1972 to maintain an appropriate framework of control over the Authority’s financial affairs. Part of the process by which the S151 officer meets that requirement is through assurances provided by IA.
5. In addition, with effect from 2007/8, the Council is required to publish, as part of its Annual Statement of Accounts, an Annual Governance Statement (AGS). This statement will provide an overall assessment of the Council’s Corporate Governance arrangements and an appraisal of the key controls in place to manage the Council’s principal governance risks. In preparation of this requirement a Code of Corporate Governance has been prepared, which is consistent with the principles of the CIPFA/SOLACE Framework, “Delivering Good Governance”, for approval by the Council.
.
6. The AGS will explain how the Council has complied with the Code and will also provide details of where improvements need to be made to meet the requirements of regulation 4(2) of the Accounts and Audit (Amended) (England) Regulations 2006 in relation to the publication of its Statement on Internal Control. One element in this assurance gathering process is the plan of audits carried out by IA.
Role of Internal Audit
7. IA is an assurance function that provides an independent and objective opinion to the Authority on governance, control, and risk management by evaluating their effectiveness in achieving the authority’s objectives. It objectively examines and evaluates and reports on the adequacy of the control environment as a contribution to the proper, economic, efficient and effective use of resources.
8. The agreed aims and terms of reference for IA are included in the IA Charter agreed by Members on 10th December 2007. The Charter identifies the service standards our customers can expect, how we determine what areas we audit, our audit approach and how we agree and report upon recommendations.
Relationship with External Audit
9. Although internal and external audit have different roles and responsibilities there are areas of overlap in the work they are required to undertake. Under the Audit Commission’s Code of Audit Practice for external audit and the requirements of the International Standards on Auditing, external audit is required to place reliance on the work of IA where possible to support its conclusions. It is therefore imperative that the work of internal and external audit is co-ordinated through close co-operation. The existing protocol between internal and external audit has recently been reviewed to ensure the optimum use of both resource during 2008/9.
10. In utilising this approach, the External Auditor will consider the extent to which reliance can be placed upon the work undertaken by IA and will therefore be able to determine the extent to which additional external system testing is required.
11. The audit plan set out below reflects the resource needed to enable the present managed audit arrangements to continue.
Responsibilities of Management
12. IA is a review and assurance activity and should not be seen as a substitute for introducing and maintaining good internal procedures. Service managers are responsible for establishing and maintaining a proper and effective control environment and for managing risk. Control is an integral part of managing operations and as such IA independently review how effectively management discharges this aspect of its responsibilities by evaluating the effectiveness of systems of internal control and providing objective analysis and constructive recommendations. Management retain full ownership and responsibility for the implementation of any such recommendations.
Resources Available in 2008/09
13. The 2008/9 plan is based upon the agreed structure and resources available to IA, excluding:
· 4 vacant posts which have not been filled due to the transition to LGR
· Resources lost due to a temporary part time secondment of a member of staff to assist with risk management.
· Resources required to deliver the Service Level Agreements (SLAs) for IA services to the Police and Fire Authorities.
14. The plan reflects the existing SLA agreement with the Council’s schools to provide an external assessment of their compliance with the Financial Management Standards in Schools (FMSIS) as required by the Department for Children, Schools and Families (DCSF).
15. IA resources for 2008/9 are summarised as follows:
| Productive Days Available | Days | Percentage |
| Gross Days | 4692 | |
| Less Vacancies | 1044 | |
| Gross Days Available | 3648 | 100% |
| Less Uncontrollable Overheads (e.g. annual leave, bank holidays) | 726 | |
| Productive Days Available | 2922 | 80% |
| Less Controllable Overheads (e.g planning, management, service development and training) | 661 | |
| Gross Chargeable Days | 2261 | 62% |
| Less Chargeable Days to none Council Audit Functions Treasurer to Police Authority SLA Police SLA Fire CPA Risk Management | 70 180 68 50 145 | |
| Net Chargeable Days for Council Audits | 1818 | 50% |
Development of Plan
16. With LGR and the transition to the new Unitary Authority, the 2008/9 IA plan has been prepared using a common approach, adopted by ourselves and all the District Councils, in consultation with our respective external auditors. This approach recognises that one of the greatest risks that could potentially reduce internal control in 2008/9, in all existing Councils, is the transition arrangements themselves. Consequently the IA plan attached at Appendix 2 for approval with this report, reflects:
· Coverage of core high risk audit areas essential to ensure adequate assurance can be given in relation to key financial systems to support the Council’s annual governance statement (statutory requirement to the 2008/9 statement of accounts)
· Resources required to deliver the existing service level agreements
· A block of resources earmarked to support the LGR transition programme as the Council moves to unitary status.
17. Consequently, unlike previous years, Chief Officers have not been consulted prior to the development of the IA Plan. Instead, discussions will be held with LGR programme boards and workstream leads to help identify and develop areas where IA can add value to the transition programme as it progresses. As each IA area is identified it will be prioritised by risk. The scope and objectives of each piece of work will be agreed with management and reported to this Committee as an update to the 2008/9 internal plan.
18. Should it later transpire that time included in the earmarked LRG block is not all required, a number of other high risks audit areas, that were initially planned to be reviewed in 2008/9, will be started. Details of any subsequent amendments to the plan attached will be reported to this Committee.
19. In addition, in preparation of the development of a single IA, Risk Management and Governance Service with effect from 1/4/2009, a separate workstream has been developed under the LGR Finance Programme Board. The 2008/9 IA Plan reflects the estimated resources required to deliver an IA and Governance work programme prepared in support of the workstream Project Initiation Document (PID).
20. In order to help develop joint working arrangements in preparation of the new unitary council with effect from 2009/10, all existing authorities have also agreed to monitor, and report progress in achieving effective coverage of all core audits during 2008/9 in their respective councils. Resource requirements necessary to ensure that all such audits are delivered as planned will be reviewed jointly by all existing authorities, to ensure adequate assurances can be given to all outgoing Councils as well as the transitional authority. Any impact on Durham Council Council’s IA Plan for 2008/9 as a result of this agreement will be reported to this Committee.
21. Management is required to report any instances of suspected fraud and irregularity as and when they arise. IA then assess whether it is a matter that they need to investigate or whether it is more appropriate that the matter is dealt with by management. A contingency allowance, based on previous experience, has been included in the plan to enable such work to be undertaken.
Variations to the Audit Plan
22. Although the majority of audit work can be planned, there are occasions where unforeseen work can arise due to new areas of service or increased risk. Therefore, in order to allow some flexibility, a small contingency allowance is included in the plan to enable such work to be undertaken without adversely affecting the delivery of the planned audit work.
23. Once the contingency allowance has been utilised, an assessment will be carried out to determine whether requests for additional work should be undertaken, based upon the impact on the delivery of the plan and the risk associated with the work requested.
24. All revisions to the plan will be reported to this Committee for information in the quarterly update report.
25. Subsequent quarterly reports to this Committee on the delivery of the plan will be based upon the agreed Revised Audit Plan.
Reporting Protocols and Performance Management Arrangements
26. We are currently reviewing our reporting protocols and performance management arrangements. A separate report will be submitted to the next Audit Committee advising Members of where the outcomes of audits are reported and how the performance of the delivery of the 2008/9 IA Plan is to be measured, monitored and reported. Conclusion
27. The 2008/09 audit plan detailed at Appendix 2 has been drafted to reflect the necessary balance of providing adequate assurance to the existing County Council and to assist the Council as it moves to its unitary status in April 2009/10.
Recommendation
28. It is recommended that the draft plan for 2008/09 set out at Appendix 2 be approved.
Background Papers - Audit Files & Working Papers
| Contact: Avril Wallage, Audit Manager Tel: 0191 3833609 |
| Local Government Reorganisation (Does the decision impact upon a future Unitary Council?) No Finance There are no direct financial implications arising for the Council as a result of this report, although we aim through our audit planning arrangements to review core systems in operation and ensure through our broad programme of work that the Council has made safe and efficient arrangements for the proper administration of its financial affairs. Staffing None Equality and Diversity None None Crime and disorder None Sustainability None Human rights None Localities and Rurality None Young people None Consultation None Health None Appendix 2: Internal Audit Operational Plan 2008/9 Auditable Area | Key Contact | Planned Audit Days | Outline Scope | |
| Key Financial Information Systems | | | | |
| General Ledger | | 50 | Bank Reconciliation Budgetary Control Oracle Configuration Financial Reporting | |
| Procure to Pay (Creditors) | | 60 | System Review Data Quality Review Compliance with controls for large payments | |
| Customer to Cash (Income & Debtors) | | 20 | System Review | |
| Capital Accounting | | 10 | System Review | |
| Payroll | | 47 | System Review Data Quality Review Review of access levels BACS system review | |
| Treasury Management | | 30 | Compliance with CIPFA Code of Practice. Investment of Surplus Cash balances Long term borrowing | |
| Pension Fund | | 30 | Governance & Strategy Pension Administration (processes and systems) Investments | |
| High Risk Core Audits | | | | |
| National Fraud Initiative( NFI) | Audit Commission | 25 | Participation in National scheme to identify and prevent fraud through data comparison | |
| Partnership Arrangements | | 10 | Continuation of work begun in 2007/8 to ensure effective management of major partnerships | |
| BSF | | 10 | Assist management in the delivery of this major project | |
| Local Area Agreement (LAA) | | 20 | Provide assurance that this grant funding is effectively managed to ensure VFM | |
| Waste Management Contract | | 10 | Provide assurance on compliance with the terms of this major contract. | |
| Corporate Governance | | 160 | Provide the necessary assurance to fulfil statutory requirements | |
| Risk Management | | 20 | Review effectiveness of risk review process and registers | |
| Fraud & Irregularity | | 115 | Contingency provision to be used as and when required | |
| LGR | | 300 | Earmarked resource to assist management in the Councils transitional programme | |
| Other High Risk Audit Areas | | | | |
| Internet security | | 7 | Compliance with Key Controls | |
| R.I.P.A | | 10 | Compliance with Statutory Requirements | |
| Caldicott | | 12 | Compliance with statutory requirements within CYPS and Adults & Community | |
| Information Security | | 10 | Review of systems & processes to ensure compliance with Statutory requirements and key controls | |
| IT Disaster Contingency Planning | | 5 | Compliance with Key Controls | |
| IT Strategy | | 10 | Review of effectiveness | |
| Contract Services | | | | |
| Schools | | 500 | External assessment of FMSIS plus routine audit (125 Schools) | |
| Other Chargeable Days to Fulfil Professional Standards | | | | |
| Completion of 2007/8 Audits | | 20 | Contingency provision to ensure successful completion of any work in progress at the end of 2007/8 | |
| Follow Up | | 25 | Reminders for outstanding reports and review of agreed critical and high risk recommendations to ensure improved control expected has been implemented | |
| Advice & Guidance | | 180 | Provision to cover managers service expectations, audit resource planning and ad-hoc internal control issues arising during the year | |
| Contingency | | 20 | Provision to allow flexibility to consider new areas of service or increased risk | |
| Customer Surveys | | 5 | Follow-up and review of post audit questionnaires to ensure effect performance management | |
| LGR | | 27 | Resource required to delivery LGR IA,RM & Governance Work Programme with Districts | |
Attachments
Internal Audit Plan 2008-9 Report to Audit Ctte 13 3.08.pdf