Part One
ITEM NO. 6
REPORT OF THE CITY TREASURER
TO THE: AUDIT COMMITTEE
ON Tuesday 22nd April 2008
TITLE: INTERNAL AUDIT - ANNUAL REPORT 2007/2008
RECOMMENDATIONS:
Members are asked to note the contents of the report.
EXECUTIVE SUMMARY:
The purpose of this report is to inform members of Internal Audit activity during
2007/2008.
BACKGROUND DOCUMENTS:
(Available for public inspection)
Quarterly Committee reports
CIPFA Code of Practice for Internal Audit in the United Kingdom (2006)
ASSESSMENT OF RISK:
Internal Audit projects are managed within the Unit’s risk based audit protocols aimed at
giving assurance regarding the management of the City Council’s key business risks.
SOURCE OF FUNDING:
Existing revenue budget.
COMMENTS OF THE STRATEGIC DIRECTOR OF CUSTOMER AND SUPPORT
SERVICES (or his representative):
1. LEGAL IMPLICATIONS
N/A
2.
FINANCIAL IMPLICATIONS
This report is for information and has no financial implications
PROPERTY (if applicable): N/A
HUMAN RESOURCES (if applicable): N/A
CONTACT OFFICER:
Nikki Bishop
Head of Internal Audit
Tel: 0161 793 2657
nikki.bishop@salford.gov.uk
1
WARD(S) TO WHICH REPORT RELATE(S): N/A
KEY COUNCIL POLICIES: N/A
DETAILS: See report attached.
2
AUDIT & RISK MANAGEMENT UNIT
ANNUAL INTERNAL AUDIT REPORT
FOR
SALFORD CITY COUNCIL
2007/2008
Internal Audit Annual Report 2007/8
Salford City Council
Section A – Background
Report Content
Section A – Background
1.
2.
3.
4.
Introduction
The Role of Internal Audit
The Objectives and Scope of Internal Audit
Summary of Our Audit Methodology
Section B – Audit Opinion
5. Internal Audit’s Opinion on the Effectiveness of Internal
Control
6. The process of arriving at the opinion
7. Summary of the Internal Audit work used to inform the
Opinion on Effectiveness of Internal control
8. Issues Particularly Relevant to the Preparation of the
Council’s Annual Governance Statement.
1. Introduction
This report relates to the activity undertaken by Salford City
Council’s Internal Audit service during the period 1st April
2007 to 31st March 2008. The Audit Committee approved an
operational audit plan for the financial year 2007/08 at its
meeting on the 27th March 2007.
This report is intended to provide the Committee with:

An opinion on the overall adequacy and effectiveness of
the Council’s internal control environment and any
exceptions to that opinion

A summary of the audit work from which the opinion is
derived

Details of any issues particularly relevant to the
preparation of the Council’s Annual Governance
Statement.

A comparison of the audit work actually undertaken with
the work planned, including a summary of internal audit
performance and quality assurance.

A review of the System of Internal Audit comprising a
commentary on compliance with the CIPFA Code of
Practice for Internal Audit in Local Government and the
results of the internal quality assurance programme.
Section C – Internal Audit Performance
9. A Comparison of the Audit Work Undertaken with the Work
Planned
10. Other Key Performance Information
11. Quality Assurance
12. Compliance with the CPIFA Code of Practice for Internal
Audit in Local Government (2006)
13. Future Developments
Appendices
A. Internal Audit Charter
In providing this information Internal Audit meets the annual
reporting requirements detailed in the CIPFA Code of Practice
for Internal Audit in Local Government (2006).
2. The Role of Internal Audit
The current legal basis for the internal audit function in local
government is the Account and Audit Regulations 2003 (as
amended in 2006), which state that each authority must:
Page: 2
Internal Audit Annual Report 2007/8
“ maintain an adequate and effective system of internal audit
of their accounting records and of its system of internal control
in accordance with the proper practices in relation to internal
control.”
The guidance accompanying the legislation states that, for
local authorities, proper internal control practise for internal
audit are those contained within the CIPFA Code of Practice
for Internal Audit in the United Kingdom (2006) (the Code).
The Code gives the following definition of internal audit:
“Internal audit is an assurance function that provides an
independent and objective opinion to the organisation on the
control environment, by evaluating its effectiveness in
achieving the organisation’s objectives. It objectively
examines, evaluates, and reports on the adequacy of the
control environment as a contribution to the proper, economic,
efficient and effective use of resources.”
3. The Objectives and Scope of Internal Audit
The objectives and scope of internal audit are enshrined within
the Internal Audit Charter (Appendix A). This latest version of
the Charter was approved by the Audit Committee on 12th
June 2007 and was in place during 2007/8. The Charter
defines the scope, roles, and responsibilities of the function.
Salford City Council
4. Summary of Our Audit Methodology
In determining an Audit Plan, Internal Audit assesses the level
of risk relating to the systems identified within each
Directorate. Key indicators are used to identify priorities such
as CAA, ISAs, budget, etc, and a scoring mechanism applied.
All of the processes are ranked in order of risk and compared
to available resources to produce an Audit Plan.
The Internal Audit Section utilises a risk-based approach to its
audit assignment, and it is this approach that forms the basis
of most of the reviews undertaken by the Section.
It has also been appropriate to utilise other techniques such as
systems based audits, analytical reviews, and flowcharting the
City Council’s major systems, which are recognised as
industry standard methodologies.
This flexibility has assisted Internal Audit in meeting new
challenges and the needs of our stakeholders.
The emphasis placed on Internal Audit’s role in reviewing
areas both financial and otherwise represents the industry’s
best practice.
The inclusion of non-financial processes, in addition to our
traditional review of financial systems, enables Internal Audit
to give an opinion on the adequacy of all systems of internal
control.
In accordance with the Code, the Internal Audit Charter will be
reviewed by the Audit Committee on an annual basis.
Page: 3
Internal Audit Annual Report 2007/8
Section B – Audit Opinion
5. Internal Audit’s Opinion on the Effectiveness of
Internal Control
On the basis of the systems reviewed and reported on by
Internal Audit during the year, and other sources of
information available to Internal Audit, it is felt that the
overall financial, operational, and strategic control
environment is of a good standard.
6. The Process of Arriving at the Opinion
Salford City Council

The effects of any significant changes in the Council’s
objectives or key systems

Matters arising from previous reports to the Audit
Committee

Any limitations which may have been placed on the scope
of Internal Audit

Matters of irregularity that have been investigated

Matters raised, and reports prepared, by other external
bodies such as the Audit Commission.
7. Summary of the Internal Audit Work Used to Inform the
Opinion on the Effectiveness of Internal Control
The overall opinion on the internal control environment is
based on Internal Audit’s assessment of the key management
arrangements and internal controls. This is the framework of
internal controls required to provide management with
confidence that the main processes put in place to achieve
business objectives are:
Customer & Support Services

Adequate and effective for their purpose

Free from material business risk, both financial and nonfinancial.
The Computer Audit Team focused their resources on
conducting a thorough review of the computer controls
underpinning the operation and security of the Authority’s
major financial systems.
In providing our opinion, it should be noted that assurance can
never be absolute and therefore, only reasonable assurance
can be provided that there are no major weaknesses within
these processes. In addition, whilst our opinion is largely
based on objective criteria, there will always be an element of
subjectivity in the final analysis.
Our opinion on the internal control environment of the Council
has been formulated by giving careful consideration to:

The findings of all audits undertaken during 2007/8 (see
below for summary

Any post implementation work undertaken in respect of
previous audit work
We found the major financial systems, such as Council Tax,
Council Tax and Housing Benefits, and Payroll to be
adequately controlled. Our testing found no indication of
material misstatement.
Community, Health and Social Care
The Community Health and Social Care directorate has
continued to build strong working relationships with bodies
outside the Authority. As a result, our audit work focused not
only on the directorate but also on its relationships with
external bodies; such as the soft partnership with the Salford
Link Translation Service.
In respect of Adult Safeguarding, Adult Placements (Learning
Difficulties), and Salford Women’s Aid, our review found a
number of weaknesses in the systems of control which
resulted in recommendations being made to redress these
issues.
Page: 4
Internal Audit Annual Report 2007/8
Salford City Council
Children’s Services
Environment
The control environment in Salford’s schools has continued to
improve with many examples of good practice being identified.
Where weaknesses were identified, agreement was made
regarding appropriate recommendations.
A review of the Licensing Service was undertaken due to
changes in legislation, and no significant matters were found.
In addition, a follow-up of the recommendations raised in the
previous year relating to Grounds Maintenance Asset
Management and the Parks Management Fee, found that
good progress has been made in implementing our
recommendations.
One major change for this financial year was the need for 40%
of Salford’s primary schools to meet the Financial
Management Standard for Schools (FMSIS) by 31st March
2008. Internal audit were involved in briefing headteachers,
bursars and Governors about the standard and in assessing
compliance with the standard. We are pleased to conclude
that all but one of the primary schools assessed have met the
Standard. The remaining school is working towards
achievement of the Standard. In addition to the FMSiS
assessments, an internal audit review was also undertaken of
each of these schools. The results of the reviews show a
steady improvement of the schools’ control environments.
Where weaknesses were identified, action plans have been
established to address the concerns.
During the financial year, we also visited 8 high schools. The
visits confirmed that these schools had an adequate control
environment, as no significant issues were raised.
Internal Audit provided assistance regarding auditing the
implementation of the Building Schools for the Future
programme in the City, with a view to providing assurance
regarding the governance and monitoring arrangements for
the project. Internal Audit also facilitated a risk management
workshop to identify the potential risks the Council faces with
such a project.
Additional work was undertaken in the Youth Service and the
pilot implementation of Purchasing Cards in schools. Our work
revealed a number of weaknesses in the systems of control
which resulted in recommendations being made.
Chief Executives
Audit work in this directorate focused mainly on the control
environment surrounding various different grant funding
initiatives. It is increasingly the case that Internal and not
External Audit are required to give assurance to the funding
bodies that monies have been properly accounted for and
spent fairly in relation to the objectives for the funding.
In addition, we followed-up on recommendations made last
year regarding document retention within the European
Regional Development Fund. We found that the issues raised
have now been addressed.
Housing & Planning (including Urban Vision and NPHL)
Partnerships are an important area for Housing and Planning,
and Internal Audit has been involved in advising on the types
of controls that need to be put in place to build a strong client
side for our major strategic partnerships. This work is ongoing
and will continue to be a high risk area for the Council.
A review was undertaken of the Housing Market Renewal
Relocation Assistance. The audit highlighted several issues,
which the Directorate is currently working to resolve.
A review was also conducted regarding the Housing Market
Renewal Fund, and the provision of an audit statement for the
expenditure. Controls in this area were found to be good.
Page: 5
Internal Audit Annual Report 2007/8
Salford City Council
8. Issues Particularly Relevant to the Preparation of the
Council’s Annual Governance Statement
Irregularity
Internal Audit is responsible for undertaking irregularity work
within the Council.
No matters materially relevant to the preparation of the
Council’s Annual Governance Statement have come to our
attention during 2007/08.
Referrals were made, in the main, regarding fraud and theft
matters, and computer misuse. Where Internal Audit has
identified remedial action, management have strengthened
internal controls.
The Council has an Investigation Panel comprising the:

Strategic Director of Customer and Support Services

City Solicitor (the Monitoring Officer)

City Treasurer (Section 151 Officer)

Head of Human Resources

Assistant Director, Audit & Consultancy Services.
The Panel receives progress reports on all cases referred to
Internal Audit on a monthly basis, monitors progress in each
case, reviews the appropriateness of actions taken, and
advises on further courses of action.
Cases that have been referred to directorates for internal
investigation are also reported to the Panel, in order that a
comprehensive view can be taken to ensure consistency in the
robust application of the Anti-Fraud and Anti-Corruption
Strategy.
Matters that are under the jurisdiction of the Head of Human
Resources are also reported to the Panel. These matters are
monitored for progress and action, in order to safeguard the
Council’s interests.
No irregularity matters have come to the attention of internal
audit that indicate a material weakness in the Authority’s
control environment.
Page: 6
Internal Audit Annual Report 2007/8
Salford City Council
Section C – Internal Audit Performance
The average number of days taken from receipt of the
management responses to issuing the final report:
9. Other Key Performance Information
Target for 2007/8
Performance indicators have been established that
demonstrate Audit’s efficiency and effectiveness.
10
Achieved in 2007/8
0
Achievement of annual audit plan, average chargeable audit
days achieved per auditor:
Target for 2007/8
2
4
6
8
10
12
The percentage of % of audit recommendations accepted by
the client:
180
Achieved in 2007/8
2
184
Target for 2007/8
0
20
40
60
90%
80 100 120 140 160 180 200
Achieved in 2007/8
The average number of days taken from completion of the
audit fieldwork to issuing the draft report:
Target for 2007/8
0%
8
0
2
4
6
8
10
20%
40%
60%
80%
100%
10. Quality Assurance
10
Achieved in 2007/8
99%
12
Internal Audit’s aim is to provide a service that not only meets
the Council’s needs, but also maintains consistently high
standards. This is achieved through the following internal
processes:

The Audit Plan is submitted to Members of the Audit
Committee for approval of an appropriate level of
assurance

Regular reviews of progress towards delivering the Plan
are made through the year via the Audit Committee
Page: 7
Internal Audit Annual Report 2007/8
Salford City Council

A tailored audit approach, using a defined methodology
and audit manual are used in undertaking audit
assignments

The use of suitably qualified and experienced auditors

A systematic review process ensures that all reports are
reviewed by senior audit staff at each reporting stage

Monitoring performance against targets

The use of Quality Control Questionnaires following the
audit assignment, to ascertain clients’ degree of
satisfaction with the service in respect of
consultation/approach, management of the audit, the audit
report, and any other feedback.
11. Compliance with the CIPFA Code of Practice for
Internal Audit in Local Government (2006)
In order to objectively self-assess the current position and
performance of Internal Audit, a review has been conducted to
assess compliance against the CIPFA code.
The results were very positive and reflect the actions taken
after the self-assessment performed for the Annual Report for
the year 2006/7.
Compliance and actions taken in each area are outlined
below:
Area covered
Scope of
Internal Audit
Questionnaires require ratings on scales of 1 to 5. Of the
questionnaires returned by clients in 2007/08, 42%
reported the provision of an excellent service, and 49%
provided a rating of between 4 and 5, ie good.
Independence
Ethics
Audit
Committee
6%
Poor 1/5
Below Average 2/5
42%
Satisfactory 3/5
49%
Good 4/5
Excellent 5/5
Page: 8
Score Score
2007 2008
68%
100%
100%
100%
100%
Action taken in
2007/8
Audit Charter
was updated
in June 2007
and will be
reviewed
annually.
Audit
Committee
performed its
first annual
review of
effectiveness
in October
2007. This will
be repeated in
2008.
Action
required
Audit
Charter
Annual
review
Audit
Committee
Annual
Review
due
October
2008
Internal Audit Annual Report 2007/8
Area covered
Relationships
Score Score
2007 2008
100%
Staffing,
Training and
Continuing
Professional
Development
Audit strategy
and planning
100%
62%
100%
Undertaking
Audit Work
Due
Professional
Care
100%
100%
100%
100%
Action taken in
2007/8
A formal
written
protocol for
Internal Audit’s
relationship
with the Audit
Commission
as external
auditors has
been drawn
up.
Salford City Council
Action
required
Area covered
Reporting
100%
Performance
and
Effectiveness
Strategy
document
produced as
part of the
Audit Planning
process for
2007/8.
Score Score
2007 2008
97%
100%
93%
100%
Action taken in
2007/8
Standard Audit
Terms of
Reference
now states
that risk
registers
should be
updated as a
result of audit
work
performed
Galileo Audit
software
system
implemented
Action
required
April 2008
See below
In addition to the Self-assessment performed above, the Audit
Commission are currently performing their tri-annual review of
Internal Audit. The Audit Commission methodology is also
review the system of Internal Audit against the CIPFA Code of
Practise. At the time of writing this report their field work is
substantially complete and we have been given permission to
share the early feedback that their review hasn’t, at this stage,
identified any significant issues.
Page: 9
Internal Audit Annual Report 2007/8
Salford City Council
12. Development Plans for 2007/8
As part of our target to aim for continuous improvement within
the Internal Audit Service we have a number of key
developments planned for 2008/9:

To continue to review and update the standards and
documentation of Internal Audit and the Audit
Committee to ensure continuing compliance with the
Code.

To continue to work closely with the Audit Commission
including finishing off the joint audit work in the area of
Partnerships which we began in 2007/8.

To continue to develop and implement Galileo, the new
web-based internal audit system and to further develop
working practises to ensure that maximum efficiencies
are achieved from the implementation.
Page: 10
Internal Audit Annual Report 2007/8
Salford City Council
Internal Audit Charter
Introduction
This charter defines the scope, roles, and responsibilities of the internal audit
function. It has been adopted by the Audit Committee and is the statement that
underpins the professional relationship with the City Council.
STATUTORY ROLE
Internal Audit is a statutory service in the context of the Accounts and Audit
regulations 2003 (as amended), which state that:
A relevant body shall maintain an adequate and effective system of internal audit of
its accounting records and of its system of internal control in accordance with the
proper internal audit practices, and any officer or member of that body shall, if the
body requires (a) make available such documents of the body which relate to its accounting
and other records as appear to that body to be necessary for the purpose of
the audit; and
(b) supply the body with such information and explanation as that body
considers necessary for that purpose.
Internal Audit Standards
The guidance accompanying the legislation states that, for local authorities, proper
internal control practice for internal audit are those contained within the CIPFA Code
of Practice for internal audit in the United Kingdom (2006) (the Code). Salford City
Council has formally accepted the code as the basis for the professional standards
for Internal Audit.
The Code provides guidance on the objectives, scope, and working arrangements of
a local authority internal audit service.
Definition of Internal Audit
The Code gives the following definition of internal audit:
“Internal audit is an assurance function that provides an independent and objective
opinion to the organisation on the control environment, by evaluating its effectiveness
in achieving the organisation’s objectives. It objectively examines, evaluates, and
reports on the adequacy of the control environment as a contribution to the proper,
economic, efficient and effective use of resources.”
Scope of Internal Audit
The scope for Internal Audit is ‘the control environment comprising risk management,
control and governance’. This means that the scope of Internal Audit includes all of
the Council’s operations, resources, services, and responsibilities in relation to other
bodies. This description shows the very wide potential scope of Internal Audit work.
In order to turn this generic description into actual subjects for audit, the Head of
Salford
Internal Audit Annual Report 2007/8
Internal Audit uses a Risk Assessment Method, which allows all high-risk subjects to
be identified. Although this process inevitably identifies the Council’s fundamental
financial systems as being ‘high risk’, Internal Audit also identifies other non-financial
systems and functions as important areas for review.
The skills of the internal audit team are such that, from time to time, the development
of the Authority’s control environment can benefit from some of their time being spent
on internal consultancy and advice. This is regarded as being within the scope of
internal audit providing that the independence of the audit staff from functional
responsibility is maintained.
The Internal Audit team will provide support for the Authority’s Anti-Fraud and AntiCorruption Policy and will investigate significant matters that are reported to them.
Via the Investigations Panel, the Head of Internal Audit will ensure that she is aware
of all serious suspected or detected fraud so that she can consider the adequacy of
the relevant controls for her opinion on the internal control environment.
Reporting lines and Relationships
Internal Audit sits within the Customer and Support Services Directorate. On an
administrative level, the Head of Internal Audit reports via the Assistant Director of
Audit and Risk Management, to the S151 Officer (Head of Finance) and the
Monitoring Officer (Strategic Director of Customer and Support Services).
The Head of Internal Audit reports quarterly to the Audit Committee who approve the
Internal Audit plans. The Audit Committee reviews the adequacy of internal audit, the
scope and nature of its work and receives and reviews its reports. Internal Audit has
open access to the Chairman and Members of the Audit Committee.
Rights of Access to Information
Internal Audit has the right to access all records, assets, personnel and premises,
including those of partner organisations, and of Salford City Council in order to obtain
such information and explanations, as it considers necessary to fulfil its
responsibilities.
Independence and accountability
Internal Audit will remain sufficiently independent of the activities that it audits to
enable auditors to perform their duties in a manner that facilitates impartial and
effective professional judgements and recommendations. Internal auditors have no
operational responsibilities.
Internal Audit is involved in the determination of its priorities in consultation with
those charged with governance. The Head of Internal Audit has direct access and
freedom to report in her own name and, without fear or favour, to all officers and
members and particularly to those charged with governance.
Accountability for the response to the advice and recommendation of Internal Audit
lies with management, who either accept and implement the advice or formally reject
it.
Salford
Internal Audit Annual Report 2007/8
Internal Audit Resources
Internal Audit must be appropriately staffed in terms of numbers, grades, qualification
levels and experience, having regard to its objectives and to the risk level within the
Authority. Internal Auditors need to be properly trained to fulfil their responsibilities
and should maintain their professional competence through an appropriate ongoing
development programme.
The Head of Internal Audit is responsible for appointing the staff of the Internal Audit
Section and will ensure that appointments are made in order to achieve the
appropriate mix of qualifications, experience and audit skills. The Section maintains
an annually updated Training and Development Plan that sets out an ongoing
development programme for Internal Audit staff.
The Head of Internal Audit is responsible for ensuring that the resources of the
Internal Audit Section are sufficient to meet its responsibilities and achieve its
objectives. If a situation arose whereby she concluded that resources were
insufficient, she must formally report this to the Section 151 Officer, the Chief
Executive and, if the position is not resolved, to the Audit Committee.
Responsibilities and Objectives of Internal Audit
The responsibilities and objectives of Internal Audit are to: 







Independently review and appraise systems of control throughout the City
Council, and its activities
Ascertain the extent of compliance with procedures, policies, regulations and
legislation
Provide reassurance to management that their agreed policies are being
carried out effectively
Facilitate good practice in managing risks
Recommend improvements in control, performance and productivity in
achieving corporate objectives
Review the value for money processes, Best Value arrangements, systems,
and units within the City Council
Work in partnership with the external auditors
Identify fraud as a consequence of its reviews and to deter crime.
These activities will all combine to assist the Head of Internal Audit in her production
of an annual report and annual audit opinion on the Authority’s control environment.
Related Documents





Anti-Fraud and Anti-Corruption Strategy
Whistle-Blowing Policy
Risk Management Strategy
Members’ Code of Conduct
Officers’ Code of Conduct
Salford