Please Contact: Mary Howard Please email: mary.howard@north-norfolk.gov.uk Please Direct Dial on: 01263 516047 7 September 2012 A meeting of the Audit Committee of North Norfolk District Council will be held in the Committee Room at the Council Offices, Holt Road, Cromer on Tuesday 18 September 2012 at 2.00 pm Members of the public who wish to ask a question or speak on an agenda item are requested to arrive at least 15 minutes before the start of the meeting. It will not always be possible to accommodate requests after that time. This is to allow time for the Committee Chair to rearrange the order of items on the agenda for the convenience of members of the public. Further information on the procedure for public speaking can be obtained from Democratic Services, Tel: 01263 516047, Email: democraticservices@north-norfolk.gov.uk Sheila Oxtoby Chief Executive To: Mr N D Dixon, Mr B Jarvis, Mrs A Moore, Mr R Oliver, Mr S Ward and Mr D Young All other Members of the Council for information. Members of the Management Team, appropriate Officers, Press and Public If you have any special requirements in order to attend this meeting, please let us know in advance If you would like any document in large print, audio, Braille, alternative format or in a different language please contact us Chief Executive: Sheila Oxtoby Strategic Directors: Nick Baker and Steve Blatch Tel 01263 513811 Fax 01263 515042 Minicom 01263 516005 Email districtcouncil@north-norfolk.gov.uk Web site northnorfolk.org AGENDA AGENDA NOTE: For Item 10 summary reports and an audit letter are attached at Appendix C. These documents are available to Members on request. Please contact Mary Howard (Tel.01263 516047 or email mary.howard@north-norfolk.gov.uk). 1. TO RECEIVE APOLOGIES FOR ABSENCE 2. PUBLIC QUESTIONS To receive public questions, if any 3. ITEMS OF URGENT BUSINESS To determine any items of business which the Chairman decides should be considered as a matter of urgency pursuant to Section 100B(4)(b) of the Local Government Act 1972. 4. DECLARATIONS OF INTEREST Members are asked at this stage to declare any interests that they may have in any of the following items on the agenda. The Code of Conduct for Members requires that declarations include the nature of the interest and whether it is a disclosable pecuniary interest. 5. MINUTES (Page 1) To approve as correct records, the minutes of the meeting of the Audit Committee held on 18 June 2012. 6. AUDIT UPDATE AND ACTION LIST (Page 9) (Appendix A – page 10) To monitor progress on items requiring action from the meeting of 18 June 2012, including progress on implementation of audit recommendations. 7. 2011/12 STATEMENT OF ACCOUNTS (Page 14) (Statement Document bound separately) Summary: This report presents the Statement of Accounts for 2011/12 for review by the Audit Committee prior to recommendation to Full Council for approval. The outturn position for the year was reported to Members in June and has been used to inform the production of the statutory annual accounts for 2011/12. Conclusions: The Statement of Accounts for 2011/12 has been produced in accordance with the Code of Practice on Local Authority Accounting. The draft accounts were produced by 30 June 2012 and since then have been subject to external audit review. 8. Recommendations: Members are asked to consider and review the Statement of Accounts for 2011/12 and recommend their approval to Full Council. Contact Officer Karen Sly, 01263 516243, Karen.sly@north-norfolk.gov.uk REPORT TO THOSE CHARGED WITH GOVERNANCE (ISA 260) (Page 16) To discuss the Report to those charged with Governance. 9. PROTOCOL FOR LIAISON BETWEEN INTERNAL AND EXTERNAL AUDITORS (Page 38) To discuss the Protocol for liaison between Internal and External Auditors 2012/13 10. PROGRESS REPORT ON INTERNAL AUDIT ACTIVITY, APRIL TO SEPTEMBER 2012 (Page 66, appendix B page 70, appendix C page 72) Summary: Conclusions: This report examines progress made between April and early September 2012 in relation to delivery of the Annual Audit Plan for 2012/13, and includes abbreviated management summaries in respect of the audit reviews which have been finalised in the course of this period. Adequate assurance levels have been awarded in respect of the three audits completed in the first five months of the financial year. It is further noted that the Annual Audit Plan has been subject to some rescheduling of assignments (the timing of 5 of the original 16 assignments featuring in the Plan have been revised), whilst job budgets for 3 reviews have been adapted to accommodate changes to audit scopes – all revisions were at the request of management. The Plan has also now been expanded to incorporate an additional audit of the new Revenues and Benefits Shared Services Partnership focusing on Data Transfer, Governance and Risk. Following discussions with management, this work is to be delivered in two phases. Phase 1 has already been undertaken and an audit letter was produced in July 2012 commenting on the data transfer arrangements. To date, we have been able to absorb the above changes to the Plan without any adverse impact on our ability to deliver all assignments within the financial year and hereby confirm that we are on schedule as we approach the half yearly stage. 11. Recommendations: It is recommended that the Committee notes the outcomes of the three audits completed between April and August, together with recent amendments made to the Annual Audit Plan for 2012/13. Cabinet Members: All Wards: Contact Officer All Sandra King, Head of Internal Audit 01508 533863 scking@s-norfolk.gov.uk BUSINESS CONTINUITY Cabinet member(s): All Contact Officer, telephone number, and e-mail: 12. (oral update) Ward(s) affected: All Richard Cook 01263 516269 richard.cook@north-norfolk.gov.uk AUDIT COMMITTEE WORK PROGRAMME (Page 80) To review the Audit Committee Work Programme 13. EXCLUSION OF THE PRESS AND PUBLIC To pass the following resolution, if necessary: “That under Section 100A(4) of the Local Government Act 1972 the press and public be excluded from the meeting for the following items of business on the grounds that they involve the likely disclosure of exempt information as defined in paragraphs 3 and 4 of Part I of Schedule 12A (as amended) to the Act.” Agenda Item AUDIT COMMITTEE Minutes of a meeting of the Audit Committee held on 18 June 2012 in the Committee Room, Council Offices, Holt Road, Cromer at 2.00 pm. Members Present: Committee: Mr N D Dixon (Chairman) Mrs A Claussen-Reynolds Mr B Jarvis Mr D Young Officers in Attendance: The Financial Services Manager, the Head of Internal Audit, the Civil Contingencies Manager (for minute 14) the Policy & Performance Management Officer and the Democratic Services Team Leader (MMH). 1 APOLOGIES Apologies were received from Mrs A Moore, Mr R Oliver, Mr S Ward and the Interim Monitoring Officer. 2 SUBSTITUTES Mrs A Claussen-Reynolds was substitute for Mr R Oliver. 3 PUBLIC QUESTIONS None received. 4 ITEMS OF URGENT BUSINESS None 5 DECLARATIONS OF INTEREST None 6 MINUTES The Minutes of the meeting of the Audit Committee held on 6 March 2012 were approved as a correct record. Audit Committee 1 1 18 June 2012 5 7 AUDIT UPDATE AND ACTION LIST Members were updated on progress on actions arising from the minutes of the meeting of 6 March 2012. a) All items on the Action List had been completed or were on the Agenda for the meeting of 18 June 2012. b) The Democratic Services Team Leader was tasked with identifying a date for a halfday session of training in preparation for the report on the Final Accounts. 8 THE FUTURE PROVISION OF EXTERNAL AUDIT Since the demise of the Audit Commission was announced by the Coalition Government in August 2010 there had been a great deal of work carried out by both the Audit Commission and the Department for Communities and Local Government to ensure a smooth transition. The work was now coming to a conclusion and the Council had recently received notification of a consultation on the appointment of its External Auditors from September 2012. A recent letter from the Audit Commission indicated that PricewaterhouseCoopers LLP (PWC) would be reappointed as External Auditors to the Council. The Council was happy with this arrangement and Members of the Audit Committee agreed that it made sense to build on the good relationship that had been formed with PWC. In 2011 the Committee had challenged PWC on the level of fees. The response had been that there was no scope for reduction. However, there was no reason why the Committee could not return to this topic and it would be added to the Action List. RESOLVED to note the contents of the report. 9 REVIEW OF THE ANNUAL EFFECTIVENESS OF INTERNAL AUDIT 2011/12 The report set out the results of an annual review of the effectiveness of Internal Audit, undertaken to satisfy criteria in the Accounts and Audit Regulations 2011. Internal Audit’s performance and quality assurance framework had been examined to enable the Audit Committee to confirm whether Internal Audit Services were effective, and that the assurances provided in the Internal Audit Annual Report and Opinion could be relied upon, and used to inform the Council’s Annual Governance Statement for 2011/12. The Head of Internal Audit had a performance and quality assurance framework in place to demonstrate the effectiveness of Internal Audit. The criteria were: a) Delivering the Aims and Objectives of Internal Audit. b) Complying with CIPFA’s Code of Practice for Internal Audit in Local Government. c) Complying with CIPFA’s Statement on the Role of the Head of Internal Audit in Local Government. d) Quality Standards applying to the Internal Audit Service. e) Strengthening the Council’s Systems of Internal Control. f) Improving Service Delivery and Adding Value. Audit Committee 2 2 18 June 2012 REVIEW OF THE ANNUAL EFFECTIVENESS OF INTERNAL AUDIT 2011/12 (Continued) g) External Audit’s Reliance on Internal Audit’s Work. h) Supporting an Effective Audit Committee. The outcomes of the Effectiveness Review were presented in the report, confirming that Internal Audit was meeting all the criteria. Reliance could therefore be placed on the opinions expressed by the Head of Internal Audit, which could then be used to inform the Council’s Annual Governance Statement. The Head of Internal Audit alerted the Committee to some inconsistencies in the Constitution regarding Rights of Access to records, assets, personnel and premises. Although these rights of access had been correctly observed when the auditors were carrying out their work at the authority, they were not documented in the latest version of the Council’s Financial Regulations. This would be notified to the Constitution Working Party. The report was discussed: a) In relation to the Assurance Framework and Counter-Fraud activities: it was agreed that Internal Audit develop a greater understanding of provisions in these areas in 2012/13. b) There had been significant improvement in Internal Audit’s quality standards during 2011/12. c) 100% of high priority recommendations had been implemented by the Council for 2 successive years. This was a good achievement with NNDC being only one of two Councils in the Consortium to have achieved this level of performance. d) 75% of the opinions given to individual audit assignments had been positive, i.e. had received Good or Adequate assurances. It had also been noted that 3 areas had been awarded Good assurance with working practices found to mirror best practice. e) Wherever possible External Audit had sought to place reliance on the work of Internal Audit. This, in turn, helped to reduce the amount of work that the former were then required to do and enabled their fees to be kept to a minimum. f) Supporting an Effective Audit Committee: the self assessment had shown 83.3% compliance against criteria reviewed. g) Remaining with the subject of an effective Audit Committee, there was next some debate over key issues highlighted as requiring further enhancement by the self assessment. It was noted that foundation training for Members of the Audit Committee had taken place on 18 June 2012 and the Head of Financial Services would be providing further training before the receipt of the Financial Statements. h) It was further acknowledged that the Chair of Audit had met in private with the Head of Internal Audit and the External Audit Manager on 13 February 2012. i) Increased clarity regarding counter-fraud measures adopted by the authority: the Head of Internal Audit gave examples of the type of counter-fraud activities that should be supported by the Council and suggested that there was a need for Internal Audit to link up with the officer responsible for these matters, to confirm that a proactive stance was being adopted. Members were accepting of this proposal and sought to receive a summary report examining what steps were being taken to raise officer/Member awareness. That said, until the senior management restructure was complete, it would be difficult to progress this requirement as the officer responsible for Counter Fraud and Whistleblowing at the Council had yet to be named. Audit Committee 3 3 18 June 2012 REVIEW OF THE ANNUAL EFFECTIVENESS OF INTERNAL AUDIT 2011/12 (Continued) j) Members also discussed the requirement for further work to be done on developing a mechanism for use by the Committee to assess the performance of External Audit. RESOLVED to note the findings of the review, and the evidence gathered in support of the effectiveness of the Internal Audit Service, and take these into consideration when receiving the Head of Internal Audit’s Annual Report and Opinion, and the Council’s Annual Governance Statement 10 HEAD OF INTERNAL AUDIT’S ANNUAL REPORT AND OPINION FOR 2011/12 This report had been developed to satisfy the requirements of the Accounts and Audit Regulations 2011 ‘to undertake an adequate and effective internal audit of its accounting records and of its system of internal control in accordance with the proper practices in relation to internal control,” and to meet the Head of Internal Audit’s annual reporting obligations as set out in the CIPFA Code of Practice for Internal Audit in Local Government. To confirm that the organisation had complied with the above, the Head of Internal Audit had produced an Annual Report and Opinion, which examined and utilised the outcomes of Internal Audit work undertaken in 2011/12 to formulate an opinion on the overall internal control environment which had been operating at the Council over the last twelve months. On the basis of Internal Audit work performed during 2011/12, the Head of Internal Audit was able to confirm that overall standards of internal control at the Council were adequate and so too were Corporate Governance arrangements and systems of Risk Management. The report was discussed: a) 3 Good assurances had been awarded to Affordable Housing, Coastal Change and Pathfinder Management and Electoral Registration. b) There had been a very slight deterioration in the assurances awarded since the previous year. c) One high priority recommendation had been due to be implemented in 2011/12 and this had been appropriately actioned. The recommendation had related to Waste Management and, more specifically, Garden Waste and Bulky Waste. d) Separate reports on progress achieved in relation to the implementation of audit recommendations were provided by Internal Audit in line with half yearly cyclical Committee reporting requirements. e) Only one extra day had been delivered against the days originally planned. f) Concern was expressed that 50.6 % of recommendations due to be completed in the course of 2011/12 had yet to receive any action. g) A Member asked if NNDC should be aiming for higher than Adequate assurances. The Head of Internal Audit explained that Good was indicative of best practice but the authority should primarily be aspiring to satisfactory/adequate levels of assurance. To seek to achieve best practice in all areas of operations would not necessarily be the best use of resources for the authority. The Head of Financial Services also endorsed this view. Audit Committee 4 4 18 June 2012 HEAD OF INTERNAL AUDIT’S ANNUAL REPORT AND OPINION FOR 2011/12 (Continued) RESOLVED to 1) Receive and note the Annual Report of the Head of Internal Audit; 2) Note the overall standards of internal control at the Council were adequate for the year ended 31 March 2012. 3) Note that an adequate assurance has been given in respect of Corporate Governance arrangements and systems of Risk Management for the year ended 31 March 2012. 4) Note that the opinions expressed have been given due consideration when developing the Council’s Annual Governance Statement. 11 THE STATUS OF AGREED AUDIT RECOMMENDATIONS DUE FOR IMPLEMENTATION BY 31 MARCH 2012 The report updated Members on progress made in implementing the agreed audit recommendations due for completion by 31 March 2012. It provided an overview as to how recommendations had progressed since the previous report was presented to Committee on 6 December 2011, and also drew attention to the efforts made by management throughout 2011/12 to ensure that ongoing improvements to the internal control environment were taking place. The report was discussed: a) There had been deterioration in the number of recommendations implemented. The Interim Accountancy Manager had done some additional follow-up work in Quarter 1 of 2012/13 and there was some discussion that Members should be provided with an update in consequence. The other important item arising from this report was the fact that the high priority recommendation requiring action in 201112 had been appropriately resolved. b) Attention was next given to outstanding audit recommendations in relation to 3 specific audits and reference was additionally made to outstanding agreed actions pertaining to computer audits. The audits were: • NN/11/01 Environmental Services • NN/11/12 Development and Building Control • NN/12/03 Waste Management Contract • Computer Audit In the case of the Computer Audits four separate reviews were involved. The relevant managers would be asked to provide an update by email, to be provided to the Committee within the next 2 or 3 weeks. The outcomes would be reported to the Performance and Risk Management Board. It was possible that some of these recommendations had now been cleared following the Interim Accountancy Manager’s push for further updates from management regarding the status of their agreed audit recommendations. RESOLVED to note the current position regarding the overall status of audit recommendations as at 31 March 2012, and the areas where further work is required. Audit Committee 5 5 18 June 2012 12 MONITORING OFFICER ANNUAL REPORT 2011/12 Members were advised that any specific questions would be relayed to the Interim Monitoring Officer. The report was discussed: a) It would be helpful to know how many Code of Conduct complaints there had been, and the outcomes. It was understood that the Standards Committee had a matrix which recorded this information. b) Training on the new Code of Conduct had not yet been provided. This issue would be taken up with the interim Monitoring Officer. c) The Constitution had recently been revised. Copies of the latest version would be provided for Members. RESOLVED to note the report. 13 LOCAL CODE OF CORPORATE GOVERNANCE AND ANNUAL GOVERNANCE STATEMENT 2011/12 The Corporate Governance framework was made up of the systems and processes, culture and values by which an organisation was directed and controlled. For local authorities this included how a council related to the community it served. The Local Code of Corporate Governance was a public statement of the ways in which the Council would achieve good corporate governance. It was based around six principles which were identified in the joint publication by the Chartered Institute of Public Finance and Accountancy (CIPFA) and the Society of Local Authority Chief Executives (SOLACE). The Annual Governance Statement was prepared following a review of all the evidences available to the Council in seeking compliance with its Local Code. The arrangements set out in the Local Code of Corporate Governance and the Annual Governance Statement would allow the Council to move ahead with its corporate planning processes confident that it could address the issues of governance and risk. The report was discussed: a) The Limited assurances in the Head of Internal Audit’s report had influenced the Action Plan. b) Complaints should not be included because they went to the Standards Committee. However, information should be added about how often the Standards Committee met. c) 4.3.5, page 74: the final sentence should refer to South Norfolk, not Deloitte. d) Icelandic banks, 5.2.14: this section should be re-worded to reflect that the Council reviewed the international monetary situation on a daily basis. e) The Chairman asked for more detail in the report in future. RESOLVED to approve, subject to amendments, the Annual Governance Statement along with the updated Local Code of Corporate Governance and associated action plan. Audit Committee 6 6 18 June 2012 14 BUSINESS CONTINUITY Limited progress had been made on the completion of Team Business Continuity Plans but 10 had now been received. 85 – 90% of the Civil Contingencies Manager’s time was being taken up in putting arrangements in place for the Olympic Torch. Initially the extent to which local authorities would be involved in these arrangements had not been perceived. The impact was on officer time, rather than financial. The senior management restructure had also disrupted the work on Team Business Continuity Plans but it was still hoped to complete the work by August. The Corporate Business Continuity Plan would be reported to the Audit Committee in September. The Corporate Business Continuity Plan and the Team Plans ran in conjunction. The Audit Committee would continue to monitor until the project was completed. RESOLVED To receive an update at the September meeting. 15 PERFORMANCE MANAGEMENT FRAMEWORK INCLUDING PERFORMANCE MANAGEMENT OF THE ANNUAL ACTION PLAN 2012/13 The Framework had been reported to Cabinet and Full Council in May 2012. The Committee had seen the whole document in draft stages. It would be subject to a forthcoming audit to ensure that it wouldn’t need further revision. The targets would be assigned to individual officers. An annual Performance report was published with a forward by the leader. This was in the public domain. The final draft would be reviewed by the Performance and Risk Management Board on 13 July 2012, after which the Leader and Chief Executive would approve it for publication via the website and press releases. In response to a Member’s question the Policy & Performance Management Officer said that, although the Annual Report had been published in Outlook before, it was dependent on the amount of space available and the other information which needed to be included. RESOLVED To note the report. 16 UPDATE ON REVIEW OF TEN SYSTEM Enhancements to the system were being designed which would provide significant improvements in managing performance. The decision to move forward would not be taken until the findings of the audit report were known. The auditors would be asked to review the work which had been done. The audit was due for completion in mid July and a report made back to the Audit Committee in September. It was hoped to have the enhanced system in place by the end of September. A demonstration for Members of the TEN System would take place following the meeting. RESOLVED To note the report. Audit Committee 7 7 18 June 2012 17 CORPORATE RISK REGISTER The Risk Register had been to the Performance and Risk Management Board in March and would go again on 13 July 2012. The report was discussed: a) Some of the figures were set by the Performance and Risk Management Board in an independent assessment which was also seen by the Audit Committee. b) The Risk Management Framework included criteria for assessing risks. 18 AUDIT COMMITTEE WORK PROGRAMME a) A further review on Business Continuity was added to the Work Programme for September. b) In the past an Audit Committee Annual Report had been prepared but Members had queried if this was necessary, especially with a reducing resource base. It would be more appropriate for the Chairman to provide an annual summary to Full Council when he introduced the Annual Governance Statement. RESOLVED that the Chair of Audit should provide an annual summary to Full Council on 25 July 2012. The meeting ended at 4.10 pm. ______________________ Chairman Audit Committee 8 8 18 June 2012 Agenda Item 6 AUDIT COMMITTEE 18 JUNE 2012 – ACTIONS ARISING FROM THE MINUTES 1. The Final Accounts To identify a date for a half-day session of training in preparation for the report on the Final Accounts. Mary Howard Working lunch arranged for 18 September 2012 2. External Audit Fees 3. Constitution To discuss further with PWC the level of fees Members To flag up inconsistencies regarding Rights of Access to records, assets, personnel and premises to the Constitution Working Party. Members Notified to Constitution Working Party and Monitoring Officer and put on file by Democratic Services for inclusion in next review of the Constitution. 4. Fraud Risk The nominated Officer at the authority responsible for Counter Fraud and Whistleblowing to develop in consultation with Internal Audit a summary report for Members on Counter Fraud activities. Monitoring Officer Monitoring Officer to review Counter Fraud and Whistleblowing Policies, followed by re-launch through staff and Member briefings. 5. Implementation of recommendations To obtain an emailed update on the implementation of recommendations regarding the following audit reports: • NN/11/01 Environmental Services • NN/11/12 Development and Building Control • NN/12/03 Waste Management Contract • Computer Audit Mary Howard Updates emailed to Members on 19 July 2012. The document has been revised to include further updates and is appended to this Action List at Appendix A. 6. Monitoring Officer’s Report That the Monitoring Officer’s report should include more in-depth information about complaints. Monitoring Officer 7. Business Continuity To receive an update in September. Richard Cook 8. Annual Report To provide an update preceding the presentation of the Annual Governance Statement at Full Council on 25 July 2012 On the agenda. Completed 9 Cllr Nigel Dixon Appendix A UPDATES ON IMPLEMENTATION OF INTERNAL AUDIT RECOMMENDATIONS – September 2012 NN/11/12 Development and Building Control Recommendation 1 - Review of Procedural Guidance. The process maps for planning applications and enforcement referred to under that recommendation were last reviewed in April/May 2010 and new pre-application and “Do I need planning permission” process maps were done in April 2012. They are likely to be reviewed again when we look at our business processes following the management changes and the outcome of the Pay and Grading Review. This low priority recommendation has now been dealt with. Recommendation 2 – National Requirements Check. It is proposed that quarterly checks are carried out on a random set of applications to monitor checking against the National requirements Checklist. To begin July 2012. This low priority recommendation has now been dealt with. Recommendation 3 – Monitoring of Outstanding Planning Enforcement Cases. Managers have set up monthly caseload update meetings with the Enforcement officers. There are quarterly reports to Development Committee on cases more than 3 months old. The team still currently has limited resources although at a recent meeting of the Scrutiny Committee a report on the teams’ workload was presented and the provision of additional temporary resources was agreed to assist with the case load backlog. The most appropriate form of additional resource is being considered. Several meetings have been held (and will continue to be held) with the complete group of officers involved in the enforcement functional to discuss process/procedural matters. Crystal Reports are used by the team and managers to monitor workloads and progress. Actions have been undertaken in response to this medium priority recommendation and caseload monitoring will need to be on-going. Recommendation 3 – Reconciliation of Income Received by the Planning Department Meetings have taken place regarding this audit recommendation and it was agreed that a monthly report from the general ledger be produced by the Accountancy Section and given to the Technical Officer (Development Management) who will produce a Chrystal report regarding the fees entered on the Planning Departments Acolaid system and compare the two reports to ensure that the amounts can be reconciled to the General Ledger. A further meeting will be arranged to determine if the system is working or if any further work needs to be undertaken. 10 Appendix A Recommendation 5 – Legal fees for Section 106 Agreements A revised time sheet has been produced to ensure that an accurate record of the time spent by the Planning Legal Manager on the preparation of S106 Agreements is kept, that the charges are calculated in accordance with the current charging rates and the correct invoice raised and a record kept on the appropriate file. The monitoring of the recovery of all payments in relation to invoices raised within the Authority is done by the Exchequer Section and any non-payments are advised to the relevant Department for further instructions as to how to proceed. Updated procedure notes have been done. This recommendation has now been dealt with. Recommendation 6 – Monitoring of Section 106 Agreements Several meetings have been held (and will continue to be held) with staff involved in the Section 106 process. Written guidance on Section 106 procedures has been prepared and documents amended as necessary and further work is being undertaken regarding the use of the Acolaid system in recording Section 106 Agreements and monitoring conditions and trigger points for compliance. The issue of detailing the roles and responsibilities for monitoring the key requirements of Section 106 Agreements is currently on hold pending the outcome of the current BPR relating to PA’s and Democratic Services. Building Control The Building Control and Access Manager reports that there is only one outstanding low priority recommendation relating to the updating of procedural and work practice notes. This is an on-going process and is being undertaken as and when time permits. When updates are completed the date is recorded on the document for future reference. Computer Audits NN0917 Cedar E-Financials, Password file encryption key: this will be reviewed as part of the system upgrade later in the year. The revised deadline will be 30 November 2012. It needs to be noted that the following recommendations were all allocated to Kate Wilson who has left the Authority, so alternative arrangements are in place to finish the outstanding recommendations when possible: NN1022 Asset Register update, this is nearly complete but not yet finished due to availability of staff. Kate Wilson has left, plus a member of the team is off long term sick, meaning that the priority is on fixing day to day user calls. The scheduled completion date is 30 September 2012. NN1117 Intrusion Detection system. The licence for this functionality has been provided as part of the new firewall installed in June 2012. It will be switched on once the MPLS internet connection is not the primary link to Kings Lynn for the Revenues 11 Appendix A and Benefits service, to ensure that it doesn’t cause any unscheduled disruption to service. NN1117 Network Strategy. The new Corporate ICT strategy is still in draft and on hold pending the completion of the Management restructure. A Technical Infrastructure guide which includes the Network strategy will be updated once the strategy has been agreed. To enable the ICT service to plan in the meantime an internal IT Technical plan is in use. These documents do exist and can be inspected on request. NN/11/01 Environmental Services (Information from TEN system) Procedural Guidance Procedural guidance has been reviewed and updated and is subject to periodic review under Departmental Quality Management system to ISO 9001:2008. BSI have tested the document control under the standard and are satisfied that this is adequately managed. Audit Trail for Licence Fees Some problems. Register of Contaminated Land Sites All potential contaminated land site the Council are aware of are on the CLAND system. 99% of sites have been inspected and risk assessed, only outstanding ones are where access is proving difficult. Any new sites will be entered and risk assessed as they are identified. Contract with Norstead Kennels Contract awarded and signed. Pest Express Contract Updated schedule for contract being agreed with Pest Express, specifically around reporting of jobs received and time between visits, prior to formal contract paperwork being signed. NN/12/03 Waste Management Contract Performance Indicator Review and Monitoring The primary KPI being applied to the assessment of the performance of the contract has been determined to be the number of Defaults issued under the contract in respect of Cleansing activities. This covers the following functional areas: Street Cleansing; Litter Bin Emptying, Emptying of Dog Waste Bins and cleaning of Public Conveniences. The target for the service is 0 (Nil). A Default may arise because of an irredeemable breach, a serious service failure whose remedy is insufficient to overcome the failure, and failure to comply with a Rectification issued by the Authorised Officer to remedy a defect in the service. Details have been agreed for 12 Appendix A the monitoring of fuel use on the contract and that a base level of 1 December 2011 will be used. The KPI for the number of missed bins will be maintained for the year as set out at the previous levels. Rationalisation of KPI measures allows greater focus on necessary outcomes at this stage of the contract. Cleansing and waste proforma monitoring sheets have been developed and are completed on monitoring visits by NNDC staff. Reporting is through the Performance Monitoring Report, Cabinet and Scrutiny as well as the Strategic Board. System Integration and Validation Checks The Improvement Plan for the year will be used to address the potential conversion of NNDC to Whitespace for the collection, storage and sharing of data to remove the risks associated with data integration which is proving less than satisfactory. Trade Waste Arrears Recovery Migration to the use of Whitespace for trade waste management as mentioned item above will lead to a more consistent ability to track and resolve issues debt recovery. 13 Audit Committee 18 September 2012 Agenda Item No______7______ 2011/12 STATEMENT OF ACCOUNTS Summary: This report presents the Statement of Accounts for 2011/12 for review by the Audit Committee prior to recommendation to Full Council for approval. The outturn position for the year was reported to Members in June and has been used to inform the production of the statutory annual accounts for 2011/12. Conclusions: The Statement of Accounts for 2011/12 has been produced in accordance with the Code of Practice on Local Authority Accounting. The draft accounts were produced by 30 June 2012 and since then have been subject to external audit review. Recommendations: Members are asked to consider and review the Statement of Accounts for 2011/12 and recommend their approval to Full Council. Contact Officer Karen Sly, 01263 516243, Karen.sly@north-norfolk.gov.uk 2011/12 Statement of Accounts 1 Introduction 1.1 The Council’s statement of accounts must be produced and audited by 30 September each year. 1.2 The Outturn report for 2011/12 was presented to Cabinet and Overview and Scrutiny in June 2012. That report provided details of the variances on the revenue account in expenditure and income compared with the revised budget and where a number of underspends had been earmarked at the year end for ongoing and new commitments for which there was no budget provision in 2012/13. The report also detailed the year end position in respect of the capital programme and the updated capital programme for 2012/13 onwards. 1.3 The Code of Practice on Local Authority Accounting in the United Kingdom 2011/12 (the Code) prescribes the form of the statutory accounts to be presented and published. Consequently the format is very prescriptive and areas of non compliance are reported by the External Auditors as part of their audit of the accounts (ISA 260 report also included on this agenda). Whereas the outturn report to Cabinet and Overview and Scrutiny provides information on the actual expenditure and income compared to budget, the statement of accounts shows the financial position of the Council and transactions in the year compared to the previous financial year. 1.4 There have been minimal changes to the reporting requirements within the accounts compared to the previous year in terms of reporting requirements, changes are detailed within section 3 of the explanatory foreword. 14 Audit Committee 18 September 2012 1.5 Since the production of the draft accounts by 30 June 2012 they have been subject to external audit review for which the auditors report (ISA 260) is included as a separate item on this agenda. 2 Statement of Accounts 2.1 A copy of the financial statements has been provided to members as an attachment to this agenda. It is an audited version and has been updated for recommendations made by the auditors. The final external audit review process is yet to be finalised and whilst there are not expected to be any significant changes to the accounts now presented, any changes will be reported verbally at the meeting. 2.2. The main focus of Members should be on the financial statements i.e: i) The Movement in Reserves Statement ii) Comprehensive Income and Expenditure Account iii) Balance Sheet iv) Cash Flow Statement v) Collection Fund. 2.3. Each of the statements are supported by a number of notes to the accounts. Other key areas to consider at the end of the financial year are the level of reserves, both earmarked and general balances. All balances will be reviewed as part of the update to the revised Medium Term Financial Plan and forthcoming budget process. 3 Conclusion 3.1 The Final version of the Statement of Accounts for 2011/12 is presented to the Audit Committee for review prior to recommendation to Full Council for approval. The statements have been produced based on the information contained in the outturn report for 2011/12 as reported in June 2012 and in accordance with statutory guidance. 15 www.pwc.co.uk Government and Public Sector North Norfolk District Council Report to those charged with governance (ISA 260 (UK&I)) September 2012 2011/12 Audit 16 www.pwc.co.uk The Members of the Audit Committee North Norfolk District Council Council Offices Holt Road Cromer Norfolk. NR27 9EN September 2012 Ladies and Gentlemen We are pleased to enclose our report to the Audit Committee in respect of our audit of North Norfolk District Council (“the Authority” ) for the year ended 31 March 2012, the primary purpose of which is to communicate the significant findings arising from our audit. The scope and proposed focus of our audit work was summarised in our audit plan, which we presented to the Audit Committee in March 2012. We have subsequently reviewed our audit plan and concluded that our original risk assessment remains appropriate. The procedures we have performed in response to our assessment of significant audit risks are detailed on page 5. We have completed the majority of our audit work and expect to be able to issue an unqualified audit opinion on the financial statements on, or before, 30 September 2012. At the time of writing, the key outstanding matters, where our work has commenced but is not yet finalised are provided on page 8. We will provide an oral update on these matters at the meeting on 18 September 2012. We look forward to discussing our report with you on 18 September. Attending the meeting from PwC will be Julian Rickett and Charlotte Kennedy. Yours faithfully Julian Rickett PricewaterhouseCoopers LLP 17 www.pwc.co.uk Contents Executive summary 4 Audit Approach 5 Significant audit and accounting matters 8 Fees update 12 Fees update for 2011/12 12 Appendices 13 Appendix 1: Letter of representation 14 Appendix 2: Control weaknesses and deficiencies 20 Code of Audit Practice and Statement of Responsibilities of Auditors and of Audited Bodies In April 2010 the Audit Commission issued a revised version of the ‘Statement of responsibilities of auditors and of audited bodies’. It is available from the Chief Executive of each audited body. The purpose of the statement is to assist auditors and audited bodies by explaining where the responsibilities of auditors begin and end and what is to be expected of the audited body in certain areas. Our reports and letters are prepared in the context of this Statement. Reports and letters prepared by appointed auditors and addressed to members or officers are prepared for the sole use of the audited body and no responsibility is taken by auditors to any member or officer in their individual capacity or to any third party. 18 North Norfolk District Council Executive summary The purpose of this report Under the Auditing Practices Board’s International Auditing Standard (UK and Ireland) 260 (ISA (UK&I) 260) - “Communication of audit matters with those charged with governance” we are required to report to those charged with governance on the significant findings from our audit before giving our audit opinion on the accounts of North Norfolk District Council (‘the Authority’). As agreed with you, we consider that “those charged with governance”, at the Authority, are the Audit Committee. This letter contains the significant matters we wish to report to you arising from all aspects of our audit programme of work in accordance with ISA (UK&I) 260. Our audit work during the year was performed in accordance with the plan that we presented to you on 6 March 2012. An audit of financial statements is not designed to identify all matters that may be relevant to those charged with governance. Accordingly, the audit does not ordinarily identify all such matters. We have set out below what we consider to be the most significant matters that we have discussed with you in the course of our work. Significant Matters There are no significant matters that we have discussed with management during the course of our work affecting our ability to issue our “true and fair” opinion and therefore wish to raise with you. However, as is the case with any audit, we have identified a number of other less significant matters which we have included in this report for your information. These include: ï‚· ï‚· ï‚· ï‚· The difficulties encountered in the extraction of the required data set through Computer Assisted Auditing Techniques (CAATs) to facilitate our testing of the Authority’s manual journal transactions; The appropriateness of inclusion of transactions as Contingent Liabilities; The calculation of the Minimum Revenue Provision and the appropriate inclusion of finance leases within this calculation and how it is reported to members; and The inclusion of an accrual for over claimed benefit subsidy. Please note that this report will be sent to the Audit Commission in accordance with the requirements of their standing guidance. We would also like to take this opportunity to express our thanks for the co-operation and assistance we have received from the management and staff of the Authority throughout our work. 19 4 North Norfolk District Council Audit Approach ISA (UK&I) 260 requires us to communicate to you relevant matters relating to the audit of the financial statements sufficiently promptly to enable you to take appropriate action. In the table below we have detailed the risks and planned responses shown in our March audit plan, as updated for the work we have subsequently performed. Audit plan risk Significant Risks Fraud and management override of controls ISA (UK&I) 240 requires that we plan our audit work to consider the risk of fraud, which is presumed to be a significant risk in any audit. This includes consideration of the risk that management may override controls in order to manipulate the financial statements. Recognition of income and expenditure Under ISA (UK&I) 240 there is a (rebuttable) presumption that there are risks of fraud in revenue recognition. We extend this presumption to the recognition of expenditure in local government. Proposed Audit Approach Outcome We will perform procedures to: ï‚· test the appropriateness of journal entries; ï‚· review accounting estimates for biases and evaluate whether circumstances producing any bias, represent a risk of material misstatement due to fraud; ï‚· evaluate the business rationale underlying significant transactions; ï‚· perform ‘unpredictable’ procedures; and ï‚· perform other audit procedures if necessary. A key process in this area is the authorisation and supporting evidence for journals. We found no exceptions in relation to our testing of journals. We will obtain an understanding of revenue and expenditure controls. We will evaluate and test the accounting policy for income and expenditure recognition to ensure that this is consistent with the requirements of the Code of Practice on Local 20 We have reviewed the work of internal audit around key financial systems controls. We have been able to place the planned level of reliance on the work of internal audit. We have completed unpredictable procedures as referred to in our audit plan without additional indicators of fraud or management override being detected. These consisted of: ï‚· review of transactions under the waste management contract. We have reviewed management estimates as part of our audit procedures. Our audit testing did not identify any areas of management bias in respect of estimation techniques and we are not minded to challenge the appropriateness of estimates used in the accounts. We have considered the accounting policies adopted by the Authority and subjected income and expenditure to the appropriate level of testing to identify any material misstatement. This included testing of selected income and expenditure transactions, review of journals and also testing on some smaller value income and expenditure items. 5 North Norfolk District Council Authority Accounting. Other Risks Heritage assets For the first time in the 2011/12 Statement of Accounts, the Code of Practice on Local Authority Accounting in the United Kingdom requires authorities to present information about the heritage assets that they hold. Where it is practicable to obtain a valuation (at a cost commensurate with the benefits to users of the Statement of Accounts), the Code also now requires material amounts of heritage assets to be carried in the Balance Sheet at that valuation. Valuation and accounting treatment of leases The Council continues to be party to several significant and complex leases. The Council changed the supplier of its waste management contract from 01 April 2011. The terms of this new arrangement will need to be carefully considered against the requirements of International Financial Reporting Interpretations Committee (IFRIC) 4 – Determining whether an arrangement contains a lease and, if applicable, International Accounting Standard (IAS) 17 – Leases. Redundancy costs As a result of continuous increase in pressure on budgets, the Council will need to continue to review its current workforce. Any termination of contracts, in particular in relation to senior staff could be high profile and are likely to result in initial one-off costs. We will assess the approach taken by the Council to implement the new accounting requirements, including the methods used to identify and assess heritage assets. We will assess whether the Council has made all appropriate accounting disclosures in relation to heritage assets, including carrying material heritage assets in the Balance Sheet. We will assess the approach taken by the Council in determining the value and classification of leases. We found that the Authority had followed its accounting policies in accounting for transactions and that these accounting policies were appropriate and in line with the CIPFA Code. We have considered and are not minded to challenge the approach taken by the Council in identifying heritage assets. Our review of the treatment of heritage assets identified a minor disclosure issue which has been adjusted for by the Council. We have considered significant lease transactions as part of our audit approach and found no significant matters to report to you in this context. We will evaluate and test a sample of leases to determine whether the Council’s approach to leases has been followed and applied correctly. We will review any significant redundancies, early retirement, severance and ex-gratia payments as part of our audit work on the accounts including, where appropriate the Council’s arrangements with respect to consideration of the legality and value for money of such payments. 21 We have reviewed the exit packages disclosed in the Council’s financial statements. At the time of writing this work is ongoing and we will therefore provide members with a verbal update at the meeting on 18 September 2012 6 North Norfolk District Council Savings Plans The Council continues to need to achieve significant savings to meet its medium term financial plan, following a reduction in central government funding. We will continue to monitor the Council’s progress against its savings plans and budgets and the actions it is taking to identify future savings. We have reviewed the Authority’s savings plans as part of our value for money conclusion work. We identified the following matters: ï‚· Whilst the Council is using reserves in the short term to balance its budgets, it is of the view that a prudent level of reserves remains on the balance sheet. ï‚· There remain significant challenges in maintaining the medium term financial stability of the Council. In particular, the Council should: - Ensure savings are identified early on and action taken to address budgetary shortfalls; - Consider very closely the use of reserves in funding revenue expenditure; - Ensure members remain actively involved in the budget setting process so that the budget is aligned to the strategic direction of the Council. Our work has not identified any current indications that the Council is not putting in place appropriate procedures to address these points. 22 7 North Norfolk District Council Significant audit and accounting matters Accounts We have completed the audit of the financial statements in line with current Auditing Standards apart from the following: ï‚· ï‚· ï‚· ï‚· ï‚· ï‚· ï‚· ï‚· ï‚· completion of our testing of exit packages; review of the explanatory foreword to ensure consistency with the Code and the rest of the accounts; conclusion of our testing of NNDR balances; completion of our testing of related parties; completion of our testing of members allowances; completion of our internal review and quality control procedures; our review of the final version of the financial statements with all of the agreed changes having been made; approval of the financial statements by the Audit Committee; and receipt of all relevant signed statements and the management representation letter. We will update the Audit Committee on our progress at its meeting on 18 September 2012. Accounting issues Testing of Manual Journals As part of our planned audit approach, we have engaged with our Data Assurance team to assist us in extracting a complete list of manual journals from the Authority’s general ledger system. This process was not as effective as it could have been as the Authority could not provide the data extracted in the format required. At the time of writing this report, we are working with the Authority to get to a satisfactory outcome. We will provide the committee with a verbal update at its meeting on 18 September 2012. Contingent Liabilities The Authority included a number of contingent liabilities within its draft financial statements. We have considered the appropriateness of these items under the relevant accounting standards. The Authority has agreed to make a small number of changes to the disclosure of contingent liabilities to comply with the prevailing accounting standards. Minimum Revenue Provision The Authority is required to report annually to members its MRP position under the CIPFA Prudential Code. Whilst the Authority is ‘debt free’, it does have a number of finance leases in order to deliver the waste management contract with Kier. These leases were excluded from the report to members in February 2012. The Authority has agreed that it will report the MRP including the leases going forward and we have confirmed that the provision in the financial statements has been calculated in line with the relevant guidance. Housing Subsidy liability A liability of £103,000 was included within the Authority’s draft financial statements in relation to the potential claw back of housing and Council Tax subsidy income received by Authority from the Department of Work and Pensions (DWP). The Authority based this amount on 0.5% of the subsidy within the 2011/12 claim. However, the Authority is unable to provide evidence to demonstrate that the DWP had clawed back, or intended to claw back or retain, subsidy due as a result of exceptions noted in previous audit certifications of the Housing and Council Tax Benefit Subsidy claim. In addition, the Council could not provide any evidence to support the liability at 0.5% of 2011/12 subsidy due. 23 8 North Norfolk District Council We do not consider that the £103,000 creditor meets the definition of liability because there is no contractual obligation. The authority has agreed to adjust its accounts for this, thus creating a reserve for this potential liability. Valuation of Property The Council’s accounting policy is for assets classified as infrastructure, community assets and assets under construction to be valued at depreciated historical cost with all other assets being valued at fair value in existing use. The Council arranges for periodic, professional valuations of property every five years with interim valuations considered in the intervening years to identify any factors that may indicate whether the fair value stated in the Balance Sheet might be materially misstated. The Council’s properties were valued by NPS or the Council’s internal valuers. In estimating the fair value to be included in the 2011/12 accounts, management has utilised the expertise of the Council’s internal valuers. However, the assumptions used by these experts remain the responsibility of management. Our internal valuers have reviewed the work performed by the Council. We are currently not minded to challenge the Council’s property valuations. Misstatements and significant audit adjustments We are required to report to you all uncorrected misstatements which we have identified during the course of our audit, other than those of a trivial nature (which we have agreed with you are those below £50,000). There are no such misstatements to report to you. We have also brought to your attention the misstatement relating to the DWP liability earlier in this report which has been corrected by management but which we consider you should be aware of in fulfilling your governance responsibilities. Significant accounting principles and policies Significant accounting principles and policies are disclosed in the notes to the financial statements. We will ask the Audit Committee to represent to us that they have considered the selection of, or changes in, significant accounting policies and practices that have, or could have, a material effect on the entity's financial statements. Judgements and accounting estimates The following significant judgments and accounting estimates were used in the preparation of the financial statements: ï‚· ï‚· ï‚· ï‚· ï‚· Property, Plant and Equipment - Depreciation and Valuation – The Council charges depreciation based on an estimate of the Useful Economic Lives for the majority of Property, Plant and Equipment (PPE). This involves a degree of estimation. The Council also values PPE in accordance with its accounting policies to ensure that the carrying value is appropriate. This involves some judgement and reliance on the Council’s internal valuers. Bad Debt Provision – The Bad Debt Provision for sundry debtors is calculated on the basis of age and an assessment of the potential recoverability of invoices. There is an inherent level of judgement involved in calculating these provisions and the Council relies on the knowledge of the Departments for information on specific transactions. Accruals - The Council raises accruals for expenditure where an invoice has not been raised or received at the year end, but there is a known liability to be met which relates to the current year. This involves a degree of estimation. Provisions: Because provisions are liabilities of an uncertain timing or amount, there is an inherent level of judgement to be applied. Pensions: The Council relies on the work of an actuary in calculating these balances. 24 9 North Norfolk District Council ï‚· Provision for accumulated absences - The Council calculates its accrual for untaken holiday and employment benefits at the year-end based on returns completed by managers. We will ask you to represent to us that you are satisfied with the assumptions made in arriving at these judgements and estimates in the accounts. Disagreements with management There have been no disagreements with management during the course of the audit which individually or in aggregate could be significant to your financial statements or our audit report. Management representations The final draft of the representation letter that we are requesting management to sign and those charged with governance to approve is attached in Appendix 1. Whilst much of this letter is standard for local government entities, we have specifically asked the Audit Committee to confirm the values attributed to the Authority’s property, plant and equipment in the financial statements are not materially misstated. Related parties There are no significant related party matters to be communicated. Audit independence We confirm that, in our professional judgment, as at the date of this document, we are independent of the Authority, within the meaning of UK regulatory and professional requirements and that the objectivity of the audit engagement leader and the audit staff is not impaired. Accounting systems and systems of internal control You have to develop and implement systems of internal financial control and put in place proper arrangements to monitor their adequacy and effectiveness. As auditors, we review these arrangements for the audit of the financial statements and our review of the Annual Governance Statement. We have no significant control issues to bring to your attention. We have included a report of minor internal control issues in Appendix 2 to this report. Annual Governance Statement Local Authorities are required to produce an Annual Governance Statement (AGS), which is consistent with guidance issued by CIPFA / SOLACE: ‘Delivering Good Governance in Local Government’. We reviewed the draft AGS to consider whether it complied with the CIPFA / SOLACE ‘Delivering Good Governance in Local Government’ framework and whether it is misleading or inconsistent with other information known to us from our audit work. We found no areas of concern to report in this context. Economy, efficiency and effectiveness Our value for money code responsibility requires us to carry out sufficient and relevant work in order to conclude on whether you have put in place proper arrangements to secure economy, efficiency and effectiveness in the use of resources. In accordance with guidance issued by the Audit Commission, in 2011/12 our conclusion is based on two criteria: ï‚· ï‚· The organisation has proper arrangements for securing financial resilience; and The organisation has proper arrangements for challenging how you secure economy, efficiency and effectiveness. As was the case last year, but unlike in previous years, we have not had to reach a scored judgment on these criteria and the Audit Commission has not developed ‘key lines of enquiry’ for each criteria. Instead, we have 25 10 North Norfolk District Council determined a local programme of audit work based on our audit risk assessment, informed by these criteria and our statutory responsibilities. We anticipate issuing an unqualified value for money conclusion. Risk of Fraud We discussed with the Audit Committee their understanding of the risk of fraud and corruption and any instances thereof when presenting our Audit Plan. In presenting this report to the Audit Committee we seek members’ confirmation that there have been no changes to their view of fraud risk and that no additional matters have arisen that should be brought to our attention. A specific confirmation from management in relation to fraud is included in the letter of representation. 26 11 North Norfolk District Council Fees update Fees update for 2011/12 We reported our fee proposals as part of the Audit Plan for 2011/12. 2011/12 proposed Financial Statements Whole of Government Accounts Use of Resources Grant Certification Total £118,750 £48,650 £167,400 As noted above, our audit is still ongoing at the time of writing this report. Until we have finalised our work, we are not in a position to provide members with an update on actual fees for 2011/12. We will include this analysis as part of our Annual Audit Letter to be issued later in the year. Fees proposal for 2012/13 We are able to report to you the 2012/13 initial fee proposals as set out by the Audit Commission on its website (http://www.audit-commission.gov.ukaudit-regime/audit fees/201213fees/pages/201213 feesandworkprogramme.aspx ). The scale fee for North Norfolk District Council is as follows: 2012/13 Scale Fee Financial Statements Whole of Government Accounts Use of Resources Grant Certification Total 71,250 36,000 107,250 This represents an overall reduction of 36%. At this stage, we are not aware of any factors that would cause our fees to vary from the scale fee shown. The Audit Committee may also wish to be aware that we are no longer required to rebate a proportion of our audit fee to the Audit Commission for 2012/13 as we have done in previous years. This accounts for the apparent disparity in fees. 27 12 [Date] Appendices 13 28 North Norfolk District Council Appendix 1: Letter of representation 18 September 2012 To: PricewaterhouseCoopers LLP The Atrium St Georges Street Norwich NR3 1AG Your Ref: JCR/CK Dear Sirs This representation letter is provided in connection with your audit of the Statement of Accounts of North Norfolk District Council (the “Authority”) for the year ended 31 March 2012 for the purpose of expressing an opinion as to whether the Statement of Accounts gives a true and fair view, and has been properly prepared in accordance with the CIPFA/LASAAC Code of Practice on Local Authority Accounting in the United Kingdom 2011/12 and the Service Reporting Code of Practice 2011/12. My responsibilities as Chief Financial Officer for preparing the financial statements are set out in the Statement of Responsibilities for the Statement of Accounts. I am also responsible for the administration of the financial affairs of the Authority I also acknowledge that I am responsible for making accurate representations to you. I confirm that the following representations are made on the basis of enquiries of other chief officers and members of North Norfolk District Council with relevant knowledge and experience and, where appropriate, of inspection of supporting documentation sufficient to satisfy myself that I can properly make each of the following representations to you. I confirm, to the best of my knowledge and belief, and having made the appropriate enquiries, the following representations: Financial Statements I have fulfilled my responsibilities, for the preparation of the Statement of Accounts in accordance with the CIPFA/LASAAC Code of Practice on Local Authority Accounting in the United Kingdom; in particular the financial statements give a true and fair view in accordance therewith. Where instances of non compliance with the CIPFA/LASAAC Code of Practice on Local Authority Accounting in the United Kingdom have been identified within the Authority’s accounting policies, I confirm that the policies adopted are the most appropriate to give a true and fair view for the authority's particular circumstances, as required by the aforementioned Code. All transactions have been recorded in the accounting records and are reflected in the financial statements. Significant assumptions used by the Authority in making accounting estimates, including those surrounding measurement at fair value, are reasonable. All events subsequent to the date of the financial statements for which the CIPFA/LASAAC Code of Practice on Local Authority Accounting in the United Kingdom requires adjustment or disclosure have been adjusted or disclosed. 29 14 North Norfolk District Council Information Provided I have taken all the steps that I ought to have taken in order to make myself aware of any relevant audit information and to establish that you (the Authority's auditors) are aware of that information. I have provided you with: ï‚· access to all information of which I am aware that is relevant to the preparation of the financial statements such as records, documentation and other matters, including minutes of the Council, relevant committees including the pension fund management board and other relevant management meetings; ï‚· additional information that you have requested from us for the purpose of the audit; and ï‚· unrestricted access to persons within the Authority from whom you determined it necessary to obtain audit evidence. So far as I am aware, there is no relevant audit information of which you are unaware. Fraud and non-compliance with laws and regulations I acknowledge responsibility for the design, implementation and maintenance of internal control to prevent and detect fraud. I have disclosed to you the results of our assessment of the risk that the financial statements may be materially misstated as a result of fraud. I have disclosed to you all information in relation to fraud or suspected fraud that we are aware of and that affects the Authority and involves: ï‚· management; ï‚· employees who have significant roles in internal control; or ï‚· others where the fraud could have a material effect on the financial statements. I have disclosed to you all information in relation to allegations of fraud, or suspected fraud, affecting the Authority’s financial statements communicated by employees, former employees, analysts, regulators or others. I have disclosed to you all known instances of non-compliance or suspected non-compliance with laws and regulations whose effects should be considered when preparing financial statements. I am not aware of any instances of actual or potential breaches of or non-compliance with laws and regulations which provide a legal framework within which the Authority conducts its business and which are central to the Authority’s ability to conduct its business or that could have a material effect on the financial statements. I am not aware of any irregularities, or allegations of irregularities including fraud, involving members, management or employees who have a significant role in the accounting and internal control systems, or that could have a material effect on the financial statements. Related party transactions I confirm that we have disclosed to you the identity of the Authority’s related parties and all the related party relationships and transactions of which we are aware. 30 15 North Norfolk District Council Related party relationships and transactions have been appropriately accounted for and disclosed in accordance with the requirements of Section 3.9 of the CIPFA/LASAAC Code of Practice on Local Authority Accounting in the United Kingdom. We confirm that we have identified to you all senior officers, as defined by the Accounts and Audit Regulations 2011, and included their remuneration in the disclosures of senior officer remuneration. Employee Benefits I confirm that the Authority has made you aware of all employee benefit schemes in which employees of the Authority participate. Contractual arrangements/agreements All contractual arrangements (including side-letters to agreements) entered into by the Authority have been properly reflected in the accounting records or, where material (or potentially material) to the financial statements, have been disclosed to you. Litigation and claims I have disclosed to you all known actual or possible litigation and claims whose effects should be considered when preparing the financial statements and such matters have been appropriately accounted for and disclosed in accordance with the Code of Practice on Local Authority Accounting in the United Kingdom. Taxation I have complied with UK taxation requirements and have brought to account all liabilities for taxation due to the relevant tax authorities whether in respect of any indirect taxes. I am not aware of any non-compliance that would give rise to additional liabilities by way of penalty or interest and I have made full disclosure regarding any Revenue Authority queries or investigations that we are aware of or that are ongoing. In particular: ï‚· In connection with any tax accounting requirements, I am satisfied that our systems are capable of identifying all material tax liabilities and transactions subject to tax and have maintained all documents and records required to be kept by the relevant tax authorities in accordance with UK law or in accordance with any agreement reached with such authorities. ï‚· I have submitted all returns and made all payments that were required to be made (within the relevant time limits) to the relevant tax authorities including any return requiring us to disclose any tax planning transactions that have been undertaken for the Authority’s benefit or any other party’s benefit. ï‚· I am not aware of any taxation, penalties or interest that are yet to be assessed relating to either the Authority or any associated company for whose taxation liabilities the Authority may be responsible. Pension fund assets and liabilities All known assets and liabilities including contingent liabilities, as at the 31 March 2012, have been taken into account or referred to in the financial statements. Details of all financial instruments, including derivatives, entered into during the year have been made available to you. Any such instruments open at the 31 March 2012 have been properly valued and that valuation incorporated into the financial statements. 31 16 North Norfolk District Council Bank accounts I confirm that we have disclosed all bank accounts to you including those that are maintained in respect of the pension fund. Going Concern An assessment has been made of the financial health of the Authority for a period of at least one year from the approval of the financial statements. Accounting Estimates Regarding the accrual for uncompensated absences, an accounting estimate that was recognised in the financial statements: ï‚· The Authority has used appropriate measurement processes, including related assumptions and odels, in determining the accounting estimate in the context of the CIPFA/LASAAC Code of Practice on Local Authority Accounting in the United Kingdom. Assets and liabilities All known assets and liabilities including contingent liabilities, as at the 31 March 2012, have been taken into account or referred to in the financial statements. Details of all financial instruments, including derivatives, entered into during the year have been made available to you. Any such instruments open at the 31 March 2012 have been properly valued and that valuation incorporated into the financial statements. When appropriate, open positions in off-balance sheet financial instruments have also been properly disclosed in the financial statements. The value at which assets and liabilities are recorded in the net assets statement is, in the opinion of the Authority, the market value. We are responsible for the reasonableness of any significant assumptions underlying the valuation, including consideration of whether they appropriately reflect our intent and ability to carry out specific courses of action on behalf of the pension fund. Any significant changes in those values since the date of the financial statements have been disclosed to you. The Authority has no plans or intentions that may materially alter the carrying value and where relevant the fair value measurements or classification of assets and liabilities reflected in the financial statements. In my opinion, on realisation in the ordinary course of the business the current assets in the balance sheet are expected to produce no less than the net book amounts at which they are stated. The Authority has no plans or intentions that will result in any excess or obsolete inventory, and no inventory is stated at an amount in excess of net realisable value. The Authority has satisfactory title to all assets and there are no liens or encumbrances on the Authority's assets, except for those that are disclosed in the financial statements. I confirm that the current accounting for government grants whilst not in accordance with the CIPFA/LASAAC Code of Practice on Local Authority Accounting in the United Kingdom is the most appropriate treatment to give a true and fair view for the authority's particular circumstances, as required by the aforementioned Code. I confirm that we have carried out impairment reviews appropriately, including an assessment of when such reviews are required, where they are not mandatory. I confirm that we have used the appropriate assumptions with those reviews. 32 17 North Norfolk District Council Using the work of experts I agree with the findings of our valuation experts in evaluating the value of our non-current assets and have adequately considered the competence and capabilities of the experts in determining the amounts and disclosures used in the preparation of the financial statements and underlying accounting records. The Authority did not give or cause any instructions to be given to experts with respect to the values or amounts derived in an attempt to bias their work, and I am not otherwise aware of any matters that have had an impact on the objectivity of the experts. Retirement Benefits All significant retirement benefits that Authority is committed to providing, including any arrangements that are statutory, contractual or implicit in Authority’s actions, wherever they arise, whether funded or unfunded, approved or unapproved, have been identified and accounted for in accordance with the CIPFA/LASAAC Code of Practice on Local Authority Accounting in the United Kingdom and disclosed. All settlements and curtailments in respect of retirement benefit schemes have been identified and properly accounted for. The following actuarial assumptions underlying the valuation of retirement benefit scheme liabilities are consistent with my knowledge of the business and in my view would lead to the best estimate of the future cash flows that will arise under the scheme liabilities: Rate of Inflation Rate of Increase in Salaries Rate of Increase in Pensions Discount Rate Expected Return on Assets Longevity at 65 for current pensioners Men Women Longevity at 65 for future pensioners Men Women 3.3% 4.8% (1% until 2015) 2.5% 4.8% 5.5% 21.2 years 23.4 years 23.6 years 25.8 years We have considered the assumptions made by our actuary in relation to the take-up of the entitlement to a lump sum under Regulation 3 of the Local Government Pension Scheme (Amendment) Regulations 2006 (Statutory Instrument 2006/966), and, in our view, the assumption of 50% take-up reflected in the accounts is the most appropriate assumption for the preparation of our financial statements and leads to the best estimate of scheme liabilities. Financial Instruments All embedded derivatives and embedded leases have been identified and appropriately accounted for under the CIPFA/LASAAC Code of Practice on Local Authority Accounting in the United Kingdom. Where we have assigned fair values to financial instruments, we confirm that the valuation techniques, the inputs to those techniques and assumptions that have been made are appropriate, and reflect market conditions at the balance sheet date, and are in line with the business environment in which we operate. 33 18 North Norfolk District Council As minuted by the Audit Committee at its meeting on 18 September 2012 Chief Financial Officer For and on behalf of North Norfolk District Council Date: 34 19 North Norfolk District Council Appendix 2: Control weaknesses and deficiencies Ref 1 Description Password Parameters The password parameters for eFinancials do not meet the requirements of GSX Connect (also known as CoCo). The password parameters for Civica do not meet the requirements of the Authority’s own ICT security policy. 2 ITGC – Back Ups No recoverability testing has been undertaken or necessary in 2011/12. 3 ITGC – Back Ups We were unable to obtain reports to verify that back ups are run for the Civca system and the Network on a regular scheduled basis. 4 Collection Fund Reconciliation The council reconciles its council tax cash collections and refunds to the council tax system on a monthly basis however this reconciliation is not evidenced as having taken place. Recommendation Management Response Password parameters, should be set as follows: ï‚· 20 passwords should be remembered; ï‚· Password expiry time period should be a maximum of 90 days; ï‚· Minimum password length should be 7 characters; and ï‚· Passwords should have at least one alpha numeric digit. Efin password parameters: 10 remembered; Max 30 days; Minimum length 6; At least one alpha numeric. Recoverability testing should be run on a regular basis to test the integrity of back ups. A script to transfer information from the live system to the test system, is run regularly which provides a mitigating control. Reports should be retained to evidence that back ups have taken place. Records and reports are retained to verify that backups have been run for the old Civica system (now read only) and the Network. These can be inspected if required. A formal reconciliation process should be put into operation. Prior to the change of the cash receipting system monthly three way reconciliations (Cash Receipting System – General Ledger – Revenues System) were being completed. Some initial problems with reporting from the new (cash receipting) system meant that only two way reconciliations were being carried out. This has been rectified and monthly reconciliations are now being carried out which are reviewed by the Revenues Manager. An annual reconciliation will be completed for the position at 31 March. 35 Civica parameters: 20 remembered; Max 30 days; Minimum length 7; At least one alpha numeric. Efin upgrade is due to take place November 2012, password parameters will be reviewed as part of the upgrade. 20 North Norfolk District Council 5 Officers’ Emoluments In previous years, details of the members of staff paid over £55k from the GL were compared to Payroll information to ensure all details were accurately taken from the GL. This was not completed this year which resulted in discrepancies. Amendments have subsequently been made to the accounts to ensure appropriate disclosure. Officers’ emoluments data per the GL should be reconciled to the payroll system. 36 Agreed 21 In the event that, pursuant to a request which North Norfolk District Council has received under the Freedom of Information Act 2000, it is required to disclose any information contained in this report, it will notify PwC promptly and consult with PwC prior to disclosing such report. North Norfolk District Council agrees to pay due regard to any representations which PwC may make in connection with such disclosure and North Norfolk District Council shall apply any relevant exemptions which may exist under the Act to such report. If, following consultation with PwC, North Norfolk District Council discloses this report or any part thereof, it shall ensure that any disclaimer which PwC has included or may subsequently wish to include in the information is reproduced in full in any copies disclosed. ©2012 PricewaterhouseCoopers LLP. All rights reserved. PricewaterhouseCoopers refers to PricewaterhouseCoopers LLP (a limited liability partnership in the United Kingdom) or, as the context requires, other member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity. 37 North Norfolk District Council Protocol for liaison between internal and external auditors 2012/13 201 September 2012 38 Sheila Oxtoby North Norfolk District Council Council Offices Holt Road Cromer Norfolk NR27 9EN September 2012 Dear Sheila, Protocol for liaison between internal and external auditors 2012/13 Following changes to key personnel within both the internal and external audit teams, we have taken this opportunity to refresh the protocol between internal and external audit. If you have any queries about this, please do not hesitate to contact either one of us. Yours sincerely Julian Rickett Sandra King 39 Contents Introduction 1 Background 2 Planning and Liaison 3 Reliance on the work performed by Internal Audit 5 Appendix A: Sample Sizes 8 Appendix B: Summary of Key Internal Financial Controls 10 In March 2010 the Audit Commission issued a revised version of the ‘Statement of responsibilities of auditors and of audited bodies’. It is available from the Chief Executive of each audited body and on the Audit Commission’s website. The purpose of the statement is to assist auditors and audited bodies by explaining where the responsibilities of auditors begin and end and what is to be expected of the audited body in certain areas. This report is prepared in the context of this Statement. Reports and letters prepared by appointed auditors (PwC in this instance) and addressed to members or officers are prepared for the sole use of the audited body and no responsibility is taken by auditors to any Member or officer in their individual capacity or to any third party. 40 Introduction 1 This document sets out the proposed working relationship between the PricewaterhouseCoopers LLP (PwC) audit team and the internal auditors of North Norfolk District Council, (referred to as ‘Internal Audit’). 2 The purpose of this document is to set out the general approach and principles to be put in place to facilitate the delivery of a managed audit. This will aid joined-up working, reducing duplication of audit work. 3 This document sets out: 4 ï‚· Confirmation of the liaison arrangements between Internal and External Audit; ï‚· The requirements to be followed in order that PwC can place the desired level of assurance on the work of internal audit; ï‚· PwC requirements on sample sizes; and ï‚· A detailed summary of controls and suggested testing that PwC consider to be key in proving the internal financial control systems. These arrangements are subject to regular review by both parties and amendments can be made subject to mutual agreement. 1 41 Background 5 North Norfolk District Council (“the Council”) has a responsibility to put in place proper arrangements for the governance and stewardship of its resources. Internal Audit is an important part of these arrangements. In the course of discharging its responsibilities, Internal Audit is required to deliver a service which meets the professional standards laid down in the CIPFA Code of Practice for Internal Audit in Local Government in the United Kingdom 2006 and CIPFA’s published Statement on the Role of the Head of Internal Audit in Public Service Organisations 2010. 6 Under the Audit Commission Act 1998 and the Code of Audit Practice the external auditor appointed by the Audit Commission is responsible for reviewing and reporting on the Council’s: ï‚· Financial Statements and Annual Governance Statement; ï‚· Arrangements for securing economy, efficiency and effectiveness in its Use of Resources: and, ï‚· Grant certification (if required). 7 Internal Audit evaluates the effectiveness of the control environment in achieving the organisation’s objectives. In part fulfilment of these responsibilities, Internal Audit carry out reviews of systems and key controls, including evaluation and testing of those controls. 8 The external auditor does not have a role in directing the work of Internal Audit, nor does it have a direct role in the quality assurance process. 9 Although internal and external auditors carry out their work with different objectives in mind, many of the processes are similar in respect of the review of the controls in place over the Council’s financial systems. Therefore, it is appropriate that they should work together closely. Every effort is made to ensure effective co-operation between the two bodies, in order to minimise duplication of effort and maximise the benefits and value achieved from the Council’s total audit resource. An open and constructive relationship is thus cultivated between the two bodies, audit plans are shared and wherever possible, reliance is placed upon each other’s work. 10 The Audit Commission emphasises this need for co-operation in a number of its publications: ï‚· The Code of Audit Practice 2005 states that external auditors should establish effective co-ordination arrangements between internal and external audit and seek to place maximum reliance on the work of Internal Audit wherever possible; ï‚· ‘It Takes Two’ (published in 1996) is a good practice guide to assessing and improving co-operation between internal and external auditors; and ï‚· The Managed Audit Good Practice Guide 1995 promotes a more efficient audit by encouraging reliance on the control environment, which includes Internal Audit. 2 42 Planning and Liaison 11 To facilitate effective planning and liaison between PwC and Internal Audit the following communications will be made: ï‚· Quarterly liaison meetings; ï‚· Communication of the respective Audit Plans; ï‚· Informing the other party of significant changes in the audit approach compared to the Audit Plan, including delays to the scheduled/expected work plan; ï‚· Forwarding of all finalised external audit reports arising as a result of work performed and internal audit reports relating to the Council’s fundamental financial systems (see appendix B) and any other reports considered to be relevant once finalised; ï‚· Communication of the annual reports/letters; ï‚· Communication of fraud investigations and alerts initiated on a timely basis; and ï‚· Significant concerns regarding the internal controls or financial performance of the Council. 12 Internal Audit will also provide PwC with the following upon request: ï‚· Terms of Reference; ï‚· The risk analysis on which they have based their programme of work; ï‚· Statement of assurance/opinion on the Council’s systems of internal control, as reflected in the Council’s Annual Governance Statement; and ï‚· Audit files. 13 All communications will be made on a timely basis. 3 43 14 The key points of contact will be as follows: Name Position Email Address North Norfolk District Council Sheila Oxtoby Chief Executive sheila.oxtoby@north-norfolk.gov.uk Karen Sly Head of Finance karen.sly@north-norfolk.gov.uk Sandra King Head of Internal Audit scking@s-norfolk.gov.uk Emma Hodds Deputy Audit Manager ehodds@s-norfolk.gov.uk Internal Audit PricewaterhouseCoopers LLP Julian Rickett Engagement Leader julian.c.rickett@uk.pwc.com Charlotte Kennedy Engagement Manager charlotte.kennedy@uk.pwc.com Phil Beecher Engagement Team Leader philip.e.beecher@uk.pwc.com 4 44 Reliance on the work performed by Internal Audit 15 In accordance with Clarity International Standard on Auditing (ISA) 610, in order to place reliance on the work performed by Internal Audit, it will be necessary for PwC to review the working papers and reports of Internal Audit and re-perform testing on a sample basis. To facilitate this, PwC will need to satisfy itself that: ï‚· The scope of the work is appropriate; ï‚· Audit programmes are adequate; ï‚· Working papers adequately document work performed; ï‚· Conclusions are appropriate in the circumstances; ï‚· Reports are consistent with the results of work performed; ï‚· Any exceptions or unusual matters are properly resolved; and ï‚· Supervision and review within Internal Audit appears to have been appropriately carried out (e.g. review by senior audit personnel of work performed). 16 PwC will also need to ensure that the conclusions made by Internal Audit have been reached using testing sample sizes that are equal to, or in excess of, the sample sizes PwC would have needed to apply to reach the same conclusions. PwC provide further guidance as to the sample sizes required and this is included in Appendix A. 17 The degree to which PwC can place reliance on the work of Internal Audit is also affected by the timing and/or completion of the audits. In order that PwC can place reliance on the work of Internal Audit, the timetables detailed below will be adhered to. 18 Under the Audit Commission’s Code of Audit Practice (“the Code”) the key aspect of PwC’s work is relating to the accounts, including a review of the Statement of Internal Control. Accounts 19 As detailed in PwC’s Audit Plan, the accounts audit is carried out in accordance with the Accounts Code objective. It requires PwC to comply with the Clarity International Standards on Auditing (ISAs) (UK & Ireland) issued by the Auditing Practices Board (APB). PwC plan and perform their audit so as to be able to provide reasonable assurance that the financial statements are free from material misstatement and give a true and fair view. PwC use professional judgement to assess what is material. This includes consideration of the amount and nature of transactions. 20 PwC’s audit approach is based on a thorough understanding of the Council’s business and is risk-driven. It first identifies and then concentrates resources on 5 45 areas of higher risk and issues of concern to the Council. This involves breaking down the accounts into components. PwC assess the risk characteristics of each component to determine the audit work required. 21 PwC adopts a top-down, controls-based approach to the audit, where a thorough drill down of the management structure and review key business processes is carried out. From this, PwC focus their work on verifying, evaluating and validating, where possible, the controls management use to ascertain how much assurance can be drawn from them. The work on the Council’s key controls is supplemented with detailed analytical procedures and additional substantive tests as necessary. 22 It is the review of key business systems and controls on which PwC will seek to place reliance on the work of Internal Audit wherever possible. To enable this, Internal Audit will complete this work prior to the commencement of PwC’s initial fieldwork. Estimates are that this will be in Spring 2013. Should the timing need to be brought forward or changed, this would be discussed and agreed as part of the liaison meetings. 23 The most significant matters on which PwC plan to place reliance on the work of Internal Audit are: ï‚· The understanding, evaluating and validating of the controls over the following key financial systems, including:  Purchasing and payables/creditors;  Income receivable/debtors;  Payroll and pensions;  Fixed assets;  Cash/Treasury Management;  Housing and Council Tax Benefits;  Council Tax;  National Non-Domestic Rates;  General ledger maintenance;  Budgetary controls - including budget setting and monitoring; and  Car parks income. ï‚· Review of the assurance given by Internal Audit in relation to the Annual Governance Statement; and ï‚· Assessment of fraud risk (as required under ISA240). This will primarily relate to the review of any assessment undertaken by internal audit to inform their programme of work and review/discussion of the results of any internal audit reviews and/or investigations in so far as they relate to the risk of fraud within the Council. 24 Appendix B details the key controls Internal Audit will test as part of the work on the Council’s key financial systems. If these were not tested for any reason then PwC would need to perform additional work to gain the audit assurance required for PwC’s opinion on the Council’s financial statements. 6 46 Grant certification 25 At present there are no formal arrangements for joint working in respect of grant certification. However a dialogue will be maintained in order to share matters of concern so that both parties can consider them when planning work in this area. Fraud 26 Internal audit will notify PwC promptly of all frauds exceeding £10,000. PwC will, in turn, notify the Audit Commission of such frauds including any cases of corruption or any fraud cases of particular interest of complexity, via an AF70 for submission to the Audit Commission Counter-Fraud Unit. If appropriate, PwC will offer support and assistance to Internal Audit in investigating significant frauds. 27 In the event that PwC suspect a fraud, PwC will pass the case over to the control of Internal Audit who will then be expected to oversee the investigation of the case and keep PwC informed of progress. PwC reserve the right to retain control over a fraud investigation, although this is only likely in exceptional circumstances. 7 47 Appendix A: Sample Sizes PwC Sample sizes In relation to manually performed controls, the following sample size ranges should be used: Frequency of Control Annual Quarterly Monthly Weekly Daily Multiple times a day Number of items to test for low assurance Number of items to test for medium assurance 1 2 3-4 10 30 45 2 5 20 25 Number of items to test for high assurance 5 15 40 60 Frequency of Control The reference to “items” refers to the number of occurrences for the control. For example, in relation to testing bank reconciliations where the control is undertaken monthly, PwC would expected either 2, 3, 4 or 5 reconciliations to be tested dependent on the level of assurance required (see below) from undertaking the test. Where it is not possible to ascertain the frequency of the control as this is done on an ad-hoc basis, PwC would expect a yearly estimate, based on past performance, to be calculated to determine the frequency of the control. For example, at the time of the audit review in October, 37 individuals joined the Council in the period 1 April – 30 September. An expectation of the yearly number of starters would therefore be 37 x 2 = 74. This equates to between a weekly, (control operates approximately 52 times a year), and a daily, (control operates approximately 260 times a year), control. Therefore, in testing the controls surrounding starters on the payroll system PwC would expect the frequency of the control to be weekly (nearest approximation to the frequency that the control has/will have operated during the year). 8 48 Level of Assurance The level of assurance required from the audit testing and therefore the choice of the number of items to test in relation to a specific control will be based on: ï‚· The significance of the risk addressed by the control, (the greater the risk, the greater assurance is required); ï‚· The importance of the control to addressing the risk, (the greater the importance, the greater the assurance required); ï‚· The degree to which the control is cumulative, (cumulative controls will lower the assurance required); ï‚· The relevance and reliability of the audit evidence to be obtained in supporting that the control prevents, or detects and corrects, material misstatements at the control assertion level. (The assertions are: completeness, accuracy, validity and restricted access). For example third party evidence used in testing the control will lower the assurance required; ï‚· The extent to which audit evidence is obtained from tests of other controls related to the assertion. Therefore, if other controls tested verify the accuracy of items, it may be considered that a items for a lower level of assurance would be appropriate for testing if the control addresses this same audit assertion; and ï‚· The amount of assurance required from the testing of the control (e.g. for a new control a high level of assurance would be considered appropriate). Documentation of sample sizes In all cases, the justification for the sample sizes chosen for testing should be documented. Choosing a sample Sample sizes should be chosen from across the whole financial year, up to the date of testing, to ensure that appropriate consideration is given to whether the control is in place and working effectively over this period. Identification of Errors If errors or uncertainties are identified within the controls testing undertaken an extended sample should be chosen for testing to focus further on the specific area of risk identified. . 9 49 Appendix B: Summary of Key Internal Financial Controls The following tables set out the key controls that PwC seek to understand and evaluate on an annual basis to support the external audit work under the Code of Audit Practice. The tables do not detail a complete list of all controls within the financial system and therefore it may be appropriate to supplement these with further controls to meet Internal Audit objectives. The tables cover the following areas:  Purchasing and payables/creditors;  Income receivable/debtors;  Payroll and pensions;  Fixed assets;  Cash/Treasury Management;  Housing and Council Tax Benefits;  Council Tax;  National Non-Domestic Rates;  General ledger maintenance;  Budgetary controls - including budget setting and monitoring; and  Car parks income. 10 50 Purchasing and payables/creditors Key Control Type of testing expected Appropriately authorised orders should be raised for all purchases. Review of orders to check for appropriate authorisation. Invoices received should be matched to orders and GRNs (where applicable) for accuracy and confirmation of receipt of the goods/service. Review of invoices against orders and GRNs. Invoices should be appropriately authorised. Review of invoices to check for appropriate authorisation. Invoices input into the system for payment should be checked for accuracy. Review of information recorded within the payments system back to the invoice to ensure accuracy of information recorded. BACS payments should be appropriately authorised. Review a sample of BACS runs to ensure they have been appropriately authorised. Creditor control accounts/purchasing system to general ledger system interfaces should be reconciled and all reconciling items should be identified, investigated and resolved on a timely basis. An independent review of the reconciliation should be performed on a timely basis. Review reconciliations to ensure they have been appropriately prepared and reviewed (and evidenced as such) on a timely basis. Agreement of system balances as noted on the reconciliation to prints from those systems. Testing of reconciling items to ensure these have been investigated and are appropriate reconciling items. Appropriate segregation of duties and restricted access should be ensured. Consideration of whether duties are appropriately segregated between those responsible for ordering and those responsible for payments. Review of access rights to the purchasing and payables system. Amendments to standing data (eg new vendors, suppliers’ details) should be appropriately authorised and accurately input on to the system. Obtain a list of amendments made to supplier’s details (from the system) and check against appropriate supporting documentation to confirm accuracy of change to data and that the change was appropriately authorised. Tendering procedures should be followed for all purchases above the limit set. Review of procedures and testing to ensure that procedures were followed. 11 51 Income receivable/debtors Key Control Type of testing expected Invoice requisitions should be appropriately authorised and raised in a timely manner. Review of invoice requisitions to check for appropriate authorisation. Invoices raised should be checked to invoice requisition to ensure accuracy and completeness of invoices raised. Check of invoices raised to invoice requisitions to agree value of invoice raised. Receipt of income should be reconciled to the amount banked. Review a sample of income reconciliations to ensure they have been appropriately completed and reviewed. Debtor control accounts/receivables system to general ledger system interfaces should be reconciled and all reconciling items should be identified, investigated and resolved on a timely basis. An independent review of the reconciliation should be performed on a timely basis. Review reconciliations to ensure they have been appropriately prepared and reviewed (and evidenced as such) on a timely basis. Agreement of system balances as noted on the reconciliation to prints from those systems. Testing of reconciling items to ensure these have been investigated and are appropriate reconciling items. Appropriate segregation of duties and restricted access should be ensured. Consideration of whether duties are appropriately segregated between those responsible for raising invoices and those responsible for recording income. Review of access rights to the receivables system. Refunds/credit notes should only be issued following the appropriate authorisation. Review of credit notes to check for appropriate authorisation. Appropriate procedures should be in place for monitoring the recoverability of aged debts. Document the procedures undertaken to recover aged debts. Reports used for the purposes of monitoring debts are accurately produced. Review of a sample of reports to check for accuracy. Bad debts should be written off after appropriate authorisation per the financial regulations. Testing of write-offs to confirm the appropriate authorisation was obtained prior to write-off. Testing of aged debts to ensure that appropriate procedures have been followed. 12 52 Payroll and Pensions Key Control Type of testing expected New starter forms should be appropriately authorised by management and completed by the HR department and employee (based on the employment contract) prior to input into the payroll system. Input of details into the payroll system should be checked for accuracy. Testing new starters per the system back to starter forms and employee contracts to confirm appropriate authorisation, the accuracy of the input into the system and appropriately completed supporting documentation exists. Leaver forms must be appropriately authorised and accurately input into the payroll system. Testing leaver forms to ensure that they have been correctly authorised and input into the payroll system. Amendments to standing data must be authorised by the employee and appropriate manager and accurately input into the payroll system Testing amendments per the system back to amendment forms to confirm the accuracy of the change on the system and that the amendments have been appropriately authorised. Payroll control accounts/payroll system to general ledger system interfaces should be reconciled and all reconciling items should be identified, investigated and resolved on a timely basis. An independent review of the reconciliation should be performed on a timely basis. Review reconciliations to ensure they have been appropriately prepared and reviewed (and evidenced as such) on a timely basis. Agreement of system balances as noted on the reconciliation to prints from those systems. Testing of reconciling items to ensure these have been investigated and are appropriate reconciling items. Payroll and pensions are appropriately authorised prior to payment. Testing monthly payrolls to ensure that they have been correctly authorised prior to payment. Managers should be asked to verify the completeness and accuracy of employee information on the payroll system on at least a quarterly basis. Review the positive pay returns issued and received, ensuring all have been received and action taken as appropriate. Appropriate segregation of duties and restricted access should be ensured. Consideration of whether duties are appropriately segregated between those responsible for inputting details and those authorising payments. Review of access rights to the payroll system. 13 53 Fixed assets Key Control Type of testing expected All capital additions should be appropriately authorised in accordance with procedures. Testing of capital additions to ensure appropriate authorisation has been obtained. All capital disposals should be appropriately authorised in accordance with procedures. Testing of capital disposals to ensure appropriate authorisation has been obtained. The fixed asset register is reconciled to the general ledger on a regular basis. The reconciliation should be signed and dated by the preparer as evidence of completion. An independent review of the reconciliation should be performed and evidenced by the reviewer (signature and date). Testing of the reconciliations between the fixed asset register and the general ledger. Restricted access to the fixed asset register should be ensured. Review of access rights to the fixed asset register. Capital expenditure should be monitored and controlled against budget. The budget set should be realistic and based upon appropriate assumptions. Review the processes in place for setting and agreeing the capital budget. Review the controls in place to monitor and control performance against the capital budget. 14 54 Cash and Treasury Management Key Control Type of testing expected Bank reconciliations for all bank accounts should be performed on a monthly basis and all reconciling items fully identified, investigated and resolved as necessary. The reconciliation should be signed and dated by the preparer as evidence of completion. An independent review of the reconciliation should be performed and evidenced by the reviewer (signature and date). Review reconciliations to ensure they have been appropriately prepared and reviewed (and evidenced as such) on a timely basis. Appropriate segregation of duties and restricted access should be ensured. Consideration of whether duties are appropriately segregated between those responsible for purchasing and those responsible for payments. Agreement of system balances as noted on the reconciliation to prints from those systems. Testing of reconciling items to ensure these have been investigated and are appropriate reconciling items. Review of access rights to the cash receipting system. 15 55 Housing and Council Tax Benefits Key Control Type of testing expected Claimant details are input correctly and the appropriate supporting information obtained. Test a sample of claimants and ensure their details have been correctly entered onto the benefits system and appropriate supporting evidence has been retained. Review the system in place for sample checking claims processed to ensure operating effectively. Backdated claims are supported by a backdating form and are subject to authorisation by the backdating officer to ensure this is performed in accordance with the rules. Test a sample of backdated claims and ensure appropriate evidence has been retained of the backdating officer’s review and that backdating was appropriately awarded. BACS payments should be appropriately authorised. Review a sample of BACS runs to ensure they have been appropriately authorised. Cheques should be appropriately authorised. Review a sample of cheque runs to ensure they have been appropriately authorised. All payments over the Council approved limit should be subject to independent review to ensure accuracy of the payment. Test a sample of payments exceeding the approved limit and ensure there is evidence of review. Overpayments are checked to ensure they have been accurately classified and calculated. Test a sample of overpayments to ensure correctly classified and calculated. Overpayments per the benefits system are reconciled to the debtors system. Test a sample of reconciliations between the benefits and debtors system to ensure overpayments have been correctly raised. The recovery of overpayments is monitored and action taken to collect debts. Review the process for monitoring overpayment recovery and ensure action is taken on a timely basis to collect debts outstanding. 16 56 Key Control Type of testing expected The benefits system is reconciled to the Council Tax and General Ledger systems on at least a monthly basis. Review reconciliations to ensure they have been appropriately prepared and reviewed (and evidenced as such) on a timely basis. Agreement of system balances as noted on the reconciliation to prints from those systems. Testing of reconciling items to ensure these have been investigated and are appropriate reconciling items. Appropriate segregation of duties and restricted access should be ensured. Consideration of whether duties are appropriately segregated between those responsible for inputting details and those authorising payments. Review of access rights to the benefits system. 17 57 Council Tax Key Control Type of testing expected The Council ensures the record of properties as per the Council Tax (CT) system reconciles to the list of properties notified to them by the Valuation Office. Test a sample of reconciliations between the CT system and the Valuation Office reports/notifications. CT exemptions/discounts are reviewed on a weekly basis to identify exemptions due for review in the next 7 days, exemptions which have no end date and exemptions passed their review date but which have not been reviewed. Test a sample of exemption reports and ensure evidence of review and appropriate follow-up of exceptions. There is a sample check of all CT processing. Review evidence of sample checking and ensure being performed. Reperform a sample of the checking to ensure being performed to the required standard. CT precepts per property band are input onto the CT system before the start of the financial year and reviewed for accuracy by a senior officer. Obtain evidence that the precepts entered onto the CT system have been evidenced as reviewed by a senior officer. Agree the precepts to those approved by the Council and notified by the parish and County Councils and Police Authority. A reconciliation of returned Direct Debits’ is performed against the value of reversals on the CT system. Test a sample of reconciliations and ensure there is evidence of review and follow-up and resolution of reconciling items. There is a daily reconciliation of cash receipts / cash postings / reversals against movement on outstanding debt. Test a sample of reconciliations and ensure there is evidence of review and follow-up and resolution of reconciling items. Refunds are authorised by a senior billing officer. Refunds over £1,000 must have a payment voucher authorised by the Head of Revenues. Test a sample of refunds and ensure appropriately authorised. The Council Tax system is reconciled to the General Ledger and benefits systems on at least a monthly basis. Review reconciliations to ensure they have been appropriately prepared and reviewed (and evidenced as such) on a timely basis. Agreement of system balances as noted on the reconciliation to prints from those systems. Testing of reconciling items to ensure these have been investigated and are appropriate reconciling items. 18 58 Key Control Type of testing expected Appropriate segregation of duties and restricted access should be ensured. Consideration of whether duties are appropriately segregated between those responsible for inputting details and those processing payments. Review of access rights to the council tax system. 19 59 National Non-Domestic Rates Key Control Type of testing expected The Council ensures the record of properties and their total rateable value as per the National Non-Domestic Rates (NNDR) system reconciles to the list of properties and total rateable value notified to them by the Valuation Office. Test a sample of reconciliations between the NNDR system and the Valuation Office reports/notifications. NNDR exemptions/discounts are reviewed on a weekly basis to identify exemptions due for review in the next 7 days, exemptions which have no end date and exemptions passed their review date but which have not been reviewed. Test a sample of exemption reports and ensure evidence of review and appropriate follow-up of exceptions. There is a sample check of all NNDR processing. Review evidence of sample checking and ensure being performed. Reperform a sample of the checking to ensure being performed to the required standard. The NNDR rateable value multiplier is put onto the NNDR system reviewed for accuracy by a senior officer. Obtain evidence that the multiplier entered onto the NNDR system have been evidenced as reviewed by a senior officer. Agree the multiplier used to notification received. A reconciliation of returned Direct Debits’ is performed against the value of reversals on the NNDR system. Test a sample of reconciliations and ensure there is evidence of review and follow-up and resolution of reconciling items. There is a daily reconciliation of cash receipts / cash postings / reversals against movement on outstanding debt. Test a sample of reconciliations and ensure there is evidence of review and follow-up and resolution of reconciling items. Refunds are authorised by a senior billing officer. Refunds over £1,000 must have a payment voucher authorised by the Head of Revenues. Test a sample of refunds and ensure appropriately authorised. The NNDR system is reconciled to the General Ledger system on at least a monthly basis. Review reconciliations to ensure they have been appropriately prepared and reviewed (and evidenced as such) on a timely basis. Agreement of system balances as noted on the reconciliation to prints from those systems. Testing of reconciling items to ensure these have been investigated and are appropriate reconciling items. 20 60 Key Control Type of testing expected Appropriate segregation of duties and restricted access should be ensured. Consideration of whether duties are appropriately segregated between those responsible for inputting details and those processing payments. Review of access rights to the NNDR system. 21 61 General Ledger Maintenance Key Control Type of testing expected All manual journals raised are appropriately authorised and input into the system. Testing of manual journals from the system back to supporting documentation to confirm accuracy of input. Testing of manual journals from supporting documentation to the system to confirm accuracy of input and completeness of processing. Access rights to the system should be reviewed regularly to ensure that the appropriate access levels have been given to the appropriate individuals and to allow segregation of duties. Review and testing of controls regarding setting of access rights and monitoring of these rights. Review of access rights to the general ledger. 22 62 Budgetary Control Key Control Type of testing expected Budgets should be approved prior to the start of the financial year and be based upon appropriate and reasonable assumptions. Review of the approval of the budget and the underlying assumptions. Budgets should be assigned to appropriate personnel and should be monitored regularly throughout the year. Review of procedures in place regarding budgetary control. Testing to ensure procedures are being followed, including discussion of procedures with budget holders and obtaining evidence to corroborate their explanations for variances against budget. Budgetary information should reconcile to the general ledger. Agreement of budget reports (including those presented to Members) back to the general ledger. 23 63 Car Parks Income Key Control Type of testing expected Cash collected from car park ticket machines is reconciled to that expected per the ticket machine records. Any significant differences are investigated. Review and testing of the reconciliation process across all of the Council’s car park ticket machines. Cash recorded within the bank statement matches that collected from the car park ticket machines. Review and testing of the reconciliation process between cash banked and that per the car park ticket machines. Car Park income is monitored against budget and between locations and machines. Review and testing of the car park income budget monitoring process. 24 64 In the event that, pursuant to a request which North Norfolk District Council has received under the Freedom of Information Act 2000, it is required to disclose any information contained in this proposal, it will notify PwC promptly and consult with PwC prior to disclosing such information. North Norfolk District Council agrees to pay due regard to any representations which PwC may make in connection with such disclosure and North Norfolk District Council shall apply any relevant exemptions which may exist under the Act to such information. If, following consultation with PwC, North Norfolk District Council discloses any such information, it shall ensure that any disclaimer which PwC has included or may subsequently wish to include in the information is reproduced in full in any copies disclosed. This document has been prepared for the intended recipients only. To the extent permitted by law, PricewaterhouseCoopers LLP does not accept or assume any liability, responsibility or duty of care for any use of or reliance on this document by anyone, other than (i) the intended recipient to the extent agreed in the relevant contract for the matter to which this document relates (if any), or (ii) as expressly agreed by PricewaterhouseCoopers LLP at its sole discretion in writing in advance. © 2012 PricewaterhouseCoopers LLP. All rights reserved. 'PricewaterhouseCoopers' refers to PricewaterhouseCoopers LLP (a limited liability partnership in the United Kingdom) or, as the context requires, other member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity. 65 Audit Committee 18 September 2012 Agenda Item No_____10________ Progress Report on Internal Audit Activity, April to September 2012 Summary: This report examines progress made between April and early September 2012 in relation to delivery of the Annual Audit Plan for 2012/13, and includes abbreviated management summaries in respect of the audit reviews which have been finalised in the course of this period. Conclusions: Adequate assurance levels have been awarded in respect of the three audits completed in the first five months of the financial year. It is further noted that the Annual Audit Plan has been subject to some rescheduling of assignments (the timing of 5 of the original 16 assignments featuring in the Plan have been revised), whilst job budgets for 3 reviews have been adapted to accommodate changes to audit scopes – all revisions were at the request of management. The Plan has also now been expanded to incorporate an additional audit of the new Revenues and Benefits Shared Services Partnership focusing on Data Transfer, Governance and Risk. Following discussions with management, this work is to be delivered in two phases. Phase 1 has already been undertaken and an audit letter was produced in July 2012 commenting on the data transfer arrangements. To date, we have been able to absorb the above changes to the Plan without any adverse impact on our ability to deliver all assignments within the financial year and hereby confirm that we are on schedule as we approach the half yearly stage. Recommendations: It is recommended that the Committee notes the outcomes of the three audits completed between April and August, together with recent amendments made to the Annual Audit Plan for 2012/13. Cabinet member(s): All All Wards: Contact Officer, telephone number, and e-mail: Sandra King, Head of Internal Audit 01508 533863 scking@s-norfolk.gov.uk 66 Audit Committee 18 September 2012 1. Background 1.1 The Annual Internal Audit Plan was approved by the Audit Committee on 6 March 2012. This report represents the first progress update on the Annual Audit Plan for 2012/13. 2. Amendments to the Annual Audit Plan 2.1 Following our previous report to the Committee in March, some changes to the Plan have occurred, all of which were initiated by management. The key changes to planned provisions have involved: 2.2 • Expansion of the Property Services audit to include extra focus on the Measured Term Contract for the provision of coastal repairs and other minor coastal works, which led to the job budget being increased from 14 to 19 days to afford coverage of this additional element. • In the course of formulating the 2012/13 Audit Plan in February 2012, the Corporate Leadership Team requested that an audit be developed to examine data verification and governance arrangements applying to the newly formed Revenues and Benefits Shared Services Partnership between North Norfolk District Council and the Borough Council of Kings Lynn and West Norfolk. Although the Audit Strategy for 2012/13 alluded to this fact, the Annual Plan approved by the Audit Committee in March 2012 did not contain specific provisions as such to undertake such an audit. As a result of meetings with management in April 2012, there has since been agreement to carry out this work by way of two phases. A budget of 14 days has been provided and so far, Phase 1 completed in July 2012 has utilised 2.5 days of those made available for this purpose. We envisage the second phase will be performed in September / October 2012. • The Corporate Leadership Team had further sought to reduce the job budgets in relation to 2 computer audits, namely reviews of the Cash Receipting Application and the Council’s IT Project Management arrangements. Having revisited the scopes of these two pieces of work, we have been able to commute the job budgets and still ensure that assurances can be produced, tailored to management’s specific requirements. • It has also proved necessary to re-schedule some of our assignments in order to secure maximum benefit from audit input and minimise disruption to service areas. The re-timetabling of planned work is noted in Appendix B to this report. The resultant revisions to the Plan have led to a 14 day increase overall in the total audit days to be delivered in 2012/13. The Audit Committee had approved 212 days in March 2012, whereas this figure has since risen to 226 days. 67 Audit Committee 18 September 2012 3. Delivery of Programmed Audit Work in accordance with the Revised Annual Audit Plan 3.1 As demonstrated in Appendix B, 80 days of programmed work had been completed at the time of writing this report. This figure equates to 35% of the revised audit planned days earmarked for completion in 2012/13. The status of individual audits can be summarised thus: • Three assignments have been completed and final reports issued (Audit Nos. NN/13/01, NN/13/02 and NN/13/03); • A draft report has been provided in relation to Audit No. NN/13/15 and management responses are currently awaited; • The audit fieldwork has been completed for 3 additional audits (Audit Nos. NN/13/04, NN/13/13 and NN/13/14) with corresponding draft reports imminent. • We have circulated the audit brief for Audit No. NN/1306 and should be commencing audit fieldwork shortly. • An ad-hoc review (Audit No. NN/13/17) has also been requested by the Corporate Management Team, which is being carried out in two stages. To date, Phase 1 has been finalised with an audit letter produced and circulated. 4. Outcomes of Work Undertaken 4.1 With reference to work completed between April and early September 2012, as mentioned above, we have been able to finalise three audits during this period and their respective management summaries are attached at Appendix C to the report. 4.2 In the case of the Property Services & Coastal Protection audit (Audit No. NN/13/01) and the Strategic Housing & Homelessness review (Audit No. NN/13/02), we were able to confirm that the adequate assurance levels awarded this year were consistent with the audit opinions provided the last time these areas were examined. In relation to the audit of Corporate Policy, Planning and Performance Management (Audit No. NN/13/03), this was the first time that we had analysed operational arrangements and it is pleasing to note that we were able to give an adequate assurance level to the provisions in place. 4.3 With reference to the additional audit commissioned by the Corporate Leadership Team applying to the Revenues and Benefits area, when carrying out Phase 1, we examined data transfer developments, in particular conducting verification checks on the accuracy and adequacy of the data transfer from the existing North Norfolk District Council Civica Revenues and Benefits System to a new OpenRevenues (Civica) platform, which in the future will be used jointly as part of the overall partnership arrangements. Although our audit comprised high level verification of systems totals and did not include looking at individual accounts / account balances, we have been able to conclude that: • Data integrity checks have been applied to all systems parameters appearing on Civica with any discrepancies fully investigated. 68 Audit Committee 18 September 2012 • Data integrity checks have been applied to all systems parameters following transfer of North Norfolk District Council data to the OpenRevenues system, before going live, with any discrepancies fully investigated. • Aged debt balances should be agreed between North Norfolk District Council and the Borough Council of Kings Lynn and West Norfolk before transfer of data as part of the former merger. • Documentary evidence should be retained in support of all integrity checks, including evidence of independent check and agreement of outcomes from both North Norfolk District Council and the Borough Council of Kings Lynn and West Norfolk. • The Steering Group should sign off all agreed balances. We are intending as part of our work in relation to Phase 2 to evaluate the status of the Partnership, including governance arrangements and an overview of IT provisions. The Phase 1 letter was issued to management in July 2012. 5. Conclusion 5.1 Good progress has been made with the delivery of the Audit Plan to date, and all current work scheduled is underway as expected. 6. Recommendation 6.1 That members note the outcomes of the three completed audits and the recent amendments made to the Annual Audit Plan for 2012/13. Appendices attached to this report: Appendix B – Review Work delivered in accordance with the Annual Audit Plan for 2012/13 plus Ad-Hoc Work requested by Management Appendix C – Abbreviated Management Summaries of Completed Audit Assignments Appendix C (1) NN/13/01 Property Services and Coastal Protection Appendix C (2) NN/13/02 Strategic Housing and Homelessness Appendix C (3) NN/13/03 Corporate Policy, Planning and Performance Management 69 Appendix A Review Work delivered in accordance with the Annual Audit Plan for 2012/13 plus Ad-Hoc Work requested by Management Audit No. Description of Audit Frequency of Audit Coverage Original Days Planned Revised Days Planned Days Delivered Scheduling PLANNED SYSTEMS AUDIT WORK NN/13/01 Property Services and Coastal Protection 3-yearly 14 19 19 May NN/13/02 Strategic Housing and Homelessness 2-yearly 15 15 15 July NN/13/03 3-yearly 10 10 10 July NN/13/04 Corporate Policy, Planning and Performance Management Procurement 3-yearly 12 12 10.5 August NN/13/05 Partnerships 3-yearly 7 7 NN/13/06 Leisure Complexes, Sports, Arts and Entertainment, Pier Pavilion 3-yearly 10 10 1 September October September NN/13/07 Council Tax and NNDR 2-yearly 20 20 NN/13/08 Payroll, Human Resources, Expenses 2-yearly 19 19 NN/13/09 Housing Benefit CTB 2-yearly 20 20 November early December 2-yearly Annually Annually 15 10 9 15 10 9 December January February Annually 8 169 8 174 55.5 32% Ad-hoc request 10 8 7 August NN/13/10 NN/13/11 NN/13/12 Exchequer Services - Creditors etc Work to support the AGS Corporate Governance and Risk Management Systems Audit Follow Up TOTAL PLANNED SYSTEMS AUDIT WORK PLANNED COMPUTER AUDIT WORK NN/13/13 Cash Receipting Application Project Management 3-yearly 10 7 6 August NN/13/15 Data Centre, Back Up, Disaster Recovery 3-yearly 10 10 9 NN/13/16 Cedar Financial Application 3-yearly 9 9 September July October Late February Annually 4 43 4 38 22 58% 212 212 77.5 37% TOTAL PLANNED WORK Complete Final Report issued 10 August 2012 Complete Final Report issued 10 August 2012 Complete Final Report issued 23 August 2012 Audit Fieldwork completed. Draft Report imminent. Audit Brief issued and fieldwork scheduled to start 17 September 2012. October November November NN/13/14 Computer Audit Follow Up TOTAL PLANNED COMPUTER AUDIT WORK Status 70 Audit Fieldwork completed. Draft Report imminent. Audit Fieldwork completed. Draft Report imminent. Draft Report issued 22 August 2012. Assurance Level applicable Summary Report Details presented to Members Adequate Audit Committee 18 September 2012 Audit Committee 18 September 2012 Audit Committee 18 September 2012 Adequate Adequate Audit No. Description of Audit EXTRA WORK REQUESTED NN/13/17 Revenue and Benefits Partnership - Data Transfer, Governance and Risk Frequency of Audit Coverage Original Days Planned Revised Days Planned Days Delivered Scheduling Status Assurance Level applicable Summary Report Details presented to Members Ad-hoc request 0 14 2.5 Phase 1 June Phase 1 - Letter produced 13 July 2012. Phase 1 - Not Applicable Not Applicable Phase 2 - Audit Brief issued 15 June Phase 2 - 2012 but final timetabling of work has yet September / to be confirmed with management. October TOTAL OF EXTRA WORK UNDERTAKEN GRAND WORK TOTAL 0 14 2.5 18% 212 226 80 35% 71 Management summaries in respect of completed audit assignments Appendix C (1) Report No. NN/13/01 – Final Report issued 10 August 2012 Audit Report on Property Services and Coastal Protection Audit Opinion Adequate Assurance given Rationale supporting award of opinion The audit work carried out by Internal Audit indicated that: • While there is a basically sound system of internal control, there are weaknesses, which put some of the client’s objectives at risk. • There is evidence that the level of non-compliance with some of the control processes may put some of the client’s objectives at risk. • This opinion is reflective of the five medium priority and two low priority recommendations raised, including three medium and one low priority recommendations relating to coastal protection • The level of assurance has not changed since the previous audit. Summary of Findings Property Services The Council has an Asset Management Plan, which contains the strategy in place over the Council’s property portfolio. This is supported by subsidiary policies such as the Disposal, Investment and Acquisition Policy and the Community Asset Transfer Policy. Key tasks and priorities are currently indentified and documented within a timetable. When the Concerto system is introduced within the Valuations Service, which is scheduled by the end of July 2012, tasks can be entered into the system’s timetable, which will produce reminders when they require completion. Acquisitions and disposals are appraised in line with the Disposal, Investment and Acquisition Policy. We identified one acquisition where no documentation was available to confirm the reasoning behind the acquisition or that approval for the acquisition had been obtained in line with laid down policy. New leases and lease renewals were found to have been appropriately authorised. However, we noted that lease details had not been notified to other departments (e.g. Sundry Income, NNDR) in a timely manner. Properties are promptly re-let upon becoming vacant. The Council offers concessionary rents or rent-free periods to tenants where works or repairs are required on the property and are being paid for by the tenant. Rental deposits are considered by the service on a case by case basis where the service considers it prudent to do so. End of tenancy inspections are conducted. Depending upon the type of property or repair, any identified repairs are either recharged to the tenant or paid for by the Council. Condition surveys are undertaken on a five-year rolling programme, with results collated into a spreadsheet from which maintenance issues are programmed. The 2012/13 maintenance 72 programme was not in place at the time of the audit, although was being redrawn as the original draft had been lost due to file corruption. Assurance within the audit was gained from the 2011/12 survey records in so far as evidence of maintenance works required could be identified. Commercial properties owned by the Council are insured through a policy with Zurich Municipal. Property Valuation Council properties are re-valued every five years. A schedule is in place to help ensure that all properties are valued at least once within this period. Valuations have been undertaken by the Estates and Valuation Manager and by Norfolk Property Services (NPS) for 2012/13. Valuation Reports are received to provide assurance that valuations have been conducted and the asset register is updated accordingly. Performance Information Performance targets are in place and are documented within the Asset Management Plan and the Performance Management System (TEN). Performance had not been updated within TEN for 2012/13. Performance has been updated within the Asset Management Plan to December 2011. Risk Management Risks are documented within the Asset Management Plan and in TEN. The status of risks had not been updated for 2012/13. Coastal Protection Key responsibilities are set down within the contract for the MTC. The Coastal Engineer has been appointed as the Contract Administrator, with the Property Project and Programme Manager having been appointed the Construction Design and Management Coordinator. We ascertained the proposed contract monitoring arrangements during the audit. Contract meetings are to be undertaken on a monthly basis as set down within the contract. The Council intends to monitor health and safety and the general operation of works, however, monitoring arrangements and mechanisms for doing so, including those for reporting outcomes of key performance indicators (KPIs) listed in the contract, have not been formally documented within a formal contract monitoring manual. Contract variations are to be issued where individual works exceed £7,500, as detailed in the contract, and are to be raised by the Coastal Engineer and authorised by the appropriate Head of Service. However, there is confusion over this limit with supporting approval documentation stating this limit is £7,000. Contract variations are however expected to be the exception rather than the rule. A payments process is set down within the contract. The contractor is to provide a day worksheet stating the costs of labour, plant and materials, providing receipts for all materials used. These will be checked and authorised by the Coastal Engineer in order to monitor costs. 73 The following number of recommendations has been raised: Area of Scope Adequacy and Effectiveness Assessments Adequacy of Controls Effectiveness of Controls Recommendations Raised Property Services Green Amber High 0 Property Valuation Green Green 0 0 0 Performance Information Green Amber 0 1 0 Risk Management Green **Amber 0 0 0 Coastal Protection Green Amber 0 3 1 0 5 2 Total **Recommendation raised within ‘Performance Information’. High Priority Recommendations No high priority recommendations have been raised as a result of this audit. Management Responses Management have accepted the recommendation raised. 74 Medium 1 Low 1 Appendix C (2) Report No. NN/13/02 – Final Report issued 10 August 2012 Audit Report on Strategic Housing and Homelessness Audit Opinion Adequate Assurance given Rationale supporting award of opinion The audit work carried out by Internal Audit indicated that: • While there is a basically sound system of internal control, there are weaknesses, which put some of the client’s objectives at risk. • There is evidence that the level of non-compliance with some of the control processes may put some of the client’s objectives at risk. • This opinion results from the fact that we have raised one medium priority recommendation. It is also based on the fact that all components of the Housing Strategy have yet to be completed thus limiting our assessment of the overarching policies governing this area. • The level of assurance has remained the same since the previous audit. Summary of Findings Homelessness Assessments on homelessness applicants have been completed in 33 days, in line with the Council’s Homelessness Policy and government legislation. Applications that are determined as ‘Full Duty’ are independently approved. Homeless residents are housed within temporary accommodation where required, effectively in bed and breakfast accommodation. Occupancy of temporary accommodation is monitored. We established that not all lease agreements had been signed by the tenant to confirm acceptance of repayment of accommodation rent and service charges. Claims for housing benefits are made in a timely manner to cover rent costs. Invoices for rent are received following occupancy, which typically cover the period of a week and are approved and paid through the creditors system. Monitoring of the prevention of homelessness is undertaken through the submission of statistics via the P1E return to the Department for Communities and Local Government (DCLG). Financial assistance is provided for rent deposits or advances. The total outstanding debt for temporary accommodation charges as at 5th July 2012 amounted to £50,862.30. This includes debts dating back to 2007. Recovery action is being pursued to recover these outstanding payments, albeit with minimal repayments, due to the hardship of the debtors. The Council has introduced a new agreement for loan awarding and repayment to help to provide a more secure basis for the recovery of assistance. As this is a new control, we were not able to fully test its effectiveness. This will be reviewed in detail during the next audit undertaken on this area. 75 Management of Housing Register Applications are checked to help to confirm that only eligible applicants are present on the Housing Register. All eligible applicants are provided with a banding. Applicants who are to be assigned a Band One or Band Two rating are subject to approval by a senior officer. Applicants are made aware of their housing options at the point of application and during any subsequent contact whether in person or over the phone and this is supplemented through newsletters and through information present on the Council’s website. Access to the LOCATA system is restricted by password prompt with user restrictions applied to each account. Properties are let through shortlists. These are allocated through the LOCATA system by Registered Social Landlords under the conditions of the Your Choice Your Home Policy and are monitored by the Council. Strategic Housing The Council is producing a Housing Strategy. The strategy is to take the form of three documents covering different aspects of the service. The Council has completed the strategy document relating to Housing and Infrastructure. The document was approved by Cabinet on 11 June 2012 and by Full Council on 25 July 2012. The remaining two documents relate to the Council’s approach to existing housing stock and the approach for supporting residents to live independently. Two service plans are in place for the Housing Service relating to Housing Needs and Housing Enabling. Targets and activities for completion during the year and progress against these have been included within the service plan and are due for completion. Strategic action points included within the Housing Strategy Action Plan have yet to be incorporated into the service plan within the Performance Management System (TEN). The Head of Financial Services has confirmed that this will be actioned, following approval of the Housing Strategy, as part of the corporate arrangements as confirmed in the audit of Corporate Policy, Planning and Performance Management (NN/13/03). Performance Information Performance measures are in place for the service, which are reported through TEN. Council has met performance targets during the previous 12 months. The Risk Management Risks for Strategic Housing and Homelessness have been included within the service plan. Mitigation plans are in place and have been monitored. 76 The following number of recommendations has been raised: Area of Scope Adequacy and Effectiveness Assessments Adequacy of Controls Effectiveness of Controls Recommendations Raised Homelessness Green Amber High 0 Management of Housing Register Green Green 0 0 0 Strategic Housing Green Green 0 0 0 Performance Information Green Green 0 0 0 Risk Management Green Green 0 0 0 0 1 0 Total High Priority Recommendations No high priority recommendations have been raised as a result of this audit. Management Responses Management have accepted the recommendation raised. 77 Medium 1 Low 0 Appendix C (3) Report No. NN/1303 – Final Report issued 23 August 2012 Audit Report on Corporate Policy, Planning and Performance Management Audit Opinion Adequate Assurance given Rationale supporting award of opinion The audit work carried out by Internal Audit indicated that: • While there is a basically sound system of internal control, there are weaknesses, which put some of the client’s objectives at risk. • There is evidence that the level of non-compliance with some of the control processes may put some of the client’s objectives at risk. This opinion results from the fact that we have raised one medium recommendation and that the new performance monitoring arrangements are still in their infancy, which resulted in some controls not being able to be fully assessed. • Summary of Findings Corporate Plan/Performance Management An Annual Action Plan 2012-13 is in place, which links to the priorities detailed in the Corporate Plan 2012-2015. Action plans have been entered into the Performance Management System (TEN) with responsible officers being assigned for each action plan activity. The Performance Management Framework provides structures by which the priorities and actions within the Corporate Plan can be monitored. Resource requirements have been considered by the Corporate Leadership Team (CLT) and officers during the planning of the Annual Action Plan. Consideration of financial resources required to meet the Corporate Plan has been incorporated into the Council’s budget setting process. As monitoring processes have not commenced and thus testing could not be undertaken, the effectiveness of the planning process cannot be determined. Reporting and monitoring processes set down within the Performance Management Framework allow for issues relating to resources or the ability to meet targets to be identified with action taken as required. Data collection arrangements are in place within the Council. The Policy and Performance Management Officer aided members of staff in producing robust data collection methods, including templates for the collection of data. The Policy and Performance Management Officer confirms that performance targets have been updated prior to performance information being reported to Performance and Risk Management Board. Validation of performance data is not currently undertaken within the Council outside of the checks undertaken by Internal Audit, within service reviews through delivery of the annual audit plans. Reporting against targets for 2012/13 had yet to take place due to the infancy of reporting the new arrangements, and given that training on the new arrangements was still being rolled out at the time of our audit. As such, no testing could be undertaken on reporting of performance as 78 part of this audit, although checking of performance management is included as standard for all system based audits and will continue to do so throughout delivery of the 2012/13 audit plan. Risk Management Risks have been identified within the Corporate Risk Register and within the TEN service summaries. Mitigation plans have been put in place within the Corporate Risk Register and TEN service summaries. The following number of recommendations has been raised: Area of Scope Adequacy and Effectiveness Assessments Adequacy of Controls Effectiveness of Controls Recommendations Raised Corporate Plan / Performance Management Green Amber High 0 Risk Management Green Green 0 0 0 0 1 0 Total High Priority Recommendations No high priority recommendations have been raised as a result of this audit. Management Responses Management have accepted the recommendation raised. 79 Medium 1 Low 0 Agenda Item 12 AUDIT COMMITTEE WORK PROGRAMME 2012 - 2013 SEPTEMBER 2012 PWC PWC 2011/12 Annual Governance report (ISA260) DECEMBER 2012 MARCH 2013 JUNE 2012 Annual Audit Letter (PWC) Audit Plan (PWC) Annual Grant Certification Report Half yearly progress reports on the overall performance of the audit contract Quarterly Summaries of completed audits Annual Review of the Effectiveness of Internal Audit Report on follow-up work Audit Plan Annual Report and Opinion Protocol for liaison between internal and external auditors Internal Audit Quarterly Summaries of completed audits Status of agreed actions NNDC Statement of Accounts (+ informal training) Business Continuity Plan Review Business Continuity Risk Monitoring Officer’s Report Business Continuity Review Local Code of Corporate Governance and Action Plan – update Annual Governance Statement 2012/13 – update Corporate Risk Register Business Continuity Plan Review 80