Accounting System Internal Audit Report 2010/11.

advertisement

CORPORATE CENTRE

AUDIT, PERFORMANCE & PARTNERSHIPS DEPARTMENT

FINAL INTERNAL AUDIT REPORT

MAIN ACCOUNTING SYSTEM REVIEW 2010-11

AUDITORS: D.GRIFFITHS

MARCH 2011

Table of Contents

Area of Report

1.0 Introduction

2.0 Background

3.0 Scope and Objectives

4.0 Methodology

5.0 Findings

6.0 Conclusion

7.0 Recommendations

Appendices

Detailed Findings

Action Plan

Previous Report Recommendations

Control Evaluation

Page Number

1

1

1

3

3

4

5

Appendix A

Appendix B

Appendix C

Appendix D

1.0 Introduction

1.1 As part of the audit plan for 2010-11 a system review was undertaken of the Main Accounting System. The review also incorporated feeder system controls that were not part of the previous year’s audit.

1.2 The system was examined a CIPFA audit matrix to test the controls that should be in place within the Authority.

1.3 Sample testing was conducted for the 2010/11 financial year.

1.4 Acknowledgement is given to the staff concerned for their help and assistance during the course of the audit.

1.5 Copies of this report have been sent to the Group Accountant and the

Chief Finance Officer. A copy may also be passed to the Audit Committee for them to monitor/comment upon recommendations made and accepted.

1.6 The report is addressed to appropriate Councillors and Officers and may contain confidential and/or privileged material. Any review, reproduction, external distribution, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the

Authority is prohibited.

2.0 Background

2.1 The Council uses Agresso as its Financial System. This is an integrated system that comprises general ledger; accounts payable; and accounts receivable modules. Access to the system is set within the Accountancy

Service, and users can be set up with limited access dependent on the individual’s roles and responsibilities.

2.2 The Agresso system was set up in line with CIPFA's Best Value

Accounting Code of Practice (BVACOP). All financial transactions are allocated to an account code, cost centre and BVACOP reference.

3.0 Scope and Objectives

3.1 The objective of the audit was to evaluate the system with a view to delivering reasonable assurance to the Authority over the adequacy of the internal control environment. This is defined as the whole system of controls, established by management, which help to ensure the achievement of objectives, economy and efficiency, compliance with policies and procedures, safeguarding of assets and the integrity and reliability of information.

Merthyr Tydfil County Borough Council 13/05/2011

Internal Audit Service 1 of 5 Main Accounting 2010-11

3.2 The system has been evaluated against the following control objectives:

CASH BANK BALANCES

There should be documentary evidence to prove the total net cash balance shown on the consolidated balance sheet.

CODING STRUCTURE

All codes set up should be authorised.

All codes should be documented adequately.

All relevant records within FIS should be updated with details of all financial transactions.

All coding transactions should be initiated and recorded promptly.

All transactions should be allocated to valid codes.

GENERAL

The main accounting system should provide complete and accurate data for the production and publication of the annual accounts and financial returns required by, for example, government departments, agencies and regulatory bodies.

The main financial system should be operated in accordance with standing orders and financial regulations.

JOURNAL ENTRIES YEAR END PROCEDURES

All direct input to FIS should be authorised.

Information input to FIS should be complete.

Transactions within FIS are coded and calculated correctly.

Balances at the end of the financial year are brought forward promptly into the following year’s accounts in the correct amounts and to the correct accounts.

Transactions should be initiated and recorded promptly.

The output from FIS should be presented correctly in the organisation’s final accounts.

All records should be protected against loss or unauthorised access.

FEEDER SYSTEM

All data received from feeder systems should be authorised.

All relevant FIS records should be updated to record all transactions.

All transactions recorded in feeder systems are transferred completely and accurately to the main accounting system.

All transactions shown in FIS are accurate and appropriate.

Merthyr Tydfil County Borough Council 13/05/2011

Internal Audit Service 2 of 5 Main Accounting 2010-11

4.0 Methodology

4.1 The audit was undertaken using a risk-based auditing methodology.

Actual controls were evaluated against the expected controls within each control objective. A risk assessment of the individual controls under each control objective was undertaken and the level of testing decided upon.

The system evaluation and the results of compliance testing were then used as the basis on which to draw conclusions and to form an opinion on the overall effectiveness and adequacy of the internal control environment.

4.2 Recommendations made in the previous internal audit report were also examined to establish if they had been acted upon.

5.0 Findings

5.1 The detailed findings of the audit are included as Appendix A.

5.2 The previous audit report made 10 recommendations all of which were accepted by management. The previous recommendation priorities were:

6 priority 2;

4 priority 3.

5.3 The Internal Audit Service has established that:

1 had been implemented (1 priority 2);

1 had been partly implemented (1 priority 2); and

8 had not been implemented (4 priority 2, 4 priority 3)

Details of the previous recommendations made are included as Appendix

B.

Merthyr Tydfil County Borough Council 13/05/2011

Internal Audit Service 3 of 5 Main Accounting 2010-11

6.0 Conclusion

System of Internal Control

6.1 The system of internal control applied has been graded “B” – Good.

There is a sound system of internal control designed to achieve the system/Authority or establishment objective(s).

Testing Opinion

6.2 The assessment of compliance with established controls has been graded

“B” – Good. The controls are being consistently applied with a small number of minor errors identified.

Overall Opinion on Internal Control Environment

6.3 The overall conclusion is that the internal control environment is graded

“B” - Good. Details of the evaluation of each objective are listed in

Appendix C.

Merthyr Tydfil County Borough Council 13/05/2011

Internal Audit Service 4 of 5 Main Accounting 2010-11

7.0 Recommendations

7.1 Details of the recommendations are shown in the action plan attached as

Appendix D.

Summary of Recommendations

7.2 The review made 12 recommendations that are categorised on the following basis:

Priority Category Definition No. Of

Recs

1 Mandatory

- Urgent

0

2

3

Mandatory

- Less Urgent

Best Practice / Other

Recommendations

Action is imperative to ensure that the objectives for the area under review are met.

Requires action to avoid exposure to significant risks in achieving the objectives for the area under review.

Action is advised to enhance control or improve operational efficiency.

1

11

Risk may be viewed as the chance, or probability, of one or more of the

Authority’s objectives not being met. It refers both to unwanted outcomes that may arise, and to the potential failure to realise desired results.

Management agreed to the implementation of all 12 recommendations.

Merthyr Tydfil County Borough Council 13/05/2011

Internal Audit Service 5 of 5 Main Accounting 2010-11

Audit conclusions are graded using the following grading structure:

Main Accounting System Review 2010-11 -

Control Evaluation

LEVEL OF CONTROL

VERY GOOD

GOOD

SATISFACTORY

UNSATISFACTORY

POOR

GRADE

A

B

C

D

E

EVALUATION OF SYSTEM OF INTERNAL

CONTROL OPINION

There is a sound system of internal control designed to achieve the Authority's strategic aims.

There is a sound system of internal control designed to achieve the system/Authority or establishment objective(s).

While there is basically a sound system of control, there are weaknesses, which put some of the System's/Authority's or establishment objectives at risk.

Weaknesses in the system of controls are such as to put the System's/Authority's or establishment objectives at risk.

Control is generally weak leaving the

System/Authority or establishment open to significant risks.

GRADE

A

B

C

D

E errors identified.

TESTING OPINION

The controls are being consistently applied with no errors identified.

The controls are being consistently applied with a small number of minor

There is evidence that the level of non-compliance with some of the controls may put some of the system's objectives at risk/may leave the

Authority or establishment open to risk.

The level of non-compliance puts the system's objectives/Authority or establishment at risk.

Significant non-compliance with basic controls leaves the

System/Authority or establishment open to error or abuse.

Risk may be viewed as chance, or probability, of one or more of the Authority's objectives not being met. It refers to both unwanted outcomes that may arise, and to the potential failure to realise desired results.

OVERALL OPINION ON THE INTERNAL CONTROL ENVIRONMENT

On completion of the audit the auditor will need to provide an evaluation opinion and a testing opinion, both these opinions will then be used to formulate an overall opinion of the system/establishment/area etc audited. The overall opinion will be formulated and arrived at by using the lower of either the evaluation opinion or testing opinion.

Conclusion for Main Accounting System Review 2010-11 Overall Evaluation

The system of internal control applied has been graded Good. There is a sound system of internal control designed to achieve the system/Authority or establishment objective(s).

The assessment of compliance with established controls has been graded Good. The controls are being consistently applied with a small number of minor errors identified.

Therefore the overall conclusion is that the internal control environment is graded Good.

Appendix C

Page 1 of 5

AREA OF AUDIT

CASH BANK BALANCES

1 There should be documentary evidence to prove the total net cash balance shown on the consolidated balance sheet.

CODING STRUCTURE

2 All codes set up should be authorised.

Main Accounting System Review 2010-11 -

Control Evaluation

CONTROL

GRADE

TEST

GRADE

OVERALL

GRADE

A

C

A

D

A

D

REASONS

Monthly reconciliations between bank accounts and financial ledger totals are undertaken. Documentation is retained that supports the cash balance reported in the balance sheet.

Only selected users have been given access to create codes, but on examination of the Agresso system we found that there were more users other than those expected by the Accountancy Team leader who are able to create new codes. The Accountancy Service Manager does not periodically confirm the access rights of Accountancy staff user access.

3

4

5

All codes should be documented adequately.

All relevant records within FIS should be updated with details of all financial transactions.

All coding transactions should be initiated and recorded promptly.

C

A

A

C

A

A

C

A

A

An Audit user id, with enquiry only access was able to input a new code.

Whilst Agresso maintains an up to date code list, the intranet codebook has not been updated since 2006.

Accounting items are routed to appropriate heads in the main accounting system by way of a valid financial code.

Only valid codes will be accepted by the Agresso system. Invalid codes identified by feeder systems are not accepted by Agresso. A report identifies invalid codes contained within feeder system upload files and these are investigated and corrected by the Finance Administrative

Assistant. Codes are rectified promptly to meet timetable requirements.

6 All transactions should be allocated to valid codes.

7

GENERAL

The main accounting system should provide complete and accurate data for the production and publication of the annual accounts and financial returns required by, for example, government departments, agencies and regulatory bodies.

A

A

A

A

A

A

The Agresso system will only accept valid codes.

The Agresso system is set up meet statutory accounting practices.

Final accounts are prepared in accordance with the Local Authority accounting Statement of Recommended Practice (SORP) issued by

CIPFA.

The Agresso system provides information on revenue and capital accounts, and balance sheet items.

Appendix C

Page 2 of 5

8 The main financial system should be operated in

9

10

11

12 Balances at the end of the financial year are brought forward promptly into the following year’s accounts in the correct amounts and to the correct accounts.

13

AREA OF AUDIT accordance with standing orders and financial regulations.

JOURNAL ENTRIES YEAR END PROCEDURES

All direct input to FIS should be authorised.

Information input to FIS should be complete.

Transactions within FIS are coded and calculated correctly.

Transactions should be initiated and recorded promptly.

Main Accounting System Review 2010-11 -

Control Evaluation

CONTROL

GRADE

A

TEST

GRADE

A

OVERALL

GRADE

A

REASONS

Financial procedure rules dictate that the Director of Finance is responsible for the form of accounts and supporting financial records, and

Agresso controls ensure that valid codes must be entered when recording income and expenditure for either revenue or capital transactions.

The Director of Finance reported the audited statement of accounts for the financial year 2009/2010 to Council in accordance with legislative timescales.

B A

B

B

B

A

A

A

A

A

B

B

B

B

A

Journal transactions can only be performed by authorised users. System records identify who has actioned the journal transaction and provide an explanation for the transaction. Journal transactions are not cross referenced to requests received via email and there is no management check to ensure that journals are proper and correct.

Journals contain adequate detail to support the posting.

The Agresso system will not allow imbalanced journals to be posted unless the journal is part of a batch upload, imbalances are posted to an error account where they are monitored and cleared. From the sample of

20 journals examined 19 out of 20 balanced, 1 was £0.04 out but this was allocated to the error account.

In aggregate the value of the posted journal has to balance back to zero.

The spreadsheet used to populate brought forward balances is generated from Agresso. There is an automatic roll forward function within Agresso which at present is not utilised.

Closure of accounts is timetabled and accounts are produced in line with the Accounts and Audit Regulations timescales.

The error holding account is monitored and always cleared at year end.

Appendix C

Page 3 of 5

AREA OF AUDIT

14 The output from FIS should be presented correctly in the organisation’s final accounts.

Main Accounting System Review 2010-11 -

Control Evaluation

CONTROL

GRADE

B

TEST

GRADE

B

OVERALL

GRADE

B

REASONS

There is a closure of accounts timetable that details work required for closure and there is also a file that contains the working papers required by the external auditors.

15 All records should be protected against loss or unauthorised access.

C C C

The external auditors are satisfied with the closure file prepared by the

Accountancy Service, and the Statement of Accounts contains notes on the core financial statements, however issues discussed in progress meetings are not recorded.

The ability to perform journal transactions has been restricted to certain user groups on the Agresso system. It was found that there are staff other than those in the Accountancy Service that have access to the facility to perform journals transactions.

16

FEEDER SYSTEM

All data received from feeder systems should be authorised.

C C C

17

18

All relevant FIS records should be updated to record all transactions.

All transactions recorded in feeder systems are transferred completely and accurately to the main accounting system.

A

B

A

B

A

B

Only staff given access to batch input can upload files to Agresso, however there is no list of employees who are authorised to submit data for upload to the ledger and some files are uploaded without authorisation being required i.e. telephone bills.

Control totals are utilised to check the postings to the general ledger.

There is a check to ensure that the net amount posted to the ledger balances back to zero.

Whilst the subsidiary systems are utilised to produce control totals and these are used to check the value of the posting to the ledger, sometimes the contra entry on the control account is used as the reconciling figure and sometimes the total of debits posted is used as the reconciling figure.

Feeder files are uploaded promptly and imbalances are investigated and rectified.

Appendix C

Page 4 of 5

AREA OF AUDIT

19 All transactions shown in FIS are accurate and appropriate.

Previous Recommendations

OVERALL OPINION

Main Accounting System Review 2010-11 -

Control Evaluation

CONTROL

GRADE

B

TEST

GRADE

B

OVERALL

GRADE

B

REASONS

The Agresso system validates codes before allowing batch postings to be updated to the ledger.

B

D

B

D

B

Files cannot be uploaded if they contain coding errors, and imbalances on batches posted are allocated to an error account.

Whilst there is no requirement for an expenditure suspense account because the system will only accept valid codes, there is a requirement for an income suspense account code and currently unidentified income is allocated to a Council Tax account where it is investigated and allocated to the correct account.

Files could be uploaded to Agresso twice but this would require the file to be copied twice - this should be picked up by the Finance Administration

Assistant when updating the control sheet.

10 recommendations made (6 Priority 2 and 4 Priority 3). Our work identified that:

• 1 had been implemented (1 priority 2);

• 1 had been partly implemented (1 priority 2); and

• 8 had not been implemented (4 priority 2, 4 priority 3).

There is a sound system of internal control designed to achieve the system/Authority or establishment objective(s). The controls are being consistently applied with a small number of minor errors identified.

Appendix C

Page 5 of 5

Main Accounting System Review 2010-11 - Audit Action Plan

Recommendations are categorised on the following basis:

Priority / Key

1

Category

Mandatory - Urgent

Definition

Action is imperative to ensure that the objectives for the area under review are met.

2

3

Mandatory - Less

Urgent

Best Practice / Other

Recommendations

Requires action to avoid exposure to significant risks in achieving the objectives for the area under review.

Action is advised to enhance control or improve efficiency.

Key Rec No. Recommendation /Action

3 1

Title

Recommendation

3

3

2

3

Action

Recommendation

Action

Recommendation

Inspection Agency and Inspection/Audit Report Title

Main Accounting System Review 2010-11

Management checks should be undertaken on all application users including Accountancy

Service staff on a periodic basis to ensure that:

• they still require access;

• user access rights and permissions are correct, valid and appropriate; and

• the ability to create, amend and delete codes is restricted to authorised users.

Agree. Responsibility for this will be formally delegated to the Group Accountant when the

Accountancy Manager becomes the Chief Finance Officer on 1 April 201

Previous Report Recommendation (2009-10): The intranet version of the code book should be regularly reviewed and updated to reflect any changes.

Agree. It should be noted however that achievement of the recommendations may be compromised by two key staff being seconded for a minimum of eight weeks to work on the new purchase to pay system.

(Previous Recommendation 08/09, 09/10) Revised:

A more robust system should be introduced to ensure that journals performed can be traced back to the initial request received. To assist it is advised that a standard Agresso adjustment form should be introduced and used by service areas when requesting an adjustment and the

Accountancy Service Manager should consider whether all journals require the authorisation of the Service Accountant, or whether a management check of journals should be undertaken to ensure they are proper and correct.

Start Date

Action Agree. Service areas will be told that they must utilise the standard adjustment forms. Ability to perform journals will be reviewed as per recommendation 1. A quarterly report will be produced to ensure only authorised staff are performing journals, in addition budget monitoring will identify any issues over journals posted. Standard request forms will be cross referenced to the journal entry.

End Date

Jun-11

Jun-11

Sep-11

Appendix D - Page 1 of 3

Lead Officer

R. Williams

J.Howell

M.Hughes

R.Williams

Key Rec No. Recommendation /Action

3 4 Recommendation

3

3

3

3

3

5

6

7

8

9

Action

Recommendation

Action

Recommendation

Action

Recommendation

Action

Recommendation

Action

Recommendation

Action

Main Accounting System Review 2010-11 - Audit Action Plan

Inspection Agency and Inspection/Audit Report Title

(Previous Report Recommendation 2005/06 & 06/07 & 07/08 & 08/09, 09/10): To improve the efficiency of the process for bringing forward balances the Accountancy Service Manager should consider implementing the automatic roll-forward function within the Agresso system to remove the requirement for manual input of opening balances.

Agree. Resources permitting this will be trialled in the test environment first.

To enhance the existing evidence files it is advised that the closure of accounts progress meetings should be minuted to record the grounds on which decisions are made when closing accounts.

Agree.

To enhance existing controls regarding the upload of batch/feeder files management should provide the Finance Administration Assistant with a list of staff who can submit requests for uploads to the ledger, and internal authorisation should be given before the upload for files received direct from companies is actioned.

Agree.

Management should review the codes affected by feeder uploads to establish if the process can be made more efficient i.e. to avoid having to make adjustments to codes after files have been uploaded. Once the review has been conducted the Finance Administration Assistant should be informed of the figures to use when checking uploads i.e. whether to balance to a control account balance or to the total of credits and debits.

Agree. The Group Accountant will liaise with the Accounting Technician.

It is advised that management should review the current arrangements for controlling and administering suspense accounts. This should include:

• Conducting an appraisal of the use of a council tax account to establish if this is the most appropriate and efficient method of managing suspense account items;

• Reviewing the 13 cost centres and 3 account codes that are described as 'suspense' to establish if they are actual suspense accounts; and

• Ensuring that where suspense accounts are operated that they are subject to regular monitoring and clearance.

Agree. Current practice will be reviewed and if necessary a suspense code will be created to allocate payments.

Previous Recommendation (08/09, 09/10) Revised: Management should ascertain if it is possible to introduce a more efficient and robust method of preventing feeder files being uploaded more than once into the Agresso system e.g. process automation.

Agree. However duplicate postings would be identified as part of the budget monitoring regime.

Start Date

3 10 Recommendation

Action

Previous Recommendation (2009/10): Journal requests for movements between cost centres should only be actioned upon receipt of authorisation of the budget holders whose budgets are affected.

Agree. This will be addressed by use of standard request forms.

End Date

Oct-11

Immediate

Jun-11

Jun-11

Sep-11

Sep-11

Sep-11

Lead Officer

Adele Lewis & J.Howell

R.Williams

R.Williams

R.Williams & M.Hughes

R.Williams

R.Williams

R.Williams

Appendix D - Page 2 of 3

Key Rec No. Recommendation /Action

2 11 Recommendation

Main Accounting System Review 2010-11 - Audit Action Plan

Inspection Agency and Inspection/Audit Report Title

(Previous Report Recommendation 2005/06 & 06/07 & 07/08 & 08/09 & 09/10). (Revised)

System Administrators should be informed of the number of users permitted under the terms of the licence and ensure that current user numbers do not exceed this limit.

3 12

Action

Recommendation

Action

Agree. We will contact ICT to establish the terms of the licence.

(Previous Report Recommendation 2005/06 & 06/07 & 07/08 & 08/09 & 09/10). A mechanism should be put in place to ensure that the System Administrators are notified promptly of all leavers.

Agree. We will contact Payroll to see if a list of leavers can be provided.

Start Date End Date

Jun-11

Jun-11

Lead Officer

R.Williams

R.Williams.

Appendix D - Page 3 of 3

Download