Gravesham Borough Council

Similar documents
Gravesham Borough Council

Internal Audit Charter. Version 1 (7 November 2013)

Report of Don McLure, Corporate Director of Resources

CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT

Internal Audit Strategic and Annual Plans 2015/16

CAMBRIDGE CITY COUNCIL

1.1 Terms of Reference Y P N Comments/Areas for Improvement

DERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY

INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE

Internal Audit Terms of Reference

Appendix 4 - Statutory Officers Protocol

Public Sector Internal Audit Standards. Applying the IIA International Standards to the UK Public Sector

Hunter Hall International Limited

APES 325 Risk Management for Firms

Public Sector Internal Audit Standards. Applying the IIA International Standards to the UK Public Sector

Annual Report of Internal Audit 2012/13

Welsh Government Response to the Report of the National Assembly for Wales Public Accounts Committee on Grant Management in Wales Final Report

RISK MANAGEMENT POLICY (Revised October 2015)

INFORMATION GOVERNANCE POLICY

APPENDIX: CHECKLIST COMPLIANCE WITH THE CODE

The Regulatory Framework for Social Housing in England Governance and Financial Viability standard requirement: Governance Annual Assessment

Public Sector Internal Audit Standards

Internal Audit Quality Assessment Framework

Governance and Audit Committee 23 November 2015

Hertsmere Borough Council. Data Quality Strategy. December

7 Directorate Performance Managers. 7 Performance Reporting and Data Quality Officer. 8 Responsible Officers

Internal Audit Division

UPDATE ON THE INTERNAL AUDIT AND INVESTIGATION SHARED SERVICE

Code of Corporate Governance

Housing Association Regulatory Assessment

Customer Feedback Report

Annual Governance Statement 2013/14

23. The quality management system

RISK MANAGEMENT POLICY AND STRATEGY. Document Status: Draft. Approved by. Appendix 1. Originator: A Struthers. Updated: A Struthers

Work-related stress risk assessment guidance

Guidance for audit committees. The internal audit function

Business Continuity Policy. Version 1.0

GLASGOW SCHOOL OF ART OCCUPATIONAL HEALTH AND SAFETY POLICY. 1. Occupational Health and Safety Policy Statement 1

DRAFT. Informing the audit risk assessment for Cheshire Fire Authority. Year ending 31 March 2013 xx April 2013

Gravesham Borough Council. Report to Cabinet. Digital Performance Manager. Single Customer Contact Platform

The Risk Management strategy sets out the framework that the Council has established.

Data Quality Policy. Appendix A. 1. Why do we need a Data Quality Policy? Scope of this Policy Principles of data quality...

University of New England Compliance Management Framework and Procedures

STATES OF JERSEY INTERNAL AUDIT: FOLLOWING UP THE REPORT OF THE COMPTROLLER AND AUDITOR GENERAL (P.A.C.3/2014) RESPONSE OF DEPARTMENTS

the role of the head of internal audit in public service organisations 2010

Risk Management Policy and Process Guide

Quality Control for an Engagement Conducted in Accordance With Generally Accepted Auditing Standards

Internal Audit at the University of Cambridge.

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT

Risk Management Policy

Effective Internal Audit in the Financial Services Sector

SCRUTINY COMMITTEE ITEM MARCH 2012

Informing the audit risk assessment Enquiries to those charged with governance Calderdale Council. Year ended 31 March 2013

Achieve. Performance objectives

NOT PROTECTIVELY MARKED. Suffolk County Council DATA QUALITY POLICY

Cumbria Constabulary. Business Continuity Planning

APES 320 Quality Control for Firms

How quality assurance reviews can strengthen the strategic value of internal auditing*

AUDIT COMMITTEE 25 JUNE 2015

Auditing data protection a guide to ICO data protection audits

ISO & ISO Legal Compliance Know Your Risk - Reduce your Risk"

Gravesham Borough Council. Leader of the Executive

Job Description. Information Assurance Manager Band 8A TBC Associate Director of Technology Parklands and other sites as required

DATA QUALITY STRATEGY

The Compliance Universe

ISO 9001:2015 Overview of the Revised International Standard

Annual Audit Letter. Kettering General Hospital NHS Foundation Trust Audit 2010/11

Internal Audit Manual

BUSINESS CONTINUITY POLICY. UHB 050 Version No: 4 Previous Trust / LHB Ref No: Interim Civil Contingencies and Emergency Planning Manager

Service Delivery Plan 2007/8 Template 1. Delivery plan

The NHS Foundation Trust Code of Governance

Accredited Body Report CPA Australia. For the period ended 30 June 2013

Quality Assurance Checklist

VISION FOR LEARNING AND DEVELOPMENT

Best Practice Policy

Steve Turpie, Chair of Audit Committee David Swales, Assistant Director of Finance

F36D 04 (LMC B1) Lead and manage provision of care services that respects, protects and

Audit and Risk Committee Charter. Knosys Limited ACN (Company)

Establishing a Quality Assurance and Improvement Program

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

How To Manage The Council

Internal Audit Charter

1. Trustees annual report

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16

Audit, Risk Management and Compliance Committee Charter

Perth & Kinross Council. Risk Assessment, Annual Audit Plan and Fee Proposal for 2007/08. External Audit Report No: 2008/01

Information Governance Strategy

Information Governance Strategy 2015/16

Data Quality Action Plan

SKILLS AUDIT Board Skills Audit and Appraisal. For Executive and Non- Executive Directors, Trustees and Governors

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

Standards for the Professional Practice of Internal Auditing

Management. Level 4 NVQ Diploma in Management (QCF) 2014 Skills CFA Level 4 NVQ Diploma in Management (QCF) Page 1

Quality Manual ISO 9001:2015 Quality Management System

Site visit inspection report on compliance with HTA minimum standards. London School of Hygiene & Tropical Medicine. HTA licensing number 12066

Information Governance Strategy

Internal Audit (policy & procedure)

National Standards for Disability Services. DSS Version 0.1. December 2013

Building the Assurance Framework: A Practical Guide for NHS Boards

European Investment Bank. Charter for Internal Audit

Transcription:

Classification: Public Key Decision: No Gravesham Borough Council Report to: Finance & Audit Committee Date: 16 July 2013 Reporting officer: Subject: Service Manager (Audit & Performance) Self-assessment against the Public Sector Internal Audit Standards Purpose and summary of report: To inform Members of the results of the assessment of the Internal Audit function against the Public Sector Internal Audit Standards, effective from 1 April 2013. Recommendations: Members note the content of the report and the actions required to work towards compliance with the Public Sector Internal Audit Standards. 1. Introduction 1.1 From 1 st April 2013 the Internal Audit team has been working to the Public Sector Internal Audit Standards (PSIAS), defined as proper practice for Internal Audit in the UK Public Sector. The Standards are supplemented by a mandatory local government sector-specific application note issued by the Chartered Institute of Public Finance & Accountancy (CIPFA). 1.2 In April 2013, the Service Manager (Audit & Performance) informed the Finance & Audit Committee of the implementation of the new PSIAS. It was agreed that a self-assessment would be undertaken of the council s Internal Audit Service to demonstrate the extent to which the service complied with the PSIAS (and the supplementary application note) and to identify areas where further work was required to demonstrate compliance. 2. Self-Assessment against the Public Sector Internal Audit Standards 2.1 The self-assessment was completed in June 2013. A summary of the assessment findings is presented in this report, highlighting where the existing service complies with the PSIAS and where action is required to address areas of current non-compliance.

2.2 The PSIAS are broken down into two main areas; Attribute Standards address the characteristics of organisations and parties performing Internal Audit activities. Performance Standards describe the nature of Internal Audit activities and provide quality criteria against which the performance of these services can be evaluated. 3. Attribute Standards 3.1 Standard 1000 - Purpose, Authority and Responsibility 3.2 The Standards require the purpose, authority and responsibility of the Internal Audit activity to be formally defined in an Internal Audit charter, consistent with the Definition of Internal Auditing, the Code of Ethics and the Standards. The chief audit executive (Head of Internal Audit) must periodically review the Internal Audit charter and present it to senior management and the board (Finance & Audit Committee) for approval. 3.3 The existing Internal Audit Charter sets out the purpose, authority and responsibility of the council s Internal Audit Service. This will need to be updated to reflect the requirements of the PSIAS and will be presented to management and Members for consideration and approval, in line with the terms of reference of this committee. 3.4 Standard 1100 Independence and Objectivity 3.5 The Standards require Internal Audit activity to be independent and Internal Auditors to be objective in performing their work. 3.6 The current functional arrangements for Internal Audit enable the Service Manager (Audit & Performance) to report to the Council s Management Team, Chief Executive and the Finance & Audit Committee in her own name and report operationally to a member of the corporate management team. Full compliance to the Standards will require minor amendment to arrangements for the performance appraisal of the Service Manager (Audit & Performance) to incorporate feedback from the Chief Executive and the Chair of Finance & Audit Committee. 3.7 There are arrangements currently in place to ensure the integrity of Internal Auditors and their work built into existing audit planning and quality control processes. The team workload is managed to ensure that individual auditors do not assess any operations for which they have previously held any responsibility, been instrumental in process development through consultancy work, or in which they have any interests. 3.8 Standard 1200 Proficiency and Due Professional Care 3.9 The Standards require that engagements must be performed with proficiency and due professional care. 3.10 The Service Manager (Audit & Performance) is suitably qualified and experienced and has arrangements in place to ensure the team has the appropriate 2

competencies, skills, experience and personal attributes as required by the Standards. The team has existing arrangements in place that to ensure all audit work is carried out with due professional care including regular one to one and appraisal meetings, monitoring of performance against individual targets and the team s seven performance measures. 3.11 Standard 1300 - Quality Assurance & Improvement Programme 3.12 The Standards require the chief audit executive to develop and maintain a quality assurance and improvement programme that covers all aspects of the Internal Audit activity. 3.13 The team has robust quality control arrangements in place currently that ensure a senior officer reviews all audit work before it is issued to clients. Client satisfaction with the service is monitored through surveys issued following each audit review and biannually to assess overall performance. The team s performance is measured against seven performance measures and these are incorporated into the Annual Review of Effectiveness of Internal Audit reported to Management Team and the Finance & Audit Committee for validation. As part of the Annual Review of Effectiveness, the team also conducts a self-assessment against proper practice; for 2013-14 this assessment will be against the PSIAS. 3.14 This section of the Standards also details specific requirements for an external assessment against the standards to be carried out at least once every five years; consideration is currently being given to how this assessment can be delivered and this will be reported to the Finance & Audit Committee for decision at the appropriate time. 4. Performance Standards 4.1 Standard 2000 Managing the Audit Activity 4.2 The Standards require the chief audit executive to effectively manage the Internal Audit activity to ensure it adds value to the organisation. 4.3 Arrangements are currently in place for the Internal Audit activity to be managed in line with the requirements of this Standard. The function is considered to be achieving its purposes and responsibility as set out in the Internal Audit Charter and arrangements are in place for preparing a risk based plan that is subject to approval by the Finance & Audit Committee. There are policies and procedures in place to manage the audit resource available to deliver the plan, and to ensure coordination of the work of Internal Audit with that of other assurance providers. There are existing arrangements in place for Internal Audit to report to senior management and the Finance & Audit Committee. 4.4 To ensure full compliance the Internal Audit Manual will be updated to reflect the Standards and Internal Auditors will be required to sign-up to the Standards and Code of Ethics on an annual basis; previously the team have signed-up to the CIPFA Code of Practice as was required under that regime. In addition the format of the Annual Audit plan brought to the Finance & Audit Committee for approval will be adjusted to reflect Internal Audit s place in the council s Risk Management processes and to show the respective priorities of individual pieces of work. 3

4.5 Standard 2100 Nature of Work 4.6 The Standards requires the Internal Audit activity to evaluate and contribute to the improvement of governance, risk management and control processes using a systematic and disciplined approach. 4.7 Existing arrangements are in line with the Standards; Internal Audit make recommendations to improve the council s control environment and action taken by management to implement recommendations is monitored and reported to Management Team and the Finance & Audit Committee. Internal Audit fulfils a key role in promoting ethics, values, risk and control awareness and arrangements within the Council through both its planned and responsive workloads and also through participation in the Annual Governance Review process to prepare the council s Annual Governance Statement. 4.8 Standard 2200 Engagement Planning 4.9 The Standards require Internal Auditors to develop and document a plan for each engagement, including the engagement s objectives, scope, timing and resource allocations. 4.10 Current engagement planning arrangements are in line with the Standards for all control assurance work carried out by the team, including preparing and agreement Internal Audit Briefs with clients in advance of audit reviews that set out the objectives, scope and resources allocated to the specific review. 4.11 To fully comply with the Standards, the template Internal Audit Brief will be amended to give more detail of the nature of testing specifically identifying, analysing and evaluating information. It will also be necessary for the team to issue a formal Internal Audit Brief for all consultancy engagements where previously this has only been the case for significant project work. 4.12 Standard 2300 Performing the Engagement 4.13 The Standards require Internal Auditors to identify, analyse, evaluate and document sufficient information to achieve the engagement s objectives. 4.14 Existing arrangements in place to perform Internal Audit reviews are in line with the Standards with individual auditors identifying, analysing, evaluating and documenting sufficient information to support their conclusions and recommendations made to client management. 4.15 Standard 2400 Communicating Results 4.16 The Standards require Internal Auditors to communicate the results of engagements. 4.17 Current arrangements to communicate the results of Internal Audit work are considered to be of a high quality (supported by client feedback) and meet the requirements of the Standards, providing clients with details of work undertaken, findings and conclusions drawn. Arrangements are in place for reports to be finalised with agreement of the client to recommendations prioritised according to risk and final reports record responsible officers and timescales for action agreed. Arrangements are also in place for the Service Manager (Audit & Performance) to 4

deliver an annual opinion on the council s internal control environment in line with the Standards. 4.18 This section of the Standards also details in what circumstances Internal Audit teams may declare that their work has been conducted in conformance with the Standards and the requirement to disclose of any non-compliance if doing so. Internal Audit at Gravesham will not give consideration to making this declaration until the actions identified in this report to work towards compliance with the PSIAS are taken. 4.19 Standard 2500 Monitoring Progress 4.20 The Standards require the chief audit executive to establish and maintain a system to monitor the disposition of results communicated to management. 4.21 Internal Audit has arrangements in place to monitor and follow up on recommendations to enhance the control environment that are agreed with client management to ensure weaknesses identified are addressed promptly; the results of this process are regularly reported to Management Team and the Finance & Audit Committee. 4.22 Standard 2600 - Communicating the Acceptance of Risks 4.23 The Standards required that, when the chief audit executive concludes that management has accepted a level of risk that may be unacceptable to the organisation, the chief audit executive must discuss the matter with senior management. If the chief audit executive determines that the matter has not been resolved, the chief audit executive must communicate the matter to the board. 4.24 Client management at Gravesham Borough Council respond positively to the work of Internal Audit and this situation has not arisen to date; however there are arrangements in place for such a situation to be reported to Management Team and the Finance & Audit Committee should this arise. 5. Next Steps The Internal Audit team will work towards compliance with the requirements of the PSIAS over the remainder of the financial year. 6. BACKGROUND PAPERS 6.1 Background papers include the full self-assessment of the council s Internal Audit service against the PSIAS and the application note issued by CIPFA. Please contact Committee & Electoral Services should you wish to inspect these papers. 5

IMPLICATIONS APPENDIX 1 Legal Finance and Value for Money Risk Assessment Equality Impact Assessment The Accounts and Audit Regulations 2011 require the council to undertake an adequate and effective Internal Audit of its accounting records and of its system of internal control in accordance with the proper practices in relation to internal control. Proper practice is currently defined as that contained within the CIPFA s Code of Practice for Internal Audit in Local Government 2006. From 1 st April 2013, proper practice will be the common set of Public Sector Internal Audit Standards (PSIAS) for the UK Public Sector. There are currently no known finance or value for money considerations as a result of the introduction of the PSIAS. Potential options for conducting the external assessment of Internal Audit will be considered. Failure to embrace the PSIAS could result in a non-compliant Internal Audit service. Screening for Equality Impacts Question Answer Explanation a. Does the decision being made or recommended through this paper have potential to cause adverse impact or discriminate against different groups in the community? b. Does the decision being made or recommended through this paper make a positive contribution to promoting equality? No No No Impact No Impact c. What steps are you taking to mitigate, reduce, avoid or minimise the impacts identified above? N/A In submitting this report, the Chief Officer doing so is confirming that they have given due regard to the equality impacts of the decision being considered, as noted in the table above 6

Corporate Business Plan Crime and Disorder The work of the Internal Audit Team supports the council in achieving all of its areas of focus set out in the Corporate Business Plan but is particularly relevant to area of focus 18; working to ensure council services provide value for money and are delivered effectively. Internal Audit provides an independent and objective opinion to the organisation on the control environment, by evaluating its effectiveness in achieving the organisations objectives. The work of Internal Audit combined with a sound internal control environment has a positive contribution to community safety in its broadest sense.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information