Appendix 6
Summary of Internal Audit Coverage for 2012/13
The following table sets out the proposed coverage of each audit identified in the Annual Audit Plan for 2012/13. The more detailed scoping
of reviews will be determined at the planning stage for each audit, with terms of reference being confirmed in audit briefs, drawn up in
consultation with client officers. Individual audits will also consider the quality of management information generated within the relevant
service area(s) to assist decision-making and performance monitoring, and there will additionally be some focus given to the monitoring of
corporate/service risks and ongoing maintenance of procedures and business continuity/disaster recovery plans, where appropriate.
Systems Audits
Title
Description
Corporate Governance and Risk
Management
This audit will assess the Council’s arrangements to ensure adequate systems of corporate governance and
risk management are in place, in order for the Head of Internal Audit to provide annual opinions in these
areas to inform the Annual Governance Statement. This audit becomes ever more important given that the
authority is currently going through a major management restructuring exercise, embarking on shared
service arrangements with Kings Lynn and West Norfolk Borough Council in the delivery of Revenues and
Benefits Services and seeking to implement the obligations placed upon it by the Localism Act.
Furthermore, as part of audit scrutiny of corporate governance provisions, there is also an intention to
examine the way in which business is handled by Committees, the decision making processes followed and
the level of challenge exercised, in order to review the overall effectiveness of arrangements.
Given the range of potential areas to cover by way of this audit, we will finalise the scope in the course of
detailed audit planning work with client officers, when we will seek to balance requirements for independent
assurance against the job budget available to perform this work.
Appendix 6
Summary of Internal Audit Coverage for 2012/13
Work to support the Annual
Governance Statement 2012/13
Payroll, Human Resources and
Officers’ expenses
This audit assesses the key controls in place over the Council’s fundamental financial systems that are not
otherwise subject to audit during the year, in order to provide assurances to the Head of Internal Audit and
Section 151 Officer that these controls are operating effectively ahead of preparation of the Annual
Governance Statement.
In addition, in order to satisfy the requirements of External Audit, we undertake additional testing where audit
work has been scheduled earlier in the financial year, to ensure our work is reflective of the whole year
period.
As far as Payroll and HR are concerned, this is an area where mandatory audits are required, the outcomes
of which will be subject to examination by External Audit. Furthermore, Internal Audit’s own annual audit
needs assessment classifies this service area as high risk, hence, a detailed systems audit is provided in the
Strategic Audit Plan on a 2-yearly basis, with further payroll key control testing undertaken annually as part
of the work to support the Annual Governance Statement.
An element of the review is dictated by the requirement to test the key controls operating in this area, in
particular:
• Controls over completeness and accuracy of data held on the payroll system
• Processing of payment runs
• Reconciliations of the payroll system
Exchequer Services
Potential audit coverage could also focus on the wider control environment, but the exact terms of reference
will be determined during the detailed audit planning process. However, aspects of review work could
additionally include compliance with PAYE legislation; the processing of officers’ expenses, sickness
absence monitoring; ongoing CRB checking and compliance with EU working directive.
This is a 2 yearly audit, and was last undertaken as part of the 2010/11 annual audit plan. The audit scope
will include coverage of a number of key controls identified by External Audit, in particular examining
arrangements such as:
• Segregation of duties in the ordering, receipting and paying of goods
• Establishment of new suppliers on the purchase ledger
• Authorisation of goods ordered and payments made
• Reconciliations of the purchase ledger
Appendix 6
Summary of Internal Audit Coverage for 2012/13
However, there is scope to focus on other associated areas, such as insurances or VAT payments. The
exact scope will be determined as part of the audit planning process.
Council Tax and NNDR
Housing Benefit and Council Tax
Benefit
The scope for this audit is again mainly dictated by the key controls that are required to be tested on a
cyclical (2-yearly) basis and as part of the work to support the Annual Governance Statement. The current
scheduling of this audit will enable timely review of the new arrangements operating with Kings Lynn and
West Norfolk. Particular areas of focus for this audit include:
• Establishment of new taxable properties / businesses on the Council Tax and NNDR system
• Amendments to properties, including application of discounts, exemptions and reliefs
• Reconciliation of data with other records, including Valuation Office records and the general ledger
• Monitoring and recovery of arrears
• Raising and notification of annual charges for Council Tax and NNDR.
With regards Council Tax and NNDR, the Coalition Government are proposing changes to the way that
these are locally administered, with authorities having greater flexibility in the way that Council Tax benefit is
awarded, and local retention of business rates. Closer to the timing of the audits, we will review the progress
of these central developments to assess the potential value of audit coverage in these areas.
This audit will cover the systems in place for the payment of Housing and Council Tax Benefit. As with
Council Tax and NNDR above, we will be reviewing the new operational arrangements with Kings Lynn and
West Norfolk. The audit will include the following:
• The accuracy of the input of claimant data on the system and the retention of supporting information
• The accuracy and authorisation of payments made to claimants
• The processes to ensure backdated claim and discretionary payments are appropriate
• The recovery and allocation of overpayments
• Procedures in place to investigate benefits fraud
• The process for verification visits and quality review of benefits claims
• The maintenance of the benefits system, including access, segregation of duties, and reconciliation
to other key financial systems.
In a similar manner to the Council Tax and NNDR developments above, there are proposals moving
forwards to create Universal Credit, which will fundamentally alter the way that Housing and Council Tax
Benefit is administered. Again, we will review the progress of these developments and the potential for audit
assurance closer to the time of detailed audit planning.
Appendix 6
Summary of Internal Audit Coverage for 2012/13
Strategic Housing and
Homelessness
Partnerships
Leisure Complexes, Other
Sports, Arts and Entertainment,
Pier Pavillion
Corporate Policy, Planning,
Performance Management
Property Services
Procurement
This audit was last undertaken in March 2010. It will examine the operation of the Council’s Housing
Register, compliance with the Council’s Housing Strategy, and delivery of services to homeless residents.
The audit may also assess how the Council is working to comply with the Localism Act principles in respect
of its housing allocation policy.
The County Council has recently announced that it is to cease funding on Local Strategic Partnerships
through second home monies, which has resulted in the Council exploring the ways forward for its Local
Area Partnerships.
Meanwhile, as previously reported to the Audit Committee, the Acting Accountancy Manager has been
undertaking work to assess the way the Council operates in partnership with other bodies, including
reviewing the partnership framework, and re-assessing the definitions used to identify significant partnership,
and then the governance arrangements the Council employs to review its partnerships. This audit will be
looking at the outcomes of this work, and in particular at any changes that arise as a result.
This audit was last undertaken as part of the 2010/11 audit plan. It examines two key Council contracts, with
DC Leisure (to manage the Splash Leisure and Fitness Centre, Victory Swim and Fitness Centre and
Fakenham Sport and Fitness Centre), and Openwide, to manage Cromer Pier Pavillion. The Openwide
Contract was extended for a further 5 years by Cabinet in October 2011.
The audit will assess the way that the Council ensures that key performance targets are met by the
Contractor, and obtains assurance in respect of these, and also examine arrangements for payment of
services.
This audit was due to take place as part of the 2011/12 Audit Plan, but subsequently was deferred to allow
time to perform corporate planning for 2012/13 in light of the new Corporate Strategy. In the past, audits in
this area have been focused on looking at specific performance indicators, however in light of the
Government’s abolition of a large number of such indicators, the audit is now focused on examining how
Councils manage their performance in light of their individual policies and objectives, as well as how those
objectives have been formed.
This audit will examine the arrangements in place to manage the Council’s property portfolio, including the
collection of rental income from tenants, and the maintenance arrangements in place. In particular, the audit
will examine the arrangements put in place to perform valuations of the Council’s properties, following the
issues raised by External Audit during their examination of the Council’s accounts for 2010/11.
This audit was last undertaken in 2009/10, and resulted in an “adequate” assurance being provided. The
audit essentially reviews how the Council obtains economy, efficiency and effectiveness in the way that it
procures goods and services, through assessing compliance with relevant procurement strategies and
Appendix 6
Summary of Internal Audit Coverage for 2012/13
contract procedure rules. Previous audits of this type both at North Norfolk and across the Audit Consortium
have been undertaken either through review of complex / large procurement exercises, or through analyses
of expenditure through the purchase ledger.
We have previously also included project management as part of this audit, however with the proposed
review of IT project management also included within the audit plan this year, we have removed this element
from the review and thus been able to reduce the audit budget.
Computer Audits
Project Management
Project management is the discipline of organising and managing resources in such a way that these
resources deliver all the work required to complete a project within defined scope, time, and cost constraints.
This review will look at how ICT projects are managed within the Council by looking at the process used for
one of the Council’s in-house application replacements and will examine such aspects as:
o Project Organisation;
o Business Context;
o Project Summary;
o Project Team;
o Third Parties;
o Project Management;
o Change Management and Control;
o System Requirements;
o Conversion Approach/Data Transfer; and,
o Backup and Recovery Arrangements (Project Data).
Having submitted audit coverage proposals to the Corporate Leadership Team, we have subsequently been
asked to explore the feasibility of delivering this piece of work in conjunction with an audit of the Cash
Receipting Application – i.e. a replacement application, and in amalgamating the two reviews, generate
savings in the overall job budget required.
We are currently investigating how to obtain maximum
assurance in the 2 areas and will be liaising further with management on this matter.
Appendix 6
Summary of Internal Audit Coverage for 2012/13
Data Centre, Back Up, Disaster
Recovery
Cash Receipting Application
Cedar Financial Application
The audit will look at how the Council manages its Data Centre, Data Backup processes and relevant
Disaster Recovery processes. In previous years this audit has been undertaken in conjunction with Business
Continuity, however, as Business Continuity is not an IT responsibility where Disaster Recovery is (although
feeding from the Business Continuity requirements), they are now treated as separate audits so
responsibility is no longer blurred between the two.
The Council replaced the Cash Receipting Application in November 2011. The audit will look at the following
aspects of the Application:
o Access Controls;
o Data Input;
o Data Processing;
o Data Output;
o Interfaces;
o Management Trails;
o Backup and Recovery; and
o Support Arrangements and Change Controls.
As mentioned above, we are also considering the potential for combining this review with that of Project
Management, in accordance with a request received from the Corporate Leadership Team.
Cedar is the Council’s financial system used for Accounts Payable, Accounts Receivable and General
Ledger. The audit will evaluate 6 key areas of the Application, namely:
o Access Controls;
o Data Processing;
o Interfaces;
o Management Trails;
o Backup and Recovery; and,
o Support Arrangements and Change Controls.
The detailed planning work for this review was carried out in January 2012, when there was an expectation
that this work could be brought forward to the 2011/12 Audit Plan. However, following further discussions
with management, it was agreed to delay the audit such that its original scheduling was applied after all.