Audit Committee
6 March 2012
Agenda Item No______11_______
INTERNAL AUDIT’S TERMS OF REFERENCE, PERFORMANCE INDICATORS, CODE OF
ETHICS, STRATEGY, AUDIT PLANS AND SUMMARY AUDIT COVERAGE INFORMATION
FOR 2012/13
Summary:
This report provides an overview of the stages followed prior to
the formulation of the Strategic Audit Plan for 2012/13 to
2014/15, and the Annual Audit Plan for 2012/13. The Annual
Audit Plan will then serve as the work programme and initial
terms of reference for the Council’s Internal Audit Services
Contractor, Deloitte Public Sector Internal Audit Ltd, and provide
the basis upon which the Head of Internal Audit will
subsequently give Audit Opinions on the systems of internal
control and risk management, and corporate governance
arrangements at North Norfolk District Council for the year
2012/13.
The report additionally aims to clarify the links between Internal
Audit’s Terms of Reference, Performance Indicators, Strategy,
and its Strategic and Annual Audit Plans, as well as detailing the
way in which Internal Audit will operate at the Council in the year
ahead, in order to satisfy the CIPFA Code of Practice for Internal
Audit in Local Government and Statement on the Role of the
Head of Internal Audit in Public Service Organisations.
Conclusions:
Recommendations:
In reviewing and approving the audit documentation attaching to
this report, the Audit Committee is making appropriate
provisions to ensure that the Internal Audit requirements as
stated in the Accounts and Audit Regulations 2011 are being
properly met, and due support is being given to securing an
Internal Audit Service which is compliant with CIPFA guidance
on the subject.
The Committee is requested to approve:
• Internal Audit’s Terms of Reference and Performance
Indicators for 2012/13;
• Internal Audit’s Code of Ethics for 2012/13;
• Internal Audit’s Strategy for 2012/13;
• The Strategic Audit Plan for 2012/13 to 2014/15;
• The Annual Audit Plan for 2012/13; and,
• The Summary of Internal Audit Coverage for 2012/13.
Audit Committee
Cabinet member(s):
Wards:
Contact
Officer,
telephone
number,
and e-mail:
6 March 2012
All
All
Sandra King, Head of Internal Audit
01508 533863
scking@s-norfolk.gov.uk
1.
BACKGROUND
1.1
In accordance with statutory and best practice requirements, Internal Audit’s
Terms of Reference, Code of Ethics and Strategy are revisited annually, and
updated, where appropriate, after which an Annual Audit Needs Assessment is
performed, which further informs the Strategic Audit Plan and enables it to be
rolled forward by 12 months. From this amended documentation, it is then
possible to extract the Annual Audit Plan for the new financial year. This report
thus contains the outcomes of the review process that has been performed in
Quarters 3 and 4 of 2011/12, to determine the audit approach to be adopted in
2012/13, whilst also setting out the parameters within which the Internal Audit
Services contractor will work alongside the audit management team to deliver
internal audit coverage at the Council throughout the coming year.
1.2
When conducting the audit needs assessment exercise for 2012/13, Internal
Audit has been ever mindful of the financial pressures facing the authority both
currently and in future years.
We are also aware of recent developments
affecting the Council, namely the appointment of a new Chief Executive,
formation of a new Strategic Leadership Team and a current restructuring
exercise at Service Manager/Heads of Service level. Aside from these significant
management restructuring initiatives, we also understand that the Revenues and
Benefits Shared Service arrangements with Kings Lynn and West Norfolk
Borough Council are progressing well and that from August 2012; the Council is
seeking to join the CNC Building Control Partnership.
2.
INTERNAL AUDIT’S TERMS OF REFERENCE, 2012/13
2.1
The Terms of Reference for Internal Audit are attached at Appendix C, whilst
accompanying performance indicators against which the Internal Audit Service
will be evaluated are listed at Appendix D. Our terms of reference form the
basis under which Internal Audit operates at the Council. This year, we have
found it necessary to make a number of revisions:
o To reflect the Accounts and Audit Regulations 2011 (see Section 1 –
Statutory Basis for Internal Audit),
o To align to the Council’s Financial Regulations updated on 6 April 2011
(resulting in changes to Sections 2 and 7).
o To elaborate further on liaison arrangements with other Council’s Internal
Audit Service providers in the event of shared service arrangements being
developed between their organisations and North Norfolk District Council, as
well as stating the ground rules to be followed for undertaking audit work on
behalf of other Councils, which are not currently participating members of the
Norfolk Internal Audit Consortium and conversely, to consider how reliance
might be placed on other Internal Audit Service providers’ work by North
Norfolk’s Head of Internal Audit (reference paragraphs 3.6 and 3.7).
Audit Committee
6 March 2012
o To update information concerning the computer audit needs assessment
process (as detailed in paragraph 6.5)
o To recognise recent staffing changes at the authority (which has had
implications throughout the Terms of Reference).
2.2
We have also expanded our Performance Indicators at Appendix D, to
recognise that in the course of 2012/13, we will be aiming to achieve full
compliance with the CIPFA Statement on the Role of the Head of Internal Audit.
3.
INTERNAL AUDIT’S CODE OF ETHICS, 2012/13
3.1
The Code of Ethics sets out the expected behaviours of Internal Audit Staff and
can be found at Appendix E. We have added a new paragraph 4.2 to reflect
that the Head of Internal Audit should be carrying out his/her duties in
accordance with best practice guidance circulated by CIPFA and additionally
revised Section 6 so that is more concise.
4.
INTERNAL AUDIT STRATEGY, 2012/13
4.1
The Internal Audit Strategy, at Appendix F, sets out how Internal Audit develops
and delivers Strategic and Annual risk-based Audit Plans. In developing the
Strategy for 2012/13, members should note that we are now formulating 3-Year
rather than 5-Year Strategic Audit Plans. This has been done following a review
of latest CIPFA guidance on the drawing up of Audit Plans and feedback
received following consultations with Section 151 Officers across the Norfolk
Internal Audit Consortium about changing our original approach to long term
audit planning.
4.2
In developing the Strategy for 2012/13, we have introduced some enhancements
this year to the documentation, in order to provide a greater insight into the
factors which have collectively influenced strategic audit planning proposals,
clarify further the computer audit needs assessment process and the nature of
computer audit input earmarked for future delivery, whilst commenting too on the
level of consultation that has occurred when seeking to agree the extent and
detailed focus of audit coverage required for 2012/13 onwards.
4.3
At paragraph 3.5 of the Strategy, there is also reference made to a request from
the Corporate Leadership Team to undertake a discrete piece of work linked to
the evolving Revenues and Benefits Shared Service arrangements between
North Norfolk District Council and Kings Lynn and West Norfolk Borough Council.
To date, there has not been an opportunity to compile terms of reference for this
review and in so doing, identify the job budget required to undertake this special
project. As a consequence, the Strategic and Annual Audit Plans have yet to
feature this ad-hoc piece of work requested by senior management.
5.
THE STRATEGIC AUDIT PLAN, 2012/13 TO 2014/15
5.1
The Strategic Audit Plan, at Appendix G, provides an overview of the envisaged
audit coverage over the next three years, based on the Audit Needs Risk
Assessment. However, some caution should be exercised when reviewing this
paper; whilst it is useful in providing an overview and indicating where service
reviews may take place, current changes to service delivery models and
collaborations with other Councils may lead to significant revision being required
Audit Committee
6 March 2012
to this document year-on-year. We will continue to undertake Annual Audit
Needs Assessments that identify the requisite level of audit coverage based on
the existing conditions and anticipated changes at that time.
5.2
It is also important to note that the Strategic Plan is currently adhering to the
Organisational Structure in place prior to January 2012. It is not feasible at
present to apply a different format as areas of responsibility for the newly
appointed Chief Executive and Strategic Directors are still subject to review and
current consultations regarding the next tier of management and individual
officers’ spheres of control are likewise being reassessed. With the agreement
of Corporate Leadership Team, the Strategic Plan therefore adopts the same
layout as that applied for 2011/12 planning purposes.
6.
THE ANNUAL AUDIT PLAN, 2012/13
6.1
The Annual Audit Plan is included at Appendix H. This is a sub-set of the overall
Strategic Audit Plan, again derived from the Audit Needs Risk Assessment.
Having produced an outline Annual Audit Plan, we have consulted with the
Deputy Section 151 Officer, the Chief Executive and the Strategic Directors to
discuss and agree overall audit coverage, the potential timing of reviews and,
wherever possible, minimise disruption to staff when undertaking audit work in
the course of the forthcoming year. Our consultations with management did
result in one change to our original timetabling proposals. We have been asked
to delay our review of Corporate Policy, Planning and Performance Management
from April to July 2012, in view of the management restructuring programme
being followed at present.
The 3-month deferment should enable a more
constructive audit to be performed in the second quarter of the year.
6.2
The new Annual Audit Plan envisages a total of 212 days to be delivered in
2012/13, compared with 217 days attaching to the revised Audit Plan for
2011/12, although original provisions for 236 days had been approved by the
Audit Committee in March 2011.
7
SUMMARY OF PROPOSED AUDIT COVERAGE, 2012/13
7.1
The Summary of Audit Coverage, included at Appendix I, provides an oversight
into the type of issues that will be considered within each audit undertaken, and
why the individual service has been selected for audit scrutiny in the forthcoming
year. The information supplied at this stage is designed to provide an overall
framework for next year’s audit, although it is the more detailed planning work
performed by the Internal Audit Services contractor in conjunction with service
management that provides greater understanding and recognition of the relative
key controls and risks facing the service and where audit input would be most
beneficial.
8
LEVELS OF ASSURANCE AWARDED FROM 2008/09 ONWARDS
8.1
This year, for the first time, the latest position regarding assurances awarded is
also attached with audit planning information. This has been done to provide
members with an overview as to how the internal control environment has been
developing in recent years and to list the outcomes of our work to date.
Appendix J has been provided for this purpose and members will note the
proposed audits for 2012/13 are identified by way of a cross appearing in the
table. Similarly, we are still working on a number of 2011/12 audits and until
Audit Committee
6 March 2012
such time as the final reports are issued, we have indicated with a cross where
this work is on-going.
9.
OPTIONS
9.1
The Audit Plans presented have been derived from the Annual Audit Needs
Assessment undertaken by the Head of Internal Audit. Failure to support these
plans, and potentially consider further reductions in the audit coverage, could
result in the Head of Internal Audit not being able to provide the requisite annual
audit opinions, and may lead to the Council’s External Auditors having to
increase the work they are required to perform.
10.
RISK IMPLICATIONS
10.1
As mentioned above at paragraph 9.1, a failure to approve the Plans presented
could result in additional risks to the authority, through the Head of Internal Audit
not being able to provide the necessary opinions, and the External Auditors being
required to perform additional audit testing. There is also the risk that reductions
in Internal Audit coverage could lead to ongoing weaknesses in the internal
control environment at the Council not being detected and reported upon, and
subsequently resolved through remedial work being taken.
11.
FINANCIAL IMPLICATIONS
11.1
The affordability of the proposed Annual Audit Plan for 2012/13 has been
discussed with the Deputy Section 151 Officer and it has been confirmed that
appropriate funding has been budgeted to meet the costs of the Internal Audit
Service provision being put forward for 2012/13.
Appendices attached to this report:
Appendix C: Terms of Reference for Internal Audit for 2012/13
Appendix D: Performance Indicators for the Internal Audit Service
Appendix E: Internal Audit – Code of Ethics for 2012/13
Appendix F: Internal Audit Strategy for 2012/13
Appendix G: Strategic Audit Plan – April 2012 to March 2015
Appendix H: Annual Audit Plan – April 2012 to March 2013
Appendix I: Summary of Internal Audit Coverage for 2012/13
Appendix J: Levels of Assurance Awarded from 2008/09 onwards