1. Home
  2. Council and Democracy
  3. Your Councillors

Internal Audit Operational Plan 2013/14

 

MAIDSTONE BOROUGH COUNCIL

 

AUDIT COMMITTEE

 

25 MARCH 2013

 

REPORT OF HEAD OF AUDIT PARTNERSHIP

 

Report prepared by Brian Parsons 

 

 

1.           INTERNAL AUDIT OPERATIONAL PLAN – 2013/14

 

1.1        Issue for Decision

 

1.1.1   The report sets out (at Appendix 1) the one-year operational Internal Audit plan for the financial year 2013/14 and asks that the Audit Committee review and approve the plan.

 

1.1.2   The purpose of the report is to meet the requirements of the Public Sector Internal Audit Standards (effective from 1 April 2013) in relation to audit planning; and to help to discharge the Section 151 officer’s responsibility for financial control; and to inform Management / Members of the planned audit work to be undertaken in 2013/14.

 

 

1.2        Recommendation of Head of Audit Partnership

 

1.2.1   That the Audit Committee review and approve the contents of the one-year operational Internal Audit plan (shown at Appendix 1)

 

1.3        Reasons for Recommendation

 

1.3.1   The Committee previously received a report on the three-year Internal Audit Strategic Plan at its meeting on 19 September 2011. The report explained the process for the creation of the three-year plan and the elements that were considered in deciding its content.

 

1.3.2   The strategic plan set out the proposed work of the Internal Audit team for the three financial years, 2011/12, 2012/13 and 2013/14. The Audit Committee approved the plan.

 

1.3.3   The approved strategic plan has been used as the basis for the operational work programme for 2013/14 shown at Appendix 1. However, the plan has been amended to take account of the changed risks that the Council faces compared to 2011 and to reflect issues or concerns raised more recently by management.

 

1.3.4   The Accounts and Audit Regulations 2011 place a statutory duty on the Council to ‘undertake an adequate and effective internal audit of its accounting records and its system of internal control in accordance with the proper practices in relation to internal control’. The ‘proper practices’ for internal audit are defined as being those which are set out in the Public Sector Internal Audit Standards, which have been set for local government by CIPFA in collaboration with the Chartered Institute of Internal Auditors. The new standards are effective from 1 April 2013.

 

1.3.5   The Standards require the Head of Internal Audit to establish risk-based plans to determine the priorities of the internal audit activity, consistent with the organisations goals.

 

1.3.6   The Head of Internal Audit is required to review and adjust the plan, as necessary, in response to changes in the organisation’s business, risks, operations, programs, systems, and controls.

 

1.3.7   The Standards state that the Head of Internal Audit must communicate the internal audit plans to senior management and the ‘board’ (the Audit Committee) for review and approval.

 

 

Preparation of the operational plan

 

1.3.8   The majority of the work of Internal Audit is identified in the three-year strategic audit plan which takes full account of organisational objectives and priorities. The operational plan is largely an extract from the strategic plan updated to reflect changed priorities and new risk areas.

 

1.3.9   The plan gives specific consideration to:

·         the arrangements for the prevention of fraud and corruption

·         corporate governance

·         compliance with legislation/changes in legislation

·         compliance with codes of conduct

·         compliance with constitutional rules (e.g. Financial Rules, Contract Rules)

·         the ‘national agenda’

·         coordinating work, or at least as much as is practical, with the external auditors to ensure that best use is made of audit resources, and:

·         coordinating work with the other three teams that form the Mid Kent Audit Partnership

 

1.3.10                 The plan seeks to:

·         provide sufficient coverage of the control environment to allow conclusions to be drawn on its effectiveness

·         give adequate coverage to allow the external auditors to place reliance on the work of Internal Audit

·         add value and improve the organisation’s operations

·         help the organisation to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

 

 

The Plan

 

1.3.11                The plan (Appendix 1) shows the projected internal audit work for 2013/14.

 

1.3.12                 The plan shows a total of 36 audit projects, which is based on the available auditor resources.

 

1.3.13                 The Plan has been prepared on a risk basis. This has involved scoring each of the potential audit subjects in terms of materiality, inherent risk and control risk, taking into account changes to systems, revised management arrangements, and past history.

 

1.3.14                 The actual time spent on an audit depends on the complexity of the subject, the scope of the work, the quality of the systems and documents that will be examined, the helpfulness of the staff that we need to work with and the issues that arise during the audit. In general terms it takes longer to audit a subject where poor controls are in place.

 

1.3.15                 The resources available to Internal Audit consist of three full-time operational auditors, supported operationally by an Audit Manager for two days of the week, and strategically by the Head of Audit Partnership.

 

1.3.16                  Each auditor is expected to complete twelve projects each year. The Audit Manager works closely with the auditors to ensure that productive time is maximised.

 

1.3.17                 The Plan is flexible in the sense that a new audit topic can be added in the future, subject to the deletion of one of the planned audits.

 

1.3.18                 The majority of the time of the Maidstone auditors is spent on Maidstone audit projects; however they also work on other partnership sites where it is efficient to do so. This is reciprocated on a quid-pro-quo basis.

 

1.3.19                 The Internal Audit Plan for Maidstone is sovereign. However, where possible it has been aligned with the Audit Plans for Swale, Ashford and Tunbridge Wells to facilitate the sharing of audit work programmes and to allow the movement of auditors between sites.

 

1.3.20                 The plan sets out the audit work that will be carried out in relation to the key financial systems; Council Tax and Council Tax Support, Business Rates, General Ledger, Creditor Payments, Debts Receivable, and Payroll. The financial materiality of these systems and the expectations of senior management and the external auditors dictate that these systems are reviewed annually.

 

1.3.21                 The plan goes on to set out the other service areas that will be subject to an internal audit; some of which have little or no financial risk but are subject to regulatory, legal, technological or reputation risk. These subjects may be reviewed annually or biennially or triennially depending on their risk profile.

 

 

Reporting the work

 

1.3.22                 A written report is provided to the respective Head of Service on completion of each audit project. The Internal Audit report sets out the findings, conclusions and recommendations arising from the audit. A copy of every report is provided to the respective Director and the Chief Executive.

 

1.3.23                 Heads of Service are required to complete an action plan setting out how they will address the recommendations. The action plan is assessed for adequacy and completeness by the Audit Manager.

 

1.3.24                 A follow-up is carried out approximately six months after the original report was issued to establish whether the proposed action has been implemented in practice. The results of the follow-up are reported in writing to the respective Head of Service, with copies to the respective Director and the Chief Executive.

 

1.3.25                 If the initial report identifies that only minimal or limited controls are in place and the Head of Service fails to respond adequately or if it is found that the agreed action has not been taken at the time of the follow-up, the matter will be reported to the next meeting of the Audit Committee. The Head of Service will be invited to attend the meeting to explain the action that will be taken to address the control weaknesses.

 

1.3.26                 The outcomes from Internal Audit reviews are reported to the Audit Committee twice a year. An Interim Report is prepared to show the results of work in the first half of the financial year; this is reported to the Committee in November/December. The Annual Internal Audit report shows the work for the complete financial year and is reported to the Committee in July to support the Annual Governance Statement. The annual report contains the opinion of the Head of Audit Partnership on the adequacy of the Council’s control environment.

 

 

1.4.   Alternative Action and why not Recommended

 

1.4.1          There is a requirement under the Public Sector Internal Audit Standards that the Head of Internal Audit should prepare a risk-based plan to determine the priorities of the internal audit activity. There are no alternative options.

 

1.5        Impact on Corporate Objectives

 

1.5.1   Internal Audit will operate a risk-based plan linked to a strategic or high-level statement. This will set out how the internal audit service will be provided and developed in accordance with the Audit Charter and how it will link to the organisation’s objectives and priorities.

 

1.6       Risk Management

 

1.6.1   The Internal Audit operational plan sets out a series of projects for 2013/14 to examine the adequacy of the controls that the individual Head of Service has put in place to manage a very broad range of risks to the delivery of strategic and operational objectives.

 

1.7        Other Implications

 

1.7.1    

1.      Financial

 

X

 

2                     Staffing

 

X

 

3                     Legal

 

X

 

4                     Equality Impact Needs Assessment

 

 

 

5                     Environmental/Sustainable Development

 

 

6                     Community Safety

 

 

7                     Human Rights Act

 

 

8                     Procurement

 

 

9                     Asset Management

 

 

 

 

9.5.1   Financial - The Internal Audit Plan includes the audit of financial systems. 

 

9.5.2   Staffing – Internal Audit work will involve some of the staff who work in the areas that are being audited. Changes to systems and procedures as a result of audit work will affect the staff concerned.

 

9.5.3   Legal - The Accounts and Audit Regulations 2011 place a statutory duty on the Council for an internal audit in accordance with the ‘proper practices’. These practices are the Public Sector Internal Audit Standards

 

 

9.6        Relevant Documents

 

9.6.1   Appendices – Appendix 1 Internal Audit Operational Plan 2013/14.

 

9.6.2   Background Documents - None

 

 

 

IS THIS A KEY DECISION REPORT?

x
 
 


Yes                                               No

 

 

If yes, when did it first appear in the Forward Plan?

 

…………………………………………………………………………………………………………………………..

 

 

This is a Key Decision because: ………………………………………………………………………..

 

…………………………………………………………………………………………………………………………….

 

 

 

Wards/Parishes affected: …………………………………………………………………………………..

 

……………………………………………………………………………………………………………………………..