Internal Audit Annual Report 2010/11. Blackburn College August 2011

Transcription

1 Internal Audit Annual Report 2010/11 Blackburn College August 2011

2 Contents The contacts at KPMG in connection with this report are: Emma Casson Head of Internal Audit Tel: Helen Knowles Manager Tel: Page Section one: Executive summary 2 Section two: Assurance and opinion 3 Section three: Outcomes 5 Section four: Implementation of prior year recommendations Section five: Performance of Internal Audit 7 Appendices 1. Summary of review outcomes 11 6 This report is provided pursuant to the terms of our Internal Audit engagement letter, dated 27 July 2007 with Blackburn College. The report is intended solely for internal purposes by the management of the College and should not be used by or distributed to others, under the Freedom of Information Act 2000 or otherwise, without our prior written consent. To the fullest extent permitted by law, KPMG LLP does not assume any responsibility and will not accept any liability in respect of this Report to any party other than the beneficiaries. 1

3 Section one Executive summary Opinion Assurance Outcomes Implementation of prior year recommendations Performance of Internal Audit In our opinion Blackburn College has adequate and effective risk management, control and governance processes in place to manage the achievement of its objectives. During the year ended 31 July 2011 we have performed nine reviews, plus a follow up review. We were able to place reliance on the operation of all the systems reviewed. We are satisfied that sufficient Internal Audit Work has been undertaken to allow us to draw a reasonable conclusion as to the adequacy and effectiveness of the College s risk management, control and governance processes. Of the nine reviews performed in the year, two reports received satisfactory ratings and seven reports received good ratings. No high priority, two medium priority and seven low priority recommendations were made. In addition, five performance improvement observations were made. The audit days allocated to risk management were used to deliver a risk management workshop to members of the Audit Committee and Risk Management group. We delivered 55 days against a plan of 55 days. There were 15 recommendations outstanding from previous years. Of these 11 recommendations have been fully implemented, one is in the process of implementation, one is no longer applicable, and two have not yet been implemented. There are no high priority recommendations outstanding. In our opinion, 12 of the 13 agreed Internal Audit performance indicators have been achieved. Further detail is included in Section five. 2

4 Section two Assurance and opinion Introduction KPMG LLP have provided the Internal Audit Service to the College for the year ended 31 July This work was carried out in accordance with the Internal Audit Plan, approved by the Governing Body and was designed to allow us to make a statement on the adequacy and effectiveness of the College s risk management, control and governance processes. Operational assurance In the year we have performed nine reviews and were able to place reliance on the operation of all the systems reviewed. In accordance with the Joint Audit Code of Practice, we have concluded that the College has adequate controls in respect of the systems reviewed, over its policies, procedures and operations for the achievement of the following areas: establish and monitor the achievement of the College objectives; identify, assess and manage the risks to achieving the College s objectives; advise on, formulate and evaluate policy within the responsibilities of the Principal as Accounting Officer; ensure economical and efficient use of resources; ensure compliance with the College s policies, procedures, laws and regulations; safeguard the College s assets and interests from losses of all kinds, including those from fraud, irregularity and corruption; ensure the integrity and reliability of information, accounts and data including internal and external reporting and accounting processes. 3

5 Section two Assurance and opinion (cont.) Overall assurance As Internal Auditors, we are required to provide the Governing Body and the Principal with assurance on the College s risk management, control and governance processes. In giving this opinion, it should be noted that assurance can never be absolute and therefore, only reasonable assurance can be provided that there are no major weaknesses in these processes. In assessing the level of assurance to be given, we based our opinion on: all audits undertaken during the year; any follow-up action taken in respect of audits from previous periods; any significant recommendations not accepted by management and the consequent risks; the effects of any significant changes in the College s objectives or systems; matters arising from previous reports to the Governing Body; any limitations which may have been placed on the scope of the Internal Audit; the extent to which resource constraints may impinge on the head of the Internal Audit Service s ability to meet the full audit needs of the College; what proportion of the College s audit need has been covered to date; and the outcomes of the Internal Audit Service s quality assurance processes. Opinion We are satisfied that sufficient Internal Audit Work has been undertaken to allow us to draw a reasonable conclusion as to the adequacy and effectiveness of the College s risk management, control and governance processes. In our opinion Blackburn College has adequate and effective risk management, control and governance processes in place to manage the achievement of its objectives. 4

6 Section three Outcomes Planned coverage and output The Governing Body agreed to an input of 55 days as detailed in the annual Internal Audit Plan. All the reviews were delivered according to the planned days. Summary of review outcomes The outcomes for each review undertaken in the year are included in the table at Appendix 1. We have summarised the overall rating provided on each review, the number of recommendations we made at each priority level, the number of performance improvement observations made and the number of days used against the plan. Acknowledgement We would like to take this opportunity to thank all those staff throughout the College with whom we have made contact in the year. Our relationship has been positive and management were responsive to the comments we made both informally and through our formal reporting. 5

7 Section four Implementation of prior year recommendations There were 15 outstanding recommendations from our reviews undertaken in 2009/10 and prior years which we have followed up as part of the planned audit work for 2010/11. A summary of the findings from our follow-up work is provided below. As illustrated, 11 of the outstanding recommendations have been fully implemented, one is in the process of implementation, one is no longer applicable and two have not yet been implemented. The two recommendations not yet implemented relate to: The postponement of consultation on Job Evaluation due to the current redundancy exercise and financial climate; and The development of a review and reporting process for progress against the marketing strategy. Full details of the follow up findings are included in our follow up report. Number of recommendations Fully implemented Partially implemented Not implemented No longer applicable Deadline not yet reached High Priority Medium Priority Low Priority 6

8 Section five Performance of Internal Audit Compliance with standards KPMG operates a quality assurance programme for all its Internal Audits. This programme is designed to ensure that various aspects of the Internal Audit Service are independently reviewed for each client at least once during the period of the engagement. The elements of quality review are engagement setup, planning, engagement delivery and reporting. Based upon our ongoing assignment and client review process, together with the results of any quality assurance inspections, we believe that the Internal Audit Service has complied with both Government Internal Audit Standards and the Audit Code of Practice. Performance indicators In addition to our quality procedures we agreed 13 performance indicators with the Audit Committee to assess the performance of Internal Audit. Details of how we have performed against each of the indicators are shown below: Performance indicator Achieved Provision of service 1 The cost of the Internal Audit Service for delivery against this plan will be contained within the price agreed with the College. 2 At least 50% percent of the work undertaken will be by qualified, experienced personnel who have undertaken Internal Audit Work previously at the College. 3 The planned and actual outturn for the time employed on the audit of each system will not be greater than that within the annual plan, unless previously agreed with the College. The agreed fee for the year was 29,975. Our total fee for the year was 29, % of the work undertaken was by fully qualified personnel with experience of delivering Internal Audit Work at the College. The remaining days were delivered by fully qualified and partqualified personnel who have experience of both the FE sector and Internal Audit. All the audit reviews were delivered within the timescale indicated in the audit plan. 7

9 Section five Performance of Internal Audit (cont.) Performance indicator Achieved Planning 4 We will submit our Internal Audit Strategy and Annual Plan to the Audit Committee in time for agreement by the Governing Body at the start of the year to which they relate, and in any event, before the commencement of work. 5 We will ensure that regulatory body guidance on the performance of assignments, agreement of scopes and timing of each assignment is taken into account when planning the Internal Audit Work. The Internal Audit Strategy and Annual Plan was submitted to the Audit Committee in September 2010 and was agreed by the Governing Body prior to the commencement of our first reviews in November Our work has been planned and delivered in accordance with regulatory guidance. Approach 6 We will discuss with management any relevant issues that may impact on our work prior to commencement of the audit. 7 We will agree with management the systems and control objectives of each Internal Audit scope prior to the commencement of our work. We have met with appropriate management prior to the start of audit work, including the Director of Resources and Estates, Director of Finance and the Student Records and Registry Manager. We agreed with appropriate management the systems and control objectives of each Internal Audit scope prior to the commencement of our work. 8

10 Section five Performance of Internal Audit (cont.) Performance indicator Achieved Reporting 8 We will complete every assignment in the annual plan, subject to variations agreed by the Audit Committee and, if appropriate, the Head of Internal Audit. 9 We will fulfil 100% of the scope and objectives of each assignment in the annual plan. 10 We will issue our draft Internal Audit Report for each review within two weeks of the work completing and issue our final draft within two weeks following the receipt of management responses. 11 We will complete an annual audit report which will be issued in draft, in August of each year. We completed all assignments as per the annual plan. Our audit work was carried out in accordance with the scope and objectives of each assignment. These were agreed in advance with the Director of Resources and Estates. Not all our draft Internal Audit Reports were issued within two weeks of completion of the fieldwork, however all our final Internal Audit Reports were issued within two weeks of receipt of management responses. We have completed the annual audit report which has been issued in draft to management for approval in August Relationships 12 The Head of Internal Audit, Audit Manager or Audit Assistant Manager will attend all Audit Committees. 13 We will maintain effective communication with management at the College throughout the year. The Head of Internal Audit or Audit Manager have all attended Audit Committees held during the year. Communications have been maintained at various levels throughout the year. 9

11 Appendix 1 Summary of review outcomes

12 Appendix 1 Summary of review outcomes Review Report opinion rating Recommendations made High Medium Low Performance improvement observations made Days planned Days used Mandatory annual reviews Risk management (a) n/a n/a n/a n/a n/a 4 4 Corporate governance Good Financial planning and budgetary control Financial forecasting Good Personnel and payroll Payroll Satisfactory Management of provision and other income streams Commercial activity Good HE Good Estates management/capital projects Estates management/capital projects Good Note: (a) The Risk Management days were delivered in the form of a risk management workshop for members of the Risk Management Group and Audit Committee. 11

13 Appendix 1 Summary of review outcomes (cont.) Review Report opinion rating Recommendations made High Medium Low Performance improvement observations made Days planned Days used Student information systems Student information systems Good Quality Quality assurance Good Overseas activity Overseas activity Satisfactory Other reviews Follow up n/a n/a n/a n/a Management Management n/a n/a n/a n/a n/a 8 8 Total

14 2011 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. This document is confidential and its circulation and use are restricted. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative, a Swiss entity. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International Cooperative (KPMG International).