Hampshire Police AuthorityItem: 5
Standards and Governance Committee
14 June 2007
Annual internal audit opinion 2006/07
Report of the Treasurer to the Police Authority

Contact:Ejner Knudsen

01962 847403

Email:

1Summary

1.1The internal audit opinion is that Hampshire Police Authority has an appropriate framework of control that provides reasonable assurance regarding the effective, efficient and economic achievement of the Authority’s objectives. Audit testing has shown controls to be working in practice. Where improvements to controls are required, we are satisfied that appropriate action has been agreed by relevant managers and that they will be resolved in an appropriate manner.

1.2The following paragraphs explain how we arrived at this opinion.

2Background

2.1From 2003/04, the Chairman of the Police Authority and Chief Constable have been required to sign a general statement on internal control. To support this process, the Chief Internal Auditor is required to provide an independent opinion on the adequacy and effectiveness of the system of internal control operating across the Authority.

2.2This opinion is contained in the assurance statement attached at Appendix A.

2.3It is a management responsibility to develop and maintain the internal control framework, and to ensure that the Authority’s resources are properly applied. Internal audit is an assurance function that provides an independent and objective opinion to the Authority on the control environment by evaluating its effectiveness in achieving the Authority’s objectives. It objectively examines, evaluates and reports on the adequacy of the control environment as a contribution to the proper, economic, efficient and effective use of resources. (source: CIPFA Code of Practice for Internal Audit in Local Government in the United Kingdom 2006).

3Objectives

3.1This report will outline the level of assurance that we are able to provide, based on the internal audit work completed during the year. It will:

  • give an opinion on the overall adequacy and effectiveness of the Authority’s internal control environment
  • disclose any qualification to that opinion, together with the reasons for the qualification
  • present a summary of the audit work undertaken to formulate the opinion, including reliance placed on work by other assurance bodies
  • draw attention to any issues the Chief Internal Auditor judges particularly relevant to the preparation of the statement on internal control
  • compare the work actually undertaken with the work that was planned and summarise the performance of the internal audit function against performance measures and criteria
  • comment on compliance with these standards and communicate the results of the internal audit quality assurance programme.

4Audit approach

4.1A summary outlining the audit approach and audit delivery during 2006/07 is provided in appendix B.

4.2Detailed reports, giving the internal audit opinion on each of the systems examined have been issued to individual managers who have considered each report and provided a management response. This report provides an opinion on the overall control framework using the following terms which are defined in Appendix C:

  • comprehensive
  • appropriate
  • incomplete
  • inadequate.

5Overallassurance

5.1The internal audit opinion is that Hampshire Police Authority has an appropriate framework of control, that provides reasonable assurance regarding the effective, efficient and economic achievement of the Authority’s objectives. Audit testing has shown controls to be working in practice. Where improvements to controls are required, we are satisfied that appropriate action has been agreed by relevant managers and that they will be resolved in an appropriate manner.

5.2There has been no change in the overall level of assurance provided compared to that given in our 2005/06 annual internal audit opinion.

6Issues raised during 2006/07

Main findings

6.1Nineteen reviews were completed in 2006/07 and based on the audit evidence obtained, we concluded that 16systems / OCU’s had an appropriate framework of control and three had an incomplete framework of control to ensure that the activities and procedures achieve the Authority’s objectives. Audit testing has shown thatthe controls in place are operating in practice.

6.2A summary of the opinions on the audits carried out in 2006/07 is shown at Appendix D.

Significant findings

6.3The two previous annual opinion reports have highlighted the necessity for sufficient pre-employment checks to be completed for all new police staff. This is to prevent the Authority from appointing illegal immigrants, or individuals with criminal convictions and therefore avoid the risk of embarrassment. Our audit work in 2006/07 raised ongoing concerns in this area, despite the introduction of personnel checklists. It has therefore been agreed that the Personnel Administration Manager will check all personnel files for future appointments to ensure that data is complete.

6.4Our 2005/06 annual report highlighted a risk that orders for goods and services may not beplaced with the most appropriate suppliers in terms of cost, quantity and delivery, as orders over £10,000 were not always referred to the Procurement Section to ensure tendering procedures are followed in compliance with Standing Orders and there was a lack of evidence that departments/OCUs had obtained quotes for all orders between £2,500 and £10,000. Our review of creditor payments in 2006/07 repeated these concerns, although we acknowledge that only six months had elapsed since the 2005/06 review was finalised. A Procurement Manager has subsequently been appointed and is in the process of reviewing the procurement arrangements and providing guidance on when the need for quotes or tending apply.

6.5Partnership arrangements were audited for the first time in 2006/07 and the Chemical, Biological, Radioactive and Nuclear (CBRN) Centre was selected for review. The objective of the review was to ensure partnership arrangements are properly constituted and managed. Weconcluded that the Service Level Agreement (SLA) between Hampshire Constabulary and the Home Office does not sufficiently define responsibilities and that systems for recording equipment, vehicles and inventories are not sufficiently robust. Management have agreed to review the SLAwith the CBRN to ensure that governance arrangements are clarified. The Partnership Development Manager also continues to develop partnership arrangements generally, including compiling a formal list of partnerships.

6.6Our reviewof the Property Systems in 2004/05concluded that only a basic framework of control was in place. Due to the expected installation of new IT project OBERON follow up work was postponed until 2006/07, however, this development did not take place. Our review found that improved procedures need to be agreed and consistently applied across the Force and that these must ensure compliance with the Police and Criminal Evidence Act (PACE). A review of the existing Force Procedures and local practices has been commenced by the Acting Force Property Manager.

6.7Whilst a number of other significant recommendations were made during the year, these were significant to the systems concerned and were not material in the context of the Authority as a whole.

Common findings

6.8Apart from the issues raised in our review of creditor payments, no further significant common findings have been identified as a result of our work during 2006/07.

Follow up work

6.9Follow up work has been undertaken in 2006/07 where 2005/06 audit work concluded that there was an incomplete or inadequate framework of control. Follow up reviews have been undertaken in respect of:

Property Systems (see paragraph 6.6 above)

Stores.

6.10Our last full review of the Stores system was undertaken in 2004/05 and concluded that only a basic framework of control was in place. This was followed up in 2005/06 and, as little progress had been made, further review was undertaken this year. Although there continue to be opportunities for improvement to be made to the control framework, these are not considered to represent a significant risk in the context of the Authority as a whole.

Irregularities

6.11There have been no reported irregularities during 2006/07.

Value for money

6.12During the year, any value for money issues highlighted during the course of our controls assurance work have been reported to management. No significant issues were identified.

Recommendations

6.12That the Standards and Governance Committee accept the internal audit assurance statement for 2006/07 detailed in appendix A.

6.13The main risks identified during the year are noted.

Section 100D (Local Government Act 1972) background papers

The following documents disclose facts or matters on which this report, or an important part of it, is based and has been relied upon to a material extent in the preparation of this report.

NB the list excludes:

  1. published works; and,
  2. documents that disclose exempt or confidential information as defined in the Act.

Title / Location
None / None

1

Appendix A

Annual assurance statement for the year ended 31 March 2007

Introduction

The Accounts and Audit Regulation 2006 require the Treasurer to maintain an adequate and effective system of internal audit.

From 2003/04, the Chairman and Chief Constable have been required to sign a general statement on internal control. To support this process, the Chief Internal Auditor is required to provide an independent opinion on the adequacy and effectiveness of the control environment, comprising risk management, control and governance.

Responsibilities

It is a management responsibility to develop and maintain the internal control framework, and to ensure that resources are properly applied in the manner and on the activities intended. It is the responsibility of Internal Audit to form an independent opinion, based on reviews during the year, on the adequacy and effectiveness of the system of internal control.

Basis of opinion

The strategic and annual internal audit plans were prepared by the Chief Internal Auditor to take account of the characteristics and relative risks of the activities involved and were approved by the Treasurer. The internal audit plan has been delivered in accordance with the Code of Practice for Internal Audit in Local Government in the United Kingdom, issued by CIPFA.

Work has been planned and performed so as to obtain all the information and explanations, which were considered necessary in order to provide sufficient evidence to give reasonable assurance that the internal control system is operating effectively. However, this assurance can never be absolute. The most that the internal audit service can do is to provide reasonable assurance that there are no major weaknesses in the system of control.

Opinion

In my opinion Hampshire Police Authority has an appropriate framework of control that provides reasonable assurance regarding the effective, efficient and economic achievement of the Authority’s objectives. Audit testing has shown controls to be working in practice.

Ejner Knudsen

Chief Internal Auditor

Treasurer’s Department

Hampshire Police Authority

May 2007

Appendix B

Audit background

1Scope of internal audit

1.1The Chief Internal Auditor is required to provide the Authority with an assurance on the system of internal control. It should be noted, however, that this assurance can never be absolute. The most that the internal audit service can do is to provide reasonable assurance that there are no major weaknesses in the system of control. In assessing the level of assurance to be given the following have been taken into account:

  • all audits completed during 2006/07, including those audits carried forward from 2005/06
  • any follow up action taken in respect of audits from previous periods
  • any significant recommendations not accepted by management and the consequent risks
  • the effects of any significant changes to the Authority’s objectives or systems
  • the quality of internal audit’s performance
  • the proportion of audit need that has been covered to date
  • any limitations that may have been placed on the scope of internal audit.

2Audit service quality

2.1The service we provide is designed to ensure compliance with the standards for internal audit promulgated by the CIPFA Code of Practice for Internal Audit in Local Government in the United Kingdom 2006. The standards cover the following areas:

  • scope of internal audit
  • independence
  • ethics for internal auditors
  • audit committees
  • relationships
  • staffing, training and continuing professional development
  • audit strategy and planning
  • undertaking audit work
  • due professional care
  • reporting
  • performance, quality and effectiveness.

2.2Hampshire Audit Services is registered under ISO9001, the international quality management standard and we have developed comprehensive procedures to ensure that all audits are conducted to the required standard. In particular, the audit outline is approved, before site work commences, by the Audit Manager, who also reviews each draft and final report before it is issued to ensure that all key controls have been properly evaluated and that adequate audit evidence has been obtained to support the findings.

2.3We also have Investors in People accreditation, which ensures that the training and development needs of all our staff are reviewed on an annual basis as part of our performance development scheme and a detailed training and development programme is planned, delivered and evaluated each year.

2.4Our quality assurance programme includes:

  • annual service improvement planning, using appropriate management tools to challenge our approach
  • annual benchmarking with other local authority internal audit providers to compare the efficiency, effectiveness and economy of our services
  • a three year rolling programme of quarterly reviews of a sample of completed files and reports and management processes to ensure consistency in approach and compliance with professional standards and quality procedures. Issues raised are discussed by the Section’s management team and follow up action is monitored by the Quality Manager
  • quarterly review of performance indicators reported to the Treasurer’s management team.

2.5Whilst identifying some opportunities for continuous development, the results of the quality assurance programme confirm that we substantially comply with the requirements of the Code of Practice.

2.6In addition, our work is subject to annual review by the Authority’s external auditors who continue to rely on our work to support their audit opinion.

3Audit needs

3.1A risk assessment was undertaken for the 2006/07 audit plan, which involved an analytical review of data relating to the Authority including: size of budgets, content of committee reports or committee decisions, previous audit findings and consultation with the Director of Finance and other finance managers to ensure the audit plan addressed the key risks facing the Authority.

A summary of audit days delivered during 2006/07 is provided in Table 1.

Table 1 – Summary of audit days delivered (2006/07)

Detail / 2006/07
days / Days
Days carried forward from 2005/06 / 26
Audit plan agreed by the Treasurer / 267
Variations to the plan / -35
Revised plan at the year end / 232
258
Total days delivered including delivery of carry forward audits / 235
Days carried forward to 2007/08 / 23

3.2The 2005/06 carry forward related to four draft reports, which were finalised during 2006/07. The findings, however, were included in the 2005/06 annual audit opinion.

3.3The 2006/07 audit plan was revised during the year to 232 days. The original and revised audit plan are shown at appendix E and the changes made to the plan reflect the following:

an additional 5 days to enable a full review of debtors and cash income, rather than the planned follow-up review. This change was in line with advice received from the Audit Commission on compliance with International Auditing Standards

the postponement of the computer Record Management System to 2007/08, to be replaced with a review of the CSP Matrix as a result of discussions with the client and our ongoing risk assessment process. Subsequent to the commencement of the CSP Matrix review, the Information Security Officer requested that this also be postponed to 2007/08 (-10 days).

the separation of the Payroll and Personnel review into two distinct reviews to mirror lines of responsibility (no effect on days planned)

a reduction of 2 days in the audit of Road Policing Unit, Incident Management Unit Records Office as, following a reorganisation, this area is no longer responsible for the receipt of fines

planned reviews of doctors & surgeons, travel & subsistence and IT management were deferred to 2007/08 (-28 days).

3.4The carry forward days to 2007/08 relate to audits where a draft was issued and awaiting management response or where testing was still in progress at 31 March 2007.Results of the following two reviews will be reported in the 2007/08 annual internal audit opinion:

criminal justices department

pension arrangements.

3.5No limitations were placed on the scope of the work during the year.

4Audit approach

4.1We examined systems operating to achieve objectives set by management in each of the areas detailed in appendix E. We are not aware of any significant changes to any of the systems reviewed since the work was conducted.

4.2The work has been carried out using a systems based audit approach. This covers the internal control systems of the organisation and during the conduct of the work, particular attention was given to arrangements established to ensure:

  • financial control
  • safeguarding of assets to reduce exposure to theft or fraud
  • compliance with the Authority’s policies, procedures, laws and regulations
  • the integrity and reliability of information and data
  • value for money.

4.3An implicit part of the systems based audit approach is an evaluation of the controls in place to prevent and detect fraud and internal audit perform sufficient audit testing to confirm that controls are working in practice.

5Audit Liaison

5.1Staff within Hampshire Police Authority have been co-operative and helpful during audits, and have worked with internal audit to ensure that audits have been timed to suit both parties.

5.2Management responses to audit reports have been prompt helping to ensure that recommendations to address control weaknesses receive management’s early attention.

5.3Audit Appraisal Questionnaires (AAQ) have been received from seven of the 19 audits undertaken during the year with an average satisfaction score of 92.2%. This is evidence of the good working relationship between Internal Audit and the Police Authority.

5.4There have been quarterly update meetings between the Head of Financial Accounting and Internal Audit to discuss progress on the delivery of the internal audit plan and provide an opportunity to share information on audit and operational developments within the service.

Appendix C

Audit opinion definitions:

Comprehensive / Controls are in place to manage all the risks identified.
Appropriate / Sufficient controls exist to manage the key risks identified in an effective and efficient manner.
Incomplete / One or more key controls are missing therefore there is a need to introduce additional key controls to manage the risk to the organisation.
Inadequate / Controls are considered to be insufficient to manage the risks identified, with the absence of at least one critical control mechanism. Failure to improve controls could lead to increased risk of major loss or embarrassment to the organisation.

Appendix D