Annual Report of Internal Audit 2012/13

Open Decision Item 4 Audit & Governance Committee 19 th June 2013 Annual Report of Internal Audit 2012/13 SYNOPSIS To report on Internal Audit s opinion of the overall adequacy and effectiveness of the Council s internal control environment, with an appended summary of the audit work undertaken to formulate the Opinion. The report also contains associated information on the effectiveness and performance of Internal Audit for the 2012/13 financial year. 1. Relevant Background Details The Accounts and Audit Regulations require that the Head of the Council s Internal Audit function produce an annual report to the Council s Audit Committee. The report must include an explicit Internal Audit opinion on the Council s systems of control and risk management and its governance arrangements. In developing the Internal Audit opinion, the Head of Internal Audit must cite the relevant evidence used for opinion purposes. There is also a requirement to report an annual review of the effectiveness of the Internal Audit function to provide Members with a basis for determining the extent to which reliance can be placed on the Internal Audit opinion. At a minimum there is an expectation that an effective Internal Audit function will operate in compliance with the CIPFA Code of Practice for Internal Audit. 2. Report Opinion on the Overall Adequacy and Effectiveness of the Council s Control Environment It is the responsibility of the Head of the Welland Internal Audit Consortium, in his role as the Council s Head of Internal Audit, to produce the Internal Audit opinion, based upon sufficient relevant evidence. The opinion for 2012/13 is that the Council s overall internal control arrangements provide a: Sound Level of Assurance This represents the second highest of the five levels of assurance within the model adopted by the Consortium and indicates a satisfactory management of risk. While some elements of the control framework require attention, audit recommendations have been made to address those issues and responsible managers have agreed timetables for their implementation. The evidence to support that opinion is set out in detail in Appendix A: Evidence to Support Annual Audit Opinion. Effectiveness of Internal Audit The requirement for a review of the effectiveness of internal audit for 2012/13 was met by a self-assessment of the Consortium s compliance with the CIPFA Code of Practice for Internal Audit. The detailed results of that review are included in Appendix B: Self-Assessment of compliance with CIPFA Code of Practice for Internal Audit. The self-assessment demonstrated that previously declared staffing issues have made it impossible for the Consortium to comply fully with the five of the 11 relevant CIPFA Standards. It also identified a requirement to develop the capacity of the Audit & Governance Committee itself in order to achieve full compliance with a further two Standards. As previously reported to Members, the new mandatory Public Sector Internal Audit Standards (PSIAS) came into effect from April 1 st 2013. The most fundamental change introduced by the Standards is the requirement to commission periodic reviews of the 012 1

effectiveness of internal audit undertaken by an appropriately qualified and independent external assessor. The lead Authority for the Consortium has commissioned an early independent external review of the effectiveness of internal audit. It is expected that the external review will evaluate both conformance with prescribed policies and processes and the effectiveness of internal audit activity : this would encompass both the activities of the Consortium and those of the Committee. The results of the independent review will be used to drive compliance with the PSIAS. 3. Options to be considered There are no direct options to be considered as a result of this report. 4. Issues to be taken into account:- Policy Priorities There are no direct policy implications as a result of this report. Financial There are no direct financial implications as a result of this report. Legal Internal Audit is a statutory function as detailed in the following: i) Audit and Accounts Regulations 2006 [England] ii) Section 151 of the Local Government Act 1972 Performance Information The Consortium uses a number of performance indicators for management purposes. The relevant indicators for 2012/13 are set out in Table 2 below. Indicator Measure of... Target Actual Percentage of available Efficiency 88% 84% time spent on chargeable work Percentage of audits Effectiveness More than half within allocated 65% completed within days allocated days Customer Satisfaction Quality 3.5 3.66 Best Value The assurance rating provided in respect of the Council s internal control environment is a predictor of the Council s capacity to manage its resources so as to deliver value for money. Human Rights There are no direct human rights implications as a result of this report. Equalities There are no direct equalities implications as a result of this report. Sustainability There are no direct sustainability implications as a result of this report. Community Safety There are no direct community safety implications as a result of this report. 012 2

5. Conclusion As reported in section 2 of the report, Welland Internal Audit Consortium is of the opinion that, based on the work completed during 2012/13, overall a Sound level of assurance can be provided in connection with the Council s internal control environment. 6. Recommendation The Members:- i) Note the Annual Report of Internal Audit. External Consultations Not Applicable List of Appendices Appendix A Evidence to support Annual Audit Opinion. Appendix B - Self-Assessment of compliance with CIPFA Code of Practice for Internal Audit. Officer to Contact Chris Green Audit Manager, Welland Internal Audit Consortium 07917 426528 012 3

CORBY BOROUGH COUNCIL EVIDENCE TO SUPPORT ANNUAL AUDIT OPINION 2012-13 Date: 19 th June 2013 Page1

Background 1. The work of internal audit is governed by the Accounts and Audit Regulations 2011; the CIPFA Code of Practice for Internal Audit in Local Government (2006) and associated Standards; and, since 1 st April 2013, by the Public Sector Internal Audit Standards. The Code of Practice requires the Head of Internal Audit to report to those charged with governance the findings of audit work; provide an annual opinion on the effectiveness of the Council s internal control environment and identify any issues relevant to the preparation of the Annual Governance Statement. Internal Audit Work Carried Out 2012/13 2. During 2012/13 planned internal audit work was undertaken to provide assurance about all aspects of the Council s activities, specifically Key Financial Systems ICT Governance & Performance Counter-Fraud Arrangements Customer-Facing Services 3. Additional work was also commissioned to carry out an independent review into the sequence of events relating to a series of transactions involving land owned by the Council at the St James Industrial Estate. 4. Pages 4 to 13 provide a summary of work undertaken and the audit opinion associated with each completed audit. Internal Audit Opinion and Assurance Statement 5. It is the Head of Consortium s Opinion that the overall Assurance Level provided by the Council s internal control framework is Sound. That Opinion reflects the fact that levels of assurance for individual audit assignments were in the Good/Sound range for: Key Financial Systems; ICT; Customer Facing Services while there was a Marginal assurance rating for the Council s general Counter Fraud Arrangements and a Marginal assurance rating for one of the five Governance and Performance audits. None of the audits completed in 2012/13 resulted in a worse than Marginal rating. Page2

Limitations and Responsibilities Limitations inherent to the internal auditor s work The Consortium has prepared the Annual Report of Internal Audit and undertaken a programme of work agreed by the Council s senior managers and approved by the Audit and Governance Committee subject to the limitations outlined below. Opinion The Opinion is based, primarily, on work undertaken as part of the agreed 2012/13 Audit Plan. Each audit assignment undertaken addressed the control objectives agreed with the relevant, responsible managers. There might be weaknesses in the system of internal control that we are not aware of because they did not form part of our programme of work; were excluded from the scope of individual internal assignments; or were not brought to our attention. As a consequence, the Audit and Governance Committee should be aware that the Opinion might have differed if our programme of work, or the scope of individual assignments was extended or other relevant matters were brought to our attention Internal Control Internal control systems, no matter how well designed and operated, are affected by inherent limitations. These include the possibility of poor judgement in decision making; human error; control processes being deliberately circumvented by employees and others; management overriding controls; and unforeseeable circumstances. Future Periods Our assessment of the Council s control framework is for the year ended 31 st March 2013. This historic evaluation of effectiveness may not be relevant to future periods due to the risk that: The design of controls may become inadequate because of changes in operating environment, law, regulatory requirements or other factors; or The degree of compliance with policies and procedures may deteriorate. Responsibilities of management and internal auditors It is management s responsibility to develop and maintain sound systems of risk management; internal control and governance; and for the prevention or detection of irregularities and fraud. Internal audit work should not be seen as a substitute for management s responsibilities for the design and operation of these systems. The Consortium endeavours to plan its work so that there is a reasonable expectation that significant control weaknesses will be detected. If weaknesses are detected additional work is undertaken to identify any consequent fraud or irregularities. However, internal audit procedures alone, even when carried out with due professional care, do not guarantee that fraud will be detected, and our work should not be relied upon to disclose all fraud or other irregularities that might exist. Page3

Summary of Internal Audit Work Undertaken for 2012/13 Audit Assignment Assurance Rating Area Reviewed Fundamental Financial Systems Benefits Good Full system audit covering controls relating to: assessment of claims; dealing with changes in circumstances; identification and recovery of overpayments; and secure payments to clients. Date of Reporting March 2013 Comments Compliance with regulatory requirements, clearly defined processes, accuracy of processing, security of payments. Delays in commissioning changes to software to support Council decisions on localisation of benefits now in progress. Direction of Travel Budgeting & Budgetary Control Good Full system audit covering controls relating to: development and approval of annual budgets; and arrangements to monitor budgets in-year and deal with budget variances. May 2013 Engagement of Members in budget setting. Robust monitoring process including regular meetings between budget holders and accountants. None identified. Page4

Audit Assignment Assurance Rating Area Reviewed Cash & Banking Sound Full system audit covering controls relating to: recording and accounting for income received; cash collection security; system security and data protection. Date of Reporting March 2013 Comments Record keeping, IT back up plan, monitoring of income including discrepancies, accurate and timely update of customer accounts, bank account review and reconciliation. Direction of Travel Petty cash spot checks identified that recording and authorisation of transactions could be improved. Creditors Good Full system audit covering controls relating to: approval of orders and authorisation of invoices received from creditors. March 2013 Segregation of duties, review of payments prior to processing, system reconciliations, payment processing time above target. High proportion of orders raised on or after date of invoice; however performance monitoring in place and the matter is discussed at budget monitoring meetings. Page5

Audit Assignment Assurance Rating Area Reviewed Debtors Good Full system audit covering controls relating to: accurate identification of debts due; timely billing and effective pursuit of debts; accounting for income received; and write off of irrecoverable debts. Date of Reporting May 2013 Comments Effective controls to ensure timely and accurate billing, security and access to financial data, segregation of duties, authorisation of write offs, follow up of unpaid debts. None identified. Direction of Travel Fixed Assets Good System audit covering maintenance of asset register and correct valuation of assets. March 2013 Recording and valuation of assets in line with IFRS, satisfactory results of physical verification testing, satisfactory arrangements to ensure update and reconciliation of asset register. Scope for the Council to introduce its own annual rolling programme of asset existence checks for portable, desirable items. Page6

Audit Assignment Assurance Rating Area Reviewed Local Taxes Sound Full system audit covering controls relating to: billing and collection of taxes; and reliefs and discounts sought and granted. Date of Reporting April 2013 Comments Maintenance of accurate tax base, accuracy of billing of taxpayers, accurate records of taxes paid, pursuit of taxes due. Direction of Travel Scope to improve review and sign off of NNDR reconciliations to ensure completed correctly. Main Accounting System Sound Full system audit covering controls relating to: accurate recording of all transactions in the General Ledger and the Accounts. May 2013 Procedures for upload of approved budget to system, staff training, authorisation and review of virements, review of journal entries, reconciliation controls. Scope to improve accuracy of recharges for any officers charged to HRA account who spend a proportion of time working on General Fund activities. Page7

Audit Assignment Assurance Rating Area Reviewed Treasury Management Good Full system audit covering controls relating to: the Council s Treasury Management Policy, accuracy, completeness and timeliness of transaction recording, security of information. Date of Reporting January 2013 Comments Treasury Management Strategy complies with CIPFA Code of Practice, reporting to Members, transaction authorisation, segregation of duties. None identified. Direction of Travel Payroll & Employee Benefits Good Full system audit covering controls relating to: processing and recording of payroll related payments and deductions. March 2013 Segregation of duties, annual review of posts as part of budget setting process, authorisation of payments, application of increments, reconciliation arrangements, recovery of overpayments. None identified. Housing Rents Good Full system audit covering: rent calculation and setting; rent collection; arrears management; maintenance of accounts. March 2013 Performance targets for collection rates including review by CMT and Members, system reconciliations, recovery arrangements for arrears, segregation of duties, and accuracy of records. None identified. Page8

Audit Assignment ICT Corporate ICT - Business Continuity, Data Security, Project Management Assurance Rating Sound Counter-Fraud Arrangements Counter Fraud General Marginal Arrangements Area Reviewed Audit to confirm that physical IT assets are protected from accidental or malicious loss or damage, procedures in place to ensure systems can be restored in the event of a disaster, and that software purchased is required and implemented in a controlled manner. Audit undertaken to establish how well the Council s existing counter-fraud arrangements match the new expectations set out in the Government s Local Government Counter Fraud Strategy. Date of Reporting May 2013 October 2012 Comments Security of server rooms and IT assets, policy documents covering use of IT equipment, management and monitoring of ICT projects including committee engagement. Update, review and testing of IT Disaster Recovery Plans, in line with update of Business Continuity Plan. Counter Fraud Strategy, Financial Procedure Rules, contract standing orders, disciplinary procedures, preemployment checks, whistleblowing policy, Member and Officer Codes of Conduct all in place. Direction of Travel N/A N/A Annual review of effectiveness of policies, Member training, refresher training for Officers. Some declarations of interest and gifts/ hospitality forms are not returned. Page9

Audit Assignment Assurance Rating Area Reviewed Governance & Performance Business Continuity Marginal Audit undertaken to provide assurance that Business Continuity Plans are complete, comprehensive and regularly tested; and provide appropriate guidance to ensure service continuity with appropriate communication and resourcing. Corporate Governance Arrangements Sound Audit undertaken to provide assurance that the Council's governance arrangements are improving and that there has been an appropriate response to internal audit recommendations made in July 2012. Date of Reporting April 2013 April 2013 Comments The Council has entered a newly formed partnership for Health & Safety, Emergency Planning and Business Continuity which provides opportunity for further development of practices. Business Continuity Plans require review, update, testing and communication to key officers. Formally adopted standards of behaviour, structures and processes designed to promote informed decision making, standing orders to promote informed debate, new Improvement Board established. Extensive evidence of stakeholder consultation activity; however no corporate policy on consultation. The Council would also benefit from developing a corporate model for Member appraisal and development, and a corporate partnership governance framework. Direction of Travel N/A Page10

Audit Assignment Strategic (Corporate) Decision Making & Leadership Assurance Rating Good Area Reviewed Audit undertaken to provide assurance that legitimacy of strategic decisions can be demonstrated, informed strategic decision making takes place, and that strategic priorities are set and managed. Date of Reporting April 2013 Comments Clear framework for decision making, Member briefings on key issues, formal identification of key partners and external stakeholders, staff focus group to maximise engagement, promotion of Member surgeries, Working Groups established and aligned with strategic goals and priorities, regular performance reporting. Direction of Travel N/A See above Corporate Governance Corporate Health & Safety Sound Audit undertaken to provide assurance that corporate health & safety arrangements are complete, comprehensive and regularly tested; communication and guidance exists to facilitate compliance with health & safety legislation and duties. April 2013 Health & Safety management is well established across the Council, there is good understanding of roles and responsibilities. The new Safety & Resilience Partnership will need close attention in its early stages to ensure workplans are implemented effectively on time. N/A Page11

Audit Assignment Assurance Rating Area Reviewed Managing Contracts Good Audit undertaken to provide assurance that the Council has satisfactory arrangements in place to manage key contracts. Date of Reporting May 2013 Comments Standard forms of contract, clear allocation of responsibilities, health & safety and quality assurance arrangements, satisfactory contract insurance cover, validation of payments, performance management of delivery, regular minuted meetings. Direction of Travel N/A Scope to fully embed a consistent approach to performing post completion reviews. Customer Facing Services Customer Services Good Audit completed to provide assurance that appropriate performance metrics have been developed, standards of performance have been defined, and that performance against standards is regularly reviewed. June 2012 Appropriate performance metrics, properly defined standards of performance, regular review of performance. None identified. N/A Page12

Audit Assignment Assurance Rating Area Reviewed Homelessness Sound Review to provide assurance that cases are properly handled and that income is collected and accounted for. Trade Waste Services Good Audit completed to provide assurance that accounting records are complete and accurate, including customer discounts. Waste Management & Recycling Good Assurance that collections take place on scheduled days, there are effective recycling arrangements, evidenced health and safety compliance, proper management of costs. Cemetery Sound Audit to provide assurance that statutory requirements related to burial provision are met, and that income and expenditure is accurately recorded. Date of Reporting August 2012 November 2012 November 2012 January 2013 Comments Compliance with legislation, support to homelessness tenants, casework to prevent homelessness, debt advice service for applicants. Interim Homeless Strategy requires re-publication. Other minor housekeeping improvements identified. Customer accounts accurately maintained. None identified. Regular contractor performance monitoring, budget monitoring, customer needs met. Fluctuation of recycling performance against target. Strong record keeping, income and expenditure control, monitoring of maintenance contractor. Future provision of burial space not formally considered. Direction of Travel N/A N/A N/A N/A Page13

Appendix B CORBY BOROUGH COUNCIL Self-Assessment of Compliance with CIPFA Code of Practice for Internal Audit 2012-13 Date: 19 th June 2013 Page1

Appendix B Effectiveness of Internal Audit 1. The Accounts and Audit Regulations require that the Council undertakes an annual review of the effectiveness of internal audit and the CIPFA Code of Conduct identifies 11 criteria against effectiveness can be assessed. The result of the assessment undertaken for 2012/13 is set out at Pages 3 to 8. The self-assessment demonstrated that previously declared staffing issues have made it impossible for the Consortium to comply fully with five of the 11 relevant CIPFA Standards. It also identified a requirement to develop the capacity of the Audit & Governance Committee itself in order to achieve full compliance with a further two Standards. 2. During 2012/13 the Consortium s capacity to deliver audit services was significantly compromised because posts were held vacant for an extended period while the Welland Board determined the staffing structure best suited clients requirements. Vacancies that originally arose during 2011/12 remained a factor between 1 st April 2012 and 2 nd January 2013 and for an extended period the Consortium was operating at 50% of approved establishment. It proved possible to engage suitable audit contractors to mitigate in part - the shortfall in resources. Following a successful recruitment exercise the Consortium has been fully staffed since 1 st January 2013. This facilitated an improvement in delivery of audit services and the total number of audit days delivered in 2012/13 was 254 against a planned figure of 252. The impact of the resourcing issues which were reported to the Audit & Governance Committee during 2012/13 was felt in: A reduction in the number of planned audits delivered (with the agreement of relevant clients early in the financial year) Disruptions in the planned schedule of work as audit management attempted to match audits commissioned to the skills and experience of the auditors and audit contractors available leading to delayed delivery A small amount of time being required in April/ May 2013 to complete delivery of the 2012/13 audit plan. Time available for oversight and development of newly recruited and relatively inexperienced Auditors. Page2

Appendix B CIPFA Code of Practice Internal Audit Self-Assessment Standard Significance of Standard Compliance Evidence Areas for Development Scope Relates to arrangements to ensure that all stakeholders have a common and correct understanding of the purpose and responsibilities of Internal Audit. Mostly Role & Responsibility Statement approved by Committee. The Statement provides a definition of Internal Audit; sets out Terms of Reference for the Consortium and defines the respective responsibilities of Head of Consortium; the Section 151 Officer and other managers. Little work was done in 2012/13 to ensure that the Audit & Governance Committee had an appropriate understanding either of its role or that of Internal Audit. Statement is supplemented by Statement on Responsibilities for Fraud & Corruption and a Policy on Consultancy Work Training for the Audit & Governance Committee in 2013/14 is planned Independence Relates to arrangements to demonstrate that the work of Internal Audit is not subject to undue influence by senior management or compromised by day to day involvement in the management of control systems or by personal interests Yes Audit Charter approved by Committee sets out arrangements to demonstrate independence. The Head of Consortium reports to the Welland Board on the operations and performance matters including budgetary requirements. Individual Auditors make annual Declarations of Interest. The Consortium has no responsibilities for management of the Council s systems and the Head of Consortium does not take part in the Council s Leadership Team. The new PSIAS will require that the Audit & Governance Committee adopts a gatekeeper role that will enhance the independent status of Internal Audit. Planned training will give the Committee the skill sets needed to discharge that role. Page3

Appendix B Standard Significance of Standard Compliance Evidence Areas for Development Ethics Relates to arrangements to ensure that Auditors behave in a manner that gives clients confidence that work is undertaken competently; that reporting is objective; and that confidentiality is respected. Yes Code of Ethics is in place which sets standards for Integrity, Objectivity, Competence and Confidentiality consistent with CIPFA/IIA requirements. Team briefings used to reinforce understanding of relevant issues. As part of the programme of development for new and inexperienced Auditors the Code will be revisited in Team Briefings. Declarations of Interest. Audit Committee Relationships Relates to arrangements to allow the Audit & Governance Committee to operate as an independent provider of assurance for the Council and to support the independence and effectiveness of the Consortium. Relates to arrangements to ensure effective engagement with clients to ensure that the Annual Plan focuses on key risks for which assurance is required; that individual audit assignments focus on key issues; and that agreed recommendations are implemented promptly. Relates also to management of the relationship with External Audit so that the Council obtains all the assurance required without duplication of work. Partly Mostly The role and responsibilities of the Audit & Governance Committee set out in the Constitution are consistent with CIPFA Standards. The Committee approves the Annual Audit Plan; receives regular reports on the performance of Internal Audit; and considers the Annual Report Audit Manual contains a Policy of Managing Relationships Regular One to One Meetings with Section 151 Officer (key client) CSQ data used to manage and evidence levels of client satisfaction Little work was done to ensure that the Audit & Governance Committee had the capacity to discharge its responsibilities. Training is planned for 2013/14 to ensure that the Committee can operate in conformity with the PSIAS. It will be necessary to develop a new protocol to cover liaison with External Audit to deliver shared assurance about Key Financial Systems. Page4

Appendix B Standard Significance of Standard Compliance Evidence Areas for Development Relates to arrangements to define the skills and experiences that Auditors and Audit Managers require to do their jobs; to appraise individuals against those requirements; and to deliver necessary training, coaching and other development work. Current Job Descriptions and Competency Matrices exist for all posts and regular appraisals are undertaken in line with corporate policy. Welland Board has approved a policy on professional training for Auditors and an adequate budget to support training. During 2012/13 vacant management posts and the recruitment of new and inexperienced Auditors made it difficult to deliver appropriate levels of supervision and employee development. Staffing, Training and Development Partly The Head of Consortium and the two Audit Managers hold full professional qualifications; engage in CPD; and have a minimum of 6 years experience of internal audit in local government. The post of Audit Manager (the Head of Consortium s deputy) was vacant from June 2011 to January 2013: between 1 st April 2012 and 1 st November 2012 vacancy levels were 40% of establishment, rising to 50% in September and October. During 2013/14 there will be time and resources available to match Auditors to assignments in a way that will promote their professional development. Page5

Appendix B Standard Significance of Standard Compliance Evidence Areas for Development Relates to arrangements to ensure that the Annual Audit Plan is aligned with the Council s Aims and Objectives and that the Consortium has sufficient, appropriate resources to meet clients needs and expectations. Audit & Governance Committee endorsed the use of the Stamford Model as the basis for developing the 2012/13 Audit Plan. Committee has also been advised that the new PSIAS will require a change to the planning approach. It will be necessary to update the Strategy in 2013/14 to reflect the requirements of the PSIAS. Strategy and Planning Yes The Welland Board has approved changes to the Consortium s delivery model and resource base so that greater use can be made of Audit Contractors to deliver specialist skills that are not deliverable by the in-house team (e.g. ICT auditing) and to allow for a flexible response to unforeseen client requirements. It will also be necessary to develop formal protocols for engagement of audit contractors that conform to Contract Procedural Rules. Undertaking Audit Work Relates to arrangements to ensure that audits focus on the things that matter to the clients; that assurance is delivered about key risks; and that the Auditor records sufficient relevant evidence to support audit opinions and recommendations. Partly Risk and Control Evaluation Meetings allow for the identification and recording of clients requirements. Terms of Reference are agreed for all assignments. For Key Financial Systems audit programmes have been designed, explicitly, to meet declared requirements of External Audit. Galileo Audit Software provides a framework for consistent recording and presentation of evidence. It will be necessary to update the Audit Manual in 2013/14 to reflect the requirements of the PSIAS It will be necessary to design new audit programmes to meet External Auditors changed requirements. Page6

Appendix B Standard Significance of Standard Compliance Evidence Areas for Development Due Professional Care Relates to arrangements to ensure that Auditors are doing work that is within their levels of competence and are demonstrating due care and diligence. The Standard also refers to the need to be alert for indicators of fraud or corruption; and to whistleblowing arrangements. Partly The Audit Manual includes a Statement of Personal Responsibility; guidance on Indicators of Fraud & Corruption; and guidance on whistleblowing. During 2012/13 staffing issues made it difficult to match available auditors to commissioned audits consistent with their skills and experience. During 2013/14 there will be time and resources available to match Auditors to assignments. Relates to arrangements to ensure that appropriate sufficient and timely information is provided to clients and stakeholders; and that information is not subject to inappropriate influence. Reporting lines to clients have been agreed and recorded. There are provisions for closing meetings with clients to confirm accuracy of reports and drafts of reports are circulated to interested parties in line with agreed reporting arrangements During 2012/13 staffing issues made it difficult to meet agreed delivery dates and some assignments were not finalised until April/May 2013. Reporting Mostly Galileo ensures a consistently structured reporting format is followed. Specific guidance has been issued on form and content of recommendations. When Terms of Reference are drafted, planned dates for delivery of work are agreed. During 2013/14 Galileo Report Templates will be revised to address specific issues of compliance with PSIAS Page7

Appendix B Standard Significance of Standard Compliance Evidence Areas for Development Performance Relates to arrangements to ensure that the Consortium can deliver, consistently, the quantity and quality of work required to deliver the assurance required by clients. Mostly Audit Manual defines quality assurance processes. Galileo evidences quality assurance by tracking review points raised and cleared Targets for days delivered, auditor productivity and levels of customer satisfaction are set, monitored and reported to Audit & Governance Committee During 2012/13 there was a 20% shortfall of resources which inevitably impacted on ability to satisfy clients requirements. Every effort was made to mitigate the impact of the shortfall by open communication with clients as a way of identifying and meeting acceptable standards and levels of delivery. Page8