INTRODUCTION

ACORPORATE AND CROSS CUTTING

BMATERIAL SYSTEMS

CADULT SOCIAL CARE & ENVIRONMENT

DCHILDREN, FAMILIES AND LEARNING

EIT AUDITS

FREGENERATION SERVICES

GCOUNTER FRAUD

HOTHER PRODUCTIVE WORK

ISUMMARY OF DAYS BY ASSURANCE CATEGORY

TEES VALLEY AUDIT & ASSURANCE SERVICES

Internal Audit Plan 2012/13

INTRODUCTION

Purpose

1This document sets out the proposed programme of internal audit and counter fraud work for 2012/13. In accordance with good practice, internal audit is required to prepare an audit plan on at least an annual basis. The Plan is based on a number of sources of information and is a working document as amendments may be required throughout the year to reflect new and emerging risks and changes in priorities.

2The content of the audit plan is risk based and the basis for the risk assessment may be the Council’s corporate and directorate risk registers, a separate audit risk assessment or a combination of both. Risk assessments are kept under review but formally updated at the end of each financial year to take into account the results subject to consultation with directors, heads of service and other senior council officers and is formally approved by the Audit Committee who is responsible for monitoring progress against the Plan.

3The content of the Audit Plan is influenced by a variety of sources which can be summarised as follows:

  • The Council’s Plan and key priorities.
  • Details of Council savings and proposed budget cuts.
  • The Council’s risk registers.
  • Fraud and Loss Risk Self Assessment.
  • Networking with other local authorities.
  • Areas of previous weakness.
  • Specific requests from senior officers.

4TVAAS is theshared internal audit service between Redcar and Cleveland and Middlesbrough Councils and was established on 1 January 2011. The Service was established in response to local authorities being encouraged to challenge traditional methods of service delivery in order to reduce waste and improve outcomes. Both councils are committed to the successful achievement of a long term shared service for internal audit which will add value and deliver benefits.

5All local authorities have a statutory requirement to make provision for internal audit in accordance with proper standards of professional practice as set out in the CIPFA Code of Practice for Internal Audit in Local Government. Internal Audit is defined as an assurance function that provides an independent and objective opinion on the effectiveness of the control environment. As such, TVAAS will have a key role in helping both councils achieve their objectives by examining the effectiveness of the governance arrangements and providing assurance to both councils that controls are operating effectively in order to manage the key risks facing the achievement of their objectives. This has a positive impact on the risk environment, informing management whether the action being taken to manage the identified risks is working effectively.

TVASS Vision

6A shared internal audit service which always delivers in time, on time, to the highest quality; and which is regarded within both councils, and more widely, as an exemplar public service. A Service which adds value and helps both councils deliver better outcomes for local people.

2012/13 Audit Plan

7The Council is currently experiencing significant and challenging financial pressures which are resulting in major changes taking place across Council services. The Council has to make savings of over £50 million over a four year period and is in the process of saving £14.8 million in 2011/12 through a series of efficiency savings and service reductions. 78 budget reduction proposals amounting to £10.3 million were announced at Council on 5 Oct followed by a further 28 proposals amounting to £3.5 million on 14 December. Following consultation, some revisions have been made and a total of 98 recommendations will now go forward and form the basis of achieving the required budget cuts for 2012/13. These changes will have a significant impact upon the Council and will increase risk in many areas as reductions in resources can result in services no longer having the means to ensure that their control environments are operating effectively. TVAAS’ priority for the next couple of years will be to help support the Council in maintaining an effective control and governance environment during these challenging times. The content of the proposed audit plan very much reflects the challenges facing the Council and is designed to:

  • Provide assurance on the effectiveness of the governance arrangements and internal controls operating.
  • Provide advice on the design, implementation and operation of appropriate controls so as to minimise the risk of fraud and error.
  • Support the Council in making effective use of its resources and thereby supporting the attainment of its challenging savings programme.
  • Act as a visible deterrent against all fraudulent activity, corruption and other wrong doing.
  • Support the council in providing an appropriate and effective response and investigation into any instances of suspected fraud or corruption.
  • Undertake value for money reviews and other specialist assignments including the use of data interrogation techniques.

8Providing Assurance to the Council

TVAAS will perform different categories of work in order to provide assurance to the Council that it has an effective control environment in place.

8.1Corporate Assurance

Corporate audits review a number of key corporate themes that cut across all directorates and are key to providing the appropriate assurance to the Council that its overall governance and control arrangements remain effective. The scope of each corporate audit will be agreed with the relevant lead officers to ensure that Internal Audit resources are focused on areas of high risk. The aim of corporate audits is to focus on those areas that can have a significant impact upon the achievement of the Council’s priorities such as performance management, procurement, equalities, sustainability, information governance and partnerships. The Deputy Director of Resources has requested that a significant allocation of time in the 2012/13 Plan be directed at reviewing the impact of budget cuts and service reductions on the Council’s overall control environment and the ability to deliver its services to an acceptable standard.

8.2Internal Control and Compliance

The purpose of these audits is to review the extent to which the Council’s regulations, policies and procedures are being complied with in practice. A review may focus on a specific section e.g. Development Control but is more likely to concentrate on areas that cut across all directorates such as compliance with recruitment guidance.

This type of work will also provide assurance that policies and procedures are up to date, fit for purpose and effectively communicated as well as checking the extent to which they are being complied with.

Any major issues arising from corporate and compliance work will also contribute to the formation of the Council’s Annual Governance Statement.

8.3Financial/Material Systems

Material systems remain an important area of the internal audit plan as they provide the Section 151 Officer with assurance that the Council has made proper arrangements for the effective administration of its financial affairs and support the integrity of the Council’s accounts. Such audits cover key expenditure systems such as Debtors and Creditors, Payroll, Main Accounting and Financial Management & Budgetary Control. The need to annually review these and other material areas reflects the overall significance of the systems to the Council. The frequency of audit does not mean that the control environment is weak but reflects the potential impact should a major control weakness be identified in such an area. For that reason, assurance on material systems is provided more frequently than for many other areas where the risk and impact is considerably less. The material systems to be included in the Audit Plan are discussed with the external auditors to ensure that they can place reliance on the work of internal audit and thereby avoid duplication.

The audit plan takes account of the need to work closely and have ongoing discussions with the Council’s external auditors so that they are able to place full reliance on TVAAS work. The testing of material systems will include documenting system changes and performing testing on the control environment to provide assurance that these fundamental areas are well controlled. Areas classed as a material or fundamental system are typically audited each year. However, future audits will attempt to reduce the volume of testing required within individual audits in order to focus on high risks, those areas where the Council requires overall assurance and where the External Auditor will be seeking to place reliance.

8.4IT Audits

The TVAAS team includes an auditor with specialist IT skills for the provision of IT audits. The main areas to be covered by IT audits include the management of IT arrangements, the security of IT facilities and the data contained within systems and the control environments relating to individual applications.

8.5Counter Fraud

The latest annual fraud indicator estimated that 55% of all UK fraud is committed against the public sector. Fraud against the public sector can take many forms including fraud in relation to benefits, grants, procurement, blue badges, payroll and recruitment. To reduce the risk of fraud and corruption taking place, the Council has to demonstrate a strong anti fraud culture. TVAAS will assist the Council in establishing such a culture by:

  • Ensuring that a counter fraud policy framework is in place that is up to date and reflects relevant legislation such as the Bribery Act and Money Laundering regulations.
  • Raising awareness amongst staff, suppliers, partners and other relevant parties of key fraud and loss risks and how to report any concerns.
  • Carrying out an annual fraud and loss risk self assessment to identify the key risk areas for the Council and ensuring that audit resource is directed towards those areas.

The 2012/13 Plan includes both proactive and reactive counter fraud work. Proactive work includes maintaining appropriate and up to date counter fraud policies, awareness raising sessions, identifying the Council’s key fraud risks and performing data interrogation analysis work. Reactive work involves carrying out investigations into reported and suspected incidents of fraud and corruption.

8.6Service Reviews/Savings Proposals

This is an area that is in increasing demand from local authority internal audit functions as councils are faced with demands to improve efficiency, cut costs whilst maintaining service levels. Value for money reviews seek to gain an understanding of the current systems and processes within a specific service or theme and produce proposals for leaner, more efficient systems where resources are geared towards achieving agreed outcomes and management controls are timely and effective whilst considering sensitivities such as change and impact upon service delivery.

8.7Schools

Both the Council and the governing body for each school require assurance that the financial and administrative arrangements within each school are operating effectively. Previous internal audit plans have always included an allocation of time to perform audit visits at a number of the borough’s secondary and primary schools. In future, a sample of schools will be selected according to a risk assessment exercise. The schools’ audit programme has been reviewed during 2011/12 with a view to reducing the number of days allocated to each school audit and focussing on the areas of high risk or priority to a school.

8.8Liaison and Reporting

In order to ensure that internal audit work remains focussed on the areas of greatest risk and that significant findings are highlighted with the appropriate officers, it is important that TVAAS managers have reporting and liaison mechanisms in place across the Council. This category includes time to prepare for and attend the Audit and Governance Committee, officer groups and management meetings across the Council. Liaison with directorate contacts, external audit, Risk Management and Performance Management will also be required.

9Progress against the Plan

Progress against the plan will be monitored throughout the year and key issues reported to the Deputy Director of Corporate Resources. The Audit Manager will also report to the Audit and Governance Committee on key issues arising from the work included in the Plan and on TVAAS’ performance according to the agreed performance measures as set out in the service level agreement between Middlesbrough and Redcar & Cleveland Councils.

The Audit & Governance Committee will monitor progress against the delivery of the 2012/13 Audit Plan throughout the year. Given the constantly changing environment, the content of the Plan will be subject to continuous review in order to accommodate new and emerging risks. Significant variations to the Plan will be reported to the Audit & Governance Committee.

10Format of the Plan

The full audit plan for 2012/13 is detailed in Sections A – H. The audits are split into appropriate sections as follows: corporate/cross cutting audits, directorate specific, material systems, IT audits, counter fraud work and other productive work.

The reference column relates to the unique number allocated to each assignment on our audit information management system. The category column indicates the type of assignment that is intended to be carried out. The abbreviations are clarified below:

  • CA – Corporate assurance
  • CF – Counter Fraud
  • LR – Liaison & Reporting
  • Sav – linked to the need to identify savings, efficiencies and maximise income
  • Fin – Financial Systems
  • ICC – Internal Control Compliance
  • ICT – Information Technology
  • Sch – Schools

Section I summarises the number of days allocated to each of these categories.

The number of audit days currently totals 1325 (2011/2012 – 1440).

11Completing the Plan

Once the content of the Plan and its individual assignments have been accepted, the Audit Team Leader will contact the relevant responsible officers in order to agree an approximate timing for each of the audits. The procedure for completing each individual assignment may vary to some extent but the usual process is summarised below:

  • When it is time for the audit to be undertaken, the responsible officer will be contacted by either the Audit Team Leader or one of the TVAAS Senior Auditors in order to hold an initial planning meeting and to discuss and define the exact scope of the audit to ensure that it focuses on high risk and priority areas.
  • A Terms of Reference will then be issued to the responsible officer for consideration and approval. Any revisions to the defined scope will be discussed and agreed with the responsible officer as appropriate.
  • Fieldwork commences. Any significant concerns identified during the audit will be communicated to the responsible officer(s) on an ongoing basis.
  • At the end of the fieldwork, a draft report for discussion will be produced, the contents of which will be considered at a meeting between the auditor(s) and the responsible officer(s). Recommendations for actions to address any weaknesses or issues identified will be discussed and agreed as appropriate.
  • The draft report will then be issued to the responsible officer(s) for agreement. The report will provide an overall level of assurance that the auditor(s) has concluded is appropriate based on their findings of those areas examined. There are four possible levels of assurance as follows: Substantial, Satisfactory, Limited and Little/No. The definition for each of these assurance levels is provided in the new TVAAS audit report format as an appendix to the report.
  • It is at this stage that the auditor(s) will require the responsible officer(s) to provide ‘management comments’ which detail the proposed remedial action to be taken to address the findings in the report together with target dates for completion of these actions. If the auditor(s) considers that the management comments do not adequately address the finding then the action proposed will be revisited with the responsible officer(s).
  • Following agreement of the draft report and the receipt of a management response to each of the recommendations, the final report, including the management responses, will be issued to the relevant officers.
  • All agreed recommendations are ranked according to three priority levels with a priority 1 recommendation being the most significant. All P1 recommendations and the progress being made to implement them are reported to Audit Committee.
  • All P2 and P3 recommendations are ‘followed up’ by TVAAS auditors according to the target date specified at the time the recommendation was agreed. P1 recommendations will be followed up earlier in order to report on progress being made to Audit Committee.
  • The findings are all internal audit work is reported in summary form to the Audit Committee.

Please note that a revised TVAAS audit report format was adopted during 2011/12 and will be used for all audits issued during 2012/13.

12Quality

TVAAS staff are committed to delivering a quality service to the highest professional standards that adds value to its customers. The Service actively monitors its performance and a customer satisfaction survey is issued with each draft audit report (excluding investigations). In addition, an annual survey is also carried out which examines the overall perception of the Service and its ability to add value and support the Council in meeting its objectives.

ACORPORATE AND CROSS CUTTING

Ref / Category / Audit Title / Days
Sav / Procurement
A review of the arrangements in place for ensuring that the Council’s procurement strategy and practices support value for money and the achievement of savings.
Central Services Risk Register RCS079 / 20
Sav / Budget Management/Savings Delivery
A review of the extent to which the Council is managing its budgets and responding to the ongoing Government funding cuts. There are risks associated with the proposed savings in terms of deliverability, quality of service provision and the impact upon the control environment. The audit proposes to focus on the progress being made by the directorates to deliver the proposed savings (if not covered by specific audits elsewhere) and the extent to which the risks are being managed. The savings areas to be examined will be agreed at the outset of the audit and may, if appropriate, be split into separate audits to be carried out at different points during the year.