AUDIT AND RISK MANAGEMENT
SCRUTINY COMMITTEE – 7TH SEPTEMBER 2004
Report of the Head of Financial Services
ITEM 7 STRATEGIC AUDIT PLAN –2003/04 to 2005/06
AUDIT AREAS – HIGH, MEDIUM OR LOW RISK
Purpose of the Report
The Committee, at the last meeting on July 6 th 2004 requested this report. Min.12
(3)
Recommendations
It is recommended that the Committee note the report and make comments as necessary
Background
A report was presented to the Audit and Risk Management Scrutiny Committee on
July 6 th providing details of the Strategic and Operational Audit Plan. However, the
Strategic Plan was shown in summarised form which did not provide full details of how the Risk Category had been ascertained for each audit area.
This report now addresses that issue.
Risk Based Audit
Some years ago audit was more transaction based and the major part of audit involvement centred on checking the daily routine functions of the Council rather than reviewing the systems and internal control mechanisms.
This is in turn being replaced by an even more sophisticated model of the Risk Based
Internal Auditing which focuses on the appropriate objectives of the organisation and whether there are adequate processes in place to identify, assess and manage the risks that impact on the achievement of these objectives.
However, the model used by Internal Audit in Charnwood uses a methodology to assess the frequency of audit required for each area of activity that involves the use of financial resources of the Council.
Detailed Calculation
Appendix 1 lists all the areas that the Council undertakes as at 2002/03. These are all given a range of measurements which are listed on Appendix 2, together with their weightings.
From this each one will have a total score and will fall into a category of high, medium or low, which will show the frequency of the need to undertake the audit.
An example is Salaries and Wages
Table 1
Factor Points
Value
Volume
5
3
3
3
Score
15
9
Reason
Over £14m involved
Volume 10K to 100K
Internal
Control
Cash Risk
1
1
5
5
5
5
Good internal procedures and division of duties
No cash involved
Stability
Complexity
Sensitivity
No of sites
1
5
5
1
3
3
4
2
3
15
20
2
System stable and staff not changed
Complex area with many rules
Payroll is a sensitive area of work
One office for payroll
Last Audit 1 1
Total
1 Audited each year.
75
The above score would then indicate that Salaries and Wages was a high risk and requires auditing annually.
The remainder of the audit areas are dealt with in the same way and scored accordingly.
The strategic plan is designed for a three-year period. In the final year a new plan is made using the latest information of budgets and risks. However, flexibility is required should some event occur that dictates an amended frequency.
Subjectivity of Elements
From the details on Appendix 2 it will be clear that some of these are subjective in their selection and some may fall between the points available. A decision has to be made on a formulaic basis to avoid a complete subjective decision process and the above is followed by a number of Councils.
Conclusion
It is hoped that the above will show the process adopted to determine the level of risk category accorded to each audit area and from that the frequency of audit required.
Officer to Contact: I Geary
Direct Dial: 01509 634820
Ian.Geary@charnwoodbc.gov.uk
Background Papers: Audit Files from Internal Audit Team records
Code of Practice for Internal Audit in Local Government in the
United Kingd om