Appendix A
Annual Review of the Effectiveness of Internal Audit
The Scope of this Review
The Head of Internal Audit has established a range of measures against
which to benchmark the effectiveness of the service. Each of these is
addressed in detail below:
Delivering the objectives of Internal Audit
The Terms of Reference for Internal Audit (approved by the Audit Committee)
set out three main objectives for the service:
Objectives
To provide an independent and
objective opinion on the control
environment, comprising risk
management, systems of internal
control and corporate governance, by
evaluating its effectiveness in
achieving the organisation’s
objectives
To deliver the requirements of the
financial procedure rules in
examining, reviewing and appraising
the extent to which the Council’s
assets are accounted for and
safeguarded from losses; the effect
and extent of the compliance with the
established financial policies,
procedures and code of practice; and
the relevant and effectiveness of
financial and other controls
To assist management in preventing
and detecting fraud and abuse
Means of delivery
The Head of Internal Audit provides
an annual opinion on the Council’s
system of internal control, and its
arrangements for corporate
governance and risk management.
To ensure independence all members
of the service, whether staff of South
Norfolk Council or the internal audit
contractor, complete an annual
declaration of interests, and comply
with an agreed code of ethics. No
issues have been identified
The Internal Audit Strategy and
Terms of Reference demonstrate that
internal audit reviews the system of
internal control in its entirety.
Individual audit assignments are
designed to ensure that the
requirements of financial procedure
rules are met.
Through undertaking in-depth
reviews, the service supports
management in minimising the risk of
fraud and abuse.
The Council’s whistleblowing policy
and procedure, and Internal Audit’s
terms of reference make clear the
supporting role of the Head of Internal
Audit in the investigation of potential
fraud and abuse.
Throughout the year, regular progress meetings are held with the Financial
Services Manager to discuss delivery of the Audit Plan and the service
generally. Each Audit Committee reviews Internal Audit activity, through
receiving progress reports from the Head of Internal Audit.
The Financial Services Manager has attended both meetings of the Norfolk
Internal Audit Consortium held during the year, providing the opportunity to
meet with all interested parties to review progress, discuss any issues arising,
and be advised of new developments to improve the service.
Complying with recognised good practice
CIPFA’s Code of Practice for Internal Audit in Local Government
The CIPFA Code of Practice for Internal Audit in Local Government lays down
the standards for internal audit. In both 2009/10 and 2010/11, the service at
North Norfolk District Council was fully compliant with this code.
CIPFA’s draft Statement on the Role of the Head of Internal Audit in
Local Government (December 2010)
This statement sets out the 5 principles that define the core activities and
behaviours that should belong to the role of the Head of Internal Audit, and
the organisational arrangements to support them. Those principles are:
•
•
•
•
•
Champion best practice in governance, objectively assessing the
adequacy of governance and management of existing risks,
commenting on responses to emerging risks and proposed
developments;
Give an objective and evidence based opinion on all aspects of
governance, risk management and internal control;
The Head of Internal Audit must be a senior manager with regular and
open engagement across the authority, particularly with the Leadership
Team and with the Audit Committee;
Lead and direct an internal audit service that is resourced to be fit for
purpose, and
Be professionally qualified and suitably experienced.
Each principle has associated requirements to demonstrate how they should
be employed in practice. Your Internal Audit service has been benchmarked
against these criteria, resulting in the following conclusions:
•
Internal Audit’s Terms of Reference should clarify the role of the Head
of Internal Audit within the Council’s governance structure
•
•
•
The Internal Audit Strategy should specify the extent to which the Head
of Internal Audit may place reliance on the work of third parties, when
forming her own view on the system of internal control
The Strategy should specify the limitations to be placed upon the giving
of Internal Audit’s assurances
The Head of Internal Audit has already identified the need to provide
further audit related training to members during 2011/12. Further
governance training needs, and who / how these should be delivered,
will be evaluated during the year.
Quality Standards applying to the Internal Audit Service
The Internal Audit service is benchmarked against a number of performance
indicators as agreed by the Audit Committee within the Terms of Reference
for Internal Audit. Performance against these targets for the year is outlined
within the table below:
Indicator
2009/10
Performance
98.7%
Comment
90%
2010/11
Performance
95%
100%
50%
79%
10 days
(average)
15.75
12.95
0 days
10.8
10.6
Number of days
between
completion of audit
fieldwork and draft
report issue
Number of days
between issue of
draft and final
reports
10 days
(average)
21.8
16.3
More detail provided in
“outstanding audit
recommendations” report
Performance has
continued to improve in
year and is exceeding
target
Although average times
have increased, this
relates to issues in
respect of a small
number of audits – and
more audits are meeting
target; issues on
individual audits related
to introduction of new
staff as noted below.
See below
15 days
(average)
17.1
19.7
Number of days
between
completion of
fieldwork and draft
report issue
Average score
given to audit
25 days
(average)
38.9
36.0
Adequate
(4 out of
Good
(5 out of 6)
N/A
% of audit
recommendations
accepted
% of high priority
recommendations
implemented
Days between
issue of audit brief
and fieldwork
commencing
Number of days
between expected
fieldwork
completion and
actual
Target
Performance has
marginally increased and
is nearing target. More
audits have met the
target.
This is the total of the two
indicators above.
We have changed
scoring systems during
feedback
6)
the year. Deloitte
continue to receive very
positive feedback from
staff.
As above, issuing draft reports within the target timeframes has proved
challenging for the audit service. Having considered this situation, we have
concluded that this has arisen from a variety of reasons, including:
• Managing the interaction between, and impact upon the Councils in
the consortium can be complex when one or more of those
Councils needs to make significant changes to their planned work
• The introduction of additional audit staff to deal with peak
workloads needs careful thought as the quality and effectiveness
can suffer due to lack of familiarity with clients and working
arrangements
We have already identified the following actions to improve performance
during 2011/12:
• The Deloitte field managers will not be undertaking audit fieldwork,
except in exceptional circumstances, leaving them available to
better manage the staff undertaking the fieldwork
• Audit work and audit reviews will be restricted to the core team of
auditors to improve effectiveness
• New audit staff introduced to the contract will receive more
intensive training
• Promotion of greater use of electronic files in place of manual
paper files (to reduce postal times)
• Reduction in audit workload in December when the core team’s
resources are depleted due to exams or training
However, these levels of performance have not impacted on our ability to
deliver the audit plan for 2011/12, or produce the Annual Report and Opinion.
Supporting the development of the System of Internal Control
There is clear evidence of internal control systems improving.
Within our annual report (elsewhere on this agenda), we have noted
improvements in the assurances provided in the areas of waste management,
Payroll and HR and Data Quality.
In a number of other reports we have also noted a reduction in the volume of
recommendations raised, indicating the existence of an improved level of
internal control.
In conjunction with management, we continue to monitor the status of agreed
actions via the TEN system. Periodic reports are provided to the Performance
and Risk Management Board and the Audit Committee on progress made.
Improving Service Delivery and Adding Value
Arising from our developing relationship with management, we are
increasingly being asked to provide advice, guidance and support - for
example:
•
•
•
We undertook reviews of procedures during the closure of the cash
office in September 2010.
We have started to provide advice on the new Revenues and Benefits
System and,
At management request, we undertook a review into aspects of the
procurement process in property services in November 2010.
We have reviewed our questionnaire used to obtain feedback from Service
Managers. As well as review of the performance in individual audit
assignments, we now seek opinions on items such as:
•
•
•
Whether the review has added value to their service
Whether a good understanding exists of the nature and operation of
the internal audit service
The quality of advice, guidance and general service offered by Internal
Audit.
In the changing environment in Local Government, we need to be flexible in
our approach. Our 2011/12 audit planning process involved careful
consideration to ensure those audits that offered most value and covered
areas of greatest risk were prioritised; for example, we have scheduled
reviews of the new waste management contracting arrangements and the
shared (with Kings Lynn and West Norfolk Borough Council) car parking
service
We have continued to produce quarterly audit newsletters and sought to
develop our skills and knowledge through
•
•
Regular meetings with other local authority auditors to discuss common
issues - such as the potential for more shared working with partner
organisations.
Attending training events in areas such as Counter Fraud and
Corruption and the Better Governance Forum Conference.
Our contract with Deloitte also allows for development of expertise and audit
innovation; one of our regular Deloitte staff is amongst the first in the country
to undertake CIPFA’s new Contract and Procurement Audit course, whilst two
staff have also received training on the principles of lean systems thinking and
piloted innovative reviews under such structures.
External Audit’s Reliance on Internal Audit’s Work
We continue to work closely with the Council’s External Auditors to deliver an
effective and efficient audit function.
A revised Audit Working Protocol was approved by the Audit Committee in
March 2011, and the Annual Audit Letter for 2010/11 re-enforces the intention
of External Audit to place reliance on the work performed by Internal Audit.
During the year, meetings have been held with the Engagement Leader and
Engagement Manager to evaluate how we can work most effectively together
to reduce the overall cost of audit to the Council.
Regular meetings are held between key audit staff to discuss progress, key
findings and issues arising.
Supporting an Effective Audit Committee
The Audit Committee undertakes periodic self-assessment exercises to
ensure they are compliant with best practice guidance as advocated in the IPF
publication, A Toolkit for Local Authority Audit Committees.
Since the previous exercise, considerable work has been undertaken to
ensure the Committee is, and remains fully compliant with this toolkit.