AGENDA ITEM 7
AUDIT PANEL
Friday, 12 December 2014, 10 a.m.
27th Floor, Empress State Building, Lillie Road, SW6 1TR
___________________________________________________________________
Directorate of Audit, Risk and Assurance
Progress Report
Report by: The Director of Audit, Risk and Assurance
___________________________________________________________________
1.
Report Summary
This report summarises the work carried out by the Directorate of Audit, Risk
and Assurance (DARA) in the third quarter of 2014/15 to date and the key
areas of activity planned for the fourth quarter. It also provides an assessment
of the effectiveness of the control framework for those reviews completed to
date.
2.
Recommendations – that the Audit Panel note:
a) DARA work undertaken in the third quarter to date and activity planned for
the fourth quarter.
b) Adequacy of control framework for those reviews concluded to date.
3.
Supporting Information
Third Quarter Activity 2014/15
3.1 Eighteen reports (including two advisory reports) have been finalised since the
last meeting of the Panel with a further 14 reviews at draft report stage and six
in progress. The overall opinion, effective areas of control, risk and control
issues identified and progress made in implementing agreed actions for each
final report issued this quarter, are highlighted in Appendix 1. Systems
development and counterfraud activity for the quarter are also highlighted.
3.2 Significant reviews at draft report include Tasking Intelligence, Retention of
Biometric Data, Incidents Recording Framework and the follow up review of the
Crime Recording Framework.
3.3 Systems development work included advising on the recovery of potential
salary overpayments in Met Central Communications, this work has informed
the Workforce Data review currently at draft report stage. DARA continue to
provide advice on Facilities Management outsourcing with a member of the
81
AGENDA ITEM 7
DARA team receiving a Commissioner’s Commendation for his role in the
project DARA continued to advise the MOPAC 20:20:20 Criminal Justice and
Police Boards and on the further development of the MOPAC risk management
framework.
3.4 The Counter Fraud team have taken on 40 new investigations since April 2014
and 30 have been concluded with referrals to the Directorate of
Professionalism, local senior management teams and one to an outside police
force. The fraud loss measurement exercise on the payment of invoices, which
involves taking a statistically valid sample of invoices and identifying whether
fraud and/or error is present, has concluded, and two issues from this review
are under investigation. Proactive tests on gifts and hospitality raised no
significant issues and identified some good practice. A review into mobile
phone asset tracking continues.
3.5 The Audit Commission published its latest and final edition of Protecting the
Public Purse 2014 Fighting Fraud against Local Government prior to its closure
at the end of March 2015. This final edition has concentrated on the landscape
of fraud against councils and how this has changed since 1990. There are
sections of the report that are applicable to MOPAC/MPS in particular the
recommended checklist items which are designed for organisations to check
they have effective arrangements in place for reporting and recording fraud.
The areas relevant to MOPAC/MPS include grants, procurement, whistleblowing arrangements and raising awareness of fraud risks. This health check
will be carried out in conjunction with fraud prevention/detection activity that is
planned for the next quarter.
MOPAC and MPS Internal Control and Governance Frameworks
3.6 The assurance ratings for those final reports issued this year to date are
summarised as follows:
Risk Based
Reviews
2
Risk Based
Reviews %
14%
Adequate
8
57%
11
74%
Limited
4
29%
2
13%
No Assurance
0
0%
0
0%
Total
14
100%
15
100%
Rating
Substantial
Follow Up
Reviews
2
Follow Up
Reviews %
13%
3.7 At its meeting in September MPS Management Board Assurance considered a
number of high risk areas of the business given a limited assurance rating. A
programme of work was agreed to ensure the issues identified are
appropriately addressed and the necessary improvement made. Progress
made for those audit reviews concluded since January 2014 was considered
by Management Board Assurance at its meeting in early December, along with
an update on significant work programmes to address audit findings, including
82
AGENDA ITEM 7
those relating to Crime Data integrity and Business Continuity. This is reported
as separate item on the Panel’s agenda.
3.8 The respective MOPAC and MPS Governance Improvement Plans submitted to
this meeting of the Panel, detail the action being taken at a strategic level to
address key areas of improvement identified by senior management and
informed by DARA review activity. Key areas include the development of the
strategic governance framework, improving financial control and the integration
of the Total Technology Programme with the overall programme of change.
MOPAC continue to develop and improve the framework for exercising
oversight of the MPS and for managing key risks to the delivery of the Police
and Crime Plan.
Fourth Quarter 2014/15 Planned Activity
3.9 In the fourth quarter DARA intend to finalise those reports that are currently at
draft stage and to report on those reviews planned and in progress. Key audits
commencing include; Total Professionalism Programme, Capital Programme
Control Framework, Implementation and Deployment of Mobile Devices and
material systems assurance. Follow up reviews include; Open Source
Intelligence Gathering, Strategic Planning for Training and Vehicle Fleet
Maintenance.
3.10 The protocol between DARA and the MPS which aims to facilitate effective
engagement and define respective accountabilities and roles and
responsibilities has been drafted and is before this Panel at Agenda item 8 for
approval.
3.11 Planning is about to commence for the 2015/16 Audit Plan and will be
undertaken in consultation with MPS Management Board members supported
by the Head of Risk and Assurance. In drawing up the plan DARA will take
account of corporate and business group level assessment of risk; MPS risk
appetite, the level of risk maturity, improvement opportunities and DARA
assessment of risk. The MPS will provide DARA with corporate and directorate
level assessment of risk and other significant corporate documents such as
supporting strategies. The Plan will take account of anticipated inspections by
other bodies such as HMIC and the MPS external auditor, other sources of
assurance from the current audit year, and will form part of an overall
Assurance Plan.
DARA Performance
3.12 DARA are on course to complete 90% of the risk reviews to draft report stage
by the end of the year in line with the agreed target, and those follow up audits
that are due for completion in year. A total of 69% of risk reviews are at report
stage, 10% in progress and 21% are being scoped for fieldwork to commence
in the fourth quarter as planned. Appendix 2 highlights the progress made and
confirms there have been no significant changes to the Plan this quarter.
3.13 Audit Productivity is at 83% exceeding the target of 75% and audit time has
been spent broadly as planned although less time has been spent on analytical
review activity.
83
AGENDA ITEM 7
4.
Equality and Diversity Impact
The MOPAC and MPS commitments to equality and diversity are considered in
all DARA activity. The DARA work plan is designed to provide as wide a range
of coverage of MOPAC and the MPS as is possible and practicable.
5.
Financial Implications
There are no direct financial implications arising from this report. There is a risk
of loss, fraud, waste and inefficiency if agreed management actions as a result
of audit activity are not effectively implemented. Savings and recoveries made
enable funds to be better directed towards core policing activities.
6.
Legal Implications
There are no direct legal implications arising from the report.
7.
Risk Implications
There are no direct risk implications arising from this report. Completion of the
DARA work programme enables the Director to conclude on the effectiveness
of the MOPAC and MPS risk management frameworks.
8.
Contact Details
Report author: Julie Norgrove, Director of Audit, Risk and Assurance
email: julie.norgrove@mopac.london.gov.uk tel: 020 7161 2464
9.
Appendices and Background Papers
Appendix 1 – Summary of DARA Activity Quarter 3
Appendix 2 – DARA Planned Activity Progress Update
84