Internal audit service protocol



Similar documents
The University s responsibilities and its arrangements for internal audit Internal audit protocol 2014/15 to 2016/17

LSE Internal Audit procedures (to be read in conjunction with the attached flowchart)

Auditing data protection a guide to ICO data protection audits

Data Quality Policy. Appendix A. 1. Why do we need a Data Quality Policy? Scope of this Policy Principles of data quality...

Internal Audit at the University of Cambridge.

Cumbria Constabulary. Business Continuity Planning

GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES

INTERNAL QUALITY AUDITS

1.1 Terms of Reference Y P N Comments/Areas for Improvement

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT ACCOUNTING SYSTEM AND GENERAL LEDGER

Internal Audit (policy & procedure)

Standard operating procedure

Appendix C Accountant in Bankruptcy. Annual report on the 2013/14 audit

Dacorum Borough Council Final Internal Audit Report

States of Jersey Comptroller & Auditor General

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT IT Backup, Recovery and Disaster Recovery Planning

Audit, Risk and Compliance Committee Charter

Internal Audit Annual Report 2011/12

Smart Meters Programme Schedule 2.5. (Security Management Plan) (CSP South version)

Audit of Business Continuity Planning

Draft Service Level Agreement between ECDC and Contractor

Information Governance Framework

Internal Audit Quality Assessment Framework

Pursuant to Convention No. 108 of the Council of Europe for the protection of persons with regard to the automated processing of personal data;

Aberdeen City Council IT Security (Network and perimeter)

Appenidx 1a. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF HOUSING COMPLIANCE AUDIT PROGRAMME

QUAๆASSURANCE IN FINANCIAL AUDITING

2 Matters to report from internal audit work completed during the period

Welsh Government Response to the Report of the National Assembly for Wales Public Accounts Committee on Grant Management in Wales Final Report

Avon & Somerset Police Authority

Internal Audit. Final Report. Environment and Regeneration Services & Strategic Finance: Asset Management (Key Control Review) AUDITOR AUDIT MANAGER

SESSION 3 AUDIT PLANNING

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

Disability ACT. Policy Management Framework

Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory. Assurance Rating:

Request for feedback on the revised Code of Governance for NHS Foundation Trusts

Stakeholder management and. communication PROJECT ADVISORY. Leadership Series 3

Internal Audit Report Business Continuity Planning Arrangements

Data Quality Action Plan

An Approach to Records Management Audit

Procurement guidance Managing and monitoring suppliers performance

Audit and Risk Committee Charter. Knosys Limited ACN (Company)

7 Directorate Performance Managers. 7 Performance Reporting and Data Quality Officer. 8 Responsible Officers

AUSTRALIAN PRUDENTIAL REGULATION AUTHORITY SUPERANNUATION CIRCULAR NO III.A.6 WINDING-UP A SUPERANNUATION FUND

CITY OF VINCENT. Audit Completion Report to the Audit Committee For the Year Ended 30 June 2015

Compliance Plan. Contents

PROJECT MANAGEMENT FRAMEWORK

Compliance. Group Standard

Guideline for Professional Services Contractor Performance Reporting

Coleg Gwent Internal Audit Report 2012/13 Payroll and HR. Assurance Rating: Payroll

CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT

Information Commissioner's Office

Internal Audit Report Project Management

Aberdeen City Council. Performance Management Process. External Audit Report o: 2008/19

the role of the head of internal audit in public service organisations 2010

West Dunbartonshire Council. Follow-up data protection audit report

Audit Report for South Lakeland District Council. People and Places Directorate Neighbourhood Services. Audit of Grounds Maintenance

European Forum for Good Clinical Practice Audit Working Party

Appropriation Account Vote 18. Shared Services

Internal Audit Strategic and Annual Plans 2015/16

Aberdeen City Council IT Governance

Guideline on good pharmacovigilance practices (GVP)

Marie-Claire Rickard, GCP & Governance Manager Rachel Fay, GCP & Governance Manager Elizabeth Clough, R&D Operations Manager

FRAMEWORK FOR INSPECTIONS

How To Write A Risk Management Policy For The University Of Kerry

Internal Audit Monitoring Report. Audit Report status Assurance. Payroll Final Limited

Guide. Minister s Guide to Auditing for Building Surveyors. April 2014

i-control Holdings Limited 超 智 能 控 股 有 限 公 司 (incorporated in the Cayman Islands with limited liability) (the Company )

INTERNAL AUDIT AUDIT MANUAL

Assurance at Country Level: External Audit of Grant Recipients. Eastern Europe and Central Asia Regional Report. GF-OIG August 2013

Annual Audit Letter. Kettering General Hospital NHS Foundation Trust Audit 2010/11

Internal Audit Division

Certification Procedure of RSPO Supply Chain Audit

Benefits of conducting a Project Management Maturity Assessment with PM Academy:

University of Sunderland Business Assurance Information Security Policy

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES

Special Purpose Reports on the Effectiveness of Control Procedures

TERMS OF REFERENCE OF THE AUDIT COMMITTEE

DRAFT TEMPLATE FOR DISCUSSION CORPORATE GOVERNANCE COMPLIANCE STATEMENT

Appendix 1e. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA. Performance Management Framework

MAGENTA KEYLINE IS A CUTTER GUIDE, DO NOT PRINT. PLEASE SET TRAPPING THROUGHOUT

Sample audit report. "Your career as a project manager starts here!"

Transcription:

Internal audit service protocol Introduction This document sets out the process for reporting in accordance with the Operational Internal Audit Plan, which is approved by the Audit Committee annually. The University of Kent audit plan was approved by the Audit Committee on 28 September 2009. Audit assignments will be carried out in accordance with the subject areas set out in the Operational Internal Audit Plan. Any additional work will be carried out only with the approval of the University. This document considers the following: 1. The stages of an audit assignment 2. Planning 3. Fieldwork 4. Detailed reporting 5. Audit Committee reporting 6. Follow-up 7. Key performance indicators 8. Review of protocol The role of internal audit is defined in the HEFCE 2008 Accountability and Audit Code of Practice as to provide the governing body, the designated officer and other managers of the institution with assurance on the adequacy and effectiveness of risk management, control and governance arrangements. 1. The stages of an audit assignment The four key stages of a standard audit assignment can be summarised as follows: Planning discussions with management to understand the objectives of the process/system and identify the associated risks of failing to achieve those objectives; and agreement of Terms of Reference based upon the objectives and risks. Fieldwork detailed identification and documentation of process/system objectives and risks; identification, documentation and evaluation of the controls within the processes/systems to prevent identified risks from crystallising; preparation of the audit programme which details testing to be performed; and completion of audit tests, primarily compliance tests to determine whether prescribed controls are actually operating. Internal audit service protocol Page 1 28.10.2009

Reporting reporting weaknesses, the effect of those weaknesses and recommending corrective action; agreeing with management an action plan to address weaknesses; and communicating and discussing results of audit work with the Audit Committee. Follow-up follow-up to ensure agreed management action has taken place. 2. Planning Prior to an audit assignment commencing in any area, the Head of Internal Audit, or his/her representative, will discuss the planned review with the University audit sponsor and other appropriate managers to identify relevant current issues and any matters that may impact upon the audit. The audit sponsor will be identified as the manager responsible for the area under review. Each audit will also have an audit champion who will be the member of the Executive Group responsible for the area being audited. The Head of Internal Audit will issue Terms of Reference which set out the background, audit objectives, audit scope, timing of the audit, reporting arrangements and key staff involved in the audit, to the audit sponsor. The audit sponsor will be responsible for approving the terms of reference, attending the closure meeting and collating the management responses to the draft report. Depending upon the scope of the review concerned, the audit sponsor may also contribute in the fieldwork. The Terms of Reference are copied to the following: Nominated Internal Audit contact: Frank Richardson, Deputy Director of Finance The manager responsible for the area being audited the audit sponsor; The audit champion; and Other key Member institution staff involved in the audit. 3. Fieldwork KCG will seek always to work in collaboration with system operators and managers with the aim of using their knowledge of the system processes and the skills of the internal audit team to produce a practical report which adds value. On completion of fieldwork, a member of the audit team will discuss the audit findings with the audit sponsor in a closure meeting. This meeting seeks to confirm the accuracy of our findings, identify practical solutions to issues arising and enable the audit sponsor, where appropriate, to begin necessary corrective action at an early stage. Internal audit service protocol Page 2 28.10.2009

4. Detailed reporting Detailed audit assignment reporting will take place in two stages draft and final. A standard reporting template and three priority levels of recommendations will be used as described below. Draft A draft report will be issued to the audit sponsor for review and confirmation of factual accuracy within 10 working days of the closure meeting. The draft report will also be issued to the nominated internal audit contact Frank Richardson, and to the audit champion. On receipt of the draft report, the audit sponsor will be given 10 working days to discuss the findings with KCG and provide the Head of Internal Audit with a management response. The response to each recommendation should include: a clear acceptance or rejection of each observation and recommendation; if accepted, for each recommendation a responsible officer and proposed deadline for action should be given; where rejected, proposed alternative action, responsible officer and proposed deadline for action should be given or the reason for rejection should be provided. Final On receipt of the completed responses, the Head of Internal Audit will assess the management responses and will issue a final report within five working days. Responses will be assessed as follows: adequacy of the response in dealing with the audit observation being raised; and proposed action plan for implementation. The final report will be sent to the audit sponsor for implementation, and to other appropriate managers. The final report will also be issued to the nominated Internal Audit contact, the audit champion and the Vice-Chancellor. Priority ratings Each audit finding will generate an audit recommendation. These recommendations will be prioritised in accordance with the following criteria: Priority ratings: Priority 1 Observations refer to issues that are fundamental to the system of internal control. We believe that these issues have caused or will cause a system objective not to be met and therefore require management action as a matter of urgency. Priority 2 Observations refer mainly to issues that have an important effect on the system of internal control but do not require immediate management action. System objectives are unlikely to be breached as a consequence of these issues, although Internal audit service protocol Page 3 28.10.2009

improved system design and/or more effective operation of controls would minimise the risk of system failure in this area. Priority 3 Observations refer to issues that would if corrected, improve internal control in general and engender good practice, but are not vital to the overall system of internal control. Table 1: Priority ratings Assurance levels The level of assurance to be applied will be based on the auditor's assessment of the extent to which system objectives are met. As a guide, the following triggers will be used. : Overall Level of assurance and definition assignment rating 1 Full Assurance There is a sound system of control designed to achieve system objectives, and the controls are being consistently applied. 2 Satisfactory Assurance There is a generally sound system of control designed to achieve system objectives, and the controls are generally being consistently applied. However, there are some weaknesses in control, and/or evidence of non-compliance, which are placing some system objectives at risk. 3 Limited Assurance There is a generally sound system of control designed to achieve system objectives, and the controls are generally being consistently applied. However, there are some significant weaknesses in control in a number of areas, and/or evidence of significant noncompliance, which are placing some system objectives at risk. 4 No Assurance The system of control is generally weak, and/ or there is evidence of significant non-compliance, which exposes the system to the risk of significant error or unauthorised activity. Trigger number of individual audit recommendations Priority 3s or no audit recommendations. Priority 2s and no Priority 1s. Between 1 and four Priority 1s and (usually) several Priority 2s. Five or more Priority 1s. Or Audit not delivered. Internal audit service protocol Page 4 28.10.2009

5. Audit Committee reporting For each Audit Committee throughout the year, the Head of Internal Audit will present an Interim Internal Audit Report summarising the key points arising from final audit reports issued in the previous period. For each completed audit assignment, a summary of issues arising and prioritised recommendations will be included in the interim report. Draft audit reports will not be discussed at the Audit Committee unless previously agreed with the nominated Internal Audit contact. The Head of Internal Audit will prepare an Annual Internal Assurance Report for the academic year, which will include an overall opinion statement in line with current Government Internal Audit Standards Manual (GIASM) and HEFCE requirements. 6. Follow-up As a matter of course, action plans will be followed-up for progress six months after the date of the final report. Where a report has been delayed for any reason, follow-up will take place six months after the date of the draft report. Follow-up work may be brought forward at the request of the Audit Committee, the nominated Internal Audit contacts or the Head of Internal Audit. The results of follow-up work will be reported as part of the Head of Internal Audit s interim reports to the Audit Committee and on a summary basis within the Annual Internal Assurance Report. 7. Key performance indicators (KPIs) KCG will measure itself against KPIs in line with HEFCE Assurance Service recommendations. Measurement will be made based upon factual evidence, for example reporting deadlines. Information will also be collected via a Customer Questionnaire, which will be sent to the recipients of the finalised audit report for completion and return to the Head of Internal Audit. The table on page 6 details indicators and performance indicators. A summary of performance will be included in the Annual Internal Assurance Report in accordance with the following measures and summarising the results received via Customer Questionnaires. 8. Review of protocol The operation of this protocol will be reviewed after 12 months and any necessary amendments made in agreement between the University and KCG. Internal audit service protocol Page 5 28.10.2009

Indicator Update Strategic Internal Audit Plan and Agree Operational Internal Audit Plan. Operational Internal Audit Plan achieved. Performance Prior to commencement of the financial year to which the Plan relates. Conforms to GIASM/HEFCE. Plan is fully achieved. Non achievement is fully transparent and approved by the Audit Committee. Actual days input compared to Plan. Audit reporting TOR produced within 5 days of set-up meeting. Draft report produced with 10 days of closure meeting. Management responses received within 10 days of draft report. Final report issued within 5 days of management responses. Audit recommendations Usefulness and effectiveness established by timely implementation. Timely follow-up after 6 months. Relationships Managers and auditees perceptions. Audit Committee perceptions Relations with other auditors. Results of other auditors reviews (e.g. HEFCEAS). Table 2: Internal Audit Indicators and Performance Indicators Internal audit service protocol Page 6 28.10.2009

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information