Part One
ITEM NO.7
REPORT OF THE STRATEGIC DIRECTOR OF CUSTOMER & SUPPORT SERVICES
TO THE: BUDGET & AUDIT SCRUTINY - AUDIT SUB COMMITTEE
ON Monday, 17 January, 2005
TITLE: REPORTS ISSUED AUGUST TO NOVEMBER 2004
RECOMMENDATIONS:
Members are asked to note the contents of the report.
EXECUTIVE SUMMARY:
The purpose of this report is to inform members of the internal audit activity undertaken by
the Audit & Risk Management Unit for the period August to November 2004 inclusive.
BACKGROUND DOCUMENTS:
(Available for public inspection)
Various reports and working papers.
ASSESSMENT OF RISK:
Internal Audit projects are managed within the Unit’s risk based audit protocols aimed at
giving assurance regarding the management of the City Council’s key business risks.
SOURCE OF FUNDING:
Existing revenue budget.
COMMENTS OF THE STRATEGIC DIRECTOR OF CUSTOMER AND SUPPORT SERVICES
(or his representative):
1. LEGAL IMPLICATIONS
Provided by: Head of Law & Admin
2. FINANCIAL IMPLICATIONS
Provided by: Head of Finance
PROPERTY (if applicable): N/A
HUMAN RESOURCES (if applicable): N/A
CONTACT OFFICER:
Andrew Waine Audit Manager
Tel: 0161 793 3357
Email: andrew.waine@salford.gov.uk
WARD(S) TO WHICH REPORT RELATE(S): N/A
KEY COUNCIL POLICIES: N/A
DETAILS: See report attached.
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Education & Leisure
Subject
PART TWO
Westwood Park Community Primary School
Commencement
06/2004
Date
Issued Date
Report
Number
2580
09/2004
Scope
Westwood Primary School is a City of Salford Community Plus school. The School is
located on Vaughan Street, Eccles, and currently has a pupil roll of 310, including 38
nursery children.
The standard objectives of the audit of a school have been determined to provide an
independent appraisal of the adequacy of controls in key functional processes that
operate within the school, these being:
 Financial Management
 Financial Administration
 Employee and Asset Management
 Pupil Welfare.
Internal Auditor’s Opinion
The audit concluded that the majority of the risks reviewed during the audit were
adequately controlled. However, the audit identified a number of areas where
improvements to the existing internal control environment are required. The more
significant of these are noted below:
Main Recommendations
The signatories for the school bank
accounts are not reviewed and approved by
the Governing Body on an annual basis.
The scheme of financial delegation is not
reviewed and approved by the Governing
Body on an annual basis.
Management
Response
Agreed. This matter
will be raised as an
official agenda item
at the next
Governing Body
meeting to be held
on the 9th September
2004.
As above
Implementation
Date
9th September
2004.
9th September
2004.
3
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE

Directorate
Education & Leisure
Subject
PART TWO
Report
Number
St Paul’s CE Primary School
Commencement
05/2004
Date
Issued Date
2582
09/2004
Scope
The standard objectives of the audit of a school have been determined to provide an
independent appraisal of the adequacy of controls in key functional processes that
operate within the school, these being:
 Financial Management
 Financial Administration
 Employee and Asset Management
 Pupil Welfare
Internal Auditor’s Opinion
The audit concluded that the majority of the risks reviewed during the audit were
adequately controlled. However, the audit identified a number of areas where
improvements to the existing internal control environment are required. The most
significant of these were as follows:
 The signatories for the school bank accounts are not reviewed and approved by
the Governing Body on an annual basis
 The scheme of financial delegation is not reviewed and approved by the
Governing Body on an annual basis
 The school currently maintains no inventory record.
Main Recommendations
Bank account signatories should be
approved annually by the Governing Body.
The scheme of financial delegation should
be approved annually by the Governing
Body.
An inventory should be compiled for all
items over £100 in value and reviewed
annually.
Management
Response
Agreed. To be
included on agenda
for next meeting.
Agreed. To be
included on agenda
for next meeting.
Agreed.
Implementation
Date
December
2004.
December
2004.
Spring 2005.
4
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE

Directorate
Education & Leisure
Subject
PART TWO
Moorside Primary School - PIR
Commencement
07/2004
Date
Issued Date
Report
Number
2444A
09/2004
Scope
The purpose of this review was to revisit the recommendations and Action Plan that
were contained in the recent audit report and to assess the progress made towards
their implementation.
Internal Auditor’s Opinion
We are pleased to report that the audit review concluded that action required to
address significant risks had been taken and all agreed recommendations had been
implemented.
5
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Education & Leisure
Subject
PART TWO
Report
Number
The Albion High School
Commencement
09/2004
Date
Issued Date
2634
11/2004
Scope
The standard objectives of the audit of a school have been determined to provide an
independent appraisal of the adequacy of controls in key functional processes that
operate within the school, as follows:
 Financial Management
 Financial Administration
 Asset Management
 Pupil Welfare
 Contracted/Traded Services.
Internal Auditor’s Opinion
The audit review found that adequate controls were in place and operating effectively
in most areas reviewed, however the audit did highlight 16 areas requiring attention
to enhance the control environment. The more significant of these are detailed below:
 The school fund has not been audited recently, nor has a statement of account
been provided to the Governing Body for review
 The Governing Body do not currently approve the Scheme of Financial
Delegation on an annual basis
 A review of the inventory and processes for maintaining it, revealed a number of
weaknesses regarding its completeness, storage and independent review
 At the time of the audit, the School was not registered with the Data Protection
Registrar
 The audit review identified a payment for building works carried out at the School,
which had not been processed via the Authority and the Construction Industry
Scheme.
Main Recommendations
In relation to the school fund, the following
should be carried out:
 The School should create a mission
statement, detailing the objectives for the
school fund account. The Mission
Statement should be approved by the
Governing Body, and this approval noted
in the minutes of the respective meeting
 The school fund account should be
independently audited on an annual
basis
Management
Response
Mission statement
created, and school
fund audit to be
carried out.
Statement will be
presented at the
next Governors
meeting and
minuted.
Implementation
Date
th
30 November
2004.
6

A statement of income and expenditure
should be presented to the Governing
Body on an annual basis, and noted in
the minutes of the meeting.
The Governing Body should approve the
Scheme of Financial Delegation on an
annual basis, and this approval should be
recorded in the minutes of the respective
meeting.
The School needs to tighten controls
surrounding its inventory processes, to
ensure that the inventories accurately
reflect the school stock.
 The inventory should be updated to
include purchase dates for items
recorded
 A target date should be set for the
annual update of inventories, and upon
their return, the Headteacher, or a
delegated member of staff, should
review the inventory for completeness,
and sign and date the inventory as a
record of satisfactory review
 The security of the inventories should be
maintained at all times. Inventories
should be stored in locked, fireproof
cabinets or the school safe.
The School should register with the
Information Commissioner's Office as a
Data Controller.
All payments for building works carried out
should be processed via CIS, irrespective
of the contractor or who recommends the
contractor, in order to ensure tax fraud is
avoided.
Already actioned copy supplied to the
auditor.
27th September
2004.
Agreed - Target date
set for update of
inventories. Staff
notified of need for
secure storage
facility for
inventories.
30th November
2004.
Agreed –
Registration will be
completed via the
internet.
Agreed - All future
payments for
building works to be
processed via CIS
30th October
2004.
18th October
2004.
7
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE

Directorate
Education & Leisure
Subject
PART TWO
Report
Number
Radclyffe Primary School
Commencement
06/2004
Date
Issued Date
2576
10/2004
Scope
The standard objectives of the audit of a school have been determined to provide an
independent appraisal of the adequacy of controls in key functional processes that
operate within the school, those being:





Financial Management
Financial Administration
Asset Management
Pupil Welfare
Contracted Services.
Internal Auditor’s Opinion
The audit concluded that although some of the key risks are adequately controlled,
some improvements are required to the existing internal control environment.
The most significant areas requiring attention are:
 Documentary evidence was not available to confirm that the Governing Body
reviews and approves the School’s bank account signatories on an annual basis
 The two school fund bank accounts are not reconciled on a regular basis. An
annual statement of account is not prepared and subsequently independently
audited
 The Scheme of Financial Delegation is not reviewed and approved by the
Governing Body on an annual basis
 Authorisation of some orders, prior to being placed with suppliers, had not been
undertaken by the nominated officer.
Main Recommendations
The School Governors should review and
approve the School's bank account
signatories on an annual basis. This review
should be documented in the minutes of the
meeting.
The school fund accounts should be
reconciled on a monthly basis and a
statement of accounts produced on an
annual basis. Once this has been
undertaken, the accounts should be
Management
Response
This will be raised at
the next meeting of
the Governing Body
and agreement
sought. This will
then become a
standard item on the
Autumn meeting
agenda.
Monthly
reconciliations will
be performed and
signed-off by the
Headteacher. The
Implementation
Date
31st October
2004.
30th September
2004.
8
independently audited and reported to the
Governing Body.
The School Governors should review and
approve the scheme of financial delegation
on an annual basis. This review should be
documented in the minutes of the meeting.
School Clerk will
produce an annual
statement of account
under the direction
of the School’s
Education
Accountant. This will
then be presented to
the Board of
Governors at the
Autumn meeting.
The Chair of the
Finance Committee
will be requested to
perform an
independent audit of
the school fund
account.
This will be raised at
the next meeting of
the Governing Body
and agreement
sought. This will
then become a
standard item on the
Autumn meeting
agenda.
31st October
2004.
9
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE

Directorate
Education & Leisure
Subject
PART TWO
Report
Number
Cadishead Primary School
Commencement
05/2004
Date
Issued Date
2544
10/2004
Scope
The standard objectives of the audit of a school have been determined to provide an
independent appraisal of the adequacy of controls in key functional processes that
operate within the school, those being:




Financial Management
Financial Administration
Asset Management
Pupil Welfare
Internal Auditor’s Opinion
The audit concluded that the majority of the risks reviewed during the audit were
adequately controlled.
However, the audit identified a number of areas where improvements to the existing
internal control environment are required:
 The signatories for the school bank account mandates are not approved by the
Governing Body on an annual basis
 Financial delegation is not approved by the Governing Body on an annual basis
 An independent annual audit of the school fund is not performed
 Reports of the school fund expenditure are not submitted to the Governors on an
annual basis
 Calculation/costing sheets could not be located for recent and forthcoming trips
 The majority of orders placed by the School had not been approved by the
nominated person.
A number of omissions from the Governors Annual Report to Parents and the School
Prospectus were identified at the time of the audit review. However, both documents
were subsequently revised to include the omitted items, in order to meet the DfES
requirements, during the course of this review.
Main Recommendations
Verification of the signatories being
approved by the Governing body should be
obtained annually with any such verification
minuted.
The Governing body should review and
approve the scheme of financial delegation
on an annual basis. This should be minuted
as an official agenda item.
Management
Response
This was obtained at
the Governors
meeting on the 28th
June 2004 and
appropriately
minuted.
This was obtained at
the Governors
meeting on the 28th
June 2004 and
Implementation
Date
Implemented
end of June
2004.
Implemented
end of June
2004.
10
Arrangements should be made for the
school fund annual statement of account to
be independently audited. Once this has
been undertaken, it should be performed on
an annual basis. It is also recommended
that payee details are recorded in the
cashbook.
The full annual statement of accounts for
the school fund should be reported to the
Governing body on an annual basis. This
review should be documented within the
minutes of the meeting.
The use of a calculation/costing sheet
should be introduced and completed and
retained for each school trip. These should
be reviewed and certified by the Head
Teacher as evidence of his approval of the
costing and the contingency used for any
shortfall in funds.
All orders should be authorised by the Head
Teacher prior to orders being placed with
suppliers.
appropriately
minuted.
This was raised at
the Governors
meeting at the end
of June 2004 and
arrangements have
been made for the
accounts to be
audited on an
annual basis at the
summer Governors
meeting. Payee
details will be
recorded in the
cashbook.
This was raised at
the Governors
meeting at the end
of June 2004 and
appropriately
documented.
The school’s
calculation/costing
pro-forma will be
reviewed and
amended to contain
the requisite level of
detail.
At the staff meeting
held on the 28th June
2004, all staff were
reminded that all
orders must be
authorised by the
Head Teacher for
curriculum items.
Implemented
end of June
2004.
Implemented
end of June
2004.
End of
September
2004.
With immediate
effect.
11
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Chief Executive
Subject
PART TWO
Report
Number
European Funding
Commencement
09/2004
Date
Issued Date
2639
11/2004
Scope
Following a management request, we conducted a review of the European Social
Fund grant claim. This work was carried out between the 14th and the 17th of
September 2004. The claim is based on the approval letter from Government Office
North West dated 6th August 2001, under programme number 99GB053PO003 and
project number 011099NW3. The funding was to support the Local Labour Initiative
programme that was designed to help unemployed people back into the workplace.
Internal Auditor’s Opinion
Our review revealed that there were a number of weaknesses within the control
procedures which operated at the time this project was running, during the financial
years 2001/2 and 2002/3.
The main areas of concern were:
 Beneficiary Records – eligibility checks were not accurately recorded and
timesheets were not properly certified.
 Financial Control – there was no running record kept of total project
expenditure.
 Organisation and Project Overview – we were unable to determine the success
or otherwise of the Project as there was no defined performance measurements
put in place.
These weaknesses had been previously highlighted by Auditors from the
Government Office for the North West during their visit on the 15th and 16th of April
2004
The control weaknesses identified have lead to a long delay in receiving the grant
claim monies. A delay in the receipt of income is obviously a key risk for the
Authority.
Main Recommendation
Internal Audit will review the current
procedures over European Grant Claim
monies to ensure the above control
weaknesses have now been rectified.
Management
Response
Agreed.
Implementation
Date
2005/2006
Internal Audit
plan
12
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE

Directorate
Education & Leisure
Subject
PART TWO
Report
Number
Summerville Primary School
Commencement
07/2004
Date
Issued Date
2581
09/2004
Scope
The standard objectives of the audit of a school have been determined to provide an
independent appraisal of the adequacy of controls in key functional processes that
operate within the school as follows:
 Financial Management
 Financial Administration
 Asset Management
 Pupil Welfare
 Contracted/Traded Services
Internal Auditor’s Opinion
The audit review found that adequate measures are in place to control the majority of
risks within the areas examined. However, the review highlighted a number of areas
that could be improved with some additional controls, including two significant issues
requiring more urgent action:
 There is no inventory of the school’s assets, with the exception of the IT
equipment
 The Headteacher does not regularly review and initial the School, Fund cashbook
records of income and expenditure, and provide documentary evidence of such a
review having been performed.
Main Recommendations
The school should compile and maintain a
continuous record of its significant assets.
The Headteacher should initial the income
summary and examine supporting
documentation, and record her signature to
denote such control has taken place.
Management
Response
Agreed.
Agreed.
Implementation
Date
September
2004.
September
2004.
13
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Education & Leisure
Subject
PART TWO
Report
Number
St Paul’s Peel CE Primary School PIR
Commencement
06/2004
Date
Issued Date
2466A
09/2004
Scope
In January 2004, Internal Audit conducted an audit of St. Paul’s Peel Primary School
and as a result, audit report reference 2466/EDU/03, was issued.
The purpose of this review was to revisit the recommendations and Action Plan that
were contained in the above report, and to assess the progress made towards their
implementation.
Internal Auditor’s Opinion
The review found that some of the actions required to address significant risks had
been taken. However, nine recommendations remain unresolved and the two main
areas are detailed below.
It is noted that actions are planned by the school to address some these areas in the
near future.
Main Recommendations
The School should consider acquiring a
safe in order to improve the current
arrangements regarding the secure storage
of income and chequebooks.
The School should consider re-compiling its
inventory records to ensure up-to-date
accuracy. This should then be reviewed
annually, with spot checks to ensure items
remain on the premises. The record should
be signed/dated accordingly.
Management
Response
Agreed. A safe
is to be
obtained.
Agreed. The
School will recompile.
Implementation
Date
Not implemented.
The Headteacher
confirmed that they
are currently in the
process of buying
one.
Not implemented.
The Headteacher
confirmed that this
would be completed
by the end of July
2004.
14
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Education & Leisure
Subject
Godfrey Ermen CE Memorial Primary School
PIR
Commencement
03/2004
Date
PART TWO
Issued Date
Report
Number
2371A
09/2004
Scope
A policy of Post Implementation Review (P.I.R) has been formalised by Internal
Audit, with the review being in the form of a follow-up visit to a previous audit. The
principle aim is to provide assurance that all agreed recommendations have been
implemented. The previous audit at Godfrey Ermen Memorial CE Primary School
was undertaken in July 2003.
The P.I.R review was undertaken prior to the departure of the current Headteacher,
Mrs. J. Dunnet, to provide assurance that all recommendations previously accepted
had been implemented before the new Headteacher’s arrival.
Internal Auditor’s Opinion
The Post Implementation Review concluded that adequate measures are now in
place to mitigate the key risks within most of the areas previously identified requiring
control improvements.
However there were three of the original recommendations that had not been
implemented, or fully implemented, at the time of this review. These are detailed
below.
Main Recommendations
Management Response
An annual spot check of the Inventory
should be performed and appropriately
signed and dated by the designated
member of staff in the Inventory.
The ITC Co-ordinator
has undertaken a review
of the Inventory. This has
been evidenced by the
recording of their
signature and date within
the relevant records.
This will now be carried
out on an annual basis.
Minor incident reports
are now signed
appropriately.
Agreed. All DfES
requirements are to be
included within the next
publications. The School
Prospectus has now
been updated and the
Governors’ Annual
Report to Parents will be
The minor accident books should be
signed for every incident reported.
DfES Regulations in respect of the
Governors’ Annual Report and the
School Prospectus should be adhered
to.
Implementation
Date
Already
implemented.
Already
implemented.
End of the
Autumn term
2004.
15
revised and updated
during the Autumn term
2004.
16
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Education & Leisure
Subject
PART TWO
Report
Number
The Deans Primary School
Commencement
09/2004
Date
Issued Date
2636
11/2004
Scope
The Deans is a County Primary School, situated in Swinton within Salford. There are
approximately 230 pupils in the school in eight classes, all organised by age.
Since it opened in 1994, the school has made very good progress. It received a most
improved school award in 1999 and Beacon School status in 2000. In 2002 the
school received a Government Achievement Award.
Our approach to the audit of a school has been determined to provide an
independent appraisal of the adequacy of controls in key functional processes that
operate within the school, these being:
 Financial Management
 Financial Administration
 Employee and Asset Management
 Pupil Welfare.
Internal Auditor’s Opinion
The audit review examined forty-five aspects of the School’s control environment,
and we are pleased to report that satisfactory measures are in place to control the
majority of risks within the key functional processes reviewed.
We did identify eight areas where the control environment could be enhanced with
additional controls. These were not considered to be of high priority.
17
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE

Directorate
Education & Leisure
Subject
Royal Manchester Children’s Hospital School
Commencement
06/2004
Date
PART TWO
Issued Date
Report
Number
2578
09/2004
Scope
The standard objectives of the audit of a school have been determined to provide an
independent appraisal of the adequacy of controls in key functional processes that
operate within the school, those being:





Financial Management
Financial Administration
Asset Management
Pupil Welfare
Contracted Services.
Internal Auditor’s Opinion
The audit concluded that the majority of the risks reviewed were adequately
controlled. It was identified that the most significant areas where improvements to the
existing internal control environment relate to:
 The signatories for the school bank accounts are not reviewed and approved by
the Governing Body on an annual basis
 Financial delegation is not reviewed and approved by the School Governors on
an annual basis.
Main Recommendations
The School's Governing Body should
review and approve the signatories for the
School's bank accounts on an annual basis.
This should be documented within the
minutes of the meeting.
The scheme of financial delegation should
be reviewed, approved, and documented by
the School's Governing Body on an annual
basis. This should be documented within
the minutes of the meeting.
Management
Response
This issue will be
raised, appropriate
approval sought and
minuted at the next
meeting of the
Governing Body.
Implementation
Date
31st October
2004.
This issue will be
raised, appropriate
approval sought and
minuted at the next
meeting of the
Governing Body.
31st October
2004.
18
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Education & Leisure
Subject
PART TWO
Report
Number
Alder Park Primary School
Commencement
07/2004
Date
Issued Date
2596
09/2004
Scope
The audit review was undertaken prior to the forthcoming amalgamation of Alder
Park Primary School with Westwood Park Primary School. This is planned to take
effect from September 2004, with both sites remaining open. The transfer onto one
site is scheduled for completion during 2006.
The scope of the audit was to provide an independent appraisal of the adequacy of
the controls that operate within the school. The key functional processes reviewed
during the course of the audit were:
 Financial Management
 Financial Administration
 Asset Management
 Pupil Welfare.
Internal Auditor’s Opinion
The audit review concluded that there are several control weaknesses with regard to
the current procedures employed at the school. Therefore the implementation of
additional controls is required to mitigate the present risk exposure.
The most significant weaknesses identified were:
 The school Inventory Record could not be located
 The security of the safe and the IT equipment.
Main Recommendations
An exercise should be undertaken to
produce an up-to-date School's Inventory
Record.
In order to increase the security of the
school IT equipment, it is recommended
that the following points are addressed:
 Equipment should be appropriately
marked with the school's security
marker pen.
 Computers and laptops located within
classrooms should be stored securely
at the end of each school day
 The possibility of securing white board
projectors into their suspension
brackets should be investigated.
Management
Response
Agreed.
Agreed.
Implementation
Date
End of the
Autumn term,
2004.
End of the
Autumn term,
2004.
19
The school should investigate the
feasibility of bolting the safe to the floor to
further enhance the current security
measures.
Agreed.
End of the
Autumn term,
2004.
20
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Education & Leisure
Subject
North Grecian Street Primary School (Change
of Headteacher Review)
Commencement
06/2004
Date
PART TWO
Issued Date
Report
Number
2590
10/2004
Scope
The current Headteacher will retire at the end of the 2004 school year. The incoming
Headteacher will be commencing his position as the new Headteacher on 1st
September 2004.
The standard objectives of the audit of a school have been determined to provide an
independent appraisal of the adequacy of controls in key functional processes that
operate within the school, those being:

Financial Management

Financial Administration

Asset Management

Pupil Welfare

Contracted/Traded Services.
Internal Auditor’s Opinion
The audit concluded that the majority of controls reviewed during the audit were
robust and working effectively with many control systems implemented by the School
to a high standard. Financial controls were effectively managed.
However, the audit highlighted a number of areas where additional controls would
improve existing processes. These are referred to in the recommendations section
below.
Main Recommendations
Management Response
Implementation
Date
A full statement of accounts for the
school fund should be compiled,
independently audited, and
certified annually.
Agreed.
End of the
Autumn term,
2004.
The Inventory should be reviewed
and signed and dated as a true
record on an annual basis by the
Headteacher, or a delegated
member of staff.
The Governing Body should review
and approve the signatories for
each of the school bank accounts
on an annual basis. This should be
recorded within the relevant
meeting minutes.
Agreed.
End of the
Spring term,
2005.
Agreed.
November
2004.
21
The encashment of cheques
should be avoided where possible.
If this is unavoidable, receipts
should be obtained for all
expenditure, documents retained
and clearly recorded to verify the
total expenditure incurred.
Agreed.
With immediate
effect.
22
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Education & Leisure
Subject
PART TWO
Report
Number
Tootal Drive Primary School
Commencement
09/2004
Date
Issued Date
2609
09/2004
Scope
The standard objectives of a school audit have been determined to provide an
independent appraisal of the adequacy of controls in key functional processes that
operate within the School, those being:
 Financial Management
 Financial Administration
 Employee and Asset Management
 Pupil Welfare.
Internal Auditor’s Opinion
The audit review found that adequate measures are in place to control the majority of
risks within the key processes identified.
Main Recommendations
The Mandates to the School bank accounts
should be stored securely in a separate
room to that of the unused bank account
chequebooks.
School trip documentation should include a
calculation sheet for each individual trip
undertaken. These should record the
number of paying pupils and state any
shortfall in income. The final costing sheet
should be independently reviewed by the
Headteacher, or a delegated member of
staff, and the person should sign and date
the relevant document as evidence of this
review and the approval of any
contingency.
The omitted items (School Prospectus)
should be included when the next edition is
published.
Management
Response
Agreed.
Implementation
Date
Already
implemented.
Agreed.
Already
implemented.
Agreed.
Spring term
2005.
23
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Education & Leisure
Subject
PART TWO
Report
Number
Wentworth High School
Commencement
06/2004
Date
Issued Date
2585
10/2004
Scope
Wentworth High School is situated on Wentworth Road, Ellesmere Park, Eccles. The
School currently has approximately 901 pupils on roll. In 2002 the School became an
‘Artsmark Gold School’ and in 2003 the School was granted the ‘Sportsmark’ by
Sport England for the second time.
The standard objectives of the audit of a school have been determined to provide an
independent appraisal of the adequacy of controls in key functional processes that
operate within the School, these being:
 Financial Management
 Financial Administration
 Employee and Asset Management
 Pupil Welfare
 Contracted Services.
Internal Auditor’s Opinion
The audit review found that a high standard of administration exists at the School,
with adequate measures in place to control the majority of risks within the key
processes identified. However, the review identified a small number of areas where
improvements are needed to the control environment.
Main Recommendations
Annual approval should be sought from the
Governing Body to continue the Scheme of
Financial Delegation. This should be
recorded within the minutes of the
appropriate meeting.
An exercise should be undertaken to bring
the School's inventory records up-to-date.
To help ensure consistency throughout the
School, the record should include details of
electrical and other significant items valued
over £100. The record should be updated
on an ongoing basis and should contain
dates of acquisitions and disposals.
An improved system should be introduced
to ensure that loaned items are
appropriately signed back in upon their
return by the individual returning the item,
Management
Response
Agreed
Agreed. The Bursar
will use the SIMS
Module to record
any new inventory
items that come into
the School. A
Teaching Assistant
is to be employed,
part of whose duties
will be to compile a
comprehensive
inventory for the
Implementation
Date
November
2004.
By the end of
the Summer
term, 2005.
24
and countersigned by the Bursar.
Once the inventory has been brought up to
date, arrangements should be made for the
Headteacher, or a delegated member of
staff, to undertake an annual review. The
record should be signed and dated as
correct at the time of review.
Once the current records have been
updated, arrangements should be made to
create a copy of the inventory. Ideally, an
electronic copy of the entire record should
be made which can be backed-up at regular
intervals.
Additionally, in order to improve current
record keeping, the Bursar should
investigate the possibility of using SIMS to
create an inventory record.
In order to improve safety for both pupils
and staff, vigilance should be maintained to
ensure that the door to the main entrance is
kept firmly closed.
The omitted items should be included within
the next editions, when published.
existing items.
Agreed. The
appropriate
documentation will
be signed and dated
accordingly as
evidence of review.
In addition, Some of
the School’s
departments already
hold their inventory
records in an
electronic format. It
is intended to update
the current records
and maintain the
completed inventory
in an electronic
format. This can
then be regularly
backed-up.
The main entrance
door is now kept
firmly closed to
restrict access.
Agreed.
Autumn term
2005.
Implemented.
The latest
edition of the
Annual Report
has just been
completed, and
the revised
Prospectus has
been submitted
for printing.
25
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Education & Leisure
Subject
PART TWO
Report
Number
Harrop Fold High School (PIR)
Commencement
07/2004
Date
Issued Date
2380A
10/2004
Scope
A policy of Post Implementation Review has been formalised by Internal Audit. The
review is in the form of a follow-up visit to a previous audit. The Post Implementation
Review seeks to ensure that all agreed recommendations have been implemented.
The purpose of this review is to follow-up on recommendations made in an audit of
Harrop Fold High School, report reference 2380/EDU/03 issued on 14th October
2003.
The Headteacher at the time of the initial audit review had commenced in post at the
start of the spring term, 2003. However, she left the school at the end of the spring
term, 2004, and a temporary Headteacher is currently in post. A permanent
Executive Headteacher has been appointed and will commence at the school at the
start of the autumn term, 2004.
Internal Auditor’s Opinion
There were a substantial number of recommendations made following the initial audit
review. Whilst a number of these have been fully implemented, and progress made
with regards to others, there is a small but significant number that requires further
action.
The school should continue its current progress until the remainder of the
recommendations are implemented.
Main Recommendations
The school should make
enquiries regarding its
current banking
arrangements for the
official fund with a view to
increasing the amount of
interest earned.
The Headteacher may
wish to consider an
investment account for the
higher level of funding
which accrues on
occasions in the school’s
current account.
The value of the imprest
should be reduced in
order to reflect the
reduced usage of the
Management
Response
The school has spoken
to its Bank. They have
been told they will be
allocated a Business
Manager, who will visit
them and offer advice
on their best practice.
Still ongoing.
The implementation of
this recommendation
will be dependent on
the outcome of the
Current Status
Not implemented.
Enquiries have been made
and discussions held with the
Business Manager who
represents the Bank. Prior to
implementation however,
further discussions will be
undertaken with the incoming
Headteacher during the
autumn Term, 2004.
Not implemented.
Until the end of the Summer
term 04, the school will retain
the current value of the petty
26
unofficial fund petty cash
account.
The Headteacher, or
delegated member of
staff, should periodically
review income to banking
records and evidence this
procedure by signing and
dating the income
records, in respect of both
official and unofficial
funds.
Records relating to overall
costings of trips should be
retained on school
premises and be made
available for inspection by
interested parties. A final
balance sheet should be
compiled once the trip has
been completed and
reviewed by the
Headteacher, or an
independent member of
staff. This should be
signed and dated as
evidence of review.
The IT Technician should
ensure that the inventory
record is updated to
reflect disposals. In
respect of other areas of
the school, inventory
records should be
compiled and updated as
acquisitions and disposals
occur. The records should
be independently
reviewed on an annual
basis.
A review of the school’s
computer equipment
should be undertaken to
determine if there is a
suitable method to
permanently mark the
equipment with the
school’s details.
previous
recommendation. In
addition, the school has
opened an account with
a hardware supplier
who has previously
been paid for goods by
petty cash. This will
further reduce the use
of the petty cash
account.
Agreed.
cash imprest, due to the
exceptional cost of posting out
parcels of examination
papers. From the start of the
Autumn term 04, the imprest
value of the petty cash
accounts at both sites will be
reduced.
Already implemented.
Documents are
returned to the
Headteacher. Balance
sheets are compiled.
Bursar keeps
documents and
signs/dates as
evidence of her review.
Not implemented.
A trip file was started by the
Headteacher who has now left
the school. The Bursar will
now maintain this file, which
contains final balance sheets
and accompanying
documentation. However, the
final balance sheets are not
currently being reviewed or
signed.
Agreed. Will compile
records but this is
noted as a large task.
Plans are in place, and
implementation has
begun.
Not implemented.
Some progress has been
made, but it is acknowledged
that the records are not
satisfactory. The Finance
Manager will oversee the
introduction and
implementation of a standard
format inventory record
throughout the school.
Will liaise with ICT
Technicians regarding
suitable method of
marking.
Not implemented.
Initial attempts to mark the
equipment proved ineffective.
However, the matter has been
discussed with the Governors
and further enquiries are
ongoing.
Not implemented.
This procedure had been
started by the previous
Headteacher but the task has
not been undertaken since
her departure.
27
The school should
undertake a review of
security at both sites with
a view to further restricting
unauthorised access to
the grounds. In addition
improved measures
should be introduced in
order to improve access
restrictions to the building
at the Hilton Lane site.
A review of security has
commenced, which has
resulted in immediate
improvements. A
keypad has been
added to the side
entrance doors, and
further improvements to
the foyer entrance will
be undertaken during
the term.
The Health and Safety
Policy should be updated
on an annual basis and in
order to validate the
document, it should be
signed and dated by the
Chair of Governors.
Agreed. To arrange.
The school should request
that parents complete and
sign a disclaimer form
prior to the administration
of medicines.
A review of the items
contained within the
school Prospectus and
the Governor’s Annual
Report to Parents in order
to ensure that all details
required by the DfES are
included when next
published.
Agreed.
Agreed. These items
will be included when
these documents are
next published.
Not fully implemented.
A review of security issues
has been undertaken and a
plan of action agreed upon. A
number of potential
improvements have been
identified. The school is
currently liaising with the Fire
Service regarding the fire
alarm, and the Fire Risk
Assessment is currently being
reappraised.
Additionally, quotations for
CCTV have been obtained for
the Longshaw site and the
possibility of constructing a
security fence is being
considered.
In respect of the Hilton site, a
side fence is currently being
planned. Additionally, there
are plans to redesign the
reception area with separate
pupil and visitor entrances,
and a waiting room for
visitors.
There are also a number of
Health and Safety issues for
which improvements are
planned.
Not implemented.
Whilst some progress has
been made, the Health and
Safety Policy is still being
updated, and is currently
delayed as the school is
liaising with the Fire Service
regarding improvements to
the fire points.
Not implemented.
A redesigned form will be
introduced form the start of
the autumn term, 2004.
Not implemented.
The new prospectus is
currently being compiled and
will be ready for publication in
September 04 when the
replacement Headteacher
commences at the School and
approves the document. The
latest Governors’ Annual
Report to Parents is also
being compiled and the
omitted items will be included.
28
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Education & Leisure
Subject
PART TWO
Report
Number
St Augustine’s CE Primary School
Commencement
07/2004
Date
Issued Date
2589
10/2004
Scope
St Augustine's Church of England Primary is an Aided School situated on Bolton
Road, Pendlebury. At the time of the audit review there were approximately 228
pupils on roll. The School was originally built in 1874 and the original building still
stands alongside the present School.
The standard objectives of the audit of a school have been determined to provide an
independent appraisal of the adequacy of controls in key functional processes that
operate within the School, these being:
 Financial Management
 Financial Administration
 Employee and Asset Management
 Pupil Welfare
 Contracted Services.
Internal Auditor’s Opinion
The audit review found that adequate measures are in place to control the majority of
risks within the areas examined. However, the review highlighted a number of areas
where improvements are needed to the control environment. In particular, controls
relating to the compilation and maintenance of the School’s inventory record are
poor.
Main Recommendations
Regarding the Scheme of Financial
Delegation, arrangements should be put in
place to ensure that the approval of the
Governing Body is formally documented on
an annual basis.
In order to provide independent verification
that the total of monies prepared for
banking is accurate to the value of the
income received by the School, the
Headteacher should undertake a periodic
check of monies prepared for banking
against the value of income received. This
review should be evidenced by the
recording of the relevant signature along
Management
Response
Agreed. Will include
this as an agenda
item at a Governors’
meeting prior to the
end of the current
financial year.
Agreed. This will be
undertaken termly.
Implementation
Date
During the
Spring term,
2005.
To commence
during the
current Autumn
term.
with the date within the relevant paying-in
book.
The School should find a suitable person to
carry out the annual review of the Fund.
The person should not be employed at the
School and should be independent of any
School Fund activities undertaken.
Additionally, the person undertaking the
review should apply a date as well as a
signature to the record and should make a
statement that declares the record as true
and fair. Once these procedures have been
carried out, the appropriately signed copy
can be presented to the Governing Body.
In order that risks undertaken by staff whilst
taking monies to the bank can be analysed
by a formal process, a risk assessment
should be carried out and the results
documented. Improvements to existing
procedures can therefore be made if any
weaknesses are identified.
An exercise should be undertaken to bring
the School's stock record up-to-date. The
record should include details of electrical
and other significant items valued over
£100. A review of existing items should be
carried out to determine which remain on
the premises. The record should be
updated on an ongoing basis and should
contain the dates of acquisitions and
disposals.
Agreed.
By the end of
the Summer
term, 2005.
Agreed.
By the end of
the Autumn half
term, 2004.
Agreed. The School
has located an
Inventory Stock
Book. This will be
completed and a
review of existing
items conducted
during its
compilation.
By the end of
the Summer
term, 2005.
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Education & Leisure
Subject
PART TWO
Report
Number
St Augustine’s CE Primary School
Commencement
07/2004
Date
Issued Date
2589
10/2004
Scope
St Augustine's Church of England Primary is an Aided School situated on Bolton
Road, Pendlebury. At the time of the audit review there were approximately 228
pupils on roll. The School was originally built in 1874 and the original building still
stands alongside the present School.
The standard objectives of the audit of a school have been determined to provide an
independent appraisal of the adequacy of controls in key functional processes that
operate within the School, these being:
 Financial Management
 Financial Administration
 Employee and Asset Management
 Pupil Welfare
 Contracted Services.
Internal Auditor’s Opinion
The audit review found that adequate measures are in place to control the majority of
risks within the areas examined. However, the review highlighted a number of areas
where improvements are needed to the control environment. In particular, controls
relating to the compilation and maintenance of the School’s inventory record are
poor.
Main Recommendations
Regarding the Scheme of Financial
Delegation, arrangements should be put in
place to ensure that the approval of the
Governing Body is formally documented on
an annual basis.
In order to provide independent verification
that the total of monies prepared for
banking is accurate to the value of the
income received by the School, the
Headteacher should undertake a periodic
check of monies prepared for banking
against the value of income received. This
review should be evidenced by the
recording of the relevant signature along
Management
Response
Agreed. Will include
this as an agenda
item at a Governors’
meeting prior to the
end of the current
financial year.
Agreed. This will be
undertaken termly.
Implementation
Date
During the
Spring term,
2005.
To commence
during the
current Autumn
term.
with the date within the relevant paying-in
book.
The School should find a suitable person to
carry out the annual review of the Fund.
The person should not be employed at the
School and should be independent of any
School Fund activities undertaken.
Additionally, the person undertaking the
review should apply a date as well as a
signature to the record and should make a
statement that declares the record as true
and fair. Once these procedures have been
carried out, the appropriately signed copy
can be presented to the Governing Body.
In order that risks undertaken by staff whilst
taking monies to the bank can be analysed
by a formal process, a risk assessment
should be carried out and the results
documented. Improvements to existing
procedures can therefore be made if any
weaknesses are identified.
An exercise should be undertaken to bring
the School's stock record up-to-date. The
record should include details of electrical
and other significant items valued over
£100. A review of existing items should be
carried out to determine which remain on
the premises. The record should be
updated on an ongoing basis and should
contain the dates of acquisitions and
disposals.
Agreed.
By the end of
the Summer
term, 2005.
Agreed.
By the end of
the Autumn half
term, 2004.
Agreed. The School
has located an
Inventory Stock
Book. This will be
completed and a
review of existing
items conducted
during its
compilation.
By the end of
the Summer
term, 2005.
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Education & Leisure
Subject
PART TWO
Report
Number
Christ The King Primary School
Commencement
07/2004
Date
Issued Date
2587
10/2004
Scope
Christ The King Roman Catholic Primary School is situated in an outer suburb of
Salford, and serves the parish of Christ The King.
The standard objectives of a school audit have been determined to provide an
independent appraisal of the adequacy of controls in key functional processes that
operate within the School, those being:
 Financial Management
 Financial Administration
 Employee and Asset Management
 Pupil Welfare.
Internal Auditor’s Opinion
The audit review found that adequate measures are in place to control the majority of
risks within the key processes identified.
However, nine areas were highlighted that need additional controls to improve
existing processes. In particular, these included:
 The scheme of financial delegation
 The processing of orders and payments.
Main Recommendations
Annual approval should be sought from the
Governing Body to continue the scheme of
financial delegation. This should be
recorded within the minutes of the
appropriate meeting.
The Headteacher, or delegated member of
staff, should ensure that all orders are
suitably authorised. In addition, official
orders should be used to purchase all
goods and services.
Management
Response
Agreed.
Agreed.
Implementation
Date
End of Autumn
term, 2004.
Implemented.
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Education & Leisure
Subject
PART TWO
Monton Green Primary School
Commencement
07/2004
Date
Issued Date
Report
Number
2591
10/2004
Scope
There are currently 295 pupils on roll, and the School has a ten-place unit that caters
for children with moderate learning difficulties. Additionally, an Early Bird and After
School Club is run by Salford Hundred Venture to provide childcare out of school
hours.
The standard objectives of the audit of a school have been determined to provide an
independent appraisal of the adequacy of controls in key functional processes that
operate within the School, these being:
 Financial Management
 Financial Administration
 Employee and Asset Management
 Pupil Welfare.
Internal Auditor’s Opinion
The audit review found that adequate measures are in place to control the majority of
risks within the areas examined.
However, the review highlighted a number of areas where improvements are needed
to the control environment. In particular, there are weaknesses in the following areas:
 The compilation and maintenance of the School’s Inventory Record
 Approval for the Scheme of Financial Delegation.
As a result, a number of recommendations are deemed necessary to reduce the
current risk exposure caused by the lack of these controls.
Main Recommendations
Annual approval should be sought from the
Governing Body to continue the scheme of
financial delegation. This should be
recorded within the minutes of the
appropriate meeting.
Management
Response
Approval of the
Scheme of Financial
Delegation was
obtained from the
Finance Committee
of the Governing
Body on 15th July
2004 and will be
added to the annual
agenda. In addition,
any items of
spending in excess
of £4000 must be
Implementation
Date
15th July 2004
and annually
thereafter.
An exercise should be undertaken to bring
the School's Stock Record up-to-date. The
Record should include details of electrical
and other significant items valued over
£100. A review of existing items should be
undertaken to determine whether the items
recorded remain on the premises. The
record should be updated on an ongoing
basis and should contain dates of
acquisitions and disposals.
Additionally, full details should be recorded
on the rare occasions when staff may loan
items from the School.
approved by the
Governing Body.
Agreed - An
electronic inventory
will be designed,
using the current
inventory as a
template and
maintained on an
ongoing basis.
31st December
2004.
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Education & Leisure
Subject
PART TWO
Report
Number
St Boniface RC Primary School
Commencement
09/2004
Date
Issued Date
2635
10/2004
Scope
St Boniface Primary School is a Roman Catholic aided school, maintained by Salford
City Council. The School is located on Yew Street in Lower Broughton. At the time of
the audit there were 226 children registered. The pupils are aged from three to
eleven years old, including reception and nursery children.
The standard objectives of the audit of a school have been determined to provide an
independent appraisal of the adequacy of controls in key functional processes that
operate within the school as follows:
 Financial Management
 Financial Administration
 Asset Management
 Pupil Welfare
 Contracted/Traded Services.
Internal Auditor’s Opinion
The audit review found that adequate measures are in place to control the majority of
risks within the areas examined. The Headteacher is very receptive to incorporating
best practice into the School's processes and enhancing the schools control
environment.
Internal Audit identified a number of areas that could be improved with additional
controls, including one significant issues requiring more urgent action. The audit
review found that the Headteacher does not compare the value of income records to
the value of collection prepared for banking.
Management
Response
The Headteacher should undertake periodic Income records will
reviews of the monies prepared for banking, be checked and
in comparison to receipts issued and other
banking procedures
records of income. The paying-in books and re-assessed halfcashbook should be signed and dated as
termly. The payingevidence of this review.
in books and
cashbooks will be
signed and dated as
evidence of the
reviews, beginning
this half term.
Main Recommendations
Implementation
Date
19th November
2004.
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Education & Leisure
Subject
PART TWO
St Andrew’s CE (Boothstown) Primary School
Commencement
09/2004
Date
Issued Date
Report
Number
2612
10/2004
Scope
St Andrew’s is a voluntary controlled Church of England primary school situated on
the outskirts of Salford. Pupils come from a wide area and mixed backgrounds. There
are approximately 450 pupils on roll, split into twenty classes, including
approximately 60 pupils in the nursery classes.
The standard objectives of a school audit have been determined to provide an
independent appraisal of the adequacy of controls in key functional processes that
operate within the School, those being:
 Financial Management
 Financial Administration
 Employee and Asset Management
 Pupil Welfare.
Internal Auditor’s Opinion
The audit review found that adequate measures are in place to control the majority of
risks within the key processes identified.
However, whilst no high-risk control weaknesses were identified, the review
highlighted some areas requiring attention to effect the necessary improvements to
the control environment and subsequently mitigate the associated risks.
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Education & Leisure
Subject
PART TWO
Broughton Jewish Cassel-Fox Primary School
Commencement
06/2004
Date
Issued Date
Report
Number
2592
10/2004
Scope
Broughton Jewish Cassel-Fox Primary School is situated in Salford in an area with a
large Jewish population. The School has voluntary aided status and provides primary
education in accordance with the traditions of Orthodox Judaism. There are
approximately 350 pupils on roll, split into 12 classes, including 45 pupils in the
nursery class who attend full time. There is also a kindergarten that many attend prior
to the nursery class.
There is a new Headteacher in post at the School, who commenced at the beginning
of the new academic year, September 2004.
The School had a deficit budget amounting to £105,006 for the financial year
2003/2004. A Management Plan has been produced by the Education Accountant,
however, this projects an estimated negative balance at the 31st March 2005 of
£115,447. The School’s Education Accountant is due to meet the new Headteacher
with a view to discuss the current budget position and other financial matters in the
near future.
The standard objectives of a school audit have been determined to provide an
independent appraisal of the adequacy of controls in key functional processes that
operate within the School, those being:
 Financial Management
 Financial Administration
 Employee and Asset Management
 Pupil Welfare.
Internal Auditor’s Opinion
However, the following high priority improvement areas were identified, and these
require additional controls to improve existing processes:
 The scheme of financial delegation
 Bank account signatories
 The maintenance of Inventory Records
 School fund reconciliations
 School trip documentation and associated risk assessments.
Main Recommendations
Annual approval should be sought from the
Governing Body to continue the scheme of
financial delegation. This should be
Management
Response
Agreed.
Implementation
Date
Next Governors
meeting 19th
October 2004.
recorded within the minutes of the
appropriate meeting.
Once all the necessary amendments have
been made to the School’s bank account
mandates, approval of the relevant account
signatories should be sought and
documented within the minutes of the next
Governing Body meeting. Thereafter,
signatories should be discussed and
approved on an annual basis.
An exercise should be undertaken to
produce a record of the School’s assets,
ensuring the inclusion of the date of
purchase and relevant serial numbers.
A reconciliation of the School Fund should
be performed between the cashbook
entries and the bank account statements on
a regular basis. Arrangements should be
made for an annual statement of account to
be prepared and independently audited.
School trip documentation should include a
calculation sheet for each individual trip
undertaken.
All Risk Assessments that are completed
for any trips outside of school should be
retained for a period of at least 12 months.
Agreed.
End of Autumn
Half Term
2004.
Agreed.
End of Spring
Term 2005.
Agreed
End of Autumn
Half Term
2004.
Agreed
End of Autumn
Term 2004.
Agreed.
End of Autumn
Half Term
2004.
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE

Directorate
Education & Leisure
Subject
PART TWO
Report
Number
Wharton Primary School
Commencement
07/2004
Date
Issued Date
2579
10/2004
Scope
The standard objectives of the audit of a school have been determined to provide an
independent appraisal of the adequacy of controls in key functional processes that
operate within the school, those being:
 Financial Management
 Financial Administration
 Asset Management
 Pupil Welfare
 Contracted Services.
Internal Auditor’s Opinion
The audit concluded that although most of the key risks examined are adequately
controlled, some improvements are required to the existing internal control
environment.
The most significant areas requiring attention are:
 Documentary evidence was not available to confirm that the Governing Body
review and approve the signatories on the School bank account mandates on an
annual basis
 Financial delegation is not reviewed and approved by the Governing Body on an
annual basis
 The lack of up to date inventory records.
Main Recommendations
The mandate signatories should be
reviewed and approved by the Governing
Body on an annual basis.
Annual approval should be sought from the
Governing Body to continue the scheme of
financial delegation.
The School should ensure that a
comprehensive inventory is compiled of the
School’s significant assets (those > £100).
Management
Response
This should be
addressed at the
next meeting of the
Governing Body.
This was performed
at the meeting of the
Finance SubCommittee on the 7th
July 2004.
Contact will be made
with the
Headteacher of
Charlestown Primary
Implementation
Date
12th October
2004.
Already
implemented.
By the end of
the Autumn
term.
School to enquire
into the use of that
school’s electronic
inventory, with the
intention of
spreading good
practice.
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Education & Leisure
Subject
PART TWO
Report
Number
Springwood Primary School
Commencement
10/2004
Date
Issued Date
2631
11/2004
Scope
The standard objectives of a school audit have been determined to provide an
independent appraisal of the adequacy of controls in key functional processes that
operate within the school, these being:
 Financial Management
 Financial Administration
 Employee and Asset Management
 Pupil Welfare
 Contracted Services.
Internal Auditor’s Opinion
The audit review found that adequate measures were in place to mitigate the majority
of risks within the areas examined.
However, the review highlighted a number of areas where improvements are needed
to the existing control environment. Of particular concern are the weaknesses
identified in the following areas:
 The lack of a complete Inventory in relation to the School's assets
 Approval of the Scheme of Financial Delegation
 School Fund Governance Arrangements
 The lack of a Register of Interests.
As a result, recommendations have been made which are deemed necessary to
reduce the current risk exposure caused by the lack of these controls.
Main Recommendations
The School should compile and maintain an
inventory of all its significant assets, that is,
those >£100.
The Scheme of Financial Delegation should
be included as a formal agenda item for the
next Governing Body meeting. Once
approval has been granted, it should be
recorded in the relevant meeting minutes
and thereafter undertaken on an annual
basis.
As soon as an appropriate person has been
appointed by the Governing Body, the
Management
Response
Agreed.
Implementation
Date
31st July 2005.
To be included as an
agenda item for the
Resources SubCommittee meeting
to be held on the
25th November
2004.
A suitable person
has now been
25th November
2004.
31st January
2005.
annual statement of the School Fund
account should be independently audited
and subsequently presented to the
Governing Body. This should be raised as
an official agenda item and recorded in the
relevant meeting minutes.
A formal Register of Interests should be
compiled and maintained in respect of all
Governors and appropriate members of
staff. This should be reviewed and updated
on an annual basis by all relevant parties
making a written declaration to this effect.
identified to
independently audit
the School Fund
account and has
been contacted by
the Governing Body.
A formal Register of
Interests was
completed at the
Governing Body
meeting held on 7th
October 2004. This
will now be reviewed
and updated on an
annual basis.
7th October
2004.
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Education & Leisure
Subject
PART TWO
St Thomas of Canterbury RC Primary School
Commencement
09/2004
Date
Issued Date
Report
Number
2640
12/2004
Scope
The standard scope and objectives of school’s audits have been determined to
provide an independent appraisal of the adequacy of controls in key functional
processes that operate within a school. These include financial management;
financial administration; asset management; pupil welfare; and contracted/traded
services.
The audit fieldwork was undertaken during the month of September 2004.
Internal Auditor’s Opinion
In considering the risks and controls, we are of the opinion that there are adequate
measures in place to control some of the risks within the areas examined. However,
there are a number of areas that require additional controls, as follows; the failure to
maintain up-to-date, comprehensive and transparent school fund records; the failure
to process invoices in a timely manner; the lack of an up-to-date inventory and the
failure to undertake annual certification.
We acknowledge that some tasks have fallen behind due to staff absence, and that
the Office Administrator is currently endeavouring to bring those tasks up-to-date.
The School has just recruited a part-time Administrative Assistant in order to help
with these tasks.
Main Recommendations
We have recommended that a series of
improvements be made in the
administration of the school fund,
particularly the need to introduce an
analysed income and expenditure book and
to arrange for the fund to be independently
audited for the last completed academic
year.
Payments in respect of outstanding
invoices should be brought up-to-date.
Once this has been achieved, invoices
should be paid on a prompt basis.
Management
Response
Agreed.
Implementation
Date
31st March
2005.
Agreed.
4th December
2004.
An exercise should be undertaken to bring
the Inventory up-to-date, along with a
review to determine whether the items
currently recorded remain on the premises.
The record should be updated on an
ongoing basis and should contain dates of
acquisitions and disposals.
Agreed.
5th March
2005.
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Education and Leisure
Subject
PART TWO
Report
Number
Hope High School
Commencement
10/2004
Date
Issued Date
2656
11/2004
Scope
The standard scope and objectives of school’s audits have been determined to
provide an independent appraisal of the adequacy of controls in key functional
processes that operate within the school. These included financial management,
financial administration, asset management, pupil welfare, and contracted/traded
services.
The audit fieldwork was undertaken in the month of October 2004.
Internal Auditor’s Opinion
In considering the risks and controls with regards to the above scope, we are of the
opinion that the majority of controls are operating effectively. However the audit
review did highlight a number of control weaknesses where the control environment
could be improved with the introduction of control enhancements. The more
significant areas requiring action include financial delegation, school fund
management, data protection, and insurance arrangements. The most significant
matter requiring attention is the management of the School’s deficit position, for
which there is currently no documented plan of action.
In addition to the above findings, we observed that unlike most schools of this size,
under the current governance arrangements the Bursar no longer reports directly to
the Headteacher on a day-to-day basis. Whilst the Bursar is invited to attend the
School’s Management Team’s meetings monthly, it is our opinion the current working
arrangement may be pervasive to the control environment at the School.
Main Recommendations
The School and the LEA Accountant should
prepare and document a five-year plan to
manage the deficit. The plan should be
documented and monitored on an ongoing
basis.
Management
Response
Agreed.
Implementation
Date
1st January
2005.
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE

Directorate
Education & Leisure
Subject
PART TWO
Report
Number
ICT Project
Commencement
06/2004
Date
Issued Date
2594
09/2004
Scope
The report is a follow-up to a previous audit report and assessed the degree of
control over the key risks threatening the management of the Education
ICT/Broadband Project, in relation to the following aspects:
 Project management
 Funding arrangements
 Inventory controls
 Delivery of agreed technical solution
Internal Auditor’s Opinion
The report found that improvements had taken place in the way that the project was
managed and also in the communications between the various interested parties –
IT, schools and LEA. There was also improvement in the support and training that
was provided by IT to the schools. The financial management of the project was also
improved, with finance officers being involved in setting and monitoring project
expenditure. Progress has been made with regard to the projects assets
management, although this process should be improved further when records are
fully integrated into the Council’s new help desk system, which incorporates an asset
management module.
Main Recommendations
Monitor the ongoing status of schools
equipment to ensure it remains appropriate
and is compatible with any planned
upgrades of the core technology in use
A single asset management system should
be put in place
Management
Response
This will be logged in
the project issue log,
and presented to the
Education Strategy
meeting for
discussion.
This is in progress
with the upgraded
QSM system.
Implementation
Date
October 04.
December 04.
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Corporate Services/Council-wide
Subject
Implementation of Freedom of Information at
Salford City Council
Commencement
06/2004
Date
PART TWO
Issued Date
Report
Number
2593
09/2004
Scope
The Freedom of Information Act (FoIA) will be implemented in full by January 2005.
The Act provides a general right of access to information held by public authorities.
The Act is being introduced in two stages. In the first, each authority has been
required to prepare a “publication scheme”, which had to be in place by February
2003. Our scheme specifies the classes of information that Salford City Council
(SCC) publishes or intends to publish and the manner in which it is published.
The second stage introduces a right of access to information and applies from 1st
January 2005. This means that, subject to certain exemptions, e.g. related to
security, any person who makes a specific request to SCC for information must be
informed whether or not it holds the information and if held, the information must be
communicated to the person. However, SCC does not have to provide information,
which is already reasonably accessible under the Publication Scheme or elsewhere.
The aim of the audit was to determine the degree of control over the following risk
areas:
 Implementation and maintenance of the FOI Publication Scheme
 Receipt and processing of information requests
 Records management
Internal Auditor’s Opinion
Our overall opinion is that satisfactory controls have been established/planned, to
mitigate the risks we face with respect to FOI compliance. The Corporate Information
Officer, Head of Law and Administration and the Steering Group (SG) are to be
commended for the progress so far, e.g. in establishing the Publication Scheme and
developing plans/procedures for requests for information. This is especially so, given
the limited resources that have been available to them.
It has been shown that projects managed through a formal methodology have a
better chance of success. The progress made within Directorates has been
inconsistent, e.g. in terms of identifying working groups and establishing
communications protocols. In our opinion, this could have resulted from the lack of a
formal project management methodology at Steering Group level. The IT Systems
Project is being formally managed using PRINCE2, but the project plan for the IT
Project had become out of date and there was a risk that the IT systems would not
be in place by the dates specified by the SG.
Main Recommendations
The FOI Action Plan should be formally
aligned with the revised IT Systems Project
plan and the AGMA Work Programme.
The Corporate Information Officer and
Steering Group (SG) should ensure that the
revised IT Systems plan is based on
realistic timescales and core requirements,
not solely on the January deadline.
Each SG member should formally report to
the full meeting, on progress against targets
at Directorate level and flag any problems
or issues.
Following on from the above, it is
recommended that key elements of the
Salford method of PRINCE2 be introduced
at SG level, e.g. risks/issues logs, formal
highlight reports and defined
roles/responsibilities for SG members.
Management
Response
Action plans will be
updated, aligned
and enforced.
Meeting discussed
possibility of creating
system using
essential criteria as
starting point and
developing system
further after Jan 05.
Reporting is in
place, but
consideration will be
given to greater
formalisation, as part
of the SG
membership review.
A report will be
produced, which will
highlight roles and
responsibilities of
the SG members.
The principles of
PRINCE2 will be
incorporated into the
management of the
FOI project. This
issue will be
examined as part of
the review of SG
membership.
Implementation
Date
September 04.
Ongoing.
Sept 04.
Sept 04.
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Corporate Services
Subject
PART TWO
Report
Number
A Strategy for SAP
Commencement
07/2004
Date
Issued Date
2606
09/2004
Scope
This report covers the management and control of the recent software upgrade and
provides guidance to management on the creation of a SAP Board and a
development strategy for SAP. Advice is also given in the areas of project and
change management.
Internal Auditor’s Opinion
The current SAP support team have provided and continue to provide a good level of
service. They have implemented the SAP financial and accounting solutions and
significant benefits have already been realised. SAP is an Enterprise Resource
Planning system and as such can deliver and integrate most business services for all
SCC directorates. There is an urgent need for the planned high level, cross
directorate management board for SAP to enable the full benefits to be developed
and realised in an effective and economic manner.
The SAP Board should press for a corporate
policy to enforce the consideration of SAP,
where applicable, for all new and replacement
applications. System specifications should be
designed to fit with SAP structures.
Agreed.
Implementation
Date
All implementation
timescales to be
agreed at the first
SAP Board
Meeting.
As above.
The SAP Board should ensure that the status
of the SAP strategy is clearly defined and
understood by all service and directorate
managers, within the context of the 7 pledges.
Each development should be project
managed, using the Salford method of
Prince2.
Where possible, the project managers should
be appointed from the owning Directorate or
Service.
Agreed.
As above.
Agreed.
As above.
Main Recommendations
The SAP Board should produce a formal
policy and standards for the management of
upgrades, patches and fixes
Management
Response
Agreed.
The SAP Support team manager should
ensure that adequate contingency cover is
available to cope with the loss of any
functional /SAP expert.
The SAP strategy should be developed to
support the delivery of the corporate strategies
and seven pledges.
The SAP Board members should be senior
managers with the authority to make and
implement SAP decisions and provide
resources at Directorate level.
Agreed.
As above.
Agreed.
As above.
Agreed.
As above.
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Corporate Services/Council-wide
Subject
Data Protection Act Post Implementation
Review
Commencement
09/2004 (see below*)
Date
PART TWO
Issued Date
Report
Number
2318
09/2004
Scope
This report was a follow-up to the audit report issued in 2003, ref. 2318/CS/03,
covering the risks relating to Salford City Council (SCC) compliance with the Data
Protection Act (DPA). A number of recommendations were made and agreed in that
report, and the aim of this Post Implementation Review (PIR) was to determine the
extent to which the recommendations have been implemented and establish the
current position with respect to the key underlying issues.
The recommendations related to the following aspects:
 Notification with the Information Commissioner
 Information handling and data weeding
 Information sharing within SCC and with external bodies
 Security/access controls re. personal information held on IT systems
 Management of Data Protection in the Directorates.
* The audit was partially completed in April and then fully completed in
August/September. This was at the request of the customers, who wished to focus
on the Freedom of Information Act (FOI) in the interim period.
Internal Auditor’s Opinion
The PIR has concluded that SCC is now in a much stronger position than at the time
of the original audit. Policies and procedures are in place to promote DPA
compliance and the Corporate Information Officer and DP/FOI Steering Group
continue to direct and monitor a comprehensive programme of actions designed to
further achieve this end. Also, complementary work on the implementation of FOI has
assisted in raising the awareness in Directorates of the need to examine what data is
held and to establish adequate systems for dealing with requests from the public.
However, audit work in this review and during the recent FOI audit (ref. 2593/CS/04),
has shown that there is still much to be done, particularly in the areas of records
management and related IT systems. Although good progress has been made in
respect of the agreed recommendations, the target dates for some of the key ones
have not been met, e.g. in respect of DPA compliance checking. Having said this,
Audit appreciates that a lack of resources has meant that the Steering Group has
been focusing on FOI rather than DPA and notes that the outstanding DPA actions
remain in the Steering Group’s monitoring documentation and should not be lost.
Management
Response
Main Recommendations
N/A
N/A
Implementation
Date
N/A
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Corporate Services
Subject
PART TWO
Report
Number
Unix Server PIR
Commencement
08/2004
Date
Issued Date
2613
09/2004
Scope
This report was a follow-up to two reports issued in October and December 2003
(refs 2420/CS/03 and CA3/03) on the Unix server environment.
The aim of those reviews was to determine the degree of control over the following
risk areas:
 Hardware - performance and resilience
 Software - integrity and security
 Information - data integrity and security
 People - succession and personnel issues
The aim of this Post Implementation Review (PIR) was to determine the extent to
which the recommendations have been implemented and establish the current
position with respect to the key underlying issues.
Internal Auditor’s Opinion
The PIR concluded that whilst there had been limited progress in the actual
completion of the agreed recommendations from the two original reports, a number
of crucial building blocks are now almost in place which should facilitate
implementation of the majority of the outstanding actions by the end of 2005.
Management
Response
Main Recommendations
N/A
N/A
Implementation
Date
N/A
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Corporate Services
Subject
An investigation into the loss of E-mail
services
Commencement
09/2004
Date
PART TWO
Issued Date
Report
Number
2632
10/2004
Scope
To carry out an independent investigation into the reasons for the e-mail service
outage and the actions taken to resolve it and prevent a recurrence.
Internal Auditor’s Opinion
The investigation concluded that IT Net were aware of the risk of such an incident
and were in the process of implementing corrective action. IT Net implemented
effective recovery procedures and informed customers of the reasons for the incident
and the potential effects it may have had upon their personal e-mail service.
Main Recommendations
IT Net should be given technical
representation at Director level or be given
the delegated authority via an IT Strategy
Board, to replace key equipment where
delay may result in a serious loss of
services. The Assistant Director IT Net
should raise this issue next Corporate
Services Budget Decision Conference.
IT Net, as part of their contingency plans,
should review method of keeping users
informed of major incidents and progress.
This could be achieved by having an
incident web page and for when the
network is down, a recorded telephone
message line. E- mail will remain the main
mass communication media.
IT Net should produce a formal report, for
senior customers/directors, for all major
incidents e.g. loss of a service for over 2
hours. The report should provide details on
Management
Response
Agreed.
Additional methods
of informing users of
forthcoming security
updates or problems
are now being
applied via the users
logon script when
they log onto the
network. Additional
information will also
be added to the Help
Desk recorded
message.
Senior Management
are kept updated of
any major problems
and verbal reports
Implementation
Date
5th November
2004.
Complete.
Complete.
the main cause of the incident, any
underlying or related causes, the effects of
the loss on services, the costs to recover
the services and where known the costs
resulting from the loss of service, the
lessons learned and steps taken to prevent
a recurrence.
are currently given
at the resumption of
service. A brief
explanatory report
will be written for all
major incidents and
will be provided to
the Directors Team
with the IT service
stats.
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Corporate Services
Subject
PART TWO
Desktop Services Strategy PIR
Commencement
09/2004
Date
Issued Date
Report
Number
2621
10/2004
Scope
Follow up recommendations from audit report 2409/CS/03.
Internal Auditor’s Opinion
The audit has concluded that the degree of control over the risks relating to the
Desktop Services Strategy has improved considerably since our original review and
the actions outstanding are all being actively managed. Three new recommendations
were made to assist with the content and control of the IT Strategy.
Management
Response
The IT Net Strategy should include the Agreed.
following control details: Owner, Author,
Version number, Date of next review.
The next revision of the IT Net Strategy Agreed.
should be updated with:
A new foreword by the current lead
member, an updated introduction indicating
its relationship with the seven pledges, the
annual service plans and information
security policies,
Hardware /software procurement services
and the user responsibility to notify IT Net
before a decision is made to procure
The ICT Business Plan should be Agreed.
expanded to include more details on the IT The structure of IT
universe and planned work. These could services is currently
form appendices to the current format e.g.
under review and
An overview map of the IT universe, and IT the strategy and
responsibility structure,
business plans will
Number of desktops/users and growth year be reviewed and
on year,
updated when this is
Number of SCC buildings linked,
complete
List of supported partners e.g. NPHL and
SCLL,
List of supporting partners e.g. Dell,
Number and names of major developments
planned,
Number and names of major developments
Main Recommendations
Implementation
Date
31st March
2005.
31st March
2005.
31st March
2005.
in progress,
Number and names of major developments
completed,
Internet / Intranet use,
Details of service improvements within IT
arising from new software, e.g. Hydra, Help
desk system, Enterprise XP,
Work on corporate strategies such as EGovernment, Think Customer and Thin
Client.
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Policy, Strategy & Research
Subject
Disability Discrimination Act 1995 – Web
Accessibility
Commencement
09/2004
Date
PART TWO
Issued Date
Report
Number
2620
11/2004
Scope
On the 1st October 2004, all UK organisations had to ensure that their premises,
products and services are accessible by disabled people. Failure to ensure
compliance with the Disability Discrimination Act (DDA) 1995, could leave
organisations open to civil proceedings, and they may suffer damage to their
reputations. The scope of this audit is limited to the checking of the web accessibility
part of the Act.
Internal Auditor’s Opinion
It is considered that Salford City Council has taken appropriate steps to ensure that
its Internet web-site is compliant with the Disability Discrimination Act 1995 and the
WAI AA standard it has achieved complies with the standards required by the
Government. The Authority’s Intranet has recently been redesigned and is Level A
compliant. It is anticipated that Level AA compliance will be achieved within 12months of this relaunch.
We consider that the reputation of Salford City Council could be at risk from
partnerships licensed to use the Salford City Council brand, who do not currently
comply with DDA web accessibility guidelines.
Main Recommendations
All sites examined, as part of this review,
should be made compliant with the
Disability Discrimination Act 1995, as soon
as is practicable.
Management
Response
The sites will be
made compliant with
the Act.
Implementation
Date
Those sites not
already
compliant with
the Act, will be
so by the end
of the current
financial year.
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Customer & Support Services
Subject
PART TWO
Report
Number
Citizen Computer System PIR
Commencement
10/2004
Date
Issued Date
2642
11/2004
Scope
The aim of the original audit was to determine the degree of control over the following
risk areas:
 System management
 System development
Internal Auditor’s Opinion
The PIR has determined that the majority of the recommendations highlighted by the
original 2003 report, have been carried out and the level of effective control over risks
has been improved. The recommendations agreed by management relating to
training resources and system access, have not been implemented in accordance
with the agreed timescales, but measures are in place to ensure that satisfactory
controls will be embedded in these areas by the end of the current financial year.
Main Recommendations
Following migration, by week ending 7th
November 2004, the new Citizen system
will include both the live and development
environment. The server is housed in the
Computer Centre and subject to normal
backup procedures managed by Desktop
Services. The project team considers the
risks of housing both the live and the
development environment on the same
server, as low.
Management
Response
Audit Comment
The situation of
housing the live and
development
environments
together on the
same server will be
reviewed by audit as
part of the CRM
(Customer
Relationship
Management)
project.
Implementation
Date
AUDIT & RISK MANAGEMENT UNIT
Committee Summary
PART ONE
X
Directorate
Environment
Subject
PART TWO
Report
Number
Flare / Windows 2000
Commencement
10/2004
Date
Issued Date
2638
12/2004
Scope
The audit will assess the degree of control over the key risks threatening the
management of Windows2K for Flare, in relation to the following aspects:
 Configuration
 Security
We will also review the current Unix back up and recovery arrangements for Flare
with a view to ensuring their adequacy prior to their transfer to Windows2K.
Internal Auditor’s Opinion
The audit has concluded that the risks relating to windows configuration and security
are well controlled. However, we have identified a number of potential control
improvements for consideration by ESSS and FLARE. The risks relating to the backup and recovery arrangements could be improved by increasing physical security
and environment controls over the first line back-up tapes.
Main Recommendations
ESSS should assess the practicality of
providing personal administrator userids.
Windows administration passwords should
be subject to regular change and this
should be enforced by the system.
ESSS should assess the possibility of
creating administration userids that are
tailored to personal need.
ESSS should ensure that any changes to
the configuration and key control settings
are logged and that the logs are subject to
regular review by the ES Principle Officer.
ESSS should assess the additional risks
incurred by enabling FLARE to manage the
system remotely using PC Anywhere. The
risks, processes and controls to be applied
should be agreed with IT Net and FLARE
All back-up tapes should be transferred
immediately and be held at an
environmentally suitable and secure, off site
disaster store or off site fireproof safe.
Management
Response
Agreed.
Implementation
Date
March 2005.
Agreed.
January 2005.
Agreed.
March 2005.
Agreed.
March 2005.
Agreed.
March 2005.
Agreed.
March 2005.