Chief Auditors Annual Report

BOROUGH OF POOLE

AUDIT COMMITTEE

24 JUNE 2010

CHIEF AUDITORS ANNUAL REPORT 2009/10

PART OF THE PUBLISHED FORWARD PLAN: YES

STATUS – SERVICE DELIVERY INFORMATION

1. PURPOSE

1.1   This report contains the Chief Auditor’s Annual Report on the overall adequacy and effectiveness of the Authority’s Control Environment’ for 2009/10 as required by the CIPFA Code of Practice for Internal Audit in Local Government. As those charged with governance the report provides Audit Committee Members with assurance on the adequacy and effectiveness of these arrangements

1.2   The report also provides an overview of the outturn during the year including a summary of the performance of Internal Audit, an update on outstanding recommendations and any significant issues arising from audit work undertaken.

2. DECISIONS REQUIRED

2.1  Members are asked to note:

a)  the ‘Chief Auditor’s Annual Report on the Overall Adequacy and Effectiveness of the Internal Control Environment’;

b)  the performance of the Internal Audit Section for 2009/10

c)  that there were no significant issues identified during the quarter; and

d)  current progress on the implementation of recommendations.

2.2  As a result of this report and in line with Regulation 6 of the Accounts and Audit (Amendment) (England) Regulations 2006, Members are asked to consider formally the effectiveness of the system of internal audit.

3. CHIEF AUDITOR’S ANNUAL REPORT ON THE OVERALL ADEQUACY AND EFFECTIVENESS OF THE INTERNAL CONTROL ENVIRONMENT (2009/10)

Introduction

3.1 The work of Internal Audit is governed by the Accounts and Audit (Amendment) (England) Regulations 2006 and the CIPFA Code of Practice for Internal Audit in Local Government (2006). In accordance with the Code of Practice, the Chief Internal Auditor is required to report on the findings of audit work, provide an annual audit opinion on the adequacy and effectiveness of the Council’s internal control environment and identify any issues relevant to the compilation of the Annual Governance Statement.

3.2 This annual report is produced in compliance with the CIPFA (Chartered Institute of Public Finance and Accountancy) Code of Practice for Internal Audit in Local Government in the United Kingdom (2006) which requires the Chief Internal Auditor to report annually on the adequacy and effectiveness of the internal control environment, and covers the period April 2009 to March 2010.

3.3 Audit and Management Assurance Services are fundamental to the good governance of the Council and constitute a statutory function further to the responsibilities of the S151 Officer. They provide independent assurance to management, members, the public, external auditors and other stakeholders on the adequacy and operation of the organisation’s controls, systems, procedures, VFM and efficiency. Its remit spans the organisation and increasingly the work of a modern audit function is aligned to the achievement of organisational objectives and facilitating business change through a risk based approach.

3.4  The departure of the previous Chief Internal Auditor provided an opportunity to review the structure and operation of the Internal Audit Team and form a wider Audit & Management Assurance function. This new function ensures that Internal Audit is properly focused and adequately resourced to reflect the increased emphasis on management assurance and to underpin the Council’s corporate governance arrangements.

3.5  The re-structure has facilitated a shift in the historic focus of the Internal Audit Service at the Council to encompass a wider and added value and risk management assurance approach encompassing VFM, efficiency and integrated risk management arrangements, as well as providing management assurance to senior managers and Members on the adequacy of the control and governance environment.

Audit Opinion

3.6 The establishment of adequate and effective control systems is the responsibility of management. As an Internal Audit review is conducted on a sample basis and does not involve a review of every transaction or project, the Chief Auditor is unable to provide absolute assurance that the system of internal control is operating adequately and effectively.

3.7 From Internal Audit work undertaken and reported upon during 2009/10, systems of internal control and risk management arrangements were found, overall, to be operating adequately and effectively. Where weaknesses have been found through Internal Audit reviews, we have worked with management to agree appropriate corrective actions and timescales for improvement. Similarly, for weaknesses identified through external sources, action plans have been put in place to address the issues.

3.8 Actions were taken to strengthen the overall control environment of the Council during 2009/10. Good progress was made on implementation of internal audit recommendations (see para 4.3). Steady progress has also been made on the significant governance issues raised in the 2008/09 Annual Governance Statement (AGS). Six of these are no longer considered to be a matter for public report as follows:

·  Corporate Project & Programme Management – The CP30 portal and associated project and programme methodology was launched during the year

·  Value for Money & Efficiency – VFM profiling has been carried out and an Efficiency Review Programme developed as part of the Council’s budget setting process

·  Equalities – The Council achieved Level 3 of the Equality Standard following an external assessment in September 2009

·  Property Asset Register – Phase 1 of the system implementation to data cleanse and upload information from the Corporate Asset Register has been completed

·  Procurement – Strategic approach to procurement developed supported by a fundamental restructure to ensure appropriate resources

·  Management of Capital Programme – Capital Resource Allocation Model (CRAM) developed

3.9 As part of compiling the 2009/10 AGS, Internal Audit have highlighted additional areas for inclusion. These issues were raised with the Management Team in May 2010 and will be presented to Members in June 2010 (at this committee meeting as a separate item).

3.10 It is the opinion of the Chief Internal Auditor that arrangements are in place to ensure an adequate and effective internal control environment. In reaching this opinion, the Chief Auditor relied on the work performed by Internal Audit in accordance with the Authority’s risk-based Annual Internal Audit Plan for 2009/10, progress made to address significant governance issues within the AGS, external audit reports, and observations made in external inspections. The work undertaken is summarised below.

Summary of Audit Work

3.11 The work of Internal Audit was determined by a risk based Annual Audit Plan for 2009/10. The Annual Internal Audit Plan for 2009/10 was approved by the Section 151 Officer and the Audit Committee (2 April 2009) following consultation with Service Unit Heads.

3.12 Audit work undertaken in 2009/10 covered a range of systems in different Service Units and included key financial systems (Main Accounting, Payroll and Supporting People). Health-check audits were undertaken for other key systems. No significant matters were identified and no high impact recommendations were made.

3.13 No ‘qualified’ reports were issued by Internal Audit in 2009/10 and Internal Audit remains satisfied with the overall progress made by Service Unit Heads to implement recommendations to improve internal controls. In accordance with the escalation process priority Internal Audit recommendations not implemented have been reported to the Audit Committee within the bi-annual performance report (included within the Audit Planning Consultation Report). The Chief Auditor is of the opinion that these unimplemented recommendations will not impact significantly on the overall internal control environment.

3.14 Pro-active anti-fraud work was carried out during 2009/10 in accordance with Internal Audit’s risk based anti-fraud & corruption programme resulting in some recommendations to improve internal controls. Investigations were also carried out by Internal Audit into alleged cases of fraud which included referral to the police in two instances.

3.15  Internal Audit has reported on progress made against actions arising from the Annual

Governance Statement for 2008/09 to the Audit Committee. Good progress has been made against the action plan with six issues no longer considered to be a matter for public report. Any outstanding issues have been carried forward to the 08/09 Annual Governance Statement. Internal Audit has also completed the process of compiling the Annual Governance Statement for 2009/10. In conducting this review Service Unit Heads have confirmed certain management controls in the form of Management Assurance Statements which uphold the Council’s governance framework in line with the ‘Local Code of Governance’ (introduced in December 2008).

3.16 The Audit Commission has reviewed the work performed by Internal Audit on key financial systems in 2009/10 (for which it places reliance on) and to date has identified no additional significant control weaknesses. Internal Audit and External Audit/Inspection reports issued during 2009/10 have also been reviewed for issues relating to the adequacy and effectiveness of the internal control environment.

Performance & Standards

3.17 Performance indicators are used by the Internal Audit section to ensure that appropriate standards are met. These include percentage of audit plan completed, time spent against planned on audits, recommendations agreed and implemented, and an auditee satisfaction score. These are reported bi-annually to the Audit Committee and, for 2009/10, key targets were met or exceeded as detailed within this report.

3.18 The Chief Auditor also ensures adequate quality control measures are in place within the Internal Audit section, including regular review of audit files and the regular update and use of an Internal Audit Manual.

3.19 The Audit Commission carry out a triennial review of Internal Audit’s compliance with standards, including those within the CIPFA Code of Practice for Internal Audit in Local Government 2006. The Audit Commission confirmed that Internal Audit operates in accordance with this code of practice for 2009/10.

4. INTERNAL AUDIT PERFORMANCE (2009/10)

4.1 Performance Indicators Table

Period / % Audit Plan Completed / % Time Spent vs Planned on Audit
(-under +over) (cumulative) / % Recommendations Accepted / % Previous Agreed Recommendations Implemented / Auditee Satisfaction Score (cumulative) *
Year to Date
Apr 09–Mar 10 / 93.38 / +6.0 / 100 / 85 / 3.5
TARGET for 2009/10 / 90 / 0 / 100 / 100 / 3

* Satisfaction Score Key: 4=Very Satisfied, 3= Satisfied, 2= Dissatisfied, 1=Very Dissatisfied

4.1.1 The percentage of the audit plan completed (93.38%) exceeds the target for the year and has resulted in the key performance target being met.

4.1.2 The percentage of recommendations implemented is below target and is reviewed as part of the recommendations followed up/not implemented in section 4.3 of this report.

4.1.3 The auditee satisfaction score for the year (2009/10) of 3.5 exceeds the target of 3, illustrating a high level of general satisfaction with the way in which audits are conducted.

4.2 Time Analysis

4.2.1 Time analysis of total time spent versus the total time planned in Internal Audit Plan for 2009/10 showed that total time spent was in accordance with the plan for the year.

4.2.2 Within some individual ‘Activity’ areas of the Plan, variances were identified, the most significant of which are detailed below. These variances resulted in less time being spent on planned audits. However, it should be noted that the variances represent a small percentage of overall planned time, and as shown in Table 4.1, the Percentage of Audit Plan completed exceeded the target.

Significant variances include:

·  Investigations and Anti-Fraud Work

The total time spent on investigations was more than planned, however, by its nature, this is an unpredictable area of work. The amount of Anti-Fraud work was also greater than planned, due to, for example, the amount of resource required to participate in the National Fraud Initiative, due to increased datasets being included in this year’s exercise.

·  Financial Management Standards in Schools (FMSiS)

The total time spent was more than planned due to the introduction of the combined FMSiS and regulatory audit work. The resource allocation for 2010/11 has been adjusted accordingly.

·  Use of Resources

The level of resource requirement to co-ordinate the Use of Resources assessment for 2009/10 was underestimated.

·  Financial Regulations - Breaches & Waivers

The time spent on advice and review of breaches and waivers was more than planned due to additional support arising from the introduction of the new Financial Regulations in September 2009.

4.3 Recommendations Implemented Status

4.3.1 Reviews have been undertaken to ascertain whether agreed audit recommendations have been implemented and risks mitigated. The percentage of recommendations implemented was below target for the year at 85% against a target of 100%. These variances are predominantly where the timescales have been revised. The number and percentage of agreed recommendations followed up that were not implemented during the year are detailed below:

Number of Recommendations
Followed Up 2009/10 / Number of Recommendations Not Implemented During
2009/10 / % Recommendations Not Implemented
2009/10 / % Recommendations Not Implemented
2008/09
263 / 39 / 15% / 21%

4.3.2 Although this figure is below target it compares favourably to 79% for 2008/09 following the introduction of the new ‘Escalation Procedure for Non-Implemented Internal Audit Recommendations’ agreed by the Audit Committee in September 2009. This procedure includes reporting non-implemented recommendations to the Audit Committee for remedial action if not resolved through the other escalation processes.

4.3.3 There are no recommendations that require reporting/escalation to the Audit Committee at this stage. The Audit Committee can expect to see the referral of any recommendations not implemented in accordance with the escalation procedure at the next meeting.

1

5. INTERNAL AUDIT WORK COMPLETED

5.1 There are no significant matters to report to the Audit Committee on work completed during the year. No ‘qualified’ audit reports (i.e. where the system/area inadequately safeguards the Council against identified risks) were issued, and no high impact recommendations (i.e. to address actual / potential critical implications for achievement of the Council's objectives) were made.

5.2 Advice, Consultation and Other Work

5.2.1 Advice

Following requests from Service Units, Internal Audit have continued to provide advice on a wide range of risk, control and compliance issues including how to ensure compliance with Financial Regulations & Contract Standing Orders, new system controls and on the revision of Council Policies.

5.2.2 Annual Governance Statement (AGS)

Work has been undertaken to compile the 2009/10 AGS for inclusion in the Council’s Statement of Accounts (which is being reported separately to this committee).