Meeting: Audit Committee (County Hall, Durham - Committee Room 4 - 13/03/2008 09:30:00 AM)
Item: A4 Internal Audit Plan 2008/09
Report of the Head of Internal Audit and Risk Management |
1. This report provides a summary of the proposed 2008-09 Operational Internal Audit Plan. The report advises Members of the resource available for Internal Audit and seeks approval to the content of the audit plan for the financial year 2008/09.
2. The report also assists the Council in its statutory responsibility to ensure the proper administration of its financial affairs.
Statutory Background to Internal Audit (IA)
3. The Accounts and Audit (Amended) (England) Regulations 2006 place a requirement upon every local authority to maintain an adequate and effective IA of their affairs.
4. The County Treasurer as the Authority’s Chief Financial Officer has a duty under S151 of the Local Government Act 1972 to maintain an appropriate framework of control over the Authority’s financial affairs. Part of the process by which the S151 officer meets that requirement is through assurances provided by IA.
5. In addition, with effect from 2007/8, the Council is required to publish, as part of its Annual Statement of Accounts, an Annual Governance Statement (AGS). This statement will provide an overall assessment of the Council’s Corporate Governance arrangements and an appraisal of the key controls in place to manage the Council’s principal governance risks. In preparation of this requirement a Code of Corporate Governance has been prepared, which is consistent with the principles of the CIPFA/SOLACE Framework, “Delivering Good Governance”, for approval by the Council.
.
6. The AGS will explain how the Council has complied with the Code and will also provide details of where improvements need to be made to meet the requirements of regulation 4(2) of the Accounts and Audit (Amended) (England) Regulations 2006 in relation to the publication of its Statement on Internal Control. One element in this assurance gathering process is the plan of audits carried out by IA.
Role of Internal Audit
7. IA is an assurance function that provides an independent and objective opinion to the Authority on governance, control, and risk management by evaluating their effectiveness in achieving the authority’s objectives. It objectively examines and evaluates and reports on the adequacy of the control environment as a contribution to the proper, economic, efficient and effective use of resources.
8. The agreed aims and terms of reference for IA are included in the IA Charter agreed by Members on 10th December 2007. The Charter identifies the service standards our customers can expect, how we determine what areas we audit, our audit approach and how we agree and report upon recommendations.
Relationship with External Audit
9. Although internal and external audit have different roles and responsibilities there are areas of overlap in the work they are required to undertake. Under the Audit Commission’s Code of Audit Practice for external audit and the requirements of the International Standards on Auditing, external audit is required to place reliance on the work of IA where possible to support its conclusions. It is therefore imperative that the work of internal and external audit is co-ordinated through close co-operation. The existing protocol between internal and external audit has recently been reviewed to ensure the optimum use of both resource during 2008/9.
10. In utilising this approach, the External Auditor will consider the extent to which reliance can be placed upon the work undertaken by IA and will therefore be able to determine the extent to which additional external system testing is required.
11. The audit plan set out below reflects the resource needed to enable the present managed audit arrangements to continue.
Responsibilities of Management
12. IA is a review and assurance activity and should not be seen as a substitute for introducing and maintaining good internal procedures. Service managers are responsible for establishing and maintaining a proper and effective control environment and for managing risk. Control is an integral part of managing operations and as such IA independently review how effectively management discharges this aspect of its responsibilities by evaluating the effectiveness of systems of internal control and providing objective analysis and constructive recommendations. Management retain full ownership and responsibility for the implementation of any such recommendations.
Resources Available in 2008/09
13. The 2008/9 plan is based upon the agreed structure and resources available to IA, excluding:
· 4 vacant posts which have not been filled due to the transition to LGR
· Resources lost due to a temporary part time secondment of a member of staff to assist with risk management.
· Resources required to deliver the Service Level Agreements (SLAs) for IA services to the Police and Fire Authorities.
14. The plan reflects the existing SLA agreement with the Council’s schools to provide an external assessment of their compliance with the Financial Management Standards in Schools (FMSIS) as required by the Department for Children, Schools and Families (DCSF).
15. IA resources for 2008/9 are summarised as follows:
Productive Days Available | Days | Percentage |
Gross Days | 4692 | |
Less Vacancies | 1044 | |
Gross Days Available | 3648 | 100% |
Less Uncontrollable Overheads (e.g. annual leave, bank holidays) | 726 | |
Productive Days Available | 2922 | 80% |
Less Controllable Overheads (e.g planning, management, service development and training) | 661 | |
Gross Chargeable Days | 2261 | 62% |
Less Chargeable Days to none Council Audit Functions Treasurer to Police Authority SLA Police SLA Fire CPA Risk Management | 70 180 68 50 145 | |
Net Chargeable Days for Council Audits | 1818 | 50% |
Contact: Avril Wallage, Audit Manager Tel: 0191 3833609 |
Local Government Reorganisation (Does the decision impact upon a future Unitary Council?) No Finance There are no direct financial implications arising for the Council as a result of this report, although we aim through our audit planning arrangements to review core systems in operation and ensure through our broad programme of work that the Council has made safe and efficient arrangements for the proper administration of its financial affairs. Staffing None Equality and Diversity None None Crime and disorder None Sustainability None Human rights None Localities and Rurality None Young people None Consultation None Health None Appendix 2: Internal Audit Operational Plan 2008/9 Auditable Area | Key Contact | Planned Audit Days | Outline Scope | |
Key Financial Information Systems | ||||
General Ledger | 50 | Bank Reconciliation Budgetary Control Oracle Configuration Financial Reporting | ||
Procure to Pay (Creditors) | 60 | System Review Data Quality Review Compliance with controls for large payments | ||
Customer to Cash (Income & Debtors) | 20 | System Review | ||
Capital Accounting | 10 | System Review | ||
Payroll | 47 | System Review Data Quality Review Review of access levels BACS system review | ||
Treasury Management | 30 | Compliance with CIPFA Code of Practice. Investment of Surplus Cash balances Long term borrowing | ||
Pension Fund | 30 | Governance & Strategy Pension Administration (processes and systems) Investments | ||
High Risk Core Audits | ||||
National Fraud Initiative( NFI) | Audit Commission | 25 | Participation in National scheme to identify and prevent fraud through data comparison | |
Partnership Arrangements | 10 | Continuation of work begun in 2007/8 to ensure effective management of major partnerships | ||
BSF | 10 | Assist management in the delivery of this major project | ||
Local Area Agreement (LAA) | 20 | Provide assurance that this grant funding is effectively managed to ensure VFM | ||
Waste Management Contract | 10 | Provide assurance on compliance with the terms of this major contract. | ||
Corporate Governance | 160 | Provide the necessary assurance to fulfil statutory requirements | ||
Risk Management | 20 | Review effectiveness of risk review process and registers | ||
Fraud & Irregularity | 115 | Contingency provision to be used as and when required | ||
LGR | 300 | Earmarked resource to assist management in the Councils transitional programme | ||
Other High Risk Audit Areas | ||||
Internet security | 7 | Compliance with Key Controls | ||
R.I.P.A | 10 | Compliance with Statutory Requirements | ||
Caldicott | 12 | Compliance with statutory requirements within CYPS and Adults & Community | ||
Information Security | 10 | Review of systems & processes to ensure compliance with Statutory requirements and key controls | ||
IT Disaster Contingency Planning | 5 | Compliance with Key Controls | ||
IT Strategy | 10 | Review of effectiveness | ||
Contract Services | ||||
Schools | 500 | External assessment of FMSIS plus routine audit (125 Schools) | ||
Other Chargeable Days to Fulfil Professional Standards | ||||
Completion of 2007/8 Audits | 20 | Contingency provision to ensure successful completion of any work in progress at the end of 2007/8 | ||
Follow Up | 25 | Reminders for outstanding reports and review of agreed critical and high risk recommendations to ensure improved control expected has been implemented | ||
Advice & Guidance | 180 | Provision to cover managers service expectations, audit resource planning and ad-hoc internal control issues arising during the year | ||
Contingency | 20 | Provision to allow flexibility to consider new areas of service or increased risk | ||
Customer Surveys | 5 | Follow-up and review of post audit questionnaires to ensure effect performance management | ||
LGR | 27 | Resource required to delivery LGR IA,RM & Governance Work Programme with Districts |