Governance and Audit Committee 23 November 2015



Similar documents
Annual Report of Internal Audit 2012/13

Aberdeen City Council IT Asset Management

HUNTINGDONSHIRE DISTRICT COUNCIL. Internal Audit Service: Annual Report. Meeting/Date: Corporate Governance Panel 15 July 2015

LONDON BOROUGH OF HARROW. Overview & Scrutiny Committee

INTERNAL AUDIT PROGRESS REPORT APRIL 2013 OCTOBER Councillor Nicholas Rushton

Note the Chief Internal Auditor s findings to date and gain assurance from Officers that key issues raised are being addressed.

Annual Governance Statement 2013/14

Aberdeen City Council IT Security (Network and perimeter)

Aberdeen City Council

South Northamptonshire Council Contract Assurance: Leisure Contract

Aberdeen City Council IT Governance

House of Commons Corporate Governance Framework

ARGYLL AND BUTE COUNCIL SUPPORT SERVICES REVIEW 15 DECEMBER 2011 SUMMARY REPORT

Annual Governance Statement

Comhairle nan Eilean Siar Internal Audit Follow Up Review Document Management. Final Report FU01 14/15

Financial Management Framework >> Overview Diagram

Internal Audit Annual Report 2011/12

Internal audit service protocol

Aberdeen City Council. Fleet Management Final Report

Comhairle nan Eilean Siar Internal Audit Follow Up Review PERFORMANCE MANAGEMENT & MONITORING. Final Report FU17 12/13

1.1 Terms of Reference Y P N Comments/Areas for Improvement

Audit, Risk and Compliance Committee Charter

2 Matters to report from internal audit work completed during the period

Internal Audit Strategic and Annual Plans 2015/16

Aberdeen City Council IT Disaster Recovery

Perth & Kinross Council. Risk Assessment, Annual Audit Plan and Fee Proposal for 2007/08. External Audit Report No: 2008/01

Dacorum Borough Council Final Internal Audit Report

Coleg Gwent Internal Audit Report 2014/15 Staff Performance Management. Assurance Rating:

University of New England Compliance Management Framework and Procedures

States of Jersey Comptroller & Auditor General

WEST LOTHIAN COLLEGE

Compliance. Group Standard

SCRUTINY COMMITTEE ITEM MARCH 2012

Report Performance Board

Business Continuity Business Impact Analysis arrangements

Bedfordshire Fire and Rescue Authority Corporate Services Policy and Challenge Group 16 September 2015 Item No. 11

Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory. Assurance Rating:

Comhairle nan Eilean Siar Internal Audit Follow Up Review Statutory Performance Indicators. Final Report FU20 11/12

Comhairle nan Eilean Siar Internal Audit Follow Up Review Children s Services Cost of Placements. Final Report FU01 13/14

Appendix 1e DIRECTORATE OF AUDIT, RISK AND ASSURANCE INTERNAL AUDIT SERVICE TO THE GLA

Internal Audit Charter. Version 1 (7 November 2013)

Operational Risk Publication Date: May Operational Risk... 3

The NHS Foundation Trust Code of Governance

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT IT Backup, Recovery and Disaster Recovery Planning

Comhairle nan Eilean Siar Internal Audit Follow Up Review Licensing. Final Report FU16 12/13

Manchester City Council

Request for feedback on the revised Code of Governance for NHS Foundation Trusts

Draft Internal Audit Report Software Licensing Audit. December 2009

Head of Internal Audit:

The Audit Findings for London Borough of Richmond upon Thames

Report on the 2009/10 Audit to Accountant in Bankruptcy and the Auditor General for Scotland October 2010

CITY OF VINCENT. Audit Completion Report to the Audit Committee For the Year Ended 30 June 2015

Vale of Glamorgan. Overview Report: Review of HR and Workforce Planning. November 2011

Corporate governance statement

NHS Dorset Clinical Commissioning Group. Internal Audit Annual Report 2014/15. May 2015

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

The NHS Foundation Trust Code of Governance

Information Commissioner's Office

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

Auditing data protection a guide to ICO data protection audits

Internal Audit Quality Assessment Framework

AUDIT COMMITTEE 25 JUNE 2015

Internal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority

Bridgend County Borough Council. Corporate Risk Management Policy

Oxford City Council Managing Capital Projects

Aberdeen City Council. Performance Management Process. External Audit Report o: 2008/19

PFMA The drivers of internal control: Audit committees and internal audit

Audit and Governance Committee Report. 4 July quarter. Internal audit activity report. one 2011/2012 1/2012. Purpose of Report. Report No.

Performance Detailed Report. May Review of Performance Management. Norwich City Council. Audit 2007/08

Draft Annual Governance Statement

Appendix 1C. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA PAYROLL CONTROL FRAMEWORK

Internal Audit Monitoring Report. Audit Report status Assurance. Payroll Final Limited

Corporate Information Security Policy

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT ACCOUNTING SYSTEM AND GENERAL LEDGER

INTERNAL AUDIT SERVICES Glenorchy City Council Internal audit report of Derwent Entertainment Centre financial business and operating systems

DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA

Comhairle nan Eilean Siar Internal Audit Review Project Management and Project Delivery Technical Services department. Final Report 2014/15-21

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT

Councillor role descriptions

The Education Fellowship Trust. Review of financial management and governance

The Audit Committee self-assessment checklist

Coleg Gwent Internal Audit Report 2012/13 Payroll and HR. Assurance Rating: Payroll

FINAL. Internal Audit Report. Employees Travel and Subsistence Expenses 2014/15

Audit and Performance Committee Report

Results of audits: Internal control systems Report 1 :

Payroll Review. Internal Audit Final Report 09_ Assurance rating this review. Moderate. Distribution List. Chief Executive - Peter Sloman

ICT Internal Audit Strategy to Report by the Head of Finance

EPPING FOREST DISTRICT COUNCIL DATA QUALITY AUDIT - SELF ASSESSMENT

Auditor General s Office. Governance and Management of City Computer Software Needs Improvement

Performance Management 2012/ 13: Quarter 4

National Insurance Fund Account Report of the Comptroller and Auditor General

FMCF certification checklist (incorporating the detailed procedures) certification period. Updated May 2015

Informing the audit risk assessment Enquiries to those charged with governance Calderdale Council. Year ended 31 March 2013

RISK MANAGEMENT POLICY AND STRATEGY. Document Status: Draft. Approved by. Appendix 1. Originator: A Struthers. Updated: A Struthers

Monitoring requirements and global quality assurance

Site visit inspection report on compliance with HTA minimum standards. London School of Hygiene & Tropical Medicine. HTA licensing number 12066

Dacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery

Avon & Somerset Police Authority

A Guide to Corporate Governance for QFC Authorised Firms

Agency Board Meeting 28 July 2015

Transcription:

Agenda Item 7 Governance and Audit Committee 23 November 2015 Welland Internal Audit Consortium Internal Audit Plan & Performance Update 2015/16 Purpose of report: To provide Members with information on the progress made by the Consortium on the delivery of the Annual Internal Audit Plan for 2015/16 and associated measures of performance. Attachment(s) Appendix A: Detailed Progress Report for 2015/16 to week 31. 1.0 Background 1.1 The Welland Internal Audit Consortium provides the Internal Audit service for East Northamptonshire Council and is commissioned to provide 230 to deliver the 2015/16 Annual Audit Plan. 1.2 The Public Sector Internal Audit Standards require periodic reporting to the Audit Committee including the performance of Internal Audit against the agreed plan and any key findings regarding the Council s risk management and control arrangements highlighted in the course of work completed. 2.0 Progress with the Annual Audit Plan 2.1 Appendix A provides information on the progress made on each of the audit assignments along with performance information for the Welland Internal Audit Consortium. In order to provide Members with the most current performance information the report analyses Internal Audit s performance to the end of week 31 (2 November 2015), the latest possible date for reporting to this committee meeting. 2.2. At the date of reporting, final reports have been issued for five assignments, fieldwork is complete on one assignment and fieldwork is underway on a further three assignments. Full details are shown in Appendix A to the report. 3.0 Key Issues and Updates 3.1 As at the end of week 31, the Consortium has delivered 124 of the commissioned 230. The Consortium is currently on target to achieve this requirement and to deliver all commissioned by year end. 3.2 No areas of significant risk or control weaknesses have been identified in the work completed to date. The key findings of all recently finalised assignments are provided in Appendix A. 4.0 Equality and Diversity Implications 4.1 There are no equality and diversity implications arising from the report. 5.0 Legal Implications 5.1 There are no legal implications arising from the report. 1

6.0 Risk Management 6.1 There are no significant risks arising from the proposed recommendations in this report. 7.0 Financial Implications 7.1 There are no financial implications arising from the report 8.0 Corporate Outcomes 8.1 Effective Management - The Annual Audit Plan is designed to provide Members with assurance as to the effective management of the Council s most significant risks. 9.0 Recommendations 9.1 The Committee notes the progress and performance of the Consortium (Reason To demonstrate that the committee is discharging its responsibilities in conformance with the Public Sector Internal Audit Standards). Power: It is a statutory requirement for Councils to have an Internal Audit function in accordance with the Local Government Act 1972. Legal Other considerations: Internal audit and the Audit Committee should also conform to the relevant professional guidance the Public Sector Internal Audit Standards. Background Papers: None Person Originating Report: Date: 23 rd November 2015 Rachel Ashley-Caunt, Head of Internal Audit, 07824 537900, rashleycaunt@rutland.gov.uk CFO MO CX (Committee Report Normal Rev. 22) 2

Appendix A EAST NORTHAMPTONSHIRE COUNCIL INTERNAL AUDIT PROGRESS & PERFORMANCE UPDATE NOVEMBER 2015 Date: 23 rd November 2015 1

Introduction 1.1 The Welland Internal Audit Consortium provides the Internal Audit service for East Northamptonshire Council and has been commissioned to provide 230 to deliver the 2015/16 Annual Audit Plan and undertake other work commissioned by the client. 1.2 The Public Sector Internal Audit Standards (the Standards) require the Governance & Audit committee to scrutinise the performance of the Internal Audit Team and to satisfy itself that it is receiving appropriate assurance about the controls put in place by management to address identified risks to the council. This report aims to provide the committee with details on progress made in delivering planned work, the key findings of audit assignments completed since the last committee meeting, updates on the implementation of actions arising from audit reports and an overview of the performance of the Consortium. Performance 2.1 Will the Internal Audit Plan for 2015/16 be delivered? The Welland Internal Audit Consortium is currently under the management of LGSS (Local Government Shared Services). The Welland Board has set LGSS the objective of delivering at least 90% of the Internal Audit plans for 2015/16 to draft report stage by the end of March 2016. As at week 31 (2 nd November 2015), the latest practical date for reporting to this committee, final reports have been issued for five audits and fieldwork is complete for one assignment. Fieldwork is underway on a further three assignments. As at week 31, the Consortium has delivered 124 of the commissioned 230. Progress on individual assignments is shown in Table 1. The Head of Internal Audit continues to work with the Corporate Management Team to schedule the remaining assignments on the 2015/16 audit plan to allow timely delivery of all assignments. 2.2 Are audits being delivered to budget? Internal Audit is on target to deliver the Audit Plan within the 230 budget. overruns on individual assignments are managed within the overall budget. Any 2.3 Are clients satisfied with the quality of the Internal Audit assignments? Responses received to the Customer Satisfaction Questionnaire show that clients have rated all aspects of the audit assignment completed during 2015/16 as good or outstanding. A summary of the responses is provided in Table 2. 2.4 Is the Internal Audit team achieving the expected level of productivity? As at the latest possible date for reporting purposes, the team has been delivering 91% productivity against a target of 90%. 2

2.5 Based upon recent Internal Audit work, are there any emerging issues that impact upon the Internal Audit opinion of the Council s Control Framework? No significant control weaknesses or issues of concern have currently been identified. Since the last Committee report, three audit assignments have been completed and final reports have been issued. IT Service Desk, Software Licensing and Asset Management The Internal Audit review of the IT Service Desk, Software Licensing and Asset Management sought to provide assurance that the council has put in place controls to ensure that there is an effective IT Service Desk; the council s record of IT software licences and IT equipment are complete and up to date; and that the council employs only properly licensed software. Based upon the testing completed, Internal Audit concluded that the systems in place for logging IT incidents and requests are appropriate and operating effectively. Evidence of compliance with good practice for Service Desk management was identified, particularly in relation to the prioritisation of calls in accordance with ITIL (Information Technology Infrastructure Library) requirements, and the audit trail within the Service Desk system. The audit confirmed that service desk performance is consistently above target; however minor issues with performance data were identified and recommendations have been made to address these. Although the council s asset management software is well designed and equipped to enable the effective maintenance of software and licence information; it is not currently being used to its full capacity. IT Management have recognised that information held within the system is in need of updating, and it is intended that this will be reviewed during 2015/16 as part of the planned project to upgrade the asset management software. It has been recommended that the council ensure that reconciliations are undertaken annually for software applications with limited licenses to identify any cases of over usage which could incur fines. The processes to be followed in procuring and disposing of new IT equipment are well documented and purchasing is subject to robust controls including prior approval by the relevant budget holder. The audit confirmed that the council holds detailed records of ICT equipment which are maintained by the IT team; Internal Audit testing did highlight some inaccuracies in the data held, however these issues are being addressed by the IT team. Based upon the outcome of the testing completed, an opinion of Sufficient Assurance has been given over the identified risks. Non-standard Payroll Payments Following the identification of an incorrect estimate for a maternity pay entitlement, a request was received from management for an Internal Audit review of the calculation and payment of Non-standard Payroll Payments. The audit determined that the council has clear methodologies for calculating non-standard Payroll payments and deductions. Such transactions are subject to secondary checks by the 3

Payroll team for accuracy and system reports are also reviewed by the Payroll team to ensure payments made are correct. Testing completed determined no errors in calculations of payments or deductions in relation to Adoption Pay, Annual Leave Purchase, Honorariums, Maternity Pay, Parental Leave Purchasing and Long Service Awards. Opportunities for improvement were highlighted, however, in relation to the recording and communicating of the methodologies used for such transactions and the steps that could be taken in the event that a complex calculation is identified. Based upon the testing completed, Substantial Assurance has been given over the controls in place to ensure non-standard payroll payments and deductions are correctly calculated and applied. Universal Credit and Council Tax Support Scheme The Council is responsible for supporting the national roll out of Universal Credit (UC). Universal Credit for simple singles will roll out at East Northamptonshire Council in October 2015, expanding to couples and families at a later date. The Council needs to define and implement a clear action plan to ensure these duties are effectively executed. To assist with this process the Council requested a consultancy assignment to be delivered by Internal Audit. The assignment was scoped to include interviews with other authorities within the Welland area to gain advice regarding the areas identified in the council s draft action plan. It was also agreed that a review of the council s action plans would be undertaken once completed to provide advice on any further improvements that could be made. Given the nature of the review, no assurance opinion has been awarded. Following consultation with other authorities, an Internal Audit consultancy report was issued to management in August 2015 which reviewed the adequacy of the council s draft action plan for the roll out of Universal Credit and provided advice on further areas for consideration. In October 2015, a review was undertaken of the council s action plans and progress to date. The progress against each task was discussed with the Benefit Manager and assurance was gained that where possible, actions had been completed. For those actions not yet completed, work was underway or reasons could be given to explain the reasons why these could not be currently addressed. It was also noted that the action plans are subject to regular review and monitoring. In summary, no concerns with the level of detail of the council s action plans or arrangements to implement these plans were identified and advice and good practice from other authorities was shared with management to support the delivery of their Plans. Copies of all final Internal Audit reports are issued to the Chair and Vice Chair of the committee at the time of finalisation. Reports are also available to Members at any time if requested. 4

2.6 Are clients progressing audit recommendations with appropriate urgency? Recommendations are reviewed as part of the council s quarterly performance clinics. Updates are returned explaining action taken to complete a recommendation by the target date or, if this is not possible, to provide explanations for non-compliance and details of their expected target dates for completion. Due to the timing of the Performance Clinics for November 2015, it is not possible to provide an update on implementation of audit actions at the time of reporting. A detailed update will be provided to the Committee at the next meeting. Internal Audit continue to seek assurance over the implementation of actions and work with management to ensure risks can be suitably addressed. 5

Table 1 - Progress against 2015/16 Internal Audit Plan Assignment Budget Actual Planned start Status Assurance sought Assurance Rating Findings / Comments Financial Risks Financial Resilience 11 Q3 Planning Transparency Code 7 5.1 Q2 Creditors 10 1.2 Q3 Debtors 10 3.9 Q3 Fieldwork underway Fieldwork underway Fieldwork underway Payroll 7 4.9 Q4 Planning HR elements scheduled for January 2016 Fixed Assets 10 0.8 Q4 Planning Scheduled for January 2016 Treasury Management 8 - Q4 Main Accounting System 5 - Q4 Payroll Non Standard Payments & Deductions 6 7.6 Q1 Final Report Issued Assurance that adequate methodologies are in place to accurately calculate nonstandard payroll payments and deductions and that transactions paid /deducted are accurate and consistent with policy. Substantial Strengths clear methodologies for calculating non-standard payments and deductions. Transactions and payments subject to secondary checks for accuracy. Weaknesses - Processes for recording and communicating methodologies and the steps that could be taken in the event that a complex calculation is identified could be improved. 6

Assignment Budget Actual Planned start Status Assurance sought Assurance Rating Findings / Comments Governance Risks Risk Management Effectiveness of the Whistleblowing Policy 10 - Q4 5 - Q3 Planning IT Strengths - The processes to be followed in procuring and disposing of IT equipment are well documented and purchasing is subject to robust IT Service Desk, Software Licensing and Asset Management 12 12.2 Q1 Final Report Issued Assurance that the council has put in place controls to ensure that there is an effective IT Service Desk; the council s record of IT software licences and IT equipment are complete and up to date; and that the council employs only properly licensed software. Sufficient controls. Systems in place for logging IT incidents and requests are appropriate and operating effectively. Evidence of compliance with good practice for Service Desk management. Weaknesses - Reconciliations are not undertaken to monitor over/under usage of the council s software applications. IT Security Measures 13 - Q4 IT Helpdesk performance figures are based only on calls received in the month and do not include open calls from previous months or years. Service Delivery Risks Universal Credit & Changes to the Council Tax Support Scheme 10 4.7 Q2 Final Report Issued Consultancy support on the roll out of Universal Credit. Included research into approaches adopted at comparable authorities and advice on areas for consideration. Also included an independent review of the action plans. N/A Consultancy review 7

Assignment Budget Actual Planned start Status Assurance sought Assurance Rating Findings / Comments Working Parties 10 0.3 Q3 Planning Procurement / Contract Management 15 14.4 Q2 Field Work Complete Waste Management 10 10.4 Q1 Final Report Issued Assurance required on adequacy of the methodology applied and conclusions reached regarding compliance with the Waste Regulations. Sufficient Strengths - Detailed assessment model based on a points system and comparative case studies. Methodology is robust and complies with most aspects of the available guidance. Areas for Improvement - Methodology could be further strengthened by including more data, information and a case study. Some minor errors in the models will need to be addressed and the audit trail strengthened. Strengths Mandatory training programme for staff. Procedures now in place to maintain centralised records of training attended. Training Records 10 10.6 Q1 Projects and Transformation 5 - Q4 Final Report Issued To provide advice and assistance to the council in respect of staff and councillor learning and development plans and controls. Limited Areas for Improvement Backdated records do not exist. Lack of clarity over the need for agency/interim staff to receive mandatory training. Performance figures for completion of appraisals are below target. Induction check list could be improved. Member training record system still under development due to recent elections. Member training attendance requires improvement. Total 175 76.1 8

Other Support Budget Actual Comments Advice & Assistance 2 0 Committee Work, Support & Annual Report 15 8.8 Recommendation Follow-Up 3 3 Client Meetings 7 4.8 External Audit liaison 1 0.2 Strategic Mgt & Audit Planning 5 0 NFI & AGS 2 0 Unavoidable interruptions e.g. ICT interruptions / fire - 2.5 alarms etc. Completion of 2014/15 Assignments - 15.5 Management of the Welland Internal Audit Consortium 20 12.6 Total 55 47.4 9

At the completion of each assignment the Auditor will report on the level of assurance that can be taken from the work undertaken and the findings of that work. The table below provides an explanation of the various assurance statements that Members might expect to receive. Substantial Sufficient Limited No There is a sound control framework designed to manage or mitigate risks to the achievement of defined objectives. Testing confirms that the controls are being applied consistently. The control framework is basically sound but either there are minor gaps or weaknesses which mean that some risks are not fully managed or mitigated; or testing provides evidence of non-compliance sufficient to weaken the effect of some controls. There are significant weaknesses in key elements of the control framework which mean that significant risks are not managed or mitigated. Testing demonstrates significant levels of non-compliance with prescribed processes and procedures The controls identified are not sufficient to manage/mitigate identified risks to the achievement of defined objectives. Testing demonstrates high levels of non-compliance with prescribed processes and procedures. 10

Table 2: Customer Satisfaction At the completion of each assignment, the Auditor issues a Customer Satisfaction Questionnaire to each client with whom there was a significant engagement during the assignment. The Head of Service and the Line Manager receive a CSQ for all assignments within their areas of responsibility. The standard CSQ asks for the client s opinion of four key aspects of the assignment. The responses received in the year to date are set out below. Aspects of Audit Assignments N/A Outstanding Good Satisfactory Poor Design of Assignment 2 2 Communication during Assignments 3 1 Quality of Reporting 3 1 Quality of Recommendations 2 2 Total 0 10 6 0 0 11

Limitations and Responsibilities Limitations inherent to the internal auditor s work The Consortium is undertaking a programme of work agreed by the council s senior managers and approved by the Governance Committee subject to the limitations outlined below. Opinion Each audit assignment undertaken addresses the control objectives agreed with the relevant, responsible managers. There might be weaknesses in the system of internal control that the Consortium are not aware of because they did not form part of the programme of work; were excluded from the scope of individual internal assignments; or were not brought to the Consortium s attention. As a consequence, the Governance Committee should be aware that the Audit Opinion for each assignment might have differed if the scope of individual assignments was extended or other relevant matters were brought to the Consortium s attention. Internal Control Internal control systems identified during audit assignments, no matter how well designed and operated, are affected by inherent limitations. These include the possibility of poor judgement in decision making; human error; control processes being deliberately circumvented by employees and others; management overriding controls; and unforeseeable circumstances. Future Periods The assessment of each audit area is relevant to the time that the audit was completed in. In other words, it is a snapshot of the control environment at that time. This evaluation of effectiveness may not be relevant to future periods due to the risk that: The design of controls may become inadequate because of changes in operating environment, law, regulatory requirements or other factors; or The degree of compliance with policies and procedures may deteriorate. Responsibilities of management and internal auditors It is management s responsibility to develop and maintain sound systems of risk management; internal control and governance; and for the prevention or detection of irregularities and fraud. Internal audit work should not be seen as a substitute for management s responsibilities for the design and operation of these systems. The Consortium endeavours to plan its work so that there is a reasonable expectation that significant control weaknesses will be detected. If weaknesses are detected additional work is undertaken to identify any consequent fraud or irregularities. However, Internal Audit procedures alone, even when carried out with due professional care, do not guarantee that fraud will be detected, and its work should not be relied upon to disclose all fraud or other irregularities that might exist. 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information