LONDON BOROUGH OF WALTHAM FOREST

Transcription

1 LONDON BOROUGH OF WALTHAM FOREST Meeting / Date Audit and Governance Committee 24 April 2013 Agenda Item Report Title Cabinet Portfolio Report Author/ Contact details Wards affected Public Access Public Sector Internal Audit Standards Finance Ray Gard, Assistant Director of Finance - Audit, Fraud and Risk Tel ;- ray.gard@walthamforest.gov.uk None specifically OPEN 1. SUMMARY 1.1 This report sets out to inform members of the Audit and Governance Committee of the requirements of the Public Sector Internal Audit Standards (PSIAS) and outlines what the Council is required to implement during 2013/13 to ensure its Internal Audit Service conforms to the new Standards. The PSIAS replace the Code of Practice for Internal Audit in Local Government (2006) and came into effect on 1 st April In local government, the PSIAS are mandatory for all principal local authorities and other relevant bodies subject to the Accounts and Audit (England) Regulations 2011 and apply to all internal audit services whether they are provided in-house, through shared services or a consortium, or by an outsourced delivery partner. 1.2 Overall, it appears that most of the content within the PSIAS looks to be a continuation of existing best practice, much of which was already enshrined in the CIPFA Code of Practice. There are some changes to terminology that have either already been incorporated into internal audit processes or will be during the course of 2013/14. There are also some requirements, which are set out in the body of the report, that will impact on the Terms of Reference for the Audit and Governance Committee and consideration will need to be given around how these are addressed. 2. RECOMMENDATIONS 2.1 The members of the Audit and Governance Committee are recommended to note the contents of this report.

2 3. BACKGROUND 3.1 A professional, independent and objective internal audit service is one of the key elements of good governance, as recognised throughout the UK Public Sector. Prior to the 31 st March 2013, each area of the public sector (local government, central government, national health service, etc) has operated to its own internal audit standards. Internal Audit in the local government sector has operated in accordance with the Chartered Institute of Public Finance & Accountancy (CIPFA) Code of Practice for Internal Audit in Local Government in the UK (2006). 3.2 In May 2011, the CIPFA and the Chartered Institute of Internal Auditors (CIIA) agreed to collaborate in the development of the internal audit profession in the public sector. As a result, a set of national Public Sector Internal Audit Standards (PSIAS), based upon the mandatory elements of the global CIIA s International Professional Performance Framework and incorporating best practice from the varies public sectors, have been developed. 3.3 The purpose and objectives of the PSIAS are to:- Define the nature of internal auditing within the UK Public Sector; Set basic principles for carrying out internal audit in the UK Public Sector; Establish a framework for providing internal audit services, which add value to the organisation, leading to improved organisational processes and operations; and Establish the basis for the evaluation of internal audit performance and to drive improvement planning. 3.4 The PSIAS replace the Code of Practice for Internal Audit in Local Government (2006), the CIPFA Code of Practice, and came into effect on 1 st April For local government, the PSIAS are mandatory for all principal local authorities and other relevant bodies that are subject to the Accounts and Audit (England) Regulations 2011, and apply to all internal audit services whether they are provided in-house, through shared services or a consortium, or by an outsourced delivery partner. 3.5 During April 2013, CIPFA will be producing a Local Government Application note which will set out how and what local authorities will need to do to ensure they comply fully with the PSIAS. Following its release, the Assistant Director of Finance (Audit, Fraud and Risk) will consider this guidance, and will review the internal audit service against it to ensure compliance. Any gaps in processes that prevent full compliance will be identified and used to inform an improvement plan designed to address the issues and move the service to a position of full compliance; reporting any activity in this respect to a future Audit and Governance Committee. 3.6 A noticeable difference to the previous CIPFA Code of Practice is the look and feel of the new PSIAS. Individual standards are numbered with subsections, and the additional public sector requirements and interpretations are displayed in

3 separate additional boxes. This allows for amendments without disturbing the flow of the standards. 3.7 Terminology used in the PSIAS is also different, for example they use the term chief audit executive, the description used internationally, rather than the head of internal audit or chief internal auditor, terms that are more common in the UK public sector. 3.8 The new Standards are intended to promote further improvement in the professionalism, quality and effectiveness of internal audit across both the public and private sectors. They reaffirm the importance of robust, objective and independent internal audit arrangements to provide Chief Finance Officers (the Section 151 Officer) and the organisation s Leadership Team with the key assurances they need to support them in managing the Council and producing the annual governance statement. 3.9 Overall, it appears that most of the content within the Standards looks to be a continuation of existing best practice, much of which was already enshrined in the CIPFA Code of Practice. Listed below are some key points for consideration by the Audit and Governance Committee As mentioned above, the Scope of the PSIAS applies to all internal audit services whether they are provided in-house, through shared services or a consortium, or by an outsourced delivery partner. They emphasise that the provision of assurance is the primary objective of internal audit. The Assistant Director of Finance (Audit, Fraud and Risk) is required to give an annual internal audit opinion based on an objective assessment of the framework of governance, risk management and internal control All Internal Auditors in United Kingdom public sector organisations are required to conform to the Code of Ethics of both the CIIA and those of their own professional organisation. This is not a new requirement and will not be an issue for Waltham Forest as the Assistant Director of Finance (Audit, Fraud and Risk) already complies with the code of ethics for the CIIA and the Chartered Association of Certified Accountants. The internal auditors provided to the Council from its delivery partner, the London Audit and Anti-Fraud Partnership, already operate this requirement There is a requirement that the purpose, authority and responsibility of the internal audit activity is formally defined in an internal audit charter, along with the nature of consulting services and the terms board, chief audit executive and senior management. The charter will also cover arrangements for avoiding conflicts of interest if internal audit carries out any non-audit activities which are subject to regular review, and there is a requirement for the Assistant Director of Finance (Audit, Fraud and Risk) to confirm annually to the appropriate part of the organisation the organisational independence of the internal audit activity. Whilst the term internal audit charter is not well known within local government, the Council s internal audit service has always produced a terms of reference which is similar to this. An Internal Audit Charter has been produced and included in the Internal Audit Plan 2013/14 report that is also on the agenda for this meeting of the Audit and Governance Committee.

4 3.9.4 There is no longer a requirement to produce an internal audit strategy, instead a risk based internal audit plan must incorporate, or be linked to, a strategic or high level statement which sets out how the internal audit service will be provided and developed in accordance with the charter, and how it will link to the Council s objectives and priorities. An initial Strategic Statement on Internal Audit, based on the previous Internal Audit Strategy, has already been produced and included in the Internal Audit Plan 2013/14 report that is on the agenda for this meeting of the Audit and Governance Committee The quality of the internal audit services will also need to be rigorously checked under the quality assurance and improvement programme (QA&IP), which must include both internal and external assessments. The QA&IP requires on going internal assessments of all aspects of internal activity, as well as an external assessment at least once every five years. The external assessment must be undertaken by a suitably qualified, experienced and independent person. Whilst the means of achieving this still needs to be determined, the favoured solution for London based local authorities appears to be for these external assessments to be undertaken on a peer review basis in a scheme that will be established and administered by either the Society of London Treasurers or the London Audit Group. The QA&IP is designed to assess the efficiency and effectiveness of internal audit, as well as identifying opportunities for improvement. The Assistant Director of Finance (Audit, Fraud and Risk) will present the results of the selfassessments and the external assessments to the Audit and Governance Committee, and as already happens include a statement on the results of the QA&IP in an annual report The PSIAS also sets out specific functions for the board, which in Waltham Forest s case the board is deemed to be the Audit and Governance Committee. The PSIAS also requires the chief audit executive must report functionally to the board, and must also establish effective communication with, and have free and unfettered access to, the Chief Executive and the Chair of the Audit and Governance Committee ( board ), the majority of which are already in place. Examples of functional reporting to the board involve the Audit and Governance Committee: Approving the internal audit charter; Approving the risk based internal audit plan; Approving the internal audit budget and resource plan (#); Receiving communications from the chief audit executive on internal audit s activity performance relative to its plan, and other matters; Making appropriate enquiries of management and the chief audit executive to determine whether there is inappropriate scope to the plan or individual audits, or resource limitations; Approving decisions regarding the appointment and removal of the chief audit executive (#) and Approving the remuneration of the chief audit executive (#).

5 3.9.7 The PSIAS states that these functions should be within the control of the Board, however those marked with # are not currently included in the Terms of Reference for the Audit and Governance Committee. Discussions will therefore need to take place between the Committee, the Chief Executive, the Director of Finance and Procurement, and the Head of Legal and Democratic Services regarding variations to the terms of reference for the committee to incorporate these functions In order to assist the Audit and Governance Committee in ensuring that due consideration has been given by the Committee to all aspects of their core functions, a copy of the Public Sector Internal Audit Standards is attached to this report at Appendix A 3.11 Conclusions Implementation of these standards is not expected to involve considerable work; however; some minor revision to the Internal Audit Terms of Reference and the formulation of an Internal Audit Charter, and the conversion of the Internal Audit Strategy into a Strategic Statement on Internal Audit, have already been undertaken. Implementation of the quality assurance and improvement programme should also be achievable with minimal additional work and cost as Internal audit has always undertaken a self-assessment process against the CIPFA code of Practice and participated in a local voluntary peer review programme with other East London local authority internal audit functions. With regards to amending the Terms of Reference for the Audit and Governance Committee, consideration will need to be given to revising these to incorporate the additional functionality set out in paragraph above 4. SUSTAINABLE COMMUNITY STRATEGY PRIORITIES (AND OTHER NATIONAL OR LOCAL POLICIES OR STRATEGIES) The work of the Audit, Fraud and Risk division supports the Council to achieve its Sustainable Community Strategy Priories by assisting it to effectively manage and control its financial and other resources, and reduce crime within the Borough. 5. CONSULTATION Consultation was not required as this is an information report and does not require a decision by the Council. 6. IMPLICATIONS 6.1 Finance and Risk Ensuring that our systems help in the most appropriate use of resources is a key part of the Council s improvement strategy. The work undertaken by the Audit, Fraud and Risk Division can highlight financial malpractice, prevent fraud and inefficiency, and improve the Council s internal control system.

6 6.2 Legal The application of the Public Sector Internal Audit Standards is mandatory and will form part of the Council s governance arrangements and assists in building up the Annual Governance Statement, which will form part of the annual accounts under The Accounts and Audit Regulations (2011). 6.3 Equalities and Diversity There are no specific equality or diversity issues arising from this report. 6.4 Sustainability (including climate change, health, crime and disorder) There are no specific climate change issues arising from this report The Audit, Fraud and Risk Division base their work on the results of risk assessment and regularly monitor the risk management of the Council and its services. By encouraging and checking on risk, it is hoped that the organisation will better manage the risks associated with health within its services to vulnerable persons in the Borough The Audit, Fraud and Risk Division contribute to the Council s priority to reduce crime within the borough by investigating allegations of fraud and corruption against the Authority, both from within the organisation and from external third parties, and ensuring that the Council has robust policies and procedures in place to tackle fraud and corruption, including money laundering. 6.5 Council Infrastructure (e.g. Human Resources, Accommodation or IT issues) There are no specific Human Resources, accommodation or IT issues arising from this report. 7. APPENDICES Appendix A Public Sector Internal Audit Standards; 8. BACKGROUND INFORMATION (as defined by Local Government (Access to Information) Act 1985) Apart from the Public Sector Internal Audit Standards which are attached as an appendix to this report there are no other background papers