Internal Audit Report Credit Cards (C4/69, C4/70)



Similar documents
WHS Contractor Management Procedure

Causes of non-compliance and strategies to manage the risk

APPLICATION PACKAGE FOR LISTING AS A WATER AND/OR WASTEWATER INFRASTRUCTURE PROVIDER FOR DESIGNERS, CONSTRUCTORS

BOARD NOTICE COUNCIL FOR THE BUILT ENVIRONMENT. Notice No

PROJECT MANAGEMENT FRAMEWORK

Procurement, Contracting and Contract Management Policy

OHS Contractor Management Procedure

ENHANCEMENT CONTRACTS - AVAILABILITY OF INSURANCE TO NETWORK RAIL

Audit Report for South Lakeland District Council. People and Places Directorate Neighbourhood Services. Audit of Grounds Maintenance

AUDIT REPORT 2013/024

Shepway District Council Risk Management Policy

COMPLIANT CONTRACTOR GUIDELINES

Audit Committee, 20 March Internal Audit Report Partners Expenses. Executive summary and recommendations. Introduction

HOME GROUP JOB DESCRIPTION. Date:

OH&S MANAGEMENT SYSTEM CHECKLIST - AS 4801:2001 (STATUS A = Acceptable; N = Not Acceptable; N/A = Not Applicable)

City of Belmont Contractor Induction Program

Guidance Note XGN XXX.1

HARLOW COUNCIL PERFORMANCE MANAGEMENT FRAMEWORK

Arrangements for Undergraduate Scholarships (2012/13) and Masters Degree Scholarships (2011/12). Circular, 25 May 2011 Ref: (11/03)

Procedure. Work Health and Safety Contractor Management. Document number: PRO Rev no. Description Process Owner Approved for issue

School Finance - Headteacher, Principals and Principals

ISRE 2400 (Revised), Engagements to Review Historical Financial Statements

Schedule 11. The Transfer of Undertakings (Protection of Employment) Regulations 2006

Steve Turpie, Chair of Audit Committee David Swales, Assistant Director of Finance

Control of Asbestos Policy

WHS Document Management Procedure

E2E Project Management Process Governance (Electric Capital)

The Australian Stock Exchange ("ASX") - IPO Overview

Policy Number: 054 Work Health and Safety July 2015

SCHEDULE 3 Generalist Claims 2015

CHAPTER 24: ENVIRONMENTAL MANAGEMENT

La Trobe University is committed to maintaining a comprehensive and effective Compliance Framework.

Rules for SSA and SSAud members holding a SPAA Public Practice Certificate (SPAA PPC)

School Council Financial Audits Guidelines to Schools Division

Information Commissioner's Office

Managing Occupational Health and Safety on Queensland Government Building Projects A Management Systems Approach D Evans

Arkansas Workers Compensation Commission Arkansas Insurance Department Arkansas Contractors Licensing Board

Professional Development for Engagement Partners Responsible for Audits of Financial Statements (Revised)

Abu Dhabi EHSMS Regulatory Framework (AD EHSMS RF)

Addressing Disclosures in the Audit of Financial Statements

BERMUDA MONETARY AUTHORITY

Appendix C Accountant in Bankruptcy. Annual report on the 2013/14 audit

Course of Construction Information Packet

TENDER NUMBER: ITT/SACU/015/2015/O Information and Communication Technology (ICT) Audit IT Effectiveness Review

Guide. Minister s Guide to Auditing for Building Surveyors. April 2014

REQUEST FOR PROPOSAL FOR WORKERS' COMPENSATION CLAIMS AUDIT SERVICES FOR VENTURA COUNTY SCHOOLS SELF-FUNDING AUTHORITY

AS/NZS 4801:2001. Safety Management Systems (SMS) Self-Assessment Checklist. Revision 1 (January 2014)

Internal Audit Quality Assessment Framework

EXPLANATORY MEMORANDUM. of Minister for Financial Services and Superannuation. Subject - Superannuation Industry (Supervision) Act 1993

Procedure: OHS CONTRACTOR MANAGEMENT

Construction (Design and Management) Regulations 2007

Claims Management Policy

City of Vallejo REQUEST FOR PROPOSAL WORKERS COMPENSATION CLAIMS AUDIT

WHS CONTRACTOR MANAGEMENT PROCEDURE

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT

EXTERNAL PEER REVIEW OF GENERAL INSURANCE LIABILITY VALUATIONS

Employer commencement as a self-insurer

Internal Audit (policy & procedure)

Overview of the Transfer of Undertakings (Protection of Employment) Regulations 2006

Wharton Construction Ltd. Quality Manual. Kellaw Road Yarm Road Business Park Darlington DL1 4YA

OH&S Management Systems Audit Checklist (NAT, E3)

Special Event Preparation Formats

Shareholder Communication Policy. Spotless Group Holdings Limited ACN

Contract Management Guideline

The new Hong Kong Companies Ordinance, Chapter 622 of the Laws of Hong Kong, (the New CO )

Crampton Credit Reporting Policy

Guide to the Installer Application

Service Provision and Service Descriptions (standards) for Approved Workplace Rehabilitation Providers

FINAL. Internal Audit Report. Employees Travel and Subsistence Expenses 2014/15

Position Description. Te Aho o Te Kura Pounamu. Purpose Statement

INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE CONTENTS

HSE policy on Annual Certification of Registration of Social Workers with the Social Workers Registration Board at CORU.

Dacorum Borough Council Final Internal Audit Report

Work Plan for : Enhancing Audit Quality and Preparing for the Future. The IAASB s Work Plan for December 2014

SAFETY and HEALTH MANAGEMENT STANDARDS

Hertsmere Borough Council. Data Quality Strategy. December

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Prepared by: Audit and Assurance Services Branch.

European Forum for Good Clinical Practice Audit Working Party

Research Management Framework

Transcription:

INFORMATION REPORT Audit Committee 20 October 2011 Governance and Compliance Internal Audit Report Credit Cards (C4/69, C4/70) As part of the 2011 Internal Audit Plan an audit was undertaken on the Credit Cards from 18 August to 22 August 2011. The aim of the audit was to; Review, assess and obtain an understanding of the Credit Card processes, systems and controls. Assess the level of risk pertaining to those processes, systems and controls Provide recommendations relating to the findings of the audit to improve the effectiveness of the processes, systems, controls and risk management of the Credit Card function The audit engagement was performed with the cooperation and support of the key stakeholders and users of Credit Cards An overview of the audit is detailed in the Executive Summary section of the Internal Audit Report as shown in Appendix 1 of this report. A full copy of the Internal Audit Report is available on request to the Internal Auditor. Jim Brydson Internal Auditor Tanya Hook Acting Manager, Governance and Policy John Moyle Director, Governance and Compliance File Reference: C4/70 Page 1 of 7

Appendix 1 Internal Audit Report Business Unit Name / Activity: Credit Card Audit Reference: CTTG 007 Audit Date: 18 22 August 2011 Version: FINAL File Reference: C4/70 Page 2 of 7

Contents Page Audit Timetable 3 Executive Summary 4-6 Objective and Scope of Work 4 Summary of Findings & Recommendations 5-6 Priority Rating 6 Introduction 7 Background 7 Objectives and Scope Work 7-8 Objectives 7 Scope of Work 7 Approach 7 Reporting 8 Summary Issues 9-10 Audit Findings 11-15 Appendix 1 Internal Audit Plan and Follow Up Review 16 Appendix 2 CTTG Risk Assessment Criteria 17-18 File Reference: C4/70 Page 3 of 7

Audit Timetable Scoping Meeting: N/A Audit Scope Issued: N/A Audit Commenced: 18 August 2011 Draft Report Issued: 6 September 2011 Final Report Issued: 29 September 2011 File Reference: C4/70 Page 4 of 7

Executive Summary A review of the Credit Card process was conducted as part of the 2011 Internal Audit Plan. The Executive summary provides a concise overview of the outcomes and issues arising from the audit to senior management For more details of the findings and recommendations please refer to the body of the report. Objective and Scope of Work The Objectives of the review were to: Gain an understanding of the processes and systems associated with Credit Card use. Assess the effectiveness of the related processes, systems and controls Determine risks associated with department goals and objectives, processes and systems Identify and evaluate the key controls relating to the risks Test the key controls over the major risks by undertaking a: o o Walkthrough of the process Review of supporting documentation (where applicable) Determine action plans and improve the effectiveness of the controls, systems and processes (where applicable) The scope of the review included the following: Internal Controls - Policies, procedures, etc Risk Management Functions & Processes relating to Credit Cards and Credit Card holders File Reference: C4/70 Page 5 of 7

Summary of Findings and Recommendations Findings from this audit engagement are based on issues identified prior to the Internal Auditor undertaking NAB Flexi purchase training in late July 2011 No Testing of random samples of transactions were undertaken as part of this engagement As a result of the review of the Credit Card processes, systems and controls, a number of Opportunities for Improvement [OI] were identified. Number of Deficiencies Raised (CPAR) Number of Opportunities for Improvement Raised (OI) 4 The Priority Rating is based on the level of risk relevant to the issue and impact to Council Number of Deficiencies (CPAR) Number of Opportunities for Improvement (OI) Priority Rating Extreme High Medium Low 2 2 Consequently, the following areas that have been identified as having a concerning level of risk exposure that is attributable to Credit Card processes and controls. Internal Controls o Use of Credit Cards to purchase works or services o Credit Card procedure does not reflect all key conditions for the use of Credit Cards Asset Registers Registration of goods into Asset registers after being purchased on a Credit Card Individual Findings Ref Description of Finding Priority Implementation Timeframe CTTG007/01 During the audit it was established that Credit Cards are being used to purchase goods / services / works relevant to the users credit level. However; 1) Where Credit Cards are used to purchase works or a service, there are no controls in place that directs the user to ensure that the supplier / service provider or their Sub Contractor(s) has: Public Liability Professional Indemnity High Proof of OHS Policy and Procedures Workers Registration or Workers Compensation Insurance 2) There are no controls in place that prevents Credit Card holders using this File Reference: C4/70 Page 6 of 7

CTTG007/02 CTTG007/03 CTTG007/04 medium for acquiring Consultation services During the Audit it was established that there are no controls / guidelines which direct Credit Card holders as to the types of purchases that can be made. At the time of the audit it was established that a Credit Card was used to acquire computer equipment (IPad). Although approval was obtained from the Manger, KIS to obtain the equipment, it is considered: That any purchase of computer equipment should be undertaken by KIS and not performed by individual Credit card holders. That Credit Cards is not the correct medium to purchase this type of equipment. At the time of the audit, it is unclear who actully undertook Credit Card training as there is no training record available within People and Oganisational Development (POD). Credit Card holders are effectively undertaking a purchasing function and therefore,effective training / controls / guidelines need to be defined for the Credit Card holder as to the types of purchases that can be made. During the audit it was established that there is no level of control that ensures purchases of equipment are placed onto the Asset Register. Medium Medium High All findings have been discussed and agreed with management Priority Rating The priority rating has been based on the CTTG Risk Assessment Criteria (Refer Appendix 2), which is embodied in the Risk Management Framework procedure Priority Rating Extreme High Medium Low Level of Rating Attention, time and resources are generally required immediately Attention required. Minimum requirement should be included in the following years budget and program Requires monitoring. Systems in place to manage and minimise risk Standard operating procedures in place to manage risk. File Reference: C4/70 Page 7 of 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information