Meeting documents
Audit Committee (DCC)
Friday 6 March 2009
Meeting: Audit Committee (County Hall, Durham - Committee Room 1a - 06/03/2009 09:00:00 AM)
Item: A5 Provisional Internal Audit Plan 2009/10
| Report of the Head of Internal Audit and Risk Management |
Purpose of the Report
1. This report provides a summary of the proposed provisional Internal Audit Plan for 2009/10. The report advises Members of the estimated resource available for Internal Audit and seeks approval to the content of the audit plan for the financial year 2009/10.
2. The report also assists the Council in its statutory responsibility to ensure the proper administration of its financial affairs.
Statutory Background to Internal Audit
3. The Accounts and Audit (Amended) (England) Regulations 2006 place a requirement upon every local authority to maintain an adequate and effective internal audit of their affairs.
4. The Director of Resources, as the Council’s Chief Financial Officer, has a duty under S151 of the Local Government Act 1972 to maintain an appropriate framework of control over the Council’s financial affairs. Part of the process by which the S151 officer meets that requirement is through assurances provided by Internal Audit.
5. The Council is also required to publish, as part of its Annual Statement of Accounts, an Annual Governance Statement (AGS). This statement will provide an overall assessment of the Council’s Corporate Governance arrangements and an appraisal of the key controls in place to manage the Council’s principal governance risks. In preparation of this requirement a Code of Corporate Governance has been prepared, which is consistent with the principles of the CIPFA/SOLACE Framework, “Delivering Good Governance”, for approval by the Council.
6. The AGS will explain how the Council has complied with the Code and will also provide details of where improvements need to be made to meet the requirements of regulation 4(2) of the Accounts and Audit (Amended) (England) Regulations 2006 in relation to the publication of its Statement on Internal Control. One element in this assurance gathering process is the plan of audits carried out by Internal Audit.
Role of Internal Audit
7. Internal Audit is an assurance function that provides an independent and objective opinion to the Council on governance, control, and risk management by evaluating their effectiveness in achieving the Council’s objectives. It objectively examines and evaluates and reports on the adequacy of the control environment as a contribution to the proper, economic, efficient and effective use of resources.
8. The agreed aims and terms of reference for Internal Audit are included in the Internal Audit Charter. The Charter identifies the service standards our customers can expect, how the areas to be reviewed are determined, our audit approach and how we agree and report upon recommendations. This Charter is currently being revised and will be reported to the Committee for approval when finalised.
Relationship with External Audit
9. Although internal and external audit have different roles and responsibilities there are areas of overlap in the work they are required to undertake. Under the Audit Commission’s Code of Audit Practice for external audit and the requirements of the International Standards on Auditing, external audit is required to place reliance on the work of Internal Audit where possible to support its conclusions. It is therefore imperative that the work of internal and external audit is co-ordinated through close co-operation. The existing protocol between internal and external audit will ensure the optimum use of both resource during 2009/10.
10. In utilising this approach, the External Auditor will consider the extent to which reliance can be placed upon the work undertaken by Internal Audit and will therefore be able to determine the extent to which additional external system testing is required.
Responsibilities of Management
11. Internal Audit is a review and assurance activity and should not be seen as a substitute for introducing and maintaining good internal procedures. Service managers are responsible for establishing and maintaining a proper and effective control environment and for managing risk. Control is an integral part of managing operations and as such Internal Audit independently reviews how effectively management discharges this aspect of its responsibilities by evaluating the effectiveness of systems of internal control and providing objective analysis and constructive recommendations. Management retain full ownership and responsibility for the implementation of any such recommendations.
Resources Available in 2009/10
12. In estimating the overall resource available to Internal Audit for 2009/10 it has been assumed that all Internal Audit staff, who are currently in post within the County Council and the District Councils, will remain in their current posts for the full financial year. The total number of FTEs currently in post is 34.2. This is lower than the current combined establishment as all Councils are carrying a number of vacancies. No provision has been made in the plan for vacancies at this time as it is known that the current combined audit resource will need to be reduced to achieve the expected savings in the LGR bid.
13. When the structure of the new Internal Audit and Risk Management Division is agreed, it will be necessary to review the resource available for the year and to make adjustments to the audit plan where necessary.
14. Estimated Internal Audit resources for 2009/10 are summarised as follows:
 | Total Days | Percentage |
| Gross Days Available | 8,919 | 100% |
| Less overheads: - Uncontrollable, e.g. annual leave, bank holidays, sickness, maternity and - Controllable, e.g. planning, management, service development, training | 1,578 1,922 | |
| Productive Days Available | 5,419 | 61% |
| Less chargeable days for external organisations: SLA Police SLA Fire Town Councils Parish Councils | 185 68 45 4 | |
| Productive Days Available to County Council | 5,117 | 57% |
Development of Plan
15. The Internal Audit plan for 2009/10 has been drafted, in consultation with the Audit Managers from all of the current District Councils, using the following approach;
· Ensuring that all core audit areas are included within the plan as these are essential in ensuring that adequate assurance can be given in relation to the key financial and non financial systems
· Including other high risk audit areas from the audit universe based upon historical risk data
· Including any high risk reviews from the risk registers which are not already included from the two items above
· Accounting for the resources required to deliver the existing service level agreements
16. Consequently, unlike previous years, due to the County Council structures not being fully developed, Chief Officers have not been consulted prior to the development of the Internal Audit Plan. However, it is planned to meet with all Directorates once key staff are in post to discuss this provisional plan and the specific audits included in their service areas. Any priorities due to risk or timing issues can then be established to help us programme the plan more effectively over the year. These discussions will also allow consideration of any areas of risk or concern that management may have and would like Internal Audit to review. Given the current extent of change across the Council and the development of new processes and procedures required to manage this change, it is anticipated that a number of new areas will be added to the plan arising from these discussions and provision has therefore been made in the plan to accommodate this.
17. It is acknowledged that this approach does not reflect a full risk based assessment of audit need. Ideally all potential audit areas identified in the audit universe would be risked assessed and the resources required to deliver those audits which are included in the plan would be developed based upon the results of this risk assessment. Whilst much work has already been carried out to revise the audit universe as a result of LGR, a considerable amount of work is still required to gather sufficient data to be able to carry out a comprehensive review of the risk associated with each entity in the audit universe. Some data will not yet be available as new services are yet to be established. Provision has therefore been included in the 2009/10 plan to undertake this risk assessment. This investment of audit resources in this way will allow future years’ audit plans to be driven by a full risk based audit needs assessment.
Variations to the Provisional Audit Plan
18. As the Internal Audit Plan for 2009/10 has been developed at a time of uncertainty, in terms of both the audit resources available and the audit risk assessment, the plan, presented for approval at Appendix 2, is a provisional one and will evolve and develop as these uncertainties are reduced or removed. Consequently, it is envisaged that numerous changes to this provisional plan will be necessary during the year. An assessment of risk, based on the best information available at the time, will be made each time variations are proposed and all resultant revisions to the plan will be reported to this Committee for information in the quarterly update report.
TO VIEW APPENDIX 2 PLEASE REFER TO PDF ATTACHMENT OR ALTERNATIVELY REFER TO HARD COPIES HELD IN CORPORATE SERVICES
19. Subsequent quarterly reports to this Committee on the delivery of the plan will be based upon the agreed Revised Audit Plan.
Reporting Protocols and Performance Management Arrangements
20. We are currently reviewing our reporting protocols and performance management arrangements as part of the review of the Internal Audit Charter referred to above. This will clarify how and where the outcomes of audits are reported and how the performance of the delivery of the 2009/10 Internal Audit Plan is to be measured, monitored and reported. Recommendation
21. It is recommended that the draft provisional Internal Audit plan for 2009/10, set out in Appendix 2, be approved.
Background Papers - Audit Files & Working Papers
| Contact: Paul Monaghan, Audit Manager Tel: 0191 3833609 |
Appendix 1: Implications
| Local Government Reorganisation (Does the decision impact upon a future Unitary Council?) No Finance There are no direct financial implications arising for the Council as a result of this report, although we aim through our audit planning arrangements to review core systems in operation and ensure through our broad programme of work that the Council has made safe and efficient arrangements for the proper administration of its financial affairs. Staffing The plan has been developed based on current staffing levels but will need to be revised as the internal Audit and Risk Management Division’s structure is progressed Equality and Diversity None None Sustainability None Human rights None Localities and Rurality None Young people None Consultation None Health None |
Attachments