1. Home
  2. Council and Democracy
  3. Contact your Parish Council

Contact your Parish Council

Internal Audit Operational Plan 2014/15

 

MAIDSTONE BOROUGH COUNCIL

 

Audit Committee

 

Monday 24 March 2014

 

REPORT OF HEAD OF AUDIT PARTNERSHIP

 

Report prepared by Russell Heppleston 

 

 

1.           Internal Audit Operational Plan 2014/15

 

1.1        Issue for Decision

 

1.1.1   The report sets out the one-year Internal Audit Operational Plan for 2014/15 and asks that the Audit Committee review and approve the Plan.

 

1.2        Recommendation of the Head of Audit Partnership

 

1.2.1   That the Audit Committee review and approved the attached Internal Audit Operational Plan for 2014/15. 

 

 

1.3        Reasons for Recommendation

 

1.3.1   The purpose of the report is to meet the requirements of the Public Sector Internal Audit Standards in relation to audit planning; and to help to discharge the Section 151 officer’s responsibility for financial control; and to inform Management/Members of the planned audit work to be undertaken in 2014/15.

 

1.3.2   The Accounts and Audit Regulations 2011 place a statutory duty on the Council to ‘undertake an adequate and effective internal audit of its accounting records and its system of internal control in accordance with the proper practices in relation to internal control’. The ‘proper practices’ for internal audit are defined as being those which are set out in the Public Sector Internal Audit Standards, which were set out for local government by CIPFA in collaboration with the Chartered Institute of Internal Auditors.

 

1.3.3    The Plan has been prepared in accordance with the standards set out within the PSIAS and has included the following;

 

·               Desktop review of strategic documents and plans

·               Interviews with senior officers

·               Creation and risk assessment of the ‘audit universe’

 

1.3.4   The Standards require the Head of Internal Audit to establish risk based plans to determine the priorities of the internal audit activity, consistent with the organisations goals (PSIAS 2010 & 2010 A.1).

 

1.3.5   The Head of Internal Audit is required to review and adjust the plan, as necessary, in response to changes in the organisation’s business, risks, operations, programs, systems and controls.

 

1.3.6   The Standards state that the Head of Internal Audit must communicate the internal audit plans to senior management and ‘the board’ (the Audit and Committee) for review and approval.

 

 

Preparation of the operational plan

 

1.3.7   The plan gives specific consideration to:

 

·                           the arrangements for the prevention of fraud and corruption

·                           corporate governance

·                           compliance with legislation/changes in legislation

·                           compliance with codes of conduct

·                           compliance with constitutional rules (e.g. Financial Rules, Contract Rules)

·                           the ‘national agenda’

·                           coordinating work, or at least as much as practical/appropriate, with the external auditors to ensure that best use is made of audit resources, and:

·                           Coordinating work, where appropriate and efficient to do so, with the work carried out by Mid Kent Audit for its three other local authority clients.

 

1.3.8   The plan seeks to:

 

·        provide sufficient coverage of the control environment to allow conclusions to be drawn on its effectiveness and to allow the Head of Audit Partnership to deliver an annual internal audit opinion and report that can be used by the Council to inform its governance statement. The annual internal audit opinion will conclude on the overall adequacy and effectiveness of the Council’s framework of governance, risk management and control.

 

·        give adequate coverage to provide controls assurance to the external auditors

 

·        add value and improve the Council’s operations

 

·        help the Council to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes  

 

The Plan

 

1.3.9   The plan (Appendix 1) shows the projected internal audit work for 2014/15 and incorporates provisional time allocations. Appendix 2 provides the Committee with an overall summary of the joint MKIP service area reviews being delivered by the audit partnership.

 

1.3.10                The approach to planning has been standardised across the four partnership sites.

 

1.3.11                The Maidstone plan currently shows a total of 34 audit projects, which is based on the available auditor resources

 

1.3.12                The risk assessment process has involved considering audit subjects in terms of materiality, inherent risk and control risk, and taking into account changes to systems, revised management arrangements and past history.

 

1.3.13                 The actual time spent on each audit depends on the complexity of the subject, the scope of the work, the quality of the systems and documents that will be examined, the helpfulness of the staff that we need to work with and the issues that arise during the audit. In general terms it takes longer to audit a subject where poor controls are in place. The time allocations shown in the plan are indicative and will be subject to adjustment as necessary when individual engagement briefs are prepared.

 

1.3.14                 The resources available to Internal Audit at Maidstone primarily consist of three full-time operational auditors, supported operationally by an Audit Manager for two and a half days of the week, and strategically by the Head of Audit Partnership.

 

1.3.15                 Each auditor is expected to complete up to twelve projects each year. The Audit Manager works closely with the auditors to ensure that productive time is maximised.

 

1.3.16                 The Plan is flexible in the sense that a new audit topic can be added in the future, subject to the deletion of one of the planned audits.

 

1.3.17                 It is anticipated that greater use of auditor rotation across the four partnership sites will occur in the forthcoming year where it is efficient to do so. Therefore it is anticipated that one auditor may be allocated to undertake similar reviews across several Council clients with a view to gaining efficiencies in time spent on the review area.

 

1.3.18                 The Internal Audit Plan for Maidstone is sovereign. However, where possible it has been aligned with the audit plans for Ashford, Swale and Tunbridge Wells to facilitate the sharing of audit work programmes and to allow the movement of auditors between sites.

 

1.3.19                 The plan sets out the audit work that will be carried out in relation to the key financial systems such as; Council Tax and Council Tax Support, Business Rates, Creditor Payments and Payroll. The financial materiality of these systems largely dictates that the systems need to be reviewed annually.

 

1.3.20                 The plan goes on to set out the other service areas that will be subject to an internal audit; some of which have little or no financial risk but are subject to regulatory, legal, technological or reputation risk. These subjects may be reviewed annually, biennially or triennially depending on their risk profile.

 

1.3.21                 The new Head of Audit Partnership has had only a limited opportunity to be involved in the planning process. If he considers that any significant changes need to be made to the 2014/15 plan, he will report accordingly to the Committee.

 

Reporting the work

 

1.3.22                 A written report is provided to the respective Head of Service on completion of each audit project. The Internal Audit report sets out the findings, conclusions and recommendations arising from the audit. A copy of every report is provided to the appropriate Director, the Chief Executive and the Director of Regeneration and Communities (s151 officer).

 

1.3.23                 Heads of Service are required to complete an action plan setting out how they will address the recommendations. The action plan is assessed for adequacy by the Audit Manager.

 

1.3.24                 A follow-up is currently carried out approximately six months after the original report was issued, to establish whether the proposed action has been implemented in practice. The results of the follow-up are reported in writing to the respective Head of Service, with copies to the appropriate Director and the Chief Executive.

 

1.3.25                 If the initial report identifies that only minimal or limited controls are in place and the Head of Service fails to respond adequately or if it is found that the agreed action has not been taken at the time of the follow-up, the matter will be reported to the next meeting of the Audit Committee. The Head of Service will be invited to attend the meeting to explain the action that will be taken to address the control weaknesses.

 

1.3.26                 The outcomes from Internal Audit reviews are reported to the Audit Committee twice a year. An Interim Report is prepared to show the results of work in the first half of the financial year and is reported to the Committee in November/December. The Annual Internal Audit report shows the work for the complete financial year and is reported to the Committee in June/July to support the Annual Governance Statement. The annual report contains the opinion of the Head of Audit Partnership on the overall adequacy and effectiveness of the Council’s framework of governance, risk management and control.

 

 

1.4        Alternative Action and why not Recommended

 

1.4.1   There is a requirement under the Public Sector Internal Audit Standards that the Head of Internal Audit should prepare a risk-based plan to determine the priorities of the internal audit activity. There are no alternative options.

 

1.5        Impact on Corporate Objectives

 

1.5.1   The Internal Audit plan has been prepared to take account of the corporate plan priorities, together with the systems in place to deliver the priorities and manage the risks to their delivery.

 

 

1.6        Risk Management

 

1.6.1   The Internal Audit operational plan sets out a series of projects for 2014/15  to examine the adequacy of the controls that the individual Head of Service has put in place to manage a very broad range of risks to the delivery of strategic and operational objectives.

 

 

1.7        Other Implications

 

1.7.1    

1.      Financial

 

 

 

2.           Staffing

 

 

 

3.           Legal

 

 

X

4.           Equality Impact Needs Assessment

 

 

 

5.           Environmental/Sustainable Development

 

 

6.           Community Safety

 

 

7.           Human Rights Act

 

 

8.           Procurement

 

 

9.           Asset Management

 

 

 

 

1.7.2   Legal:   The Accounts and Audit Regulations 2011 place a statutory duty on the Council to ‘undertake an adequate and effective internal audit of its accounting records and its system of internal control’.

 

 

1.8        Relevant Documents

 

1.8.1   Appendices

 

Appendix 1: Internal Audit Operational Plan 2014/15

Appendix 2: Mid Kent Shared Service Audit Plan 2014/15

 

 

1.8.2   Background Documents

 

None

 

 

 

IS THIS A KEY DECISION REPORT?                  THIS BOX MUST BE COMPLETED

 

X
 
 


Yes                                               No

 

 

If yes, this is a Key Decision because: ……………………………………………………………..

 

…………………………………………………………………………………………………………………………….

 

 

Wards/Parishes affected: …………………………………………………………………………………..

 

……………………………………………………………………………………………………………………………..