Cheshire Fire Authority

Transcription

1 Cheshire Fire Authority Internal Plan 2013/2014 Presented at the Cheshire Fire Authority meeting of: 17 April 2013 Lisa Randall Head of Internal

2 1 INTRODUCTION This document sets out the approach we have taken to develop your internal audit plan providing for 2013/ Role of Internal Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. (Definition of Internal : Institute of Internal ors) In line with the requirements of the International Standards, published by the Institute of Internal ors, we perform our internal audit work with a view to reviewing and evaluating the risk management, control and governance arrangements that the organisation has in place, focusing in particular on how these arrangements help Cheshire Fire Authority to achieve its objectives. The resultant Head of Internal Opinion may also be used by the Fire Authority to support its Annual Governance Statement. This is achieved through a risk-based plan of work, agreed with management and approved by Cheshire Fire Authority. 2 DEVELOPING THE INTERNAL AUDIT PLAN 2.1 Issues influencing Internal coverage The Fire Authority s objectives are the starting point in the development of our plan for delivery of internal audit services. We have also considered our previous work and findings on your Risk processes and consider that we can place reliance on your Risk framework to inform the internal audit plan. Potential issues that may affect the organisation were used to focus our conversations along with the Authority s assurance priorities with on where our work would be most effective. In preparing your detailed plan for 2013/14 we met with the Corporate Intelligence Unit Manager and the Head of Planning, Performance and Communications. The detailed plan for 2013/14 is set out at Appendix A. As well as assignments designed to provide assurance or advisory input, the plan includes: Follow-up allocation, which will be utilised to assess the degree of implementation achieved in relation to recommendations agreed by management during the prior and current financial year and will serve to inform the adequacy of the organisation s own recommendation tracking process; and An audit management allocation used at Partner, Senior Manager and Assistant Manager level for quality control, client and External liaison and for preparation for and attendance at Performance and Overview Committee and Policy Committee meetings. 2.2 Working with other assurance providers We intend to meet with the External or to confirm the scope of the work in the areas of financial control to ensure they can continue to place their planned level of reliance on our work for 2013/2014. Cheshire Fire Authority is reminded that internal audit is only one source of assurance and through the delivery of our plan we will not, and do not, seek to cover all risks and processes at Cheshire Fire Authority. We will however seek to work closely with other assurance providers, such as External to ensure that duplication is minimised and a suitable breadth of assurance obtained. 1

3 3 INTERNAL AUDIT RESOURCES 3.1 Your Internal Team Your internal audit team remains as Lisa Randall, Head of Internal and Shauna Mallinson as your Senior Manager, supported by Jude Bickerton, Assistant Manager. We are not aware of any relationships that may affect the independence and objectivity of the team, and which are required to be disclosed under auditing standards. 3.2 Internal Fees The fee for your internal audit service for 2013/14 is 31,399 for the core 91 internal audit days. The four unused contingency days carried forward from the 2012/13 plan have been allocated to the National Fraud Initiative (NFI) work. 4 CONSIDERATIONS FOR THE AUDIT COMMITTEE Does the detailed Internal Plan for 2013/14 (as set out at Appendix A) cover the organisation s key risks as they are recognised by Cheshire Fire Authority? Does the detailed Internal Plan for 2013/14 reflect the areas that Cheshire Fire Authority believes should be covered as priority? Is Cheshire Fire Authority satisfied that sufficient assurances are being received by the Fire Authority to monitor the organisation s risk profile effectively, including any emerging issues / key risks not included in our 2013/14 plan? 2

4 APPENDIX A: INTERNAL AUDIT PLAN 2013/2014 Internal Coverage Internal Approach Days Proposed Timing Target Performance & Overview Committee and Advisory Work Risk We will assess the effectiveness of Risk arrangements by reviewing the quality of risks recorded in the Cheshire Planning System and suggest improvements to aid compliance with the Risk Framework. Systematic 8 Q1 July 2013 Attendance at the Risk Board twice a year (1/2 day for each meeting). Governance This review will assess the assurance framework and reporting arrangements in light of new requirements under the National Framework. Systematic 7 Q4 February 2014 Organisational Transformation To provide support on aspects of the Authority s change programme, such as the Emergency Response Review and Value for Money reviews. The scope and approach will be determined as required. Advisory 10 As required As allocation is used throughout the year Community Safety This review will focus on compliance with data sharing protocols with other organisations, including testing of the associated data security arrangements. 5 Q3 February 2014 Asset This review will focus on the Service s arrangements for asset tracking and equipment test records, including scanning, tagging and tracking of assets 5 Q4 February 2014 Staffing System We will consider the arrangements for the new Staffing System following the proposed implementation from April Our review will include how the new system feeds into payroll. 5 Q2 October

5 Internal Coverage Internal Approach National Fraud Initiative (NFI) Compliance Information Systems Project Framework Financial Controls Key Financial Controls To review the results of the National Fraud Initiative (NFI) outcomes 2012/13. In light of the Airwave Code of Connection, the Head of ICT has requested an audit of security of Mobile Data Terminal (MDTs) and physical security of buildings where ICT assets are located. Leading on from our review during 2012/13, which considered the robustness of the Project Framework methodology, we will test compliance with the Authority s guidance. Other Internal Coverage Follow Up External audit place reliance on testing undertaken by internal audit. Key controls and areas to be tested will be agreed with External prior to the commencement of fieldwork. Areas could include: Payments to staff feeder systems; Financial accounting system; and Accounts payable. To meet internal auditing standards and to provide management with ongoing assurance regarding implementation of recommendations. This will include: Annual planning; Preparation for, and attendance at, Policy Committee and Performance and Overview Committee meetings; Regular liaison and progress updates; Liaison with external auditl Preparation of the annual internal audit opinion. Systematic Compliance Compliance Follow up review Days Total 95 Proposed Timing Target Performance & Overview Committee 10 Q1 July Q2 October Q1 October Q3 February Q3 February Ongoing As used 4

6 Whilst every care has been taken to ensure that the information provided in this report is as accurate as possible, based on the information provided and documentation reviewed, no complete guarantee or warranty can be given with regard to the advice and information contained herein. Our work does not provide absolute assurance that material errors, loss or fraud do not exist. This report, together with any attachments, is provided pursuant to the terms of our engagement. The use of the report is solely for internal purposes by Cheshire Fire Authority and, pursuant to the terms of the engagement, it should not be copied or disclosed to any third party or otherwise quoted or referred to, in whole in part, without our written consent. No responsibility to any third party is accepted as the report has not been prepared, and is not intended for any other purpose RSM Tenon Limited The term "partner" is a title for senior employees, none of whom provide any services on their own behalf. RSM Tenon Limited is a subsidiary of RSM Tenon Group PLC. RSM Tenon Group PLC is an independent member of the RSM International network. The RSM International network is a network of independent accounting and consulting firms each of which practices in its own right. RSM International is the brand used by the network which is not itself a separate legal entity in any jurisdiction. RSM Tenon Limited (No ) is registered in England and Wales. Registered Office 66 Chiltern Street, London W1U 4GB. England 5