Audit, Fraud and Risk Management Software Consideration to Purchase



Similar documents
Supplier & Contract Management System (SCMS)

3.2 TENDER FOR THE SUPPLY, INSTALLATION, AND SUPPORT OF A PROCURE TO PAY AND CONTRACT MANAGEMENT SYSTEM (CF ; MK:DW)

Information Commissioner's Office

Lessons learned from creating a change management framework

Provision of a Corporate Asset Management Software System

CRM Phase 3 Development, support and maintenance - Questions and Answers

PROCUREMENT & LOGISTICS DEPARTMENT

Non Housing Capital Programme. PROJECT Outline Business Case

Page 5. The Adult Social Services and Health Committee. The Strategic Director of Adult Social Services, Housing and Health

Steve Turpie, Chair of Audit Committee David Swales, Assistant Director of Finance

Internal Audit Terms of Reference

NHS BLOOD AND TRANSPLANT 28 NOVEMBER Contract for the Collection and Disposal of Clinical Waste: Award Recommendation.

2 Matters to report from internal audit work completed during the period

Perth & Kinross Council. Risk Assessment, Annual Audit Plan and Fee Proposal for 2007/08. External Audit Report No: 2008/01

PERFORMANCE DATA QUALITY STRATEGY

Page 97. Executive Head of Asset Planning, Management and Capital Delivery

Website development Invitation to Tender

Report of the Audit and Risk Committee

PROCUREMENT PROGRAMME PROCUREMENT OF CONSULTANTS HEAD OF WASTE STRATEGY AND CONTRACTS

Length of Contract: 2 months (with an option to extend for a further 5 months).

LSB Procurement Framework

Efficiency Scrutiny Committee 16 th September 2014 IT - Scrutiny of the Service Review process and viability of options for change

PERFORMANCE DATA QUALITY POLICY

This report outlines the business case for the purchase of an integrated HR & Payroll system.

GOVERNANCE AND MANAGEMENT OF CITY COMPUTER SOFTWARE NEEDS IMPROVEMENT. January 7, 2011

APPENDIX C. Internal Audit Report South Holland District Council Project Management

Invitation to Quote (ITQ) for STREET WORKS IT SOLUTION

The SME Engagement Handbook

HEALTH SERVICE EXECUTIVE NATIONAL FINANCIAL REGULATION LEASE AND RENTAL ARRANGEMENTS NFR-30

Department of Treasury and Finance

CloudDesk - Security in the Cloud INFORMATION

Portfolio: Transformation, Modernisation and Regulation

Business Intelligence is a system that collects, integrates, analyses and presents business information to support better business decision making.

A GOOD PRACTICE GUIDE FOR EMPLOYERS

Job Description. Supply Chain Development Manager

MARCH Strategic Risk Policy Update March 2012 v1.10.doc

Contract Management Guideline

Interim Audit Report. Borough of Broxbourne Audit 2010/11

CORPORATE PROCUREMENT POLICY

Version No: 2 Date: 27 July Data Quality Policy. Assistant Chief Executive. Planning & Performance. Data Quality Policy

Annual Governance Statement

Audit Manual PART TWO SYSTEM BASED AUDIT

Hertsmere Borough Council. Data Quality Strategy. December

MANAGING THE SOFTWARE PUBLISHER AUDIT PROCESS

TRANSPORT FOR LONDON AUDIT COMMITTEE STRATEGIC RISK MANAGEMENT PROGRESS REPORT

Vigilant Security Services UK Ltd Quality Manual

SUMMARY OF MONITOR S WELL-LED FRAMEWORK FOR GOVERNANCE REVIEWS: GUIDANCE FOR NHS FT S PUBLICATION Report by Trust Secretary

Managing ICT contracts in central government. An update

Part B1: Business case developing the business case

How To Write An Audit And Governance Committee Report On An Itd Plan

EXEMPT INFORMATION REPORT NO: 83/2015 Appendix 1 (See Paragraph 11) CABINET. 21 st April Social Care Case Management System

Procurement of Goods, Services and Works Policy

How are companies currently changing their facilities management delivery model...?

JOB DESCRIPTION. T&T Security and Resilience Manager. Technology and Telecommunications. Bedford, Chelmsford or Norwich

ITEM NO: 4. Date: 23 March Pam Williams Borough Treasurer Wendy Poole Head of Risk Management Audit Services. Reporting Officers:

Reliable supply chain information at your fingertips.

Becoming Tender Ready

Auditor General s Office. Governance and Management of City Computer Software Needs Improvement

Auditing Systems Development

CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT

SOMERSET COUNTY COUNCIL KEY DECISION TAKEN BY THE COMMERCIAL AND BUSINESS SERVICES DIRECTOR

CRM Initial Implementation PROJECT DOCUMENTATION PROJECT INITIATION DOCUMENT PID. Document Description. Version Number 0.1 Release Date Author

Date Date Date Date Name of TU rep. N/A Date. Date Date Date Date Date 4.09.

TENDER SPECIFICATION DOCUMENT. Mobile Phone Contract. Tender for Mobile Phone Contract for EMB-Group

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RATIFED MINUTES OF THE AUDIT COMMITTEE MEETING HELD ON 15 OCTOBER 2014

Consultancy spending approval process: Initial guidance to NHS foundation trusts

Transcription:

Agenda Item Executive Member for Resources and Advisory Panel 18 July 2005 Report of the Assistant Director (Audit and Risk Management) Audit, Fraud and Risk Management Software Consideration to Purchase Purpose of Report 1 This report presents details of the recent tender evaluation exercise undertaken to identify new software systems for the Audit, Risk Management and Fraud teams. The purpose of the report is to seek Members approval for the purchase of the two chosen software applications. Background 2 The Internal Audit team currently undertake and record the results of audit work using predominately manual systems audit files, working papers and reports. Computer applications such as Microsoft Word and Excel are used to support audit work wherever possible. 3 The systems used to support the business operation are a mixture of spreadsheets and manual records. The systems have all been developed in-house. Use is also made of the Cedar time-recording system. 4 The limitations of the existing arrangements have been recognised for a number of years. Internal Audit scored only 2 out of 4 in the last CPA auditor scored judgements. The Audit Commission has also raised concerns about Internal Audit in recent management letters. These concerns include; the ability and capacity of the team to deliver the audit plan; the quality of the information systems used to monitor audit input and outcomes. The Audit Commission have consequently recommended that investment should be made in new management information systems. 5 The Fraud Team currently uses an Access Database to record the results of investigations. The database was developed in-house approximately 5

years ago by a previous Fraud Team manager, who has since left the Council. The database is unreliable and various parts of the system can no longer be used. The system is not supported technically by the ITT department and cannot be developed further. The system also does not provide any management or performance related information and as a consequence the Team has to maintain various spreadsheets and manual records. Manual case files are also maintained which duplicate the information recorded on the Access database. 6 The recording, analysis and reporting of fraud information is time consuming and the current processes are inadequate to facilitate decision making. The Benefit Fraud Inspectorate, in their inspection report, raised a number of serious concerns about the system and in particular the lack of performance related information to enable the service to be managed effectively. 7 Risk Management is a relatively new function within the Authority and was established following the Risk Management Best Value Review in 2001/02. It is a corporate function with overarching links to Audit. The assessment of corporate risk is information intensive and to date this has been achieved through the use of Word documents and Excel spreadsheets. 8 The team is small and to be able to work effectively and accurately it is necessary to purchase specific risk management software to assist the process. Risk Management scored only 2 out of 4 in the last CPA auditor scored judgements. The Audit Commission have also pointed out in this year s Governance Report that operational risk management needs to be embedded across the Authority. It will not be possible to extend risk management and achieve a higher CPA score without acquiring software to support the process. 9 It is recognised that the current arrangements within all three areas are ineffective and do not enable the teams to work in the most efficient manner. The existing systems have evolved over a number of years and cannot easily be developed further. Improvements in efficiency and productivity will only come through investment in improved systems. 10 A business case for investing in an integrated Audit, Risk Management and Fraud system was prepared and a bid to support and fund the implementation of such a system was made against the 2005/06 Information Technology and Telecoms (ITT) Development Plan. The bid was considered and approved by the Executive on 26 October 2004. The total approved budget was as follows; Capital 45,323 Annual revenue costs (from 2005/06 onwards) 16,931 The capital budget is used as a guide only since the hardware, software licences, training and implementation costs are financed by means of a five

year leasing arrangement. The leasing costs, together with the annual maintenance costs are charged against revenue budget. 11 Implementation of new systems within the Audit, Fraud and Risk Management teams will help to deliver; improved effectiveness in the arrangements for monitoring the Council s corporate governance arrangements, including the systems necessary to produce the annual Statement of Internal Control; improved reporting arrangements to Members and senior management on risk management and corporate governance matters; improved perception of the service by the Audit Commission and BFI, and hence the likelihood of improvement in the current auditor scored CPA judgements for the three teams; more effective risk management arrangements within the Council, including easier monitoring of strategic and operational risk registers; a reduction in the time necessary to complete audit assignments of between 5% and 10% (based on experience of other local authority internal audit teams); improved quality of output resulting in quicker and more consistent audit reporting and fraud case file preparation; reduced printing and stationery costs; more effective resource allocation within the audit and fraud teams so that current and developing risk areas can be effectively identified and targeted; significantly improved management information and reporting; reduced file storage requirements; improved data security particularly in respect of sensitive fraud investigations. Tender Evaluation 12 Initial analysis of the market identified a number of possible software applications which could provide an integrated audit and risk management solution. However, none of these applications also provided the functionality required by the Fraud team, without potentially expensive customisation. A number of separate fraud systems were however identified. The decision was therefore taken to procure two separate applications, one for audit and risk management and the other for fraud investigation. The two applications would however be co-hosted on the same server and be implemented in tandem.

13 Detailed technical and user specifications for the two systems were prepared. Potential suppliers were identified and confirmation sought that their applications would operate in a Citrix environment. Those systems which did not meet the Council s IT standard were discounted. Tenders were subsequently invited from the following suppliers; Audit and Risk Management Supplier Howarth Software Services Morgan Kai Pentana Product Galileo/Magique (.net version) AuditVision PAWS Fraud Supplier Anite Civica Intec Public Sector Business Integration Technologies (BIT) Product FIMS II FDMS Incase RITE - ICM 14 Product demonstrations were also arranged for all the applications. The tender responses and demonstrations were scored by the project team and a shortlist of the most suitable products was then agreed. Two references were then obtained for each of the short-listed products. 15 The tender submissions were scored on the basis of both price and quality (using the most economically advantageous tender approach). The results of the product demonstrations and the references were also used to inform the quality assessment. The following criteria were considered as part of the quality assessment; functionality; performance, flexibility and ease of use; training; ongoing support and product development; previous experience of similar projects; customer base and knowledge of local authority requirements. Each of the products were also subject to a detailed technical evaluation. 16 The results of the tender evaluation are summarised in Confidential Annex 1. The two products which achieved the highest scores in the tender evaluation exercise were Galileo/Magique (for audit and risk management) and Incase (for fraud).

17 The Howarth Galileo/Magique product meets all the requirements detailed in the technical and user specification. The application has a good look and feel and offers clear links between risk management and audit activities. Galileo/Magique is used by an extensive number of organisations, including over 50 local authorities, of which 15 have implemented the latest.net version. The supplier has a good track record of working with the public sector. The supplier also offers good ongoing technical and user support as well as a commitment to future product development. Good references were received from the Councils contacted during the tender evaluation process. The Pentana PAWS product meets all the requirements detailed in the technical and user specification. However, the product has only been implemented fully by one other local authority. The underlying technical architecture is also considered not to be as advanced as the Galileo/Magique product. 18 The Civica (FDMS) and Intec (Incase) products both meet the minimum requirements detailed in the technical and user specification. The look and feel of Incase was however considered to be marginally better than FDMS and would require less change in current working practices. Intec has a larger local authority user base for their fraud system than Civica. Good references were also received from the authorities who use Incase. In addition, the Intec product offers better value for money. Although the base cost of the two products is similar, the tender from Intec also included the supply and installation of a data interrogation module for use in proactive counter fraud work. The similar module from Civica was only offered as an optional extra. 19 The BIT fraud product is still being developed and was incomplete at the time of the demonstration. Although the product is being piloted by two authorities the supplier has no proven track record in respect of fraud case management systems. The proposal from BIT is also based on the company hosting the application on their server with access via the internet. Such an arrangement would give rise to concerns about data security and future availability since the Council would be fully reliant on the supplier to provide a secure and resilient service. The preference is instead to co-host the fraud application on the same server as the audit and risk management application. Financial Implications 20 The combined cost of the two chosen software applications is above the initial approved ITT Development Plan budget of 16,931. The additional ongoing revenue costs are 1,717pa, and these have been met through a further budget allocation from the ITT Development Plan of 1,800. 21 In accordance with Financial Regulations, Executive Member approval is required because the lowest priced tenders have not been chosen in either case. Other Implications (HR and Legal)

22 None. Recommendations 23 Members are asked to advise the Executive Member for Resources to; - approve the purchase of Howarth (Galileo/Magique) audit and risk management software and Intec (Incase) fraud software. Contact Details Author: Max Thomas Audit and Fraud Manager Telephone: 01904 551706 Chief Officer responsible for the report: Liz Ackroyd Assistant Director Audit and Risk Management For further information please contact the author of the report Background Papers:

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information