SCRUTINY COMMITTEE ITEM MARCH 2012

Transcription

1 SCRUTINY COMMITTEE ITEM MARCH 2012 INTERNAL AUDIT PLAN Report of the: Director of Finance Contact: John Turnbull or Gillian McTaggart Urgent Decision?(yes/no) No If yes, reason urgent decision required: N/A Annexes/Appendices (attached): Other available papers (not attached): Report to Scrutiny Committee 6 April 2011 REPORT SUMMARY This report introduces the Strategy for Internal Audit for 2012/ /15. RECOMMENDATION (S) Notes That the Committee endorses the Strategy for Internal Audit for 2012/13 to 2014/15 as prepared by RSM Tenon. 1 Implications for the Council s Key Priorities, Service Plans and Sustainable Community Strategy 1.1 The internal audit work programme is designed to review and evaluate the risk management, control and governance arrangements that the Council has in place to establish and monitor the achievement of the Council s objectives and to identify, assess and manage the risks to achieving those objectives. 1.2 The work undertaken by Internal Audit contributes to the Core Values of performing with integrity, openness, honesty and providing value for money. 2 Introductions and Background 2.1 Internal Audit provides the Council through the Scrutiny Committee with an independent and objective opinion on risk management, control and governance. RSM Tenon has provided internal audit services to Epsom and Ewell Borough Council, as part of a Consortium since April RSM Tenon presented an Audit Strategy to Committee on 6 April 2011 for 2011/ The Strategy is revised each year to confirm current priorities for internal audit coverage and to develop a detailed internal audit plan for the forthcoming year. The Council s objectives and risk profile are the starting point in the development of the strategy for internal audit. The District Auditor was also consulted in compiling the Audit Strategy. Page 1 of 3

2 SCRUTINY COMMITTEE ITEM MARCH There is scope for modification should the Committee be concerned that a particular risk area has not been properly addressed in the Strategy. Adrian Rutter, a Partner at RSM Tenon will be available at the meeting to discuss the methodology for the Strategy and answer any questions raised. 2.4 The specific views of the Scrutiny Committee are sought on Section 3 (page 4) of the Audit Plan. 3 Proposals 3.1 That the Committee endorses the Strategy subject to any amendments identified as important to cover risks not adequately addressed in the draft Strategy. 3.2 The Plan for 2012/2013 is designed to reflect Epsom and Ewell s objectives and risk profile and has been discussed with Director Finance, Director of Operations and a number of Heads of Finance. 3.3 During 2011, the Council re tendered the Internal Audit Contract in conjunction with Mole Valley, Reigate and Banstead, Tandridge, Waverley and Surrey Police. The new contract commences on 1 April As in previous years there is a follow up allocation to track the adequacy of the Council s arrangements for implementing previous recommendations and an allocation for audit management including liaising with new the external auditor, Grant Thornton who was recently appointed for a period of 5 years. 4 Financial and Manpower Implications 4.1 The audit days proposed are 222 days which can be funded from the provision for internal audit within the Strategy and Resources Committee budget. 4.2 The budget includes a separate provision for investigation work outside of the plan where this cannot be contained within the audit programme. In developing the internal audit plan, RSM Tenon has met with the Corporate Board as well as with the Director of Finance, Director of Operations and a number of Heads of Service. 4.3 In addition to normal internal audit coverage, during 2012/13, RSM Tenon will undertake a range of reviews including; homelessness, housing and advice and allocations; street markets; and a review of the cash office. 5 Equalities and Other Legal Implications 5.1 In the opinion of the Director of Finance the audit proposed fulfils the statutory requirement for internal audit. RSM Tenon comply with professional responsibilities as set out in the International Standards for the Professional Practice of Internal Auditing as published by the Institute of Internal Auditors. 6 Risk Assessment 6.1 Internal Audit has an independent and objective consultancy role to help line managers improve risk management, governance and control. Page 2 of 3

3 SCRUTINY COMMITTEE ITEM MARCH Conclusion and Recommendations 7.1 The proposed internal audit coverage for 2012/13 is based on the Council s needs as assessed by RSM Tenon, in order to provide a cost effective means of delivering internal audit that is compliant with statutory requirements and government and international audit standards. 7.2 The recommendation is that the Scrutiny Committee endorses the Strategy, subject to any modifications agreed with the Audit Manager at the meeting. WARD(S) AFFECTED: N/A Page 3 of 3

4 [Client Name] 1 Strategy for Internal Audit Epsom and Ewell Borough Council Strategy for Internal Audit 2012/ /15 For presentation at the Scrutiny Committee meeting of 28 March 2012 Approved by Adrian Rutter, Director as Head of Internal Audit

5 Epsom & Ewell Borough Council Strategy for Internal Audit CONTENTS Section Page 1 Introduction 1 2 Developing Your Internal Audit Strategy 1 3 Considerations required of the Scrutiny Committee 3 Appendices A Updated Strategy for Internal Audit: 2012/ /15 4 B Detailed Internal Audit Plan for 2012/ C Emerging Issues not covered within the 2012/2013 Internal Audit Plan 11 This report is prepared solely for the use of members and senior management of Epsom and Ewell Borough Council. Details may be made available to specified external agencies, including external auditors, but otherwise the report should not be quoted or referred to in whole or in part without prior consent. No responsibility to any third party is accepted as the report has not been prepared, and is not intended for any other purpose RSM Tenon Limited RSM Tenon Limited is a member of RSM Tenon Group RSM Tenon Limited is an independent member firm of RSM International an affiliation of independent accounting and consulting firms. RSM International is the name given to a network of independent accounting and consulting firms each of which practices in its own right. RSM International does not exist in any jurisdiction as a separate legal entity. RSM Tenon Limited (No ) is registered in England and Wales. Registered Office 66 Chiltern Street, London W1U 4GB. England

6 Epsom and Ewell Borough Council 1 1 INTRODUCTION 1.1 Overall Approach This document sets out the approach we have taken to develop your internal audit plan for 2012 / It provides the Council s Scrutiny Committee with a three year strategy and a more detailed plan for 2012/13. RSM Tenon has been providing internal audit services to Epsom and Ewell Borough Council for the past seven years as part of a Consortium with Reigate and Banstead Borough Council, Mole Valley District Council and Tandridge District Council. In December 2011, we were successful in being appointed for a further five years when the Consortium also included Waverley Borough Council and Surrey Police Authority. 1.2 The Purpose and Function of Internal Audit Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. (Chartered Institute of Internal Auditors) Our professional responsibilities as internal auditors are set out in the International Standards for the Professional Practice of Internal Auditing, published by the Chartered Institute of Internal Auditors (CIIA) in the UK and Ireland. As such, our approach to internal audit also meets the CIPFA Code of Practice for Internal Audit in Local Government in the United Kingdom. In line with these requirements, we perform our internal audit work with a view to reviewing and evaluating the risk management, control and governance arrangements that the organisation has in place, focusing in particular on how these arrangements help Epsom and Ewell Borough Council achieve its objectives. 2 DEVELOPING YOUR INTERNAL AUDIT STRATEGY 2.1 Developing the Detailed Plan for 2012/2013 Changes to Epsom and Ewell s objectives and risk profile are the starting point in the development of the strategy for internal audit for the organisation, which is set out at Appendix A to this document. In updating your strategy and developing the detailed internal audit plan for 2012/13 we met with the Corporate Management Board, as well as the Directors of Finance and Operations and a number of Heads of Service. These meetings identified the areas shown in the table below for inclusion as part of the internal audit plan. Key Areas discussed with Management and included in the 2012/13 Plan Homelessness, housing and advice and allocations: as a result on the increase in demand and expenditure. Street Markets: resulting from bringing based the management of street markets inhouse from an external provider. Cash Office: due to the change in operating hours of the town hall cash office. The detailed plan for 2012/2013 is set out at Appendix B. Other areas identified in our discussions but not judged as having such a high priority are shown in Appendix C. As well as assignments designed to provide assurance or advisory input around specific risks, the strategy includes: a followup allocation, which will be utilised to assess the degree of implementation achieved in relation to recommendations agreed by management during the prior and current financial

7 Epsom and Ewell Borough Council 2 year and will serve to inform the adequacy of the organisation s own recommendation tracking process; and an audit management allocation, used at Director, Associate Director and Manager level for quality control, client and External Audit liaison and for preparation for and attendance at Scrutiny Committee. The strategy will be revisited each year to confirm current priorities for internal audit coverage and to develop a detailed internal audit plan for the forthcoming year. It is also important to understand that as part of the Consortium Contract the benefits of the arrangement include sharing of best practice and efficiency savings by ensuring that the four Council s plans are aligned as best as practical. Whilst fundamentally the Council s will face similar risks and concerns, how these relate to each council s objectives and the actions taken to mitigate risks often differ. Consequently, in producing the audit strategy significant risk areas included in your plan may not have been considered a high risk area by the other councils. 2.2 Your Internal Audit Team Your internal audit team is led by Adrian Rutter. Your Client Manager is Anna Simmonds. We are not aware of any relationships that may affect the independence and objectivity of the team, and which are required to be disclosed under auditing standards. 2.3 Internal Audit Fees In line with our tender and subsequent engagement letter, the fee for your internal audit service for 2012/13 is 62,382.

8 Epsom and Ewell Borough Council 3 3 CONSIDERATIONS FOR THE SCRUTINY COMMITTEE To assist the Scrutiny Committee with their consideration of the Internal Audit Plan, we have set out at Appendix C a number of areas that have not been included within the detailed Internal Audit Plan for 2012/13 but where internal audit could provide assurance. These are linked to your risk profile as well as to emerging issues in the sector. Does the Updated Strategy for Internal Audit (as set out at Appendix A) cover the organisation s key risks as they are recognised by the Scrutiny Committee? Does the audit strategy include all those areas that the Scrutiny Committee would expect to be subject to internal audit coverage, both in terms of our professional responsibilities as well as covering areas of concern flagged by management? Is the level of audit resource accepted by the Committee and agreed as appropriate, given the level of assurance required? Does the detailed internal audit plan for the coming financial year (see Appendix B) reflect the areas that the Scrutiny Committee believes should be covered as priority? Is the Scrutiny Committee satisfied that sufficient assurances are being received by the organisation to effectively monitor the organisation s risk profile, including any emerging issues as set out in Appendix C?

9 Epsom and Ewell Borough Council 4 UPDATED STRATEGY FOR INTERNAL AUDIT 2012/ /15 APPENDIX A TABLE 1: RISK BASED COVERAGE We have identified key risk areas from the Council s corporate leadership risk register and its risk assessment undertaken to support the revenue budget for All corporate leadership risks have been included with 14 being scored as high and the remainder scored as medium. Key Risks Areas Related auditable areas Proposed Audit Coverage 2012/ / /15 1. Failure to achieve service cost reductions Savings Review See also 6 below. 2. Effectiveness of IT Systems Resilience and efficient running of network and applications IT Security and Business Continuity IT Strategy and Plans for System Integration IT Network Capacity 3. Improving Partnership and Shared Working Payroll Service ICT Partnerships Governance Arrangements Payroll Service Provision Joint ICT working with Elmbridge BC 1 4. Implementing Key Corporate Projects CRM Document management system / EPlanning Pay on Foot (Car Parks) Project Advisory Reviews Project Management Compliance Post Implementation Reviews Letting of contracts (including Facilities Management & Trees) 1 See Core financial review of payroll and IT review of itrent application (integrated HR and Payroll system)

10 Epsom and Ewell Borough Council 5 Key Risks Areas Related auditable areas Proposed Audit Coverage 2012/ / /15 5. Impact of Economic Downturn on Income and Reduction in Income Levels Venues Car Parks Planning & Building Control Recycling Income collection systems reviews Departmental Income Reviews 2 Rents 6. Implementation of Corporate Plan and Medium Term Financial Strategy (MTFS) Strategic and Service Delivery Planning Budget Setting and Monitoring MTFS production and monitoring 7. Workforce Planning Future Planning Recruitment Retention Staff Well Being Programme management Officer capacity and resilience Effectiveness of operational HR management Recruitment and Retention Attendance Management Event Planning 75 th Anniversary of the borough 9. Legal Challenge on Local Land Charges and income paid See 4 and 6 above. See 5 and 6 above 10. Information Governance Freedom of Information 4 2 Various potential reviews to be selected from that cover many income generation areas. 3 Potential HR reviews being considered by the Chief Executive outside of the internal audit plan. 4 Being undertaken as part of the governance review and will be of Information Governance

11 Epsom and Ewell Borough Council 6 UPDATED STRATEGY FOR INTERNAL AUDIT 2012/ /15 APPENDIX A Risk Management, Governance and IT Proposed Audit Coverage Internal Audit Coverage Source / Rationale 2012/ / /15 Risk Management An annual review to ensure that risk management continues to operate throughout the organisation, to prevent crystallisation of the process and to include compliance and assurance stocktake reviews. Corporate Governance An annual review of aspects of governance arrangements that are in place. IT Reviews (including reviews of IT Strategy, IT Security, systems change controls, software licensing etc.) Reviews of IT areas of risk and management concerns. Financial Control including work allowing greater external audit reliance on our work Systems Source of Requirement 2012/ / /15 Revenues External Audit Benefits External Audit Treasury Management External Audit Capital Accounting and Fixed Assets External Audit Main Accounting, General Ledger and Reconciliations External Audit Payroll External Audit Debtors External Audit Creditors External Audit

12 Epsom and Ewell Borough Council 7 Other Internal Audit Coverage Area Source of Requirement 2012/ / /15 Follow Up Audit Management To meet internal auditing standards and to provide management with ongoing assurance regarding implementation of recommendations. This will include: Annual planning Preparation for, and attendance at, Scrutiny Committee meetings Regular liaison and progress updates Liaison with external audit Preparation of the annual internal audit opinion For future coverage of areas identified with management see Appendix C.

13 Epsom and Ewell Borough Council 8 APPENDIX B: DETAILED INTERNAL AUDIT PLAN 2012/2013 Audit Overview of Internal Audit Coverage Internal Audit Approach Risk management and governance Risk Management A review will be undertaken of compliance with the council s Risk Management framework. In particular, we will look at how management identify, assess and utilise risk management within a sample of areas of the council. Proposed Timing Audit days 5 Compliance October Information Governance The purpose of the review is to provide the council with assurance that robust arrangements are in place i.e. the adequacy of policies, systems and operational activities to prevent the loss of information and breaches of legislative obligations. Systematic risk based review September IT reviews IT Application review of itrent IT Network Security Application review of itrent system including inbuilt system controls A review to ensure that there are adequate management, operational and security controls over networked systems and data. Audits to address specific risk areas and management concerns Systematic risk based review Systematic risk based review August June 2012 Subtotal of risk, governance and IT reviews 57 Identified from current three year IA strategy, discussions with officers and review of Council documents Homelessness, housing advice and allocations Street Market Management Review of the management of homelessness, including: the provision of housing advice and other preventative actions, relationships with RSLs and others, housing allocations, the management of temporary accommodation costs and housing benefits Review of the processes in place to ensure that potential income is maximised, correct pitch rents are applied and all income due is received. Advisory May Systematic risk based review July Cash Office Review of the cash office operations as a result of the reduced opening hours and staff coverage to ensure that all expected key controls are in place to ensure that monies are accurately recorded, retained securely and banked intact. Key control testing April Subtotal for specific risk areas and management concerns 41 5 Audit days may be flexed to enable more experienced staff to be used when appropriate

14 Epsom and Ewell Borough Council 9 Audit Overview of Internal Audit Coverage Internal Audit Approach Coverage for External Audit Reliance and/or to meet Regulatory Requirements Proposed Timing Audit days Revenues To satisfy external audit requirements Key Controls October Benefits To satisfy external audit requirements Key Controls October Treasury Management To satisfy external audit requirements Key Controls December Capital Accounting & Fixed Assets Main Accounting, General Ledger & Bank Reconciliations To satisfy external audit requirements Key Controls 20 June To satisfy external audit requirements Key controls January Payroll To satisfy external audit requirements Key controls January Debtors To satisfy external audit requirements and to include a specific review of income collection related to waste management. Key controls September Creditors To satisfy external audit requirements Key controls September Bus Grants To verify bus grant claim every 6 months. Verification April & Sept 2012 Smaller Bodies Accounts Follow up and management To verify the controls in place over the accounting and management of the conservators and Epsom Downs accounts, which are operated through the council s financial systems. Verification Year End 3 Subtotal of core coverage 86 3 IT Data Security Follow Up Follow Up (General) Specific review to follow up the recommendations raised in the data security report to assess the progress of their implementation. To meet internal auditing standards and to provide management with ongoing assurance regarding implementation of recommendations. Follow Up Dec Follow up March time critical to be completed after year end amendments have been made to the fixed assets register and prior to external audit final account work

15 Epsom and Ewell Borough Council 10 Management Audit Overview of Internal Audit Coverage Internal Audit Approach This will include: annual planning; Head of Internal Audit midyear review to take account of emerging risks; preparation for, and attendance at, Scrutiny Committee meetings; regular liaison and progress updates; liaison with external audit; and preparation of the annual internal audit opinion Proposed Timing Audit days n/a Ongoing 25 Subtotal for follow up and management 38 Total Days as per Tender 222

16 Epsom and Ewell Borough Council 11 APPENDIX C: POTENTIAL AUDITS OF SPECIFIC RISK AREAS IDENTIFIED BUT NOT COVERED WITHIN THE 2012/2013 INTERNAL AUDIT PLAN Programme management Freedom of Information New Customer Relationship Services system Playhouse Theatre Commercial Rents Fleet Management HR Management 7 Review of the resilience of the Council s arrangements for projects and programme management, including the assessment of officer capacity Consideration will be given to adherence to policies in place that provide guidance as to whether requests for information conform with the Freedom of Information Act or charges should be applied. Input over the project to introduce the new CRM system in terms of; project management, controls and reporting. A review of adherence of ticket sales policy to ensure that income is maximised; income is managed securely; income is received from both the box office and online ticketing system; and income due is regularly reconciled to income received. Significant financial income where assurance is required to ensure that; leases are in place and current; rents are in line with market rates; rents are being charged correctly; income is accounted for accurately; all income due is received. This review will focus on contract management and the operational controls in place over: monitoring of the lease contract, vehicle related procurement, maintenance and servicing, utilisation and security. Review of HR Management scope to be discussed but might select from: Change management Officer capacity and resilience Effectiveness of operational HR management Advisory 15 Advisory 12 Advisory 15 Compliance 15 Systematic risk based review Systematic risk based review Advisory 30 7 As part of our planning process we agreed with the Chief Executive that scoping documents and costings would be provided for this work that the Council may wish to commission in addition to the internal audit plan.