BOROUGH OF POOLE
REPORT TO SERVICE PROVISION SCRUTINY AND AUDIT COMMITTEE
24 MAY 2007
INTERNAL AUDIT - PERFORMANCE & ACTIVITY REPORT FOR
JANUARY – MARCH 2007
PART OF PUBLISHED FORWARD PLAN: NO
STATUS – GENERAL
1.PURPOSE AND POLICY CONTEXT
1.1 This Report gives a summary of the performance of the internal audit work of the Section for the final quarter of 2006/2007. In addition, it summarises the audit work undertaken during the period, highlighting any key findings and recommendations. Current progress on implementation of recommendations (as at April 2007) is also detailed.
1.2 The report also includes the ‘Chief Auditor’s Annual Report on the Overall Adequacy and Effectiveness of the Internal Control Environment’ for 2006-07 as required by the CIPFA Code of Practice for Internal Audit in Local Government.
1.3 The Accounts and Audit (Amendment) (England) Regulations 2006 came into force on 1st April 2006. Regulation 6 requires organisations to review the effectiveness of their system of internal audit once a year. In order to meet the requirements of Regulation 6 of the Accounts and Audit (Amendment) (England) Regulations 2006, Members are asked to review the contents of this report.
2. DECISION REQUIRED
2.1Members are asked to note:
a)the ‘Chief Auditor’s Annual Report on the Overall Adequacy and Effectiveness of the Internal Control Environment’;
b)the report on the performance of the Internal Audit Section for the final quarter of 2006/07;
c)the summary of audit work undertaken during the period; and
d)current progress on the implementation of recommendations.
2.2In line with Regulation 6 of the Accounts and Audit (Amendment) (England) Regulations 2006, Members are asked to consider formally the effectiveness of the system of internal audit.
2.3Members are asked to refer any relevant items of concern to the other relevant scrutiny
committees for their attention.
3.CHIEF AUDITOR’S ANNUAL REPORT ON THE OVERALL ADEQUACY AND EFFECTIVENESS OF THE INTERNAL CONTROL ENVIRONMENT (2006/07)
Introduction
3.1 This annual report is produced in compliance with the CIPFA (Chartered Institute of Public Finance and Accountancy) Code of Practice for Internal Audit in Local Government in the United Kingdom (2003), and covers the period April 2006 to March 2007.
3.2 As well as being required to provide a formal annual report to those Members charged with governance, the Chief Auditor’s opinion on the overall adequacy and effectiveness of the internal control environment will be used to help assess the effectiveness of the Authority’s Statement of Internal Control.
Audit Opinion
3.3 From Internal Audit work undertaken, and reported upon, during 2006/07, systems of internal control were, overall, operating adequately and effectively**.
3.4In reaching this opinion, the Chief Auditor relies on the work performed by the Internal Audit Section in accordance with the Authority’s risk-based Annual Internal Audit Plan for 2006/07, external audit reports, and observations made in external inspections.
3.5 A number of initiatives and actions were taken to strengthen the overall control environment of the Council during 2006/07 – evidenced by the progress made against issues arising from the Statement of Internal Control for 2005/06 and implementation of internal audit recommendations.
3.6 The Chief Auditor has also highlighted a number of additional potential areas for inclusion within the SIC 2006/07, identified through internal audit work performed throughout the year and a review of external audit recommendations. These additional issues are:
- Contract Management Arrangements
- Arrangements for working with Partners and Service Providers
- Asset Management
- Value for Money – (Procurement Strategy, Improved Service Performance monitoring, enhanced performance management)
- Affordable Housing
- Improved anti-fraud and corruption measures
These issues will be considered by Management Team on 17th May 2007 prior to presentation of the SIC to Members in June.
** The establishment of adequate and effective control systems is the responsibility of management. As an Internal Audit review is conducted on a sample basis and does not involve a review of every transaction or project, the Chief Auditor is unable to provide absolute assurance that the system of internal control is operating adequately and effectively.
Annual Report
3.7 Internal Audit followed a risk based Annual Audit Plan for 2006/07. The Annual Internal Audit Plan was approved by the Section 151 Officer, following consultation with the Service Unit Heads, and has been reported to the Service Provision Scrutiny and Audit Committee.
3.8 A summary of the audit work undertaken in 2006/07 on which the opinion is based, including reports on key financial systems, has been reported to the Service Provision Scrutiny and Audit Committee throughout the year on a quarterly basis.
3.9 No ‘qualified’ reports were issued by Internal Audit in 2006/07 on key financial systems and Internal Audit remains satisfied with the overall progress made by Service Unit Heads to implement recommendations to improve internal controls. Priority Internal Audit recommendations which have not been implemented are reported separately to the Management Team and Service Provision Scrutiny and Audit Committee within the quarterly ‘Internal Audit – Performance and Activity Report’. The Chief Auditor is of the opinion that these unimplemented recommendations will not impact significantly on the overall internal control environment.
3.10 The Audit Commission has reviewed the work performed by Internal Audit on key financial systems in 2006/07 and, to date, has identified no additional significant control weaknesses.
3.11Internal Audit has reported progress made against the Statement of Internal Control for 2005/06 to the Service Provision Scrutiny and Audit Committee on a quarterly basis throughout the year. At their request, this information is also being reported quarterly to the Management Team.
3.12Internal Audit is also in the process of compiling the Statement of Internal Control for 2006/07. In conducting this review, Internal Audit has asked Service Unit Heads to “confirm certain responsibilities which uphold the Council’s internal control and assurance framework”.
3.13Internal Audit and External Audit reports issued during 2006/07 have also been reviewed for issues relating to the adequacy and effectiveness of the internal control environment.
Internal Audit Performance
3.14A number of performance indicators are used by the Internal Audit section to ensure that appropriate standards are met. These include percentage of audit plan completed, time spent against planned on audits, recommendations agreed and implemented, and an auditee satisfaction score. These are reported quarterly to the Service Provision Scrutiny and Audit Committee and, for 2006/07, key targets were met or exceeded.
3.15The Chief Auditor ensures adequate quality control measures are in place within the Internal
Audit section, including regular review of audit files.
3.16The Audit Commission carries out a triennial review of Internal Audit’s compliance with standards, including those within the CIPFA Code of Practice for Internal Audit in Local Government 2006. The Chief Auditor has completed a self-assessment for the Internal Audit function using this Code and believes the function meets its requirements. The Audit Commission is now in the process of reviewing the assessment – the results of which will be reported to a future SPSAC meeting.
4.AUDIT PERFORMANCE INDICATORS
Period / % Audit Plan Completed / % Time Spent vs Planned on Audit(-under +over) (cumulative) / % Recommendations Accepted / % Previous Agreed Recommendations Implemented / Auditee Satisfaction Score (cumulative) *
Jan - Mar 2007 / 27 / +1.8 / 100 / 83 / 3.8
TARGET for Quarter 4 / 30 / 0 / 100 / 100 / 3
Apr 2006 – Mar 2007 (Full Year) / 92 / +1.8 / 100 / 83 / 3.8
TARGET for 2006/07 / 100 / 0 / 100 / 100 / 3
4.1Performance Indicators Table
* Satisfaction Score Key: 4=Very Satisfied, 3= Satisfied, 2= Dissatisfied, 1=Very Dissatisfied
4.2The key audit performance indicator target is (theoretically only) to complete 100% of the plan
in the year. Best practice requires that we complete at least 90% of the audit plan. The percentage of the audit plan completed was slightly below target for Quarter 4 however the key performance indicator to achieve at least 90% of the plan was met (92%) for the whole year.
4.3The percentage of recommendations implemented is below target and is reviewed as part of the ‘recommendations followed up/not implemented’ in section 7 of this report.
4.4Internal Audit ask auditees to score their satisfaction at the end of each audit (4 = very satisfied, 1 = very dissatisfied). These scores are averaged to give an overall auditee satisfaction score. The auditee satisfaction score of 3.8 again exceeds the target of 3.0.
5.TIME ANALYSIS
5.1The following summarises the target and actual time spent on Internal Audit activities based on the 2006/07 audit plan (please note the planned days have been adjusted in line with the estimate resource profile throughout the year).
THIRD QUARTER (JANUARY – MARCH 2007)
ACTIVITY / Planned (Days) / Actual (Days) / Variance (Days)+ more than /
- less than planned
PLANNED WORK (Audits, Projects & Consultancy) / 289 / 261 / -28
ANTI-FRAUD/INVESTIGATIONS / 60 / 22 / -38
MEMBER REPORTING / 18 / 22 / +4
OTHER: inc. CORPORATE MANAGEMENT & UNOFFICAL FUNDS / 14 / 4 / -10
RISK MANAGEMENT / 14 / 1 / -13
STATEMENT ON THE SYSTEM OF INTERNAL CONTROL (SIC) / 6 / 26 / +20
HOUSING BENEFIT FRAUD TEAM (Temporary Responsibility) / 0 / 0 / 0
INDIRECT TIME - Audit Administration / 68 / 76 / +8
INDIRECT TIME – Leave / 81 / 53 / -28
INDIRECT TIME – Training / 24 / 31 / +7
INDIRECT TIME – Sick / 11 / 9 / -2
TOTAL / 585 / 505 / -80
FULL YEAR (APRIL 2006 – MARCH 2007)
ACTIVITY / Planned (Days) / Actual (Days) / Variance (Days)+ more than /
- less than planned
PLANNED WORK (Audits, Projects & Consultancy) / 964 / 887 / -77
ANTI-FRAUD/INVESTIGATIONS / 200 / 161 / -39
MEMBER REPORTING / 60 / 69 / +9
OTHER: inc. CORPORATE MANAGEMENT & UNOFFICAL FUNDS / 48 / 47 / -1
RISK MANAGEMENT / 45 / 44 / -1
STATEMENT ON THE SYSTEM OF INTERNAL CONTROL (SIC) / 20 / 42 / +22
HOUSING BENEFIT FRAUD TEAM (Temporary Responsibility) / 0 / 24 / +24
INDIRECT TIME - Audit Administration / 228 / 224 / -4
INDIRECT TIME – Leave / 271 / 258 / -13
INDIRECT TIME – Training / 80 / 90 / +10
INDIRECT TIME – Sick / 38 / 38 / 0
TOTAL / 1954 / 1884 / -70
5.2The amount of total time spent was less than planned for the quarter & slightly less than planned for the full year due to maternity leave.
5.3The amount of time spent on planned audits was also down in the quarter & for the full year which was mainly due to maternity leave and additional time spent on the preparation of the statement of internal control for 2006/07.
5.4Investigation time spent during the quarter was less then planned for both the quarter and full year due to the variable nature of the work.
6.PLANNED AUDITS
This includes audits completed to draft report stage during the quarter.
Note 1 ‘Recommendations outstanding’ refers to those outstanding ‘at the time of the audit’, not necessarily at present.
Note 2 Please note the following terminology – Recommendations are graded ‘High/Medium/Low’ priority. An audit report may contain several ‘High’ priority recommendations, however this will not necessarily produce a ‘qualified’ audit report. In rare circumstances a ‘qualified’ Audit report will be produced due to the fact that the system/area reviewed overall inadequately safeguards the Authority against identified risks.
6.1KEY FINANCIAL SYSTEMS AUDITS – full Audit Report recommendations and responses are shown below for these key audits.
6.1.1Creditors (Financial Services)
The audit concluded that the system had been designed to meet the requirements of the service and adequately safeguards the Authority against identified risks.
Progress has been made on two medium priority recommendations from the previous audit and have therefore been re-iterated as one low priority recommendation. One low priority recommendation from the previous audit was fully implemented and one low priority recommendation has been re-iterated.
Four medium priority and one low priority recommendations have also been made. These are detailed below.
Recommendation / Priority / AgreedYes/No / Target Date / Comments
It is recommended that given the delay in the POP implementation that the Head of Financial Services reminds all Service Units of the need for purchase orders to be raised and the purchase order number recorded to the certification slip.
It is also recommended that the Corporate Procurement Manager liaises with the Income Manager to develop a method to identify and address non compliance with the use and recording of purchase order numbers. / ** / Yes / 01/09/07 / The Procure2Pay project team are currently looking at the best way to do this, within the whole procurement framework (ie new supplier set up).This action will be added to the plan for that group to take forward.
Previous audit recommendation (Re agreeing new POP arrangements with Internal Audit) is reiterated with timing determined by an implementation plan. / * / Yes / 31/03/07 / Before implementation new/changes to processes and procedures are agreed with audit.
POP user guides are being finalised and will be published on the LOOP imminently.
A POP implementation plan has been produced.
Internal Audit endorse the action taken by the Financial Systems Manager to inhibit processing invoices for payment of CIS Scheme suppliers when their registration is not valid. / ** / Yes / 05/04/07 / As required by a change of legislation, a new CIS process has been installed which becomes live from the start of the new tax year which will supersede the existing arrangements.
It is recommended that the Senior Creditors Officer introduces a regular review of the number/level of duplicate suppliers and then carry out a full review if the level increases significantly. / * / Yes / To commence now / To review number of duplicates on a quarterly basis and then review further if necessary.
Proposed new procedures for notification of a new supplier will reduce unnecessary duplicates.
It is recommended that Financial Systems Manager retains all system reports on file. / ** / Yes / Done / System reports are now received and stored electronically.
It is recommended that the Income Manager should establish procedures to direct staff on how to operate when there is a loss of system or other disaster. / ** / Yes / 01/09/07 / No specific comment.
It is recommended that the ICT Security Officer should designate one safe in ICT Support to be used by ICT Security only and contain only cheques, swipe cards etc.
- Access to the safe and safe key should be restricted to authorised ITC Security staff.
- Key movements should be recorded in a log.
6.1.2Council Tax (Financial Services)
The audit concluded that the system had been designed to meet the requirements of the service and adequately safeguards the Authority against identified risks.
All five recommendations from the previous audit have been fully implemented.
One medium priority recommendation has been made and is detailed below.
Recommendation / Priority / AgreedYes/No / Target Date / Comments
Internal Audit endorse the Head of Revenues review of entitlement to single occupancy discounts. / ** / Yes / 30/9/07 / We propose to continue with the sending of a single person discount review form which requires a signed return to confirm entitlement. We will also review this process to ensure it is being carried out in the most effective manner.
In addition we will compare our single discount cases to the electoral register and undertake a sample check of potential discrepancies.
Other expensive options are available such as using third parties such like Experian or Data Tank but I do not consider this appropriate at this time.
6.1.1Debtors (Financial Services)
The audit concluded that the system had been designed to meet the requirements of the service and adequately safeguards the Authority against identified risks.
Four recommendations from the previous audit have been fully implemented. One medium priority recommendation has been re-iterated.
One medium priority and two low priority recommendations have also been made. These are detailed below.
Recommendation / Priority / AgreedYes/No / Target Date / Comments
The previous recommendation (Re updating the procedure manual) is reiterated. / ** / Yes / 31/10/07 / No comment
Consideration should be given by the Income Manager to amending the wording / information on the invoices raised to advise when payment is due. This may assist in reducing the number of unsettled invoices over 30 days old and bring the aged debtors profile for BoP more in line with other local authorities. / ** / Yes / A.S.A.P. / The Income Manager will ask for the statement “due for payment immediately” to be printed on the blank invoices when they are next ordered.
Meanwhile, we will investigate whether it is possible to add this to the printing script from the debtors system.
It is recommended that the Income Manager ensures that:
- Authorising officers are reminded that all Sundry Debtors Request Forms are dated prior to being sent to the Income Section.
- All Sundry Debtor Request Forms are date stamped upon arrival by the Income Section.
It is recommended that the Income Manager encourages Service Units to raise Sundry Debtor Request Forms as soon as possible after the Service is provided. / * / Yes / A.S.A.P. / Will be included in the above 175 Managers e-mail.
6.1.3Payroll (Financial Services)
The audit concluded that the system had been designed to meet the requirements of the service and adequately safeguards the Authority against identified risks.
Six recommendations from the previous audit have been fully implemented and the remaining two recommendations were superseded by other events.
Six medium and three low priority recommendations were made in this audit and are detailed below.
Recommendation / Priority / AgreedYes/No / Target Date / Comments
It is recommended that the Head of Financial Services and the Head of Personnel reminds all staff responsible for authorising travel and subsistence forms (e.g. suggest 175 Managers) that it is their duty to check the claims for omissions, completeness and correctness prior to signing and to also check that Best Value has been achieved. / ** / Yes / 31/03/07
It is recommended that the Payroll & Pensions Manager (Margaret Wait) arranges for all Payroll staff to be supplied with a set of notes detailing basic VAT rules and regulations. / ** / Yes / 31/03/07
It is recommended that the Head of Personnel (Colin Hague) peruses and checks the rules concerning re-location expenses for omissions and ambiguity and, if necessary, makes any appropriate amendments. / ** / Yes / 1/10/2007
It is recommended that the Payroll & Pensions Manager ensures that reconciliations between amounts deducted from pay and payments made to providers are carried out on a monthly basis and results recorded, with any differences being annotated. / ** / Yes / Done
It is recommended that the Payroll & Pensions Manager ensures application forms are checked for completeness for inclusion in the scheme prior to acceptance. / ** / Yes / Done
It is recommended that the Financial Systems Manager ensures suitable training is available to appropriate staff and takes responsibility for ensuring adequate cover. / ** / Yes / 2007 / Due to end of year commitments staff are not available for training before April/May
It is recommended that the Financial Systems Manager (Ian Redman) ensures that
only individual users are set up on the Merlin and/or Case systems. / * / Yes / Done
It is recommended that the Payroll & Pensions Manager reviews the timetable of the submission and return date of the schedules in order to facilitate the hastening action after 4 weeks during term time, and to fully document action taken. / * / Yes / Done
It is recommended that the Payroll & Pensions Manager ensures that
the ‘issue’ date on a P45 should not be back-dated. It must always be the date it is raised, otherwise there is non-compliance with HMRC regulations.
The issue date recorded on the Payroll system should also be actual date of issue. / * / Yes / 31/03/07 / Payroll & Pensions Manager to review staff training issues to ensure compliance with HMRC regulations
6.2OTHER AUDITS