Add to collection(s) Add to saved
  1. Business
  2. Finance

Document 12928136

advertisement 
Please Contact: Tessa Gilder-Smith
Please email: Tessa.Gilder-Smith@north-norfolk.gov.uk
Please Direct Dial on: 01263 516047
06 March 2014
A meeting of the Audit Committee of North Norfolk District Council will be held in the
Committee Room at the Council Offices, Holt Road, Cromer on Monday 17 March 2014 at
2.00 pm
Members of the public who wish to ask a question or speak on an agenda item are
requested to arrive at least 15 minutes before the start of the meeting. It will not always be
possible to accommodate requests after that time. This is to allow time for the Committee
Chair to rearrange the order of items on the agenda for the convenience of members of the
public. Further information on the procedure for public speaking can be obtained from
Democratic Services, Tel: 01263 516047, Email: democraticservices@north-norfolk.gov.uk
Sheila Oxtoby
Chief Executive
To: Mr N D Dixon, Mr B Jarvis, Mrs A Moore, Miss B Palmer, Mr R Reynolds and Mr D
Young
All other Members of the Council for information.
Members of the Management Team, appropriate Officers, Press and Public
If you have any special requirements in order to attend this meeting, please let us
know in advance
If you would like any document in large print, audio, Braille, alternative format or in a
different language please contact us
Chief Executive: Sheila Oxtoby
Strategic Directors: Nick Baker and Steve Blatch
Tel 01263 513811 Fax 01263 515042 Minicom 01263 516005
Email districtcouncil@north-norfolk.gov.uk Web site northnorfolk.org
AGENDA
1.
TO RECEIVE APOLOGIES FOR ABSENCE
2.
PUBLIC QUESTIONS
To receive public questions, if any
3.
ITEMS OF URGENT BUSINESS
To determine any items of business which the Chairman decides should be
considered as a matter of urgency pursuant to Section 100B(4)(b) of the Local
Government Act 1972.
4.
DECLARATIONS OF INTEREST
Members are asked at this stage to declare any interests that they may have in any
of the following items on the agenda. The Code of Conduct for Members requires
that declarations include the nature of the interest and whether it is a disclosable
pecuniary interest.
5.
MINUTES
(Page 1)
To approve as a correct record, the minutes of the meeting of the Audit Committee
held on 10 December 2013.
6.
AUDIT UPDATE AND ACTION LIST
(Page 6)
To monitor progress on items requiring action from the meeting of 10 December
2013, including progress on implementation of audit recommendations
7.
AUDIT COMMITTEE WORK PROGRAMME
(Page 7)
To review the Audit Committee Work Programme.
8.
ANNUAL CERTIFICATION REPORT 2012/13
(Page 9)
To receive the Annual Certification Report 2012/13 as provided by external auditors,
PricewaterhouseCoopers
9.
EXTERNAL AUDIT PLAN 2013/14
(Page 23)
To discuss the External Audit Plan 2013/14 as provided by external auditors,
PricewaterhouseCoopers
10.
INTERNAL AUDIT’S CHARTER, CODE OF ETHICS, AUDIT STRATEGY,
STRATEGIC AND ANNUAL PLANS, SUMMARY OF INTERNAL AUDIT
COVERAGE AND PERFORMANCE INDICATORS FOR 2014/15
(Page 52)
(Appendix 1- p.58)(Appendix 2 – p.69)(Appendix 3 – p.73)(Appendix 4 –
p.76)(Appendix 5 – p.81)(Appendix 6 – p.83)(Appendix 7 – p.93)(Appendix 8 – p.95)
Summary:
This report provides an overview of the stages followed
prior to the formulation of the Strategic Audit Plan for
2014/15 to 2016/17 and the Annual Audit Plan for
2014/15. The Annual Audit Plan will then serve as the
work programme for the Council‟s Internal Audit Services
Contractor, Mazars Public Sector Internal Audit Ltd, and
provide the basis upon which the Internal Audit
Consortium Manager will subsequently give Audit
Opinions on North Norfolk Council‟s system of internal
control and risk management, and corporate governance
arrangements for 2014/15.
Members‟ attention is also drawn to the fact that this is
the first time that an Audit Charter has been presented.
Previously, Terms of Reference had been submitted
annually, but now, in accordance with Public Sector
Internal Audit Standards, which came into effect from 1
April 2013, it has been necessary to develop an Audit
Charter to reflect how the Internal Audit Service will
operate in accordance with updated mandatory
standards. The foundations of the Public Sector Internal
Audit Standards however are not so fundamentally
different to those requirements formerly specified in the
CIPFA Code of Practice for Internal Audit, although the
structure of the Charter must follow a prescribed format
which defines the purpose, authority and responsibility of
the Internal Audit activity, and clear definitions need to be
given of those governance elements fulfilling
responsibilities of the „board‟ and „senior management‟.
Conclusions:
Recommendations:
In reviewing and approving the Audit Charter and related
strategic and operational audit planning information, the
Audit Committee is making appropriate provisions to
ensure that the Internal Audit requirements as stated in
the Local Government Finance Act 1982, c.32 and the
Accounts and Audit Regulations 2011 are being properly
met, and due support is being given to securing an
Internal Audit Service, which is compliant with statutory
internal auditing standards applicable to public sector
organisations.
The Committee is requested to approve:
Internal Audit‟s Charter for 2014/15;
Internal Audit‟s Code of Ethics for 2014/15;
Internal Audit‟s Strategy for 2014/15;
The Strategic Audit Plan for 2014/15 to 2016/17;
The Annual Audit Plan for 2014/15;
The Summary of Internal Audit Coverage for
2014/15; and,
Performance Indicators for 2014/15.
Cabinet member(s):
Wards:
Contact
Officer,
telephone number, and
e-mail:
All
All
Emma Hodds, Deputy Audit Manager
01508 533791
ehodds@s-norfolk.gov.uk
11.
PROGRESS REPORT ON INTERNAL AUDIT ACTIVITY, 26 NOVEMBER 2013 TO
25 FEBRUARY 2014
(Page 97)
(Appendix 9 – p.100) (Appendix 10 – p.102)
Summary:
Conclusions:
Recommendations:
Cabinet member(s):
Wards:
Contact Officer,
telephone number, and
e-mail:
12.
This report examines progress made between 26
November 2013 and 25 February 2014 in relation to
delivery of the Annual Audit Plan for 2013/14.
A total of 1 audit assignment has been processed
culminating in a mix of good and adequate assurances
being awarded to date this financial year.
It is recommended that the Committee notes the outcome
of the audit completed between 26 November 2013 and
25 February 2014 where an assurance level has been
given and the progress to date with the annual audit plan.
All
All
Emma Hodds, Deputy Audit Manager
01508 533791
elhodds@s-norfolk.gov.uk
EXCLUSION OF THE PRESS AND PUBLIC
To pass the following resolution, if necessary:
“That under Section 100A(4) of the Local Government Act 1972 the press and public
be excluded from the meeting for the following items of business on the grounds that
they involve the likely disclosure of exempt information as defined in
of Part I
of Schedule 12A (as amended) to the Act.”
Agenda item _5_
AUDIT COMMITTEE
Minutes of a meeting of the Audit Committee held on Tuesday 10 December 2013 in
the Committee Room, Council Offices, Holt Road, Cromer at 2.00 pm.
Members Present:
Committee:
Mr N D Dixon (Chairman)
Mr B Jarvis
Officers in
Attendance:
Chief Accountant, Internal Audit Consortium Manager, Regulatory Officer,
Democratic Services Officer.
Also in
attendance:
Aphrodite Antoniades (PriceWaterhouseCoopers)
31.
Miss B Palmer
Mr D Young
APOLOGIES
Apologies for absence were received from Mrs A Moore and Mr R Reynolds. Mr R
Shepherd had also sent apologies as he had been due to attend as substitute for Mr
Reynolds but was unwell.
32. PUBLIC QUESTIONS
None received.
33.
ITEMS OF URGENT BUSINESS
The Chairman referred to the Business Continuity plans which had been considered by
the Committee over a period of time. This work had proved very valuable in
preparation for and response to the recent storm surge which had caused major
damage to communities and the Council’s assets along the coast. He commended the
work done by Civil Contingencies Manager and his team in minimising the impact as
far as possible and supporting the community both during and following the event.
He requested that thanks be recorded to the Civil Contingencies team,
Communications team and other staff who were involved.
34.
DECLARATIONS OF INTEREST
None
35.
MINUTES
The Minutes of the meeting of the Audit Committee held on 17 September 2013 were
approved as a correct record.
36.
AUDIT UPDATE AND ACTION LIST
Members were updated on progress on actions arising from the minutes of the meeting
of 17 September 2013.
Audit Committee
1
10 December 2013
Pensions benchmarking
The Committee considered the data which had been supplied by PWC relating to
pensions liability. It was noted that the liability was rising in line with other authorities
and whilst this was not of significant concern at the present time, it should be
monitored so that action could be taken if necessary. It was agreed to review the
matter annually in September as part of the Committee’s Work Programme.
Annual Report of the Monitoring Officer 2012/13
It was not known if the complaints data had been supplied to Mrs Moore. The
Chairman requested the Chief Accountant to contact the Monitoring Officer on this
matter.
Local Code of Corporate Governance and Annual Governance Statement 2012/13
The Head of Finance had been unable to attend the meeting due to another
commitment. The Chief Accountant agreed to confirm the status of the actions relating
to the rewording of Appendix B and the inclusion of metrics.
The Democratic Services Officer stated that the dates of other Councils’ Scrutiny
meetings had been included in the Members’ Bulletin.
Audit Committee Self-Assessment Outcomes
It was noted that training on Internal and External Audit was programmed for March
2014.
37.
AUDIT COMMITTEE WORK PROGRAMME
RESOLVED
That, subject to the inclusion of a review of pensions liability in September 2014, the
Work Programme be noted.
38.
ANNUAL AUDIT LETTER 2012-13
Aphrodite Antoniades presented the Annual Audit Letter, which summarised the results
of the work undertaken by External Audit for the year 2012/13. There were no issues
of concern.
Mr D Young considered that the use of colours in the original letter made some of it
difficult to read when reproduced. Ms Antoniades agreed to take this matter forward to
ensure it was addressed.
The Committee noted that the fee for certification of claims and returns was yet to be
finalised. Ms Antoniades explained that confirmation was awaited from the Audit
Commission that the proposed fee submitted by PWC was appropriate. Additional
work had been carried out so the fee was likely to be higher than estimated but less
than it had been in the previous year. At the request of the Chairman, Ms Antoniades
agreed to forward the indicative certification fee with reasons for the increase above
the estimate and when available, the final fee with reasons for adjustment, if any.
The Chairman stated that the report was pleasing and indicated that the Council was in
a better position than it had been a few years ago.
Audit Committee
2
10 December 2013
6
RESOLVED
That the Annual Audit Letter 2012-13 be noted.
40.
PROGRESS REPORT ON INTERNAL AUDIT ACTIVITY, 1 SEPTEMBER TO 25
NOVEMBER 2013
The Internal Audit Consortium Manager presented the report, which examined
progress made between 1 September and 25 November 2013 in relation to delivery of
the Annual Audit Plan for 2013/14, and included abbreviated management summaries
in respect of the audit reviews which had been finalised in the course of this period.
A total of 6 audit assignments had been processed, and it was noted that all audits
finalised in the period had received a positive assurance. It was also noted that all
audit reports issued so far in the current financial year had resulted in positive
assurances being awarded, which emphasised that the systems of internal control
evaluated to date had been found to be working effectively and efficiently.
The Committee noted that the overall planned audit days for the year had been
reduced from 213 days to 186 days, due to the envisaged Phase 2 element of ad-hoc
work requested by management in relation to the Revenues and Benefits service not
progressing as originally envisaged. Management was re-examining partnership
arrangements with a view to securing savings and efficiencies from service delivery in
the future. In addition, it had been agreed to defer the audit of Development
Management to 2014/15 as there was still considerable work to be done to complete
the Planning Peer Challenge Action Plan before a meaningful audit could be performed
in this service area.
74% of the revised Audit Plan had been completed, which was a significant
achievement and the highest level of all Consortium clients.
The Internal Audit Consortium Manager confirmed that there had been no change in
the assurance levels for Document Imaging and Workflow and Revenues and Benefits
compared to the previous year, as this was not indicated in the report.
In response to a question the Chief Accountant explained that the issue regarding the
frequency of bank reconciliations had now been addressed.
A report on the outcomes of a Computer Audit Needs Assessment would be
considered later in the meeting.
RESOLVED
That the outcomes of the 6 audits completed between 1 September and 25 November
be noted, together with in-year revisions made to the approved Annual Audit Plan for
2013/14 concerning the rescheduling of some reviews and the requirement, endorsed
by management, to defer two pieces of work to 2014/15.
41.
THE STATUS OF AGREED AUDIT RECOMMENDATIONS DUE FOR
IMPLEMENTATION BETWEEN 1 APRIL AND 31 OCTOBER 2013
The Internal Audit Consortium Manager reported on the progress made in
implementing agreed audit recommendations due for completion in the first half of the
financial year.
Audit Committee
3
10 December 2013
7
The Internal Audit Consortium Manager drew attention to one high priority action which
remained outstanding, relating to Housing and Council Tax benefit, and the
explanation contained in Appendix D to the report.
It was noted that the improvement in management responses had continued.
A high percentage of recommendations were being completed within agreed
timeframes. However, the number of outstanding recommendations was beginning to
increase. This remained lower than the comparable period last year but showed a
slight deterioration on the year end position. Internal Audit was working closely with
managers on the agreed actions. Of the 36 outstanding actions agreed with
management following completion of the 2013/14 audit assignments, 22 had not yet
reached the date set for their completion.
The Internal Audit Consortium Manager considered that good progress had been
achieved in relation to the completion of agreed Internal Audit recommendations.
It was noted that the table at Appendix C to the report was incomplete, there being a
total of 8 recommendations to be actioned in respect of IT Security, Procurement and
End User Controls, with a grand total of 14 recommendations to be actioned at 31
October 2013.
RESOLVED
That the management action taken to date regarding the implementation of audit
recommendations be noted.
11.
REVIEW OF THE OUTCOMES OF A RECENTLY PERFORMED COMPUTER AUDIT
NEEDS ASSESSMENT AND ITS IMPACT ON THE STRATEGIC AUDIT PLAN FOR
2013/14
The Internal Audit Consortium Manager reported the outcomes of the Computer Audit
Needs Assessment exercise carried out during September 2013. A programme of
computer audits had been formulated to address areas of risk which had been
identified.
No changes had been sought to the computer audit coverage timetabled for 2013/14,
much of which had already been scheduled with management at the time of
undertaking the assessment. Ten audits had been identified for completion over the
next three years, with a further assessment required in 2016/17 to set a further
programme of IT reviews for successive years.
The current audit contract was due to end in September 2014 and it was therefore
possible that the proposed audits would be revisited by a new contractor and may
change.
There was an ongoing need to revisit agreed actions from previous audit work to
confirm progress made to address internal control weaknesses and/or introduce
enhancements to existing operational arrangements.
Mr D Young expressed concern regarding the reduction in the number of audit days
and the number of audits on the reserve list. The Internal Audit Consortium Manager
explained that it would be unrealistic in terms of cost to include all of the audits in the
Audit Plan. There was a sufficient level of coverage to provide an audit opinion.
Audit Committee
4
10 December 2013
8
In response to a question by the Chairman, the Internal Audit Consortium Manager
stated that all tenderers for the new Internal Audit contract would have sight of the
Audit Plan.
RESOLVED
That the findings of the Computer Audit Needs Assessment be noted and the amended
planned audit coverage for the period 2014/15 to 2016/17 as recorded in the amended
Strategic Audit Plan be approved.
12.
CORPORATE RISK REGISTER
The Chief Accountant stated that the Corporate Risk Register had been considered by
the Performance and Risk Management Board.
The Chief Accountant drew attention to a new risk relating to the downgrading of the
Co-op Bank. Whilst it now appeared that the bank would remain in existence, it had
given notice that it wished to withdraw from local authority funding and would assist if
local authorities wished to end their contracts early. The Head of Finance had been
exploring the possibility of a joint tender with other authorities. In answer to Members’
questions, the Chief Accountant explained the measures which had been put in place
to protect the Council’s financial interests and minimise disruption in the event of the
bank collapsing.
In answer to a question regarding the recent storm surge, the Chief Accountant
considered that the event had reinforced the risks stated and that this matter would be
revisited when the register was next updated.
It was suggested that RAG ratings be used on the summary register as the colours
were lost in monochrome reproduction and, if produced in colour, could be confusing
for colour blind people. It was also suggested that a projector be used during the
meeting for coloured charts.
RESOLVED
That the Corporate Risk Register be noted.
The meeting ended at 3.37 pm.
______________________
Chairman
Audit Committee
5
10 December 2013
9
Agenda Item 6
AUDIT COMMITTEE 10 DECEMBER 2013 – ACTIONS ARISING FROM THE
MINUTES
1. Local Code of
Corporate
Governance and
Annual
Governance
Statement
2012/13
1. Appendix B, section 1.2 possible rewording.
Malcolm Fry
2. Possible inclusion of metrics in the appendix to
support the evidence.
Malcolm Fry
2. Annual Report of
the Monitoring
Officer 2012/13
Comparison of number of complaints to the
Ombudsman in 1012/13 compared to other years to
be supplied to Cllr A Moore.
Malcolm to check with Karen if these have been
actioned.
Malcolm Fry
Information has now been supplied & copied to Audit
Committee members.
3. Pensions
Benchmarking
To be added to the Work Programme as a matter for
review in September.
Linda Yarham
Has been added to work programme.
4. Annual Audit
Letter
1. Use of colour makes the report difficult to read
when reproduced – needs to be addressed.
Aphrodite
Antoniades
2. Indicative certification fee and reasons for
increase above estimate, and final figure with
reasons for any adjustments, to be supplied.
Aphrodite
Antoniades
Information supplied (13/12/13) re indicative fee and
reasons for increase. Confirmation of final fee
awaited.
5. Corporate Risk
Register
Possible use of RAG ratings in summary risk
register.
Karen Sly/
Malcolm Fry
6. Display of
documents at
meetings
Consideration to be given to the display of coloured
charts etc on screen at meetings where appropriate
All
10
Agenda Item 7
AUDIT COMMITTEE WORK PROGRAMME 2013 - 2014
JUNE 2013
SEPTEMBER
2013
DECEMBER
2013
MARCH 2014
PWC
PWC 2012/13
Annual
Governance report
(ISA260)
Annual Audit
Letter (PWC)
Audit Plan (PWC)
(with overview)
Annual Grant
Certification Report
Half yearly
progress
reports on the
overall
performance of
the audit
contract
Quarterly
Summaries of
completed audits
Report on
follow-up work
Computer Audit
Audit Plan
Corporate Risk
Register
Risk Management
Framework
Protocol for liaison
between internal
and external
auditors
Internal Audit
Annual Review of
the Effectiveness
of Internal Audit
Annual Report
and Opinion
Status of agreed
actions
Undertake selfassessment
NNDC
Corporate Risk
Register/ risk
management
framework
Business
Continuity Plan
Review
Quarterly
Summaries of
completed audits
Internal Audit
training
Statement of
Accounts (+
informal training)
Business
Continuity
Monitoring
Officer’s Report
Local Code of
Corporate
Governance and
Action Plan –
update and Annual
Governance
Statement 2012/13
– update
11
Agenda Item 7
AUDIT COMMITTEE WORK PROGRAMME 2013 - 2014
JUNE 2014
SEPTEMBER
2014
DECEMBER
2014
MARCH 2015
PWC
PWC 2012/13
Annual
Governance report
(ISA260)
Annual Audit
Letter (PWC)
Audit Plan (PWC)
(with overview)
Annual Grant
Certification Report
Half yearly
progress
reports on the
overall
performance of
the audit
contract
Quarterly
Summaries of
completed audits
Report on
follow-up work
Audit Plan
Protocol for liaison
between internal
and external
auditors
Internal Audit
Annual Review of
the Effectiveness
of Internal Audit
Annual Report
and Opinion
Status of agreed
actions
Undertake selfassessment
NNDC
Corporate Risk
Register/ risk
management
framework
Business
Continuity Plan
Review
Quarterly
Summaries of
completed audits
Internal Audit
training
Statement of
Accounts (+
informal training)
Business
Continuity
Monitoring
Officer’s Report
Local Code of
Corporate
Governance and
Action Plan –
update and Annual
Governance
Statement 2012/13
– update
Review of
Pensions liability
12
Corporate Risk
Register
Risk Management
Framework
www.pwc.co.uk
Annual Certification Report
to those charged with governance
2012/13
Government and
Public Sector –
Annual Certification
Report to those
charged with
governance
North Norfolk District Council
February 2014
13
The Members of the Audit Committee
Council Offices
Holt Road
Cromer
Norfolk
NR27 9EN
February 2014
Ladies and Gentlemen
Annual Certification Report (2012/13)
We are pleased to present our Annual Certification Report which provides members of the Audit
Committee with a high level overview of the results of certification work we have undertaken at North
Norfolk District Council in 2012/13.
We have also summarised our fees for 2012/13 certification work in Appendix A.
Results of Certification work
For the period ended 31 March 2013 we certified two claims and returns worth a final net total of
£58,386,555. Both were amended following certification work and both also required a qualification
letter to set out matters arising. We set out further details in the attached report.
We identified a number of matters relating to the Council’s arrangements for preparation of claims
and returns during the course of our work, some of which were of a minor nature. The most
important of these matters have been brought to your attention in this report.
We ask the Audit Committee to consider:

the adequacy of the proposed management action plan for 2012/13 set out in Appendix B,
and;

the adequacy of progress made in implementing the prior year action plan in Appendix C.
Yours faithfully
PricewaterhouseCoopers LLP
PricewaterhouseCoopers LLP, 2nd Floor, 3 St James Court, Whitefriars, Norwich, NR3 1RJ
T: +44 (0) 1603 615244, F: +44 (0) 1603 631060, www.pwc.co.uk
PricewaterhouseCoopers LLP is a limited liability partnership registered in England with registered number OC303525. The registered office of PricewaterhouseCoopers
LLP is 1 Embankment Place, London WC2N 6RH. PricewaterhouseCoopers LLP is authorised and regulated by the Financial Services Authority for designated
investment business.
14
Table of Contents
Introduction
4
Scope of work
4
Statement of Responsibilities of Grant-Paying Bodies, Authorities, the Audit Commission and Appointed Auditors in
Relation to Claims and Returns
4
Code of Audit Practice and Statement of Responsibilities of Auditors and of Audited Bodies
4
Results of Certification Work
5
Claims and returns certified
6
Matters arising
6
National Non-Domestic Rates Return
6
Housing and Council Tax Benefits Scheme 2012/13
7
Appendix A
9
Certification Fees
9
Appendix B
10
2012/13 Management Action Plan
10
Appendix C
12
2011/12 Management Action Plan – Progress made
12
Glossary
13
PwC
3
15
Introduction
Scope of work
Grant-paying bodies pay billions of pounds in subsidies and grants each year to local authorities and often require certification, by an
appropriately qualified auditor, of the claims and returns submitted to them. Certification work is not an audit but a different kind of assurance
engagement which reaches a conclusion but does not express an opinion. This involves applying prescribed tests, as set out within Certification
Instructions (“CIs”) issued to us by the Audit Commission, which are designed to give reasonable assurance that claims and returns are fairly
stated and in accordance with specified terms and conditions; where this is not the case matters are raised in a ‘qualification letter’.
The Audit Commission is required by law to make certification arrangements for grant-paying bodies when requested to do so and sets thresholds
for claim and return certification, as well as the prescribed tests which we as local government appointed auditors must undertake. We certify
claims and returns as they arise throughout the year to meet the certified claim/return submission deadlines set by grant-paying bodies. Our role
is to act as ‘agents’ of the Audit Commission when undertaking certification work; certification work is not an audit but a different form of
assurance engagement, the precise nature of which will vary according to the claim or return; we are required to carry out work and complete the
auditor certificate in accordance with the arrangements and requirements set by the Commission.
We consider the results of certification work when performing other Code of Audit Practice work at the Authority, including for our conclusions
on the financial statements and on value for money.
Statement of Responsibilities of Grant-Paying Bodies, Authorities, the Audit Commission and Appointed Auditors in
Relation to Claims and Returns
In November 2010 the Audit Commission updated the ‘Statement of Responsibilities of Grant-Paying Bodies, Authorities, the Audit Commission
and Appointed Auditors in Relation to Claims and Returns’. This is available from the Audit Commission’s website. The purpose of this Statement
is to summarise the Audit Commission's framework for making certification arrangements and to assist grant-paying bodies, authorities, and the
Audit Commission’s appointed auditors by summarising their respective responsibilities and explaining where their different responsibilities
begin and end.
Code of Audit Practice and Statement of Responsibilities of Auditors and of Audited Bodies
In March 2010 the Audit Commission issued a revised version of the ‘Statement of Responsibilities of Auditors and of Audited Bodies’. It is
available from the Chief Executive of each audited body and on the Audit Commission’s website. The purpose of the Statement is to assist auditors
and audited bodies by explaining where the responsibilities of auditors begin and end and what is to be expected of the audited body in certain
areas. Reports and letters prepared by appointed auditors and addressed to members or officers are prepared for the sole use of the audited body
and no responsibility is taken by auditors to any member or officer in their individual capacity or to any third party.
PwC
4
16
Results of Certification Work
PwC
5
17
Results of Certification Work
Claims and returns certified
A summary of the claims and returns certified during the year is set out in the table below. In both cases a qualification letter was required to set
out matters arising from the certification of the claim/return. Both claims were also amended following the certification work undertaken. All
deadlines for submission of certified claims/returns were met. Fee information for the claims and returns is summarised in Appendix A.
Claims and returns certified in 2012/13
CI Reference
Scheme Title
Form
Original
Value (£)
Final Value
(£)
Amendment
Qualification
BEN01
Housing and Council Tax
Benefits Scheme
MPF720A
36,344,709
36,343,959
Yes
Yes
LA01
National Non Domestic
Rates Return
NNDR3
22,041,846
22,041,846
Yes
Yes
Matters arising
The most important matters we identified through our certification work are summarised below.
National Non-Domestic Rates Return
Through our work on this return we identified that the return was signed and sent to DCLG on 12 July 2013. This is after the deadline of 28 June
2013 per the CI and as a result we were required to report this matter to the CLG in our qualification letter. Whilst this matter did not impact our
certification of the claim within the required timescale, the Council should ensure that the form is submitted in a timely manner going forward.
CI Test 8 requires us to consider whether all Valuation Office (VO) directions received on or before 31 January 2013 have been taken into account.
The Council can also take account of directions received after that date. The Council’s original claim disclosed 28 March 2013 as the date the latest
information was taken into account when calculating the contribution to the NNDR pool. Our work identified that VO directions up to 27
February 2013 had been taken into account. The claim was updated to reflect this revised date.
PwC
6
18
CI Test 4 requires us to confirm that all entries on the return and supporting working papers agree with underlying records. Testing identified
some discrepancies between the total amount per the return and Civica (the Council’s NNDR information system) depending on which system
report (the financial control account report or another, more detailed report) is used. The financial control account report was used to compile the
claim form. We highlighted the discrepancies between the two reports and the return within our qualification letter.
Housing and Council Tax Benefits Scheme 2012/13
Our testing identified a number of errors in relation to the Council’s compliance with Housing and Council Tax Benefit regulations. In a number
of cases, it was possible to quantify these errors and make appropriate amendments to the claim form.
However, we also reported a number of matters to the DWP in a qualification letter where no amendment could be agreed which would be
representative of the whole population.
In summary, the matters related to:

Incorrect earning calculations used (1 case from total sample of 20);

Incorrect Child Tax credit calculations used (1 case from total sample of 20);

Incorrect useage of non dependent deductions (2 cases from total sample of 20); and

Expenditure misclassification (4 cases from total sample of 40).
The majority of these error types were also identified in previous years.
Extended (“40+”) testing was performed in relation to the above errors, and also upon errors identified within the prior year testing but not noted
within the current year testing, as required by CI. The extended testing was performed this year by the Council with a sample of the testing
reperformed by us to ensure the quality of the work. This approach is also in accordance with the CI. We are pleased to report that the Council’s
testing was of appropriate quality.
The extended testing identified further errors as follows:

Misclassification of reason for the overpayment of benefits (24 cases from a total sample of 80); and

Incorrect assessment of claimant income (27 cases from a total sample of 92).
Whilst we recognise the complexity of this particular claim, it is recommended that additional training is instigated for relevant personnel to avoid
continuing issues.
PwC
7
19
Appendices
PwC
8
20
Appendix A
Certification Fees
The fees for certification of each claim/return are set out below:
Claim/Return
2012/13
(£)
2011/12
(£)
BEN01 Housing and Council Tax
Benefits Scheme
42,627*
56,065
-
2,700
2,600
No CI Part B testing was required to be carried out in 2011/12.
This reduced the fee for that particular year.
45,327
58,665
LA01 National Non Domestic Return
(NNDR)
Total
Comment
* Included in this fee is an additional fee of £9,327 which has been agreed with Council officers. This fee has arisen as a result of the extended
testing we needed to perform in respect of the certification and the additional work required as a result of the Council’s change in the IT system
responsible for the processing of housing and council tax benefits during the year. As at 13 February 2014, we are awaiting final Audit Commission
approval for this fee, in accordance with the protocol for external audit fees agreed with the Audit Commission.
These fees reflect the Council’s current performance and arrangements for certification.
It should be noted that the Audit Commission updated the fee approach for certification in 2012/13. This applied a 40% discount to the 2010/11
billed fee and required external auditors to agree fees that were higher than this level with the Audit Commission, as well as the audited body.
The Council could improve its performance by:

reviewing the final claim / return against supporting working papers to ensure there are no discrepancies;

reviewing guidance issued by the grant paying body in relation to the claim / return and completion; and

ensuring the adequacy of evidence to support the claim / return entries.
We will continue to seek ways in which we can improve the overall level of liaison with senior officers regarding the progress of certification work,
time and issues.
PwC
9
21
Appendix B
2012/13 Management Action Plan
Claim/Return
Housing and
Council Tax
Benefits Subsidy
(BEN01)
Issue
Errors in the assessment of claims
were identified including:

Expenditure misclassification;

Incorrect application of child
tax credits;

Incorrect application of non
dependent deductions; and

Incorrect claimant income
calculations.
Recommendation
The Council should consider
why the errors identified in our
testing occurred on a case-bycase basis and implement
corrective measures as
appropriate. This may include
claim assessor training, further
guidance material and
increased level of review of
applicable case assessments.
Management Response
It should be noted that 12/13
was the first year following the
implementation of the
replacement revenues &
benefits system and workflow.
It was identified that there was
some additional training that
was necessary for staff to
understand some of the new
functionality/application of the
new system. This has now been
delivered in conjunction with
overpayment classification
training. Claims go through a
quality assurance check and
training issues are identified
and addressed.
The Council request that the
level of error be considered in
light of a total subsidy claim of
£36m.
PwC
22
Responsibility
(implementation date)
Louise Wolsey (Revenues &
Benefits Manager)
Ongoing QA and training
National Non
Domestic Rates
Return (LA01)
The Council is required to provide
the original signed hard-copy of the
return to the auditors for
certification by 28 June 2013. This
was not received until 12 July 2013.
All hard-copy claims and
returns should be submitted to
the appointed auditor for
certification in accordance
with the certification
instruction.
It should be noted that 12/13
was the first year following the
implementation of the
replacement revenues &
benefits system and workflow.
The authority considered it
appropriate to delay submission
(which was notified to DCLG)
and return an accurate form
rather than an inaccurate form.
The new reports and the need to
reconcile two systems
significantly contributed to the
delay.
Karen Sly (Head of Financial
Services)
Louise Wolsey (Revenues &
Benefits Manager)
We agree claims should be
submitted within deadlines.
The return did not accurately reflect
the last date from which Valuation
Office directions were taken into
account when calculating the
contribution to the NNDR pool.
The date of the last VO
direction incorporated into the
calculation of the NNDR pool
contribution should be
disclosed within the Return.
Agreed
Sean Knight (Revenues
Manager)
Although the return reconciled to the
financial control report produced by
Civica, the Council’s NNDR system,
this report did not match a more
detailed report produced by Civica.
As a result, we raised this matter in
our qualification letter. The
discrepancies may have been as a
result of the change in IT systems
during the financial year.
The Council should identify
whether the discrepancies
between the Civica reports are
on-going. If so, the reasons for
the differences should be
investigated and resolved, in
conjunction with Civica, prior
to the 2013/14 return
compilation, submission and
certification process.
It should be noted that 12/13
was the first year following the
implementation of the
replacement revenues &
benefits system and workflow.
Sean Knight (Revenues
Manager)
PwC
23
The discrepancies were as a
result of the need to reconcile
the two systems. Work has been
done to fully understand the
Civca reports contributing to
the return and parameters etc.
amended as required.
Appendix C
2011/12 Management Action Plan – Progress made
Claim/Return Issue
Recommendation
Management response
Responsibility
(Implementati
on date)
All hard-copy claims and
returns should be submitted
to the appointed auditor for
certification in accordance
with the certification
instructions.
This is acknowledged,
however due to delays in
receiving and implementing
software releases this has
meant there has been some
delay.
Revenues and
Cleared
Benefits Manager
(30/04/2013)
We recommend that the
Authority considers why the
errors identified in our
testing occurred on a caseby-case basis and implement
corrective measures as
appropriate.
This recommendation has
Revenues and
Ongoing
been noted. Training is onBenefits Manager
going for Benefit Assessors
(on-going)
and it is anticipated that with
the implementation of the new
software that user error will be
reduced.
(deadline)
Housing and
Council Tax
Benefits Subsidy
(BEN01)
Final claims on form MPF720A are to
be completed and sent to DWP and to
the auditor appointed by the Audit
Commission by 30 April 2012.
PwC did not receive a hard copy of the
claim form; however this did not
prevent us from starting our work as
agreed.
Housing and
Errors were identified including:
Council Tax
 Expenditure misclassification;
Benefits Subsidy
(BEN01)
 Incorrect application of service
charges;

Incorrect entry of data into the
subsidy form;

Data input incorrectly into the
calculation of benefit resulting
in under / overpayment of
benefit; and
Insufficient documentation maintained
on file to support benefit assessment.
PwC
24
Recommendation
Status
Glossary
Audit Commission Definitions for Certification work
Abbreviations used in certification work are:‘appointed auditor’ is the auditor appointed by the Audit Commission under section 3 of
‘claims’ includes claims for grant or subsidies and for contractual payments due under agency
the Audit Commission Act 1998 to audit an authority’s accounts who, for the purpose of
certifying claims and returns under section 28 of the Act, acts as an agent of the Commission. In
this capacity, whilst qualified to act as an independent external auditor, the appointed auditor
acts as a professional accountant undertaking an assurance engagement governed by the
Commission’s certification instruction arrangements;
agreements, co-financing schemes or otherwise;
‘assurance engagement’ is an engagement performed by a professional accountant in
‘Commission’ refers to either the Audit Commission or the Grants Team of the Audit Policy
which a subject matter that is the responsibility of another party is evaluated or measured
against identified suitable criteria, with the objective of expressing a conclusion that provides
the intended user with reasonable assurance about that subject matter;
and Regulation Directorate of the Commission which is responsible for making certification
arrangements and for all liaison with grant-paying bodies and auditors on certification issues;
‘auditor’ is a person carrying out the detailed checking of claims and returns on behalf of the
‘grant-paying bodies’ includes government departments, public authorities, directorates
appointed auditor, in accordance with the Commission’s and appointed auditor’s scheme of
delegation;
and related agencies, requiring authorities to complete claims and returns;
‘authorities’ means all bodies whose auditors are appointed under the Audit Commission
‘returns’ are either:
Act 1998, which have requested the certification of claims and returns under section 28(1) of
that Act;
-
returns in respect of grant which do not constitute a claim, for example, statements of
expenditure from which the grant-paying body may determine grant entitlement; or
returns other than those in respect of grant, which must or may be certified by the
appointed auditor, or under arrangements made by the Commission;
‘certification instructions’ (‘CIs’) are written instructions from the Commission to
‘Statement’ is the Statement of responsibilities of grant-paying bodies, authorities, the
appointed auditors on the certification of claims and returns;
Audit Commission and appointed auditors in relation to claims and returns, available from
www.audit-commission.gov.uk;
‘certify’ means the completion of the certificate on a claim or return by the appointed auditor
‘underlying records’ are the accounts, data and other working papers supporting entries
in accordance with arrangements made by the Commission;
on a claim or return.
PwC
25
This document has been prepared for the intended recipients only. To the extent permitted by law, PricewaterhouseCoopers LLP does not accept or assume any liability, responsibility or duty of
care for any use of or reliance on this document by anyone, other than (i) the intended recipient to the extent agreed in the relevant contract for the matter to which this document relates (if any),
or (ii) as expressly agreed by PricewaterhouseCoopers LLP at its sole discretion in writing in advance.
© 2014 PricewaterhouseCoopers LLP. All rights reserved. 'PricewaterhouseCoopers' refers to PricewaterhouseCoopers LLP (a limited liability partnership in the United Kingdom) or, as the
context requires, other member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity.
PwC
26
www.pwc.co.uk
North Norfolk District
Council
External Audit Plan 2013/14
Government and
Public Sector
March 2014
27
Contents
Code of Audit Practice and
Statement of Responsibilities
of Auditors and of Audited
Bodies
In April 2010 the Audit Commission
issued a revised version of the
‘Statement of responsibilities of
auditors and of audited bodies’. It is
available from the Chief Executive
of each audited body. The purpose
of the statement is to assist auditors
and audited bodies by explaining
where the responsibilities of
auditors begin and end and what is
to be expected of the audited body in
certain areas. Our reports and
management letters are prepared in
the context of this Statement.
Reports and letters prepared by
appointed auditors and addressed
to members or officers are prepared
for the sole use of the audited body
and no responsibility is taken by
auditors to any Member or officer
in their individual capacity or to
any third party.
Executive summary
2
Audit approach
3
Risk of fraud
10
Your PwC team
12
Your audit fees
13
Appendices
14
Appendix A: Independence threats and safeguards
15
Appendix B: Communications Plan
17
Appendix C: Recent developments
18
Appendix D: Audit quality
19
Appendix E: Other engagement information
23
PwC  Contents
North Norfolk District Council
28
Executive summary
Background
Our Responsibilities
We have prepared this audit plan to provide the Audit
Committee of North Norfolk District Council (the ‘Council’)
with information about our responsibilities as external
auditors and how we plan to discharge them for the audit of
the financial year ended 31 March 2014.
Our responsibilities are as follows:
Framework for our audit
Report to the National Audit Office on the accuracy of the
consolidation pack the Council is required to prepare for the
Whole of Government Accounts.
We are appointed as your auditors by the Audit Commission
as part of a national framework contract and consequently
we are required to incorporate the requirements of the Audit
Commission Act 1998 and the Code of Audit Practice 2010
for local government bodies (the ‘Audit Code’) as well as the
requirements of International Standards on Auditing (UK &
Ireland) (‘ISAs’).
The remainder of this document sets out how we will
discharge these responsibilities and we welcome any
feedback or comments that you may have on our approach.
We look forward to discussing our report with you on 17
March. Attending the meeting from PwC will be Julian
Rickett and Aphrodite Antoniades.
Perform an audit of the accounts in accordance with the
Auditing Practice Board’s International Standards on Auditing
(ISAs (UK&I)).
Form a conclusion on the arrangements the Council has made
for securing economy, efficiency and effectiveness in its use of
resources.
Consider the completeness of disclosures in the Council’s
annual governance statement, identify any inconsistencies with
the other information of which we are aware from ourwork
and consider whether it complies with CIPFA / SOLACE
guidance.
Consider whether, in the public interest, we should make a
report on any matter coming to our notice in the course of the
audit.
Determine whether any other action should be taken in relation
to our other responsibilities under the Audit Commission Act.
Issue a certificate that we have completed the audit in
accordance with the requirements of the Audit Commission Act
1998 and the Code of Practice issued by the Audit Commission.
PwC  2
North Norfolk District Council
29
Our audit engagement begins
with an evaluation of the
Council on our ‘acceptance &
continuance database’ which
highlights an overall
engagement risk score and
highlights areas of heightened
risk.
Audit approach
Our audit is risk based which means that we focus on the areas that matter. We have carried out a risk assessment for 2013/14
prior to considering the impact of controls, as required by auditing standards, which also draws on our understanding of your
business.
We determine if risks are significant, elevated or normal and whether we are concerned with fraud, error or judgement as this
helps to drive the design of our testing procedures:

Significant
Those risks with the highest potential for material misstatement due to a combination of their size, nature and
likelihood and which, in our judgement, require specific audit consideration.

Elevated
Although not considered significant, the nature of the balance/area requires specific consideration.
The table below highlights all risks which we consider to be either significant or elevated in relation to our audit for the year
ended 31 March 2014.
PwC  3
North Norfolk District Council
30
Main Council Audit
Risk
Categorisation
Audit approach
Management override of
controls
ISA (UK&I) 240 requires that we plan
our audit work to consider the risk of
fraud, which is presumed to be a
significant risk in any audit. In every
organisation, management may be in
a position to override the routine day
to day financial controls.
Accordingly, for all of our audits, we
consider this risk and adapt our audit
procedures accordingly.
Significant 
As part of our assessment of your control environment we will
consider those areas where management could use discretion
outside of the financial controls in place to misstate the financial
statements.
We will perform procedures to:
- Review the appropriateness of accounting policies and estimation
bases, focusing on any changes not driven by amendments to
reporting standards;
- Test the appropriateness of journal entries and other year-end
adjustments, targeting higher risk items such as those that affect
the reported deficit/surplus;
- Review accounting estimates for bias and evaluate whether
judgment and estimates used are reasonable (for example pension
scheme assumptions, valuation and impairment assumptions);
- Evaluate the business rationale underlying significant
transactions outside the normal course of business; and
- Perform unpredictable procedures targeted on fraud risks.
We may perform other audit procedures if necessary.
Risk of fraud in revenue and
expenditure recognition
Under ISA (UK&I) 240 there is a
presumption that there are risks of
fraud in revenue recognition.
Significant 
We will obtain an understanding of revenue and expenditure
controls.
We will evaluate and test the accounting policy for income and
expenditure recognition to ensure that this is consistent with the
requirements of the Code of Practice on Local Authority
Accounting.
We extend this presumption to the
recognition of expenditure in local
government.
We will also perform detailed testing of revenue and expenditure
transactions, focussing on the areas we consider to be of greatest
risk.
PwC  4
North Norfolk District Council
31
Risk
Categorisation
Audit approach
Valuation: Property, Plant and
Equipment
Elevated 
Property, plant and equipment (PPE) represents the largest
balance in the Council’s balance sheet. The Council measures its
properties at fair value involving a range of assumptions and the
use of external valuation expertise. ISAs (UK&I) 500 and 540
require us, respectively, to undertake certain procedures on the
use of external expert valuers and processes and assumptions
underlying fair value estimates.
Property, Plant and Equipment is the
largest figure on your Balance Sheet.
Economic conditions continue to be
uncertain, which has a potential
impact upon the valuation of your
property, plant and equipment. The
Authority is required to assess the
fair value of all of its assets every
year.
Specific areas of risk include:

The accuracy and completeness of detailed information on
assets.

Whether the Council’s assumptions underlying the
classification of properties are appropriate.

Whether properties that are not programmed to be revalued
in the year might have undergone material changes in their
fair value.

The valuer’s methodology, assumptions and underlying data,
and our access to these.
Where asset valuations are undertaken in-year we will:

agree the source data used by your valuer to supporting
records.

assess the work of your Valuer through use of our own
internal specialists where required; and

agree the outputs to your Fixed Asset Register and accounts.
Where any changes to valuation bases are proposed we will work
with you to understand and evaluate the rationale you are using on
a timely basis.
Where assets are not re-valued in year, we will review your
impairment assessment and evaluation as to whether your assets
are held at an appropriate value in your accounts at the year-end.
PwC  5
North Norfolk District Council
32
Risk
Categorisation
Savings Requirements including
localisation of
business rates and council tax
benefit
The Council continues to need to
achieve significant savings to meet its
medium term financial plan,
following a reduction in central
government funding.
Elevated 
Audit approach
We will review your savings plan, understand how the Council
manages the plan, and the reasons behind any significant
variations from the plan.
We will specifically consider:

your record in delivering savings;

the governance structure in place to deliver the targets
(including extent of member involvement);

the level and extent of accountability;

monitoring and reporting; and

progress on delivering the plan.
We will consider the accounting implications of your savings plans
and would welcome early discussion of any new and unusual
proposals. In particular, we will consider the impact of the
efficiency challenge on the recognition of both income and
expenditure.
PwC  6
North Norfolk District Council
33
Overall Materiality (prior
year): £1,241,000
Intelligent scoping
Materiality
Triviality (prior year):
£50,000
£
Overall materiality
1,241,000
Clearly trivial reporting de
minimis
50,000
We set overall materiality to assist our planning of the overall
audit strategy and to assess the impact of any adjustments
identified.
Overall materiality has been set at 2% of prior year
expenditure for the year ended 31 March 2013. We will
update this assessment as necessary in light of the Council’s
actual results for the year ending 31 March 2014.
ISA (UK&I) 450 (revised) requires that we record all
misstatements identified except those which are “clearly
trivial” i.e. those which we do expect not to have a material
effect on the financial statements even if accumulated. We
would like to seek the Audit Committee’s views on this de
minimis threshold.
PwC  7
North Norfolk District Council
34
Robust Testing
The Audit Commission guidance includes two criteria:
Where we do our work

As previously mentioned our audit is risk based which means
we focus our work on those areas which, in our judgement,
are most likely to lead to a material misstatement. In
summary, we will:





Consider the key risks arising from internal
developments and external factors such as policy,
regulatory or accounting changes;
Consider the robustness of the control environment,
including the governance structure, the operating
environment, the information systems and processes
and the financial reporting procedures in operation;
Understand the control activities operating over key
financial cycles which affect the production of the yearend financial statements;
Validate key controls relevant to the audit approach; and
Perform substantive testing on transactions and
balances as required.
When we do our work
Our audit is designed to quickly consider and evaluate the
impact of issues arising to ensure that we deliver a no
surprises audit at year-end. This involves early testing at an
interim stage and open and timely communication with
management to ensure that we meet all statutory reporting
deadlines. We engage early, enabling us to debate issues with
you. We have summarised our formal communications plan
in Appendix B.
Value for Money Work
Our value for money code responsibility requires us to carry
out sufficient and relevant work in order to conclude on
whether the Council has put in place proper arrangements to
secure economy, efficiency and effectiveness in the use of
resources.

The organisation has proper arrangements in place for
securing financial resilience; and
The organisation has proper arrangements for
challenging how it secures economy, efficiency and
effectiveness.
We determine a local programme of audit work based on our
audit risk assessment, informed by these criteria and our
statutory responsibilities.
Annual Governance Statement
Local Authorities are required to produce an Annual
Governance Statement (AGS), which is consistent with
guidance issued by CIPFA / SOLACE: “Delivering Good
Governance in Local Government”. The AGS is required to be
presented by the Council with the Statement of Accounts.
We will review the AGS to consider whether it complies with
the CIPFA / SOLACE “Delivering Good Governance in Local
Government” framework and whether it is misleading or
inconsistent with other information known to us from our
audit work.
Whole of Government Accounts
We are required to examine the Whole of Government
Accounts schedules submitted to the Department for
Communities and Local Government and issue an opinion
stating in our view if they are consistent or inconsistent with
the Statement of Accounts.
Meaningful conclusions
We believe fundamentally in the value of the audit and that
audits need to be designed to be valuable to our clients to
properly fulfil our role as auditors.
PwC  8
North Norfolk District Council
35
In designing the Council’s audit, our primary objective is to
form an independent audit opinion on the financial
statements; however, we also aim to provide insight.
out some recent developments in Appendix C and we will
provide other insights and observations to you in our audit
reports throughout the year.
Audit value comes from the same source as audit quality so
the work that we do in support of our audit opinion also
means that we should be giving you value through our
observations, recommendations and insights. We have set
We have also developed a Local Government Centre of
Excellence which supports your audit team in all aspects of
the audit, including sharing insight and observations gained
from audit teams across the country.
PwC  9
North Norfolk District Council
36
As part of the audit
engagement, per ISA 240, we
are required to consider the
risk of fraud throughout the
audit and to communicate
with management and those
charged with governance.
Risk of fraud
International Standards on Auditing (UK&I) state that we, as auditors, are responsible for obtaining reasonable assurance that
the financial statements taken as a whole are free from material misstatement, whether caused by fraud or error. The
respective responsibilities of auditors, management and those charged with governance are summarised below:
Auditors’ responsibility
Management’s responsibility
Responsibility of the Audit Committee
Our objectives are:
Management’s responsibilities in relation to
fraud are:
Your responsibility as part of your
governance role is:





To identify and assess the risks of
material misstatement of the
financial statements due to fraud;
To obtain sufficient appropriate
audit evidence regarding the
assessed risks of material
misstatement due to fraud, through
designing and implementing
appropriate responses; and
To respond appropriately to fraud
or suspected fraud identified during
the audit.


To design and implement programmes
and controls to prevent, deter and
detect fraud;
To ensure that the entity’s culture and
environment promote ethical
behaviour; and
To perform a risk assessment that
specifically includes the risk of fraud
addressing incentives and pressures,
opportunities, and attitudes
and rationalisation.

To evaluate management’s
identification of fraud risk,
implementation of anti-fraud
measures and creation of
appropriate ‘tone at the top’; and
To ensure any alleged or suspected
instances of fraud brought to your
attention are investigated
appropriately.
PwC  10
North Norfolk District Council
37
Conditions under which fraud may occur
Your views on fraud
We enquire of the Audit Committee:




Whether you have knowledge of fraud, either actual, suspected or alleged, including those involving management?
What fraud detection or prevention measures (e.g. whistleblower lines) are in place in the entity?
What role you have in relation to fraud?
What protocols / procedures have been established between those charged with governance and management to keep you
informed of instances of fraud, either actual, suspected or alleged?
PwC  11
North Norfolk District Council
38
The engagement team has
been drawn from our
government and public sector
team based on the South East.
Your PwC team
The individuals in your PwC team have been selected to bring
you extensive audit experience from working with Local
Authorities, the wider public sector and the commercial
sector. We also recognise that continuity in the audit team is
important to you and the senior members of our team are
committed to developing longer term relationships with you.
The core members of your audit team are:
Audit Team
Responsibilities
Engagement Leader
Engagement Leader responsible
for independently delivering the
audit in line with the Audit Code
(including agreeing the Audit
Plan, ISA 260 Report to Those
Charged with Governance and
the Annual Audit Letter), quality
of outputs and signing of
opinions and conclusions. Also
responsible for liaison with the
Chief Executive and the
Members.
Julian Rickett
01603 883321
Engagement Manager
Aphrodite Antoniades
01603 883170
Team Leader
Louise Shaw
01603 883039
Responsible for leading the
field team, including the audit
of the statement of accounts,
and governance aspects of our
work. Regular liaison with the
finance team.
Manager on the assignment
responsible for overall control of
the audit engagement, ensuring
delivery to timetable, delivery
and management of targeted
work and overall review of audit
outputs. Completion of the Audit
Plan, ISA 260 Report and
Annual Audit Letter.
PwC  12
North Norfolk District Council
39
Fees for the engagement are
set out in line with the
indicative scale fees set by the
Audit Commission.
Your audit fees
The Audit Commission has provided indicative scale fees for
Local Authorities for the year ended 31 March 2014. No
changes to the work programme have been proposed
therefore scale audit fees for have been set at the same level
as the fees applicable for 2012/13.
Our indicative audit fee, as agreed in our audit fee letter
dated 09 April 2013, compared to the actual fee for 2012/13
is as follows:
Audit fee
Actual
fee
2011/12
Actual
fee
2012/13
Indicative
fee
2013/14
£
£
£
Audit work performed under
the Code of Audit Practice
118,750
74,350*
71,250
Certification of Claims and
Returns
59,040
45,327**
33,600
Total Audit Code work
177,415
119,677
104,850
0
0
0
177,415
119,677
104,850
- Whole of Government Accounts
Planned non-audit work
Total fees






- Statement of Accounts
- Conclusion on the ability of the
organisation to secure proper
arrangements for the economy,
efficiency and effectiveness in its
use of resources
We have based the fee level on the following assumptions:
* An additional £3,100 is included within the fee as was approved by the
Audit Commission for additional IT work on Revenues and Benefits.
** Included in the Certification fee is an additional fee of £9,327 which has
been agreed with Council officers. This fee has arisen as a result of the
extended testing we needed to perform in respect of the housing and council
tax benefits claim. We are currently waiting for Audit Commission approval
for this.
Officers meeting the timetable of deliverables, which we
will agree in writing;
We are able to use, as planned, the work of internal
audit;
We do not review more than 3 iterations of the
statement of accounts;
We are able to obtain assurance from your management
controls;
No significant changes being made by the Audit
Commission to the local value for money work
requirements; and
Our value for money conclusion and accounts opinion
being unqualified.
If these prove to be unfounded, we will seek a variation order
to the agreed fee, to be discussed and agreed in advance with
you and the Audit Commission.
We anticipate that the Audit Commission will reduce the
certification arrangements for the Housing and Council Tax
Benefit Grant Claim to reflect the fact that arrangements for
Council Tax Benefits have been localised in 2013/14. We also
anticipate that the LA01 (National Non Domestic Rates)
claim will no longer require certification given the
localisation of Business Rates. We therefore expect that we
will need to obtain audit comfort over Council Tax Benefit
expenditure and Business Rates income in the statement of
accounts from additional audit procedures over these items.
We anticipate this will increase the proposed fee however we
will update the Audit Committee regarding the impact of this
on our audit fee for the Statement of Accounts once we have
understood and considered the impact on our work.
PwC  13
North Norfolk District Council
40
Appendices
PwC  14
North Norfolk District Council
41
We have assessed the
independence of our team and
found no issues.
Appendix A: Independence threats and
safeguards
At the beginning of our audit process we are required to assess our independence as your external auditor. We have made
enquiries of all PwC teams providing services to you and of those responsible in the UK Firm for compliance matters and there
are no matters which we perceive may impact our independence and objectivity of the audit team.
Other services
Support provided by PwC
Value
Certification of claims and returns
Threats to independence and safeguards in place
Self Review Threat: The audit team will conduct the grant
certification and this has arisen due to our appointment as external
auditors.
There is no self review threat as we are certifying management
completed grant returns and claims.
Self Interest Threat: As a firm, we have no financial or other
interest in the results of the Council.
We have concluded that this work does not pose a self interest threat.
Management Threat: PwC is not required to take any decisions on
behalf of management as part of this work.
Advocacy Threat: We will not be acting for, or alongside,
management and we have therefore concluded that this work does not
pose an advocacy threat.
Familiarity Threat: Work complements our external audit
appointment and does not present a familiarity threat.
Intimidation Threat: We have concluded that this work does not
pose an intimidation threat as all officers and members have
conducted themselves with utmost integrity and professionalism
PwC  15
North Norfolk District Council
42
Relationships and Investments
Senior officers should not seek or receive personal financial or tax advice from PwC. Non-executives who receive such advice
from us (perhaps in connection with employment by a client of the firm) or who also act as director for another audit or
advisory client of the firm should notify us, so that we can put appropriate conflict management arrangements in place.
Therefore at the date of this plan we confirm that in our professional judgement, we are independent accountants with respect
to the Council, within the meaning of UK regulatory and professional requirements and that the objectivity of the audit team
is not impaired.
PwC  16
North Norfolk District Council
43
Appendix B: Communications Plan
Planning (February)
Discussion of business risks with
key management and plan detailed
audit approach
Detailed planning meetings with
Finance, HR and IT.
Audit strategy and timetable
agreed with management
Presentation of the
audit strategy to those
charged with
governance
Interim (April)
Update understanding of key
processes and controls
Key accounting and audit
findings/significant
deficiencies in internal
control identified,
discussed and resolved
Early substantive
testing
Update our
planning work
Audit
Cycle
Completion
(August/September)
Management letter to the
Audit Committee including
report on significant
deficiencies in internal control.
Statutory audit opinions
Representation Letter
Annual Audit Letter
Year end audit
(July/August)
Detailed audit
testing
• Review of financial
statements
Clearance meetings with
management
Continuous Communication
• Continuous proactive discussion of issues as and when they arise; ‘no
surprises’
• Continuous evaluation and improvement of the audit
• Bringing you experience of sector and best practice
PwC  17
North Norfolk District Council
44
Appendix C: Recent developments
strategic ambition and purpose and serve to influence
decisions and behaviour within the organisation.
The Future of Government
The Local State We’re In
Delivering on the Citizen Promise
In the face of recurrent budget cuts to reduce fiscal deficits in
many countries, affordable government has become the
watchword. This means doing more for less – meeting rising
citizens’ expectations by doing things differently to deliver
services more effectively and efficiently.
Where Next for public services?
Public sector organisations need to re-evaluate their purpose
and role and decide if current visions and missions, and ways
of operating to achieve them, are relevant enough to ride the
waves of these shifts, or be overwhelmed by them.
Government and public sector organisations will also need to
respond to these shifts proactively and pre-emptively, to
avoid falling one or more steps behind.
What guides and shapes the future public body?
As such, tomorrow’s public bodies need to navigate
themselves by first formulating a strong and clear vision and
mission. Together, these will capture the organisation’s
Over the past few years, local government has demonstrated
its ability to deliver ambitious and far reaching savings
programmes. While council Chief Executives are still holding
on to their confidence in meeting savings targets for 2013/14,
our third annual local government survey shows that
confidence in being able to protect services as well has fallen
by 40% over the past year. Beyond 2013/14, confidence in
meeting savings targets falls further.
Tough choices are ahead as the cracks begin to show and
decisions get closer to the frontline. Councils need to act
urgently to transform themselves into agile organisations and
shape a role for themselves through a future of continued
austerity.
PwC  18
North Norfolk District Council
45
Appendix D: Audit quality
Quality is built into every aspect of the way that we deliver the Council’s audit. We take great pride in being your auditors and
in the value of assurance that the audit opinion provides. A timely, independent and rigorous audit is fundamental. This in
turn necessitates getting the basics right – clarity on audit risks, scope, resource, timetables, deliverables and areas of
judgement – which is supported by our team that has extensive experience and relevant training.
The table below sets out some of the key ways in which we ensure we deliver a high quality audit.
Procedure
Description
People
Quality begins with our people. To ensure that every engagement team provides quality, we use carefully
designed protocols for recruiting, training, promoting, assigning responsibility and managing and
overseeing the work of our people. We invest significant amounts of time and money for the training and
development of our audit professionals. Every new team member is carefully selected to ensure they have
the right blend of technical expertise and industry experience to support the Council’s audit.
Client acceptance
and retention
Our client acceptance and retention standards and procedures are designed to identify risks of a client or
prospective client to determine whether the risks are manageable.
Audit
methodology
The same audit methodology is used for all Local Authority audit engagements, thereby ensuring
uniformity and consistency in approach. Compliance with this methodology is regularly reviewed and
evaluated. Comprehensive policies and procedures governing our accounting and auditing practice –
covering professional and regulatory standards as well as implementation issues – are constantly
updated for new professional developments and emerging issues, needs and concerns of the practice.
Technical
consultation
Consultations by engagement teams, typically with senior technical partners unaffiliated with the audit
engagement, are required in particular circumstances involving auditing, accounting or reporting
matters including matters such as going concern and clinical quality issues. In addition, we regularly
consult with our industry specialists in the Local Government Centre of Excellence and our accounting
technical experts that sit on the Audit Commission Auditors’ Group.
PwC  19
North Norfolk District Council
46
Procedure
Description
Technical updates
PwC prepares numerous publications to keep both PwC staff and our clients abreast of the latest
technical guidance.
These include:



A weekly publication covering the week’s accounting and business developments;
A periodic publication providing in-depth analysis of significant accounting developments; and
A publication issued shortly after meetings of standard setters, including IFRIC and the EITF, to
provide timely feedback on issues discussed at the meeting.
We also provide Local Government specific technical updates through regular publications issued by our
Local Government Centre of Excellence and weekly conference calls for all Local Authority engagement
teams during the final audit period. We will share our technical updates with you throughout the year.
Independence
standards
PwC has policies and systems designed to comply with relevant independence and client retention
standards. Before a piece of non-audit work can begin for the Council, it must first be authorised by the
engagement leader who evaluates the project against our own internal policies and safeguards and
against your policy on non-audit services. Above a certain fee threshold, we then seek approval from the
Audit Commission before proceeding with any work.
Ethics
Our Ethics and Business Conduct Programme includes confidential communication channels to voice
questions and concerns 24 hours a day, seven days a week. Confidentiality helps us to ensure that we
receive the candid information and that we respond with the appropriate technical and risk management
resources.
Independent
review
Our audits are subject to ongoing review and evaluation by review teams within PwC and also by the
Audit Quality Review Team (AQRT, formerly the Audit Inspection Unit). The most recent report on PwC
was issued in May 2013 and although there are some areas for development identified the general theme
was that audit quality has continued to improve. The firm has developed action plans for all areas for
development identified by the AQRT.
As auditors appointed by the Audit Commission we are also required to comply with their annual
Regulatory Compliance and Quality Review programme. The results for our 2012/13 audits are expected
in early 2014 and will be publicly available on the Audit Commission’s website should you wish to take a
look.
PwC  20
North Norfolk District Council
47
Smart People
We deploy quality people on your audit, supported by a substantial investment in training and in our industry programme.
The members of staff deployed on your audit have been primarily taken from our dedicated Government and Public Sector
team. These staff members have a wide and deep knowledge both of the Council and the local government sector.
Key members of the audit team including the engagement leader and engagement manager have been involved in the audit of
the Council for a number of years. This ensures continuity which is beneficial both for our people and your audit through
ensuring that accumulated knowledge remains within the audit team, improving the quality of the audit we deliver.
We use dedicated IT specialists on the audit and will share their insight and experience of best practices with you.
Smart Approach
Data auditing
We use technology-enabled audit techniques to drive quality, efficiency and insight.
In 2013/2014 we anticipate the work will include:

Testing manual journals using data analytics, ensuring we consider the complete population of manual journals and
target our detailed testing on the items with the highest inherent risk.

The production of a journals ‘insight report’ which shows the comparable use of journals across the organisation and
explores some of the root causes. We use the data gathered as part of our journals testing to share our findings and
observations with management.
Centre of Excellence
We have a Centre of Excellence in the UK for Local Government which is a dedicated team of specialists which advises, assists
and shares best practice with our audit teams in more complex areas of the audit.
Our team has been working side by side with the Centre of Excellence to ensure we are executing the best possible audit
approach.
Delivery centres
We use dedicated delivery centres to deliver parts of our audit work that are routine and can be done by teams dedicated to
specific tasks; for example these include confirmation procedures, preliminary independence checks and consistency and
casting checks of the financial statements.
The use of our delivery centres frees up your audit team to focus on other areas of the audit.
PwC  21
North Norfolk District Council
48
We have agreed a process with the Audit Commission, under which data can be off-shored to PwC Service delivery Centres in
India and Poland for the facilitation of basic audit tasks, as highlighted earlier. We have also agreed with the Audit
Commission how this will be regulated, together with their independent review of our internal processes to ensure
compliance, with the Audit Commission requirements for off-shoring. Further information is included in Appendix E.
Smart Technology
We have designed processes that automate and simplify audit activity wherever possible. Central to this is PwC’s Aura
software, which has set the standard for audit technology. It is a powerful tool, enabling us to direct and oversee audit
activities.
Aura’s risk-based approach and workflow technology results in a higher quality, more effective audit and the tailored testing
libraries allow us to build standard work programmes for key Council audit cycles.
Smart people
Smart approach
Smart technology
The PwC Audit
Our ‘smart’ approach underpins your audit
PwC  22
North Norfolk District Council
49
Appendix E: Other engagement information
The Audit Commission appoint us as auditors to North Norfolk District Council and the terms of our appointment are
governed by:


The Code of Audit Practice; and
The Standing Guidance for Auditors.
There are five further matters which are not currently included within the guidance, but which our firm’s practice requires
that we raise with you.
Electronic communication
During the engagement we may from time to time communicate electronically with each other. However, the electronic
transmission of information cannot be guaranteed to be secure, virus or error free and such information could be intercepted,
corrupted, lost, destroyed, arrive late or incomplete or otherwise be adversely affected or unsafe to use.
PwC partners and staff may also need to access PwC electronic information and resources during the engagement. You agree
that there are benefits to each of us in their being able to access the PwC network via your internet connection and that they
may do this by connecting their PwC laptop computers to your network. We each understand that there are risks to each of us
associated with such access, including in relation to security and the transmission of viruses.
We each recognise that systems and procedures cannot be a guarantee that transmissions, our respective networks and the
devices connected to these networks will be unaffected by risks such as those identified in the previous two paragraphs. We
each agree to accept the risks of and authorise (a) electronic communications between us and (b) the use of your network and
internet connection as set out above. We each agree to use commercially reasonable procedures (i) to check for the then most
commonly known viruses before either of us sends information electronically or we connect to your network and (ii) to
prevent unauthorised access to each other’s systems.
We shall each be responsible for protecting our own systems and interests and you and PwC (in each case including our
respective directors, members, partners, employees, agents or servants) shall have no liability to each other on any basis,
whether in contract, tort (including negligence) or otherwise, in respect of any error, damage, loss or omission arising from or
in connection with the electronic communication of information between us and our reliance on such information or our use
of your network and internet connection.
The exclusion of liability in the previous paragraph shall not apply to the extent that such liability cannot by law be excluded.
PwC  23
North Norfolk District Council
50
Access to audit working papers
We may be required to give access to our audit working papers to the Audit Commission or the National Audit Office for
quality assurance purposes.
Overseas processing of information
Recently, as with other firms, we have agreed a process with the Audit Commission, under which data can be off-shored to
PwC Service Delivery Centres in Germany and Poland for the facilitation of basic audit tasks. Please refer to the letter at the
end of this Appendix for further information on the types of tasks we may off-shore. We confirm that:

When work is off-shored the firm delivering the audit remains entirely responsible for the conduct of the audit. As
such the data will be subject to similar data quality control procedures as if the work had not been off-shored,
maintaining the security of your data.

All firms within the PricewaterhouseCoopers network, including the PwC Service Delivery Centres, have signed an
intra-group data protection agreement which includes data protection obligations equivalent to those set out in the
EU model contract for the transfer of personal data to data processors outside of the European Economic Area.

We shall comply at all times with the seventh principle in Part 1 of Schedule 1 to the Data Protection Act 1998.

Your audit team members will remain your key audit contacts, you will not need to communicate with our overseas
delivery teams.

The audit team members are responsible for reviewing all of the work performed by the overseas delivery teams.

We already successfully use a UK based delivery centre for financial statements quality checks and that this service
will remain in the UK.
If you have any questions regarding this process or if you require further information then please contact Aphrodite
Antoniades.
Quality arrangements
We want to provide you at all times with a high quality service to meet your needs. If at any time you would like to discuss with
us how our service could be improved or if you are dissatisfied with any aspect of our services, please raise the matter
immediately with the partner responsible for that aspect of our services to you. If, for any reason, you would prefer to discuss
these matters with someone other than that partner, please contact Richard Bacon, our Government & Public Sector
Assurance Lead Partner at our office at Cornwall Court, Birmingham, B3 2DT, or James Chalmers, UK Head of Assurance, at
our office at 1 Embankment Place, London, WC2N 6NN. In this way we can ensure that your concerns are dealt with carefully
and promptly. We undertake to look into any complaint carefully and promptly and to do all we can to explain the position to
PwC  24
North Norfolk District Council
51
you. This will not affect your right to complain to the Institute of Chartered Accountants in England and Wales or to the Audit
Commission.
Events arising between signature of accounts and their publication
ISA (UK&I) 560 places a number of requirements on us in the event of material events arising between the signing of the
accounts and their publication. You need to inform us of any such matters that arise so we can fulfil our responsibilities.
If you have any queries on the above, please let us know before approving the Audit Plan or, if arising subsequently, at any
point during the year.
PwC  25
North Norfolk District Council
52
Private & Confidential
Members of the Audit Committee
North Norfolk District Council
Council Offices
Holt Road
Cromer
Norfolk
NR27 9EN
England
March 2014
Ladies and Gentlemen,
Working more efficiently
As you know the Audit Commission recently tendered the audit work previously delivered by the District Audit service. This
realised significant savings which have been passed on to your organisation in a reduction to your scale fee of around 40%.
As a result of this tender, suppliers have sought for opportunities to increase efficiency, whilst maintaining the level of quality.
One principle which has recently been established is that certain basic parts of the audit can be off-shored. This is common
practice in the private sector. When work is off-shored the firm delivering the audit and thus your audit team, remains entirely
responsible for the conduct of the audit. As such the data would be subject to similar data quality control procedures as if the
work had not been off-shored, maintaining the security of your data.
Examples of the work that can be off-shored are:

Request for confirmations (Receivables, Bank or Payables);

Verification/vouching of information to source documentation (e.g. agreeing a payable balance to invoice);

Financial statements review;

Mathematical accuracy checks of data;

Research; and

Preparation of lead schedules.
PwC  26
North Norfolk District Council
53
Recently, as with other firms, we have agreed a process with the Audit Commission, under which data can be off-shored to
PwC Service delivery Centres in Germany and Poland for the facilitation of basic audit tasks, as highlighted above. We have
agreed with the Audit Commission how this will be regulated, together with their independent review of our internal processes
to ensure compliance, with the Audit Commission requirements for off-shoring.
If you have any questions regarding the above, please do not hesitate to get in touch.
Yours sincerely
Julian Rickett
Engagement Leader
PwC  27
North Norfolk District Council
54
In the event that, pursuant to a request which North Norfolk District Council has received under the Freedom of Information Act 2000, it is required to disclose any information contained in this
report, it will notify PwC promptly and consult with PwC prior to disclosing such report. North Norfolk District Council agrees to pay due regard to any representations which PwC may make in
connection with such disclosure and North Norfolk District Council shall apply any relevant exemptions which may exist under the Act to such report. If, following consultation with PwC, North
Norfolk District Council discloses this report or any part thereof, it shall ensure that any disclaimer which PwC has included or may subsequently wish to include in the information is reproduced
in full in any copies disclosed.
This document has been prepared only for North Norfolk District Council and solely for the purpose and on the terms agreed through our contract with the Audit Commission. We accept no
liability (including for negligence) to anyone else in connection with this document, and it may not be provided to anyone else.
© 2014 PricewaterhouseCoopers LLP. All rights reserved. In this document, "PwC" refers to the UK member firm, and may sometimes refer to the PwC network. Each member firm is a separate
legal entity. Please see www.pwc.com/structure for further details.
130610-142627-JA-UK
55
Audit Committee
17 March 2014
Agenda Item No______10_______
Internal Audit’s Charter, Code of Ethics, Audit Strategy, Strategic and Annual Audit Plans,
Summary of Internal Audit Coverage and Performance Indicators for 2014/15
Summary:
This report provides an overview of the stages followed prior to
the formulation of the Strategic Audit Plan for 2014/15 to
2016/17 and the Annual Audit Plan for 2014/15. The Annual
Audit Plan will then serve as the work programme for the
Council’s Internal Audit Services Contractor, Mazars Public
Sector Internal Audit Ltd, and provide the basis upon which the
Internal Audit Consortium Manager will subsequently give Audit
Opinions on North Norfolk Council’s system of internal control
and risk management, and corporate governance arrangements
for 2014/15.
Members’ attention is also drawn to the fact that this is the first
time that an Audit Charter has been presented. Previously,
Terms of Reference had been submitted annually, but now, in
accordance with Public Sector Internal Audit Standards, which
came into effect from 1 April 2013, it has been necessary to
develop an Audit Charter to reflect how the Internal Audit
Service will operate in accordance with updated mandatory
standards. The foundations of the Public Sector Internal Audit
Standards however are not so fundamentally different to those
requirements formerly specified in the CIPFA Code of Practice
for Internal Audit, although the structure of the Charter must
follow a prescribed format which defines the purpose, authority
and responsibility of the Internal Audit activity, and clear
definitions need to be given of those governance elements
fulfilling responsibilities of the ‘board’ and ‘senior management’.
Conclusions:
Recommendations:
In reviewing and approving the Audit Charter and related
strategic and operational audit planning information, the Audit
Committee is making appropriate provisions to ensure that the
Internal Audit requirements as stated in the Local Government
Finance Act 1982, c.32 and the Accounts and Audit Regulations
2011 are being properly met, and due support is being given to
securing an Internal Audit Service, which is compliant with
statutory internal auditing standards applicable to public sector
organisations.
The Committee is requested to approve:
Internal Audit’s Charter for 2014/15;
56
Audit Committee
17 March 2014
Internal Audit’s Code of Ethics for 2014/15;
Internal Audit’s Strategy for 2014/15;
The Strategic Audit Plan for 2014/15 to 2016/17;
The Annual Audit Plan for 2014/15;
The Summary of Internal Audit Coverage for 2014/15;
and,
Performance Indicators for 2014/15.
Cabinet member(s):
Wards:
Contact
Officer,
telephone
number,
and e-mail:
All
All
Emma Hodds, Deputy Audit Manager
01508 533791
ehodds@s-norfolk.gov.uk
1.
BACKGROUND
1.1
In accordance with legislative, regulatory and best practice requirements, North
Norfolk Council has made arrangements for a continuous internal audit to
examine the accounting, financial and other operations of the organisation.
This is effectively achieved through contractual and group agreement
arrangements, which exist between North Norfolk Council and South Norfolk
Council, whereby the Internal Audit Consortium Manager, based at South Norfolk
Council, has developed on behalf of North Norfolk Council, an Audit Charter and
overarching Strategy which explain the methodology that has been applied when
determining future audit coverage of the organisation’s business operations.
1.2
A number of other key supporting papers have also been developed to ensure
clarity regarding the Code of Ethics that will be adopted by the Internal Auditors,
together with the Performance Indicators to be used to monitor service delivery.
In conjunction with these documents, an insight into future audit input envisaged
over the next 3 years has been provided via a new Strategic Audit Plan for
2014/15 onwards, alongside a more detailed analysis of audit assignments being
lined up for the next financial year. The sequencing of the latter is encapsulated
in the Annual Audit Plan for 2014/15 and a Summary of Internal Audit Coverage
has also been compiled, which explains where audit focus will be directed.
2.
INTERNAL AUDIT’S AUDIT CHARTER, 2014/15
2.1
The Public Sector Internal Audit Standards have been primarily introduced to:
Define the nature of internal auditing;
Set basic principles for carrying out internal audit;
Establish a framework for providing internal audit services, which add
value to the organisation, leading to improved organisational processes
and operations.
Establish the basis for the evaluation of internal audit performance and to
drive improvement planning.
2.2
As part of evidencing that these requirements are being adhered to, there is a
duty on the Internal Audit Service to construct an Audit Charter which
demonstrates how these elements are being handled and managed.
The
Internal Audit Consortium Manager for North Norfolk Council has therefore
57
Audit Committee
17 March 2014
compiled a Charter which covers off the above requirements, acknowledging too
that some additional appendices have been needed to give further clarity on
important issues such as the Code of Ethics and the Performance Indicators
adopted by the Internal Audit function.
2.3
In migrating from previously maintained Terms of Reference (which were last
reviewed by the Audit Committee in March 2013) to the establishment of an Audit
Charter that fully complies with the mandatory standards, it has been necessary
to:
Apply a revised definition of internal auditing. Under previous Code of
Practice arrangements, the emphasis had been on Internal Audit as an
assurance function, whereas now there is recognition that the function
should be operating on two levels, providing assurance and also giving
advice and guidance on governance and control, in a consulting capacity.
Utilise the Audit Charter to establish the purpose, authority and
responsibilities of the Service provision, its rights of access and the scope
of its activities.
Develop information explaining Quality Assurance and Improvement
processes that will be followed, which contains commentary on how both
internal and external assessments will be addressed going forward.
Recognise and define the terms ‘board’ and ‘senior management’ for the
purposes of Internal Audit activity and acknowledge the role of the Chief
Audit Executive. The interpretation of these important governance roles
at North Norfolk Council has therefore been examined at Section 4 of the
Charter in the section covering Organisation and Relationships.
2.4
Finally, there is an obligation under the mandatory standards to review and represent the Audit Charter in much the same way that previous Terms of
Reference had to be revisited annually. The Charter has to be re-evaluated by
the Internal Audit Consortium Manager to confirm its ongoing validity and
completeness, and thereafter, the documentation requires the scrutiny and
endorsement of senior management and the Audit Committee.
2.5
The Audit Charter can be found attached at Appendix 1 and is sub-divided into
10 Sections, which dovetail with key elements of the Public Sector Internal Audit
Standards, whilst the Performance Indicators by which service delivery will be
measured are included at Appendix 8.
3.
INTERNAL AUDIT’S CODE OF ETHICS, 2014/15
3.1
An addendum to the Audit Charter headed up ‘Internal Audit - The Code of Ethics
for 2014/15’ sets out the expected behaviours of Internal Audit staff in relation to
service delivery and is located at Appendix 2. The basis of standards of conduct
for 2014/15 remain unchanged with reference to those followed by Internal Audit
in 2013/14, as the Code of Ethics developed for the current financial year was
written such that it completely mirrored the obligations under the new Public
Sector Internal Audit Standards. It has, however, been necessary to make one
small amendment to Section 6 of the Code of Ethics for 2014/15, to mark the
changeover from the Deloitte auditors to the Mazars auditors, the latter now
being engaged to deliver the Annual Audit Plan for North Norfolk Council. It is to
be noted that the nature of the Internal Audit Services contractor’s role has been
fully documented in several sections of the Audit Charter.
58
Audit Committee
17 March 2014
3.2
Aside from the Code of Ethics, the Internal Audit Consortium Manager in the role
of the Chief Audit Executive will also be cognisant of and comply with
requirements laid down in CIPFA’s Statement on the Role of the Head of Internal
Audit, and it is further acknowledged that all Internal Audit staff will operate in
accordance with their own professional bodies’ Code of Ethics, as well as any
organisational Codes of Ethics or Conduct relating to their employer or the client
authority served.
4.
INTERNAL AUDIT STRATEGY, 2014/15
4.1
The Internal Audit Strategy (see Appendix 3) is another document that sits
alongside the Audit Charter, but with the overarching purpose of establishing how
the annual programme of audit assignments has been devised, in terms of the
stages followed when undertaking the annual audit needs assessment, the risk
factors applied and how this information is then used to populate the Strategic
and Annual Audit Plans.
4.2
Having completed the annual audit needs assessment and extracted draft
strategic and annual planning proposals, these were then discussed with the
Head of Finance (in their role of Section 151 Officer) on 5 February 2014, with all
Heads of Service on the same date, and finally with Corporate Leadership Team
on 11 February 2014. The outcome of this rigorous, 3-tier consultation process
was management’s significant contribution to shaping future audit coverage and
providing assistance with developing the timetable for the delivery of audit
projects during 2014/15, ensuring that the timing would enable audit work to add
value, wherever possible. In the course of liaison with management, it was further
confirmed that it was no longer viable to support a previously agreed move from
annual to 2-yearly audit examination of the system of risk management and
corporate governance arrangements.
The Public Sector Internal Audit
Standards have influenced this change of approach, whereby Internal Audit will
once again undertake annual assessments of the provisions in these areas.
4.3
When compiling the new Strategic Audit Plan for 2014/15 onwards, it was further
noted that two audits earmarked for completion in 2013/14 subsequently had to
be deferred. These pieces of work concerned Development Management and
Revenues and Benefits Governance. The two audits were postponed to allow
more time for internal reviews of arrangements to take place; potential new
working practices to be developed and rolled out, and activity against schemes
and initiatives to advance, such that Internal Audit’s review work would be more
meaningful when eventually carried out. Hence, the requisite rescheduling of
these two particular audits has been noted in the new Strategic Plan, as well as
the new Annual Audit Plan for 2014/15.
5.
THE STRATEGIC AUDIT PLAN, 2014/15 TO 2016/17
5.1
The overarching objective of the Strategic Audit Plan (included at Appendix 4) is
to provide a comprehensive programme of review work over the next three years,
with each year providing sufficient audit coverage to give annual opinions, which
can be used to inform the organisation’s Annual Governance Statement.
59
Audit Committee
17 March 2014
5.2
In the past, there has been some variation, year-on-year, with regards to the
number of planned audit days and projects requiring delivery by Internal Audit
Services. Moreover, going forward, we confirm that there is a continuing need for
wide ranging review work in order to meet Public Sector Internal Audit Standards
and the revised definition of Internal Auditing that they have introduced, which
has again resulted in fluctuations in planned audit days required in future years.
5.3
In terms of bottom line yearly totals on the new Strategic Plan, they appear to
have risen compared with 2013/14, but this has been due to the fact that the
previously approved Annual Audit Plan for 2013/14 had featured 213 days, a
figure that was then revised downwards to 186 days due to 2 assignments which
amounted to 27 days, removed from the Plan, and subsequently agreed to be
performed in 2014/15.
6.
THE ANNUAL AUDIT PLAN, 2014/15
6.1
Having developed the Strategic Audit Plan, the Annual Audit Plan is next
extracted, as can be seen in Appendix 5 to the report, with timings added to
show the sequencing of assignments over the course of the financial year. The
Annual Audit Plan for 2014/15 encompasses 218 days, allocated across 17
individual assignments plus audit verification work concerning audit
recommendations implemented to improve the Council’s internal control
environment.
7
SUMMARY OF PROPOSED AUDIT COVERAGE, 2014/15
7.1
Summary information, attached at Appendix 6 has also been formulated to give
an indication as to the nature of forthcoming work over the next 12 months. The
information has been developed to ensure that the relevant Service Managers
and members of Corporate Leadership Team are aware of the direction of
Internal Audit work over the course of the new financial year and that the Audit
Committee can obtain an overview of the focus of work scheduled. Additionally,
the documentation also ensures both External Audit and the Internal Audit
Services contractor receive a steer as to the nature of individual audits over the
coming year.
Certainly, as far as the Internal Audit Services contractor is
concerned; the Summary document offers a starting point for more detailed audit
planning meetings with management. However, the guidance therein should be
viewed with some flexibility, as the scope and subsequent parameters for some
audits may need to alter in the event of changing corporate priorities, and/or
terms of reference requiring adoption may not become wholly clear until
discussions have been held with management as to the key priorities and risks
facing service delivery, and where they feel an expanded scope is required to
add further value.
7.2
Having reviewed the Summary of Internal Audit Coverage, it is also useful to take
into account how the internal control environment at the Council has been
evolving over time and how future audit input will continue to monitor this
situation providing the Council with additional independent assurance during
2014/15. Appendix 7 is therefore included to highlight the historical and current
position, as well as future coverage being put forward. Crosses within the table
indicate where audits have been earmarked in 2014/15, as well as identifying
those audits still progressing as part of the 2013/14 Annual Audit Plan.
60
Audit Committee
17 March 2014
8.
OPTIONS
8.1
The Audit Plans presented have been derived from the Annual Audit Needs
Assessment undertaken by the Internal Audit Consortium Manager. Failure to
support these plans, and potentially consider further reductions in the audit
coverage, could result in the Internal Audit Consortium Manager not being able to
provide the requisite annual audit opinions, and may lead to the Council’s
External Auditors having to increase the work they are required to perform.
9.
RISK IMPLICATIONS
9.1
As mentioned above at paragraph 8.1, a failure to approve the Plans presented
could result in additional risks to the authority, through the Internal Audit
Consortium Manager not being able to provide the necessary opinions, and the
External Auditors being required to perform additional audit testing. There is
also the risk that reductions in Internal Audit coverage could lead to ongoing
weaknesses in the internal control environment at the Council not being detected
and reported upon, and subsequently resolved through remedial work being
taken.
10.
FINANCIAL IMPLICATIONS
10.1 Steps have been taken when formulating Internal Audit coverage for the year
ahead, to ensure that the proposals put forward are affordable and do not exceed
the approved audit budget for 2014/15.
Appendices attached to this report:
Appendix 1
Appendix 2
Appendix 3
Appendix 4
Appendix 5
Appendix 6
Appendix 7
Appendix 8
Internal Audit’s Charter for 2014/15
Internal Audit – Code of Ethics for 2014/15
Internal Audit Strategy for 2014/15
Strategic Audit Plan – April 2014 to March 2017
Annual Audit Plan – April 2014 to March 2015
Summary of Internal Audit Coverage for 2014/15
Levels of Assurance Awarded from 2008/09 onwards
Performance Indicators for 2014/15
61
Appendix 1
NORTH NORFOLK COUNCIL
INTERNAL AUDIT CHARTER FOR 2014/15
1.
Introduction
1.1
Organisations in the UK public sector have historically been governed by an
array of differing internal audit standards. The Public Sector Internal Audit
Standards (the PSIAS), which took effect from the 1 April 2013, and are
based on the mandatory elements of the Institute of Internal Auditors (IIA)
International Professional Practices Framework (IPPF) now provide a
consolidated approach to promoting further improvement in the
professionalism, quality, consistency, transparency and effectiveness of
Internal Audit across the whole of the public sector.
1.2
The PSIAS require that all aspects of Internal Audit operations are
acknowledged within an Audit Charter that basically defines the purpose,
authority and responsibilities of the service provision. The Charter therefore
establishes the position of the Internal Audit Service within North Norfolk
Council; its authority to access to records, personnel and physical properties
relevant to the performance of engagements; in addition to defining the scope
of Internal Audit activities.
1.3
There is also an obligation under the PSIAS for the Charter to be periodically
reviewed and presented to the Audit Committee, the Section 151 Officer and
senior management. This Charter will therefore be revisited annually to
confirm its ongoing validity and completeness, and be circulated in
accordance with the requirements specified above.
2.
Purpose
2.1
In accordance with the PSIAS, Internal Auditing is defined as an independent,
objective assurance and consulting activity designed to add value and
improve the Council‟s operations. It helps the Council accomplish its
objectives by bringing a systematic, disciplined approach to evaluate and
improve the effectiveness of risk management, control and governance
processes.
2.2
However, it should also be appreciated that the existence of Internal Audit
does not diminish the responsibility of senior management to establish
appropriate and adequate systems of internal control and risk management.
Internal Audit is not a substitute for the functions of senior management, who
should ensure that Council activities are conducted in a secure, efficient and
well ordered manner with arrangements sufficient to address the risks which
might adversely impact on the delivery of corporate priorities and objectives.
3.
Authorisation
3.1
The requirement for an Internal Audit Service is outlined within the Accounts
and Audit Regulations 2003, as amended in 2006 and 2011, which state that
“a relevant body must undertake an adequate and effective internal audit of
its accounting records and of its system of internal control in accordance with
62
the proper practices in relation to internal control”. This statutory requirement
for continuous Internal Audit has been formally recognised and endorsed
within North Norfolk Council‟s Constitution.
3.2
Further, there are additional requirements place upon the Chief Audit
Executive (as more fully defined below in Section 4 - Organisation and
Relationships), to fulfil all aspects of CIPFA‟s Statement on the Role of the
Head of Internal Audit in Public Sector Organisations, whilst the Council‟s
Constitution makes Internal Audit primarily responsible for carrying out an
examination of the accounting, financial and other operations of the Council,
under the independent control and direction of the Section 151 Officer. The
role of Section 151 Officer at North Norfolk Council is fulfilled by the Head of
Finance.
3.3
The internal audit activity, with strict accountability for confidentiality and
safeguarding records and information, is authorised to have full, free, and
unrestricted access to any and all of the organisation's:
records, documents and correspondence (manual and electronic)
relating to any financial and other transactions;
physical properties, i.e. premises and land, plus cash, stores or any
other Council property; and,
personnel – requiring and receiving such explanations as are
necessary concerning any matter under examination and generally
assisting the Internal Audit activity in fulfilling its roles and
responsibilities;
recognising that all of the requirements stated above are pertinent to Internal
Audit being able to carry out its commitments/engagements. Such access
shall be granted on demand and shall not be subject to prior notice, although
in principle, the provision of prior notice will be given wherever possible and
appropriate, unless circumstances dictate otherwise.
4.
Organisation and Relationships
4.1
Within the PSIAS, the terms ‟Chief Audit Executive,‟ „Board‟ and „Senior
Management‟ are used to describe key elements of the organisation‟s
governance, and the ways in which they interact with Internal Audit. The
PSIAS require that the terms are defined in the context of the governance
arrangements in each public sector organisation, in order to safeguard the
independence and objectivity of Internal Audit. At North Norfolk Council, the
following interpretations are applied, so as to ensure the continuation of the
current relationships between Internal Audit and other key bodies at the
Council.
4.2
Chief Audit Executive
4.2.1
At North Norfolk Council, the Chief Audit Executive is the Internal
Audit Consortium Manager based at South Norfolk Council. This is
due to the fact that North Norfolk‟s Internal Audit Service is delivered
by means of a Group Agreement that exists between Breckland,
Broadland, South Norfolk and North Norfolk District Councils, Great
Yarmouth Borough Council and the Broads Authority, collectively
known as the Norfolk Internal Audit Consortium. All authorities have
signed an agreement under which South Norfolk Council procures
delivery of Annual Audit Plans and any specified ad-hoc assignments
63
from an external contractor on behalf of the six named organisations.
The contractor was originally Deloitte & Touche Public Sector Internal
Audit Ltd but following a shares purchase agreement is now Mazars
Public Sector Internal Audit Ltd, with effect from 1 February 2014. It
is further noted that the current contract has been in place since 1
October 2007 and is due to expire on 30 September 2014.
4.3
4.2.2
As a consequence of the service structure outlined above, the Internal
Audit Consortium Manager heads up an Audit Management Team
situated within South Norfolk Council‟s Corporate Resources
Directorate, acts as the Contract Manager to Mazars Public Sector
Internal Audit Ltd, and reports directly to the Deputy Chief Executive at
South Norfolk Council for administrative purposes.
4.2.3
The Internal Audit Consortium Manager also has a direct line of
reporting to the Head of Finance at North Norfolk Council given that
this individual is the Council‟s „Responsible Financial Officer/Section
151 Officer‟, who is charged with controlling and directing a continuous
Internal Audit.
4.2.4
In response to requirements laid down within the PSIAS, it is further
confirmed that the Internal Audit Consortium Manager has a direct
reporting line and free and unfettered access to the Chief Executive at
North Norfolk Council.
Board
4.3.1
In the context of overseeing the work of Internal Audit at North Norfolk
Council, the „Board‟ will be the Audit Committee of the Council, which
has been established as part of the Corporate Governance
arrangements at the Council. The Committee is responsible for the
following with reference to Internal Audit:

Agreeing the Internal Audit Charter.

Approving the risk based Strategic and Annual Audit Plans,
together with a Summary of Internal Audit Coverage for the
forthcoming financial year.

Reviewing progress achieved in relation to the completion
of assignments featuring in the Annual Audit Plan.

Monitoring delivery of agreed Audit Recommendations.

Approving updated versions of the Counter Fraud,
Corruption and Bribery Policy and Whistleblowing Policy,
as appropriate.

Considering the findings and conclusions of any
Special/Ad-hoc investigations commissioned by the Audit
Committee or members of the authority‟s senior
management, i.e. Corporate Leadership Team.

Noting the Annual Report and Opinion of the Internal Audit
Consortium Manager.

Undertaking Annual Audit Committee Self Assessment
exercises.

Considering the outcomes of the Annual Review of the
Effectiveness of the Internal Audit Service.

Overseeing External Assessments of the Internal Audit
Service, at least once every 5 years.
64

4.3.2
4.4
In the context of ensuring effective liaison between Internal Audit and
senior officers responsible at North Norfolk Council for specific
aspects of internal control and governance, in a way that ensures the
independence of Internal Audit, and provides for a critical challenge to
the way that Internal Audit activities are carried out, „Senior
Management‟ for the purposes of this Charter is the Management
Team of which the Section 151 Officer (Head of Finance) is a key
member.
External Audit
4.5.1
4.6
Internal Audit will work closely with the Chair and members of the
Audit Committee to facilitate and support the activities of the
Committee. Moreover, the Internal Audit Consortium Manager also
has a direct reporting line, and free and unfettered access to the Chair
of the Audit Committee.
Senior Management
4.4.1
4.5
Approving the Audit Joint Working Protocol between
Internal and External Audit.
In terms of Internal Audit‟s interaction with the Council‟s External
Auditors – PriceWaterhousCooopers, an Audit Joint Working Protocol
has been developed, which recognises the respective responsibilities
of each body, relevant audit areas that will be covered, liaison and
information sharing arrangements between the two bodies, audit
testing and sample size requirements to be observed by the two
bodies and generic key financial controls requiring examination each
year. The Protocol has been primarily devised to minimise any
potential duplication of work and determine the assurance that can be
placed on the respective work of the two parties, whilst also ensuring
that External Audit can place maximum reliance on the work of
Internal Audit, wherever possible.
Other Internal Audit Service Providers
4.6.1
Internal Audit will also liase with other Council‟s Internal Audit Service
providers, where shared service arrangements exist between
themselves and North Norfolk Council. In such cases, a dialogue will
be opened with the other Council‟s equivalent Chief Audit Executive to
agree a way forward regarding the future auditing of „shared‟ services,
which will be both efficient and cost effective for all parties involved,
and cause least disruption to the area(s) being audited.
4.6.2
In the event of North Norfolk‟s Internal Auditors undertaking work for
other Councils outside the Norfolk Internal Audit Consortium,
arrangements over liability of internal audit work performed will be
covered by either a Hold Harmless letter with Mazars Public Sector
Internal Audit Ltd, or contractual arrangements will be extended
through a Standard Letter of Engagement – whichever is the
appropriate response at the time. Conversely, if the other Council‟s
Internal Auditors are nominated to undertake audit work on behalf of
North
Norfolk
Council,
formal
confirmation
of
their
65
liability/accountability for that work will be required, so that full reliance
can be placed upon the audit working papers and report generated in
consequence. In addition, North Norfolk‟s Internal Audit Consortium
Manager will review all such work to ensure that it is providing the
requisite assurances to feed into her annual audit opinion and should
it be found that insufficient or inadequate work has been carried out,
North Norfolk‟s Internal Audit Consortium Manager reserves the right
to request additional work is undertaken.
4.7
Other External Review and Inspection Bodies
4.7.1
The Internal Audit Section confirms it will likewise co-operate with all
external review and inspection bodies that are authorised to assess
and evaluate the activities of the Council, to determine compliance
with regulations, standards or targets. Internal Audit will, wherever
possible, utilise third party assurances arising from this work.
5.
Objectives and Scope
5.1
The provision of assurance services is the primary role of Internal Audit and
there is a duty of care on the Chief Audit Executive to give an annual internal
audit opinion based on an objective assessment of the framework of
governance, risk management and control. This responsibility to evaluate the
governance framework far exceeds examination of controls applying to the
Council‟s core financial systems.
Instead, Internal Audit is required to
scrutinise the whole system of risk management, internal control and
governance processes established by management.
5.2
Internal Audit also has a secondary role, whereby it will provide consultancy
services which are advisory in nature and generally performed at the request
of the Council to facilitate improved governance, risk management and
control, and potentially contribute to the annual audit opinion.
5.3
A risk based Strategic Audit Plan will be developed each year to determine an
appropriate level of audit coverage to generate an annual audit opinion, which
can then be used to assist with the formulation of the Council‟s Annual
Governance Statement.
Moreover, audit work performed will seek to
enhance the Council‟s overall internal control environment. In the event of
deficiencies in arrangements being identified during audit assignments,
Internal Audit will put forward recommendations aimed at improving existing
arrangements and restoring systems of internal control to a satisfactory level,
where relevant. The way in which the Strategic Audit Plan is evolved, is
explored further within the Charter at Section 8.2 Audit Planning and, in
Appendix 3 – Internal Audit Strategy.
5.4
In accordance with the PSIAS, the Internal Audit Service will evaluate and
contribute to the improvement of:
5.4.1
The design, implementation and effectiveness of the organisation‟s
ethics-related objectives, programmes and activities.
5.4.2
The effectiveness of the Council‟s processes for performance
management and accountability.
66
5.4.3
The Council‟s IT governance provisions in supporting
organisation‟s corporate priorities, objectives and strategies.
5.4.4
The Council‟s risk management processes in terms of significant risks
being identified and assessed; appropriate risk responses being
made that align with the organisation‟s risk appetite, the capturing and
communicating of risk information in a timely manner, and its use by
staff, senior management and members to carry out their
responsibilities and inform decision making generally.
of
the
5.4.5
The provisions developed to support achievement
organisation‟s strategic objectives and goals.
the
5.4.6
The systems formulated to secure an effective internal control
environment.
5.4.7
The completeness, reliability, integrity and timeliness of management
and financial information.
5.4.8
The systems established to ensure compliance with legislation,
regulations, policies, plans, procedures and contracts, encompassing
those set by the Council and those determined externally.
5.4.9
The systems designed to safeguard Council assets and employees.
5.4.10
The economy, efficiency and effectiveness with which resources are
used in operations and programmes at the Council.
5.5
In addition to the areas recorded above, where Internal Audit will give input to
their continuing enhancement; as previously acknowledged at Section 4.2.3
of the Charter, the Service will also provide support to the Head of Finance in
the discharge of her duties as the Section 151 Officer with responsibility for
the probity and effectiveness of the Authority‟s financial arrangements and
internal control systems.
5.6
Managing the risk of fraud and corruption is the responsibility of management.
However, as part of the scope of Internal Audit, it will be alert in all its work to
the risks and exposures that could allow fraud or corruption to occur and will
monitor the extent and adequacy of risk controls built into systems by
management, sharing this information with External Audit.
5.7
In the course of delivering services encompassing all the elements stated
above, should any significant risk exposures and control issues subsequently
be identified, Internal Audit will report these matters to senior management,
propose action to resolve or mitigate these, and appraise the Audit
Committee of such situations.
6.
Independence
6.1
The Internal Audit Section operates within an organisational framework
that preserves the independence and objectivity of the assurance function,
and ensures that Internal Audit activity is free from interference in
determining the scope of internal auditing, performing work and
communicating results.
67
6.2
The framework allows the Internal Audit Consortium Manager direct access to
and the freedom to report unedited in her own name, as she deems
appropriate, to the Audit Committee, the Chief Executive, Head of Finance
(Section 151 Officer) and the Corporate Leadership Team.
6.3
Internal Auditors have no operational responsibilities or authority over any of
the activities that they are required to review. As a consequence, they do not
develop procedures, install systems, prepare records, or engage in any other
activity, which would impair their judgement. In addition, Internal Auditors will
not assess specific operations for which they were previously responsible,
and objectivity is presumed to be impaired if an Internal Auditor provides
assurance services for an activity for which they had responsibility within the
previous 12 months. Internal Auditors may however provide consulting
services relating to operations over which they had previous responsibility.
6.4
If however, Internal Audit‟s independence or objectivity is impaired in fact or
appearance, the details of impairment will be disclosed to senior management
and the Audit Committee. The nature of the disclosure will depend upon the
impairment.
6.5
The Internal Audit Consortium Manager will confirm to the Audit Committee, at
least annually, the organisational independence of the Internal Audit activity.
7.
Professional Standards
7.1
North Norfolk Council‟s Internal Auditors operate in accordance with the
Public Sector Internal Audit Standards, 2013.
7.2
The Internal Auditors are also governed by the policies, procedures, rules and
regulations established by North Norfolk Council.
These include the
Constitution (with special attention to Financial Regulations and Finance
Procedure Rules, plus Contract Standing Orders), the Counter Fraud,
Corruption and Bribery Policy, and the Code of Conduct.
Similarly, the
Council‟s Internal Auditors will be heedful of external bodies‟ requirements
(e.g. as identified by CIPFA), and all legislation affecting the Council‟s
activities.
7.3
The Council‟s Internal Auditors will additionally adhere to the Code of Ethics
as contained within the PSIAS, details of which are explained at Appendix 2.
7.4
Internal Auditors will also demonstrate due professional care in the course of
their work and consider the use of technology-based audit and other data
analysis techniques, wherever feasible and considered beneficial to the
Council.
7.5
All working arrangements and methodologies, which will be followed by the
North Norfolk Council‟s Internal Auditors are set out in the Audit Manual
maintained by the Audit Management Team, the Specification within the
Internal Audit Services Contract, and the Internal Audit Services contractor‟s
own Audit Manual and quality assurance processes.
8.
Audit Resources and Planning
68
8.1
8.2
9.
Audit Resources
8.1.1
The Internal Audit Consortium Manager will be professionally qualified
(CMIIA, CCAB or equivalent) and have wide internal audit
management experience, to enable them to deliver the responsibilities
of the role.
8.1.2
The Internal Audit Consortium Manager will ensure that the Internal
Audit Service has access to a team of staff that have an appropriate
range of knowledge, skills, qualifications and experience to deliver
requisite audit assignments. The type of reviews that will be provided
in year include computer audits, contract audits, systems reviews,
grant certification work, consultancy input to new/modified systems,
and special/fraud investigations.
8.1.3
In the event of special/fraud investigations being required, there is no
contingency in the Audit Plans to absorb this work. Hence, additional
resources will need to be made available to the Internal Audit Service
when such input is necessary.
Audit Planning
8.2.1
In accordance with earlier statements made at Section 5.3 of the
Charter, the Chief Audit Executive will develop an annual audit
strategy, together with strategic and annual audit plans and a
summary of annual audit coverage using a risk based methodology,
which takes into account documented corporate and operational risks,
as well as any risks or concerns subsequently notified to the Internal
Audit Consortium Manager by senior management. Copies of these
documents will then be submitted to Corporate Leadership Team for
their approval prior to being taken forward to the Audit Committee for
final endorsement, in advance of the new financial year to which they
relate.
8.2.2
The audit strategy can be found in Appendix 3 and explains the
processes followed to populate the risk based Strategic Audit Plan
attached at Appendix 4. From the Strategic Audit Plan, an Annual
Audit Plan will be extracted, which is included at Appendix 5 and a
Summary of Annual Audit Coverage drawn up after consultation with
senior management. Audit Coverage information is contained within
Appendix 6.
8.2.3
The Annual Audit Plan includes the timing, as well as budget and
resource requirements for the next fiscal year. Completion of the
assignments is contracted to Mazars Public Sector Internal Audit Ltd
and the outcomes of their work will be monitored throughout the year
with any requested deviations to the approved Plan being agreed with
the Section 151 Officer, before then being brought to the attention of
the Audit Committee through the periodic activity reporting process.
Reporting
69
9.1
Upon completion of each audit assignment, an Internal Audit report will be
prepared that:
Provides an opinion on the risks and controls of the area reviewed, and
this will contribute to the annual opinion on the internal control
environment, which, in turn, informs the Council‟s Annual Governance
Statement.
Provides a formal record of points arising from the audit and management
responses to issues raised, to include acceptance of audit
recommendations with implementation timescales, as well as reasons for
rejecting recommendations.
Prompts management to implement agreed actions within targeted dates.
9.2
The Internal Audit Consortium Manager or their nominated Deputy will
approve a draft version of all reports before their issue to the relevant officer,
e.g. Chief Executive, Director, Head of Service and/or Service Manager. A
copy is also supplied to the Head of Finance.
9.3
Exit meetings will be accommodated if senior management wish to discuss
issued Draft Audit Reports with the Internal Audit Services contractor, the
Internal Audit Consortium Manager or their nominated Deputy.
9.4
Accountability for management‟s response to Internal Audit recommendations
lies with the Chief Executive, Directors, Heads of Service and/or Service
Managers, as appropriate, who can either, accept and implement guidance
given or formally reject it. However, if audit proposals to strengthen the
internal control environment are disregarded and there are no compensating
controls justifying this course of action, an audit comment will be made in the
Final Audit Report, reiterating the nature of the risk that remains and
recognising that management has chosen to accept this risk. Furthermore,
depending on the severity of the risk, the matter may be escalated upwards
and drawn to the attention of the Audit Committee.
9.5
Final Audit Reports will be issued in line with agreed working protocols to the
relevant nominated officers. The Audit Committee will also be provided with
management summaries from Final Audit Reports at each meeting, via
Internal Audit‟s Progress Report and the Internal Audit Consortium Manager‟s
Annual Report.
9.6
Where Action Plans apply to Final Audit Reports – these will be subject to
follow up input. Management are requested to comment on progress
achieved in relation to agreed actions at 3-monthly intervals, following formal
issue of the Final Audit Report. In addition, Internal Audit will undertake
verification work to review evidence of action initiated and the outcomes of
this work will be communicated to the Audit Committee at agreed intervals.
9.7
The Internal Audit Consortium Manager’s Annual Report
This will contain the annual audit opinion commenting upon:
9.7.1
The scope including the time period to which the opinions pertains;
9.7.2
Scope limitations;
70
9.7.3
Consideration of all related projects including the reliance on other
assurance providers;
9.7.4
The risk or control framework or other criteria used as a basis for the
overall opinion;
9.7.5
The overall opinion, providing reasons where an unfavourable overall
opinion is given; and
9.7.6
A statement on conformance with the Public Sector Internal Audit
Standards and the results of the quality assurance and improvement
programme.
9.8
The full range of Internal Audit related reports to be brought to the attention of
North Norfolk‟s Audit Committee are listed out at Section 4.3.1 of this Charter.
10.
Quality Assurance and Improvement
10.1
The PSIAS require that the Internal Audit Consortium Manager develops and
maintains a quality assurance and improvement programme that covers all
aspects of the Internal Audit activity, and includes both internal and external
assessments. In the event of an improvement plan proving necessary to
formulate and implement, in order to further develop existing service
provisions, the Internal Audit Consortium Manager will initiate the appropriate
action and annually, the results of the quality and assurance programme
together with progress made against the improvement plan will be reported to
senior management and the Audit Committee.
10.2
Internal Assessments
10.2.1 Internal Assessments must include on-going monitoring of the
performance of the internal audit activity. The Service operates in
accordance with a number of key performance indicators, which are
confirmed in the Internal Audit Services contract and detailed at
Appendix 8. Contractor performance is subject to regular review by
the Audit Management Team.
10.2.2 Internal arrangements also include receipt of post audit feedback from
auditees and should criticism be received, this will immediately be
investigated with the Internal Audit Services contractor and steps
taken to resolve matters raised.
10.2.3 The PSIAS additionally require periodic self-assessments or
assessments by other persons within the organisation with sufficient
knowledge of Internal Audit practices. This obligation is satisfied by
the Internal Audit Consortium Manager performing an annual selfassessment of the effectiveness of Internal Audit, the outcomes of
which are then forwarded to the Section 151 Officer with appropriate
evidence, for their independent scrutiny, before the results are
submitted to the Audit Committee. Presenting this information to the
Audit Committee enables members to be assured that the Internal
Audit Service is operating in a satisfactory manner such that reliance
can be placed on the subsequent annual audit opinion provided by the
Internal Audit Consortium Manager.
71
10.3
External Assessments
10.3.1 External assessments must be conducted at least once every five
years by a qualified, independent assessor or assessment team from
outside the organisation. External assessments can be in the form of
a full external assessment, or a self assessment with independent
external verification. The Internal Audit Consortium Manager will
agree with the Audit Committee and the Head of Finance:
The form of the external assessments; and,
The qualifications and independence of the external assessor
or assessment team, including any potential conflict of interest.
10.3.2 The Internal Audit Consortium Manager will use their professional
judgement when assessing whether an assessor or assessment team
demonstrates sufficient competence to be qualified. An independent
assessor or assessment team means not having any real or apparent
conflict of interest and not being part of, or under the control of North
Norfolk Council, i.e. the organisation to which the Internal Audit activity
belongs.
72
Appendix 2
NORTH NORFOLK DISTRICT COUNCIL
INTERNAL AUDIT – CODE OF ETHICS FOR 2014/15
1.
Introduction
1.1
This Code of Ethics sets the minimum standards for the performance and
conduct of North Norfolk District Council’s Internal Auditors. It is intended to
clarify the standards of conduct expected from the Internal Auditors when
carrying out their duties and promote an ethical, professional culture at all
times when undertaking audit duties.
This Code applies to all staff
responsible for delivering Internal Audit within Breckland, Broadland, South
Norfolk and North Norfolk District Councils, Great Yarmouth Borough Council
and the Broads Authority, but does not supersede or replace the requirement
on individual auditors to comply with their own professional bodies’ Codes of
Ethics, as qualified members or student members, as well as any
organisational Codes of Ethics or Conduct relating to their employer or the
client authorities they serve.
There are four main principles, which must be observed in addition to having
due regard to the Committee on Standards of Public Life’s ‘Seven Principles
of Public Life’. The principles involved are as follows:
Integrity;
Objectivity;
Confidentiality; and,
Competency.
2.
Integrity
2.1
Principle
2.1.1
The integrity of Internal Auditors establishes trust and thus provides the basis
for reliance on their judgement.
2.2
Rules of Conduct
North Norfolk Council’s Internal Auditors shall:
2.2.1
Perform their work with honesty, diligence and responsibility.
2.2.2
Observe the law and make disclosures expected by the law and the
profession.
2.2.3
Not knowingly be a party to any illegal activity, or engage in acts that are
discreditable to the profession of internal auditing or to the organisation.
2.2.4
Respect and contribute to the legitimate and ethical objectives of the
organisation.
73
2.3
Summary
2.3.1
Thus North Norfolk Council’s Internal Auditors will demonstrate integrity in all
aspects of their work.
Their relationship with colleagues and external
contacts should be one of honesty and propriety. Such conduct will both
support and develop an environment of trust, which provides the basis for
reliance on all activities carried out by the Internal Auditors.
3.
Objectivity
3.1
Principle
3.1.1
Internal Auditors exhibit the highest level of professional objectivity in
gathering, evaluating and communicating information about the activity or
process being examined.
3.1.2
Furthermore, Internal Auditors make a balanced assessment of all the
relevant circumstances and are not unduly influenced by their own interests
or by others in forming judgements.
3.2
Rules of Conduct
North Norfolk Council’s Internal Auditors shall:
3.2.1
Not participate in any activity or relationship that may impair or be presumed
to impair their unbiased assessment.
This participation includes those
activities or relationships that may be in conflict with the interests of the
organisation.
3.2.2
Not accept anything that may impair or be presumed to impair their
professional judgement.
3.2.3
Disclose all material facts known to them that, if not disclosed, may distort the
reporting of activities under review.
3.3
Summary
3.3.1
Objectivity is a state of mind that has regard to all considerations relevant to
the activity or process being examined without being unduly influenced by
personal interest or the views of others. North Norfolk Council’s Internal
Auditors will display professional objectivity at all times when providing
opinions, assessments and recommendations.
4.
Confidentiality
4.1
Principle
4.1.1
Internal Auditors respect the value and ownership of information they receive
and do not disclose information without appropriate authority unless there is a
legal or professional obligation to do so.
74
4.2
Rules of Conduct
North Norfolk Council’s Internal Auditors shall:
4.2.1
Be prudent in the use and protection of information acquired in the course of
their duties.
4.2.2
Not use information for any personal gain or in any manner that would be
contrary to the law or detrimental to the legitimate and ethical objectives of
the organisation.
4.3
Summary
4.3.1
North Norfolk Council’s Internal Auditors will therefore utilise information
received in the appropriate manner and for the purpose it was originally
requested and provided, as prescribed by the requirements of the above
Rules of Conduct, and will additionally take suitable steps to safeguard all
information made available.
5.
Competency
5.1
Principle
5.1.1
Internal Auditors apply the knowledge, skills and experience needed in the
performance of internal auditing services.
5.2
Rules of Conduct
North Norfolk Council’s Internal Auditors shall:
5.2.1
Engage only in those services for which they have the necessary knowledge,
skills and experience.
5.2.2
Perform internal auditing services in accordance with the International
Standards for the Professional Practice of Internal Auditing.
5.2.3
Continually improve their proficiency and effectiveness and quality of their
services.
5.3
Summary
5.3.1
North Norfolk Council’s Internal Auditors will not accept or perform work that
they are not competent to undertake, unless they have received adequate
training and support to carry out the work to an appropriate standard.
5.3.2
It is also essential that the Head of Internal Audit operates in accordance with
the best practice guidance recommended in CIPFA’s Statement on ‘The Role
of the Head of Internal Audit’ and undertakes an annual compliance check
against the core principles stated therein.
75
6.
Operational Arrangements
6.1
Achieving Compliance with the Code of Ethics
6.1.1
On an annual basis, the Internal Audit Consortium Manager, the Deputy Audit
Manager and the Mazars Auditors will revisit the Code of Ethics to reinforce
their understanding of and confirm their on-going commitment to the
obligations placed upon them as specified in this document, and ensure that
they continue to fully comply with these when discharging their day-to-day
duties in relation to North Norfolk Council.
6.2
Securing Integrity
6.2.1
In order to be assured that the Internal Auditors demonstrate integrity in all
aspects of their work, quality control processes have been developed to
protect North Norfolk Council’s position in this matter.
6.3
Maintaining Audit Objectivity
6.3.1
In addition, it is essential that Internal Audit personnel are able to
demonstrate independence and hence, objectivity.
To this end, Internal
Audit staff are obligated to declare potential conflicts of interest as they arise,
so as to enable other staff to be assigned to specific reviews, thereby
avoiding any compromising of independence. Audit objectivity will also be
upheld, in so far as Internal Auditors will not be able to carry out audits in an
area where they have had previous operational roles within the last 12
months.
6.4
Observing Confidentiality
6.4.1
A breach of confidentiality by an Internal Auditor will not be tolerated and will
result in the expulsion of the individual from the Internal Audit Services
contract.
6.5
Demonstrating Competency
6.5.1
It is a pre-requisite that all Internal Audit staff are aware of and understand:
The organisation’s aims, objectives, risk and governance arrangements;
The purpose, risks and issues affecting the service area to be audited;
The terms of reference for the audit assignment so that there is a proper
appreciation of the parameters within which the review will be conducted;
and,
The relevant legislation and other regulatory arrangements that relate to
the service areas to be audited, e.g. Statutes, the Authority’s Scheme of
Powers delegated to Officers, the Authority’s Financial Regulations and
Standing Orders relating to Contracts, Partnership/Service Level
Agreements, Internal Strategies/Policies/Procedural Notes.
76
Appendix 3
NORTH NORFOLK DISTRICT COUNCIL
INTERNAL AUDIT STRATEGY FOR 2014/15
1
1.1
INTRODUCTION AND OVERVIEW
The objectives of North Norfolk Council’s Internal Audit Service are set out in
Internal Audit’s Charter, although they can essentially be summarised as
follows:
‘To deliver a risk-based audit plan in a professional, independent manner, to
provide the organisation with an opinion on the level of assurance it can place
upon the internal control environment, systems of risk management and
corporate governance arrangements, and to make recommendations to
improve these provisions, where further development would be beneficial’.
1.2
Internal Audit’s Charter is subject to annual review by the Internal Audit
Consortium Manager and will then be re-presented to the Audit Committee for
formal approval.
1.3
Each year, an audit needs assessment is undertaken by the Internal Audit
Consortium Manager in order to develop an updated 3-year Strategic Audit
Plan, with an Annual Audit Plan being extracted from the latter for adoption in
the succeeding financial year.
1.4
A computer audit needs assessment (CANA) is also usually performed on a
3-yearly cycle by the Internal Audit Services contractor, and the outcomes of
this exercise will additionally feed into the reworked 3-year Strategic Audit
Plan and the Annual Audit Plan.
2
2.1
WHAT THE INTERNAL AUDIT STRATEGY SETS OUT TO ACHIEVE
The purpose of the Internal Audit Strategy is to confirm:

How the service will be delivered to the Council over the next 12 months.

The level of audit resources (i.e. planned audit days) required to secure
annual audit opinions in relation to the Council’s systems of internal
control and risk management, and corporate governance arrangements.

The range and scope of the assignments selected for scrutiny, which
collectively will provide an appropriate body work and corresponding
evidence to derive annual audit opinions as required by the Public Sector
Internal Audit Standards for the year ahead.

The opinions will generate independent sources of assurance which will
serve to inform the authority’s Annual Governance Statement.

Internal Audit coverage has recognised and responded to the changing
risks and priorities that face the Council.

There is adequate annual examination of the fundamental financial
systems with audit sampling and testing sufficient for External Audit
purposes, such that PriceWaterhouseCoopers can place reliance upon
the outcomes of Internal Audit work in these areas.

Appropriate audit support has been made available to senior
management and steps initiated to provide added value, wherever
possible.
77
3
3.1
DEVELOPMENT OF THE CURRENT INTERNAL AUDIT STRATEGY
The formation of the present Internal Audit Strategy is essentially risk driven,
whilst also acknowledging that the primary issues to the Council at present
are the ongoing need to deliver financial savings and legislative changes, and
this in itself generates additional risks for the authority. As a result, extensive
consultations have been undertaken with the Heads of Service, in order to
refine draft strategic audit planning proposals, and thereafter, a meeting has
been held with Corporate Leadership Team to finalise future audit coverage
and the sequencing of audit projects to provide a programme of planned work
that utilises audit resources to best advantage, supports the authority in the
delivery of its corporate aims and generates independent assurances on
operational arrangements where they are needed most. In undertaking the
audit needs assessment, we have also considered a number of core
documents that have enhanced our understanding of the operational
environment at the Council.
These documents have encompassed the
Corporate priorities and objectives, plus the risks to their achievement as
noted in the Corporate Risk Register and via documented operational risks, a
range of Cabinet and Committee Reports, new and amended Policies and
Strategies, as well as External Audit documentation.
3.2
Seven key risk factors have then been applied to potential auditable areas
and their impact on the organisation evaluated in terms of:
Materiality – the value of annual direct income/expenditure associated
with the systems/activities;
Materiality – an estimate of the number of transactions processed by the
systems/activities per annum;
Significance – the significance of the systems to the objectives and
activities of the Council;
Complexity of the organisation’s systems/activities in terms of their
operation and auditability;
Modifications to the organisation’s systems/activities or the likelihood of
changes (i.e. new arrangements) being introduced within the duration of
Audit Plans being put forward;
Inherent risk, i.e. the likelihood of threats, error or malpractice to the
organisation, because of the nature of its business activity, the regulatory
framework, its size, its growth, its history, etc; and,
Profile of auditable areas, reflecting on the political sensitivity of the
systems/activities.
3.3
With reference to inherent risk, the Audit Needs Assessment is cognisant of
those areas where there is a higher incentive, motivation and rationalisation
to commit a fraudulent or corrupt act, e.g.
o Housing Benefits
o Provision of Discounts (e.g. Council Tax Discounts)
o Awarding of Grants – Community Grants and Private Sector Housing, and
other similar “direct” payments
o Cash Collection
o Credit Income
o Creditor Payments
o Contracts and Procurement
o Loans and Investments
o Payroll, Expense Claims and Recruitment
o Disposal of Assets
78
o
o
o
o
Awarding of Planning Consents
Awarding of Licences
Gifts and Hospitality
Car Parking Income
3.4
The risk factors have been weighted to produce a risk score, expressed as a
percentage that is, in turn, translated into a risk rating of Very High, High,
Medium or Low. Once risks have been categorised, it is then possible to
determine the frequency with which areas identified, should be subject to
audit scrutiny.
Low risk systems will be examined on a 5-yearly cycle.
Medium risk assessed systems should be reviewed on a 3-yearly basis.
High risk areas will be audited on a 2-yearly basis, and Very High areas will
be scrutinised on an annual basis. There can be exceptions to the rule but
these are explained on both the Strategic and Annual Audit Plans, where
relevant.
3.5
Prior to finalising our annual audit needs assessment, we have also been
mindful of changes to the Annual Audit Plan for 2013/14 and where previously
agreed with management, have brought forward a deferred audit to 2014/15 –
this concerns Development Management.
3.6
As mentioned previously in paragraph 1.4, a computer audit needs
assessment is also performed by the Internal Audit Services contractor in
parallel to the audit needs assessment work carried out by the Internal Audit
Consortium Manager. The CANA effectively evaluates the key risks affecting
the IT environment within the Council and having identified risk priority
ratings, it is then possible to use this information to populate a Strategic
Computer Audit Priority Analysis and Annual Computer Audit Plans. The
Internal Audit Services contractor applies a different methodology to the
Internal Audit Consortium Manager however, i.e. very high risk scores call for
2-yearly audit input, high risk scores warrant 3-yearly review and medium risk
scores dictate 4-yearly audit involvement.
4
FORMULATION OF THE STRATEGIC AND ANNUAL AUDIT PLANS
4.1
As noted above in Section 3 of the Strategy, prior to completing the annual
audit needs assessment for 2014/15, there has been liaison with key
personnel at the Council to identify a level of audit coverage necessary to
provide requisite annual audit opinions.
4.2
Draft strategic audit planning proposals for 2014/15 were discussed with key
personnel on 5 February 2014, after which Corporate Leadership Team’s
views were canvassed on 11 February 2014 to confirm their acceptance of
the coverage to be submitted to the Audit Committee for approval.
Moreover, we have also provided External Audit with copies of the new
Strategic and Annual Audit Plans, prior to their presentation to the Audit
Committee.
4.3
Upon receiving the Audit Committee’s approval to the new year Audit Plans,
the Internal Audit Consortium Manager will instruct the Internal Audit Service
contractor (Mazars Public Sector Internal Audit Ltd) to adopt the Annual Audit
Plan as their work programme for 2014/15.
79
North Norfolk District Council - Strategic Audit Plan - April 2014 to March 2017
Description of audit
Audit Days
Delivered
2013/14
Strategic risk Reference
Assessed audit risk
Frequency of coverage
Appendix 4
2014/15
2015/16
2016/17
Days planned
Days planned
Days planned
ANNUAL OPINION AUDITS
Review of Corporate Governance and Risk Management arrangements
003 (CR), 005 (CR)
High
2-yearly
8
8
8
Work to support the preparation of the Annual Governance Statement
15
Very High
Annual
10
15
10
Follow up previous systems audit recommendations
8
Annual
Not applicable
8
8
8
001 (CR), 004 (CR),
015 (CR)
High
2-yearly
009 (CR)
High
High
2-yearly
2-yearly
13
High
2-yearly
20
High
Ad-hoc request by
management
High
2-yearly
20
High
2-yearly
FUNDAMENTAL FINANCIAL SYSTEMS
Head of Finance
Accountancy services - control accounts, banking, bank reconciliation,
asset management / capital expenditure, budgetary control and treasury
management
Creditors - ordering and payments and insurance
Receipt, handling and banking of remittances, tourist information centres,
etc
17
12
Council Tax and NNDR
011 (CR), 012 (CR),
015 (CR)
011 (CR)
Local Council Tax Support / Housing Benefits
Revenues and Benefits Partnership - Data Transfer, Governance and Risk
Sundry Debtors
10
17
13
12
20
20
5
2-yearly
10
Head of Organisation Development
Payroll, human resources and officers & member expenses
003 (CR), 005 (CR),
006 (CR)
19
19
Page 1 of 4
80
North Norfolk District Council - Strategic Audit Plan - April 2014 to March 2017
Description of audit
Audit Days
Delivered
2013/14
Strategic risk Reference
Assessed audit risk
Frequency of coverage
Appendix 4
2014/15
2015/16
2016/17
Days planned
Days planned
Days planned
OTHER SYSTEMS AUDIT
Head of Economic and Community Development
Tourism & Economic Development
Coastal Protection
Homelessness and Housing Options
10
Housing Strategy and Affordable Housing Initiatives
Private Sector Housing - Disabled Facilities Grants (to be undertaken in
conjunction with Broadland Council) & discretionary improvement grants
Localism and Communities - including focus on Big Society Fund Grant
Scheme
Medium
Medium
High
Medium
Medium
3-yearly
3-yearly
2-yearly
3-yearly
3-yearly
Medium
3-yearly
004 (CR)
High
2-yearly
10
004 (CR), 010 (CR)
Medium
3-yearly
22
007 (CR)
Medium
3-yearly
10
Medium
3-yearly
10
Medium
3-yearly
10
002 (CR)
010 (CR)
010 (CR)
8
10
10
10
10
8
10
Head of Development Management
Development Management includes planning applications, planning
enforcement, s106 agreements, Community Infrastructure Levy, Land
Charges and Building Control
Head of Assets and Leisure & Head of Economic and Community
Development
Partnerships
Head of Assets and Leisure & Head of Environmental Health
Parks and Open Spaces, plus Woodland Management
Corporate Leadership Team
Media and Communications
005 CR)
Page 2 of 4
81
North Norfolk District Council - Strategic Audit Plan - April 2014 to March 2017
Description of audit
Audit Days
Delivered
2013/14
Strategic risk Reference
Assessed audit risk
Frequency of coverage
Appendix 4
2014/15
2015/16
2016/17
Days planned
Days planned
Days planned
OTHER SYSTEMS AUDIT
Head of Environmental Health
Waste Management including contract / agreement monitoring, income
collection and monitoring, refuse collection, street cleansing, recycling,
clinical waste, abandoned vehicles and grounds maintenance
18
High
2-yearly
18
Environmental Health Services includes emergency planning, food safety,
environmental protection, pest control, dog warden, licensing and pollution
control
19
Medium
3-yearly
Medium
Medium
3-yearly
3-yearly
Medium
High
3-yearly
2-yearly
Medium
3-yearly
12
High
2-yearly
10
Low
5-yearly
008 (CR)
Medium
3-yearly
009 (CR)
Medium
3-yearly
19
Head of Assets and Leisure
Sports Halls/Centres & Sports Development
Leisure Complexes, Other Sports, Arts & Entertainment, including Pier
Pavilion
Property services
Car parking & markets
001 (CR)
16
12
10
12
16
Head of Organisational Development
Elections and Electoral Registration
Performance management, corporate policy and business planning
including annual action plans
Democratic Services - Member Services, Training and Allowances
015 (CR)
10
8
Head of Legal
Freedom of Information and Data Protection
8
8
Head of Finance
Procurement
TOTAL DAYS PER ANNUM FOR SYSTEMS AUDIT
141.0
10
184
189
163
Page 3 of 4
82
North Norfolk District Council - Strategic Audit Plan - April 2014 to March 2017
Description of audit
Audit Days
Delivered
2013/14
Strategic risk Reference
Assessed audit risk
Frequency of coverage
Appendix 4
2014/15
2015/16
2016/17
Days planned
Days planned
Days planned
4
4
4
COMPUTER AUDIT
Head of Business Transformation and IT
Follow up of previous computer audit recommendations
4
Computer audit needs assessment
5
Annual
Not applicable
5
Provision for computer audit coverage pending results of needs
assessment
30
Infrastructure
Network Infrastructure
Very High
2-yearly
7
Network Security
Very High
2-yearly
8
High
3-yearly
8
Medium
4-yearly
7
Virus Protection / Spyware
Firewalls
Management Issues
Project Management
Medium
4-yearly
008 (CR)
Very High
2-yearly
013 (CR)
Very High
2-yearly
Business Continuity
High
3-yearly
Software Licensing
High
3-yearly
6
Very High
2-yearly
10
IT Security, Procurement and End User Controls
13
Data Centre, Back Up, Disaster Recovery
Information Governance (Data Protection and Freedom of Information)
7
Application Systems
Cedar Financial Application
Document Imaging - Civica (Revenues and Benefits)
10
Revenues and Benefits - Civica OpenRevs
13
012 (CR)
High
3-yearly
Medium
4-yearly
High
3-yearly
Cash Receipting Application
High
3-yearly
Register of Electors (eXpress)
High
3-yearly
TOTAL DAYS PER ANNUM FOR COMPUTER AUDIT
TOTAL AUDIT DAYS PER ANNUM
7
45
34
39
34
186.0
218
228
197
Page 4 of 4
83
Appendix 5
North Norfolk District Council
Annual Audit Plan - April 2014 to March 2015
2014/15
Client Officer
Quarter 1
Quarter 2
Quarter 3
Assessed Audit
Risk
Frequency of
audit
coverage
Days
Planned
High
Annual
8
Very High
Annual
10
Annual
Not applicable
8
Creditors - ordering and payments and
insurance
High
2-yearly
13
Council Tax and NNDR
High
2-yearly
20
Local Council Tax Support / Housing
Benefit
High
2-yearly
20
20
Payroll, human resources and officer &
member expenses
High
2-yearly
19
19
Identification of areas to be audited
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Quarter 4
Dec
Jan
Feb
Mar
ANNUAL OPINION AUDITS
HEAD OF FINANCE
Review of Corporate Governance and
Risk Management
Work to Support the preparation of the
Annual Governance Statement
Follow Up previous systems audit
recommendations
8
10
4
4
FUNDAMENTAL FINANCIAL SYSTEMS
HEAD OF FINANCE
HEAD OF
ORGANISATIONAL
DEVELOPMENT
13
20
OTHER SYSTEMS AUDIT
HEAD OF FINANCE
Procurement
Medium
3-yearly
10
HEAD OF ECONOMIC
AND COMMUNITY
DEVELOPMENT
Coastal Protection
Medium
3-yearly
10
Page 1
84
10
10
February 2013
Appendix 5
North Norfolk District Council
Annual Audit Plan - April 2014 to March 2015
2014/15
Quarter 1
Assessed Audit
Risk
Frequency of
audit
coverage
Days
Planned
Localism and Communities - including
focus on Big Society Fund Grant Scheme
High
2-yearly
10
Development Management includes
planning applications, planning
enforcement, s106 agreements,
Community Infrastructure Levy and Land
Charges
Medium
3-yearly
22
HEAD OF ASSETS AND Sports Halls / Centres & Sports
Development
LEISURE
Medium
3-yearly
12
HEAD OF
ORGANISATIONAL
DEVELOPMENT
Medium
3-yearly
12
High
2-yearly
10
Client Officer
HEAD OF
DEVELOPMENT
MANAGEMENT
Identification of areas to be audited
Elections and Electoral Registration
Performance Management, Corporate
Policy and Business Planning including
annual action plans
TOTAL SYSTEMS AUDIT DAYS
184
Page 2
85
Apr
May
Quarter 2
Jun
Jul
Aug
Quarter 3
Sep
Oct
Nov
Quarter 4
Dec
Jan
Feb
Mar
10
4
10
22
12
12
10
0
0
10
42
0
4
22
39
20
33
February 2013
Appendix 5
North Norfolk District Council
Annual Audit Plan - April 2014 to March 2015
2014/15
Client Officer
Quarter 1
Assessed Audit
Risk
Frequency of
audit
coverage
Days
Planned
Annual
Not applicable
4
Network Infrastructure
Very High
2-yearly
7
Network Security
Very High
2-yearly
8
High
3-yearly
8
Medium
4-yearly
7
Identification of areas to be audited
Apr
May
Quarter 2
Jun
Jul
Aug
Quarter 3
Sep
Oct
Nov
Quarter 4
Dec
Jan
Feb
Mar
COMPUTER AUDIT
STRATEGIC DIRECTOR - Follow up of previous computer audit
recommendations
INFORMATION
Virus Protection / Spyware
Firewalls
2
2
7
8
8
7
TOTAL COMPUTER AUDIT DAYS
34
7
0
8
0
0
2
0
8
7
0
0
2
TOTAL DAYS FOR SYSTEMS AND COMPUTER AUDIT IN 2014/2015
218
7
0
18
42
0
6
22
47
27
33
10
6
Page 3
86
February 2013
Appendix 6
Summary of Internal Audit Coverage for 2014/15
The following table sets out the proposed coverage of each audit identified in the Annual Audit Plan for 2013/14. The more detailed scoping
of reviews will be determined at the planning stage for each audit, with terms of reference being confirmed in audit briefs, drawn up in
consultation with client officers.
Systems Audits
Title
Review
of
Governance
Management
Description
Corporate In 2012/13, we were able to give a good audit opinion in relation to Corporate Governance and an adequate
and
Risk assurance in relation to Risk Management.
Thereafter, we had intended to adopt a 2-yearly cycle of audit coverage; however, the Public Sector Internal
Audit Standards (PSIAS) require annual scrutiny and assurance to be obtained. In order to meet this
obligation, we are thus reintroducing annual reviews and in 2014/15., propose to fulfil the Corporate
Governance aspect by examining change and transformation at the Council, the standards also call for a
review of how the authority is promoting appropriate ethics and values.
It is recognised that the new post of Head of Business Transformation and IT will be taking a number of
projects through the Council, at the time of the audit progress with these projects will be discussed and
inclusion of review of some of these will be considered for review, if appropriate.
The audit will additionally give due attention to risk management provisions, to confirm that:
Significant risk are identified and assessed;
Appropriate risk responses are forthcoming that align risks with the organisation’s risk appetite; and,
Relevant risk information is captured and communicated in a timely manner across the organisation,
enabling staff, management and members/Cabinet to carry out their responsibilities.
Work to support the Annual This audit is used to assist the Internal Audit Consortium Manager to produce the Annual Report and
Governance Statement 2013/14 Opinion for 2014/15. Essentially, testing will be performed on the Council’s key controls (that have not
otherwise been tested as part of the Annual Audit Plan) to highlight any significant control weaknesses. In
addition, where appropriate, there will be top up testing in relation to core financial systems reviewed in
87
Appendix 6
Summary of Internal Audit Coverage for 2014/15
detail earlier in the year, to ensure that audit samples cover a full year of transactions.
We will work closely with the External Auditors to ensure that our sample testing is sufficient for their
purposes, and hence they are able to place maximum reliance on our work.
This audit typically covers the key controls in relation to the following fundamental financial systems; Payroll,
Creditors / Accounts Payable, Council Tax and National Non-Domestic Rates, Local Council Tax Support
and Housing Benefits, Fixed Assets, General Ledger, Debtors / Accounts Receivable, Cash / Remittances,
Treasury Management – Investments / Loans, Budgetary Control, Car Park Income. The audit also covers
the Council’s assurance framework.
Creditors
–
ordering
payments and insurance
and This area was last reviewed in 2012/13, is a key system for the Council and thus audited on a 2-yearly basis.
On conclusion of the last audit an adequate assurance opinion was awarded. The audit typically covers the
following areas and ensures that the key controls, as required by External Audit are also included::
Policy, Procedure and Systems (Related to the associated areas detailed below);
Ordering;
Creditors;
VAT;
Visa Purchase Card Usage; and
Insurances.
Through discussion it is recognised that the use of purchase orders is on the increase and it is the desire of
the Head of Finance that these are used more frequently and steps are being taken to ensure this. The
audit will therefore review the use of these and where improvements can be made. The Council now also
widely uses Purchasing Cards and testing will review the controls in place within this part of the system.
Council Tax and NNDR
This area is reviewed on a 2-yearly basis and in 2012/13 the audit concluded in a limited assurance level
being awarded. Recommendations were made to ensure that there is regular reconciliation of refunds and
authorisation of these refunds, independent review of reliefs, discounts and exemptions and retrospective
void reliefs, a regular timetable in place to ensure ongoing eligibility of these discounts and prompt
processing and authorisation of write offs.
88
Appendix 6
Summary of Internal Audit Coverage for 2014/15
All of these recommendations have been reported as implemented and the audit will ensure that these are
now being consistently applied across the system.
This is a key system for the Council and coverage will include the following areas, also ensuring that external
audits requirements in relation to key control testing is also reviewed:
Valuation and Billing Records;
Billing;
Collection of Income;
Suspense Accounts;
Reconciliation to the General Ledger;
Refunds and Transfers;
Discounts, Exemptions and Reliefs;
Arrears Recovery; and
Write Offs.
Local Council Tax Support / Local Council Tax Support and Housing Benefits is a key system for the Council, and as such audited on a
Housing Benefits
2-yearly basis. On conclusion of the audit in 2012/13 a limited assurance level was awarded.
Recommendations were made to ensure that new claims and changes are dealt with in a timely manner,
prompt clearance of suspense items, prompt processing and authorisation of write offs, prompt actioning of
declarations of interest and dealing with appeals in a timely manner. All of the recommendations have been
addressed, however in relation to timely processing of new applications and changes this is continually
monitored by the service and reported through the quarterly performance reports, with action being taken to
address this.
The coverage for 2014/15 will encompass the key controls applying to Local Council Tax Support / Housing
Benefits with reference to:
Procedures and Legislation;
Receipt and Assessment of Applications;
Payment of Housing Benefit;
89
Appendix 6
Summary of Internal Audit Coverage for 2014/15
Overpayments, Arrears and Write Offs;
Fraud;
Backdated Claims;
Discretionary Payments; and
Appeals.
It is recognised that as a result of the Local Council Tax Support Scheme there are more applications now
for Discretionary Housing Payments, testing in this area will look at the application process and also how
decisions are made on whether to award this payment.
There is also a new integrated Overpayments module and all new overpayments are within this module,
testing will focus on this new module and the processes and procedures in place to ensure that appropriate
controls are within this new part of the system.
Payroll, human resources and Payroll and HR is a key system for the Council, and as such audited on a 2-yearly basis, and in 2012/13 was
officer & member expenses
awarded an adequate assurance level.
An element of the review is therefore dictated by the requirement to test the key controls operating in this
area, in particular:
Starters and Leavers;
Controls over completeness and accuracy of data held on the payroll system;
Processing of payment runs; and,
Reconciliations of the payroll system.
Further testing will be performed to ensure sufficient coverage of the wider control environment, as well as
focusing in on more specific areas to give greater scrutiny of arrangements. This will be determined during
the detailed audit planning process but has previously included areas such as; Officer and Members
Expenses, Removal and Disturbance Allowances, Sickness Absence, HR and Organisational Development
and Mileage Claims.
The Council is also part of Coast Share whereby back office services are provided by the Council to small
businesses and nor for profit organisations, through this group. It is early days, however it is recognised that
90
Appendix 6
Summary of Internal Audit Coverage for 2014/15
there is the appetite for providing Human Resources services through this avenue. At the time of the audit
the uptake of this service will be established and how this is balanced in relation to meeting the Council
needs will be reviewed.
Procurement
This area was last reviewed in 2012/13, with an adequate assurance level being awarded. The audit reviews
the Council’s Contract Standing Orders and ensures that these are complied with and follow current law and
regulation, in particular in light of the new EU Procurements Directives, due for implementation into national
law by 30 June 2014. The audit will also ensure that the Council is obtaining economy, efficiency and
effectiveness in its spending.
The audit typically reviews the following scope:
Policies, Procedures, Laws and Regulations;
Resources, Roles and Responsibilities;
Tender and Quotations Rules;
Purchase ledger analysis; and
Contracts Register.
It is noted that there has been a lot of procurement activity in relation to the effects of the recent tidal surge,
testing within this audit will not cover this and these payments will be reviewed as part of the Coastal
Protection audit.
Coastal Protection
Coastal Protection is reviewed on a 3-yearly basis and was last reviewed in 2011/12 with a good assurance
opinion being awarded on conclusion of the work.
Since we last audited this area a Measured Term Contract was procured in 2012 and is now in place with
Reno Steel. The audit will review how the contract is managed and monitored to ensure it meets with the
Council’s requirements The scope will include:
Strategy and Governance;
Financial Management; and
Contract Monitoring.
In addition the audit will also review the recent expenditure incurred by the service as a result of the tidal
91
Appendix 6
Summary of Internal Audit Coverage for 2014/15
surge across the County, to ensure that Procurement rules were followed and how this is to be funded.
Localism and Communities
This is a new audit for 2014/15 and has been introduced mainly as a result of the Localism Act, which has
introduced new rights and powers for communities and individuals in relation to the Community Right to
Challenge the Community Right to Bid, and Neighbourhood Planning. This audit will review the
preparedness of the Council in relation to these areas.
However during discussion with Senior Management it has been agreed that the main scope of the audit will
be to review the Big Society Fund Grant Scheme.
This is the second year of the scheme and has recently been brought in house. The audit will look at the
processes that organisations have to follow to apply for grants and how this is subsequently awarded by the
Big Society Board.
Development
Management
includes planning applications,
planning enforcement, s106
agreements, building control,
Community Infrastructure Levy
and Land Charges
The Planning Service hosted a Local Government Association / Planning Advisory Service Peer Challenge
in 2013 to support, promote and improve the authority’s Planning Service, and in particular, the
Development Management Service.
It is hoped that the review of staffing structures, processes,
negotiation with developers and planning enforcement activity with a team of External Specialists will enable
an Improvement Plan to be formulated, which can resolve service delivery problems which have been
steadily increasing since 2010/11.
This audit was initially planned for coverage in 2013/14 however it was agreed that more value would be
added if the audit was postponed to 2014/15, enabling full comment to be provided upon the new
operational arrangements put in place following the Peer Review, providing an independent focus on internal
control systems relating to planning application processes, planning enforcement, building control, income
processing and section 106 agreements.
It was envisaged that coverage would also include the Community Infrastructure Levy however it is noted
that in July 2013 the Council agreed that introduction of CIL at that time represented a risk to the
development strategy and it was recommended that consideration of CIL should be suspended and
reconsidered at a future date when there are cleared signs of economic recovery. The current position in
relation to CIL will be discussed at the time of the audit.
92
Appendix 6
Summary of Internal Audit Coverage for 2014/15
If time permits, Land Charges represents a further area where audit coverage might additionally be included.
Sports Halls / Centres & Sports This area is subject to 3-yearly review and on conclusion of the most recent audit in 2011/12 an adequate
Development
assurance opinion was awarded. This audit traditionally looks at the following areas:
Procedures (including staff verification checks);
Income and Expenditure, including stock and security;
Maintenance;
Monitoring of the service; and
The audit has also previously reviewed the Mobile Gym / Fit Together initiative. At the time of audit planning
this currently has funding until March 2014 and there are moves to get this funding extended. If successful
this will also form part of the scope of the audit.
It is acknowledged that there is a current review of the lease agreements in place at North Walsham, Cromer
and Stalham, with the first almost being finalised and the other 2 currently ongoing. The buildings are leased
by the Council and are dual use i.e. used by the school during the day and by the public in the evening and
at weekends. The agreements have been in place a long time and they are being revised to ensure that they
are efficient and effective for the Council, and ultimately provide savings for the Council. This aspect will also
be reviewed as part of the audit.
Elections
Registration
and
Electoral This area was last reviewed in 2011/12 and is subject to 3-yearly scrutiny. On conclusion of the last audit a
good assurance level was awarded.
The scope however will be quite different this year as it is appreciated that this audit is being undertaken in
the year that the Individual Electoral Registration (IER) is introduced, which paves the way for a fundamental
change to the way people can register to vote. At present, one person in every household is responsible for
registering everyone else who lives at that address, whereas the Government is proposing that, from
summer 2014, each person will be required to register to vote individually, rather than by household. The
key principles that should underpin the effective introduction of IER are:
The system should ensure that anyone is eligible to take part in elections in Great Britain from registering to
vote.
The system should ensure that anyone who is not eligible to vote is not included in an Electoral
93
Appendix 6
Summary of Internal Audit Coverage for 2014/15
Register.
These changes to the system should be easily explained to, and understood by electors.
The system should ensure that all personal data is properly managed and protected.
The system should be capable of being implemented efficiently and without a detrimental impact on
the existing duties and responsibilities of Electoral Registration Officers.
We will be checking to see how the Council is performing against the above criteria.
The Electoral Registration and Administration Act 2013, which received Royal Assent on 31st January 2013,
provides the legal framework for IER.
Work on introducing IER is scheduled during the spring and summer of 2014 and will involve comparison
between existing Council Registers and records held by the Department for Work and Pensions (DWP) in
order to verify the identity of people currently on the registers. This process is known as ‘confirmation’. The
final household canvass will take place in spring 2014 with planned confirmation in the summer of 2014.
Performance
Management, This audit was last undertaken in 2012/13 and is subject to 2-yearly review, with an adequate assurance
Corporate
Planning
and being provided on conclusion of the audit.
Business Planning including
annual action plans
The audit will focus on the performance management framework, including the annual action plans at the
Council. It is recognised that the current Corporate Plan is dated 2012 to 2015, and the annual action plans
ensure delivery of the corporate plan.
The quarterly performance reports cover annual action plans, performance indicators and service risks. The
recently published Equality Policy will also link into the performance reports so that this becomes integrated
into the continual review process at the Council.
The audit will review the processes behind the quarterly performance reports, the collection of all the data
and how this is presented to Senior Officers and Members.
94
Appendix 6
Summary of Internal Audit Coverage for 2014/15
Computer Audits
Network Infrastructure
The network infrastructure enables users to connect to servers and equipment, which is not directly
connected to their own physical PC or workstation. The review of the network infrastructure includes
reviewing the following key areas:
Network administration;
Network monitoring;
Network topology and resilience;
Remote access servers and security;
Routers; and
Virus detection / prevention.
Network Security
A Network security audit looks at the following areas:
Domain accounts policies;
Audit policy settings;
User privileges;
Trusted and trusting hosts;
User accounts and passwords;
Services and drivers;
Home directories, logon scripts
Security Option settings;
Logical drives;
Default login accounts; and
Discretionary access controls (DACLs)
Virus Protection / Spyware
Computer viruses can infect the Council’s IT systems from a number of sources including downloads from
the internet and e-mail attachments to a user bringing in infected portable media. The result of an infection
could range from temporary annoyance due to an increase in processing to the complete shutdown and
corruption of the network. The recent trend has also been for systems to be infected with Spyware that are
programs that can cause re-direction to internet sites or the monitoring of users internet habits. Virus and
Spyware controls are designed to protect the Council’s systems from such threats and this audit will look that
the controls in place to protect the Council from this risk. This audit has previously been on the reserve list,
95
Appendix 6
Summary of Internal Audit Coverage for 2014/15
although is now deemed to be an area that should be included within the Plan.
Firewalls
The primary objective of a firewall is to control the incoming and outgoing network traffic by analysing the
data packets and determining whether it should be allowed through or not, based on a predetermined rule
set. As this is an area that has not previously been audited at the Council, it has been selected for scrutiny
in this plan. The audit will look at the Council’s firewalls in the following areas of management
responsibilities:
Topology and resilience;
Firewall configuration settings;
Change controls; and
Security validation tests.
96
Appendix 7
North Norfolk District Council
Map of Audit Assurances provided since 2008/09
2008-09
2009-10
2010-11
2011-12
Adequate
Adequate
Adequate
Adequate
2012-13
2013-14
2014-15
Annual Opinion Audits
Corporate Governance and
Risk Management
Corporate Governance
Risk Management
X
Good
Adequate
Ethical Governance
Adequate
One-off audit
AGS - Assurance Framework
Adequate
Key - AGS relates to Work to Support the preparation of the Annual Governance Statement. This work scrutinises key controls only,
rather than providing for an in-depth review of systems in their entirety and because of this, the type of assurance that we are able to
give is restricted to adequate or limited.
Fundamental Financial Systems
Sundry Debtors
AGS - Sundry Debtors
Remittances
AGS - Cash
Accountancy Services
Treasury Management,
Control Accounts, Banking,
Asset Register, Budgetary
Control and Journals
Bank Reconciliation
AGS - Fixed Assets
AGS - General Ledger
AGS - Treasury Management
AGS - Budgetary Control
Local Council Tax Support
and Housing Benefits
Council Tax / NNDR
Exchequer/Creditors
Payroll / HR
Budgetary Control
Revenues and Benefits
Partnership - Data Transfer,
Governance and Risk
Adequate
Limited
X
Adequate
Adequate
Adequate
X
Adequate
Adequate
Adequate
See below
Good
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Good
Limited
Limited
Adequate
Adequate
X
X
X
X
Incorporated into accountancy
Good
Adequate
Head of Economic and Community Development
Tourism and Economic
Development
Coastal Protection
Adequate
Homelessness and Housing
Options
Housing Strategy and
Affordable Housing
Adequate
Private Sector Housing and
Disabled Facilities Grants
Adequate
Communities and Safety
Adequate
X
Good
Adequate
X
Adequate
Good
Adequate
Adequate
Absorbed into future audits concerning Localism and Communities
Limited
Localism and Communities
X
Head of Development Management & Head of Economic and Community Development
Development Management,
Planning, s106 Agreements,
Community Infrastructure
Levy and Land Charges
Postponed to
2014/15
Adequate
Head of Assets and Leisure & Head of Economic and Community Development
Partnerships
Limited
Head of Environmental Health
Waste Management
Environmental Health
Head of Assets and Leisure
Sports Halls/Centres
Leisure Complexes
Property Services
Car Parking and Markets
AGS - Car Park Income
Limited
X
Adequate
Adequate
Adequate
Limited
Limited
Adequate
Adequate
Limited
Adequate
Adequate
Adequate
X
Adequate
Adequate
Limited
Adequate
Adequate
February 2013
97
Appendix 7
North Norfolk District Council
Map of Audit Assurances provided since 2008/09
Head of Assets and Leisure & Head of Environmental Health
Parks and Open Spaces
Limited
Head of Organisational Development
Elections / Electoral
Registration
Data Quality
Adequate
Performance Management,
Corporate Policy and
Business Planning, inc Annual
Action Plans
Head of Legal
Legal Services, Data
Protection, Freedom of
Information
Whistleblowing
Concessionary Fares
Adequate
Head of Finance
Projects and Procurement
Car Allowances
Adequate
Adequate
Limited
Adequate
Good
Discontinued as NI's ending
Good
Deferred to 2012/13
Adequate
Adequate
Unsatisfactory
X
X
Good
One-off audit
Function transferred to County Council
Adequate
Adequate
X
One-off audit
IT Audits - Head of Business Improvement and IT
General Ledger/Cedar
Financials Application
Project Management
General IT Controls
Cash Receipting
Document Imaging and
Workflow Application - Civica Revenues and Benefits
IT Security
IT Security, Procurement and
End User Controls
Software Licensing
Revenues and Benefits
Application
Network Infrastructure
Business Continuity
Data Centre, Back Up,
Disaster Recovery
Data Consistency
Payroll and Personnel
Content Management
Network Security
Virus Protection / Spyware
Firewalls
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Limited
Adequate
X
Limited
Adequate
Adequate
Adequate
Adequate
X
X
X
February 2013
98
Appendix 8
Performance Indicators for the Internal Audit Service
Internal Audit performance is monitored as detailed below.
Indicator
% audit recommendations
accepted by management
Target
90%
% high priority
recommendations
implemented
100%
Number of days between the
issue of Internal audit briefs
and commencement of audit
fieldwork
10 working
days
Number of days between the
expected completion of audit
fieldwork (as per the audit
brief) and actual completion
of audit fieldwork
Number of days between the
completion of audit fieldwork
and issue of draft report
0 working days
Number of days between the
issue of the draft and final
report
Number of days between the
completion of the fieldwork
and issue of a final report
15 working
days
10 working
days
Purpose
Acceptance of audit recommendations by
management ensures that where
improvements are required to the internal
control environment, appropriate action will
be taken to secure these enhancements.
However, there can be occasions where
recommendations are disputed. In these
cases, there may be justifiable reasons for
management not supporting the
recommendation, e.g. compensating controls
have been put in place. Conversely,
management can take the decision to accept
the risks identified, particularly if insufficient
resources preclude action being taken.
However, this will mean that there are
vulnerabilities in systems of internal control,
which are not being addressed.
Management’s commitment in implementing
high priority recommendations ensures that
high profile risks/fundamental flaws in
systems of internal control are suitably
resolved.
Management should have sufficient time to
consider and shape audit objectives driving
review work before the fieldwork starts.
Hence, adequate consultation is permitted
enabling management to make a
contribution to terms of reference thereby
ensuring the audit adds value to their service
area.
This indicator seeks to check that audit
fieldwork finishes in a timely manner and
thus audits progress as expected, and there
are no unnecessary delays.
The draft report is the first stage after which
management will have written confirmation
of the audit outcomes. Issue on a timely
basis provides better opportunity for
management to be able to comment, and
also ensures that the audit plan is delivered
as expected.
Delivery of a timely final report ensures that
management can commence the process of
addressing internal control weaknesses.
This is a combination of the two performance
indicators above and reflects the total time
incurred in completion of the audit process.
25 working
days
99
Indicator
Average score given to audit
feedback
Target
Adequate
Compliance with the Public
Sector Internal Audit
Standards
Full
Compliance with the CIPFA
Statement on the Role of the
Head of Internal Audit
Purpose
This is the main indicator of audit quality and
is based upon the feedback received by
management for individual audit
assignments, which range on a 6-point
basis, namely poor, weak, less than
adequate, adequate, good and excellent.
These Standards encompass the mandatory
elements of the Institute of Internal Auditors
(IIA) International Professional Practices
Framework.
A checklist has been developed from the
guidance, which will be completed annually,
with the results feeding into our review of the
effectiveness of internal audit.
This Statement sets out what CIPFA
considers being best practice for Heads of
Internal Audit in terms of providing a
summary of the core responsibilities entailed
in the role to support the Council in achieving
its objectives, by giving assurance on its
internal control arrangements and playing a
key part in promoting good corporate
governance. A checklist has been
developed from the guidance, which is
completed annually and feeds into our
review of the effectiveness of internal audit.
Full
100
Audit Committee
17 March 2014
Agenda Item No______11_______
Progress Report on Internal Audit Activity, 26 November 2013 to 25 February 2014
Summary:
This report examines progress made between 26 November
2013 and 25 February 2014 in relation to delivery of the Annual
Audit Plan for 2013/14.
Conclusions:
A total of 1 audit assignment has been processed culminating in
a mix of good and adequate assurances being awarded to date
this financial year.
Recommendations:
It is recommended that the Committee notes the outcome of the
audit completed between 26 November 2013 and 25 February
2014 where an assurance level has been given and the
progress to date with the annual audit plan.
Cabinet member(s):
All
All
Wards:
Contact Officer,
telephone
number, and
e-mail:
1.
Emma Hodds, Deputy Audit Manager
01508 533791
elhodds@s-norfolk.gov.uk
Background
1.1
The Accounts and Audit Regulations 2011 require that the Council must
undertake an adequate and effective internal audit of its accounting records and
of its system of internal control in accordance with the proper practices in
relation to internal controls. To assist the authority with fulfilling this
responsibility, this Activity Report seeks to build on the findings of the previous
two Progress Reports provided to members in September and December 2013,
examining further progress made with regards to progressing assignments
featuring in the approved Annual Internal Audit Plan for 2013/14, which was
endorsed by the Audit Committee on 19 March 2013.
1.2
The Public Sector Internal Audit Standards which came into affect on 1 April
2013 also require that this Committee receives regular communications
regarding Internal Audit’s performance in relation to the Annual Audit Plan. This
101
Audit Committee
17 March 2014
report thus aims to meet this requirement and ensure that independence and
objectivity (Standard 1100) are maintained.
2.
Amendments to the Annual Audit Plan
2.1
Since we last reported on the status of the Annual Audit Plan and provided
members with details regarding two minor amendments to timings of audits and
the requirement to defer 2 audits (Revenues and Benefits Services – Data
Transfer, Governance and Risk and Development Management) there has been
no further adjustments to the annual audit plan.
3.
Delivery of Programmed Audit Work in accordance with the Revised
Annual Audit Plan
3.1
As demonstrated in Appendix 9, 171 days of programmed work had been
completed at the time of writing this report. This figure equates to 92% of
revised audit planned days earmarked for completion in 2013/14. The status of
individual audits can be summarised thus:
One assignment has been completed and final reports issued where audit
assurance levels have been generated – Audit No. NN/14/09 Sundry
Debtors.
The audit fieldwork is under way for the remaining audits; NN/14/05
Economic Development, NN/14/10 Work to Support the Annual Governance
Statement, and NN/14/11 Receipt, handling and banking of Remittances.
4.
Outcomes of Work Undertaken
4.1
With reference to work completed between 26 November 2013 and 25 February
2014, as mentioned above, the corresponding management summary is
attached at Appendix 10 to the report.
4.2
In relation to the audit of Sundry Debtors (NN/14/09) an adequate assurance
level has been awarded on conclusion of the review, which indicates an
improvement in the control environment since the last review. Two medium
priority recommendations were raised in relation to reviewing and refreshing the
Corporate Debt Policy and to ensure that there is a clear audit trail in relation to
transfers.
4.3
Members should note that all audits finalised in this period have received a
positive assurance, i.e. good or adequate and that all audit reports issued so far
in the current financial year, have resulted in positive assurances being
awarded, which emphasises that the systems of internal control evaluated to
date, have been found to be working effectively and efficiently.
4.4
Members should also note that all audit work is currently on track for completion
by the financial year end and to the agreed timetable of work.
5.
Conclusion
102
Audit Committee
17 March 2014
5.1
Good progress has been made with the delivery of the Audit Plan to date;
positive assurances have been awarded and all other work scheduled is on
track as expected.
6.
Recommendation
6.1
That members note the outcomes of the completed audit and the progress
made to date with the completion of the Annual Audit Plan.
Appendices attached to this report:
Appendix 9 – Review Work delivered in accordance with the Annual Audit Plan for
2013/14
Appendix 10 – Abbreviated Management Summaries of Completed Audit Assignments
Appendix 10 (1) NN/14/09 Sundry Debtors
103
Appendix 9
Review Work delivered in accordance with the Annual Audit Plan for 2013/14 plus Ad-Hoc Work requested by Management
Audit No.
Description of Audit
PLANNED SYSTEMS AUDIT WORK
Environmental Health Services
NN/14/01
Frequency of
Audit Coverage
Original Days
Planned
Revised
Days
Planned
Days
Delivered
Scheduling
3-yearly
19
19
19
April
NN/14/02
Private Sector Housing - Disabled Facilities Grants
3-yearly
8
8
8
June
NN/14/03
Car Parking and Markets
2-yearly
16
16
16
July
NN/14/04
Waste Management
2-yearly
18
18
18
August
NN/14/05
Tourism and Economic Development
3-yearly
10
10
3
September
January
February
NN/14/06
Freedom of Information and Data Protection
3-yearly
8
8
8
October
NN/14/07
Accountancy Services
2-yearly
17
17
17
October
Status
Complete
Final report issued 16 July 2013
Complete
Final Report issued 8 August 2013
Complete
Final Report issued 20 August 2013
Complete
Final Report issued 14 October 2013
Fieldwork underway
Complete
Final Report issued 13 November 2013
Complete
Final Report issued 21 November 2013
Treasury Management
Control Accounts
Banking
Asset Register
Budgetary Control
Journal Entries
Bank Reconciliations
Revenues and Benefits Services - Data Transfer,
Governance and Risk
Ad-hoc
5
0
0
October
Quarter 4
Deferred to
2014/15
Audit deferred to 2014/15 at the request of
management
NN/14/09
Sundry Debtors
2-yearly
10
10
10
November
NN/14/10
Work to Support the AGS
Annually
15
15
14
January
Complete
Final Report issued 30 January 2014
Fieldwork underway, draft report imminent
NN/14/11
Receipt, handling and banking of remittances and tourist
information centres
Development Management
2-yearly
12
12
11
3-yearly
22
0
0
January
February
February
Deferred to
2014/15
Annually
8
168
8
141
4
128
Systems Audit Follow Up
TOTAL PLANNED SYSTEMS AUDIT WORK
Summary Report Details
presented to Members
Adequate
17 September 2013
Adequate
17 September 2013
Adequate
17 September 2013
Adequate
10 December 2013
Good
10 December 2013
See Below
10 December 2013
Good
Good
Good
Good
Good
Good
Adequate
NN/14/08
NN/14/12
Assurance
Level
applicable
Fieldwork underway, draft report imminent
Audit deferred to 2014/15 at the request of
management
2 x 6-monthly validation
91%
104
Adequate
17 March 2014
Audit No.
Description of Audit
PLANNED COMPUTER AUDIT WORK
Document Imaging - Civica (Revenues and Benefits)
NN/14/13
Frequency of
Audit Coverage
Original Days
Planned
Revised
Days
Planned
Days
Delivered
Scheduling
4-yearly
10
10
10
NN/14/14
Revenues and Benefits Application - Civica
3-yearly
13
13
13
July
September
September
NN/14/15
IT Security, Procurement and End User Controls
2-yearly
13
13
13
October
NN/14/16
Computer Audit Needs Assessment
3-yearly
5
5
5
October
September
Annually
4
45
4
45
2
43
96%
213
186
171
92%
Computer Audit Follow Up
TOTAL PLANNED COMPUTER AUDIT WORK
TOTAL PLANNED WORK
Status
Complete
Final Report issued 25 October 2013
Complete
Final Report issued 28 October 2013
Complete
Final Report issued 14 November 2013
Complete
Final Report issued 26 September 2013
2 x 6-monthly validation
EXTRA WORK REQUESTED
TOTAL OF EXTRA WORK UNDERTAKEN
GRAND WORK TOTAL
0
0
0
213
186
171
92%
101
Assurance
Level
applicable
Summary Report Details
presented to Members
Adequate
10 December 2013
Adequate
10 December 2013
Adequate
10 December 2013
N/A
10 December 2013
Appendix 10
Report No. NN/14/09 – Final Report issued 30 January 2014
Audit Report on Sundry Debtors
Audit Scope
The audit covered;
Policies and procedures;
The raising of Sundry debtors, refunds and transfers;
Direct debits;
Suspense items;
Processing and Recovery of Outstanding Debts
Writing off outstanding debts;
Debtors reconciliation; and
Security arrangements.
The audit also tested the expected controls as contained in external audit’s key control
flowcharts. This work is relied upon by the external auditors during their annual statutory
review of the Council’s accounts and financial processes.
Assurance Opinion
Unsatisfactory
Assurance
Limited Assurance
Adequate
Assurance
Good Assurance
Rationale supporting the award of the opinion
Based on the testing undertaken in line with the scope of our work, the control environment is
overall deemed to be adequate in managing the risks associated with this area, which
indicates an improvement in the control environment since it was last reviewed in 2011/12.It is
also worth noting that eight out of the nine recommendations from NN12/08 that cross-over
with the scope of this audit have been verified fully through this audit. One further
recommendation from NN12/08, which was outside the scope of this audit and related to
performance management, has also been confirmed as complete.
However, there are areas of risk that remain, in relation to segregation of duties. This issue,
as determined in the previous audit of this area (NN12/08), relates to the merging of the
Exchequer and Sundry Income functions and the downsizing of the teams, which means that
the Team Leader, Exchequer and Sundry Income has full access to both the sales ledger and
purchase ledger functionality within the eFinancials system.
This lack of segregation of duty has been mitigated in the area of write offs and refunds with
manual controls being put in place to mitigate the associated risks. However there is not the
same level of mitigation in place in relation to transfers as there is no form of independent
check of transfers from the sundry debtors suspense account to charge payers accounts,
between debtors accounts and from the sales ledger to purchase ledger (for refunds) and with
the absence of a clear electronic audit trail within eFinancials leave the system open to the
risk of potential fraud. Management had previously informed us through our cyclical follow-up
checks that a similar action had been completed following a recommendation raised in
NN12/08, therefore another recommendation has been raised.
The Council also does not undertake credit checks on large debtors. This issue has been
raised previously with the Council will to accept the risks in not doing so.
102
The Council may also benefit from reviewing and, if necessary, refreshing the Corporate Debt
Management Policy.
Positive Findings
We have acknowledged It is also acknowledged there are areas where sound controls are in
place and operating consistently
A range of aged debt reports are run on either a weekly, fortnightly or monthly basis,
depending on the particular status of the debts. Individual cases are subject to
review and proactive follow-up action where necessary.
An overarching aged debt report is separately reviewed by the Team Leader,
Exchequer and Sundry Income, with a sample of individual debts selected and
reviewed in terms of validity of their status each month.
Direct debit rejections and recalls are identified and reviewed in a timely manner, to
ensure appropriate action is taken. New direct debits are set up in a timely manner.
Receipt of debtors income is independently reconciled to bank statements and the
general ledger on a monthly basis and is independently checked.
Write-offs are undertaken in line with the write-off policy which is aligned to the
Scheme of Delegation. Records are retained to support write-offs with reasons
documented by an officer independent of the authorisation process.
Control weaknesses to be addressed
During our work we have identified the following key area(s) where we believe that the
processes / arrangements within sundry debtors would benefit from being strengthened, and
as a result of these findings two medium priority recommendations have been made.
The Council may benefit from formally reviewing and refreshing its Corporate Debt
Management Policy, to help ensure that it remains in line with the wider
organisational context and objectives. The version located on the Council’s website
did not contain a date of previous review and neither the Team Leader - Exchequer
and Sundry Income, nor the Head of Finance and S151 Officer, could confirm
whether the policy had been subject to recent review.
Additional control should be introduced over the processing of transfers (from
suspense, between the sales ledger and purchase ledger and between charge
payers accounts). The absence of a clear electronic audit trail within eFinancials,
showing the officers who have processed transfers coupled with the absence of any
form of independent checking increases the risk of inaccurate and / or potentially
fraudulent transfers being made.
103
Summary of the adequacy and effectiveness of controls
Area of
Scope
Adequacy and
Effectiveness
Assessments
Policies and
Procedures
Raising of
Debts,
Refunds and
Transfers
Direct Debits
Suspense
Items
Processing
and Recovery
Debtors
Reconciliation
Write Offs
Security
Adequacy
of
Controls
Effectiveness
of Controls
Recommendations
Raised
High
Medium
Low
Green
Amber
0
1
0
Amber
Green
0
1
0
Green
Green
0
0
0
Amber
Green
0
*
0
Green
Green
0
0
0
Green
Green
0
0
0
Green
Amber
Green
Green
0
0
0
*
0
0
0
2
0
Total
*Covered by recommendation covered in area 2.
High Priority Recommendations
No high priority recommendations have been raised as a result of this audit
Management Responses
Management have accepted the recommendations raised.
104
Related documents
Look Ahead Feature To access the application that
Look Ahead Feature To access the application that
Audit Committee Board of Trustees The University of North Carolina at Wilmington
Audit Committee Board of Trustees The University of North Carolina at Wilmington
Marketing Plan Rubric
Marketing Plan Rubric
Download
advertisement