AGENDA ITEM 12
BOROUGH OF POOLE
AUDIT COMMITTEE
14 JANUARY 2016
INTERNAL AUDIT – ASSURANCE FRAMEWORK & AUDIT PLANNING
CONSULTATION REPORT
PART OF THE PUBLISHED FORWARD PLAN: YES
STATUS – SERVICE DELIVERY INFORMATION
1.
PURPOSE
1.1
To set out for Members the ‘Assurance Framework’ which identifies the different
sources of assurance received across the Council.
1.2
To set out for Members the scope of the Council’s ‘control environment’, as
identified in the Assurance Framework, on which the Head of Internal Audit
provides an annual opinion.
1.3
To consult/agree with Members the proposed 2016/17 Audit Plan and identify
any additional emerging risks or pertinent issues areas not currently reflected.
1.4
To provide a brief overview of performance against the 2015/16 Audit Plan for
the first nine months of the year.
2.
DECISIONS REQUIRED
2.1
Members are asked to:
(a) Note the Council’s Assurance Framework;
(b) Note the scope of the Council’s control environment on which the Head of
Internal Audit will provide an annual opinion;
(c) Agree the draft 2016/17 Audit Plan and identify any additional risks or
issues;
(d) Note the work and performance of the Internal Audit Section for the first nine
months of 2015/16;
(e) Consider the potential options for the external assessment process part of
the Public Sector Internal Audit Standards.
3.
ASSURANCE FRAMEWORK
3.1
The Council’s Assurance Framework identifies the key components that enable
the Council to satisfy itself that the risks to its objectives and the risks inherent in
undertaking its work have been properly identified and are being managed by
controls that are adequately designed and effective in operation.
3.2
The Framework (Appendix A) identifies all the sources of assurance, internal
and external, received across the Council. This assists Audit Committee
Members with their role of providing independent assurance to the Council on
the effectiveness of the council’s governance arrangements, risk management
framework and internal control environment.
1
3.3
The Public Sector Internal Audit Standards state that the Head of Internal Audit
must provide an annual internal audit opinion on the overall adequacy and
effectiveness of the organisation’s governance, risk and control environment (ie
the control environment). The Assurance Framework identifies the scope of the
Council’s control environment.
3.4
The Assurance Framework also informs the Council’s Annual Governance
Statement (AGS), which reports on the effectiveness of the governance
framework.
3.5
Members are asked to note that following an annual review, some minor
changes have been made to the Framework (e.g. including Partnerships and
combining external assurance sources).
4.
AUDIT PLANNING 2016/17
4.1
Best Practice Compliance
The Public Sector Internal Audit Standards require Internal Audit to produce a
risk based Audit Plan which should take account the assurance framework, the
requirement to produce an annual internal audit opinion and the relative risk
maturity of the organisation.
4.2
The Internal Audit planning process is informed by the Council’s Assurance
Framework to avoid duplication and identify potential assurance gaps.
4.3
The proposed work in the draft 2016/17 Audit Plan has been designed to enable
the Head of Internal Audit to provide an annual opinion on the adequacy and
effectiveness of the Council’s control environment (as identified in the Assurance
Framework).
4.4
The risk maturity of the Council has been considered as part of the audit
planning process. The draft 2016/17 Audit Plan includes independent and
objective assurance on the risks identified by management on Corporate and
Service Unit Risk Registers (which will include national and local issues).
4.5
Audit Planning Process
The audit planning process starts by identifying the level of resource required to
provide the annual opinion and other required work (responding to suspected
fraud/irregularities & requests for risk/control reviews, value for money and other
governance work) and then matching this to the number of days available
(based on the level of resource within the Internal Audit Team after taking
account of annual leave, training, contingency for vacancies etc).
4.6
Scarce audit resource is then prioritised and targeted at the highest and
emerging risks areas in the Council.
4.7
The resource is allocated across the following areas; Audit & Assurance Work,
Budget, MTFP & Accounts Work, Governance Work, and Service Management
Work as detailed in the table below –
2
DRAFT AUDIT PLAN 2016-17
2015/16
PLAN DAYS
2016/17
PLAN DAYS
Difference
860
140
70
0
835
120
50
50
-25
-20
-20
50
25
20
-5
1095
1075
-20
TOTAL
300
50
0
350
275
50
50
375
-25
0
50
25
GOVERNANCE WORK
CORPORATE MANAGEMENT & LIAISON
MEMBER LIAISON
AGS (Annual Governance Statement)
TOTAL
30
35
30
95
25
35
30
90
-5
0
0
-5
SERVICE MANAGEMENT WORK
MANAGEMENT & SUPERVISION
AUDIT DEVELOPMENT
AUDIT PLANNING & PERFORMANCE MANAGEMENT
TOTAL
125
35
85
245
125
35
80
240
0
0
-5
-5
TOTAL DAYS
1785
1780
-5
AUDIT ACTIVITY
AUDIT & ASSURANCE WORK
CORE AUDIT & ASSURANCE WORK
SPECIAL INVESTIGATIONS
CONTINGENCY AUDITS
FREE EARLY EDUCATON FUNDING AUDITS
FINANCIAL REGULATIONS COMPLIANCE/ADVICE
(Inc Waivers/Breaches/Exemptions)
TOTAL
BUDGET, MTFP & ACCOUNTS WORK
VFM/EFFICIENCY/MTFP SAVINGS WORK
STATEMENT OF ACCOUNTS
LOCAL GOVERNMENT REORGANISATION IN DORSET
4.8
The majority of the audit resource is allocated to Audit & Assurance Work to
ensure effective and adequate arrangements are in place to provide assurance
of the control environment. This includes:
 Core Audit & Assurance Plan - see 4.10 below
 Special Investigations - responding to and reporting on financial
irregularities/whistleblowing
 Contingency Audits - time required, for example, for specific requests from
Management & Audit Committee, new risks arising or potential control
weaknesses, and income work e.g. voluntary funds audits
 Free Early Education Funding Audits. Following the departure of an officer in
C,YP&L, Internal Audit have agreed to undertake work on providing
assurance on funds (approximately £4m) allocated to nurseries, pre-schools
and childminders. Internal Audit are able to carry out this work due to the
reduced level of resource required on school audits (as a result of transfers
to academies). This has resulted in a small net saving to the Authority.
 Financial Regulations Compliance/Advice including Waivers/Breaches/
Exemptions (reviewing/monitoring Financial Regulations application, and
assessing/reporting specific Waivers/Breaches/Exemptions)
3
4.9
The other areas of work in the table above are:
 Budget, MTFP & Accounts Work
o Ongoing work to identify new efficiencies, income generation
(including commercial income opportunities) and business
opportunities in support of the Councils MTFP
o Preparation of certain key elements to the Council’s Statement of
Accounts
o Resource has also been allocated to support potential business case
development work for Local Government reorganisation in Dorset in
2016/17
 Governance Work including preparation and monitoring of the Authority’s
Annual Governance Statement, Corporate Management & Liaison (work with
External Audit and Senior Management) and Member Liaison (Audit
Committee and other Member work);
 Service Management Work consisting of Management & Supervision (staff
management/meetings and recruitment time) and Audit Planning,
Performance Management & Audit Development (monitoring/reporting on
section performance & development of the computerised audit management
system/process).
4.10
The Core Audit and Assurance Plan (see Appendix B) is structured as follows:
 Key Assurance Functions (as on Assurance Framework – Appendix A);
 Key Financial Systems (material financial systems);
 High Level Risks (see 4.12 below);
 Schools (as per Audit’s Schools Risk Assessment); and
 Counter Fraud (as per Internal Audit’s Counter Fraud Risk Register).
 Other (advice, follow up & carried forward audits)
4.11
The Key Assurance Functions and Key Financial Systems are subject to a
detailed internal audit risk assessment process using criteria such as materiality,
control environment, the risk of fraud and corruption, results from previous audits
and reviews and information from the corporate risk assessment process. The
scores are shown in Appendix B. Those judged to be of high risk will be subject
to a detailed audit each year, whilst those of lower risk will be subject to a
detailed audit every two to three years, with an overview audit annually. A
different selection of Service Units is reviewed each year to confirm key
assurance function compliance (eg compliance with Human Resources policies).
4.12
The work carried out in the High Level Risks section of the Audit Plan will give
independent and objective assurance on the adequacy of the management of
risks from the Corporate Risk Register, Service Unit Risk Registers and other
sources.
4.13
The Schools to be audited are determined by a separate schools risk
assessment. Each different school will be audited every three years. Resource
allocated to schools has been continually reducing to reflect the trend in an
increased number of schools transferring to academy status.
4.14
The work carried out in Counter Fraud is supported by a separate risk
assessment to target those areas with high risk of fraud (which changes each
year).
4
4.15
Audit Plan Delivery
The Core Audit & Assurance Plan audits will be completed on a Service Unit
basis. Each Service Unit audit will include a selection of Key Assurance Function
areas, any appropriate Financial Systems, High Level Risks, relevant Counter
Fraud work and follow ups. This approach will enable Internal Audit to prioritise
work within each Service Unit and be able to respond to any changes in the
Council’s business, risks, operations, programmes, systems and controls.
Audit Plan Consultation/Agreement
4.16 As part of the compilation of the 2016/17 plan, early consultation is being
undertaken with Members of the Audit Committee, followed by Strategic
Directors and Service Unit Heads to capture any emerging risks or pertinent
issues.
4.17 Members are asked to agree the draft 2016/17 Audit Plan and highlight any
emerging risks or pertinent issues to be considered for inclusion within the plan.
4.18
Following the consultation process the final 2016/17 Audit Plan will be brought
back to this Committee for formal approval in April 2016.
5.
INTERNAL AUDIT WORK & PERFORMANCE – YEAR TO DATE
5.1
The development of the 2016/17 Audit Plan should be considered in the context
of Internal Audit’s work and performance on the current year’s audit plan,
therefore, a brief update on the current position is given below.
5.2
Good progress has been made on the completion of the audit plan key
performance indicator. At the end of December 2015, 67% of audits were in
progress or completed, as shown in the Performance Information table in
Appendix C.
5.3
Each audit report provides an overall level of assurance on the adequacy of the
management arrangements to manage the identified risks within the area
reviewed. The assurance level definitions are as follows –
Assurance Level Definitions
Overall management arrangements appear to be sound and risks
Good
Satisfactory
Limited
are being effectively managed within a robust control framework.
Management arrangements appear to be generally sound with
many risks being effectively managed, however, there are some
gaps in the control framework which need to be addressed.
Management arrangements appear to be inadequate such that
risks are not being managed effectively and the control framework
is not robust.
5.4
For the completed Audits carried out during 2015/16 to date (on Appendix C)
17 “Satisfactory” and 1 “Limited” Assurance Level opinions have been given.
5.5
A limited assurance level opinion has been given for the Tourism and Town
Centre Management audit. Four High priority recommendations were made
covering stock value accuracy, events income reconciliation, payroll details
verification and completion of staff appraisals. Prompt action has been taken to
address all of these areas by management.
5
5.6
Audit Committee Members should also be aware that limited assurance opinions
are also likely for the Payroll (casual timesheets) and Housing Tenancy
(allocations) audits. These reviews have both required further substantive testing
to ensure control weaknesses have not resulted in any significant errors. Further
details will be included in the Chief Auditors annual report.
5.7
The forecast of audits in progress or completed for 2014/15 is 90% (against a
target of 90%). Other Performance Indicators (April – December 2015) are:
Period
% All
Recommendations
Accepted
% Auditee Satisfaction
Score (cumulative) *
100
% Previous Agreed High
Priority Recommendations
Implemented (within
timeframe agreed)
88
ACTUAL
Apr–Dec 15
TARGET for
Apr-Dec 15
TARGET for
2015/16
100
90
75
100
90
75
95
* Satisfaction Score Key: >75% Very Satisfied, 50-75%= Satisfied, 25-49%= Dissatisfied, <25%=Very Dissatisfied
5.9
The performance indicator table above shows that all recommendations made
were accepted, and a high percentage (88%) of High Priority Recommendations
followed up had been implemented by the Service Unit. No outstanding
recommendations are required to be escalated to the Audit Committee at this
stage as they are being addressed by management (revised timescales agreed).
5.10
The auditee satisfaction score of 95% is exceeding the target of 75%,
demonstrating a very high level of satisfaction with the way in which audits are
conducted and the value of audit report recommendations. A blank questionnaire
sent to audit clients has been attached at Appendix D for information. The
questionnaire seeks to obtain objective client views on the audit process
undertaken to ensure effective service delivery.
6.
PUBLIC SECTOR INTERNAL AUDIT STANDARDS
6.1
The way in which Internal Audit should operate is contained in the Public Sector
Internal Audit Standards (PSIAS). A self assessment has been carried out which
demonstrates full compliance. In order to remain compliant an external review of
the Internal Audit service (required under the quality assurance attribute
standards) will need to be undertaken by 31st March 2018 (once every 5 years).
6.2
Options for carrying out the external assessment include –
 Peer Review (involving at least 3 organisations).
 External Audit (Grant Thornton)
 Chartered Institute of Public Finance Accounts (CIPFA)
 Institute for Internal Auditors (IIA)
 Another professional external organisation
6.3
There are a number of alternatives to the external assessment but this would
result in a technical non (full) compliance with the Standards. Alternatives are:
 Review of self assessment by Audit Committee members or a dedicated
working group
 Review of self assessment by other professional officers (e.g. Accountants)
 No assessment carried out
6
6.4
Before Members commit to a decision and in view of the potential shared
working opportunities with neighbouring councils, it is recommended to await the
outcome of these discussions, as this could result in a new requirement for a
combined service external assessment.
6.5
In the interim Members are as asked to consider the potential options for the
external assessment process part of the Public Sector Internal Audit Standards.
7.
FINANCIAL IMPLICATIONS
7.1
The Audit Plan is delivered within Financial Services base budget resources
approved as part of the wider Council’s budget setting process. The draft
2016/17 budget for Internal Audit is £446,000, (2015/16 was £439,000). This
budget will support 9.30 full time equivalent staff and all associated corporate
overheads including share of office accommodation costs.
8.
LEGAL IMPLICATIONS
8.1
There are no legal implications from this report.
9.
RISK MANAGEMENT IMPLICATIONS
9.1
There are no direct risk management implications from this report.
10.
EQUALITIES IMPLICATIONS
10.1 There are no equality implications from this report.
11.
CONCLUSIONS
11.1 The Assurance Framework assists Audit Committee Members in their
independent assurance role and identifies the scope of the Head of Internal
Audit’s annual opinion on the adequacy and effectiveness of the Council’s
control environment.
11.2
The draft 2016/17 Audit Plan has been produced and Members have been
given the opportunity to consider any further areas for inclusion.
11.3 Good progress has been made on the completion of the 2015/16 audit plan and
the target of at least 90% should be achieved.
Responsible Officer: Nigel Stannard, Head of Audit & Management Assurance
Report Author: Simon Milne, Management Auditor (Deputy CIA)
Background Papers: None
Appendices:
Appendix A
Appendix B
Appendix C
Appendix D
Assurance Framework
Core Audit & Assurance Plan 2016/17
Completion of Audit Plan 2015/16
Management Response Questionnaire
7