Final. Internal Audit Report. Creditors System

Similar documents
FINAL. Internal Audit Report. Employees Travel and Subsistence Expenses 2014/15

FINAL. Internal Audit Report. Data Centre Operations and Security

Report 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010

Essex County Council - Internal Audit Report 2007/08 -

Note the Chief Internal Auditor s findings to date and gain assurance from Officers that key issues raised are being addressed.

Table of Contents. Transmittal Letter Executive Summary Background Objectives and Approach Issues Matrix...

Transaction Maintenance

Clare College Financial Policies and Procedures Supplier Account Set Up and Change Procedures

Financial Policy and Procedure Manual

Welcome to the topic on managing delivery issues with Goods Receipt POs.

Xx Primary School. Finance Policy

Appendix 1e DIRECTORATE OF AUDIT, RISK AND ASSURANCE INTERNAL AUDIT SERVICE TO THE GLA

PAYMENT FOR WORKS, GOODS AND SERVICES FINANCIAL PROCEDURE 11

Internal Audit. Final Report. Environment and Regeneration Services & Strategic Finance: Asset Management (Key Control Review) AUDITOR AUDIT MANAGER

Great Aycliffe Town Council. Purchase Ordering and Payment for Goods and Services Policy

Accounts Payable Outsourcing

Document Information, Statuses & Exceptions in Ariba

Internal Controls, Fraud Detection and ERP

POLICY MANUAL. Credit Card Policy (July 2015)

Audit and Governance Committee Report. 4 July quarter. Internal audit activity report. one 2011/2012 1/2012. Purpose of Report. Report No.

Internal Audit Final Report Strategic Finance Accounts Receivable March 2014

Stated below are the SCIRE activity level control objectives for purchasing and accounts payable.

Audit Committee, 20 March Internal Audit Report Partners Expenses. Executive summary and recommendations. Introduction

Checklist. Internal financial controls for charities. Contents. 1. Self-assessment checklist

AUDITOR GUIDELINES. Responsibilities Supporting Inputs. Receive AAA, Sign and return to IMS with audit report. Document Review required?

Appendix 1. This appendix is a proposed new module of the DFSA Rulebook. Therefore, the text is not underlined as it is all new text.

A Control Framework for e-invoicing

WEEK 6. Objective 1: Sales Transaction Cycle Risks

VOLUNTARY UNOFFICIAL FUNDS

North East Lincolnshire Council. Debt Management Strategy

Mecklenburg County Department of Internal Audit. Park and Recreation Department Contract Management Investigation Report 1401

Head of Internal Audit:

2012 AICPA Newly Released Questions Auditing

Auditing Module 7 June Suggested Solutions

Debit Card Procurement Protocol and Procedure. Procurement Card

Purchasing Card Handbook

February 2, 2012 ACCOUNTS PAYABLE BEST PRACTICES

Doing Business with Serco - A Suppliers Guide

SUGGESTED CONTROLS TO MITIGATE THE POTENTIAL RISK (Internal Audit)

Checks and Balances Internal Controls. West Virginia State Auditor s Office Chief Inspector Division

[1] Viewing invoice details:

Welcome to the Penderels Trust Guide to Independent Living Services for customers in North Lincolnshire.

Controls should be appropriate to the scale of the assets at risk and the potential loss to the University.

Case Study Top-Down, Risk-Based Approach Purchase to Pay Process

PETERBOROUGH ADULT LEARNING SERVICE CITY COLLEGE PETERBOROUGH FINANCE MANAGER JOB DESCRIPTION

FREQUENTLY ASKED QUESTIONS ABOUT ACCOUNTS PAYABLE WHEN DOES THE STATE OF MARYLAND PAY MY VENDORS?

1. Introduction to the Automated Accounts Payable Development Process Flows of Purchase Orders, Goods Receipts and Invoice Queries...

Financial Management Policy

Process Control Optimisation with SAP

Oxford City Council Managing Capital Projects

How to set up a people based. accounting system that makes your. small business work for you. Thomas G. Post. Certified Public Accountant

TRANSPORT FOR LONDON (TfL) LOW EMISSIONS CERTIFICATE (LEC) GUIDANCE NOTES FOR THE COMPANY AUDIT PROCESS. LEC (Company Audit) Guidance Notes

Information Commissioner's Office

Table of Contents: Chapter 2 Internal Control

Hertsmere Borough Council. Data Quality Strategy. December

LADYSMITH/EMNAMBITHI MUNICIPALITY Management Policy EMNAMBITHI/LADYSMITH MUNICIPALITY INVENTORY MANAGEMENT POLICY. Page 1 of 11

Audit of the Sales and Collection Cycle: Tests of Controls and Substantive Tests of Transactions

An Introduction to Continuous Controls Monitoring

Issue and Use of Corporate Credit Cards Policy

Internal Audit Follow Up Review Final Report Strategic Finance Council Tax May 2015

NHS (Scotland and North England) Credit Union Ltd

INTERNAL CONTROL OVER PURCHASE INTERNAL CONTROL OVER INVENTORY INTERNAL CONTROL OVER CASH PAYMENTS INTERNAL CONTROL OVER CASH RECEIPTS

Accounts Payable Capture and Approval

2 Matters to report from internal audit work completed during the period

Money Manager Account Terms And Conditions

Government Procurement Card: Pan-Government Policy

Coleg Gwent Internal Audit Report 2012/13 Payroll and HR. Assurance Rating: Payroll

CREDIT CARD POLICY AND PROCEDURES

Liberty County School District Purchasing Card Procedures

About the Institute and Faculty of Actuaries eshop

CORPORATE CREDIT CARD POLICY

Information Commissioner's Office

HSBC Global Investment Centre

Royal Holloway, University of London Online Purchasing Card Manual

Investment Trust ISA and Savings Scheme. Terms and conditions

Accounts Payable. Ver : 1.4 AT/F/PR 07 Date : 06/08

Checklist - Monthly Close Process

Schools purchasing card Department guidelines and procedures

Section 7 Internal Control Framework

UNIVERSITY OF LEICESTER, UNIVERSITY OF LOUGHBOROUGH & UNIVERSITY HOSPITALS OF LEICESTER NHS TRUST JOINT RESEARCH & DEVELOPMENT SUPPORT OFFICE

VAT guide should I register for VAT?

Finance Process Document - Expense Claims and Payment

Aberdeen City Council IT Asset Management

PURCHASE CARD USER GUIDE & REGULATIONS

HOME GROUP JOB DESCRIPTION. Date:

Transcription:

Final Internal Audit Report Creditors System Document Details: Reference: 1.2 / 2014-15 Senior Manager, Internal Audit & Assurance: David Jenkins ext 6567 Date: 7 th January 2015 This report is not for reproduction publication or disclosure by any means to unauthorised persons. Page 1

1. EXECUTIVE SUMMARY Internal Audit Report Creditors System INTRODUCTION As part of the 2014/2015 Internal Audit plan an audit of the Creditors System was carried out, with the points of focus being; Adherence to policies and procedures, and; Adequacy of controls over input to ensure that payments are authorised, complete, accurate, not previously paid and timely. BACKGROUND The Council's creditor (accounts payable) function is maintained by the Revenue Section within Financial Services. The Section is responsible for the processing of invoices and the payment of creditors for the Council using the SAP system. The Section also maintains the vendor master record including the creation of new vendors. Due to the impending commissioning process the audit looked to ensure that the risks associated with the Creditors' function are identified and transferred where possible. Audit is also represented on the HR/Finance Steering Group and have been able to comment on risks and controls as the process progresses and have been involved during the writing of the contract and formulation of KPI's. The Creditor's service specification was also reviewed and no significant omissions were identified. The figure for short term creditors shown in the Statement of Accounts at 31 March 2014 was 105.8m it is therefore important to have robust and effective controls. The previous audit of the Creditors' system was carried out between January and June 2014 covering the 2013/14 financial year. The audit recognised that generally there are appropriate procedures in place; however, there were two areas regarding changes to supplier details (in particular bank details) which management needed to consider in light of the potential risk of fraud in this area. The Revenue Section aim to pay 59% of their invoices within 10 days. This is an internal target used for performance management and is reported to the Chief Financial Officer on a quarterly basis. It was good to see that in quarter one of 2014/15 the Revenue Section had paid 66% of invoices within 10 days. OVERALL OPINION It is pleasing that the overall opinion of this review is significant assurance. A sample of forty five Creditor invoices were reviewed with further testing carried out where required. There are a number of areas of good practice within the Council which have led to the significant assurance opinion, including: The procedures around Returned Remittances. Page 2

The controls around the level of checking undertaken on non-order invoices over 50,000. For all the invoices in the sample VAT had been properly accounted for when posted in SAP and they had all been authorised and goods receipted by an appropriate officer. All invoices in the sample had been incorporated into payment runs which had been carried out by a member of the Revenue Section who is not an authorising officer. Controls around Vendor creation were working well as were amendments to Vendors' bank details. All of the invoice payments had been correctly coded to the relevant expenditure heads and had been scanned where necessary. However, we also identified a few areas for improvement during this audit. Checks on signatures are not carried out during the verification process to confirm that the invoice has been approved by a certifying officer, due to the lack of an up to date record of signatories. However, this is mitigated by the measures taken to reduce the number of non- SAP order invoices and a commitment to transfer these remaining payments to more secure and efficient processes. There are authorising officers in SAP that appear to have left the Council. Vendors with debit or credit balances have not been reviewed for some time. Invoices not being passed to the Revenue Section promptly in order to ensure that they are paid in a timely manner. These and other matters that it is felt require attention, together with our recommendations are referred to in the detailed findings below. Overall Audit Opinion Full assurance Full assurance that the system of internal control meets the organisation s objectives and controls are consistently applied. Significant assurance Limited assurance No assurance Significant assurance that there is a generally sound system of control designed to meet the organisation s objectives. However, some weaknesses in the design or inconsistent application of controls put the achievement of some objectives at some risk. Limited assurance as weaknesses in the design or inconsistent application of controls put the achievement of the organisation s objectives at risk in some of the areas reviewed. No assurance can be given on the system of internal control as weaknesses in the design and/or operation of key control could result or have resulted in failure(s) to achieve the organisation s objectives in the area(s) reviewed. Page 3

SUMMARY OF CONCLUSIONS Internal Audit Report Creditors System 2.1 The conclusion for each control objective evaluated as part of this audit was as follows: Control Objective Assurance Full Significant Limited None C01: Any matters arising from the previous audit have been addressed. C02: Segregation of duties is adequate C03: Procedures ensure that payments are only made for properly authorised invoices. C04: Payments to suppliers are made in accordance with the authority's payment procedures. C05: Management exception reports are generated and reviewed and outputs checked for overall reasonableness. CO6: Risks have been identified and, where appropriate, can be transferred to any new provider. 2.2 The recommendations arising from the review are ranked according to their level of priority as detailed at the end of the report within the detailed audit findings. Recommendations are also colour coded according to their level of priority with the highest priorities highlighted in red, medium priorities in amber and lower priorities in green. In addition, the detailed audit findings include columns for the management response, the responsible officer and the time scale for implementation of all agreed recommendations. 2.3 Where high recommendations are made within this report it would be expected that they should be implemented within three months from the date of the report to ensure that the major areas of risk have either been resolved or that mitigating controls have been put in place and that medium and low recommendations will be implemented within six and nine months respectively. 3. LIMITATIONS REGARDING THE SCOPE OF THE AUDIT The following areas did not form part of this audit: BACS and other payment procedures. Write-off procedures HMRC Construction Industry Tax SAP authorisation. Duplicate payments. Page 4

Reconciliations, suspense and control accounts. Credit notes and cancelled payments. Testing in respect of the Control Objectives is limited to the 45 tested payments (15 SAP orders, 10 non SAP payments, 10 Framework Orders and 10 PR1 payments. 4. ACKNOWLEDGEMENTS Audit would like to thank all involved for their assistance during this review. Page 5

5. DETAILED AUDIT FINDINGS Ref. Priority Findings Risk Arising/ Consequence C02: Segregation of duties is adequate There are 77 current users 1 Medium who appear to have access to the transactions in SAP listed below but no longer appear on the email system or Lync system indicating that they are no longer eligible to have access to the following transactions: FB60 (Entering invoices), Z:POCLKNEW (SAP Purchase order raising role) Z:PRAUTHNEW (SAP Purchase order authorising role) It should be acknowledged that the audit examined a sample of SAP transactions and therefore the list of transactions is Unauthorised transactions may be processed. Recommendation Management Response Responsibility and Timescale Consideration should be given to producing a SAP report once a month detailing individual officer's SAP roles within the finance function. This should be reviewed by an appropriate officer for them to confirm that the role is still required. This issue has been raised with the S&CA Systems Support team with a view to requesting a change to the Leavers and Movers form to include a section on removal of SAP access. AP Officer/S&C A Systems Team March 2015 Recommendation Implemented (Officer & Date) Page 6

Ref. Priority Findings Risk Arising/ Consequence not comprehensive and there may be other instances. C04: Payments to suppliers are made in accordance with the authority's payments procedures. 2 Low 3 Medium From the sample of 10 non-sap order invoices there were two examples of the coding slip not being completed correctly, with the calculations checked box not being signed. There is an agreed list of exceptions regarding which non-sap order invoices can be processed, this appears to be complied with. However, it is recognised that there remains a weakness within this confined area regarding lack of authorised signatures. This Incorrect or fraudulent invoices may be processed. An unauthorised officer may certify invoices. Fraudulent or incorrect invoices may be processed. Recommendation Management Response Responsibility and Timescale Where non-sap order invoices are received, coding slips should be checked and if incomplete, unsigned, or contain incorrect amounts, they should be returned. Only invoices that contain an authorised signature should be processed. An authorised signature list should be updated and maintained and should hold the individual cost centre numbers that the Agreed, the AP team are aware that these should be returned. Over the past 2 years we have reduced the number of non-order invoices processed in this manner significantly. System changes to the non-order function in SAP are currently being investigated that would lead to workflow approval for all non-order invoices. As above, the proposed system change would see the authorisation of non-order invoices using the sap authorisation tree as purchase order invoices, eliminating the need for an external signature list to be kept. AP Officer/ SAP team May 2015 AP Officer/ SAP team May 2015 Recommendation Implemented (Officer & Date) Page 7

Ref. Priority Findings Risk Arising/ Consequence is mitigated by the measures taken to reduce the number of non- SAP order invoices and a commitment to transfer these remaining payments to more secure and efficient processes. Recommendation Management Response Responsibility and Timescale signatory can authorise. Recommendation Implemented (Officer & Date) 4 Medium For 6 out of 20 invoices examined, it was found that the invoices were dated before the purchase order had been raised. Non-compliance with procedures. Formal authorisation from the budget holder hasn't been given prior to the commitment. A purchase order should be raised prior to the receipt of the invoice. We are currently working with all directorates to improve the current processes. AP will be introducing a NO PO No pay policy & aiming to introduce this in April 2015. Along side this new policy AP will be working closely with all SAP trainers to support users who are raising purchase orders after the invoice date. A new monthly report will be run by the AP team which will highlight the areas which aren't AP Officer June 2015 Page 8

Ref. Priority Findings Risk Arising/ Consequence Recommendation Management Response Responsibility and Timescale following the correct procedures Recommendation Implemented (Officer & Date) C05: Management exception reports are generated and reviewed and outputs checked for overall reasonableness. 5 Medium Purchase orders with debit or credit balances have not been up dated for some time. There are procedures in place to ensure that unmatched invoice receipt and goods receipt items are investigated i.e. a report is sent out by the Accounting Technician to enable directorates to investigate. However, it appears that this is not always carried out in a timely manner, with a significant number over 1 year old i.e. 338 items totalling 120,698 at the 26 th September 2014. Transaction MRBR which details blocked and rejected invoices shows there appear to be items going back 12 months to the beginning of 2014 Issues resulting in vendors with debit and credit balances will not be addressed meaning the amount could continue to increase in the future due to lack of investigation. Where a vendor account has a debit or credit balance which is over 2 months old, the Directorate that raised the order should investigate the situation and take the necessary action required. As described a monthly report is issued to Directorate Finance teams on GR/IR balances over 6 months old. Directorate teams have been reminded of the need to review and clear these transactions on a regular basis. Finance Manager completed Page 9

Ref. Priority Findings Risk Arising/ Consequence which total 4.9% of the transactions. Recommendation Management Response Responsibility and Timescale Recommendation Implemented (Officer & Date) 6 Medium From the sample of 25 invoices paid by the Accounts Payable team, 19 were paid within 30 days of the invoice date; however, payment of 6 of the invoices exceeded 30 days with the most significant delays being: 159 Days 54 Days 53 Days Comparing the invoice date and the dates stamped as received in Financial Services it appears that the Revenue Section does not always receive invoices promptly making it impossible to achieve payment within 30 days. Failure to meet performance targets. It is important that all invoices are processed for payment promptly in order to ensure that invoices are paid in a timely manner. Directorates should be written to again to remind them to pass invoices to the Revenue Section as soon as possible. Whilst performance in most cases is strong with the average time to pay is under 20 days in each quarter to date this year and over 60% paid in 10 days, there are exceptions which exceed the 30 day target. The introduction of a No PO No Pay policy is expected to lead to significant improvement in invoice processing efficiency. AP Officer June 2015 Page 10

Ref. Priority Findings Risk Arising/ Consequence Whilst accepting that delays are outside of the control of the Revenue Section it was agreed following the previous audit that individual directorates would be written to reminding them of the need to process invoices in a timely manner as per Revenue's performance indicator. From the sample of 25 invoices 2 invoices had not been paid within the Revenue Section's Target of 10 days from the date the invoice was input to the date the invoice was stamped in the Revenue Section. Recommendation Management Response Responsibility and Timescale Recommendation Implemented (Officer & Date) Page 11

Key to Priorities: High Medium Low This is essential to provide satisfactory control of serious risk(s) This is important to provide satisfactory control of risk This will improve internal control Limitations relating to the Internal Auditor's work The matters raised in this report are limited to those that came to our attention, from the relevant sample selected, during the course of our audit and to the extent that every system is subject to inherent weaknesses such as human error or the deliberate circumvention of controls. Our assessment of the controls which are developed and maintained by management is also limited to the time of the audit work and cannot take account of future changes in the control environment. Page 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information