Strategic Audit Plan
12
pages
English
Documents
Le téléchargement nécessite un accès à la bibliothèque YouScribe Tout savoir sur nos offres
12
pages
English
Documents
Le téléchargement nécessite un accès à la bibliothèque YouScribe Tout savoir sur nos offres
Publié par
Langue
English
Agenda Item No: Report No:Report Title: Strategic Audit PlanReport To: Audit Committee Date: 21 March 2005Ward(s) Affected: AllReport By: Director of Finance and Community ServicesContact Officer(s): David Heath, Chief Internal AuditorPurpose of Report:To present to Councillors the Strategic Audit Plan for the period2005/2006 to 2007/2008, and seek agreement for the Strategic Audit Planand the Annual Audit Plan for 2005/2006.Officers Recommendation(s):1 To agree the three year Strategic Audit Plan for 2005/2006 to 2007/2008.2 To agree the Annual Audit Plan for 2005/2006.Reasons for RecommendationsThe remit of the Audit Committee includes a duty to agree a three yearStrategic Audit Plan and an Annual Audit Plan, and keep them under review.Information1 Background1.1 The Internal Audit function at Lewes operates in accordance with theauditing guidelines published as a Code of Practice for Internal Audit bythe Chartered Institute of Public Finance and Accountancy (CIPFA).1.2 The 2003 CIPFA Code of Practice refers to the need for a high levelstrategy that outlines how the Internal Audit service will be delivered anddeveloped, and for there to be a risk based periodic plan that sets outhow the strategy is to implemented.1.3 The Strategic Audit Plan sets out the scope, conduct and timing ofinternal audit work for the three year period from 2005/2006 to2007/2008. The first year of the Strategic Audit Plan provides theAnnual Audit Plan for 2005/2006. ...
Voir
Publié par
Langue
English
To agree the three year Strategic Audit Plan for 2005/2006 to 2007/2008.
Report To:
To present to Councillors the Strategic Audit Plan for the period 2005/2006 to 2007/2008, and seek agreement for the Strategic Audit Plan and the Annual Audit Plan for 2005/2006.
1
2
To agree the Annual Audit Plan for 2005/2006.
Date: 21 March 2005
The remit of the Audit Committee includes a duty to agree a three year Strategic Audit Plan and an Annual Audit Plan, and keep them under review.
Purpose of Report:
Agenda Item No:
Report No:
Audit Committee
Director of Finance and Community Services
All
Report Title:
Strategic Audit Plan
The Strategic Audit Plan sets out the scope, conduct and timing of internal audit work for the three year period from 2005/2006 to 2007/2008. The first year of the Strategic Audit Plan provides the Annual Audit Plan for 2005/2006. The Strategic Audit Plan is reviewed each year so that it can be amended to reflect changing priorities and meet the emerging needs of the Council.
Contact Officer(s):
1.2
1.3
1
The 2003 CIPFA Code of Practice refers to the need for a high level strategy that outlines how the Internal Audit service will be delivered and developed, and for there to be a risk based periodic plan that sets out how the strategy is to implemented.
Information
Background
The Internal Audit function at Lewes operates in accordance with the auditing guidelines published as a Code of Practice for Internal Audit by the Chartered Institute of Public Finance and Accountancy (CIPFA).
Reasons for Recommendations
Report By:
Ward(s) Affected:
1.1
David Heath, Chief Internal Auditor
Officers Recommendation(s):
2
Purpose and Objectives
2.1
2.2
2.3
The purpose of the Strategic Audit Plan is to:
•
•
•
•
•
Identify all the areas of Council activity that require auditing over the three year period. State how the Council’s key internal control systems, corporate governance arrangements and risk management processes will be reviewed. State how the Internal audit service will be provided, and establish the resources and skills required to meet audit objectives. Set out the relative allocation of resources between the work to obtain assurance on the internal control systems and any work to provide advice. Assist the overall control and direction of the work.
The Strategic Audit Plan has been drawn up with the following objectives:
••
•
••••
•
•••
To undertake audits of key financial systems on a cyclical basis; To examine the main departmental systems at least once in the three year cycle. To show how the assurance for the annual Statement on Internal Control (SIC) will be obtained. To audit high risk areas every year. To undertake Value for Money (VFM) studies. To undertake EMAS audits. To provide advice on corporate management activities such as Best Value, Performance Management, Corporate Governance and Risk Management, and to scrutinise their development within the Council. To carry out a programme of specialist contract and computer audits. To meet management requirements for special investigations. To provide advice to managers on financial and control issues. To include an element of contingency to cover assignments that could not have reasonably been foreseen.
Since April 2001 the Audit Commission has not required Internal Audit to carry out annual managed audits of key financial systems, but has placed reliance on Internal Audit’s cyclical coverage and testing of these systems. Changes in the International Standards for Auditing (ISAs) may mean that the Audit Commission will require a return to a form of managed audit. The Chief Internal Auditor will continue to discuss these developments with the Audit Commission, and will advise the Audit Committee accordingly. As a preliminary measure the Strategic Audit Plan includes provision for some work on managed audits
2.4
2.5
2.6
2.7
2.8
although this may need to be changed once the actual requirements are confirmed by the Audit Commission.
During 2001/2002 Internal Audit carried out testing of the Council’s Benefit Subsidy Claim on behalf of the Audit Commission, with savings in the Audit Commission fees as a result. Since then, Audit Commission policy has been that the Internal Audit functions within local authorities have not been allowed to undertake this testing work. The policy has now changed and the Audit Commission is offering the testing of claims for Benefits and other subsidies to Internal Audit with corresponding fee savings. The Chief Internal Auditor will continue to negotiate these developments with the Audit Commission, and will advise the Audit Committee on the outcome. As a first step the Strategic Audit Plan includes provision for work on both the Benefits Subsidy Claim and other Grant Claims made by the Council.
The Council’s overall Statement on Internal Control (SIC) outlines the key elements of the Council’s internal control environment and gives an independent opinion on the overall standards of internal control. This opinion is based upon Internal Audit’s reviews of the Council’s main financial systems and the Council’s systems of corporate governance, and is reported first to the Audit Committee as part of the Chief Internal Auditor’s Annual Report in June each year.
The Computer Audit coverage includes provision for Internal Audit work on the Implementation of New Systems. This is to enable Internal Audit to comment on system specifications or the procedures and controls associated with new systems, and to provide input to the project teams. The major developments that are imminent include:
•
••
Enhancements to the Council’s Academy systems for administering Housing Benefit and Council Tax. Implementation of Agresso Procurement. Initial work on the systems that will underpin the Council’s customer contact centre.
The entry for Environmental Audit is a summary of the three year programme of audits that will be agreed separately with the EMAS Verifier. The summary entry is included to obtain Audit Committee approval for the resources assigned to this work. The time allocated to EMAS audits reflect new audits added as a result of changes in the Council since the EMAS programme was first established. The Council is seeking to rationalise the organisation of EMAS to enable management effort and resources to be focussed on key environmental issues. It is anticipated that the revised organisation will result in fewer and smaller EMAS audits and this will be highlighted in the Strategic Audit Plan for 2006/2009.
With the Audit Commission acting as facilitator the Council has implemented a Risk Management Strategy that has enabled the
2.9
introduction of improved risk management systems. Internal Audit will continue to advise on the further development of risk management processes across the Council, and will review their adequacy. The Service Plan 2005/2006 for Audit and Performance Division is approved by the Chair of the Audit Committee in March each year, and includes specific objectives for Internal Audit relating to Risk Management.
Internal Audit will continue to advise on the further development of the other corporate governance and performance management activities, and will review their adequacy. This work is presented in the Strategic Audit Plan under the heading Performance and Management Scrutiny, which also includes the provisions for the VFM Reviews.
2.10Previously, the Strategic Audit Plan reflected the Review Board structure of the Council. It is not expected that the reorganisation of the scrutiny framework of the Council will affect the auditing of main services and systems, although the presentation of the plan shows some small changes since 2004/2005.
Preparation of the Strategic Plan
3
Review of Key Council Activities
3.1
3.2
3.3
3.4
The first stage in the strategic planning process is the review and updating of the database of all key areas of Council activity that are required to be audited. This review is based on information from the Budget Book, the Council Plan, the Council’s key aims and objectives, previous Strategic Audit Plans, Service Plans, Cabinet reports and other known developments.
The Council is in the process of updating its overall Business Continuity Plan, based upon information from the risk management systems. Internal Audit will review the plan and supporting processes, and therefore this item is included in the Strategic Audit Plan for the first time.
Some activities will no longer be within the Council’s responsibilities and are being removed from the database. For example, Car Parking is no longer a service that is managed directly by the Council and has been removed from the list of potential audits. It is assumed that, from April 2006, Community Leisure sites will be managed by a trust and will no longer be part of the Council, and the Internal Audit coverage of Community Leisure will cease from that date.
Some related activities are being rationalised into single entities for Internal Audit purposes. For example, the audit of Car and Travel Allowances is being merged with Contract Car Hire, and the audits of Refuse Collection, Recycling and Street Cleansing will be covered as Waste and Recycling Services.
4
5
3.5
The topic of Records Management (previously two items as Freedom of Information and Data Protection) is now the responsibility of the Head of Democratic Services and is covered under Central Systems (previously Computer Audit).
Application of the Risk Assessment Model
4.1
4.2
4.3
4.4
The second stage in the planning process is to use the database to assess the risks in each area of activity. The risk model assesses each activity under six categories: financial materiality, system stability, sensitivity, complexity, inherent risk and the adequacy of internal control. Each category is scored on a scale from 1 to 9, with the greater risks receiving the higher scores. The total score for each activity determines the frequency of audit coverage. Audits are assigned to one of three frequency bandings: High (audited every year), Medium (every other year) and Low (no more than once every three years).
One audit, Housing Benefits is again classified as High risk because the risk assessment model takes account of recommendations by the Benefit Fraud Inspectorate.
Internal Audit is involved in some other activities every year although they are not subject to the risk assessment process. These include the corporate governance and performance management activities that are part of the government’s modernisation agenda for local authorities (see paragraph 5.2) and ongoing work such as the support to the Audit Committee, Follow Up and Liaison with the Audit Commission.
A further review has been carried out for those audits in the Low banding. Certain areas of activity are assessed as having minimal risk, and have been excluded from the programme of audits in the Strategic Audit Plan. These activities remain part of the database of potential audits and will be reassessed as part of next year’s Strategic Audit Plan. A list of the twelve audits excluded from this plan is given at Appendix 2.
Review of Staff Resources
5.1
5.2
The third stage in the planning process is the review of available staff resources. The Internal Audit function is provided internally, and the staffing of Internal Audit is as approved by the Council on 23 February 2000. The Strategic Audit Plan assumes full staffing of the Internal Audit team will be maintained for the three year period of the plan. Allowing for these factors, the staffing is assessed at the level necessary to ensure audit coverage of the key areas within the three year cycle.
Internal Audit forms part of the Audit and Performance Division that is responsible for a wide range of activities related to corporate governance and performance management. These activities include:
••
Internal Audit Risk Management
6
5.3
•••••
Performance Management Best Value Reviews Corporate Governance Procurement Asset Management
The structure of the Division is as follows:
AUDIT AND PERFORMANCE DIVISION
CHIEF INTERNAL AUDITOR
PRINCIPAL AUDIT MANAGER
SENIOR AUDITORS Two posts
AUDITOR P/T (22hrs. per week)
CORPORATE PERFORMANCE OFFICER
CORPORATE PERFORMANCE ASSISTANT P/T (30 hrs. per week)
5.4The significant workload in corporate performance activities requires the Chief Internal Auditor to allocate less of his time to audit matters. As in 2004/2005, the Strategic Audit Plan includes an 80/20 apportionment of the Chief Internal Auditor’s time between corporate performance and internal audit work. 5.5The Principal Audit Manager, Senior Auditors and Auditor are dedicated to audit work. This separation of responsibilities preserves the integrity and independence of Internal Audit, and also enables them to audit and advise on corporate governance and performance management activities. Summary of Resource Allocation for the Strategic Audit Plan
6.1Table 1 summaries the resources allocated to main audit areas in the three years 2005/2006 to 2007/2008. This resource allocation is the time available to perform audit work after making provision for administration, training, leave and sickness. Table 1: Summary of resources for 2005/2006, 2006/2007 and 2007/2008
Year Audit Area Main Systems Central Systems Departmental Systems Performance and Management Scrutiny Computer Audit Contract Audit Environmental Audit Management Responsibilities and Unplanned Audits Total
2005/2006 Audit Days 140 90 158 100 65 50 40 123
766
2006/2007 Audit Days 145 110 130 90 65 40 45 129
754
2007/2008 Audit Days 135 105 145 90 65 45 45 130
760
7
8
9
10
11
6.2
Note: Variations in the resource allocations across the three years reflect the need to balance audit coverage across the key areas, taking account of previous audits undertaken and the revised priorities identified by the strategic planning process. The main reason for the increased number of audit days in 2005/2006 is there being no Easter Bank Holiday in the year.
Financial Appraisal
7.1
There are no additional financial implications arising from this report.
Environmental Implications
8.1
I have completed the Environmental Implications Questionnaire and there are no significant effects as a result of these recommendations.
Risk Management Implications
9.1
9.2
I have completed a risk assessment in accordance with the Council’s Risk Management methodology. The following risks and mitigating factors have been identified.
If the Council cannot demonstrate an effective Internal Audit function it will not meet its statutory obligations. The Strategic Audit Plan, together with the associated monitoring of the plan via the regular reporting to the Audit Committee, represents a key part of the control framework that helps to ensure the effectiveness of Internal Audit.
Background Papers
10.1None.
Appendices
Appendix 1 Strategic Audit Plan 2005/2008 Appendix 2 Low risk areas excluded from the Strategic Audit Plan 2005/2008
Appendix 1
LEWES DISTRICT COUNCIL: THREE YEAR STRATEGIC PLAN 2005/ 2006/ 2007/ Audit Area 2006 2007 2008 Days Days Days Main Systems Managed Audit 20 20 20 Capital Accounting* 5 Cash # 15 15 Council Tax/NDR # 25 25 Creditors/Cheque Control # 20 Housing Benefits # 15 15 15 Benefit Subsidy Claims # 30 30 30 Debtors 15 15 Housing Rents # 15 Loans and Investments # 15 Main Accounting System 15 Payroll # 15 15 Purchasing # 15 140 145 135 Central Systems Banking Arrangements/Reconciliations 10 Grant Claims 20 20 20 Insurance 15 15 Service Charges # 15 VAT 15 15 Business Continuity 15 Electoral Registration 15 Land Charges # 15 Records Management 15 15 Records Management Group 5 5 5 Building Maintenance # 15 15 Telephones 15 Vehicle Maintenance* # 5 20 90 110 105 Departmental Systems Car & Travel Allowances # 15 Personnel, Recruitment and Training 15 Members Allowances and Civic Expenses # 15 15 Estates Management # 15 Cemeteries # 15 Grounds Maintenance # 15 Homelessness 15 Housing Strategy 10 10 Housing Management 15 15 Housing Repairs # 15 15 Lifeline 10 Leisure Centre – Downs # 20 Leisure Centre – Seahaven # 3 Cultural Services # 15 Planning and Development Control # 15 15 Building Control # 15 15 Economic Development 15 15 Renovation Grants # 15 15
Fre uenc Indicator
1 3 2 2 2 1 1 2 2 2 2 2 2
2 1 2 2 2 2 2 2 2 1 2 3 2
2 2 2 3 2 2 2 2 2 2 2 2 2 3 2 2 2 2
Audit Area
Licensing* # Environmental Health Waste & Recycling Services
Performance & Management Scrutiny Scrutiny Asset Management Scrutiny Best Value Scrutiny Corporate Governance Scrutiny Performance Management Scrutiny Risk Management New VFM Area New VFM Area
Computer Audit Computer Software Implementation of New Systems Internet/Intranet IT Security* IT Steering Group IT/IS Strategy Networks
Contract Audit Constructionline and list for minor works Contract Procedure Rules Major Project Review Procurement Scrutiny Tendering Arrangements
Environmental Audit EMAS
Management Responsibilities and Unplanned Audits Audit Committee Audit Planning Data Matching Financial Vetting Follow Up Liaison with External Audit Unplanned Audits/Investigations Provision
Total
2005/ 2006 Days 5 15
158
5 5 5 10 15 35 25 100
15 30
5 5 10
65
5 10 20 10 5 50
40 40
20 20 5 3 10 5 60 123
766
2006/ 2007 Days
30 130
5 5 5 10 5 35 25 90
30 15
5
15 65
5 20 10 5 40
45 45
20 20 10 3 10 5 61 129
754
2007/ 2008 Days
15
145
5 5 5 10 5 35 25 90
15 30
15 5
65
5 5 20 10 5 45
45 45
20 20 5 3 10 5 67 130
760
Frequenc Indicator 3 2 2
1 1 1 1 1 1 1
2 2 2 2 1 3 3
2 1 2 1 1
1
1 1 1 1 1 1 1
Notes: The Frequency Indicator shows the frequency with which audits should be carried out as identified by the risk analysis: 1 Every year 2 Every other year 3 No more than once every three years
*
#
Provision for work carried forward from 2004/2005
Audits for which the planning process will include consideration of the system control checklists in the Audit Commission Fraud and Corruption Manual.
