Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary"

Transcription

1 Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary Internal Audit Report () FINAL Risk Management: Follow Up of Previous Internal Audit Recommendations 20 May 2015

2 Contents Section Page 1 Executive Summary 1 2 Findings and Recommendations 2 Debrief meeting 24 April 2015 Auditors Mark Jones, Head of Internal Audit Draft report issued 30 April 2015 Angela Ward, Vickie Gould, Assistant Responses received 19 May 2015 Client sponsor(s) Mark Simmonds, OPCC Chief Finance Officer Julian Kern, Constabulary Director of Resources Dan Wood, Constabulary and Planning Final report issued 20 May 2015 Report distribution Mark Simmonds, OPCC Chief Finance Officer Julian Kern, Constabulary Director of Resources Dan Wood, Constabulary and Planning Jane Walmsley, Inspection and Audit Coordinator As a practising member firm of the Institute of Chartered Accountants in England and Wales (ICAEW), we are subject to its ethical and other professional requirements which are detailed at The matters raised in this report are only those which came to our attention during the course of our review and are not necessarily a comprehensive statement of all the weaknesses that exist or all improvements that might be made. Recommendations for improvements should be assessed by you for their full impact before they are implemented. This report, or our work, should not be taken as a substitute for management s responsibilities for the application of sound commercial practices. We emphasise that the responsibility for a sound system of internal controls rests with management and our work should not be relied upon to identify all strengths and weaknesses that may exist. Neither should our work be relied upon to identify all circumstances of fraud and irregularity should there be any. This report is supplied on the understanding that it is solely for the use of the persons to whom it is addressed and for the purposes set out herein. Our work has been undertaken solely to prepare this report and state those matters that we have agreed to state to them. This report should not therefore be regarded as suitable to be used or relied on by any other party wishing to acquire any rights from Baker Tilly Risk Advisory Services LLP for any purpose or in any context. Any party other than the Board which obtains access to this report or a copy and chooses to rely on this report (or any part of it) will do so at its own risk. To the fullest extent permitted by law, Baker Tilly Risk Advisory Services LLP will accept no responsibility or liability in respect of this report to any other party and shall not be liable for any loss, damage or expense of whatsoever nature which is caused by any person s reliance on representations in this report. This report is released to our Client on the basis that it shall not be copied, referred to or disclosed, in whole or in part (save as otherwise permitted by agreed written terms), without our prior written consent. We have no responsibility to update this report for events and circumstances occurring after the date of this report. Baker Tilly Risk Advisory Services LLP is a limited liability partnership registered in England and Wales no. OC at 6th floor, 25 Farringdon Street, London EC4A 4AB Baker Tilly Risk Advisory Services LLP

3 1 Executive Summary 1.1 Introduction As part of the approved internal audit plan for 2014/15, we have undertaken a follow up review of risk management processes, in response to a number of findings and recommendations raised in our previous Risk Management Advisory Review (14.13/14). The nine recommendations considered in this review comprised seven medium and two low recommendations. The focus of this review was to provide assurance that all recommendations previously made have been adequately implemented and that robust risk management processes are now becoming embedded across the Constabulary and the OPCC. Staff members responsible for the implementation of recommendations were interviewed to determine the status of agreed actions. Where appropriate, audit testing has been completed to assess the level of compliance with this status and the controls in place 1.2 Conclusion Taking account of the issues identified in the remainder of the report and in line with our definitions set out in Appendix A, in our opinion the Constabulary and OPCC are demonstrating good progress in implementing actions agreed to address the recommendations. Our conclusion reflects the ongoing implementation of a number of the recommendations, which will be fully completed on 29 May 2015, when all departments and areas are required to submit their updated risk registers, taking into consideration the changes applied to the overall strategic risk register following our initial review during 2013/14. We are satisfied that the work completed by departments and areas is appropriate for the deadline on 29 May There are no recommendations that we consider to be receiving inadequate management attention. One recommendation has been classed as not yet implemented, however this relates to auditing / testing of the controls and assurances flagged against each risk, and this is a process that is being considered going forward as part of the Continuous Improvement Framework being adopted. Furthermore, now that adequate risk registers are in place they can be used to direct audit testing and inform future internal audit plans. 1.3 Limitations to the Scope of the Audit This review only covered audit recommendations previously made and did not review the whole control framework of the areas listed above. Therefore, we are not providing assurance on the entire risk and control framework of those areas. Where testing has been undertaken, our samples have been selected over the period since actions were implemented or controls enhanced. Our work does not provide any guarantee or absolute assurance against material errors, loss or fraud. Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary 1

4 2 Findings and Recommendations Each recommendation followed up has been categorised in line with the following: Detail 1 The entire recommendation has been fully implemented. 2 The recommendation has been partly though not yet fully implemented. 3 The recommendation has not been implemented. 4 The recommendation has been superseded and is no longer applicable. 5 The agreed date for implementing the recommendation has been revised / not yet been reached. Recommendation Management s / Implications / Recommendations 1 The strategic risk register should be reviewed by the Chief Officer Group as a whole to assess to impact and likelihood of the risks for the whole constabulary. A greater profile for risk is required and more regular review by COG will support this. 1 The risk registers are presented to COG by the Head of Strategy on a quarterly basis, or by exception when a risk score has changed or an issue needs escalation. On review of the minutes from the COG meeting on 26 March 2015, we confirmed that this was a follow up of the report for developing risk management strategies presented to the COG meeting in January 2015, and attendees were asked to support the approach to reinvestigate risk across the organisation. All departments were asked to have updated risk Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary 2

5 Recommendation Management s / Implications / Recommendations registers completed by 29 May We are satisfied that this recommendation has been implemented. 2 All departments / areas must ensure they have sufficient risk management processes in place and regularly review and submit the departmental risk register for central review. Agreed. Process overview to go to next JAC. Process re-iterated with CIO network. 2 With the support of the DCC, all departments / areas have been reminded of the importance of having robust risk management processes in place. As a result, and as mentioned above, it has been requested that all risk registers are reviewed and updated by 29 May The Strategy Advisor has recently updated the Constabulary intranet to provide staff with tools and techniques for effective risk management. This includes setting out the Constabulary s approach to risk and directing staff the Risk Practitioner Pack for guidance and requirements. The page also includes information on: - Help and assistance; - Change portfolio programme and project risk; - The Orange Book; - Plans; - QA; and - COG, JAC and risk register submission dates. The Strategy Advisor confirmed that meetings had been held with many departments to go through expectations and provide assistance; however this was expected to increase nearer the submission deadline. Until we have seen that all areas / departments submit sufficient risk registers given all the changes being Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary 3

6 Recommendation Management s / Implications / Recommendations implemented, we class this recommendation as partly implemented. 3 The OPCC should consider that long term strategic risks that are included within the issues log are clearly distinguishable from the shorter term operational risks. This will support the achievement of the Crime Plan and horizon scanning required for the completion of the Police & Crime Needs Assessment and Annual Report. Medium May 2014 OPCC Chief Finance Officer Agreed, this has been included in the revised risk register. 1 The OPCC now has two separate documents, the strategic risk register and the issues log. The issues log provides an overview of current and emerging key issues relative to the risk they present to the delivery of the Police and Crime Plan. The log is split into high, medium-high, medium, medium low and then district specific risks. It includes the risk score, owner, commentary and controls and assurances. The OPCC strategic risk register outlines the high level strategic risks such as performance failure, financial incapability, collaboration and partnership working, change management, openness, transparency and accountability. The document outlines the following areas: - Risk description; - Impact; - Controls and assurances; - Risk score (probability and impact); and - ary and review date. We are satisfied that the OPCC has an improved approach to risk management, splitting out strategic and operational risks and issues, and therefore this recommendation is fully implemented. Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary 4

7 Recommendation Management s / Implications / Recommendations 4 The make-up of the residual score should be documented on the face of the risk register to ensure that the likelihood and impact is considered when assessing the residual score. This will also help to demonstrate what effect controls have on managing a risk through the extent that they reduce the residual impact and / or residual likelihood. Low January 2015 We will seek to embed this throughout the CIO network. 2 On review of the strategic risk register we confirmed that the impact and probability is clearly documented on the face of the register for each risk, showing the overall residual risk score. The risk score is also split into two, with mitigated and unmitigated scores being clearly set out. There is also an indicator to show whether the score has gone up, down or remained static. On review of one example of a departmental risk register (SSI) we confirmed that this meets the same design and layout with both impact and probability giving both mitigated and unmitigated risk scores. However, until all risk registers are completed by 29 May 2015 we cannot confirm that this recommendation is fully implemented. 5 The issues log should include an explanation as to why the risk score has changed and the changes to the mitigating actions, both of which should be included in the update to the assigned risk. Low June 2014 OPCC Planning and Performance Officer Agreed. This is being increasingly built into the risk commentary. 1 On review of the most recent issues log we confirmed that this now clearly articulates risk changes and subsequent reasons and this is highlighted in the commentary section with a green or red arrow to indicate the movement. We are therefore satisfied that this recommendation has been fully implemented. 6 The risk register should clearly and separately note the mitigating controls in place at the time of review and the mitigating actions to be implemented in the Agreed. Controls should be SMARTER where possible. 2 All the risks contained on the 'old' risk register have been re-worked with causes and consequences identified and mitigating actions directly linked to these. On review of the new strategic risk register we confirmed that detailed controls and assurances were outlined. Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary 5

8 Recommendation Management s / Implications / Recommendations future. Further discussions highlighted how the new Continuous Improvement Framework will look to include some form of check and challenge over the assurances and controls listed on the department risk registers to ensure they are indeed reducing the mitigated risk score to the correct level. Practices adopted at other clients include using the risk registers and assurance frameworks to help set the annual Internal Audit plans, so that we can be used in an effective way to assist in providing assurance of robust risk management processes in place in key areas of the organisation. Until the department risk registers and new processes are in place and embedded we cannot confirm this to be fully implemented, although the progress made is noted. 7 Once the existing controls have been identified and documented, these should be tested, providing assurance that they are sufficient in managing the risk as intended. Yes wherever this is practicable. 3 See above. 8 The Audit Committee should take more strategic approach to reviewing risks, providing adequate challenge of the risk registers to ensure they are satisfied that the risks are Medium On-going Audit Committee This would support the wider risk process as a whole. 1 Following review of risk reports and registers presented to the audit committee, and from attendance and observations at the meetings, we are satisfied that the level of information and subsequent questioning and interrogation of the new strategic risk registers is much improved and effective. Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary 6

9 Recommendation Management s / Implications / Recommendations appropriate and being managed. We are therefore satisfied that is recommendation is implemented. 9 The departmental and strategic risks of the constabulary should be linked to the OPCC Strategic risk register through either reference to the PCC s priorities where possible or alternatively referenced to an OPCC Strategic risk number. This will help demonstrate the linkage between the constabulary risk profile and how it influences the OPCC risk profile. Agreed OPCC & Constabulary Policy and process to be updated. 1 Regular meetings (prior to the audit committee) are held between the Constabulary and the OPCC in order to discuss the aligning of risk registers. Whilst we can see where the risks on each focus on similar key risks and areas, they are communicated and reviewed from the differing angles required from the two differing organisations. We are satisfied that this recommendation is implemented. Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary 7

Item 5- Appendix A MOLE VALLEY DISTRICT COUNCIL. Annual internal audit report 2015/2016

Item 5- Appendix A MOLE VALLEY DISTRICT COUNCIL. Annual internal audit report 2015/2016 Item 5- Appendix A MOLE VALLEY DISTRICT COUNCIL Annual internal audit report 2015/2016 April 2016 CONTENTS 1 The annual internal audit opinion... 2 2 The basis of our internal audit opinion... 4 3 Our

More information

Bedfordshire Fire and Rescue Authority Audit and Standards Committee 26 June 2014 Item No. 8

Bedfordshire Fire and Rescue Authority Audit and Standards Committee 26 June 2014 Item No. 8 For Publication REPORT AUTHOR: Bedfordshire Fire and Rescue Authority Audit and Standards Committee 26 June 2014 Item No. 8 ASSISTANT CHIEF OFFICER (HUMAN RESOURCES AND ORGANISATIONAL DEVELOPMENT) SUBJECT:

More information

Cambridgeshire and Peterborough Fire Authority. Internal Audit Progress Report Overview & Scrutiny Committee meeting 16 October 2014

Cambridgeshire and Peterborough Fire Authority. Internal Audit Progress Report Overview & Scrutiny Committee meeting 16 October 2014 Cambridgeshire and Peterborough Fire Authority Internal Audit Progress Report Overview & Scrutiny Committee meeting 16 October 2014 Cambridgeshire & Peterborough Fire Authority 1 Introduction This report

More information

Internal Audit Annual Report Year ended 31 March Presented at the Audit Committee meeting of: 1 st July 2013

Internal Audit Annual Report Year ended 31 March Presented at the Audit Committee meeting of: 1 st July 2013 NOTTINGHAMSHIRE OFFICE OF THE POLICE & CRIME COMMISSIONER & NOTTINGHAMSHIRE POLICE Internal Audit Annual Report Year ended 31 March 2013 Presented at the Audit Committee meeting of: 1 st July 2013 Patrick

More information

Internal Audit Annual Report Year ended 31 March Office of Northamptonshire Police & Crime Commissioner & Northamptonshire Police

Internal Audit Annual Report Year ended 31 March Office of Northamptonshire Police & Crime Commissioner & Northamptonshire Police Office of Northamptonshire Police & Crime Commissioner & Northamptonshire Police Internal Audit Annual Report Year ended 31 March 2013 Presented at the Audit Committee meeting of: 27 th June 2013 Patrick

More information

Item 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010

Item 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010 Item 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010 This report has been prepared on the basis of the limitations set out on page 16. Contents Page

More information

Report 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010

Report 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010 Report 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010 This report has been prepared on the basis of the limitations set

More information

Northumberland National Park Authority. Internal Audit Annual Report Year ended 31 March Presented at the Authority meeting of: 17July 2013

Northumberland National Park Authority. Internal Audit Annual Report Year ended 31 March Presented at the Authority meeting of: 17July 2013 Northumberland National Park Authority Internal Audit Annual Report Year ended 31 March 2013 Presented at the Authority meeting of: 17July 2013 Patrick Green Head of Internal Audit 1 INTERNAL AUDIT OPINION

More information

RISK MANAGEMENT STRATEGY

RISK MANAGEMENT STRATEGY RISK MANAGEMENT STRATEGY 2014-15 April 2014 Page 1 of 17 CONTENTS 1. Introduction 2. What is risk management? 3. Risk Management Policy Statement 4. Risk Management process 5. Roles and responsibilities

More information

Coleg Gwent Internal Audit Report 2014/15 Staff Performance Management. Assurance Rating:

Coleg Gwent Internal Audit Report 2014/15 Staff Performance Management. Assurance Rating: Coleg Gwent Internal Audit Report 2014/15 Staff Performance Management Assurance Rating: Distribution List: Final Report Audit Committee Principal Vice Principal, (Resources and Financial Planning)/Director

More information

Avon & Somerset Police Authority

Avon & Somerset Police Authority Avon & Somerset Police Authority Internal Audit Report IT Service Desk FINAL REPORT Report Version: Date: Draft to Management: 19 February 2010 Management Response: 12 May 2010 Final: 13 May 2010 Distribution:

More information

Aberdeen City Council IT Governance

Aberdeen City Council IT Governance Aberdeen City Council IT Governance Internal Audit Report 2013/2014 for Aberdeen City Council May 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary where applicable Terms or

More information

Dacorum Borough Council - Internal Audit Report

Dacorum Borough Council - Internal Audit Report Dacorum Borough Council - Internal Audit Report Licensing Distribution list: Rita McGinlay - Regulatory Services Group Manager Steve Baker Assistant Director (Legal, Democratic and Regulatory) Sally Marshall

More information

Information Commissioner's Office

Information Commissioner's Office Information Commissioner's Office Internal Audit 2010-11: Visit Four March 2011 Report distribution Timetable For action: Head of Good Practice Scoping meeting: 5 January 2011 Good Practice Group Fieldwork

More information

Sunderland City Council Review of Internal Audit June 2013

Sunderland City Council Review of Internal Audit June 2013 June 2013 Contents Introduction 2 Our approach 3 Main conclusions 4 Detailed findings 5 Our reports are prepared in the context of the Audit Commission s Statement of responsibilities of auditors and audited

More information

Note the Chief Internal Auditor s findings to date and gain assurance from Officers that key issues raised are being addressed.

Note the Chief Internal Auditor s findings to date and gain assurance from Officers that key issues raised are being addressed. Agenda Item No: 9 To: Joint Audit Committee Date: 24 September 2014 By: Chief Internal Auditor Title: Internal Audit Update Report 2014-15 Purpose of Report: The purpose of this report is to give an opinion

More information

Aberdeen City Council IT Security (Network and perimeter)

Aberdeen City Council IT Security (Network and perimeter) Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary

More information

Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary

Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary Avon and Somerset Constabulary Traffic Accidents Internal Audit Report (10.12/13) 12 February 2013 Overall Opinion: Amber/Green CONTENTS Section Page Executive Summary 1 Action Plan 5 Findings and Recommendations

More information

Essex Fire Authority

Essex Fire Authority Internal Audit Report (2.13/.14) FINAL with the Civil Contingencies Act 1 October 2013 Contents Section Page Executive Summary 1 Action Plan 5 Findings and Recommendations 6 Debrief meeting 15 August 2013

More information

SOUTH NORTHAMPTONSHIRE COUNCIL. 11/31 ICT Capacity Management FINAL REPORT. June 2011

SOUTH NORTHAMPTONSHIRE COUNCIL. 11/31 ICT Capacity Management FINAL REPORT. June 2011 SOUTH NORTHAMPTONSHIRE COUNCIL 11/31 ICT Capacity Management FINAL REPORT June 2011 This report and the work connected therewith are subject to the Terms and Conditions of the contract dated 18/06/07,

More information

Coleg Gwent. Business Continuity Plan Test - Post Implementation Review (PIR) Internal Audit Report (12.09/10)

Coleg Gwent. Business Continuity Plan Test - Post Implementation Review (PIR) Internal Audit Report (12.09/10) Internal Audit Report 1 June 2010 Business Continuity Plan Test Post Implementation Review (PIR) CONTENTS Section Page Executive Summary 1 Action Plan 4 Findings and Recommendations 5 Debrief meeting 28

More information

Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory. Assurance Rating:

Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory. Assurance Rating: Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory Assurance Rating: Distribution List: Draft Report: Principal Vice Principal, (Finance, Estates and Information Services) Clerk to the Corporation

More information

Appendix A. Internal Audit. External Quality Assessment. Sevenoaks District Council May 2015

Appendix A.  Internal Audit. External Quality Assessment. Sevenoaks District Council May 2015 Appendix A www.pwc.co.uk Internal Audit External Quality Assessment Sevenoaks District Council May 2015 Executive Summary Background The purpose of the review was to assess the current level of performance

More information

Dacorum Borough Council Final Internal Audit Report

Dacorum Borough Council Final Internal Audit Report Dacorum Borough Council Final Internal Audit Report ICT Change Management Distribution list: Chris Gordon Group Manager Neil Telkman - Information, Security and Standards Officer Gary Osler ICT Service

More information

Information Commissioner's Office

Information Commissioner's Office Phil Keown Engagement Lead T: 020 7728 2394 E: philip.r.keown@uk.gt.com Will Simpson Associate Director T: 0161 953 6486 E: will.g.simpson@uk.gt.com Information Commissioner's Office Internal Audit 2015-16:

More information

Essex Fire Authority. Fleet Management. Internal Audit Report (4.12/13) 28 February 2013 FINAL. Overall Opinion

Essex Fire Authority. Fleet Management. Internal Audit Report (4.12/13) 28 February 2013 FINAL. Overall Opinion Essex Fire Authority Fleet Management Internal Audit Report (4.12/13) 28 February 2013 FINAL Overall Opinion Essex Fire Authority Fleet Management 4.12/13 CONTENTS Section Page Executive Summary 1 Action

More information

Audit Committee, 13 March 2013. Internal Audit Report Project Management. Executive summary and recommendations. Introduction

Audit Committee, 13 March 2013. Internal Audit Report Project Management. Executive summary and recommendations. Introduction Audit Committee, 13 March 2013 Internal Audit Report Project Management Executive summary and recommendations Introduction Mazars has undertaken a review of the arrangements for project management in accordance

More information

Aberdeen City Council IT Disaster Recovery

Aberdeen City Council IT Disaster Recovery Aberdeen City Council IT Disaster Recovery Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates

More information

Audit Committee, 20 March 2014. Internal Audit Report Project Management. Executive summary and recommendations. Introduction

Audit Committee, 20 March 2014. Internal Audit Report Project Management. Executive summary and recommendations. Introduction Audit Committee, 20 Internal Audit Report Project Management Executive summary and recommendations Introduction As part of the Internal Audit Plan for 2013-14 Mazars have undertaken a review of arrangements

More information

Appendix 6c. Final Internal Audit Report Disaster Recovery Planning. June 2007. Report 6c Page 1 of 15

Appendix 6c. Final Internal Audit Report Disaster Recovery Planning. June 2007. Report 6c Page 1 of 15 Appendix 6c Final Internal Audit Report Disaster Recovery Planning June 2007 Report 6c Page 1 of 15 Contents Page Executive Summary 3 Observations and Recommendations 8 Appendix 1 - Audit Framework 13

More information

AVON & SOMERSET OFFICE OF POLICE & CRIME COMMISSIONER Job Description

AVON & SOMERSET OFFICE OF POLICE & CRIME COMMISSIONER Job Description AVON & SOMERSET OFFICE OF POLICE & CRIME COMMISSIONER Job Description LOCATION: JOB TITLE: REPORTS TO: SUPERVISORY RESPONSIBILITY: Police & Crime Commissioners Office Chief Financial Officer and Deputy

More information

EAST RENFREWSHIRE COUNCIL AUDIT AND SCRUTINY COMMITTEE. 18 August Report by Chief Auditor REVIEW OF INTERNAL AUDIT CHARTER

EAST RENFREWSHIRE COUNCIL AUDIT AND SCRUTINY COMMITTEE. 18 August Report by Chief Auditor REVIEW OF INTERNAL AUDIT CHARTER AGENDA ITEM No. 10 EAST RENFREWSHIRE COUNCIL AUDIT AND SCRUTINY COMMITTEE 18 August 2016 Report by Chief Auditor REVIEW OF INTERNAL AUDIT CHARTER 1 PURPOSE OF REPORT To submit to members for approval the

More information

INTERNAL AUDIT CHARTER

INTERNAL AUDIT CHARTER APPENDIX A INTERNAL AUDIT CHARTER Version Control Version No Author Date 1.2 Anna Wright September 2014 Shared Service Senior Auditor 1.3 Lisa Cotton August 2015 Shared Service Senior Auditor 1.4 Lisa

More information

Aberdeen City Council IT Asset Management

Aberdeen City Council IT Asset Management Aberdeen City Council IT Asset Management Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates

More information

INTERNAL AUDIT CHARTER

INTERNAL AUDIT CHARTER APPENDIX A INTERNAL AUDIT CHARTER Version Control Version No Author Date 1.2 Anna Wright September 2014 Senior Auditor 1.3 Lisa Cotton Senior Auditor August 2015 Contents 1 Introduction 1 2 Definitions

More information

INTERNAL AUDIT CHARTER

INTERNAL AUDIT CHARTER INTERNAL AUDIT CHARTER Version Control Version No Author Date 1.1 Anna Wright Shared Services Senior Auditor September 2013 Contents 1 Introduction 1 2 Definitions 1 3 Purpose of Internal Audit 1 4 Scope

More information

Audit of Business Continuity Planning

Audit of Business Continuity Planning Cumbria Office of the Police & Crime Commissioner Audit of Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens),

More information

Information Commissioner's Office

Information Commissioner's Office Information Commissioner's Office Internal Audit 2013-14: Follow up Last updated 4 July 2014 Distribution For action Senior Corporate Governance Manager Timetable Fieldwork completed 21 May 2014 Draft

More information

Dacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery

Dacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery Dacorum Borough Council Final Internal Audit Report IT Business Continuity and Disaster Recovery Distribution list: Chris Gordon Group Manager Performance, Policy and Projects John Worts ICT Team Leader

More information

Hertsmere Borough Council. Data Quality Strategy. December 2009 1

Hertsmere Borough Council. Data Quality Strategy. December 2009 1 Hertsmere Borough Council Data Quality Strategy December 2009 1 INTRODUCTION Public services need reliable, accurate and timely information with which to manage services, inform users and account for performance.

More information

Hywel Dda University Health Board INTERNAL AUDIT CHARTER. March 2015

Hywel Dda University Health Board INTERNAL AUDIT CHARTER. March 2015 INTERNAL AUDIT CHARTER March 2015 Contents Section Page 1. Introduction 1 2. Purpose and Responsibility 1 3. Independence and Objectivity 2 4. Authority and Accountability 3 5. Relationships 4 6. Standards

More information

CENTRAL LINCOLNSHIRE LOCAL PLAN HIGHLIGHT REPORT

CENTRAL LINCOLNSHIRE LOCAL PLAN HIGHLIGHT REPORT Public Sector Auditing.. Private Sector Thinking CENTRAL LINCOLNSHIRE LOCAL PLAN HIGHLIGHT REPORT Date: 7 th November 2014 Author: Rachel Abbott Principal Auditor Introduction & Scope The National Planning

More information

Internal Audit Charter. June 2016

Internal Audit Charter. June 2016 Internal Audit Charter June 2016 1 Introduction 1.1 The Internal Audit Charter is a formal document that defines Internal Audit s purpose, authority and responsibility. The charter establishes Internal

More information

SCRUTINY COMMITTEE ITEM 04 28 MARCH 2012

SCRUTINY COMMITTEE ITEM 04 28 MARCH 2012 SCRUTINY COMMITTEE ITEM 04 28 MARCH 2012 INTERNAL AUDIT PLAN Report of the: Director of Finance Contact: John Turnbull or Gillian McTaggart Urgent Decision?(yes/no) No If yes, reason urgent decision required:

More information

Cheshire Fire Authority

Cheshire Fire Authority Cheshire Fire Authority Internal Plan 2013/2014 Presented at the Cheshire Fire Authority meeting of: 17 April 2013 Lisa Randall Head of Internal 1 INTRODUCTION This document sets out the approach we have

More information

Internal Audit Report Disaster Recovery / Business Continuity Planning

Internal Audit Report Disaster Recovery / Business Continuity Planning Audit Committee, 28 November 2013 Internal Audit Report Disaster Recovery / Business Continuity Planning Executive summary and recommendations Introduction As part of the Internal Audit Plan for 2013-14,

More information

Retail Charity Bonds plc Audited Condensed Financial Statements for the period ended 31 August 2014

Retail Charity Bonds plc Audited Condensed Financial Statements for the period ended 31 August 2014 Audited Condensed Financial Statements for the period ended 31 Registered number: 8940313 Date of incorporation: 14 th March, 1 Contents of the Condensed Financial Statements for the Period Ended 31 Contents

More information

The Risk Management strategy sets out the framework that the Council has established.

The Risk Management strategy sets out the framework that the Council has established. Derbyshire County Council Management Policy Statement The Authority adopts a proactive approach to Management to achieve Best Value and continuous improvement and is committed to the effective management

More information

The Learning Zone - Project Management Arrangements

The Learning Zone - Project Management Arrangements Coleg Gwent Internal Audit Report () 6 June 2012 Overall Opinion The Learning Zone - Project Management Arrangements CONTENTS Section Page Executive Summary 1 Action Plan 4 Findings and Recommendations

More information

CAMBRIDGE CITY COUNCIL

CAMBRIDGE CITY COUNCIL Agenda Item CAMBRIDGE CITY COUNCIL REPORT OF: Director of Business Transformation TO: Civic Affairs Committee 25 June 2014 WARDS: All INTERNAL AUDIT: REVIEW OF EFFECTIVENESS 2013 / 2014 1 INTRODUCTION

More information

Cumbria Constabulary. Business Continuity Planning

Cumbria Constabulary. Business Continuity Planning Cumbria Constabulary Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens), www.sjstudios.co.uk, Monument (Market

More information

Draft Internal Audit Report Software Licensing Audit. December 2009

Draft Internal Audit Report Software Licensing Audit. December 2009 Draft Internal Audit Report Software Licensing Audit December 2009 Contents Page Executive Summary 3 Observations and Recommendations 6 Appendix 1 Audit Framework 9 Appendix 2 - Staff Interviewed 10 Statement

More information

Business Planning & Budgetary Control 2012/13

Business Planning & Budgetary Control 2012/13 Cymdeithas Tai Cantref Cyf Final Internal Audit Report Business Planning & Budgetary Control 2012/13 Date of fieldwork: October November 2012 Date of draft report: November 2012 Date of final report: November

More information

ESSEX FIRE AUTHORITY. Internal Audit Progress Report. Audit Sub-Committee Meeting: April 2012

ESSEX FIRE AUTHORITY. Internal Audit Progress Report. Audit Sub-Committee Meeting: April 2012 ESSEX FIRE AUTHORITY Internal Audit Progress Report Audit Sub-Committee Meeting: April Essex Fire Authority CONTENTS Section Page 1 Introduction 1 2 Final reports 1 3 Key Findings from Internal Audit Work

More information

Report of Don McLure, Corporate Director of Resources

Report of Don McLure, Corporate Director of Resources AUDIT COMMITTEE 29 June 2015 Annual Review of the System of Internal Audit 2014 / 2015 Report of Don McLure, Corporate Director of Resources Purpose of the Report 1. The purpose of this report is for members

More information

Review of Internal Audit. Ribble Valley Borough Council Audit 2008/09 Date June 2009

Review of Internal Audit. Ribble Valley Borough Council Audit 2008/09 Date June 2009 Review of Internal Audit Ribble Valley Borough Council Audit 2008/09 Date June 2009 Contents Introduction 3 Background 4 Audit approach 5 Main conclusions 6 Detailed report 7 The Way Forward 13 Appendix

More information

Internal Audit Annual Report 2014/2015

Internal Audit Annual Report 2014/2015 www.pwc.co.uk Internal Audit Annual Report 2014/2015 DRAFT Oxford City Council June 2015 Annual Report 2014/2015 Contents 1. Executive summary 1 2. Summary of findings 3 3. Internal Audit work conducted

More information

Committees Date: Subject: Public Report of: For Information Summary

Committees Date: Subject: Public Report of: For Information Summary Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security

More information

Audit of Payroll. Cumbria Constabulary & OPCC. 13 th January Cumbria Shared Internal Audit Service. 11 th December 2014.

Audit of Payroll. Cumbria Constabulary & OPCC. 13 th January Cumbria Shared Internal Audit Service. 11 th December 2014. Cumbria Constabulary & OPCC Audit of Payroll Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens), www.sjstudios.co.uk, Monument (Market Cross),

More information

APPENDIX C. Internal Audit Report South Holland District Council Project Management

APPENDIX C. Internal Audit Report South Holland District Council Project Management APPENDIX C Internal Audit Report South Holland District Council Project Management Date: 20th December 2012 Contents Introduction and Scope 1 Executive Summary Assurance Opinion Key Messages 2 3 Management

More information

Aberdeen City Council

Aberdeen City Council Aberdeen City Council Internal Audit Report Final Contract management arrangements within Social Care & Wellbeing 2013/2014 for Aberdeen City Council January 2014 Internal Audit KPI Targets Target Dates

More information

7 Directorate Performance Managers. 7 Performance Reporting and Data Quality Officer. 8 Responsible Officers

7 Directorate Performance Managers. 7 Performance Reporting and Data Quality Officer. 8 Responsible Officers Contents Page 1 Introduction 2 2 Objectives of the Strategy 2 3 Data Quality Standards 3 4 The National Indicator Set 3 5 Structure of this Strategy 3 5.1 Awareness 4 5.2 Definitions 4 5.3 Recording 4

More information

TECHNICAL RELEASE TECH02/14FSF ASSURANCE REPORTS ON BENCHMARKS AND INDICES

TECHNICAL RELEASE TECH02/14FSF ASSURANCE REPORTS ON BENCHMARKS AND INDICES TECHNICAL RELEASE TECH02/14FSF ASSURANCE REPORTS ON BENCHMARKS AND INDICES ABOUT ICAEW ICAEW is a world leading professional membership organisation that promotes, develops and supports over 142,000 chartered

More information

Business Continuity Business Impact Analysis arrangements

Business Continuity Business Impact Analysis arrangements Aberdeen City Council Internal Audit Report 2012/2013 for Aberdeen City Council May 2013 Business Continuity Business Impact Analysis arrangements Final Report Contents Section Page 1. Executive Summary

More information

REVIEW OF THE FIREWALL ARRANGEMENTS

REVIEW OF THE FIREWALL ARRANGEMENTS WEST DORSET DISTRICT COUNCIL REVIEW OF THE FIREWALL ARRANGEMENTS Report issued: December 2007 The matters raised in this report are only those, which came to the attention of the auditor during the course

More information

Audit Quality Thematic Review

Audit Quality Thematic Review Thematic Review Professional discipline Financial Reporting Council 201 Audit Quality Thematic Review Firms audit quality monitoring The FRC is responsible for promoting high quality corporate governance

More information

LONDON BOROUGH OF WALTHAM FOREST

LONDON BOROUGH OF WALTHAM FOREST LONDON BOROUGH OF WALTHAM FOREST Meeting / Date Audit and Governance Committee 24 April 2013 Agenda Item Report Title Cabinet Portfolio Report Author/ Contact details Wards affected Public Access Public

More information

Cumbria Constabulary. Audit of Budget Management (Payroll)

Cumbria Constabulary. Audit of Budget Management (Payroll) Cumbria Constabulary Audit of Budget Management (Payroll) 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens), www.sjstudios.co.uk, Monument

More information

Allerdale Borough Council Internal Audit Charter

Allerdale Borough Council Internal Audit Charter Allerdale Borough Council Internal Audit Charter Appendix A Document prepared by Document reviewed by Document replaces Document approved by Document due for annual review Internal Audit Manager Date July

More information

Annual Governance Statement 2013/14

Annual Governance Statement 2013/14 31 Annual Governance Statement 2013/14 1. SCOPE OF RESPONSIBILITY ESPO is responsible for ensuring that its business is conducted in accordance with the law and proper standards, and that public money

More information

Report 6c. Final Internal Audit Report Network and Communications. April 2008

Report 6c. Final Internal Audit Report Network and Communications. April 2008 Report 6c Final Internal Audit Report Network and Communications April 2008 Contents Page Executive Summary 3 Observations and Recommendations 4 Appendix 2 - Staff Interviewed 14 Appendix 3 Benchmark Results

More information

IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS

IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS NOTTINGHAM CITY HOMES IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS Report issued: February 2011 Audit Plan: The matters raised in this report are only those that came to the attention of the auditor

More information

Good Practice Guide: the internal audit role in information assurance

Good Practice Guide: the internal audit role in information assurance Good Practice Guide: the internal audit role in information assurance Janaury 2010 Good Practice Guide: the internal audit role in information assurance January 2010 Official versions of this document

More information

POLICE AND CRIME PLANS

POLICE AND CRIME PLANS POLICE AND CRIME PLANS GUIDANCE AND PRACTICE ADVICE Version 2.0 Contents 1. Introduction 1 1.1 Police and Crime Plan Guidance 1 1.2 Statutory Framework 2 2. Strategic Planning 4 2.1 The Planning and Commissioning

More information

National Assembly for Wales Internal Audit Charter

National Assembly for Wales Internal Audit Charter National Assembly for Wales Internal Audit Charter Purpose 1.1 This charter is a high level statement of how internal audit will be delivered and developed and formally defines the purpose, authority and

More information

CHIEF INTERNAL AUDITOR S ANNUAL REPORT AND OPINION

CHIEF INTERNAL AUDITOR S ANNUAL REPORT AND OPINION CHIEF INTERNAL AUDITOR S ANNUAL REPORT AND OPINION 2012-2013 Neil Pitman Chief Internal Auditor 24 June 2013 1. INTERNAL CONTROL AND THE ROLE OF INTERNAL AUDIT 1.1. Under the Accounts and Audit (England)

More information

The Annual Audit Letter for West Mercia Police and Crime Commissioner and Chief Constable

The Annual Audit Letter for West Mercia Police and Crime Commissioner and Chief Constable The Annual Audit Letter for West Mercia Police and Crime Commissioner and Chief Constable Year ended 31 March 2015 October 2015 John Gregory Director and Engagement Lead T +44 (0)121 232 5333 E john.gregory@uk.gt.com

More information

Internal audit report Information Security / Data Protection review

Internal audit report Information Security / Data Protection review Audit Committee 29 September 2011 Internal audit report Information Security / Data Protection review Executive summary and recommendations Introduction Mazars have undertaken a review of Information Security

More information

Internal Audit at the University of Cambridge.

Internal Audit at the University of Cambridge. Internal Audit at the University of Cambridge. Contents Introduction to Deloitte 1 Our team 2 What is Internal Audit? 4 Our approach to Internal Audit 5 Authority and reporting lines 7 Planning 8 Ad Hoc

More information

Audit Committee 29 September Internal audit report Payroll. Executive summary and recommendations. Introduction

Audit Committee 29 September Internal audit report Payroll. Executive summary and recommendations. Introduction Audit Committee 29 Internal audit report Payroll Executive summary and recommendations Introduction Mazars have undertaken a review of Payroll, in accordance with the internal audit plan agreed by the

More information

Gravesham Borough Council

Gravesham Borough Council Classification: Public Key Decision: No Gravesham Borough Council Report to: Finance & Audit Committee Date: 16 July 2013 Reporting officer: Subject: Service Manager (Audit & Performance) Self-assessment

More information

Brighton and Sussex University Hospital NHS Trust

Brighton and Sussex University Hospital NHS Trust Brighton and Sussex University Hospital NHS Trust Year Ending 31 March 2013 Annual Audit Letter July 2013 Ernst & Young LLP Executive summary Ernst & Young LLP 1 More London Place London SE1 2AF Tel: +44

More information

The report rated this area Substantial Assurance and made 2 housekeeping recommendations.

The report rated this area Substantial Assurance and made 2 housekeeping recommendations. Audit Committee 21 June 2012 Internal audit report Risk Management review Executive summary and recommendations Introduction Mazars have undertaken a review of Risk Management, in accordance with the internal

More information

RISK MANAGEMENT STRATEGY

RISK MANAGEMENT STRATEGY RISK MANAGEMENT STRATEGY 1 Introduction The purpose of this document is to outline a which facilitates the effective recognition and management of risks facing the University. The Combined Code on Corporate

More information

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT 9.7 Date of the meeting 15/07/2015 Author Sponsoring Clinician Purpose of Report Recommendation J Green - Head

More information

INTERNAL AUDIT 2008/09 INFORMATION TECHNOLOGY (BUSINESS CONTINUITY)

INTERNAL AUDIT 2008/09 INFORMATION TECHNOLOGY (BUSINESS CONTINUITY) 2008/09 SUMMARY Location Subject Business Sponsor Staff engaged Coleg Gwent Information Technology (Business Continuity) Lynda Roberts Sue Harris Head of Internal Audit Gaynor Rains Manager David Bratt

More information

Confident in our Future, Risk Management Policy Statement and Strategy

Confident in our Future, Risk Management Policy Statement and Strategy Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents

More information

PROJECT MANAGEMENT PLAN Outline VERSION 0.0 STATUS: OUTLINE DATE:

PROJECT MANAGEMENT PLAN Outline VERSION 0.0 STATUS: OUTLINE DATE: PROJECT MANAGEMENT PLAN Outline VERSION 0.0 STATUS: OUTLINE DATE: Project Name Project Management Plan Document Information Document Title Version Author Owner Project Management Plan Amendment History

More information

Huntingdonshire District Council Data Quality Audit Report 2006/07. March 2008

Huntingdonshire District Council Data Quality Audit Report 2006/07. March 2008 Huntingdonshire District Council Data Quality Audit Report 2006/07 March 2008 Corporate Governance Panel Huntingdonshire District Council Pathfinder House St Mary's Street Huntingdon Cambridgeshire PE29

More information

READING BOROUGH COUNCIL HEAD OF FINANCE DATE: 8 JULY 2015 AGENDA ITEM: 5 AUDIT & INVESTIGATIONS QUARTERLY PROGRESS REPORT

READING BOROUGH COUNCIL HEAD OF FINANCE DATE: 8 JULY 2015 AGENDA ITEM: 5 AUDIT & INVESTIGATIONS QUARTERLY PROGRESS REPORT READING BOROUGH COUNCIL HEAD OF FINANCE TO: AUDIT & GOVERNANCE COMMITTEE DATE: 8 JULY 2015 AGENDA ITEM: 5 TITLE: AUDIT & INVESTIGATIONS QUARTERLY PROGRESS REPORT LEAD COUNCILLOR: COUNCILLOR STEVENS PORTFOLIO:

More information

Information Commissioner's Office

Information Commissioner's Office Information Commissioner's Office IT Procurement Review Ian Falconer Partner T: 0161 953 6480 E: ian.falconer@uk.gt.com Last updated 18 June 2012 Will Simpson Senior Manager T: 0161 953 6486 E: will.g.simpson@uk.gt.com

More information

Oxford City Council Managing Capital Projects

Oxford City Council Managing Capital Projects www.pwc.co.uk Internal Audit Report 2014/2015 August 2015 Oxford City Council Managing Capital Projects Table of Contents 1. Executive Summary... 3 2. Background and scope... 5 3. Detailed findings...

More information

TORFAEN COUNTY BOROUGH COUNCIL: CODE OF CORPORATE GOVERNANCE

TORFAEN COUNTY BOROUGH COUNCIL: CODE OF CORPORATE GOVERNANCE Introduction 1. This Code sets out Torfaen County Borough Council s approach to achieving and maintaining good corporate governance. It follows guidance produced by the Chartered Institute of Public Finance

More information

Performance Detailed Report. May 2008. Review of Performance Management. Norwich City Council. Audit 2007/08

Performance Detailed Report. May 2008. Review of Performance Management. Norwich City Council. Audit 2007/08 Performance Detailed Report May 2008 Review of Performance Management Audit 2007/08 External audit is an essential element in the process of accountability for public money and makes an important contribution

More information

Following up recommendations/management actions

Following up recommendations/management actions 09 May 2016 Following up recommendations/management actions Chartered Institute of Internal Auditors At the conclusion of an audit, findings and proposed recommendations are discussed with management and

More information

Internal Audit Strategic and Annual Plans 2015/16

Internal Audit Strategic and Annual Plans 2015/16 Internal Audit Strategic and Annual Plans 2015/16 Financial Scrutiny and Audit Committee 10 February 2015 Agenda Item No 8 Summary: This report provides an overview of the stages followed prior to the

More information

RISK MANAGEMENT STANDARD OPERATING PROCEDURE (SOP)

RISK MANAGEMENT STANDARD OPERATING PROCEDURE (SOP) RISK MANAGEMENT STANDARD OPERATING PROCEDURE (SOP) STANDARD OPERATING PROCEDURE REFERENCE SOP/220/10 PROTECTIVE MARKING PORTFOLIO Finance and Corporate Services OWNER Director of Finance and Corporate

More information

Annual Governance Statement

Annual Governance Statement Annual Governance Statement 2014/15 1 Fareham Borough Council Civic Offices, Civic Way, Fareham PO16 7AZ Scope of Responsibility Fareham Borough Council is responsible for ensuring that its business is

More information

APRIL 2015 ARE YOU READY FOR THE SENIOR MANAGERS AND CERTIFICATION REGIME?

APRIL 2015 ARE YOU READY FOR THE SENIOR MANAGERS AND CERTIFICATION REGIME? APRIL 2015 ARE YOU READY FOR THE SENIOR MANAGERS AND CERTIFICATION REGIME? Page 2 SECTION 1 INTRODUCTION In July 2014 the PRA and FCA published a joint consultation paper titled, Strengthening accountability

More information

TRANSPORT FOR LONDON AUDIT COMMITTEE

TRANSPORT FOR LONDON AUDIT COMMITTEE AGENDA ITEM 6 TRANSPORT FOR LONDON AUDIT COMMITTEE SUBJECT: DATA QUALITY REVIEW 2007/08 DATE: 25 NOVEMBER 2008 1 PURPOSE AND DECISION REQUIRED 1.1 As part of its assessments of TfL, the Audit Commission

More information