Your Councillors

Cabinet, Council or Committee Report for Internal Audit Operational Plan 2012/13

MAIDSTONE BOROUGH COUNCIL

AUDIT COMMITTEE

19 MARCH 2012

REPORT OF HEAD OF AUDIT PARTNERSHIP

Report prepared by Brian Parsons�

1. INTERNAL AUDIT OPERATIONAL PLAN 2012/13

1.1 Issue for Decision

1.1.1 To consider and endorse the Internal Audit one-year operational plan for 2012/13.

1.2 Recommendation of Head of Audit Partnership

That the Audit Committee consider and endorse the content of the Internal Audit one-year operational plan for 2012/13.

1.3 Reasons for Recommendation

1.3.1 The Committee previously received a report on the Internal Audit Strategic Plan at its meeting on 19 September 2011.

1.3.2 The strategic plan set out the proposed work of the Internal Audit team for the three financial years, 2011/12, 2012/13, and 2013/14. The Audit Committee approved the plan.

1.3.3 The approved strategic plan has been used to create the operational work programme for 2012/13, shown at Appendix 1.

1.3.4 The Accounts and Audit Regulations 2011 place a statutory duty on the Council to �undertake an adequate and effective internal audit of its accounting records and its system of internal control in accordance with the proper practices in relation to internal control�. The proper practices for internal audit are defined as being those which are set out in the Code of Practice for Internal Audit in Local Government in the UK � published in 2006 by CIPFA.

1.3.5 The Code of Practice requires the Head of Internal Audit to prepare a risk-based plan to implement the audit strategy.

1.3.6 The plan needs to be flexible to be able to reflect the changing risks and priorities of the organization.

1.3.7 The Code states that the Head of Internal Audit is responsible for the delivery of the audit plan. Significant matters that jeopardize the delivery of the plan or require changes to the plan should be identified, addressed and reported to the audit committee.

Preparation of the operational plan

1.3.8 The majority of the work of Internal Audit is identified in the three-year strategic audit plan which takes full account of organizational objectives and priorities. The operational plan is predominantly an extract from that plan.

1.3.9 The plan gives specific consideration to:

� the arrangements for the prevention of fraud and corruption

� corporate governance

� compliance with legislation/changes in legislation

� compliance with codes of conduct

� compliance with constitutional rules (e.g. Financial Rules, Contract Rules)

� the �national agenda�

� coordinating work, or at least as much as practical, with the external auditors to ensure that best use is made of audit resources, and;

� coordinating work with the other three teams that form the Mid Kent Audit Partnership

1.3.10 �The plan seeks to:

� provide sufficient coverage of the control environment to allow conclusions to be drawn on its effectiveness

� give adequate coverage to allow the external auditors to place reliance on the work of Internal Audit

� allow objective examination, evaluation and reporting on the adequacy of the control environment as a contribution to the proper, economic, efficient and effective use of resources.

The Operational Plan

1.3.11 �The plan (Appendix 1) shows the projected internal audit work for 2012/13.

1.3.12 ��The plan shows a total of 36 audit projects to reflect the available auditor resources.

1.3.13 ��The plan has been prepared on a risk basis. This has involved scoring each of the potential audit subjects in terms of materiality, inherent risk and control risk, taking into account changes to systems, revised management arrangements, and past history.

1.3.14 �The actual time spent on each audit depends on the complexity of the subject, the scope of the work, the quality of the systems and documents that will be examined, the helpfulness of the staff that we need to work with and the issues that arise during the audit. In general terms, it takes longer to audit a subject where poor controls are in place.

1.3.15 ��The resources available to Internal Audit consist of three full-time operational auditors, supported operationally by an Audit Manager for two days of the week, and strategically by the Head of Audit Partnership.

1.3.16 �Each auditor has a target of twelve projects each year. The Audit Manager works closely with the auditors to ensure that productive time is maximized.

1.3.17 �The plan is flexible in the sense that a new topic can be added in the future, subject to the deletion or postponement of one of the planned audits.

1.3.18 �The majority of the time of the Maidstone auditors is spent on Maidstone audit projects; however, they also work on other partnership sites where it is efficient to do so. This is reciprocated on a quid-pro-quo basis.

1.3.19 ��The Internal Audit Plan for Maidstone is sovereign. However, where possible it has been aligned with the audit plans for Swale, Ashford and Tunbridge Wells to facilitate the sharing of audit work programmes and allow the movement of auditors between sites.

1.3.20 �The plan sets out the audit work that will be carried out in relation to the key financial systems; Benefits, Council Tax, NNDR, General Ledger, Creditors Payments, Debts Receivable, Payroll and Car Parking. The financial materiality of these systems and the expectations of the external auditors to be able to place reliance on the work of Internal Audit, dictate that these systems are reviewed annually.

1.3.21 �The plan goes on to set out the other service areas that will be subject to internal audit; some of which have little or no direct financial risk but are subject to regulatory, legal, technological or reputation risk. These subjects may be reviewed annually, biennially or triennially depending on their risk profile.

1.3.22 ��The plan lists audits for a number of shared services that are currently being provided in partnership with other Councils. These are:

� Legal Services (Practice Review and Case Management System)

� Payroll

� Parking Services (Enforcement)

� Council Tax

� National Non Domestic Rates

� Benefits

1.3.23 �These audits will be carried out by the auditors within the four-way Audit Partnership as reviews of the joint/shared services. Meaning that, for example, one audit of the Council Tax system will be carried out, with the resulting report shared between Maidstone and Tunbridge Wells. This is a major benefit of the shared audit service. It makes best use of audit resources and significantly reduces the internal audit charges to the shared services that are being audited.

1.3.24 �The next stage, following the Audit Committee�s endorsement, will be for the various audit projects to be scheduled to be carried out at appropriate times in the forthcoming financial year, and for the individual projects to be allocated to the operational auditors.

Reporting the work

1.3.25 �A written report is provided to the respective Head of Service on completion of each audit project. The Internal Audit report sets out the findings, conclusions and recommendations arising from the audit. A copy of every report is provided to the respective Director and the Chief Executive.

1.3.26 ��Heads of Service are required to complete an action plan setting out how they will address the recommendations. The completed action plan is assessed for adequacy by the Audit Manager.

1.3.27 ��A follow-up is carried out approximately six months after the original report was issued to establish whether the proposed action has been implemented in practice. The results of the follow-up are reported in writing to the respective Head of Service, with copies to the respective Director and the Chief Executive.

1.3.28 ��If the report identifies that only minimal or limited controls are in place and the Head of Service fails to respond adequately to the original audit report or if it is found that the agreed action has not been taken at the time of the follow-up, the matter will be reported to the next meeting of the Audit Committee. The Head of Service will be invited to attend the meeting to explain the action that will be taken to address the control weaknesses.

Consultation

1.3.29 �The Strategic Plan, from which the operational plan is drawn, was provided to the Corporate Leadership Team and to the meeting of the Audit Committee in September 2011.

1.3.30 �There is an ongoing process of dialogue with Heads of Service in relation to Internal Audit work, including meetings between the Audit Manager and the respective Head of Service to discuss the plan of audit work relative to their area of responsibility. These discussions will inevitably lead to amendments to the plan.

1.3.31 ��Before any actual audit work commences, the respective Head of Service is consulted on the timing, scope and objectives of the audit project.

1.4 Alternative Action and why not Recommended

1.4.1 The alternative option would be to not have a plan of audit work and for Internal Audit work to be unplanned and reactive. This would not make best use of audit resources, it would not provide an effective audit service and it would not meet the statutory duty, so could not be advocated

1.5 Impact on Corporate Objectives

1.5.1 The work of Internal Audit helps to ensure the delivery of the Council�s

objectives.

1.6 Risk Management

1.6.1 The work of Internal Audit seeks to test the adequacy of the controls that management has put in place to manage risk.

1.6.2 In terms of the risk arising from the decision, the risks are that the Council does not meet its statutory duty under the Accounts and Audit Regulations 2011 and that Internal Audit is unable to provide the required assurance on financial controls to support the Responsible Finance Officer (Section 151Officer).

1.7 Other Implications

1.7.1

1.�� Financial

2. Staffing

3. Legal

4. Equality Impact Needs Assessment

5. Environmental/Sustainable Development

6. Community Safety

7. Human Rights Act

8. Procurement

9. Asset Management

1.7.2 A significant part of the work of Internal Audit involves the evaluation of financial systems and the adequacy of financial management. ��

1.7.3 The work of Internal Audit inevitably involves staff from the various service teams, and can often lead to changes in staff working practices.

1.7.4 Internal Audit is a statutory duty under the Accounts and Audit Regulations 2011.

1.8 Conclusions

1.8.1 The Accounts and Audit Regulations 2011 place a statutory duty on the Council to �undertake an adequate and effective internal audit of its accounting records and its systems of internal control in accordance with the proper practices in relation to internal control�.

1.8.2 ��The Head of Audit Partnership is satisfied that completion of the attached operational plan for 2012/13 will meet the statutory duty and will allow the relevant risks to the achievement of the Council�s operational and strategic objectives to be identified and the adequacy of controls to be reviewed.

1.9 Relevant Documents

1.9.1 Appendices

Appendix 1 shows a list of Internal Audit projects for 2012/13

1.9.2 Background Documents

None

IS THIS A KEY DECISION REPORT?

Yes�� No

If yes, when did it first appear in the Forward Plan?

��..

This is a Key Decision because: ��..

��.

Wards/Parishes affected: ��..

��..