Audit Committee 18 June 2012 Agenda Item No___9__________
advertisement
Audit Committee 18 June 2012 Agenda Item No___9__________ Head of Internal Audit’s Annual Report and Opinion for 2011/12 Summary: This report has been developed to satisfy the requirements of the Accounts and Audit Regulations 2011 ‘to undertake an adequate and effective internal audit of its accounting records and of its system of internal control in accordance with the proper practices in relation to internal control,” and to meet the Head of Internal Audit’s annual reporting obligations as set out in the CIPFA Code of Practice for Internal Audit in Local Government. To confirm that the organisation has complied with the above, the Head of Internal Audit has produced an Annual Report and Opinion, which examines and utilises the outcomes of Internal Audit work undertaken in 2011/12 to formulate an opinion on the overall internal control environment which has been operating at the Council over the last twelve months. Conclusions: On the basis of Internal Audit work performed during 2011/12, the Head of Internal Audit is able to confirm that overall standards of internal control at the Council were adequate and so too were Corporate Governance arrangements and systems of Risk Management. Recommendations: It is recommended that the Committee: 1) Receive and note the Annual Report of the Head of Internal Audit; 2) Note the overall standards of internal control at the Council were adequate for the year ended 31 March 2012. 3) Notes that an adequate assurance has been given in respect of Corporate Governance arrangements and systems of Risk Management for the year ended 31 March 2012. 4) Note that the opinions expressed have been given due consideration when developing the Council’s Annual Governance Statement. Cabinet member(s): Wards: Contact Officer, telephone number, and e-mail: All All Sandra King, Head of Internal Audit 01508 533863 scking@s-norfolk.gov.uk Audit Committee 18 June 2012 1. Background 1.1 The CIPFA Code of Practice for Internal Audit in Local Government in Section 10.4 stipulates that the Head of Internal Audit should report the following information at least annually: • • • • • • • An opinion on the overall adequacy and effectiveness of the organisation’s internal control environment; Any qualifications to that opinion, together with the reason for qualification; A summary of the audit work from which that opinion was derived; Any issues considered relevant to the Annual Governance Statement; Comparison of actual audit work undertaken with planned work, summarising the performance of internal audit against its performance measures and targets; and, Commentary on compliance with the standards of the Code; Communication of the results of the Internal Audit quality assurance programme. 1.2 This report therefore seeks to address the key items specified above, although recognising that some aspects are covered in additional reports, e.g. an evaluation of the performance of the Internal Audit Service is subject to separate reporting, and will feature in a report headed up ‘Annual Review of the Effectiveness of Internal Audit’, whereas the conclusions of audit follow up work are covered in a further report entitled ‘Status of Audit Recommendations due for Implementation by 31 March 2012’. 2. Internal Audit Service Provisions and Costs 2.1 The Internal Audit Service arrangements at North Norfolk District Council have remained unchanged throughout 2011/12, in so far as the Head of Internal Audit at South Norfolk Council has continued to be responsible for managing the delivery of the Internal Audit Service to the organisation and controlling the work of Deloitte Public Sector Internal Audit Ltd, which is contracted to deliver the programme of work as detailed in the Annual Audit Plan. 2.2 This report primarily updates members as to Internal Audit activity carried out between February 2012 and 22 May 2012, the latter being the date when the Audit Plan was completed. However, audit work undertaken in the previous 10 months of 2011/12 have also been revisited, to ensure that the annual opinion subsequently given demonstrably draws on the outcomes of all review work performed over the course of the year. 2.3 To ensure full transparency of the service, this report also confirms the costs associated with the provision of the Internal Audit function to the Council, identifying 2 distinct elements, namely input by the Internal Audit Services contractor to undertake the planned audit assignments earmarked for delivery in 2011/12 and the level of support required from the Audit Management Team to oversee all aspects of the service provision to officers and members. The cost of the service compared with the previous year is shown overleaf: Audit Committee 18 June 2012 Nature of the work 2010/11 2011/12 Cost of the planned work (Deloitte) £89,021 £62,410 Cost of managing the service (South Norfolk Council) £32,919 £31,411 Additional Work (Deloitte) £5,702 £6,336 TOTAL COST £127,642 £100,157 2.4 There has been a significant fall in audit fees in 2011/12, compared with the previous year. The combined costs of the Internal Audit Services contractor and the Audit Management Team have been 21.5% less than the fees incurred in 2010/11. This has been primarily due to the adoption of a much reduced Audit Plan in 2011/12, which has contained 84 fewer days than that of the preceding year’s Audit Plan. 3. Opinion of the Head of Internal Audit on the Overall Adequacy of the Internal Control Environment at North Norfolk District Council Systems of Internal Control 3.1 The overarching opinion contained within this report relates to the system of internal control at the Council and the overall control environment in place. 3.2 The system of internal control is designed to manage risk to a reasonable level rather than to eliminate the risk of failure to achieve corporate/service policies, aims and objectives: it can therefore only provide reasonable and not absolute assurance of effectiveness. The system of internal control essentially relies on an ongoing process designed to identify and prioritise the risks to the achievement of North Norfolk District Council’s policies, aims and objectives, to evaluate the likelihood of those risks being realised and the impact should they be realised, and to manage them efficiently, effectively and economically. 3.3 The control environment encompasses the systems of corporate governance, risk management and internal control, hence, the Head of Internal Audit’s Annual Opinion focuses on the effectiveness of the control environment based on an assessment of these systems, in line with areas targeted for audit focus in the approved Annual Audit Plan for 2011/12. 3.4 In reaching an overall opinion, the Head of Internal Audit has reviewed the assurance levels given to individual audit assignments throughout the year, relating to both financial and non financial systems. These can be summarised as follows: Nature of System Financial Non Financial Total Assurance Level Awarded Adequate Limited Good Adequate Limited No. of Reviews 2 1 3 7 3 16 Audit Committee Assurance Level Awarded Good Adequate Limited 18 June 2012 No. of Reviews 3 9 4 16 % Applicable 18.75% 56.25% 25.00% 100.00% 3.5 All planned work completed is itemised at Appendix C. An analysis of the internal control environment and how it has been developing over the last 4 years is attached at Appendix E, whilst definitions of the assurance levels applied are explained at Appendix F. Essentially, good and adequate assurances are positive audit opinions, whilst conversely limited and unsatisfactory assurances equate to negative audit opinions. 3.6 On the basis of the audit work undertaken in 2011/12, it is my opinion that the overall standards of internal control at North Norfolk District Council are adequate for the year ended 31 March 2012. As can be seen in the tables above at paragraph 3.4, the majority of audits have culminated in an adequate assurance level being accorded to the systems of internal control under evaluation, and in 3 cases, operational arrangements have stood out in best practice terms and merited receipt of a good audit assurance. With reference to the latter, this represents a marginally improved position on the previous year, where Internal Audit gave just 2 good opinions. The three reviews where a good opinion was provided in 2011/12 concerned Coastal Change and Pathfinder Management, Affordable and Electoral Registration. Two of the Management Summaries arising from these reviews were included in the Summary of Internal Audit Progress, April to August 2011, which was considered by the Audit Committee on 13 September 2011; the third Management Summary can be found at Appendix D (5) to this report. 3.7 Looking back at 2010/11, aside from the 2 good assurances given, we were also able to award 12 adequate assurances and 1 limited assurance to 13 other areas analysed. Hence, our findings this year as documented at paragraph 3.4, indicate that we have uncovered additional issues with the internal control environment than had previously been the case. 3.8 It should be noted that three fundamental financial systems have been audited in-depth during 2011/12. Accountancy Services and Remittances were given adequate assurance levels, but Sundry Debtors received a less favourable limited assurance requiring 10 audit recommendations (6 medium and 4 low priority ratings) to address weaknesses found in the system of internal control. Members will recall that the Management Summary was submitted to the Audit Committee on 6 March 2012. 3.9 With reference to the Council’s key financial systems, we have also undertaken a review of the key controls operating in those fundamental systems that were not otherwise subject to detailed audit evaluation in year. Our work here is necessary to further inform the Head of Internal Audit’s annual opinion, support the preparation of the organisation’s Annual Governance Statement and assist External Audit in their work. Upon finalisation of this audit, we have raised three audit recommendations encompassing two medium and one low priority rating. Appendix D (1) contains more information about the nature of the control issues identified by this piece of work. Audit Committee 18 June 2012 3.10 In respect of the Council’s non-financial systems, assurances have been predominantly positive, with 77% of areas subject to audit examination being awarded satisfactory levels of assurance. The three areas where limited audit opinions were applicable involved Waste Management, Car Parking and Markets, and Business Continuity. These collectively generated 27 audit recommendations, 26 of which were accepted by management and comprised 1 high, 23 medium and 2 low priority. The high priority recommendation was formulated to resolve a significant issue found within the system of internal control relating to Waste Management and more specifically, the Garden Waste and Bulky Waste income process, but our year end verification work has since confirmed that senior management have now taken corrective action to address the issue that had been identified by our audit. 3.11 As mentioned already at paragraph 1.2, we provide separate reports on progress achieved in relation to the implementation of audit recommendations, in line with half yearly cyclical Committee reporting requirements. Our most recent year end audit verification work has confirmed that, in accordance with action plans agreed with senior management and confirmed in final audit reports, 83 audit recommendations were due to be implemented in the last 6 months of 2011/12, although we were only able to evidence that 29 (34.9%) had been completed. Of the remainder, we noted 12 recommendations (14.5%) were partly implemented whereas 42 recommendations (50.6%) had yet to be actioned. On a more positive note however, there were no outstanding high priority recommendations requiring management input. In fact, there was only one recommendation which fell into this category for delivery in 2011/12 and this has been cleared, as already noted above in paragraph 3.9. Furthermore, there are no high priority recommendations which carry forward into 2012/13 and require consideration when the Council’s Annual Governance Statement is being compiled. 4. Corporate Governance and Risk Management 4.1 An internal audit review of Corporate Governance and Risk Management provisions was undertaken in the final quarter of the financial year. On the basis of our findings in these two areas, in my opinion, I am able to give an adequate assurance with regards to the Council’s Corporate Governance arrangements and systems of Risk Management during 2011/12. The Management Summary pertaining to our audit was presented to the Audit Committee on 6 March 2012. 5. Review of Audit Work delivered in 2011/12 compared with the Annual Audit Plan approved on 8 March 2011 5.1 The table overleaf shows in summary the audit coverage that was originally planned, where it has proved necessary to revise audit input in year and then compared amended planned days with those actually delivered, whilst a more detailed overview can be found at Appendix C, highlighting when audit assignments were completed and the Management Summaries extracted from the final audit reports were submitted to the Audit Committee for member noting. Audit Committee Description Days originally planned for 2011/12 Revised planned days for 2011/12 Actual days delivered % of Revised Planned Work Delivered Systems audit 175 156 156 100% Computer audit 41 41 41 100% Extra work – Systems audit 9 9 100% Extra work – Computer audit 11 11 100% 217 217 100% Total 5.2 18 June 2012 216 There have been a number of changes to the Annual Audit Plan over the course of the year, and these were explained in detail in our last Progress Report submitted to the Audit Committee in March 2012. To summarise: o NN/12/04 Corporate Policy and Performance Management – this review was deferred to 2012/13 at the request of senior management and is currently timetabled to take place in July 2012. This generated a saving of 10 planned days. o NN/12/11 Communications – the audit was deleted after detailed audit planning was carried out and it was appreciated that consultancy work was required here rather than a routine assurance audit. This resulted in a saving of 9 planned days. o NN/12/18 Electoral Registration – this review was brought forward from 2012/13 to utilise unused job budgets arising from the cancellation of NN/12/04 and NN/12/11. A total of 9 days were allocated to this audit in consequence. o NN/12/19 Cedar Financial Application – this represented another audit to be brought forward from 2012/13. However following detailed audit planning, the timing of the audit was reconsidered and it was agreed it would be more appropriate to revert back to the original 2012/13 scheduling. The review has therefore been timetabled to go ahead in October 2012. The planning work absorbed 1 day of time available from the removal of NN/12/04 and NN/12/11 from the Audit Plan. o NN/12/20 Remote Access – following acceptance to deliver NN/12/19 in 2012/13, it was agreed to bring forward this audit to take its place. Another review that was originally earmarked for delivery in 2012/13, it effectively used up the remaining 8 days in the Plan available from earlier cancelled review work, with senior management agreeing to finance a further day, so that a 9-day job budget was provided to complete the requisite work. 5.3 To date, 3 Internal Audit Activity Reports have been provided to the Audit Committee between September 2011 and March 2012, containing the Management Summaries from 11 finalised audit reviews. Appendix D to this report provides the Management Summaries in respect of the remaining 6 audits Audit Committee 18 June 2012 completed since the last Progress Report was presented to the Audit Committee on 6 March 2012. 6. Effectiveness of Internal Audit 6.1 Elsewhere on this agenda is a report setting out the results of our end of year review of the effectiveness of the Internal Audit Service. This includes: • The performance of the Internal Audit Service contractor; • The degree of compliance with the Code of Practice for Internal Audit in Local Government; • The degree of compliance with CIPFA’s Statement on the Head of Internal Audit; and, • The level of compliance being achieved in respect of other quality assurance measures for the service. 7. Conclusion 7.1 Prior to preparing the Annual Governance Statement, it is important that the Council has suitable mechanisms in place to obtain independent assurance regarding its systems of internal control, and a proactive approach is adopted in the event of significant gaps being found in those control systems, with appropriate action taken to address any weaknesses found. The Head of Internal Audit’s Annual Report and the opinions expressed therein effectively confirm that comprehensive provisions have been made to evaluate internal control systems, as well as the risk management and corporate governance arrangements and that work undertaken by Internal Audit throughout the course of 2011/12 has confirmed that an adequate assurance can be given to the Council’s internal control environment, systems of risk management and corporate governance arrangements generally. 8. Recommendation 8.1 The Committee is asked to note the Head of Internal Audit’s Annual Report and the opinions contained therein, which should be used to inform the development of the Council’s Annual Governance Statement. Appendices attached to this report: Appendix C – Review Work delivered in accordance with the Annual Audit Plan for 2011/12 plus Extra Work requested by Management Appendix D – Management Summaries of Completed Audit Assignments Appendix D (1) NN/12/12 Audit Work to Support the Annual Governance Statement Appendix D (2) NN/12/13 Parks and Open Spaces Appendix D (3) NN/12/14 Business Continuity Appendix D (4) NN/12/16 Content Management Appendix D (5) NN/12/18 Electoral Registration Appendix D (6) NN/12/20 Remote Access
