Contact your Parish Council
MAIDSTONE BOROUGH COUNCIL
AUDIT COMMITTEE
3 MARCH 2008
REPORT OF HEAD OF INTERNAL AUDIT & RISK STRATEGY
Report prepared by Brian Parsons
1. INTERNAL AUDIT STRATEGIC PLAN
1.1 Issue for Decision
1.1.1 To consider and endorse the Internal Audit Strategic Plan.
1.2 Recommendation of the Head of Internal Audit and Risk Strategy
1.2.1 That the Audit Committee notes the content of the Internal Audit Strategic Plan for 2007/08 and endorses the Plan for 2008/09 and 2009/10.
1.3 Reasons for Recommendation
1.3.1 Members approved a revised audit strategy in June 2007. A risk-based audit plan has since been prepared by the Head of Internal Audit, designed to implement the audit strategy
The Audit Planning Process
1.3.2 The majority of the work of Internal Audit is identified in the Three-Year Strategic Audit Plan which takes full account of organisational objectives and priorities.
1.3.3 The Strategic Plan is prepared using a risk based approach which is applied to potential subject areas identified from:
· The Council’s Strategic Plan
· The systems that exist to deliver the Strategic Plan and the Council’s key objectives
· The Strategic Risk Register
· The Council’s fundamental financial systems
· The Corporate Revenue and Capital Budget Book
· The Budget Strategy
· Consultation with management, most particularly the Chief Finance Officer and Heads of Service
1.3.5 The Plan gives specific consideration to:
· the arrangements for the prevention of fraud and corruption
· corporate governance
· compliance with legislation/changes in legislation
· compliance with codes of conduct
· compliance with constitutional rules (e.g. Financial Rules, Contract Rules)
· The ‘national agenda’ for example strategic partnerships, shared services working.
· coordinating work, or at least as much as practical, with the external auditors in order to ensure that best use is made of audit resources
1.3.6 The Plan seeks to:
· provide sufficient coverage of the control environment to allow conclusions to be drawn on its effectiveness
· Allow objective examination, evaluation and reporting on the adequacy of the control environment as a contribution to the proper, economic, efficient and effective use of resources
· give adequate coverage to allow the external auditors to place reliance on the work of Internal Audit and thereby make savings to the external audit fee where possible
1.3.7 In developing the individual audit assignments further consideration is given to:
· Performance Management (including BVPI’s and Reach the Summit)
· Operational Risk Registers
· The ‘key change events’ list
· The CIPFA Computer Audit guidelines
· The ‘new ways of working’ agenda, including Business Transformation
1.3.8 Increasing use is made of the Council’s risk management process to plan internal audit work as risk management becomes more embedded within the organisation and the Council becomes increasingly mature in its approach to risk.
1.3.9 The Strategic Audit Plan forms the basis of the work of the Internal Audit service over the three-year period. The delivery of the Plan provides the means to address significant local and national issues and risks, through the provision of Internal Audit reports to management which identify control weaknesses and make recommendations for control improvements.
The Strategic Plan
1.3.10 The Strategic Audit Plan covering the period 2007/08 to 2009/10 is shown at Appendix A. The Plan benefits from periodic endorsement by Members in order that Members remain aware of the overall content and scope of audit work. Members are therefore asked to note the content of the current years plan and endorse the plan for the two coming financial years.
1.3.11 The Plan is based on the ‘annual audit resource’ being 714 days in 2007/08 which reduces to 675 days from 2008/09 as the result of reductions in the Internal Audit budget. The reduction in the overall budget has been financed by deleting the budget for ‘contract auditors’, which has been used in the past to ‘buy-in’ specialist auditors; this has included ‘computer auditors’. It is considered that the current team is capable of carrying out this work. In addition, as this is a real reduction in the level of available auditor resource, productivity improvements of 6% will be required to compensate for the reduction.
1.3.12 The annual audit resource is the number of operational auditor days available to the service every year after taking account of annual leave, sickness, training days, etc.
1.3.13 The standard allocation to each audit topic is 15 days; however this will be reconsidered and may be amended at a later stage when the detailed working Brief is created.
1.3.14 The Plan allows for a number of days as being available as a contingency so that any work that cannot be planned at this stage, such as investigations or new audit topics can be addressed without making radical changes to the previously agreed plan. It is vital that a contingency is maintained in order to allow sufficient time for investigations which inevitably occur even in a well managed organization. Additionally, some of the audit projects may, for good reasons, require that more time has to be spent on a project than was anticipated. The contingency provides for this.
1.3.15 The contingency is small for the current financial year (as audit time has been allocated during the year) but is inevitably larger for subsequent years. This means that although the majority of work is planned some time in advance, there remains an opportunity to react to matters that arise. This is considered to be good practice in terms of Internal Audit planning as it creates the necessary flexibility for an ongoing risk based approach; allowing resources to be directed to new or changed risk areas. For example, some audit resource has been spent reviewing the potential impact of new working practices connected to the new offices arrangements during 2007/08. It is anticipated that this will be even more of an issue for audit attention during 2008/09. Prior to the commencement of each financial year, the audit work is firmed-up into an operational (working) plan, which allocates resources more specifically.
1.3.16 The topics which appear in the Strategic Plan have been subject to a vigorous risk assessment process which has considered (as numerical elements) the following risk factors:
· Monetary value of area concerned
· Whether the area has already been identified as a strategic risk and appears in the Strategic Risk Register
· Whether the area concerned is a corporate priority
· Whether there is a possibility of significant loss through fraud, theft, error or mismanagement
· The adequacy of internal control – based on previous audit work
· Length of time since the last audit
· The public profile of the subject – i.e. the reputational risk to the Authority
· Whether the area is a Fundamental Financial System
· Whether significant changes have been made in the area concerned, i.e. a change of manager or system
· Concerns raised by the client manager
The topic areas that did not score sufficiently in terms of their risk values have not been included in the Plan.
Consultation
1.3.17 The content of the Plan has been subject to discussion with the Chief Finance Officer and has been provided to all Heads of Service for comment. In addition the Plan has been discussed by the Corporate Governance Group, comprising the Chief Executive, the Head of Corporate Law (and Monitoring Officer), the Director of Change and Support Services, the Chief Finance Officer and the Head of Internal Audit and Risk Strategy. The Plan has also been discussed at a meeting of the Heads of Service group.
1.3.18 At this stage the plan only shows the audit subject title; a detailed individual Audit Brief for each audit will be worked up prior to the work commencing. The Audit Brief will set out the objectives and scope of the audit. The content of each audit project is subject to discussion and agreement with the respective Head of Service.
Reporting
1.3.19 The Audit Committee is responsible for considering reports dealing with the management and performance of Internal Audit Services, including consideration and endorsement of the three-year Strategic Internal Audit Plan. The Cabinet has responsibility for the overall control environment. This report was therefore also reported to Cabinet on 13 February 2008 for endorsement.
1.4 Alternative Action and why not Recommended
In order to ensure that audit resources are used to best effect, audit work needs to be planned. Audit planning needs to take full account of the Council’s objectives and priorities and the risks to their achievement at both a strategic and operational level. Members need to be aware of the work of Internal Audit and of the assurance that Internal Audit provides to the Authority. The endorsement of the audit plan is an essential means of affirming the work of the service. Therefore, no alternative action could be recommended.
1.5 Impact on Corporate Objectives
1.5.1 The Internal Audit service contributes towards the Strategic Plan, the annual Best Value Performance Plan and the Community Strategy through its role as an independent and objective appraisal and consulting function, which provides the means to evaluate the adequacy of the controls that management has put in place to achieve their objectives for service delivery.
1.5.2 The role of Internal Audit can be seen to underpin aspects of the Strategic Plan, the Best Value Performance Plan and the Community Strategy by reviewing and reporting on the processes by which corporate objectives are delivered to the public (and other stakeholders), as an aid to management.
1.6 Risk Management
1.6.1 The principal risk to the Audit Plan is that the Plan does not identify all of the key risks to the Council. However, the extensive process behind the compilation of the plan makes this unlikely. Furthermore, if any new risks arise during the currency of the Plan, there is sufficient flexibility available to the Head of Internal Audit to adjust the plan of work accordingly.
1.7 Other Implications
1.7.1
|
1. Financial
|
X
|
|
2. Staffing
|
X
|
|
3. Legal
|
X
|
|
4. Social Inclusion
|
|
|
5. Environmental/Sustainable Development
|
|
|
6. Community Safety
|
|
|
7. Human Rights Act
|
|
|
8. Procurement
|
|
1.7.2 The work of Internal Audit includes the examination of all aspects of internal control but inevitably contains a strong emphasis on reviewing the adequacy of financial controls.
1.7.3 Each audit involves the participation of the staff that have responsibility for the various systems and processes that are being audited. The results of Internal Audit work are likely to lead to changes in the procedures operated by those staff.
1.7.4 Internal audit is a statutory requirement under the Accounts and Audit Regulations 2003 (as amended in 2006) which state that “A relevant body shall maintain an adequate and effective system of internal audit of its accounting records and its system of internal control in accordance with the proper practices in relation to internal control.” The guidance on the Regulations make it clear that the proper practices may be found in the Code of practice for internal audit in local government in the United Kingdom, issued by CIPFA.
1.8 Background Documents
1.8.1 The documents shown in 1.3.3 above and various spreadsheets used during the audit plan’s preparation.
|
NO REPORT WILL BE ACCEPTED WITHOUT THIS BOX BEING COMPLETED
Is this a Key Decision? Yes No
If yes, when did it appear in the Forward Plan? _______________________
X
Reason for Urgency
[State why the decision is urgent and cannot wait until the next issue of the forward plan.]
|
|
APPENDIX A: Strategic Audit Plan |
||||||||
|
Head of Service |
Audit Title |
Annual Allocation |
|
|||||
|
2007/08 |
2008/09 |
2009/10 |
|
|||||
|
Chief Executive |
|
|||||||
|
Chief Finance Officer |
|
|||||||
|
General Ledger |
✓ |
✓ |
✓ |
|
||||
|
Creditors |
✓ |
✓ |
✓ |
|
||||
|
Debtors |
✓ |
✓ |
✓ |
|
||||
|
Treasury Management |
✓ |
- |
✓ |
|
||||
|
Devolved Budgets |
✓ |
- |
- |
|
||||
|
Devolved Receipting |
✓ |
- |
- |
|
||||
|
Control of Capital Programme |
- |
✓ |
- |
|
||||
|
Control of Capital Contract |
- |
- |
✓ |
|
||||
|
Cash Collection & Banking |
- |
✓ |
- |
|
||||
|
Financial Rules (Compliance) |
- |
- |
✓ |
|
||||
|
Budgetary Control |
- |
- |
✓ |
|
||||
|
Concurrent Functions |
✓ |
- |
- |
|
||||
|
VAT Management |
- |
- |
✓ |
|
||||
|
Insurance |
- |
- |
✓ |
|
||||
|
Cash Collections |
- |
✓ |
- |
|
||||
|
Value for Money |
- |
✓ |
- |
|
||||
|
Grants to Outside Bodies |
- |
✓ |
- |
|
||||
|
Local Code of Corporate Governance |
- |
✓ |
- |
|
||||
|
Head of Communications |
|
|||||||
|
Press & Public Relations (& comms) |
- |
- |
✓ |
|
||||
|
Head of Internal Audit & Risk Strategy |
|
|||||||
|
Anti-Fraud & Corruption |
✓ |
✓ |
✓ |
|
||||
|
Risk Management |
- |
- |
✓ |
|
||||
|
Investigation |
✓ |
- |
- |
|
||||
|
||||||||
|
Head of Service |
Audit Title |
Annual Allocation |
|
|||||
|
2007/08 |
2008/09 |
2009/10 |
|
|||||
|
Deputy Chief Executive |
|
|||||||
|
Emergency Planning |
✓ |
- |
- |
|
||||
|
Assist. Dir. Of Development & Community Services |
|
|||||||
|
Sports, Play & Youth Development |
✓ |
- |
✓ |
|
||||
|
Climate Change Plan |
✓ |
- |
- |
|
||||
|
Community Safety |
✓ |
- |
- |
|
||||
|
Arts Development |
- |
- |
✓ |
|
||||
|
Licensing |
- |
✓ |
- |
|
||||
|
Community Strategy |
- |
- |
✓ |
|
||||
|
CCTV |
- |
✓ |
- |
|
||||
|
Corporate Equality Plan |
- |
- |
✓ |
|
||||
|
Growth Point Status |
- |
✓ |
- |
|
||||
|
Museum & Heritage Manager |
|
|||||||
|
Maidstone Museum |
✓ |
- |
✓ |
|
||||
|
Theatre & Events Manager |
|
|||||||
|
Hazlitt Arts Centre |
- |
✓ |
- |
|
||||
|
||||||||
|
||||||||
|
Head of Service |
Audit Title |
Annual Allocation |
|
|||||
|
2007/08 |
2008/09 |
2009/10 |
|
|||||
|
Director of Change & Support Services |
|
|||||||
|
BVPI Data Quality Review |
✓ |
- |
- |
|
||||
|
Partnerships (Inc. Shared Services) |
✓ |
- |
- |
|
||||
|
Community Leadership Partnerships |
- |
- |
✓ |
|
||||
|
Assist. Dir. Of Customer Services |
|
|||||||
|
Asset Management |
✓ |
- |
✓ |
|
||||
|
Benefits: Financial Controls |
✓ |
✓ |
✓ |
|
||||
|
Benefits: Service Review |
✓ |
✓ |
✓ |
|
||||
|
Council Tax |
✓ |
✓ |
✓ |
|
||||
|
NNDR |
✓ |
✓ |
✓ |
|
||||
|
DIP: Programme Management |
✓ |
- |
- |
|
||||
|
Maidstone Housing Trust - Arrangements |
✓ |
- |
- |
|
||||
|
KPR Payment Machine |
✓ |
- |
- |
|
||||
|
Renovation Grants |
✓ |
- |
- |
|
||||
|
Concessionary Fares |
- |
✓ |
- |
|
||||
|
Housing Association Activity |
- |
- |
✓ |
|
||||
|
Affordable Housing |
✓ |
- |
- |
|
||||
|
Corporate Complaints System |
✓ |
- |
- |
|
||||
|
Homeless Persons |
- |
✓ |
- |
|
||||
|
IT: Physical & Environmental Controls |
- |
✓ |
- |
|
||||
|
IT: Website Mgt. (Inc. Content Mgt.) |
- |
✓ |
- |
|
||||
|
IT: Internet Controls |
- |
✓ |
- |
|
||||
|
IT: Disaster Recovery |
✓ |
- |
- |
|
||||
|
IT: Change Controls |
✓ |
- |
- |
|
||||
|
IT: Network Controls |
✓ |
- |
- |
|
||||
|
Head of Human Resources |
|
|||||||
|
Payroll |
✓ |
✓ |
✓ |
|
||||
|
Payroll System (Procurement & Imp.) |
✓ |
- |
- |
|
||||
|
Workforce Planning - Talent Management |
- |
- |
✓ |
|
||||
|
Training |
- |
✓ |
- |
|
||||
|
Recruitment |
- |
✓ |
- |
|
||||
|
Staff Code of Conduct (Compliance) |
✓ |
- |
- |
|
||||
|
Performance Management Framework |
- |
✓ |
- |
|
||||
|
Performance Indicators - BVPI Validation |
- |
✓ |
✓ |
|
||||
|
Data Quality |
- |
- |
✓ |
|
||||
|
Head of Corporate Law & Legal Services |
|
|||||||
|
Legal Services |
✓ |
- |
- |
|
||||
|
Freedom of Information |
✓ |
- |
- |
|
||||
|
Data Protection |
- |
- |
✓ |
|
||||
|
Head of Business Improvement |
|
|||||||
|
Procurement |
✓ |
- |
- |
|
||||
|
Business Transformation Programme |
- |
✓ |
- |
|
||||
|
Property Mgt. Income (Inc. Parkwood) |
- |
✓ |
- |
|
||||
|
Project Management |
✓ |
- |
- |
|
||||
|
Contract Rules (Compliance) |
- |
✓ |
- |
|
||||
|
||||||||
|
||||||||
|
Head of Service |
Audit Title |
Annual Allocation |
|
|||||
|
2007/08 |
2008/09 |
2009/10 |
|
|||||
|
Director of Operations |
|
|||||||
|
Assist. Dir. Of Regulatory & Environmental Services |
|
|||||||
|
Car Parking Income |
✓ |
✓ |
✓ |
|
||||
|
Car Parking Enforcement |
- |
✓ |
- |
|
||||
|
Cemetery |
✓ |
- |
- |
|
||||
|
Fixed Penalty Notices |
✓ |
- |
- |
|
||||
|
Park & Ride |
✓ |
- |
- |
|
||||
|
Section 106 Agreements |
- |
✓ |
- |
|
||||
|
Development Control Enforcement |
- |
✓ |
- |
|
||||
|
Street Cleaning |
✓ |
- |
- |
|
||||
|
Food Safety |
✓ |
- |
- |
|
||||
|
Grounds Maintenance |
- |
- |
✓ |
|
||||
|
Residents Parking |
- |
- |
✓ |
|
||||
|
Market |
- |
✓ |
- |
|
||||
|
Building Control Fees |
✓ |
- |
- |
|
||||
|
Building Control Operations |
- |
- |
✓ |
|
||||
|
Crematorium |
- |
✓ |
- |
|
||||
|
Health & Safety |
- |
- |
✓ |
|
||||
|
Pollution Control |
- |
- |
✓ |
|
||||
|
Gypsy Sites |
- |
✓ |
- |
|
||||
|
Cobtree Golf Course |
- |
✓ |
- |
|
||||
|
Development Control Manager |
|
|||||||
|
Development Control Fees |
✓ |
- |
- |
|
||||
|
Planning Code of Conduct (Compliance) |
- |
✓ |
- |
|
||||
|
Democratic Services Manager |
|
|||||||
|
Members Allowances |
✓ |
- |
- |
|
||||