Contact your Parish Council
MAIDSTONE BOROUGH COUNCIL
AUDIT COMMITTEE
19 SEPTEMBER 2011
REPORT OF HEAD OF AUDIT PARTNERSHIP
Report prepared by Brian Parsons
1. INTERNAL AUDIT STRATEGIC PLAN
1.1 Issue for Decision
1.1.1 To consider and approve the three-year Internal Audit strategic plan.
1.2 Recommendation of the Head of Audit Partnership
1.2.1 That the Audit Committee approve the three-year Internal Audit Plan shown at Appendix A
1.3 Reasons for Recommendation
Background
1.3.1 The four-way Internal Audit Partnership between Maidstone, Ashford, Swale and Tunbridge Wells has now been in place for almost 18 months (since 1 April 2010). The partnership is considered to be successful.
1.3.2 One of the business objectives of the partnership was to coordinate audit work, where possible, in order to achieve efficiencies. This has culminated in the creation of individual three-year strategic audit plans for each partner Council. Reports will be presented to each of the four respective Audit Committees this month, asking that the respective Plans are approved.
1.3.3 The Accounts and Audit Regulations 2011 place a statutory duty on the Council to undertake an adequate and effective internal audit of its accounting records and its system of internal control in accordance with the proper practices in relation to internal control. The proper practices are defined as being those which are set out in the Code of Practice for Internal Audit in Local Government in the UK published in 2006 by CIPFA.
1.3.4 The Code of Practice requires the Head of Internal Audit to prepare a risk-based plan to implement the audit strategy.
1.3.5 In preparing the plan the Head of Internal Audit is required to take account of the adequacy and outcomes of the organisations risk management, performance management and other assurance processes. Where the outputs from those processes are not judged to be sufficiently reliable, the Head of Internal Audit must undertake his own risk assessment. The Head of Internal Audit has to consult stakeholders on the draft plan and revise the plan if appropriate.
1.3.6 The plan needs to be flexible to be able to reflect the changing risks and priorities of the organisation.
1.3.7 Once the planned work has been determined, it has to be compared to resource availability. Where there is an imbalance between the two, the audit committee needs to be informed of proposed solutions. The audit committee must then approve, but not direct, the internal audit plan.
1.3.8 The Code states that the Head of Internal Audit is responsible for the delivery of the audit plan. Significant matters that jeopardise the delivery of the plan or require changes to the plan should be identified, addressed and reported to the audit committee.
Preparation of the Plan
1.3.9 The majority of the work of Internal Audit is identified in the three-year strategic audit plan which has been prepared to take full account of organisational objectives and priorities.
1.3.10 The strategic plan is prepared using a risk based approach to potential subjects for audit which are identified through a range of sources; the most important of which is through discussion with Heads of Service and Directors. A series of meetings took place earlier this year between the Audit Manager and Heads of Service to commence the audit planning process.
1.3.11 The plan gives specific consideration to:
· the arrangements for the prevention of fraud and corruption
· corporate governance
· compliance with legislation/changes in legislation
· compliance with codes of conduct
· compliance with constitutional rules (e.g. Financial Rules, Contract Rules)
· the national agenda, for example, shared services, transparency, localism and big society
· coordinating work, or at least as much as is practical, with the external auditors to ensure that best use is made of audit resources
1.3.12 The plan seeks to:
· provide sufficient coverage of the control environment to allow conclusions to be drawn on its effectiveness
· give adequate coverage to allow the external auditors to place reliance on the work of Internal Audit
· allow objective examination, evaluation and reporting on the adequacy of the control environment as a contribution to the proper, economic, efficient and effective use of resources.
The Plan
1.3.13 The draft strategic audit plan is set out at Appendix A.
1.3.14 The Plan shows the audit work that is planned for the years 2011/12, 2012/13 and 2013/14.
1.3.15 The Plan has been prepared on a risk basis. This has involved scoring each of the potential audit subjects in terms of materiality, inherent risk and control risk, taking into account changes to systems, revised management arrangements, past history and the views of Heads of Service.
1.3.16 The risk approach allows all potential audits to be ranked according to a scoring matrix and then a cut off point to be used to match the potential audits to the available auditor resources. In deciding which subjects appear above the line consideration also has to be given to the need to review areas of governance; these do not score particularly highly in the risk assessment because they have no direct financial cost but are nonetheless extremely important to the proper operation of the Council. In addition, in the final assessment of what is in and what is out, common sense and experience are applied.
1.3.17 Although it is not possible to audit all activities of the Council with the resources that are available, the areas that will not be audited are considered to have a lower level of risk.
1.3.18 The numbers shown in the various columns are the numbers of audit days which are anticipated to be necessary to complete the individual audit projects. In the majority of cases the allocation has been provisionally set at 15 days. This is a fairly typical allowance for completing a reasonably detailed audit and includes all of the elements of the audit process, from the creation of the initial Brief to the completion of the follow-up. The time allocation is used as planning guide, whereby the time allocation should not generally be exceeded and opportunities will be taken to complete the audit work more quickly where this is possible.
1.3.19 The actual time spent on the audit depends on the complexity of the subject, the scope of the work, the quality of the systems and documents that will be examined, the helpfulness of the staff that we need to work with and the issues that arise during the audit. In general terms it takes longer to audit a subject where poor controls are in place.
1.3.20 The available audit days is identified though a resource assessment. The total, annual productive/chargeable auditor days are 500. This is the number of days available to the Maidstone audit team to spend on the Audit Plan.
1.3.21 The chargeable day target for each auditor is set at 85% of available days. This provides a challenging but achievable target for the operational auditors and means that they must robustly focus their work on the projects that are allocated to them from the Internal Audit Plan. Each auditor is expected to complete twelve projects each year. The Audit Manager works closely with the auditors to ensure that productive time is maximised.
1.3.22 Not only is it important to ensure that output meets the target set in the Plan, it is also vital that the principal output, the audit report, is of good and consistent quality, produced on a timely basis and of value to the client. The achievement of the right balance of quantity and quality is a significant aspect of the work of the Audit Manager and ultimately the Head of Audit Partnership.
1.3.23 The resources available to Internal Audit consist of three full time operational auditors, supported operationally by an Audit Manager for two days of the week, and strategically by the Head of Audit Partnership.
1.3.24 The Plan is flexible in the sense that a new audit topic can be added in the future, subject to the deletion of one of the planned audits. It is anticipated that this will occur on a reasonably frequent basis over the period of the Plan.
1.3.25 The majority of the time of the Maidstone auditors will be spent on Maidstone audit projects; however they will also work on other partnership sites where it is efficient to do so. This will be reciprocated on a quid pro quo basis.
1.3.26 The Internal Audit Plan for Maidstone is sovereign. However, where possible it has been aligned with the Audit Plans for Swale, Ashford and Tunbridge Wells to facilitate the sharing of audit work programmes and to allow the movement of auditors between sites.
1.3.27 The existence of the audit partnership allows other shared services to be audited just once and for the results of the audit to be reported to each partner Council. For example, Maidstone shares a payroll system with Swale and this means that just one payroll audit will be carried out but with the outcomes reported to both Councils.
1.3.28 The plan starts by setting out the audit work that will be carried out in relation to the key financial systems; Benefits, Council Tax, NNDR, General Ledger, Creditor Payments, Debts Receivable and Payroll. The financial materiality of these systems and the expectations of the external auditors dictate that these systems are reviewed annually.
1.3.29 The plan goes on to set out the other service areas that will be subject to an internal audit; some of which have little or no financial risk but are subject to regulatory, legal, technological or reputation risk.
1.3.30 The frequency of audit is based on the risks identified but also on the judgment of the Head of Audit. The financial systems are reviewed annually whereas some other areas are reviewed only once in three years.
1.3.31 The planned audit projects shown for 2011/12 to 2013/14 are achievable with the existing level of audit resources.
1.4 Alternative Action and why not Recommended
1.4.1 There is a requirement under the Code of Practice that the Head of Internal Audit should prepare a risk-based plan to implement the audit strategy. There are no alternative options. The resources available to Internal Audit are a matter for decision by Corporate Management Team and Members, subject to the statutory requirement to undertake an adequate and effective internal audit of its accounting records and its system of internal control in accordance with the proper practices in relation to internal control.
1.5 Impact on Corporate Objectives
1.5.1 The Internal Audit plan has been prepared to take account of the corporate plan priorities, together with the systems in place to deliver the priorities and to manage the risks to their delivery.
1.6 Risk Management
1.6.1 The Internal Audit Plan sets out a series of projects to examine the adequacy of the controls that the Council has put in place to manage a very broad range of risks to the delivery of strategic and operational objectives.
1.7 Other Implications
1.7.1
|
1. Financial
|
X
|
|
2. Staffing
|
X
|
|
3. Legal
|
X
|
|
4. Equality Impact Needs Assessment
|
|
|
5. Environmental/Sustainable Development
|
|
|
6. Community Safety
|
|
|
7. Human Rights Act
|
|
|
8. Procurement
|
|
|
9. Asset Management
|
|
1.7.2 The Internal Audit Plan covers a broad range of subjects but inevitably contains a strong emphasis on financial systems.
1.7.3 The work of Internal Audit involves the Councils staff and management.
1.7.4 The Accounts and Audit Regulations 2011 place a statutory duty on the Council to undertake an adequate and effective internal audit of its accounting records and its system of internal control in accordance with the proper practices in relation to internal control.
1.8 Relevant Documents
1.8.1 Appendices: Appendix A Strategic Internal Audit Plan 2011/14.
1.8.2 Background Documents: None.
|
IS THIS A KEY DECISION REPORT?
Yes No
If yes, when did it first appear in the Forward Plan?
..
This is a Key Decision because: ..
.
Wards/Parishes affected: ..
..
|
||||||||||||
