Please Contact: Tessa Gilder-Smith
Please email: Tessa.Gilder-Smith@north-norfolk.gov.uk
Please Direct Dial on: 01263 516047
09 June 2014
A meeting of the Audit Committee of North Norfolk District Council will be held in the
Committee Room at the Council Offices, Holt Road, Cromer on Tuesday 17 June 2014 at
2.00 pm
Members of the public who wish to ask a question or speak on an agenda item are
requested to arrive at least 15 minutes before the start of the meeting. It will not always be
possible to accommodate requests after that time. This is to allow time for the Committee
Chair to rearrange the order of items on the agenda for the convenience of members of the
public. Further information on the procedure for public speaking can be obtained from
Democratic Services, Tel: 01263 516047, Email: democraticservices@north-norfolk.gov.uk
Sheila Oxtoby
Chief Executive
To: Mr N D Dixon, Mr B Jarvis, Mrs A Moore, Miss B Palmer, Mr R Reynolds and Mr D
Young
All other Members of the Council for information.
Members of the Management Team, appropriate Officers, Press and Public
If you have any special requirements in order to attend this meeting, please let us
know in advance
If you would like any document in large print, audio, Braille, alternative format or in a
different language please contact us
Chief Executive: Sheila Oxtoby
Strategic Directors: Nick Baker and Steve Blatch
Tel 01263 513811 Fax 01263 515042 Minicom 01263 516005
Email districtcouncil@north-norfolk.gov.uk Web site northnorfolk.org
AGENDA
1.
TO RECEIVE APOLOGIES FOR ABSENCE
2.
PUBLIC QUESTIONS
To receive public questions, if any
3.
ITEMS OF URGENT BUSINESS
To determine any items of business which the Chairman decides should be
considered as a matter of urgency pursuant to Section 100B(4)(b) of the Local
Government Act 1972.
4.
DECLARATIONS OF INTEREST
Members are asked at this stage to declare any interests that they may have in any
of the following items on the agenda. The Code of Conduct for Members requires
that declarations include the nature of the interest and whether it is a disclosable
pecuniary interest.
5.
(Page 1)
MINUTES
To approve as a correct record, the minutes of the meeting of the Audit Committee
held on 17 March 2014.
6.
AUDIT UPDATE AND ACTION LIST
(Page 6)
To monitor progress on items requiring action from the meeting of 17 March 2014,
including progress on implementation of audit recommendations
7.
AUDIT COMMITTEE WORK PROGRAMME
(Page 7)
To review the Audit Committee Work Programme.
8.
PROGRESS ON INTERNAL AUDIT ACTIVITY
(Page 8)
Summary:
This report examines the progress made between 26
February and 23 April 2014 in relation to delivery of the
Annual Audit Plan for 2013/14, and provides a year end
position.
Conclusions:
A total of 3 audit assignments have been processed during
the period covered by this report, with the year-end position
reflecting positive assurances awarded on conclusion of the
majority of audit reviews.
Recommendations:
It is recommended that the Committee notes the outcome of
the audits completed between 26 February and 23 April 2014
where assurance levels have been given and the progress
made at financial year end with the annual audit plan.
Cabinet member(s):
Ward(s) affected
Contact Officer, telephone
number, and e-mail:
All
All
Emma Hodds, Internal Audit Consortium Manager
01508 533791, ehodds@s-norfolk.gov.uk
9.
FOLLOW UP ON INTERNAL AUDIT RECOMMENDATIONS 1 NOVEMBER 2013
TO 31 MARCH 2014
(Page 24)
Summary:
This report provides an overview of progress made in
implementing agreed audit recommendations due for
completion in the second half of the financial year, and
provides a year end position.
Conclusions:
Steady progress has been achieved in relation to the
completion of agreed Internal Audit recommendations.
Recommendations:
It is recommended that the Committee notes management
action taken to date regarding the delivery of audit
recommendations.
Cabinet member(s):
Ward(s) affected
Contact Officer, telephone
number, and e-mail:
10.
All
All
Emma Hodds, Internal Audit Consortium Manager
01508 533791, ehodds@s-norfolk.gov.uk
INTERNAL AUDIT CONSORTIUM MANAGER’S ANNUAL REPORT AND
OPINION FOR 2013/14 IN RESPECT OF NORTH NORFOLK DISTRICT COUNCIL
(Page 31)
Summary:
This report has been developed to satisfy the mandatory
requirements of the new Public Sector Internal Audit
Standards (PSIAS), effective from 1 April 2013, and
specifically Standard 2450, concerning the provision of an
annual audit opinion on the overall adequacy and
effectiveness of the organisation‟s framework of governance,
risk management and control, which, in turn, should be used
to inform the Council‟s Annual Governance Statement.
The report also seeks to confirm compliance with the
Accounts and Audit (England) Regulations 2011, whereby the
Council is required to „undertake an adequate and effective
internal audit of its accounting records and of its system of
internal control in accordance with the proper practices in
relation to internal control‟.
To demonstrate that this authority has met its statutory
requirements, as recognised above, the Internal Audit
Consortium Manager has produced this Annual Report and
Opinion, drawing upon the outcomes of Internal Audit work
performed over the course of the year, to formulate an
opinion concerning the overall internal control environment
which has been operating at the Council throughout 2013/14.
The report also reviews the effectiveness of the Internal Audit
Service, in particular; the degree of conformance with the
PSIAS and the results of any quality assurance and
improvement programme, the outcomes of the performance
indicators and the degree of compliance with CIPFA‟s
Statement on the Role of the Head of Internal Audit.
Conclusions:
On the basis of Internal Audit work performed during 2013/14,
the Internal Audit Consortium Manager is able to give an
adequate opinion on the framework of governance, risk
management and control at North Norfolk District Council.
Recommendations:
It is It i IIt is recommended that the Committee:
1. Receive and consider the contents of the Annual
Report and Opinion of the Internal Audit Consortium
Manager.
2. Note that an adequate audit opinion has been given
in relation to the framework of governance, risk
management and control for the year ended 31
March 2014.
3. Note that the opinions expressed together with
significant matters arising from internal audit work
and contained within this report should be given due
consideration, when developing and reviewing the
Council‟s Annual Governance Statement for 2013/14.
4. Note the conclusions of the Review of the
Effectiveness of Internal Audit.
Cabinet member(s)
Wards:
Contact Officer,
telephone number,
and e-mail:
11.
All
All
Emma Hodds, Internal Audit Consortium Manager
01508 533791
ehodds@s-norfolk.gov.uk
AUDIT COMMITTEE SELF-ASSESSMENT
(Page 48)
(Appendix A page 50)
Summary:
The Chartered Institute for Public Finance and Accountancy
(CIPFA) “Toolkit for Local Authority Audit Committees”
identifies that it is good practice for Audit Committees to
complete a regular self-assessment exercise against the
checklist of operational requirements, to be satisfied that
the Committee is performing effectively. The results of this
assessment are attached at Appendix A to this report and
highlights where recognised best practice has been
achieved.
Conclusions:
Undertaking a review of its performance against best
practice has ensured that the Committee has properly
assessed the way in which it discharges its duties. This
review has highlighted that the Committee effectively
discharges its duties in relation to best practice.
Recommendations:
Members of the Committee are requested to approve the
summary report and the detailed checklist.
Cabinet member(s):
Ward(s) affected
Contact Officer, telephone
number, and e-mail:
All
All
Emma Hodds, Internal Audit Consortium Manager
01508 533791, ehodds@s-norfolk.gov.uk
12.
CORPORATE RISK REGISTER
13.
BUSINESS CONTINUITY PLAN REVIEW
(Page 64)
The Civil Contingencies Manager will provide an oral update on this item at the
meeting
14.
EXCLUSION OF THE PRESS AND PUBLIC
To pass the following resolution, if necessary:
“That under Section 100A(4) of the Local Government Act 1972 the press and public
be excluded from the meeting for the following items of business on the grounds that
they involve the likely disclosure of exempt information as defined in
of Part I
of Schedule 12A (as amended) to the Act.”
Agenda item _5_
AUDIT COMMITTEE
Minutes of a meeting of the Audit Committee held on Monday 17th March 2014 in the
Committee Room, Council Offices, Holt Road, Cromer at 2.00 pm.
Members Present:
Mr N Dixon (Chairman)
Mrs A Moore
Mr D Young
Committee:
Miss B Palmer
Mr R Reynolds
Mr R Shepherd (sub)
Officers in
Attendance:
The Head of Finance, the Internal Audit Consortium Manager, the
Democratic Services Officer
Also in
attendance:
Julian Rickett, Aphrodite Antoniades (PricewaterhouseCoopers)
44.
APOLOGIES
Apologies were received from Mr B Jarvis. Mr R Shepherd was present to act as a
substitute.
45.
PUBLIC QUESTIONS
None received.
46.
ITEMS OF URGENT BUSINESS
None received.
47.
DECLARATIONS OF INTEREST
None
48.
MINUTES
The Minutes of the meeting of the Audit Committee held on 10 December 2013 were
approved as a correct record and signed by the Chairman.
49.
AUDIT UPDATE AND ACTION LIST
Members were updated on progress on actions arising from the minutes of the meeting
of 10 December 2013. All actions on the action list had been completed previously or
were in progress of being completed. Regarding 4.2, „Indicative certification fee‟, this
was included in the agenda under item 8.
Audit Committee
1
17 March 2014
50.
AUDIT COMMITTEE WORK PROGRAMME
The committee discussed the committee work programme. The Internal Audit
Consortium Manager commented on the item „self-assessment‟, in the work
programme for June 2014, explaining that she would circulate a questionnaire prior to
the agenda deadline to members of the committee, to then be taken for discussion at
the meeting.
The committee approved the work programme for 2014/15.
51.
ANNUAL CERTIFICATION REPORT 2012/13
Ms A Antoniades of PricewaterhouseCoopers introduced this report. She explained
that it was the final external audit report for the year and followed a prescribed format,
providing members with a high level overview of the work carried out during the year.
She explained that page 17 presented the certification fees for the year, with the
extended testing representing the added fees. The Chairman then invited members to
ask questions.
1. Mr R Reynolds referred to page 15 of the report, querying why the sample size was
so small regarding the misclassification of reason for the overpayment of benefits.
Mr D Young also regarding this queried why the error rate was so high
(approximately 30%). Ms A Antoniades explained that the sample size was derived
via a prescribed methodology given by the Department of Work and Pensions. Mr J
Rickett further explained that the initial sample size was a statistical representation
of the data, however if an error occurred, extended “40+” testing would take place
with a larger sample size. He further explained with regards to Mr D Young‟s
question, housing council tax benefits claims, for example, was a complicated
claims process, which could result in errors. This, on top of normal human error
resulted in the error level seen; which wasn‟t unusual in a local authority. Mr D
Young went on to query if the level of error had been reduced since this period. Mr
J Rickett replied that a lower fee may be indicative of improvement, as it could be
symptomatic of improved confidence. However as they had not completed any
testing for 13/14 yet they could not be sure. Further to this, changes to the
Revenues and Benefits computer system were not necessarily beneficial to
reducing error levels.
2. Mr D Young referred to page 18 and queried what the level of error was with
regards to Housing and Council Tax Benefits Subsidy. Mr J Rickett replied that it
could be around £1000 within the £36 million however this would not be a material
figure. Mr R Reynolds also commented that as explained on page 19, the
discrepancies between the old and new computer systems could be an explanation
for errors.
3. The Chairman queried the recommendations on page 19 of the report, asking if
they were meaningful enough. He went on to ask what the common factors of
errors were. The Head of Finance replied that as previously mentioned issues with
the revenues and benefits system were a significant factor as it impacted
performance. She explained that internal audit had produced limited assurances
but the system would be reviewed in the coming year and that the service area
was moving in the right direction. She believed the level of errors from this
particular audit to be both circumstantial and extraordinary. The Chairman queried
if this would be reflected in the work of internal audit later in the year. The Internal
Audit Consortium Manager replied that the service was looking at training and
quality assurance to ensure mitigation and control.
The Chairman thanked members and officers for their comments and the committee
Audit Committee
2
17 March 2014
NOTED
The report.
52.
EXTERNAL AUDIT PLAN 2013/14
Mr J Rickett of PricewaterhouseCoopers introduced this report. He explained that the
report contained the details for the external audit plan for 2013/14. He went on to
comment on some of the details, explaining that PricewaterhouseCoopers were
appointed as external auditors of NNDC by the Audit Commission and were mandated
to follow the International Standards on Auditing (ISAs). He explained that their
responsibilities were set out on page 25 of the report. Ms A Antoniades expanded on
this explanation, explaining the team used a risk-based audit approach using
discussions with management and sector and cumulative area knowledge. She
explained pages 27-29 presented what the audit risks for the authority were, with page
30 providing details of levels of triviality and materiality of error. Page 36 of the report
detailed indicative fees for the work commissioned, as well as additional fees for the
previous years‟ work. She explained that some of the fees were subject to a number of
assumptions regarding days of work, and also that they were awaiting information
regarding the need for audits of council tax benefits expenditure, which may change
fee levels. She also explained that appendix E presented changes regarding overseas
processing of information, but that the Audit Commission were comfortable with this
process. The Chairman thanked PwC representatives for their information and then
invited members to ask questions.
1. Mr R Reynolds referred to page 34 of the report, querying whether fraud could be
seen ever as unintentional. The Head of Finance replied that there could be fraud
that was missed via human error, but generally fraud implied a degree of intent.
The Internal Audit Consortium Manager also commented that there were generally
controls in place to pick up on these human errors.
2. The Chairman queried recent changes by the DWP regarding thresholds for
investigating fraud. The Head of Finance replied that whilst the DWP had issued
guidance that they would not be investigating fraud below values of £1500, this did
not necessarily apply to the authority. Where the DWP may not take action, NNDC
still could. Mr R Shepherd queried if this was due to the economic viability of
investigating fraud below this level, which the Head of Finance confirmed. Mr J
Rickett commented that it might be considered to issue a counter statement. The
Chairman replied that he had originally seen the information in a publication put out
by NNDC, which did indeed state that they may act differently to DWP.
3. Mr D Young referred to the levels of materiality and triviality as detailed on page
30, querying how these levels were decided. Mr J Rickett replied that the ISAs
(International Standards on Auditing) set out requirements but that PwC used 2%
as their materiality level. With regards to triviality, currently at 5% of the 2% figure,
it did not mean that errors below this level were not noticed or reported- in fact the
finance team were made aware of all levels of error- but rather that they were not
formally reported and errors below this level would not necessarily change the
fairness or accuracy of the authority‟s funds.
The Chairman thanked members for their questions and the committee
APPROVED
The External Audit Plan for 2013/14
Audit Committee
3
17 March 2014
53.
INTERNAL AUDIT’S CHARTER, CODE OF ETHICS, AUDIT STRATEGY,
STRATEGIC AND ANNUAL PLANS, SUMMARY OF INTERNAL AUDIT COVERAGE
AND PREFORMANCE INDICATORS FOR 2014/15
The Internal Audit Consortium Manager introduced this item. She explained that she
would pick up a few salient aspects of the report for explaining to the committee. Page
53 detailed the new Audit Charter, defining the role of Internal Audit at NNDC in
primarily the same way as the previous terms of reference did. She explained that for
the coming year they had two pieces of audit work planned in Development
Management and in Revenues and Benefits which had been deferred from the
previous year. She concluded that the audit work for 2014/15 would total 218 days
across 17 assignments. The Chairman invited members to ask questions.
1. Mrs A Moore referred to page 61, and queried what a „hold harmless‟ letter was.
The Internal Audit Consortium Manager replied that this was an indemnification
clause within the consortium which prevented responsibility from being given to
Mazars for the effects of any audit process.
2. Mr D Young referred to page 79 and the details of computer audit, querying why
those with a „very high‟ risk level were not audited on an annual basis. The Internal
Audit Consortium Manager explained that as computer audit was a specialist audit,
they had different frequencies, being only bi-annual at the very most.
3. Mrs A Moore also discussed computer audit, querying management issues which
detailed significant risk, however did not have a scheduled audit in place. The
Internal Audit Consortium Manager explained that due to a restricted number of
audit days it wasn‟t always possible to audit everything. It was, however, on the
reserve list.
The Chairman thanked members for their comments and the Internal Audit Consortium
Manager for her report. The committee then
APPROVED
The Internal Audit Charter, Code of Ethics, Audit Strategy, Strategic and Annual Plans,
Summary of Internal Audit Coverage and Performance Indicators for 2014/15.
54.
PROGRESS REPORT ON INTERNAL AUDIT ACTIVITY, 26 NOVEMBER 2013 TO
25 FEBRUARY 2014
The Internal Audit Consortium Manager introduced this report. She explained that this
was a brief report updating members on internal audit activity. She also confirmed that
the audit work was now close to 98% completion, which was down to timings of
changes in service areas and there was no cause for concern. The main area left with
audit activities was sundry debtors. She estimated that there were 3-4 days more work
left in the audit calendar. The Chairman invited members to ask questions.
1. Mr D Young queried what kind of work sundry debtors were invoiced for. The
Internal Audit Consortium Manager explained that they were used for services
invoiced often of modest value. The Head of Finance also commented that she
could provide a definition for what defined „small value‟ if it was of interest to the
committee. Mr D Young queried if credit checks were performed on sundry debtors.
The Head of Finance replied that no they were not, as they were for such small
amounts that it did not make the checks worthwhile.
Audit Committee
4
17 March 2014
The Chairman thanked members for their comments and the committee
NOTED
The report.
The meeting ended at 3.08 pm
______________________
Chairman
Audit Committee
5
17 March 2014
Agenda Item 6
AUDIT COMMITTEE 17 DECEMBER 2014 – ACTIONS ARISING FROM THE
MINUTES
7. Audit Work
Programme
10. Internal Audit
Charter etc
To streamline reports as and when required in order
to reduce repetitiveness. To ensure members
received the full details and information on an
appropriately timed basis.
Emma Hodds
To provide members with details of the selfassessment process prior to the following audit
committee meeting
Emma Hodds
To continue to work to ensure colours of reports
were appropriate for legibility purposes.
Tessa GilderSmith
To ensure Emma Hodds is minuted correctly as
‘Internal Audit Consortium Manager’
Tessa GilderSmith
6
Agenda Item 7
AUDIT COMMITTEE WORK PROGRAMME 2014 – 2015
JUNE 2014
SEPTEMBER
2014
DECEMBER
2014
MARCH 2015
PWC
PWC 2012/13
Annual
Governance report
(ISA260)
Annual Audit
Letter (PWC)
Audit Plan (PWC)
(with overview)
Annual Grant
Certification Report
Half yearly
progress
reports on the
overall
performance of
the audit
contract
Quarterly
Summaries of
completed audits
Report on
follow-up work
Audit Plan
Protocol for liaison
between internal
and external
auditors
Internal Audit
Annual report and
opinion (including
Annual Review of
the Effectiveness
of Internal Audit)
Progress on
Internal Audit
Activity
Status of agreed
actions
Undertake selfassessment
NNDC
Corporate Risk
Register/ risk
management
framework
Business
Continuity Plan
Review
Quarterly
Summaries of
completed audits
Internal Audit
training
Statement of
Accounts (+
informal training)
Business
Continuity
Monitoring
Officer’s Report
Local Code of
Corporate
Governance and
Action Plan –
update and Annual
Governance
Statement 2012/13
– update
Review of
Pensions liability
7
Corporate Risk
Register
Risk Management
Framework
Audit Committee
17 June 2014
Agenda Item No______8_______
Progress Report on Internal Audit Activity – 26 February to 23 April 2014
Summary:
This report examines the progress made between 26 February
and 23 April 2014 in relation to delivery of the Annual Audit Plan
for 2013/14, and provides a year end position.
Conclusions:
A total of 3 audit assignments have been processed during the
period covered by this report, with the year-end position
reflecting positive assurances awarded on conclusion of the
majority of audit reviews.
Recommendations:
It is recommended that the Committee notes the outcome of the
audits completed between 26 February and 23 April 2014 where
assurance levels have been given and the progress made at
financial year end with the annual audit plan.
Cabinet member(s):
Ward(s) affected:
All
All
Emma Hodds, Internal Audit Consortium Manager
01508 533791, ehodds@s-norfolk.gov.uk
Contact Officer, telephone
number, and e-mail:
1.
Background
1.1.
This Activity Report seeks to build on the findings of the previous three Progress
Reports provided to members in September and December 2013 and March
2014, examining further progress made with regards to progressing assignments
featuring in the approved Annual Internal Audit Plan for 2013/14, which was
endorsed by the Audit Committee on 19 March 2013.
2.
Overall Position
2.1.
The overall position in relation to the progress made against the Internal Audit
Plan is within the attached report.
3.
Conclusion
3.1
Good progress has been made with the delivery of the Audit Plan; positive
assurances have been awarded in the majority of areas and all planned work has
been completed.
8
Audit Committee
17 June 2014
4.
Recommendation
4.1
It is recommended that members note the outcomes of the completed audits and
the progress made at financial year-end.
Appendices attached to this report:
Progress Report on Internal Audit Activity
9
NORFOLK INTERNAL AUDIT CONSORTIUM
NORTH NORFOLK DISTRICT COUNCIL
PROGRESS REPORT ON INTERNAL AUDIT ACTIVITY
PERIOD COVERED: - 26/02/2014 TO 23/04/2014
RESPONSIBLE OFFICER
EMMA HODDS – INTERNAL AUDIT CONSORTIUM MANAGER (IACM)
Page 1 of 14
10
CONTENTS
1. INTRODUCTION ............................................................................................................. 3
2. SIGNIFICANT CHANGES TO THE APPROVED AUDIT PLAN ...................................... 3
3. PROGRESS MADE IN DELIVERING THE AGREED AUDIT WORK ............................. 3
4. THE OUTCOMES ARISING FROM OUR WORK ........................................................... 3
APPENDIX 1 – PROGRESS IN COMPLETING THE AGREED AUDIT WORK .................. 6
APPENDIX 2 – AUDIT REPORT EXECUTIVE SUMMARIES ............................................. 8
Page 2 of 14
11
1.
INTRODUCTION
1.1
This report is issued to assist the Authority in discharging its responsibilities in relation to the
internal audit activity.
1.2
The Public Sector Internal Audit Standards also require the Chief Audit Executive (known in
this context as the Internal Audit Consortium Manager) to report to the Audit Committee on
the performance of internal audit relative to its plan, including any significant risk exposures
and control issues. The frequency of reporting and the specific content are for the Authority
to determine.
1.3
To comply with the above this report includes:


Any significant changes to the approved Audit Plan;
Progress made in delivering the agreed audits for the year;
Any significant outcomes arising from those audits.
2.
SIGNIFICANT CHANGES TO THE APPROVED AUDIT PLAN
2.1
Apart from the changes to the plan previously reported to the Audit Committee, there are no
further amendments that require reporting.
3.
PROGRESS MADE IN DELIVERING THE AGREED AUDIT WORK
3.1
The current position in completing audits to date within the financial year is shown in
Appendix 1 and progress to date is in line with expectations. Details of any specific audit
report can be provided on request.
3.2
In summary 186 days of programmed work has been completed, equating to 100% of the
(revised) Audit Plan for 2013/14.
4.
THE OUTCOMES ARISING FROM OUR WORK
4.1
On completion of each individual audit an assurance level is awarded using the definitions
shown in the table below.
Good
There is a sound system of internal control designed to achieve the
client‟s objectives.
The control processes tested are being consistently applied.
Adequate
While there is a basically sound system of internal control, there are
weaknesses, which put some of the client‟s objectives at risk.
There is evidence that the level of non-compliance with some of the
control processes may put some of the client‟s objectives at risk.
Limited
Weaknesses in the system of internal controls are such as to put the
client‟s objectives at risk.
The level of non-compliance puts the client‟s objectives at risk
Unsatisfactory
Control processes are generally weak leaving the processes/systems
open to significant error or abuse.
Significant non-compliance with basic control processes leaves the
Page 3 of 14
12
processes/systems open to error or abuse
4.2
4.3
Recommendations made on completion of audit work are prioritised using the definitions
shown in the table below.
High
A fundamental weakness in the system that puts the Council at risk. To be
addressed as a matter of urgency, within a 3 month time frame wherever
possible, or, to put in place compensating controls to mitigate the risk identified
until such time as full implementation of the recommendation can be achieved.
Medium
A weakness within the system that leaves the system open to risk. To be
resolved within a 4 – 6 month timescale.
Low
Desirable improvement to the system. To be introduced within a 7 – 9 month
period.
During the period covered by the report Internal Audit Services have issued 3 final reports
and the Executive Summary of these reports are attached at Appendix 2. In summary the
final reports issued conclude the following:

Economic Development (NN/14/05)
This audit scope specifically reviewed the controls in relation to business support, in
particular the Enterprise North Norfolk Scheme. On conclusion of the review a good
assurance was awarded, reflecting that good practice is followed and the controls
reviewed are adequate and effective, and applied consistently. A low priority
recommendation was made, however this does not detract from the good rating
applied.

Work to Support the Annual Governance Statement (NN/14/10)
This audit reviews the key controls as identified by External Audit; full testing is
applied to those fundamental systems that have not been subject to full systems
review in year and also undertakes top up testing for those that have, but were
undertaken earlier in the year. This is to ensure that all key controls are audited
annually and that the sample tested covers the full financial year.
On conclusion of the audit various assurance levels are awarded for each system,
depending on the findings. 3 medium priority recommendations were made, in the
areas of Payroll, Housing Benefits and Assurance Framework.

Receipt, Banking and Handling of Remittances (NN/14/11)
The scope of this audit covered both the Main Reception and the Tourist Information
Centre (TIC); on conclusion of the review 2 assurance levels were awarded.
In relation to the main reception the controls were deemed to be adequate in
managing the associated risks, with 3 medium priority recommendations being
accepted by management.
The review of the TIC concluded in a limited assurance opinion being awarded, due
to a high priority recommendation being raised. This was to address the issues
relating to functionality of the tills which resulted in unreliable income figures and also
impacted on the accuracy of stock levels. The recommendation has subsequently
been implemented by management, thus mitigating the associated risks within year.
Page 4 of 14
13
4.4
As mentioned above one high priority recommendation had been raised during the period
covered by this report, however action has already been taken to address this. Further detail
on this can be seen at Appendix 2(3).
Page 5 of 14
14
APPENDIX 1 – PROGRESS IN COMPLETING THE AGREED AUDIT WORK
Audit No.
Frequency of
Audit
Coverage
Original Days
Planned
Revised
Days
Planned
PLANNED SYSTEMS AUDIT WORK
NN/14/01
Environmental Health Services
3-yearly
19
19
19
April
NN/14/02
Private Sector Housing - Disabled Facilities Grants
3-yearly
8
8
8
June
NN/14/03
Car Parking and Markets
2-yearly
16
16
16
July
NN/14/04
Waste Management
2-yearly
18
18
18
August
NN/14/05
Tourism and Economic Development
3-yearly
10
10
10
NN/14/06
Freedom of Information and Data Protection
3-yearly
8
8
8
September
January
February
October
NN/14/07
Accountancy Services
2-yearly
17
17
17
October
NN/14/08
Description of Audit
Treasury Management
Control Accounts
Banking
Asset Register
Budgetary Control
Journal Entries
Bank Reconciliations
Revenues and Benefits Services - Data Transfer,
Governance and Risk
Days
Scheduling
Delivered
Assurance
Level
applicable
Sum m ary Report
Details presented
to Mem bers
Complete
Final report issued 16 July 2013
Complete
Final Report issued 8 August 2013
Complete
Final Report issued 20 August 2013
Complete
Final Report issued 14 October 2013
Adequate
Audit Committee
17 September 2013
Audit Committee
17 September 2013
Audit Committee
17 September 2013
Audit Committee
10 December 2013
Adequate
Adequate
Adequate
Complete
Final issued 26 March 2014
Good
Audit Com m ittee
17 June 2014
Complete
Final Report issued 13 November
2013
Complete
Final Report issued 21 November
2013
Good
Audit Committee
10 December 2013
See Below
Audit Committee
10 December 2013
Good
Good
Good
Good
Good
Good
Adequate
Ad-hoc
5
0
0
October
Audit deferred to 2014/15 at the
Quarter 4 request of management
Deferred to
2014/15
November Complete
Final Report issued 30 January 2014
NN/14/09
Sundry Debtors
2-yearly
10
10
10
NN/14/10
Work to Support the AGS
Annually
15
15
15
January
NN/14/11
Receipt, handling and banking of remittances and
tourist information centres
2-yearly
12
12
12
January
February
NN/14/12
Development Management
3-yearly
22
0
0
Annually
8
168
8
141
8
141
Systems Audit Follow Up
TOTAL PLANNED SYSTEMS AUDIT WORK
Status
Page 6 of 14
15
Complete
Final Report issued 4 April 2014
Complete
Final Report issued 23 April 2014
February Audit deferred to 2014/15 at the
Deferred to request of management
2014/15
2 x 6-monthly validation
100%
N/A
Adequate
Audit Committee
17 March 2014
Various
Audit Com m ittee
17 June 2014
Audit Com m ittee
17 June 2014
Main receptionAdequate
TIC - Limited
N/A
PLANNED COMPUTER AUDIT WORK
NN/14/13
Document Imaging - Civica (Revenues and Benefits)
4-yearly
10
10
10
July
September
Complete
Final Report issued 25 October 2013
Adequate
Audit Committee
10 December 2013
NN/14/14
Revenues and Benefits Application - Civica
3-yearly
13
13
13
September
Complete
Final Report issued 28 October 2013
Adequate
Audit Committee
10 December 2013
NN/14/15
IT Security, Procurement and End User Controls
2-yearly
13
13
13
October
Adequate
Audit Committee
10 December 2013
NN/14/16
Computer Audit Needs Assessment
3-yearly
5
5
5
October
September
N/A
Audit Committee
10 December 2013
Annually
4
45
4
45
4
45
Complete
Final Report issued 14 November
2013
Complete
Final Report issued 26 September
2013
2 x 6-monthly validation
100%
213
186
186
100%
0
0
0
213
186
186
Computer Audit Follow Up
TOTAL PLANNED COMPUTER AUDIT WORK
TOTAL PLANNED WORK
EXTRA WORK REQUESTED
TOTAL OF EXTRA WORK UNDERTAKEN
GRAND WORK TOTAL
Page 7 of 14
16
100%
APPENDIX 2 – AUDIT REPORT EXECUTIVE SUMMARIES
Appendix 2(1)
Report No. NN/14/05 – Final Report issued 26 March 2014
Audit Report on Economic Development
Audit Scope
The scope of the audit covered the effectiveness and efficiency of controls operating around the Enterprise
North Norfolk scheme and in particular:




Policies and Procedures;
Funding and Financial Management;
Project Monitoring and Assessment of Outcomes; and
Promotion of the initiative.
Assurance Opinion
Unsatisfactory
Assurance
Limited Assurance
Adequate
Assurance
Good Assurance
Rationale supporting the award of the opinion
The system of internal control is, overall, deemed Good in managing the risks associated with Economic
Development (in particular over administration of the Enterprise North Norfolk scheme), that fall within the
scope of this audit. This opinion is derived from having raised one low priority recommendation in respect of
promoting and marketing the initiative. This is not however a control ineffectiveness and does not detract from
the overall Good assurance rating. The previous review of the area (NN/10/09) was deemed adequate
assurance. However, due to the difference in scope between the previous audit and this review, we have not
deemed it appropriate to provide a direction of travel indicator.
Positive Findings
We have acknowledged the following areas where sound controls are in place and operating consistently.

The Enterprise North Norfolk scheme meets the needs and requirements of the Council‟s Corporate
Plan 2012 – 2015 as well as the Annual Action Plan 2013/14;

A contract has been signed between the Contractor „Engage with Business‟ and North Norfolk District
Council for administering the scheme with fees for two years of £120,000. Roles and responsibilities
of both parties are clearly defined within the contract;

A signed contract exists between Norfolk County Council and North Norfolk District Council, for
funding of up to £35k for each of the two years match funded by North Norfolk District Council. Roles
and responsibilities between the two parties are clearly defined;

Budgets are monitored with the Head of Economic and Community Development monitoring financial
performance of the scheme monthly. Investment opportunities for the continuity of the scheme are
investigated on behalf of the Council by the New Anglia Local Enterprise Partnership (LEP). Two
funding submissions have been completed so far; one for UK government funding for five years and
another for EU funding for six years (both commencing within 2015 if approved);

Progress with objectives is monitored and reported by the contractor “Engage with Business” to both
Norfolk County Council and North Norfolk District Council;
Page 8 of 14
17

Successes are publicised to local media and website to encourage and motivate participants. The
scheme‟s website displays case studies and celebratory events that engage the participants and
attract new ones; and

Promotion and marketing of the initiative is undertaken as part of the contract with „Engage with
Business‟. A number of celebratory events, workshops, seminars and talks at local libraries are held
which attract media and public attention
Control weaknesses to be addressed
During our work we have identified the following area where we believe that further enhancements could be
made:

Improving the use of the Council‟s Twitter account to promote greater awareness of the scheme
Summary of the adequacy and effectiveness of controls
Area of Scope
Adequacy and
Effectiveness
Assessments
Policies
and
Procedures
Funding and
Financial
Management
Project
Monitoring and
Assessment of
Outcomes
Promotion of
Enterprise North
Norfolk Initiative
Adequacy
of Controls
Effectiveness of
Controls
Green
Green
0
0
0
Green
Green
0
0
0
Green
Green
0
0
0
Green
Amber
0
0
1
0
0
1
Total
High Priority Recommendations
No high priority recommendations have been raised as a result of this audit
Management Responses
Management has accepted the recommendation raised.
Page 9 of 14
18
Recommendations
Raised
High
Medium
Low
Appendix 2(2)
Report No. NN/14/10 – Final Report issued 4 April 2014
Audit Report Work to Support the Preparation of the Annual Governance Statement
Assurance Opinions
Key System
Covered in
2013/14
Fixed Assets
Yes
General Ledger
Yes
Debtors/Accounts
Receivable
Cash
Yes
Yes
Treasury
Management –
Yes
Investments/Loans
Budgetary Control
Car Parks Income
Payroll
Creditors/Accounts
Payable
Yes
Date of
Review
November
2013
November
2013
December
2013
February
2014
November
2013
November
2013
Yes
August
2013
Audit Ref.
Opinion
No. of
recs
NN/14/07
Good
1
NN/14/07
Good
0
NN/14/09
Adequate
2
NN/14/11
Limited
4 **(2)
NN/14/07
Good
0
NN/14/07
Good
0
NN/14/03
Adequate
4 **(1)
No
N/A
N/A
Adequate
1*
No
N/A
N/A
Adequate
**(1)
No
N/A
N/A
Adequate
0
No
N/A
N/A
Adequate
1*
Council Tax and
National-Non
Domestic Rates
Housing Benefits
and Council Tax
Benefits
* Denotes additional recommendations made in this AGS report.
** ( ) Denotes number of recommendations included in the systems reports which also relate to key controls
within the AGS scope.
Key Controls Testing
There are a number of key controls within the material systems as agreed with External Audit and the Internal
Audit Consortium Manager at North Norfolk District Council that are required to be covered by Internal Audit
each financial year.
Under the agreed Internal Audit Plan for 2013/14, a number of these material systems have been reported on
in detail and those key controls have been addressed in each system reviewed. Recommendations have been
Page 10 of 14
19
raised in these individual audit reports and the issues identified in this report should be viewed in conjunction
with those reports. This report provides the top-up testing for these material systems, thus ensuring the
systems are subject to full year testing.
We have also reviewed controls in the material systems that were not covered as part of the agreed Internal
Audit Plan for 2013/14.
As a result of this work, three further recommendations have been made in the areas of Payroll, in
amendments to payroll data; Housing Benefits, with regard to the recovery of overpayments and Assurance
Statements in relation to the responses received by Heads of Service. All three recommendations carry a
medium priority rating.
Assurance Framework Arrangements
Assurance statements are issued to managers to provide assurance over the areas of their responsibility.
Administration of the assurance statement process is undertaken by the Policy and Performance
Management Officer. A sample of five assurance statements for 2012/13 was tested to confirm whether
managers had provided comments or details of evidence to support the assertions made within their
assurance statement. We identified that in all five cases, not all requisite information had been provided. A
recommendation has been raised, as referred to above.
Page 11 of 14
20
Appendix 2(3)
Report No. NN/14/11 – Final Report issued 23 April 2014
Audit Report on Remittances
Audit Scope
The scope of the audit covered the following areas of Receipt, Handling and Banking of Remittances both at
the Council‟s main offices and at the TICs, to help confirm that the control environment is operating effectively
and efficiently in relation to:




Policies and procedures;
Physical security surrounding the making of payments;
Receipting of monies;
Posting of income; and Reconciling income
Assurance Opinion
Main Council office
Unsatisfactory
Assurance
Limited Assurance
Adequate
Assurance
Good Assurance
Limited Assurance
Adequate
Assurance
Good Assurance
TIC
Unsatisfactory
Assurance
Rationale supporting the award of the opinion
Main Council Office Processes
Based on the testing undertaken in line with the scope of our work, the control environment is overall deemed
to be adequate in managing the risks associated with this area. This opinion is based on having raised three
medium priority recommendations. As such, the direction of travel arrow remains unchanged since the
previous review.
The three medium priority recommendations relate to risks associated with the secure receipt and opening of
post addressed to Planning and Building Control, the prompt processing of cheques awaiting authorisation by
departments and evidencing independent review of the daily income reconciliations.
TICs
Based on the testing undertaken in line with the scope of our work, the control environment is overall deemed
to be limited in managing the risks associated with this area. The assurance opinion has been derived as a
result of having raised one high and one medium priority recommendations upon the conclusion of our work.
As such, the direction of travel arrow indicates deterioration since the previous review.
The one high priority recommendation relates to issues in the functionality of the tills at the TICs, which has
resulted in the production of unreliable income figures since December 2013. This has also impacted on the
accuracy of stock levels, with a stock surplus of £4,631 having been reported across all the TICs for 2013. In
addition, reliable reconciliations cannot be carried out between the transactions recorded through the tills and
the amount of cash banked from the TICs. As a result there is a significant risk of loss to the Council through
undetected errors or theft of income and stock.
Page 12 of 14
21
The one medium priority recommendation relates to the requirement for income reconciliations to be subject
to independent verification with evidence that imbalances have been subject to the requisite levels of check.
Positive Findings
It is acknowledged there are areas where sound controls are in place and operating consistently in the receipt,
handling and banking of remittances, in particular:
 Clear procedure notes are in place and version controlled to confirm that they are regularly updated
with procedures for banking at the TICs having recently been updated to reflect the changing risk
resulting from till inaccuracies.
 Payments received at the main office are documented. Supporting documents are retained to provide
an audit trail for payments received and to confirm the validity and accuracy of payments. Access to
the post opening room is secure.
 Secure controls exist for receipt of payments received by phone and on-line.
Posting errors are reviewed on a daily basis and reallocated to the correct accounts. Where the correct code
cannot be identified promptly, the income is coded to the suspense account which is subject to regular review
and monthly reconciliation, with independent verification
Control weaknesses to be addressed
During our work we have identified the following key area(s) where we believe that the processes /
arrangements within the receipt, handling and banking of remittances would benefit from being strengthened,
and as a result of these findings one high priority recommendation has been made.

The Council should resolve the issues with the functioning of the tills at the TICs which have resulted
in inaccurate recording of transactions since December 2013. Opening stock checks should then be
completed and closing checks for the seasonal TICs at the season end. Unannounced stock checks
using staff independent of those TICs should be conducted periodically by officers independent of
those TICs. Resolving the issues with the tills at the TICs should help improve the accuracy of income
figures, which in turn will help improve the accuracy of stocks checks, thus making them more
meaningful and reliable. In doing so, it will allow for improved scrutiny of any surpluses or loss in
stock. Frequent and unannounced stock checks will result in the timely identification of discrepancies
so that any issues can be investigated. Prior to issue of the final report, we confirmed that the
associated recommendation had been implemented.
During our work we have identified the following area(s) where we believe that the processes in the receipt,
handling and banking of remittances would benefit from being strengthened, and as a result of these findings,
four medium priority recommendations have been made:

All post should be opened securely in the post room, including post addressed for Planning and
Building Control or for any other service. This will help provide for a consistent and more secure
approach in the receipt and handling of cheques received through the post.

Cheques waiting to be authorised by the respective departments should be monitored once a week,
to establish whether they should be processed or returned to the payee. A timescale should be
introduced after which the relevant department should make a decision to either bank or return the
cheque to the payee with an explanation as to why it is being returned. This should help facilitate the
prompt processing of income due to the Council. Prior to issue of the final report, we confirmed that
the associated recommendation had been implemented.

The daily reconciliations between the income recorded in the cash receipting system and income
banked should be signed and dated by the preparer and the officer undertaking independent
verification. This provides evidence that reconciliations have been subject to the requisite levels of
independent check and ensures segregation of duty. Prior to issue of the final report, we confirmed
that the associated recommendation had been implemented.
Page 13 of 14
22

Notwithstanding the issues with the tills, weekly reconciliations between income received through the
receipting system and bank statements for each TIC should be subject to independent check to
confirm their accuracy with all imbalances fully investigated. This will help to confirm that
reconciliations have been accurately completed and imbalances fully investigated.
In addition, we found that the monthly reconciliation between the Cash and Deposit book and the bank
statement for November 2013 did not show evidence of having been independently verified. However, as this
was an isolated case, no recommendation has been deemed necessary.
Summary of the adequacy and effectiveness of controls
Area
Scope
Adequacy and
Effectiveness
Assessments
of
Policies
and
Procedures
Physical
Security
Receipting
Posting
of
Income
Reconciling of
Income
Tourist
Information
Centres
Adequacy of
Controls
Effectiveness
of Controls
Green
Green
-
-
-
Amber
Amber
-
1
-
Amber
Amber
-
2
-
Green
Green
-
-
-
Green
Amber
-
*
-
Amber
Amber
1
1
-
1
4
-
Total
*Covered by recommendation raised in Area 3
Recommendations
Raised
High Med
Low
High Priority Recommendations
One high priority recommendation have been raised as a result of this audit
Management Responses
Management have accepted the recommendations raised.
Page 14 of 14
23
Audit Committee
17 June 2014
Agenda Item No_______9______
Follow Up on Internal Audit Recommendations 1 November 2013 to 31 March 2014
Summary:
This report provides an overview of progress made in
implementing agreed audit recommendations due for completion
in the second half of the financial year, and provides a year end
position.
Conclusions:
Steady progress has been achieved in relation to the completion
of agreed Internal Audit recommendations.
Recommendations:
It is recommended that the Committee notes management
action taken to date regarding the delivery of audit
recommendations.
Cabinet member(s):
Ward(s) affected:
All
All
Emma Hodds, Internal Audit Consortium Manager
01508 533791, ehodds@s-norfolk.gov.uk
Contact Officer, telephone
number, and e-mail:
1.
Background
1.1.
In accordance with agreed internal audit review and reporting cycles, we revisit
the status of audit recommendations on a 6-monthly basis and last presented our
findings in this area to the Audit Committee on 10 December 2013.
1.2.
This report now seeks to provide an update on the status of audit
recommendations following recent verification work performed during April / May,
which examined the level of activity concerning the delivery of audit
recommendations falling due between 1 November 2013 and 31 March 2014.
2.
Overall Position
2.1.
The overall position in relation to the implementation of Internal Audit
Recommendations is within the attached report.
3.
Conclusion
3.1
Steady progress is being made in relation to the completion of agreed Internal
Audit recommendations.
24
Audit Committee
17 June 2014
4.
Recommendation
4.1
It is recommended that the Committee notes management action taken to date
regarding the implementation of audit recommendations.
Appendices attached to this report:
Follow Up Report on Internal Audit Recommendations
25
NORFOLK INTERNAL AUDIT CONSORTIUM
NORTH NORFOLK DISTRICT COUNCIL
FOLLOW UP REPORT ON INTERNAL AUDIT RECOMMENDATIONS
PERIOD COVERED: - 01/11/2013 TO 31/03/2014
RESPONSIBLE OFFICER
EMMA HODDS – INTERNAL AUDIT CONSORTIUM MANAGER (IACM)
Page 1 of 5
26
CONTENTS
1. INTRODUCTION
3
2. STATUS OF AGREED ACTIONS
3
APPENDIX 1 – STATUS OF AGREED ACTIONS
5
Page 2 of 5
27
1.
INTRODUCTION
1.1
This report is being issued to assist the Authority in discharging its responsibilities in relation
to the internal audit activity.
1.2
The Public Sector Internal Audit Standards also require the Chief Audit Executive (known in
this context as the Internal Audit Consortium Manager) to establish a process to monitor and
follow up management actions to ensure that they have been effectively implemented or that
senior management have accepted the risk of not taking action. The frequency of reporting
and the specific content are for the Authority to determine.
1.3
To comply with the above this report includes:
The status of agreed actions.
2.
STATUS OF AGREED ACTIONS
2.1
As a result of audit recommendations, management agree action to ensure implementation
within a specific timeframe and by a responsible officer. The management action
subsequently taken is monitored by the Internal Audit Contractor on a regular basis and
reported through to this Committee. Verification work is also undertaken for those
recommendations that are reported as closed. Appendix 1 to this report shows the details
of the progress made to date in relation to the implementation of the agreed
recommendations.
2.2
The summary position according to recommendation priority is shown in the table below:
Status of Recommendations as at 31 October 2013
High
Medium
Low
Total
%
Complete
0
30
16
46
78
Outstanding
1
10
2
13
22
Unable to confirm
status
Total
1
40
18
59
100
Status of Recommendations as at 31 March 2014
High
Medium
Low
Total
%
Complete
2
15
6
23
55
Outstanding
0
12
7
19
45
Unable to confirm
status
Total
2
27
13
42
100
Key:
H – High priority: A fundamental weakness in the system that puts the Council at risk. To be
addressed as a matter of urgency, within a 3-month time frame wherever possible, or, to put in place
compensating controls to mitigate the risk identified until such a time as full implementation of the
recommendation can be achieved.
Page 3 of 5
28
M – Medium priority: A weakness within the system that leaves the system open to risk. To be
resolved within a 4 - 6 month timescale.
L – Low priority: Desirable improvement to the system. To be introduced within a 7 - 9 month period.
The tables provide two snapshots – one of the position ay 31 October 2013 and one
covering the position as at year end. The figures are not cumulative but enable an overview
to be maintained as to the nature of progress being made in relation to completing agreed
actions at periodic intervals during the financial year.
2.4
Details of high priority recommendations which remain outstanding would usually be
attached to this report; however all of these have been successfully implemented
2.5
It is also worth noting that of the recommendations made to date in year, a further 8
recommendations are not yet due for implementation, none of which carry a high priority
rating – see Appendix 1 for the audit areas to which these relate. As mentioned although
the dates for completion have not yet been reached, until they are actioned, they represent
weaknesses in the control environment which leave the authority open to risk.
2.4
In the second half of the 2013/14 financial year the only 2 high priority recommendations that
were due for implementation have been completed by management, thus ensuring that there
are no fundamental weaknesses in the systems reviewed that put the Council at risk.
2.5
Committee will recall that at the end of 2013 excellent progress was made in closing down
recommendations with 85.7% of recommendations being successfully implemented. This
pattern continued in the first half of 2013/14 with 78% of recommendations being closed by
management. Although progress has continued in the second half of the year, with 55% of
recommendations having been implemented, there are an increasing number of outstanding
recommendations, which still require further action to close these down. However the
responses received by management are encouraging and progress is underway to address
the risks associated with the recommendations.
Page 4 of 5
29
APPENDIX 1 – STATUS OF AGREED ACTIONS
Reference
Description
Housing and Council Tax Benefits
NN1016
Development Management, Building
Control and Land Charges
NN1112
Waste Management Contract
NN1203
Sports Halls/Centres
NN1209
Procurement
NN1304
Leisure Complexes
NN1306
Payroll and HR
NN1308
Housing and Council Tax Benefits
NN1309
Exchequer Services
NN1310
Environmental Health
NN1401
Private Sector Housing
NN1402
Waste Management
NN1404
Economic Development
NN1405
Accountancy Services
NN1407
Sundry Debtors
NN1409
Work to Support AGS
NN1410
Remittances
NN1411
SYSTEMS AUDIT TOTALS
Data Consistency
NN1215
Document Imaging and Workflow
NN1413
CIVICA Revs and Bens
NN1414
IT Security, Procurement & End User
Controls
NN1415
COMPUTER AUDIT TOTALS
Implemented
(Nov'13 - March '14)
Assurance Level
H
M
L
Adequate
1
Adequate
Limited
Adequate
Adequate
Adequate
Adequate
Limited
Adequate
Adequate
Adequate
Adequate
Good
Good/Adequate
Adequate
N/A
Adequate/Limited
H
Outstanding
M
L
Unable to confirm status
Total
H
M
L
Outstanding
0
1
2
1
2
1
1
1
1
1
2
1
2
1
1
1
1
1
2
Adequate
Adequate
Adequate
Adequate
0
3
2
1
3
11
2
1
1
1
1
2
4
2
4
0
10
1
6
0
0
0
1
1
0
0
0
1
0
2
Page 5 of 5
30
1
2
1
0
1
0
0
0
5
3
2
0
1
0
0
0
16
1
0
1
1
3
Not yet due to be
implemented
H
M
L
Total Audit
Recommendations
to be actioned
0
0
1
3
1
5
0
0
3
3
0
1
2
1
0
1
0
0
0
5
3
2
0
1
1
3
1
21
1
0
1
4
6
Audit Committee
18 June 2013
Agenda Item No______10_______
Internal Audit Consortium Manager’s Annual Report and Opinion for 2013/14 in
respect of North Norfolk District Council
Summary:
This report has been developed to satisfy the mandatory
requirements of the new Public Sector Internal Audit Standards
(PSIAS), effective from 1 April 2013, and specifically Standard
2450, concerning the provision of an annual audit opinion on the
overall adequacy and effectiveness of the organisation’s
framework of governance, risk management and control, which,
in turn, should be used to inform the Council’s Annual
Governance Statement.
The report also seeks to confirm compliance with the Accounts
and Audit (England) Regulations 2011, whereby the Council is
required to ‘undertake an adequate and effective internal audit of
its accounting records and of its system of internal control in
accordance with the proper practices in relation to internal
control’.
To demonstrate that this authority has met its statutory
requirements, as recognised above, the Internal Audit
Consortium Manager has produced this Annual Report and
Opinion, drawing upon the outcomes of Internal Audit work
performed over the course of the year, to formulate an opinion
concerning the overall internal control environment which has
been operating at the Council throughout 2013/14.
The report also reviews the effectiveness of the Internal Audit
Service, in particular; the degree of conformance with the PSIAS
and the results of any quality assurance and improvement
programme, the outcomes of the performance indicators and the
degree of compliance with CIPFA’s Statement on the Role of the
Head of Internal Audit.
Conclusions:
On the basis of Internal Audit work performed during 2013/14,
the Internal Audit Consortium Manager is able to give an
adequate opinion on the framework of governance, risk
management and control at North Norfolk District Council.
31
Audit Committee
18 June 2013
Recommendations:
It is It i It is recommended that the Committee:
1. Receive and consider the contents of the Annual Report
and Opinion of the Internal Audit Consortium Manager.
2. Note that an adequate audit opinion has been given in
relation to the framework of governance, risk
management and control for the year ended 31 March
2014.
3. Note that the opinions expressed together with significant
matters arising from internal audit work and contained
within this report should be given due consideration,
when developing and reviewing the Council’s Annual
Governance Statement for 2013/14.
4. Note the conclusions of the Review of the Effectiveness
of Internal Audit.
Cabinet member(s)
Wards:
Contact
Officer,
telephone number,
and e-mail:
All
All
Emma Hodds, Internal Audit Consortium Manager
01508 533791
ehodds@s-norfolk.gov.uk
1.
Background
1.1
Public Sector Internal Audit Standards, which came into force from 1 April 2013,
have effectively replaced CIPFA’s Code of Practice for Internal Audit in Local
Government in the United Kingdom (2006). The new Standards are very similar to
the old Code of Practice in terms of year end Internal Audit reporting requirements,
in so far as:
An annual opinion should be generated which concludes on the overall adequacy
and effectiveness of the organisation’s framework of governance, risk management
and control;
 A summary of the work that supports the opinion should be submitted;
 Reliance placed on other assurance providers should be recognised;
 Any qualifications to that opinion, together with the reason for qualification
must be provided;
 There should be disclosure of any impairments or restriction to the scope of
the opinion;
 There should be a comparison of actual audit work undertaken with planned
work;
 The performance of internal audit against its performance measures and
targets should be summarised; and,
 Any other issues considered relevant to the Annual Governance Statement
should be recorded.
1.2
This report now also contains conclusions on the Review of the Effectiveness of
Internal Audit, which includes;

The degree of conformance with the PSIAS and the results of any quality
assurance and improvement programme;
32
Audit Committee
18 June 2013


The outcomes of the performance indicators; and,
The degree of compliance with CIPFA’s Statement on the Role of the Head
of Internal Audit.
This was previously reported to the Audit Committee as a separate report; however
the view has been taken that these can be considered as one report as they are
inextricably linked. The opportunity has been taken to do this as part of the launch
of new report templates across the six authorities that are part of the Consortium,
with the view to ensuring consistency and streamlining the audit reporting process,
whilst still ensuring that best practice is met.
2.
Annual Report and Opinion and Review of the Effectiveness of Internal Audit
2.1
The Annual Report and Opinion and the Review of the Effectiveness of Internal
Audit are shown in the report attached.
3.
Conclusion
3.1
On the basis of Internal Audit work performed during 2013/14, the Internal Audit
Consortium Manager is able to give an adequate opinion on the framework of
governance, risk management and control at North Norfolk District Council.
3.2
The outcomes of the Effectiveness Review confirm that Internal Audit:
 Is substantially compliant with the Public Sector Internal Audit Standards;
 Is continually monitoring performance and looking for ways to improve; and.
 Is substantially complaint with CIPFA Statement on the Role of the Head of
Internal Audit in Public Service Organisations.
These findings therefore indicate that reliance can be placed on the opinions
expressed by the Internal Audit Consortium Manager, which can then be used to
inform the Council’s Annual Governance Statement.
4.
Recommendation




Receive and consider the contents of the Annual Report and Opinion of the
Internal Audit Consortium Manager.
Note that an adequate audit opinion has been given in relation to the
framework of governance, risk management and control for the year ended
31 March 2014.
Note that the opinions expressed together with significant matters arising
from internal audit work and contained within this report should be given due
consideration, when developing and reviewing the Council’s Annual
Governance Statement for 2013/14.
Note the conclusions of the Review of the Effectiveness of Internal Audit.
Appendices attached to this report:
Annual Report and Opinion 2013/14
33
NORFOLK INTERNAL AUDIT CONSORTIUM
NORTH NORFOLK DISTRICT COUNCIL
ANNUAL REPORT AND OPINION 2013/14
RESPONSIBLE OFFICER
EMMA HODDS – INTERNAL AUDIT CONSORTIUM MANAGER (IACM)
CONTENTS
1. INTRODUCTION ....................................................................................................... 2
2. ANNUAL OPINION OF THE IACM .......................................................................... 2
2.1
Roles and responsibilities .................................................................................... 2
2.2
The opinion itself.................................................................................................. 3
3. AUDIT WORK UNDERTAKEN DURING THE YEAR ............................................... 3
4. THIRD PARTY ASSURANCES ................................................................................ 4
5. ANNUAL REVIEW OF THE EFFECTIVENESS OF INTERNAL AUDIT ................... 4
APPENDIX1 – AUDIT WORK UNDERTAKEN DURING 2013/14 ................................ 7
APPENDIX 2 ASSURANCE CHART ............................................................................ 9
APPENDIX 3 – LIMITATIONS AND RESPONSIBILITIES.......................................... 12
APPENDIX 4 – INTERIM OPINION OF THE PREVIOUS INTERNAL AUDIT
CONSORTIUM MANAGER .................................................................................... 13
Page 1 of 14
34
1.
INTRODUCTION
1.1
The Council is required by the Accounts and Audit Regulations 2011 to maintain an
adequate and effective system of internal audit of its accounting records and internal control
systems in accordance with proper internal audit practices. Those proper practices are set
out in the Public Sector Internal Audit Standards (PSIAS) which came into effect in April
2013.
1.2
Those standards require the Chief Audit Executive (known in this context as the IACM) to
provide a written report to those charged with governance (known in this context as the Audit
Committee) to support the Annual Governance Statement (AGS). This report must set out:

The opinion on the overall adequacy and effectiveness of the Council’s framework of
governance, risk management and control during 2013/14, together with reasons if
the opinion is unfavourable;

A summary of the internal audit work carried from which the opinion is derived, the
follow up of management action taken to ensure implementation of agreed action as
at financial year end and any reliance placed upon third party assurances;

Any issues that are deemed particularly relevant to the Annual Governance
Statement (AGS);

The Annual Review of the Effectiveness of Internal Audit, which includes; the level of
compliance with the PSIAS and the results of any quality assurance and
improvement programme, the outcomes of the performance indicators and the
degree of compliance with CIPFA’s Statement on the Role of the Head of Internal
Audit.
1.3
When considering this report, the statements made therein should be viewed as key items
which need to be used to inform the organisation’s Annual Governance Statement, but there
are also a number of other important sources to which the Audit Committee and statutory
officers of the Council should be looking to gain assurance. Moreover, in the course of
developing overarching audit opinions for the authority, it should be noted that the
assurances provided here can never be absolute and, therefore, only reasonable assurance
can be provided that there are no major weaknesses in the processes subject to internal
audit review. The annual opinion is thus subject to inherent limitations (covering both the
control environment and the assurance over controls) and these are examined more fully at
Appendix 3.
2.
ANNUAL OPINION OF THE IACM
2.1
Roles and responsibilities

The Council is responsible for establishing and maintaining appropriate risk
management processes, control systems, accounting records and governance
arrangements.

The AGS is an annual statement by the Leader of the Council and the Chief
Executive that records and publishes the Council’s governance arrangements.

An annual opinion is required on the overall adequacy and effectiveness of the
Council’s framework of governance, risk management and control, based upon and
limited to the audit work performed during the year.

This is achieved through the delivery of the risk based Annual Audit Plan discussed
and approved with Senior Management Team and key stakeholders and then
approved by the Audit Committee at its meeting on19 March 2013. Any justifiable
Page 2 of 14
35
amendments that are requested during the year are discussed and agreed with
senior management and reported through to the Audit Committee. This opinion does
not imply that internal audit has reviewed all risks and assurances, but it is one
component to be taken into account during the preparation of the AGS.

2.2
The Audit Committee should consider this opinion, together with any assurances from
management, its own knowledge of the Council and any assurances received
throughout the year from other review bodies such as the external auditor.
The opinion itself

The overall opinion is that the framework of governance, risk management and
control at North Norfolk District Council is deemed to be adequate.

In providing the opinion the Council’s risk management framework and supporting
processes, the relative materiality of the issues arising from the internal audit work
during the year and management’s progress in addressing any control weaknesses
identified therefrom have been taken into account.

The Interim Opinion of the previous Internal Audit Consortium Manager as at 28
February 2014 has also been taken in account (Appendix 4).

The opinion has been discussed with the section 151 officer prior to publication.
3.
AUDIT WORK UNDERTAKEN DURING THE YEAR
3.1
Appendix 1 records the internal audit work delivered during the year on which the opinion is
based. Detailed findings, conclusions and agreed management actions can be provided
upon request. In addition Appendix 2 is attached which shows the assurances provided
over previous financial years to provide an overall picture of the control environment.
3.2
The Audit Committee approved the Annual Audit Plan for 2013/14, which encompassed 16
audits totalling 213 days of work. Due to amendments to the plan in year, which were
discussed with Senior Management and reported to the Audit Committee in the Progress
Reports provided in year, the actual work delivered was 14 audits, equating to 186 days.
3.2
Internal audit work is divided into 4 broad categories:
3.3

Annual opinion audits;

Fundamental financial systems that underpin the Council’s financial processing and
reporting;

Other systems identified as worthy of review by the risk assessment processes within
internal audit; and

Significant computer systems which provide the capability to administer and control
the Council’s main activities.
In relation to the follow up of management actions to ensure that they have been effectively
implemented, the position at year end is that all high priority recommendations due for
implementation have been successfully actioned by management, thus mitigating the
associated risks and fundamental weaknesses associated with those control environments.
Excellent progress was made at the start of the financial year in implementing audit
recommendations, and although the pace has slowed down slightly, steady progress
continues to be made with the remaining recommendations (medium and low priority).
During the follow up work undertaken by the Contractor, management continue to provide
updates, and it can be seen that action is being taken to implement these recommendations.
Page 3 of 14
36
3.4
Internal Audit work has not identified any weaknesses that are significant enough for
disclosure within the AGS.
3.5
There was a control weakness that was identified in the Remittances audit where a limited
level of assurance was given. A high priority recommendation was raised on issue of the
draft report, but action was taken by management immediately to address the risks and
ensure that the recommendation was implemented by the time the final report was issued.
4.
THIRD PARTY ASSURANCES
4.1
In arriving at the overall opinion reliance has not been placed on any third party assurances.
5.
ANNUAL REVIEW OF THE EFFECTIVENESS OF INTERNAL AUDIT
5.1
Degree of conformance with the Public Sector Internal Audit Standards (PSIAS)
5.1.1
A checklist for conformance with the PSIAS and the Local Government Application Note has
been completed for 2013/14. This covers; the Definition of Internal Auditing, the Code of
Ethics and the Standards themselves.
5.12
The Attribute Standards address the characteristics of organisations and parties performing
Internal Audit activities, in particular; Purpose, Authority and Responsibility, Independence
and Objectivity, Proficiency and Due Professional Care, and Quality Assurance and
Improvement Programme (which includes both internal and external assessment).
5.1.3
The Performance Standards describe the nature of Internal Audit activities and provide
quality criteria against which the performance of these services can be evaluated, in
particular; Managing the Internal Audit Activity, Nature of Work, Engagement Planning,
Performing the Engagement, Communicating Results, Monitoring Progress and
Communicating the Acceptance of Risks.
5.1.4
On conclusion of completion of the checklist full conformance has been ascertained in
relation to the Definition of Internal Auditing, the Code of Ethics and the Performance
Standards. In relation to the Attribute Standards it is recognised that in order to achieve full
conformance an external assessment is required. This must be done within 5 years of the
PSIAS coming into force, i.e. by 31 March 2018. Initial discussions have been held with
other Local Authorities in Norfolk, and further discussions will be held. A report will be
brought back to the Audit Committee to confirm the options available for this review once
more detail is known.
5.1.5
In relation to a Quality Assurance and Improvement Programme, internal assessments are
undertaken on a regular basis and performance regularly assessed in relation to the
Contractor. The external assessment will be completed as referred to in paragraph 5.1.4
above.
5.1.6
The detailed checklist has been forwarded to the Head of Finance for independent scrutiny
and verification.
Page 4 of 14
37
5.2
Performance Indicator outcomes
5.2.1
The Internal Audit Service is benchmarked against a number of performance indicators as
agreed by the Audit Committee. Actual performance against these targets is outlined within
the table below and overleaf:
5.2.2
Indicator
% of audit
recommendations
accepted
% of high priority
recommendations
implemented
Days between issue of
audit brief and
fieldwork commencing
Number of days
between expected
fieldwork completion
and actual
Number of days
between completion of
audit fieldwork and
draft report issue
Number of days
between issue of draft
and final reports
Number of days
between completion of
fieldwork and final
report issue
Average score given to
audit feedback
Target
2012/13
2013/14
90%
95%
100%
100%
n/a
100%
More than 10 days
(average)
9.63
9
100%
38%
31%
5.9
-0.9
100%
44%
69%
10 days or less
(average)
18.7
14.3
38%
23%
19.3
9.1
63%
86%
38
22.4
44%
71%
Adequate
Good
4.77
5.26
0 days
100%
15 days or less
(average)
100%
25 days or less
(average)
100%
Adequate
(4 out of 6)
5.2.3
All audit recommendations that were raised on conclusion of audits have been accepted by
management, and all high priority recommendations raised have been successfully
implemented.
5.2.4
Audit briefs should be issued to key clients at least 10 days before the fieldwork is due to
start to ensure that they are well informed of the requirements of the audit. Performance in
this area has been poor this year, with the issue of audit briefs varying between 2 and 30
days before the due start date, with only 31% of these issued within the appropriate
timeframe. There were occasions where the Internal Audit Services Contractor was
responsible for the short lead in times but there were also instances where information was
requested from key clients but not released in a timely manner. Discussions have already
been held with the Internal Audit Services Contractor and a change of approach has been
agreed to streamline the level of detail required in audit briefs (in line with the PSIAS
requirements). Deadline dates are now given where information is needed; if this is not
Page 5 of 14
38
received, the audit brief will be issued without it. It is hoped that this will result in an
improvement in performance within this area.
5.2.5
Once audits were underway, 9 of these were completed on time or in advance of the agreed
date, with the remaining 4 slightly overrunning. This is a much improved position in
comparison to the previous year, indicating that all information required for completing
reviews was received as needed to complete the associated testing.
5.2.6
The late progression of audits to draft report stage has largely been a result of the internal
review process and clearance of review points, raised by either Mazars Field Managers or
the Audit Management Team. The progressing of draft reports was also affected in the
second half of the year as a result of the loss of staff within Mazars at a key point in the year.
Other reviewing managers were brought in to attempt to mitigate the risk, but this has still
had an impact on performance.
5.2.7
Performance in progressing a draft report to a final report has significantly improved this
year, with 86% of reports being finalised within 15 days. This indicates the improved
response by management to audit reports.
5.2.8
Finally post audit feedback is requested on conclusion of each audit where an opinion has
been awarded. The average score for feedback this year has increased to good from
adequate. However only 5 out of 13 requested responses were received, and work is
currently underway within the Audit Management Team to review and update the feedback
form to make this more efficient and increase the likelihood of these being completed. The
new feedback forms will be used for 2014/15 audits, and going forwards.
5.3
Effectiveness of the Head of Internal Audit (HIA) arrangements as measured against
the CIPFA Role of the HIA
5.3.1
This Statement sets out the 5 Principles that define the core activities and behaviours that
apply to the role of the Head of Internal Audit (the IACM), and the organisational
arrangements to support them. The Principles are:





Champion best practice in governance, objectively assessing the adequacy of
governance and management of risks;
Give an objective and evidence based opinion on all aspects of governance, risk
management and internal control;
Undertake regular and open engagement across the Authority, particularly with the
Management Team and the Audit Committee;
Lead and direct an Internal Audit Service that is resourced to be fit for purpose; and
Head of Internal Audit to be professionally qualified and suitably experienced.
5.3.2 On review of the 5 Principles and in benchmarking against these it can be concluded that
there is substantial compliance with the aspects associated with each Principle.
5.3.3 Partial compliance has been recorded in relation to awareness of Council activities and
access to Senior Management, whereby informal process are in place and access can be
inferred through the Audit Charter, however it will be worthwhile formalising these links to
ensure timely awareness of new projects, for example..
5.3.4 In relation to ensuring there are sufficient resources available to carry out satisfactory level of
Internal Audit, there is resilience provided by the audit contractor to ensure that the
necessary resource is available. However the Audit Charter does not address the
procedures to be followed in the event that the IACM considers the resources available are
insufficient to perform the role effectively. This will be addressed through the next update of
the Audit Charter.
5.3.5 The detailed checklist has been forwarded to the Head of Finance for independent scrutiny
and verification.
Page 6 of 14
39
APPENDIX1 – AUDIT WORK UNDERTAKEN DURING 2013/14
Description of the audit
Assurance level awarded
Annual opinion audits
Work to support the Annual Governance Statement – the
assurance levels shown here are in respect of those
fundamental financial systems not subject to full audit
review during the year. For the remainder of those
systems please see the individual entries elsewhere in this
table.
 Payroll
 Creditors and accounts payable
 Council Tax and National Non Domestic Rates
 Housing Benefit and Council Tax Benefit
Adequate
Adequate
Adequate
Adequate
Fundamental financial systems
Accountancy services
Treasury management,
Control accounts, Banking,
Asset Register, Budgetary
control, Journal entries –
Good;
Bank reconciliations Adequate
Receipt, handling and banking of remittances
Main Reception - Adequate;
Tourist information centres Limited
Sundry Debtors
Adequate
Other systems
Economic Development
Good
Private Sector housing – disabled facilities grants and
discretionary improvement grants
Adequate
Waste management
Adequate
Environmental Health services
Adequate
Car parking and markets
Adequate
Freedom of Information and Data Protection
Good
Computer systems
IT security, procurement and end user controls
Adequate
Document imaging - Civica
Adequate
Revenues and benefits application - Civica
Adequate
Page 7 of 14
40
Assurance level definitions
Number
GOOD
There is a sound system of internal control
designed to achieve the client’s objectives.
The control processes tested are being consistently
applied.
3
ADEQUATE
While there is a basically sound system of internal
control, there are weaknesses which put some of
the client’s objectives at risk.
There is evidence that the level of non-compliance
with some of the control processes may put some
of the client’s objectives at risk.
14
LIMITED
Weaknesses in the system of internal controls are
such as to put the client’s objectives at risk.
The level of non-compliance puts the client’s
objectives at risk
1
UNSATISFACTORY
Control processes are generally weak leaving the
processes/systems open to significant error or
abuse.
Significant non-compliance with basic control
processes leaves the processes/systems open to
error or abuse
0
Note: 13 audits were completed within the financial year, for which assurance opinions were
provided upon conclusion of the review. For 3 of these audits, various assurances were awarded to
specific areas within the scope.
Page 8 of 14
41
APPENDIX 2 ASSURANCE CHART
2008-09
2009-10
2010-11
2011-12
Adequate
Adequate
Adequate
Adequate
2012-13
2013-14
Annual Opinion Audits
Corporate Governance and
Risk Management
Corporate Governance
Risk Management
Good
Adequate
Ethical Governance
AGS - Assurance
Framework
Adequate
One-off audit
AGS - Adequate
Key - AGS relates to Work to Support the preparation of the Annual Governance Statement. This work scrutinises key controls only,
rather than providing for an in-depth review of systems in their entirety and because of this, the type of assurance that we are able to
give is restricted to adequate or limited.
Fundamental Financial Systems
Sundry Debtors
Adequate
Remittances
Adequate
Accountancy Services
Fixed Assets/Asset Register
General Ledger/Journals
Control Accounts
Treasury Management
Budgetary Control
Bank ing
Bank Reconciliations
Housing Benefits
AGS Housing Benefits
Council Tax / NNDR
AGS Council Tax / NNDR
Exchequer/Creditors
AGS Exchequer/Creditors
Payroll / HR
AGS Payroll / HR
Budgetary Control
Revenues and Benefits
Partnership - Data Transfer,
Governance and Risk
Adequate
AGS - Adequate
Adequate
Adequate
AGS- Adequate
AGS - Adequate
AGS - Adequate
AGS - Adequate
AGS - Adequate
Adequate
Adequate
Adequate
Limited
Adequate
Adequate
Limited
Adequate
Adequate
Adequate
Adequate
Good
Adequate
Adequate
TIC = Limited
Main Office= Adequate
See below
Good
Good
Good
Good
Good
Good
Adequate
Adequate
Adequate
Adequate
Adequate
Good
Incorporated into accountancy
Adequate
Head of Economic and Community Development
(Tourism and )Economic
Development
Adequate
Foreshore and coastal
management / Coastal
Change and Pathfinder
Management
Adequate
Homelessness and Strategic
Housing
Adequate
Affordable Housing
Adequate
Private Sector Housing and
Disabled Facilities Grants
Adequate
Communities and Safety
Limited
Good
Good
Adequate
Good
Adequate
Adequate
Absorbed into future audits concerning Localism and
Communities
Limited
Page 9 of 14
42
Head of Development Management & Head of Economic and Community Development
Development
Management, Planning,
s106 Agreements,
Community
Infrastructure Levy and
Land Charges
Adequate
Deferred to 2014/15
Head of Assets and Leisure & Head of Economic and Community Development
Partnerships
Limited
Head of Environmental Health
Waste Management
Limited
Environmental Health
Head of Assets and Leisure
Sports Halls/Centres
Leisure Complexes
Property Services
Car Parking and
Markets
Adequate
Adequate
Adequate
Limited
Limited
Limited
Adequate
Adequate
Adequate
Limited
Adequate
Adequate
Adequate
Adequate
AGS - Car Park Income
Adequate
AGS - Adequate
Head of Assets and Leisure & Head of Enviornmental Health
Parks and Open
Spaces
Limited
Head of Organisational Development
Elections / Electoral
Registration
Data Quality
Adequate
Performance
Management,
Corporate Policy,
Planning
Adequate
Limited
Adequate
Good
Discontinued as NI's ending
Good
Deferred to 2012/13
Adequate
Business Manager (Corporate and Democratice Services)
Legal Services, Data
Protection, Freedom of
Information
Adequate
Head of Legal
Whistleblowing
Concessionary Fares
Adequate
Head of Finance
Projects and
Procurement
Car Allowances
Adequate
Unsatisfactory
Good
One-off audit
Function transferred to County Council
Adequate
Adequate
One-off audit
Page 10 of 14
43
IT Audits
General Ledger/Cedar
Financials Application
Project Management
General IT Controls
Cash Receipting
Document Imaging and
Workflow Application Civica - Revenues and
Benefits
IT Security
IT Security,
Procurement and End
User Controls
Software Licensing
Revenues and Benefits
Application
Network Infrastructure
Business Continuity
Data Centre, Back Up,
Disaster Recovery
Data Consistency
Payroll and Personnel
Content Management
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Limited
Adequate
Limited
Adequate
Adequate
Adequate
Adequate
Page 11 of 14
44
APPENDIX 3 – LIMITATIONS AND RESPONSIBILITIES
Limitations inherent to the Internal Auditor’s work
The Internal Audit Annual Plan was prepared and Mazars (the Internal Audit Services contractor)
were engaged to undertake the agreed programme of work as approved by management and the
Audit Committee, subject to the limitations outlined below.
Opinions
The opinions expressed are based solely on the work undertaken in delivering the approved
2013/14 Annual Audit Plan. The work addressed the risks and control objectives agreed for each
individual planned assignment as set out in the corresponding audit briefs and reports.
Internal Control
The system of internal control is designed to manage risk to a reasonable level rather than to
eliminate the risk of failure to achieve corporate/service policies, aims and objectives: it can
therefore only provide reasonable and not absolute assurance of effectiveness. Internal control
systems essentially rely on an ongoing process of identifying and prioritising the risks to the
achievement of the organisation’s policies, aims and objectives, evaluating the likelihood of those
risks being realised and the impact should they be realised, and to manage them efficiently,
effectively and economically. That said, internal control systems, no matter how well they have
been constructed and operated, are affected by inherent limitations. These include the possibility
of poor judgement in decision-making, human error, control processes being deliberately
circumvented by employees and others, management overriding controls and the occurrence of
unforeseeable circumstances.
Future Periods
Internal Audit’s assessment of controls relating to North Norfolk District Council is for the year ended
31 March 2014. Historic evaluation of effectiveness may not be relevant to future periods due to
the risk that:
 The design of controls may become inadequate because of changes in the operating
environment, law, regulation or other matters; or,
 The degree of compliance with policies and procedures may deteriorate.
Responsibilities of Management and Internal Auditors
It is management’s responsibility to develop and maintain sound systems of risk management,
internal control and governance and for the prevention and detection of irregularities and fraud.
Internal Audit work should not be seen as a substitute for management’s responsibilities for the
design and operation of these systems.
The Internal Audit Consortium Manager has sought to plan Internal Audit work, so that there is a
reasonable expectation of detecting significant control weaknesses and, if detected, additional work
will then be carried out which is directed towards identification of consequent fraud or other
irregularities. However, internal audit procedures alone, even when carried out with due
professional care, do not guarantee that fraud will be detected and Mazars examinations as the
Council’s internal auditors should not be relied upon to disclose all fraud, defalcations or other
irregularities which may exist.
Page 12 of 14
45
APPENDIX 4 – INTERIM OPINION OF THE PREVIOUS INTERNAL AUDIT CONSORTIUM
MANAGER
North Norfolk District Council – Interim Audit Opinion to feed into the Annual Audit Opinion
for 2013/14
Background
In accordance with the Public Sector Internal Audit Standards, the Council’s Chief Audit Executive is
required to provide an annual opinion commenting on:
The scope including the time period to which the opinions pertain;
 Scope limitations;
 Consideration of all related projects including the reliance on other assurance providers;
 The risk or control framework or other criteria used as a basis for the overall opinion;
 The overall opinion, providing reasons where an unfavourable overall opinion is given; and
 A statement on conformance with the Public Sector Internal Audit Standards and the results
of the quality assurance and improvement programme.
Interim Audit Opinions
I, the Internal Audit Consortium Manager, acting as the Council’s Chief Audit Executive, hereby
confirm that the interim audit opinion that I am now giving at 28 February 2014, which should feed
into the overall annual audit opinion for 2013/14, is adequate in relation to the overall adequacy
and effectiveness of the organisation’s governance, risk and control framework, i.e. control
environment. The opinion given is based on work completed between 1 April 2013 and 28
February 2014, during which time 10 audit assignments have been finalised, predominantly
receiving adequate assurances but with many good assurances also arising. The nature of the
systems involved, are identified in the first table below. It is however recognised that there are still
a further 3 assignments in varying stages of completion, where the assurance levels have yet to be
confirmed.
In the case of the opinion given, it is further acknowledged that this represents positive
assurance.
All opinions are derived from a body of work determined by a risk based audit plan.
Summary Information
Nature of System
Financial
Assurance level Awarded
Good
Adequate
No. of Areas evaluated
6
2
Non-Financial
Good
Adequate
1
7
Total
Assurance level Awarded
Good
Adequate
16
No. of Areas evaluated
7
9
Page 13 of 14
46
%
44
56
Audits subject to completion by 28 February 2014
Financial Systems
 NN/14/07 Accountancy Services, encompassing:
 Treasury Management
 Control Accounts
 Banking
 Asset Register
 Budgetary Control
 Journal Entries
 Bank Reconciliations
 NN/14/09 Debtors
Non-Financial Systems
 NN/14/01 Environmental Health Services
 NN/14/02 Private Sector Housing - Disabled Facilities Grants
 NN/14/03 Car Parking and Markets
 NN/14/04 Waste Management
 NN/14/06 Freedom of Information and Data Protection
 NN/14/13 Document Imaging - Civica (Revenues and Benefits)
 NN/14/14 Revenues and Benefits Application - Civica
 NN/14/15 IT Security, Procurement and End User Controls
Sandra King
Internal Audit Consortium Manager
28 February 2014
Page 14 of 14
47
Audit Committee
17 June 2014
Agenda Item No______11_______
Audit Committee Self-Assessment
Summary:
The Chartered Institute for Public Finance and Accountancy
(CIPFA) “Toolkit for Local Authority Audit Committees” identifies
that it is good practice for Audit Committees to complete a
regular self-assessment exercise against the checklist of
operational requirements, to be satisfied that the Committee is
performing effectively. The results of this assessment are
attached at Appendix A to this report and highlights where
recognised best practice has been achieved.
Conclusions:
Undertaking a review of its performance against best practice
has ensured that the Committee has properly assessed the way
in which it discharges its duties. This review has highlighted that
the Committee effectively discharges its duties in relation to best
practice.
Recommendations:
Members of the Committee are requested to approve the
summary report and the detailed checklist.
Cabinet member(s):
Ward(s) affected:
All
All
Emma Hodds, Internal Audit Consortium Manager
01508 533791, ehodds@s-norfolk.gov.uk
Contact Officer, telephone
number, and e-mail:
1.
Background
1.1.
The Chartered Institute for Public Finance and Accountancy (CIPFA) “Toolkit for
Local Authority Audit Committees” identifies that it is good practice for Audit
Committees to complete a regular self-assessment exercise against the checklist
of operational requirements, to be satisfied that the Committee is performing
effectively.
1.2.
In addition the Public Sector Internal Audit Standards also call for the Audit
Committee to assess their remit and effectiveness, in relation to Purpose,
Authority and Responsibility, in order to facilitate the work of this Committee.
1.3.
The Audit Committee annually carries out the self-assessment exercise and
takes action where necessary to ensure full compliance with best practice and it
is part of the work programme of the Committee.
48
Audit Committee
1.4.
17 June 2014
The self-assessment was shared with members prior to this meeting and updates
have been provided. There are 66 individual aspects of operations, across the
following 6 headings that the Audit Committee is assessed upon:

Establishment, Operations and Duties;

Internal Control;

Financial Reporting and Regulatory Matters;

Internal Audit;

External Audit; and

Administration.
2.
Issues for discussion
2.1.
The results of the self-assessment confirm that the Committee conforms to best
practice guidance in the majority of areas, with only 2 individual aspects requiring
consideration at this meeting, however no action is required. A full list of
response to the checklist can be found at Appendix A to this report.
2.2.
External Audit
The particular aspect in this regard is in relation to the Committee assessing the
performance of the External Auditors. It has been noted that the Head of Finance
undertakes this role by completing a customer satisfaction survey on the quality
of the work performed. If any concerns were noted as part of this process the
Head of Finance would raise these concerns with the Audit Committee, therefore
no further action is necessary.
2.3.
Administration
The other particular aspect is in relation to the consideration of Any Other
Business being formally requested in advance; here it is considered that this is
not applicable to this Committee due to the nature of the work that is received.
3.
Conclusion
3.1
Undertaking a review of its performance against best practice has ensured that
the Committee has properly assessed the way in which it discharges its duties.
This review has highlighted that the Committee effectively discharges its duties in
relation to best practice.
4.
Recommendation
4.1
Members of the Committee are requested to approve the summary report and
the detailed checklist.
49
Audit Committee Appendix A
No.
Priority
17 June 2014
Issue
1. ESTABLISHMENT, OPERATION AND DUTIES
Yes
No
√
√
Comments
Role and Remit
1.1
1
1.2
1
1.3
1
1.4
1
1.5
1
1.6
1
1.7
2
1.8
2
Does the audit committee have written terms of
reference?
Do the terms of reference cover the core functions of an
audit committee as identified in the CIPFA guidance?
Are the terms of reference approved by the council and
reviewed periodically?
Has the audit committee been provided with sufficient
membership, authority and resources to perform its role
effectively and independently?
Can the audit committee access other committees and
full council as necessary?
Does the authority's Annual Governance Statement
include a description of the audit committee's
establishment and activities?
Does the audit committee periodically assess its own
effectiveness?
Does the audit committee make a formal annual report on
its work and performance during the year to full council?
√
√
√
Terms of Reference are revisited when the Constitution is reviewed/updated.
√
A Vice Chair has now also been appointed for the Committee and the Committee has the
relevant number of members.
√
√
√
This is done on an annual basis and is part of the work programme for the Committee.
√
The Committee had previously decided not to take a formal report through to Full Council,
as they receive the minutes from each Audit Committee meeting, thus summarising the
work and performance undertaken throughout the year. The process here has slightly
changed whereby Full Council are now made aware that such minutes exist and are asked
to note these, members are then able to review the minutes in full if they wish.
Membership, Induction and training
1.9
1
1.10
1.11
1
1
Has the membership of the audit committee been formally
agreed and a quorum set?
Is the chair independent of the executive function?
Has the audit committee chair either previous knowledge
of, or received appropriate training on, financial and risk
management, accounting concepts and standards, and
the regulatory regime?
√
√
√
50
Audit Committee
17 June 2014
1.12
1
Are new audit committee members provided with an
appropriate induction?
√
When this was reviewed last year it was reported that there was not currently a
mechanism in place ensuring that new members to the Committee automatically receive
induction training. It was agreed that consideration should be given to developing a training
programme for adoption in the future. However Internal Audit training has recently been
provided, covering many aspects of the work of the Committee, and this is tabled to be
held annually as part of the work programme of the Committee. In addition accountancy
training is traditionally provided prior to the Statement of Accounts being reviewed.
1.13
1
Have all members' skills and experiences been assessed
and training given for identified gaps?
√
It has been reported that this has now been actioned.
1.14
1
Has each member declared his or her business interests?
√
Interests are an agenda item at the start of every meeting.
1.15
2
Are members sufficiently independent of the other key
committees of the council?
√
1
1
Does the audit committee meet regularly?
Do the terms of reference set out the frequency of
meetings?
Does the audit committee calendar meet the authority's
business needs, governance needs and the financial
calendar?
Are members attending meetings on a regular basis and if
not, is appropriate action taken?
Are meetings free and open without political influences
being displayed?
Does the authority's S151 officer or deputy attend all
meetings?
Does the audit committee have the benefit of attendance
of appropriate officers at its meetings?
√
√
Meetings
1.16
1.17
1.18
1
1.19
1
1.20
1
1.21
1
1.22
1
Yes meetings are held 4 times a year.
√
√
√
√
√
Appropriate officers are in attendance at all meetings to present reports and Committee
Services are also in attendance for support to Members.
51
Audit Committee
17 June 2014
INTERNAL CONTROL
2.1
1
2.2
1
2.3
1
2.4
1
2.5
1
2.6
1
2.7
1
2.8
2
2.9
2
2.10
2
2.11
2
Does the audit committee consider the findings of the
annual review of the effectiveness of the system of internal
control (as required by the Accounts and Audit
Regulations) including the review of the effectiveness of
the system of internal audit?
Does the audit committee have responsibility for review
and approval of the Annual Governance Statement and
does it consider it separately from the accounts?
Does the audit committee consider how meaningful the
Annual Governance Statement is?
Does the audit committee satisfy itself that the system of
internal control has operated effectively throughout the
reporting period?
Has the audit committee considered how it integrates with
other committees that may have responsibility for risk
management?
Has the audit committee (with delegated responsibility) or
the full council adopted "Managing the Risk of Fraud Actions to Counter Fraud and Corruption?"
Does the audit committee ensure that the "Actions to
Counter Fraud and Corruption" are being implemented?
Is the audit committee made aware of the role of risk
management in the preparation of the internal audit plan?
√
This is presented annually to the Committee as part of the Annual Report and Opinion in
June for the Committee to note and consider.
√
To discuss at Audit Committee meeting, as this is usually undertaken however the AGS is
not on the forward work programme as a separate item presently.
√
See above.
√
Yes, regular reports are provided to the Committee in relation to progress made against
the internal audit plan and in relation to the follow up of internal audit recommendations.
√
This Committee has responsibility for risk management.
Does the audit committee review the authority's strategic
risk register at least annually?
Does the audit committee monitor how the authority
assesses its risk?
Do the audit committee's terms of reference include
oversight of the risk management processes?
√
√
√
√
√
√
52
Audit Committee
17 June 2014
FINANCIAL REPORTING AND REGULATORY MATTERS
3.1
1
Is the audit committee's role in the consideration and/or
approval of the annual accounts clearly defined?
Does the audit committee consider specifically:
- the suitability of accounting policies and treatments;
- major judgements made;
- large write-offs;
- changes in accounting treatment;
- the reasonableness of accounting estimates;
- the narrative aspects of reporting?
√
3.2
1
3.3
1
Is an audit committee meeting scheduled to receive the
external auditor's report to those charged with governance
including a discussion of proposed adjustments to the
accounts an other issues arising form the audit?
√
3.4
1
√
3.5
2
3.6
2
3.7
2
Does the audit committee review management's letter of
representation?
Does the audit committee annually review the accounting
policies of the authority?
Does the audit committee gain an understanding of
management's procedures for preparing the authority's
annual accounts?
Does the audit committee have a mechanism to keep it
aware of topical legal and regulatory issues, for example
by receiving circulars and through training?
√
Yes, in addition training is provided prior to the Committee receiving the Annual Accounts
to ensure that these specific roles are met.
√
√
√
53
Audit Committee
17 June 2014
INTERNAL AUDIT
4.1
1
Does the audit committee approve annually and in detail,
the internal audit strategic and annual plans including
consideration of whether the scope of internal audit work
addresses the authority's significant risks?
√
4.2
1
√
4.3
1
4.4
1
4.5
1
Does internal audit have an appropriate reporting line to
the audit committee?
Does the audit committee receive periodic reports from
the internal audit service including an annual report from
the Head of Internal Audit?
Are follow-up audits by internal audit monitored by the
audit committee and does the committee consider the
adequacy of implementation of recommendations?
Does the audit committee hold periodic private
discussions with the Head of Internal Audit?
√
As at 4.2 above.
4.6
1
√
A joint working protocol is in place, and has been for some time.
4.7
1
4.8
1
4.9
2
Is there appropriate co-operation between the internal and
external auditors?
Does the audit committee review the adequacy of internal
audit staffing and other resources?
Has the audit committee evaluated whether its internal
audit service complies with CIPFA's Code of Practice for
Internal Audit in Local Government in the United
Kingdom?
Are internal audit performance measures monitored by the
audit committee?
4.10
2
Has the audit committee considered the information it
wishes to receive from internal audit?
√
√
In addition internal audit are able to meet privately with the Chair and Vice Chair of the
Committee, as and when appropriate.
Yes regular progress and follow up reports are provided to the Committee throughout the
year, culminating in the Annual Report and Opinion.
√
√
√
This has now been replaced by the Public Sector Internal Audit Standards, and the annual
review of the Effectiveness of Internal Audit, which is now part of the Annual Report and
Opinion will comment on compliance with these standards.
√
Performance measures are reported to the Committee at the start and end of the year,
consideration is underway as to whether this should be reported more regularly as part of
the Progress Reports.
54
Audit Committee
17 June 2014
EXTERNAL AUDIT
5.1
1
Do the external auditors present and discuss their audit
plans and strategy with the audit committee (recognizing
the statutory duties of external audit)?
√
5.2
1
Does the audit committee hold periodic private
discussions with the external auditor?
√
5.3
1
√
5.4
1
Does the audit committee review the external auditor's
annual report to those charged with governance?
Does the audit committee ensure that officers are
monitoring action taken to implement external audit
recommendations?
5.5
1
√
5.6
1
5.7
1
Are reports on the work of external audit and other
inspection agencies presented to the committee,
including the Audit Commission's annual audit and
inspection letter?
Does the audit committee assess the performance of
external audit?
Does the audit committee consider and approve the
external audit fee?
As above at 4.2
√
√
The Head of Finance and Section 151 Officer reviews the performance of External Audit
and completes a customer satisfaction survey commenting on the quality of their work.
√
55
Audit Committee
17 June 2014
Agenda administration
6.1
1
6.2
1
6.3
2
6.4
2
Does the audit committee have a designated secretary
from Committee/Member Services?
Are agenda papers circulated in advance of meetings to
allow adequate preparation by audit committee members?
√
Are outline agendas planned one year ahead to cover
issues on a cyclical basis?
Are inputs for Any Other Business formally requested in
advance from committee members, relevant officers,
internal and external audit?
√
Do reports to the audit committee communicate relevant
information at the right frequency, time, and in a format
that is effective?
Does the audit committee issue guidelines and/or a
proforma concerning the format and content of the papers
to be presented?
√
It was recognised that the Audit Committee has a work programme which is clear in
confirming when different reports will be made available.
√
For the most part, Audit Committee reports follow the Council's approved Committee
reporting template. The Committee reserves the right, however, on occasions, to revise
the format when requesting ad-hoc reports.
Are minutes prepared and circulated promptly to the
appropriate people?
Is a report on matters arising made and minuted at the
audit committee's next meeting?
Do action points indicate who is to perform what and by
when?
√
√
Audit Committee Work Programme is a standard agenda item, continually rolled forward.
√
This is not strictly applicable to the Audit Committee.
Papers
6.5
1
6.6
2
Actions arising
6.7
1
6.8
1
6.9
1
√
√
Committee agendas recognise Action Points arising from the minutes of previous
meetings. Specific target dates are not added but the Action Points are revisited each
time the Committee is convened.
56
Appendix A
North Norfolk District Council - Audit Committee Self Assessment Checklist
No.
Priority
Issue
1. ESTABLISHMENT, OPERATION AND DUTIES
Yes
No
√
√
Comments
Role and Remit
1.1
1
1.2
1
1.3
1
1.4
1
1.5
1
1.6
1
1.7
2
1.8
2
Does the audit committee have written terms of
reference?
Do the terms of reference cover the core functions
of an audit committee as identified in the CIPFA
guidance?
Are the terms of reference approved by the council
and reviewed periodically?
Has the audit committee been provided with
sufficient membership, authority and resources to
perform its role effectively and independently?
Can the audit committee access other committees
and full council as necessary?
Does the authority's Annual Governance Statement
include a description of the audit committee's
establishment and activities?
Does the audit committee periodically assess its
own effectiveness?
Does the audit committee make a formal annual
report on its work and performance during the year
to full council?
√
√
√
Terms of Reference are revisited when the Constitution is reviewed/updated.
√
It was noted that there is not currently a Vice Chair appointed, but it was resolved
that a member would be appointed to this role as and when needed.
√
√
√
√
Annual Reports were produced until 2010/11.Thereafter, it was considered
inappropriate as Minutes of the Committee are relatively detailed and these are
presented to Full Council 4 times per year.
57
No.
Issue
Yes
Has the membership of the audit committee been
formally agreed and a quorum set?
Is the chair independent of the executive function?
√
Has the audit committee chair either previous
knowledge of, or received appropriate training on,
financial and risk management, accounting
concepts and standards, and the regulatory
regime?
Are new audit committee members provided with
an appropriate induction?
√
Priority
No
Comments
√
There is not currently a mechanism in place ensuring that new members to the
Committee automatically receive induction training. However, recent new joiners
were provided with a guide to working arrangements, provided by the Chair of the
Audit Committee.
It was agreed that consideration should be given to developing a training
programme for adoption in the future.
Members' skills and experience have not been fully evaluated to identify where
there might be gaps, which need to be addressed going forward. It was therefore
agreed that members would submit information regarding their skills and
experience to the Head of Internal Audit, who would then summarise these
particulars, and determine where future training sessions would be most
beneficial.
Membership, Induction and training
1.9
1
1.10
1
1.11
1
1.12
1
1.13
1
Have all members' skills and experiences been
assessed and training given for identified gaps?
1.14
1
√
1.15
2
Has each member declared his or her business
interests?
Are members sufficiently independent of the other
key committees of the council?
Meetings
1.16
1.17
1
1
√
√
1.18
1
1.19
1
1.20
1
1.21
1
1.22
1
Does the audit committee meet regularly?
Do the terms of reference set out the frequency of
meetings?
Does the audit committee calendar meet the
authority's business needs, governance needs and
the financial calendar?
Are members attending meetings on a regular
basis and if not, is appropriate action taken?
Are meetings free and open without political
influences being displayed?
Does the authority's S151 officer or deputy attend
all meetings?
Does the audit committee have the benefit of
attendance of appropriate officers at its meetings?
√
√
√
√
√
√
√
√
58
No.
Issue
Yes
Does the audit committee consider the findings of
the annual review of the effectiveness of the
system of internal control (as required by the
Accounts and Audit Regulations) including the
review of the effectiveness of the system of internal
audit?
Does the audit committee have responsibility for
review and approval of the Annual Governance
Statement and does it consider it separately from
the accounts?
Does the audit committee consider how meaningful
the Annual Governance Statement is?
√
Does the audit committee satisfy itself that the
system of internal control has operated effectively
throughout the reporting period?
Has the audit committee considered how it
integrates with other committees that may have
responsibility for risk management?
Has the audit committee (with delegated
responsibility) or the full council adopted "Managing
the Risk of Fraud - Actions to Counter Fraud and
Corruption?"
Does the audit committee ensure that the "Actions
to Counter Fraud and Corruption" are being
implemented?
Is the audit committee made aware of the role of
risk management in the preparation of the internal
audit plan?
Does the audit committee review the authority's
strategic risk register at least annually?
Does the audit committee monitor how the authority
assesses its risk?
Do the audit committee's terms of reference include
oversight of the risk management processes?
√
Priority
No
Comments
INTERNAL CONTROL
2.1
1
2.2
1
2.3
1
2.4
1
2.5
1
2.6
1
2.7
1
2.8
2
2.9
2
2.10
2
2.11
2
√
√
√
√
√
√
√
√
√
59
No.
Priority
Issue
Yes
No
Comments
FINANCIAL REPORTING AND REGULATORY MATTERS
Is the audit committee's role in the consideration
and/or approval of the annual accounts clearly
defined?
Does the audit committee consider specifically:
- the suitability of accounting policies and
treatments;
- major judgements made;
- large write-offs;
- changes in accounting treatment;
- the reasonableness of accounting estimates;
- the narrative aspects of reporting?
√
1
Is an audit committee meeting scheduled to receive
the external auditor's report to those charged with
governance including a discussion of proposed
adjustments to the accounts an other issues arising
form the audit?
√
3.4
1
√
3.5
2
3.6
2
3.7
2
Does the audit committee review management's
letter of representation?
Does the audit committee annually review the
accounting policies of the authority?
Does the audit committee gain an understanding of
management's procedures for preparing the
authority's annual accounts?
Does the audit committee have a mechanism to
keep it aware of topical legal and regulatory issues,
for example by receiving circulars and through
training?
3.1
1
3.2
1
3.3
√
√
√
√
60
No.
Priority
Issue
Yes
No
Comments
INTERNAL AUDIT
4.1
1
Does the audit committee approve annually and in
detail, the internal audit strategic and annual plans
including consideration of whether the scope of
internal audit work addresses the authority's
significant risks?
√
4.2
1
√
4.3
1
4.4
1
4.5
1
Does internal audit have an appropriate reporting
line to the audit committee?
Does the audit committee receive periodic reports
from the internal audit service including an annual
report from the Head of Internal Audit?
Are follow-up audits by internal audit monitored by
the audit committee and does the committee
consider the adequacy of implementation of
recommendations?
Does the audit committee hold periodic private
discussions with the Head of Internal Audit?
4.6
1
√
4.7
1
4.8
1
4.9
2
4.10
2
Is there appropriate co-operation between the
internal and external auditors?
Does the audit committee review the adequacy of
internal audit staffing and other resources?
Has the audit committee evaluated whether its
internal audit service complies with CIPFA's Code
of Practice for Internal Audit in Local Government
in the United Kingdom?
Are internal audit performance measures monitored
by the audit committee?
Has the audit committee considered the information
it wishes to receive from internal audit?
√
√
√
The Committee as a whole has nominated the Chair to hold periodic private
discussions with both the Head of Internal Audit and the External Audit Manager.
Such discussions take place on an annual basis.
√
√
√
√
61
No.
Priority
Issue
Yes
No
Comments
EXTERNAL AUDIT
5.1
1
Do the external auditors present and discuss their
audit plans and strategy with the audit committee
(recognizing the statutory duties of external audit)?
√
5.2
1
Does the audit committee hold periodic private
discussions with the external auditor?
√
5.3
1
√
5.4
1
Does the audit committee review the external
auditor's annual report to those charged with
governance?
Does the audit committee ensure that officers are
monitoring action taken to implement external audit
recommendations?
5.5
1
√
5.6
1
Are reports on the work of external audit and other
inspection agencies presented to the committee,
including the Audit Commission's annual audit and
inspection letter?
Does the audit committee assess the performance
of external audit?
5.7
1
Does the audit committee consider and approve
the external audit fee?
√
The Committee as a whole has nominated the Chair to hold periodic private
discussions with both the External Audit Manager and the Head of Internal Audit.
Such discussions take place on an annual basis.
√
√
The Head of Finance and Section 151 Officer reviews the performance of
External Audit and completes a customer satisfaction survey commenting on the
quality of their work.
√
This is not strictly applicable to the Audit Committee.
ADMINISTRATION
Agenda administration
6.1
1
6.2
1
6.3
2
6.4
2
Does the audit committee have a designated
secretary from Committee/Member Services?
Are agenda papers circulated in advance of
meetings to allow adequate preparation by audit
committee members?
Are outline agendas planned one year ahead to
cover issues on a cyclical basis?
Are inputs for Any Other Business formally
requested in advance from committee members,
relevant officers, internal and external audit?
√
√
√
62
No.
Priority
Issue
Yes
No
Comments
Papers
6.5
1
Do reports to the audit committee communicate
relevant information at the right frequency, time,
and in a format that is effective?
√
6.6
2
Does the audit committee issue guidelines and/or a
proforma concerning the format and content of the
papers to be presented?
√
Are minutes prepared and circulated promptly to
the appropriate people?
Is a report on matters arising made and minuted at
the audit committee's next meeting?
Do action points indicate who is to perform what
and by when?
√
It was recognised that the Audit Committee has a work programme which is clear
in confirming when different reports will be made available. There were some
comments received however regarding the length of some reports and their
repetitive nature, and a request received to make them more succinct in the
future.
For the most part, Audit Committee reports follow the Council's approved
Committee reporting template. The Committee reserves the right, however,on
occasions, to revise the format when requesting ad-hoc reports.
Actions arising
6.7
1
6.8
1
6.9
1
√
√
Committee agendas recognise Action Points arising from the minutes of previous
meetings. Specific target dates are not added but the Action Points are revisited
each time the Committee is convened.
63
Corporate Risk Register June 2014
Audit Committee 17 June 2014
Corporate Risk Register June 2014
Summary Register
Ref.
Risk
015(CR)
002(CR)
016(CR)
Medium Term Financial Plan
Coastal Erosion - (the effects of)
Downgrading of Co-op Bank
Transformation Agenda/Business
Transformation Work
003(CR)
Current
Score
25
20
20
Target
Score
12
15
15
16
8
010(CR)
Housing Delivery
16
8
011(CR)
Shared Services plans - (failure to complete)
16
8
017(CR) NEW
Default on loans provided to Registered
Providers or their subsidiary
15
10
001(CR)
Property assets (the condition of)/ Asset
Management
Organisational Restructuring - (potential
instability)
Partnership/s - (potential failure)
Procurement - (lack of value for money)
Localised Council Tax Support Scheme (financial impact)
12
9
12
8
9
9
6
3
8
6
008(CR)
Information - (loss of)
8
4
013(CR)
IT 004[SR] NEW
PROPOSED
Operational disruption - (significant event)
Homeworking - security, staff health and
safety (corporate risk)
6
6
6
6
005(CR)
007(CR)
009(CR)
012(CR)
Officer
Karen Sly (Head of Finance)
Brian Farrow (Coastal Engineer)
Karen Sly (Head of Finance)
Sheila Oxtoby (Chief Executive)
Nicola Turner (Housing Team Leader –
Strategy)
Steve Blatch (Corporate Director)
Malcolm Fry (Chief Accountant), Nicola
Turner (Housing Team Leader –
Strategy)
Duncan Ellis (Head of Assets and Leisure)
Sheila Oxtoby (Chief Executive)
Karen Sly (Head of Finance)
Karen Sly (Head of Finance)
Louise Wolsey (Revenues and Benefits
Manager)
Sean Kelly (Head of Business
Transformation and IT)
Richard Cook (Civil Contingencies Manager)
Sean Kelly (Head of Business
Transformation and IT)
1
V03
64
Corporate Risk Register June 2014
Audit Committee 17 June 2014
No
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Existing Controls
Controls that have
been implemented
since the last review
are shown in green
Score
(with
controls)
Impact x
Likelihoo
d = Total
015(CR)
Medium Term Financial Plan(Note
change of risk title from Central
Government Funding and
Savings)
Policy work
5x5=25
1. Uncertainty about the Council
receiving adequate funding from
central government through the rates
retention/revenue support grant
system and/or other targeted funding
stream. The rates retention system
has shifted the risk of business rates
fluctuations to the local level,
meaning that Local Authority
budgets would be impacted directly
through their funding from decline in
business and also through the New
Homes Bonus funding reductions in
delivery of new homes would impact
on the funding available.
Medium Term Financial
Strategy
2. Failure to produce a balanced
budget position and funded future
projections in the medium term and
to deliver a freezing of Council Tax
increases.
Utilisation of the New
Homes Bonus grant
within the base budget
from 2014/15
Lobbying Central
Government
Action (to achieve target score)
and progress to date
Growth forecasting models to be
developed for housing and
business rates to inform future
financial forecasts and budget.
Target
Score
Impact
x
Likeliho
od =
Total
Corporate
Objective /
Service
Priority
Officer
4x3=12
Delivering
the Vision
Karen Sly
- Head of
Finance
Responses to government
consultation papers on funding
as they are published.
Corporate Planning /
Service Planning
Sustaining the New Homes
Bonus funding through its
current method of allocation and
ensuring it is maximised through
new housing growth and
reductions in long term empty
properties.
Budget Process /
Budget Monitoring
Regular monitoring
system of the impact of
the business rates
retention and the
localised council tax
support system
Early update of the Financial
Strategy to inform the 2015/16
budget process.
Review of the Councils reserves
following the impact of the
storm repair costs and
associated funding.
3. The Corporate Plan may not be
delivered to the identified timescales.
The level of service currently
2
V03
65
Corporate Risk Register June 2014
No
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Audit Committee 17 June 2014
Existing Controls
Controls that have
been implemented
since the last review
are shown in green
Score
(with
controls)
Impact x
Likelihoo
d = Total
Action (to achieve target score)
and progress to date
Target
Score
Impact
x
Likeliho
od =
Total
Corporate
Objective /
Service
Priority
Officer
5x4=20
Cromer Sea Defence Works –
On Track
4x3=12
Coast,
Countrysid
e and Built
Heritage
Brian
Farrow Coastal
Engineer
provided could be at risk,
unplanned use of reserves which is
unsustainable in the longer term.
Higher level of savings requirement
in future years.
002(CR)
Coastal Erosion - (the effects of)
The Pathfinder Project
1. Lack of Government funding to
maintain coast defences and / or to
support local compensation claims
Shoreline Management
Plan (SMP)
2. Coastal erosion and blight of
coastal settlements through loss of
public and private infrastructure and
assets. The Council has devoted
significant resources to pursuing
sustainable answers to coastal
management issues. There is a
considerable Health and Safety
context here which serves to
increase the reputational risk for the
Council at the same time.
3. Increased coastal erosion through
loss of defences presents a
reputational risk to the authority in
the eyes of local communities and
direct loss of Council owned assets /
infrastructure which are fundamental
to the district's tourism offer and
Control of coastal management
schemes through procurement
and regular checking – On track
Repairs & Maintenance
Programme
Repairs in response to the
December 2013 Tidal Surge – in
progress
Procurement practices
Health & Safety
checking and
monitoring
DEFRA funding of
capital schemes
Coast monitoring –
Implemented
3
V03
66
Corporate Risk Register June 2014
No
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Audit Committee 17 June 2014
Existing Controls
Controls that have
been implemented
since the last review
are shown in green
Score
(with
controls)
Impact x
Likelihoo
d = Total
Action (to achieve target score)
and progress to date
Target
Score
Impact
x
Likeliho
od =
Total
Corporate
Objective /
Service
Priority
Officer
5x4=20
Tender process for new contract
to be completed in accordance
with the project timetable.
5x3=15
Delivering
the Vision
Karen Sly
- Head of
Finance
therefore the economic well-being of
the district. Loss of confidence in
respect of business investment and
residential property market; blight of
properties in erosion zone; direct
loss of tourism assets and
infrastructure promenades, beach
chalets, cafés, public toilets, car
parks etc.; loss of tourism income /
employment.
016
(CR)
Downgrading of Co-op Bank
1. Downgrading of the Co-op bank
credit rating and subsequent
notification of the withdrawal from
providing banking services to Local
Authorities.
2. Current contract end date is
March 2015, withdraw of services or
failure to deliver services ahead of
this date would leave the Council
without and banking service
provider.
3. The Council could not collect its
income or make any payments and
would be unable to carry on its day
to day business in the short term
until alternative banking
Overnight funds kept to
a minimum within the
Co-op Public Sector
Reserve Account
(previous limit was
£500,000)
Award of contract scheduled for
the summer 2014
Alternative banking
facility has now been
set up
Delegated authority being
sought to ensure timescales for
award not delayed.
Regular monitoring of
position with Treasury
Advisors
Joint tender process
underway with tender
document now issued
4
V03
67
Corporate Risk Register June 2014
No
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Audit Committee 17 June 2014
Existing Controls
Controls that have
been implemented
since the last review
are shown in green
Score
(with
controls)
Impact x
Likelihoo
d = Total
Action (to achieve target score)
and progress to date
Target
Score
Impact
x
Likeliho
od =
Total
Corporate
Objective /
Service
Priority
Officer
2x4=8
Delivering
the Vision
Sheila
Oxtoby Chief
Executive
arrangements can be put into place.
Depending on the time the security
of payments/cash ’in transit’ could be
at risk.
003(CR)
Transformation Agenda/Project
1. It is clear that there is a new
urgency about change in local
government driven by the current
financial pressures and the ambition
to ignite community engagement.
Previous incremental change is
being replaced by a more wholesale
restructuring of local government
and its place in local service
delivery.
2. The risk is that in moving to a new
agenda so quickly there is no basic
framework within which the new
arrangements can be undertaken.
3. Vision and action may not be fully
supported by a sound assessment
and a solid understanding of policy
implications at national and local
level.
Training, learning &
policy initiatives
4x4=16
Strategies
IT transformation work that is
currently being undertaken
Further discussions/
consideration of options around
shared services
Reporting - New
legislation and
consultation
Managing delivery of
workstreams as included in the
Transformation programme
Network development
Maintain technical
competence
Medium Term Financial
Strategy
Approval of the
Business
Transformation
Programme
Appointment of a Head
of Business
Transformation to
5
V03
68
Corporate Risk Register June 2014
No
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Audit Committee 17 June 2014
Existing Controls
Controls that have
been implemented
since the last review
are shown in green
Score
(with
controls)
Impact x
Likelihoo
d = Total
Action (to achieve target score)
and progress to date
Target
Score
Impact
x
Likeliho
od =
Total
Corporate
Objective /
Service
Priority
Officer
4x4=16
Enhance Housing Association
delivery – On Track - Following
the approval of the Local
Investment Strategy to provide
loans to Registered Providers, a
bid for a loan has been received
and is currently being
considered, this would deliver
more affordable housing in
North Norfolk (in addition to
some market dwellings which
will provide the subsidy required
to deliver the affordable
dwellings). Continuing to work
on delivering both affordable
housing (and market housing
where they provide the subsidy
needed for the delivery of the
affordable dwellings) in a way
which reduces upfront costs to
Housing Associations. First
phase of schemes identified.
4x2=8
Housing
and
Infrastruct
ure
Nicola
Turner Housing
Team
Leader Strategy
deliver the programme
- Implemented
010(CR)
Housing Delivery
Use of capital
1. A combination of lack of developer
confidence because of recession /
weak financial markets and pressure
on public finances meaning reduced
availability of grant funding for
affordable housing provision.
Partnership work with
Registered Providers
2. Inability to secure planning
Local Investment Plan
Local Development
Framework (LDF)
policies
permission for provision of affordable
housing.
Internal planning
protocol
3. A challenge over the Council's
ability to deliver sufficient affordable
Increased Focus
homes
Housing Strategy
discussion document
(2010)
Development plan - affordable
6
V03
69
Corporate Risk Register June 2014
No
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Audit Committee 17 June 2014
Existing Controls
Controls that have
been implemented
since the last review
are shown in green
Score
(with
controls)
Impact x
Likelihoo
d = Total
Action (to achieve target score)
and progress to date
Target
Score
Impact
x
Likeliho
od =
Total
Corporate
Objective /
Service
Priority
Officer
housing provision – On Track
Ongoing forward development
plan needs attention to ensure
ongoing pipeline of affordable
housing schemes- On Track 153 affordable dwellings were
completed in 2013/14 which is
the highest number delivered in
the district by Registered
Providers.
61 completions are predicted for
2014/15, although this number
is subject to change.
Ensuring that there is an
ongoing pipeline of affordable
housing schemes remains a key
priority to ensure that affordable
housing delivery is sustained in
future years.
Ongoing monitoring of financial
contributions received and
expenditure will be committed in
a timely way on affordable
housing.
7
V03
70
Corporate Risk Register June 2014
No
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Audit Committee 17 June 2014
Existing Controls
Controls that have
been implemented
since the last review
are shown in green
Score
(with
controls)
Impact x
Likelihoo
d = Total
Action (to achieve target score)
and progress to date
Target
Score
Impact
x
Likeliho
od =
Total
Corporate
Objective /
Service
Priority
Officer
Identified partner to work with
Council and Housing
Associations to bring forward
affordable (and market) housing
schemes in a way which
reduces upfront costs to
Housing Associations – On
Track - Following the approval
of the Local Investment Strategy
to provide loans to Registered
Providers, a bid for a loan has
been received and is currently
being considered, this would
deliver more affordable housing
in North Norfolk (in addition to
some market dwellings which
will provide the subsidy required
to deliver the affordable
dwellings). Continuing to work
on delivering both affordable
housing (and market housing
where they provide the subsidy
needed for the delivery of the
affordable dwellings) in a way
which reduces upfront costs to
Housing Associations. First
phase of schemes identified.
8
V03
71
Corporate Risk Register June 2014
Audit Committee 17 June 2014
No
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Existing Controls
Controls that have
been implemented
since the last review
are shown in green
Score
(with
controls)
Impact x
Likelihoo
d = Total
Action (to achieve target score)
and progress to date
Target
Score
Impact
x
Likeliho
od =
Total
Corporate
Objective /
Service
Priority
Officer
011(CR)
Shared Services plans - (failure to
complete)
Project Management
Group
4x4=16
Consideration of shared service
proposals and business cases
4x2=8
Delivering
the Vision
1. A combination of the potential for
an incomplete implementation is
(systems touch some of the most
vulnerable members of the local
community), in addition this project is
being undertaken against a back
cloth of the Coalition Government's
intention to introduce Universal
Credit from 2014 and the detailed
changes in the shape and detail of
Council Tax support and the
Business rates retention scheme in
the Local Government Finance Bill
now before Parliament.
Improved staff
communication
Steve
Blatch –
Corporate
Director
5x2=10
Housing
and
Infrastruct
ure
Malcolm
Fry - Chief
Accountan
t
Further discussions/
consideration of options around
shared services
Formulation of a
detailed plan
Dedicated risk
assessment completed
2. A failure to fully implement shared
services proposals could occur
3. Reputational damage, reduce
staff morale, financial impact to
current and ongoing budgets.
017(CR)
NEW
Default on loans provided to
Registered Providers or their
subsidiary
5x3=15
1. Rental income of Registered
Loan Process - On Track - The
Council is currently considering
a request for a loan and is
carefully considering the risk of
such a loan. A report
9
V03
72
Corporate Risk Register June 2014
No
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Audit Committee 17 June 2014
Existing Controls
Controls that have
been implemented
since the last review
are shown in green
Score
(with
controls)
Impact x
Likelihoo
d = Total
Provider or sales of market dwellings
developed by subsidary are
insufficient to service loan(s) in
accordance with loan terms.
3. The Council will see a short term
loss in income (repayments of
interest and capital) and may be
required to exercise security
provisions in order to recover
outstanding monies.
Property assets - (the condition
of)
1. A lack of investment and sound
decision-making.
2. Deteriorating property assets may
lead to a loss of revenue and
possible legal liability.
3. The Council does not achieve
value for money from its investment
and/or possible legal liabilities either
directly or through its leasing
arrangements.
Target
Score
Impact
x
Likeliho
od =
Total
Corporate
Objective /
Service
Priority
recommending a loan is
provided will be considered by
Cabinet, the report will refer to
how the risk of a loan has been
considered and the security
arrangements for a loan, which
will ensure the Council has the
required level of security. The
process of considering a loan
includes due diligence which will
be provided by external
consultants.
2. Default on loan(s) by the
Registered Providers or their
subsidiary.
001(CR)
Action (to achieve target score)
and progress to date
Work on R & M
schedules
4x3=12
The introduction of a
property risk
assessment and
inspection regime
Implement asset management
software – On track – The
software has been implemented
and the database is being
populated.
Officer
Nicola
Turner Strategic
Housing
Team
Leader
3x3=9
Delivering
the Vision
Duncan
Ellis –
Head of
Assets
and
Leisure
Effective team
resourcing
Asset Management
Plan
10
V03
73
Corporate Risk Register June 2014
No
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Audit Committee 17 June 2014
Existing Controls
Controls that have
been implemented
since the last review
are shown in green
Score
(with
controls)
Impact x
Likelihoo
d = Total
Action (to achieve target score)
and progress to date
Target
Score
Impact
x
Likeliho
od =
Total
Corporate
Objective /
Service
Priority
Officer
4x3=12
Implement the outcomes of the
Planning Peer Review – On
Track - In January 2014 we
undertook a whole service
workshop to identify areas for
improvement. This will feed into
the proposed Planning
restructure which is due to go
out to consultation in June 2014.
This will address some of the
key issues identified in the Peer
Review. The additional
temporary staff that have been
recruited has led to a significant
improvement in planning
performance figures for all
categories of application.
2x4=8
Delivering
the Vision
Sheila
Oxtoby Chief
Executive
This scenario is detrimental to the
local tourism economy as well as
damaging to local communities
contributing to a lack of community
pride and possible increase in
vandalism. The capital tied up in
assets cannot be released to support
wider Council initiatives and income
streams are not maximised.
005(CR)
Organisational Restructuring (potential instability)
Effective staff
communication
1. The ineffective management of
change.
Effective Member
engagement
2. Following the changes at strategic Strengthen the
level and the emergence of the new
Corporate Leadership Team there
are further structural changes that
need to be undertaken within the
Council which may lead to instability
and reduced morale.
Communications
Strategy
Monitor the impact
Provide team building
activity
3. A lack of understanding of the
proposals, the impact on recruitment Provide
and retention together with ambiguity training/mentoring
and disruption while services are
realigned. A loss of continuity with
past actions (loss of experience), low
11
V03
74
Corporate Risk Register June 2014
No
Audit Committee 17 June 2014
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Existing Controls
Controls that have
been implemented
since the last review
are shown in green
staff morale and potential instability.
There may be timing issues if
appropriate appointments can't be
made.
Individual staff support
Score
(with
controls)
Impact x
Likelihoo
d = Total
Action (to achieve target score)
and progress to date
Target
Score
Impact
x
Likeliho
od =
Total
Corporate
Objective /
Service
Priority
Officer
3x2=6
Delivering
the Vision
Louise
Wolsey Revenue
and
Benefits
Services
Manager
Review by Joint Staff
Consultative
Committee
Learning and
Development
Programme
012(CR)
Localised Council Tax Support
Scheme - (financial impact)
Software provider
contact
1. Localised council tax support
came into operation in April 2013,
funding for the scheme has been
reduced and will continue to reduce
in line with the Councils overall
funding. There are some protections
(of individuals) within the scheme but
most households will be required to
pay Council Tax when they have
been previously entitled to 100%
benefit.
Establish working
groups
2. Under the Local Government
Finance Act each Local Authority is
required to implement a localised
system of Council Tax support, this
replaced the previous Council Tax
Benefit system. Fundamentally this
4x2=8
Suggested action:
Discussions with
County Council/ Police
Remove from risk register as
ongoing impact now factored
into the budget process and
contained within the
Corporate Risk – Medium
Term Financial Strategy
Staff Training
Networking
Medium Term Financial
Strategy
LCTS Member working
group
County Wide working
12
V03
75
Corporate Risk Register June 2014
No
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Existing Controls
Controls that have
been implemented
since the last review
are shown in green
has shifted the risk from national to
Local Government. Each billing
authority was required to develop a
scheme for its area.
group
3. For 2013/14 there is transitional
funding for local schemes that meet
Government prescribed criteria, the
scheme for NNDC for 2013/14
meets this criteria. As the funding is
only transitional there is still a risk
associated with implementing a fully
funded scheme in 2014/15. This will
require further work during 2013/14.
Furthermore collection of council tax
will impact on all authorities (not just
NNDC as the billing authority), whilst
some element of the impact on the
collection fund has been taken into
account in the 2013/14 budget, the
full extent will depend on the actual
performance in the year.
007(CR)
Audit Committee 17 June 2014
Target
Score
Impact
x
Likeliho
od =
Total
Corporate
Objective /
Service
Priority
Officer
2x3=6
Delivering
the Vision
Karen Sly
- Head of
Finance
Early decision making
required for the
2014/15 scheme
including impact on
Parish Councils funding
Monitor
1. Failure to engage appropriately
and/or commit resources.
Clarify Members' roles
part of or seeking to become part of
may have the potential to become
Action (to achieve target score)
and progress to date
Regular monitoring
system of the impact of
the business rates
retention and the
localised council tax
support system
Partnership/s - (potential failure)
2. Partnerships which the Council is
Score
(with
controls)
Impact x
Likelihoo
d = Total
3x3=9
Annual review process – in
progress
Regular review of
Outside bodies and no
new partnerships
entered into unless
13
V03
76
Corporate Risk Register June 2014
No
Audit Committee 17 June 2014
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Existing Controls
Controls that have
been implemented
since the last review
are shown in green
ineffective. There is a need to
engage appropriately with and
commit resources (staff, finances,
actions) to key partnership
structures.
reported through
Cabinet
Score
(with
controls)
Impact x
Likelihoo
d = Total
Action (to achieve target score)
and progress to date
Target
Score
Impact
x
Likeliho
od =
Total
Corporate
Objective /
Service
Priority
Officer
3x1=3
Delivering
the Vision
Karen Sly
– Head of
Finance
3. Failure of partnerships to deliver
stated objectives / outcomes.
Non-delivery of key outcomes
leading to reputational risk to
Council.
009(CR)
Procurement - (lack of value for Procurement Strategy
money)
1. The current financial climate,
recent resourcing issues causing an
absence of a focus for this work,
together with a reduction in the
available accountancy resources
going forward increase the risk of a
lack of continuous improvement in
this area.
2. Failure to adopt new procurement
practices and delivery of efficient
and timely procurement processes
could mean that the Council will not
3x3=9
Procurement
Framework
A procurement evaluation
Regular procurement refresh
and review of procedures – on
going
Joint procurement
protocol and
opportunities for
joint/shared
procurement with other
authorities where
possible
Advice for external
suppliers
14
V03
77
Corporate Risk Register June 2014
No
Audit Committee 17 June 2014
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Existing Controls
Controls that have
been implemented
since the last review
are shown in green
achieve value for money procuring
the goods and services it uses.
Procurement
responsibility assigned
to the Chief Accountant
Score
(with
controls)
Impact x
Likelihoo
d = Total
Action (to achieve target score)
and progress to date
Target
Score
Impact
x
Likeliho
od =
Total
Corporate
Objective /
Service
Priority
Officer
4x1=4
Delivering
the Vision
Sean
Kelly Head of
Business
Transfor
mation
and IT
3. The Council may not achieve
value for money, financial/procedural
inefficiencies possible challenge to
contracting procedures.
008(CR)
Information - (loss of)
Information
Management Strategy
1. Lax security - Information may be
lost, mislaid or stolen. Increased use
of mobile technology such as I Pads
etc.
Implement data
security protocols on
mobile devices
2. There exists an inherent potential
ICT Security Policy
for the loss of organisational
information at any security level. ICT
is responsible for ensuring electronic
data is secure (in conjunction with
system owners who control access
to their databases),
3. Information may be
4x2=8
ICT Monitoring
Data Protection training
Code of Connection
compliance
inappropriately used. Fraud or data
corruption may occur. Systems may
suffer damage. The Council's
reputation may be harmed.
15
V03
78
Corporate Risk Register June 2014
Audit Committee 17 June 2014
No
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Existing Controls
Controls that have
been implemented
since the last review
are shown in green
013(CR)
Operational disruption (significant event)
Response & Recovery
Planning
1. Both the National and Community
Risk Registers have more
information regarding the risk of
specific events (e.g. Pandemic)
occurring.
Continuity Planning
Score
(with
controls)
Impact x
Likelihoo
d = Total
Action (to achieve target score)
and progress to date
Target
Score
Impact
x
Likeliho
od =
Total
Corporate
Objective /
Service
Priority
Officer
3x2=6
Complete critical services' BCPs
- Progressing to Plan - All
Critical services now have
carried out Business Impact
analyses except Revenues and
Benefits which is now at draft
stage. All critical services have
plans except Revenues and
Benefits. The Civil
Contingencies Manager will
work the with the Revenues and
Benefits team leaders and
managers to finalise plans.
3x2=6
Delivering
the Vision
Richard
Cook Civil
Contingen
cies
Manager,
Corporate Business
Continuity key role
training
2. Any Internal or external event that
has a significant impact on the ability
of the Council to deliver services.
Steve
Hems Head of
Environme
ntal Health
3. a) Loss of staff for 'usual' service
delivery
b) Loss of premises
c) Loss of key partners/suppliers
d) Loss of infrastructure services
A reduction in the ability of the
Council to deliver services, possibly
at a time of increased demand from
the community.
IT
004[SR
]
PROPO
SED
Homeworking - security, staff
health and safety (corporate
risk)
IT Monitoring
2x3=6
2x3=6
Delivering
the Vision
CLT
1. All aspects of remote working not
16
V03
79
Corporate Risk Register June 2014
No
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Audit Committee 17 June 2014
Existing Controls
Controls that have
been implemented
since the last review
are shown in green
Score
(with
controls)
Impact x
Likelihoo
d = Total
Action (to achieve target score)
and progress to date
Target
Score
Impact
x
Likeliho
od =
Total
Corporate
Objective /
Service
Priority
Officer
covered by corporate policies. There
are procedures in place for IT risks.
2. Security put at risk. Cost of home
working not adequately budgeted
for. All managers have a
responsibility for their staff working
from home.
3. Remote staff unable to access
technology needed to do their jobs
and for business continuity.
17
V03
80