1. finance
2. accounting and auditing

1
Name of meeting and date:
Corporate Governance & Audit Committee
24th April 2015
Title of report:
Annual Report of Internal Audit 2014/15 &
Audit Plan for 2015/16
Is it likely to result in spending or
saving £250k or more, or to have a
significant effect on two or more
electoral wards?
No
Is it in the Council’s Forward Plan?
No
Is it eligible for “call in” by Scrutiny? Yes
Date signed off by Director & name
Not applicable
Is it signed off by the Director of
Resources?
Not applicable
Is it signed off by the Acting
Assistant Director - Legal &
Governance?
Not applicable
Cabinet member portfolio
Not applicable
Electoral wards affected and ward councillors consulted: All
Public or Private: Public
1.
Purpose of report
To provide information about Internal Audit activity in the year to 31st March
2015.
To provide an “opinion” on the adequacy and effectiveness of the councils
framework of governance, risk management and control.
To indicate compliance with the requirements of the Public Sector Internal Audit
Standard(PSIAS).
To provide an Audit Plan for 2015/16 and to indicate priorities for 2015/16 and
beyond.
2.
Key points
This report describes the activity and key findings from Internal Audit work in the
year to 31st March 2015. It also contains information about work planned and
other issues relevant to 2015/16.
1
2
The opinion is that the overall framework of the Council's financial and business
control systems, processes and its management of assets is sufficiently sound
to provide an adequate control environment.
This Committee also needs to review, and indicate that it is content as regards,
the effectiveness of its systems of internal audit.
3.
Implications for the Council
None directly.
4.
Consultees and their opinions
None.
5.
Officer recommendations and reasons
(a) The Committee confirms it is content with the effectiveness of its internal audit
function, and notes its conformance with Public Sector Internal Audit Standards.
(b) The Committee notes the report and considers if further action is sought on any
matter identified.
(c) The Committee approves the Audit Plan for 2015/16.
(d) The Committee authorises the Head of Audit and Risk to amend the Audit Plan
if necessary to take account of unplanned work and investigations and report
these variations as a part of quarterly reporting.
(e) The Committee reaffirms the Audit Charter for 2015/16
6.
Cabinet portfolio holder recommendation
Not applicable
7.
Next steps
None.
8.
Contact officer and relevant papers
Martin Dearnley, Head of Audit & Risk 01484 221000 (73672)
The Annual Report is attached.
Background papers –
Annual Report of Internal Audit 2013/14.
Internal Audit Charter (2015)
2
3
KIRKLEES COUNCIL
FINANCIAL MANAGEMENT, RISK, IT & PERFORMANCE SERVICE
INTERNAL AUDIT
ANNUAL REPORT OF INTERNAL AUDIT 2014/15 & AUDIT PLAN FOR 2015/16
1.
Introduction
1.1
This report assesses the adequacy and effectiveness of the Council’s internal
control environment during 2014/15 and provides a summary of the activities
and performance of Internal Audit during the year. It also contains information
about work planned and other issues relevant to 2015/16. A plan for 2015/16 is
appended for approval.
2.
About Internal Audit
2.1
The scope of Internal Audit's activity is established by the Council's Financial
Procedure Rules and the Internal Audit Charter (originally approved in
September 2013, and amended in February 2015). These rules include a right
for internal audit to have free and unrestricted access to carry out work as is
considered by the Head of Audit and Risk to be appropriate.
2.2
Internal Audit reviews the councils’ framework of business systems and
controls, although the majority of time is spent assessing arrangements for
financial control. Time is also spent investigating allegations that the Council’s
business activities may not be operating in the ways intended and on work
related to value for money, business process re-engineering, contracting
strategy and contractor appraisals, and resolving a range of finance and control
related issues (the most significant of which are reported in our quarterly
reports). During 2014/15 we have continued to spend significant amounts of
time either auditing, or carrying out consulting work in connections with the
Council’s new business control system (SAP).
2.3
Quarterly Reports on the activities of Internal Audit have been provided to the
Corporate Governance and Audit Committee. These reports provide information
about major and special investigations and –in 2014/15- an opinion (between
‘good’ and 'very unsatisfactory') of each of the programme of audits designed to
provide assurance about systems, processes and establishments, locations and
schools.
2.4
“Unsatisfactory” means a single major weakness or many minor weaknesses in
operations, processes or controls at the time of the audit. Implementation of the
agreed recommendations should provide a satisfactory degree of control in all
cases. Information on follow up of earlier internal audit work is also provided.
3
4
3.
Summary of Audit Work in 2014/15
3.1
The overall proportion of work which identified that systems or operations were
"unsatisfactory" was 8% which is lower than last year (14%). The statistics are
however distorted somewhat by a number of pieces of work which are
completed, but not yet agreed with management, which appear to be likely to be
unsatisfactory (and which would, if included in these statistics make the overall
unsatisfactory outcome 10-12%). Opinions are no longer offered on
investigations; by their nature these had a higher propensity to be
“unsatisfactory”.
Days spent on audit work
Financial and business
processes and systems
examined
Location, establishment,
schools audits undertaken.
Follow up audit work carried
Investigations into irregularity
Management, governance or
value for money studies
Grant audits, consultancy,
projects
Completed formal tasks
Overall proportion of work
found "unsatisfactory"
2014/15
2013/14
2012/13
2011/12
2010/11
1844
67
2,083
87
2,194
51
2,484
71
2,637
88
70
79
77
79
115
13
8
1
21
10
2
13
19
3
16
16
3
10
8
2
7
8
6
9
10
166
8%*
207
14%
169
19%
194
15%
233
9%
(more detail appears in Appendix 7)
2014/15 2013/14
% Unsatisfactory by
total
directorate
Resources
Children & Adults
Place
Community, Transformation &
Change
Public Health
8%
14%
notes
0%
7%
6%
33%
5%
12%
17%
17%
Small sample (3)
42%
0%
Small sample (7)
3.2 The state of the Council’s overall business control environment is demonstrated
by the extent to which the key financial systems and other financial systems are
found to be satisfactory when audited. The percentage that were unsatisfactory
in 2014/15 – 11% - was slightly higher than last year. However, this perhaps
overstates the degree of failure, as none of the key financial systems operated
by Resources were identified as unsatisfactory, and a number of erroneous
areas related to similar features in contractual management by Public Health, or
4
5
to procurement related matters, one of which involved (in part), conclusions in
respect of a service review of the use of SAP; a cross council review of the SAP
found that in other areas arrangements were overall, generally satisfactory.
3.3
Three of the 44 school audits resulted in an unsatisfactory opinion; review of
nursery grant (to, mainly) privately operated nurseries found a slightly higher
rate of unsatisfactory.
3.4
Each year there are a number of investigations that relate to matters principally
of alleged financial irregularity, some reported by management, others by
various forms of allegation or whistle-blowing. This year, there have been
investigations into the loss of catering income at an extra care facility, two
investigations into matters of staff behaviours, (one largely proven, and the other
unfounded) and a further cash theft, by armed robbery, at the facility reported
has having very poor financial arrangements last year. Of concern this year has
been the theft of a number of vehicles, where additional care would have
enabled the theft to be mitigated, or assisted with any police investigation.
Actions have been taken in an attempt to address the control weaknesses that
existed in arrangements.
3.5
A substantial amount of audit time has also been spent on:
•
•
•
•
•
•
•
•
•
Support to Governance and control arrangements, generally
The annual governance statement
Information governance- which was subject to an Information Commissioners
audit during the year
Monitoring and updating Contract Procedure Rules (CPRs) and Financial
Procedure Rules (FPRs)
Financial appraisal and scoring of applicants for contracts, and other aspects of
assessing or approving the Council’s contractual arrangements
National Fraud Initiative
Forming a part of the Whistleblowing assessment process by carrying out initial
assessment of whistleblowing to decide on the extent to which an allegation
may have sufficient merit to justify further investigation.
Verification/certification relating to grants, and minor charities (including the
government’s Stronger Families initiative).
Assessing write off arrangements/testing proposed debt write-offs.
3.6
Routine audit work has identified a number of procurement related issues during
the year, and the involvement in monitoring and assistance has recognised
others; there are some areas where re-procurement processes have gone
wrong during the year, and others where –particularly in relation to appointment
of consultants- CPR compliance has been compromised.
3.7
Internal audit work was undertaken on behalf of Kirklees Neighbourhood
Housing (a wholly owned Council subsidiary) as agreed with their management.
This is in addition to that for the Council concerning the income and expenditure
relating to the Housing Revenue Account. KNH has its own Audit Committee
which considers internal audit work in relation to its operation of the HRA and
the company.
5
6
3.9
Work has also been performed in relation to Kirklees Active Leisure, partially
under contract to that organisation, and partly as a part of client side monitoring.
Although overall arrangements were adequate, there was scope for
improvement in some areas.
3.10
An annual review by Internal Audit needs also to consider risk management.
Benchmarking with a group of other Authorities assessing our approach to risk
management (assessed against a set of 7 standards prepared by CIPFA/Alarm)
indicates that the Council retains the “working” rating. It was in the lowest
quartile, and often in the lowest decile, in all but one of the categories (and
below average in the seventh). Only 6 metropolitan districts participate,
alongside 15 other unitary authorities (including Scottish and London boroughs),
5 counties and various single purpose authorities.
Benchmarking must be accepted as something that provides a tool for gaining
awareness; it does not provide absolute answers. It is also true that the Council
has not suffered significant adverse effects from unidentified risks from its
operations. Nevertheless this suggests that there is scope for the Council to
improve this aspect of its overall business control arrangements, and action is
planned to link the risk management approach to corporate reporting in
2015/16.
3.11
During 2014/15 we have carried out some work on a shared basis with
Calderdale Councils’ internal audit team. This has been about sharing
information, audit programmes, knowledge, reports, with some useful finding
about comparability, and difference. Appendix 6 sets out information about this
work.
3.12
The intention had been to complete 204 pieces of work this year; this was
ambitious in relation to previous years plans (2013/14 ;182) particularly given a
reduction in resources, and the overall outcome of 148 pieces of planned work,
plus a further 16 closes substitutes means an overall achievement of 80%,
which is perhaps slightly disappointing(The target was 90%); as noted in 3.1
above there are a number of pieces of work “in progress” that are essentially
completed, and had these been included overall plan achievement would have
been somewhat better.
3.13
As noted in 2.1 the Council’s Financial Procedure Rules and the Ethos and
Strategy document allow Internal Audit unrestricted access to consider areas of
activity as they see fit in providing this audit opinion. At no point during the year,
has any officer or Member sought to influence or restrict the scope or areas of
activity of any piece of work, and that the conclusions reached in the work are
those of Internal Audit.
3.14
From work during 2014/15 the vast majority of the Council’s financial and
business controls that were examined were sound and effective, and we
conclude that (subject to the observations above) the Council can be considered
to have an adequate control environment.
6
7
4.
Resources, Benchmarking and Performance Measures of Internal Audit
4.1
During 2014/15 the Internal Audit function net cost was approximately £640,000.
Benchmarking information for 2013/14 indicated that costs remain below
average, although changes to overhead allocations, and earlier actions by some
authorities to down size their IA activity (not all of which are in any event
comparable) has compromised our location at or below lower quartile on most
measurement criteria.
4.2
The main performance statistics for the year are:
Target Actual Actual Actual Actual
14/15 14/15 13/14 12/13 11/12
Work completed within time
80% 81% 79%
69% 78%
allowed
……………………………………………………
Draft reports issued within
85% 90%
92%
90%
90%
10 days
……………………………………………………
Post audit questionnaires were issued to all clients. Not all were returned but
those which were suggested “98%” satisfaction(against a target of 90%) using a
regionally agreed methodology.
Internal Audit has a documented quality control system in place. This identifies
over 30 criteria that each piece of work must meet. A number of pieces of work
were subject to review. All of the work reviewed during 2014/15 passed the
thresholds.
5
Effectiveness of the system of Internal Audit
5. 1
The Accounts & Audit Regulations (England) 2015 require an authority to
conduct an annual review of the effectiveness of their system of internal audit.
This supports the ability to utilize the opinion of the Head of Internal Audit on the
internal control environment as a key source of evidence in the Annual
Governance Statement.
5.2
Financial Procedure Rules require the Director of Resources to review the
systems of internal audit. In addition, the Public Sector Internal Audit Standards
make it a responsibility of the Head of Internal Audit to carry out periodic internal
reviews and every 5 years have an external review of the internal audit function,
and report these to this Committee. The standard is complex and the
recommended evaluation criteria (as codified by CIPFA) are quite cumbersome,
and some are difficult to evaluate. An independent internal review against the
PSIAS requirements was carried out at in March 2014. A strategic review
against the CIPFA criteria has been carried out in April 2015 by the Head of
Audit & Risk. This identifies some areas for potential improvement, and are
shown as appendix 5.(& progress against those listed last year is shown as
appendix 5A) Subject to these matters there are no evident matters of nonconformance that need to be reported.
7
8
Members can gain some assurance from this review, and form their opinion
from a number of routes and strands including their assessment of this and
other reports (particularly the four quarterly reports) to the Corporate
Governance & Audit Committee.
They can also gain assurance provided in respect of 2014/15 based upon
factors such as performance indicators, quality assurance, client satisfaction
and consultation with senior management. (These are listed in more detail at
Appendix 6)
5.3
This Committee approved a new Charter for Internal Audit in February 2015.
6.
Internal Audit in 2015/16
6.1
The proposed Audit Plan is attached as Appendix 1. The plan is risk based,
taking account of the Strategic Audit Plan in which Members have asked that all
activities of the Council are reviewed over a rolling five year period, combined
with new and emerging risks as identified by the corporate risk management
process and individual directorate concerns and priorities. The schedule of key
systems, organisational and business controls is attached as Appendix 2. The
performance targets for Internal Audit are at Appendix 3.
6.2
Priorities for 2015/16 will include;
a) Concentrating on high impact activity- high value or high risk, whilst continuing
to ensure that the organisation’s core systems and its basic financial operations
are not compromised during a period of continuing substantial reorganisation
and change.
b) Work to ensure that organisational processes are fit for purpose, but not
unnecessarily burdensome or complex.
c) Carrying out work contributing to the organisational objective of understanding
and improving value for money.
d) Identifying an appropriate approach to corporate reporting and investigation of
potential fraud and similar, including clear instructions to senior and operational
managers about reporting such matters.
e) Assisting in the improvement of risk management processes
6.3
The Council is making reductions in its costs, and the organisation will be
different as a result. Internal audit activity needs to be scaled to reflect the size
of the organisation (although there is evidence that smaller organisations tend to
spend slightly more as a percentage of overall budgets on internal audit work).
The overall resources available to Internal Audit are sufficient in 2015/16, but
some parts of the Council’s nominal budget, that comprise a large call on audit
resources, will be largely unaffected by these reductions (e.g. schools, HRA).
Benchmarking suggests that the IA team is already comparatively small. There
are some opportunities to make reductions in activity, but there are also some
minimum obligations about compliance and demonstration of the overall integrity
of business systems.
8
9
6.4
During 2015/16 benefits related fraud investigation work is to move to the Single
Fraud Investigation Service (a part of the DWP). There is some need to retain
capacity to do some other outward facing investigation work, and it is intended
that for the time being this will (continue to) be managed through the Customer
& Exchequer Service
6.5
The work alongside Calderdale will continue in 2015/16, a programme of
proposed joint work having been agreed aligning with the Audit Plans of each
authority. (appendix 6)
6.6
The report commissioned by the government into Rotherham Council made a
number of comments about arrangements for assessing internal business
control arrangements. These potentially create a need for a much more
thorough set of arrangements to understand and review (audit) the overall
control environment. Work needs to be progressed during 2015/16, to assess if
there are overt risks in the approach used hitherto, which may necessitate some
realignment of the Audit Plan (from financial to none financial operational risk).
6.7
2015/16 is likely to be another challenging year for the Council, and internal
audit will use its skills and knowledge to both assist, and oversee progress.
6.8
The revised Audit Charter- agreed at the February 2015 meeting of this
Committee- establishes a new style of reporting and new assessment
categories for work based on an assurance framework (substantial assurance,
adequate assurance, limited assurance and no assurance), so future quarterly
and annual reports will reflect this categorisation.
7.
Conclusions
7.1
This report has summarised the activities of Internal Audit during 2014/15.
Detailed information has been provided to Corporate Governance & Audit
Committee during the year.
7.2
There is sufficient evidence to demonstrate that the Council’s system of internal
audit is effective and that the opinion of the Head of Audit and Risk on the
internal control environment can be relied upon as a key source of evidence in
the compilation of the Annual Governance Statement.
7.3
The proportion of audit work which resulted in an assessment of the routine
system/process examined as "unsatisfactory" is 8%(although there are some
caveats to this, and the true figure is somewhat higher)
7.4
Review of the financial governance, risk management and controls and
overview of the business systems controls have not identified any significant
issues whereby any significant risks remained un-addressed.
7.5
The opinion from the work performed-the scope of which does not presently
cover every area of entity risk- is that, although there are some weaknesses in
some systems of control, the overall framework of the Council's business and
9
10
financial systems, processes, controls, its management of assets, and its risk
management arrangement remains sound.
7.6
It is concluded that overall the Council has an adequate and effective control
environment.
8.
Annual Governance Statement
8.1
Information generated by Internal Audit forms a key part of the Council’s
assessment of the quality of its organisational and business controls and the
degree of assurance that can be placed upon their operational effectiveness.
This information is used in preparing the Council’s Annual Governance
Statement which accompanies the Statement of Accounts. In view of the
positive opinion that the Council’s arrangements provide an adequate and
effective control environment there are no issues that need to be specifically
highlighted in the Annual Governance Statement for 2014/15.
Contact Officer
M E Dearnley - Head of Audit &Risk – 01484 221000- x 73672
10
11
APPENDIX 1
INTERNAL AUDIT PLAN
2015/16
11
12
KIRKLEES COUNCIL
INTERNAL AUDIT PLAN
2015/16
PSIAS format
Prefix Code
A= PSIAS Assurance
C= PSIAS Consultancy
AC= Assurance is core objective, but the conclusions are intended to address
wider issues
V= Verification
O= Other work
Suffix Code
•
denotes a key audit
fu denotes a follow up audit
Additional unplanned work is carried out as necessary on any service area to address
issues and investigations. If this time became significant it would be formally varied as
a part of the plan. Its categorisation is O or A.
PSIAS standards require that any variation that affects delivery of the assurance
based audit plan should be formally recorded. Any additional C categorised work
should only be accepted where this will not impact on delivery of the A based plan.
Internal Audit is a service to the Council’s management (Members and officers).
It exists to provide assurance to the Council that its governance framework is working
to achieve its key priorities, and it has a robust and effective internal control
environment of financial, business and performance management controls.
Internal Audit is required to operate to the Public Sector Internal Audit Standards.
This is a substantial framework of requirements about how it must operate, and fulfil
its objectives, with a view to reaching conclusions each year on the overall success
of the organisation’s control environment. There is a requirement to produce
an Audit Charter which the Council’s Corporate Governance & Audit Committee
must reaffirm each year.
12
13
DIRECTORATE FOR CHILDREN & YOUNG PEOPLE
LEARNING & SKILLS
A High Schools (•) x 8
A Special Schools x 1
A Primary Schools x 40
A Free Early Education and Care (FEEC) Audits x 20
A Parent Pay
A Teachers’ Salaries (•)
AC Use of Transport
A Risk Management (•)
A School Admissions (•)
C Contracting Systems
FAMILY SUPPORT AND PROTECTION SERVICES
A Direct Payments (•)
A Purchasing Card Procurement (•)
A Risk Management (•)
A Elm Grove Children’s Home
AC Children’s Centres x 7
A Integrated Youth Support Service
Financial Administration
Purchasing Cards
Service Level Agreements
13
14
DIRECTORATE OF COMMISSIONING, PUBLIC HEALTH AND ADULT SOCIAL CARE
SOCIAL CARE & WELL-BEING FOR ADULTS
AC Better Care Fund (•)
A Risk Management (•)
AC Agency Staffing (•)
A Debtors (•)
A Assessment of Care
A Amenity Funds
A Service Users Monies System (fu)
A Direct Payments (fu)
AC Independent Residential Homes (•)
AC Deferred Charges
AC Absence Management
COMMISSIONING & HEALTH PARTNERSHIPS
A Risk Management (•)
A KICES
V Stronger Families Claims (•)
PUBLIC HEALTH
A
A
A
A
A
A
GP and Pharmacy Contracts (•)
Substance Misuse Contracts (•)
Risk Management (•)
Sexual Health Services Contracts (fu)
Weight Management Services Contracts (fu)
Smaller Procurements (fu)
14
15
DIRECTORATE FOR COMMUNITIES, TRANSFORMATION & CHANGE
A Risk Management (•)
COMMUNITIES AND LEISURE
A Procurement (fu)
SUPPORT SERVICES
AC E Learning
AC Recruitment and Selection
15
16
PLACE DIRECTORATE
HOUSING & BUILDING SERVICES
(see also HRA Plan)
A
A
A
A
A
A
A
Building Services Income
Increased service demand & Housing Register management •
Building Services Central Stores
Delivery of Repairs & Maintenance Contract •
Building Services Use of Agency Labour
Temporary Accommodation
Building Services Private Work Programme Expansion
INVESTMENT & REGENERATION
A
A
A
A
A
A
A
A
Taxi Licensing (& CSE) •
Planning Consent & Income •
Use of Agency Labour
Developers failing to meet their planning obligations
Public Rights of Way Network management
Tour de France Legacy •
Markets Income
Dewsbury Townscape Heritage Initiative Grants
PRP & STREETSCENE
A
A
C
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
Waste Management Contract Payments •
Impact of Waste Growth •
Highway Network Asset Management Review
Highway Framework Contracts
Corporate Procurement of Agency Labour & Usage (principally Highways) •
Energy Procurement & Usage •
Commercial Estate Income
Estates Contracting Procedures
Cemetery Safety
Control of Buildings Management budget
Vehicle & Driver Hire
PRP Consultants Framework Contract
Highways Stores fu
Highways Materials Procurement
School Transport fu
Obsolete & Dangerous Park Lighting
Falling Trees
Town Hall Bars & Catering
16
17
DIRECTORATE OF RESOURCES
CUSTOMER & EXCHEQUER SERVICES
A
A
A
A
A
A
Benefits / Council Tax Reduction Scheme •
Revenues – billing & Council Tax valuation •
SAP Debtors •
SAP Creditors•
SAP Payroll •
SAP Procurement•
AC
A
A
A
A
A
AC
Income Collection – Review of payment methods & contracts
Discretionary Housing Payments
Write-offs
Counting Centre
Kiosk Income Collection & Reconciliation
Halls Letting Income
Town Halls Booking Process Review
FMRITP
A
A
A
A
A
A
A
Bank Reconciliation •
FPRs - Financial Management Compliance •
Treasury Management •
Risk Management •
SAP Ledger Controls •
Insurance Claim Processing
New Bank Contract
A
A
A
AC
AC
A
A
A
A
AC
IT Control Environment •
SAP Security •
Network Access Controls •
Disaster Recovery Plan •
Software Licencing •
Risk of ineffective IT Contractor / Supplier Management •
Mobile & Flexible Working IT Security •
Unified Threat Management •
Website / Intranet maintenance & development control
Mobile Phones & Devices
LEGAL, GOVERNANCE & MONITORING
A
Constitution – Delegation Scheme •
Overview & Scrutiny •
Member / Officer Protocol •
A
Electoral and election related matters
A
Civic Silver fu
17
18
CORPORATE
A
A
A
A
A
A
A
A
National Fraud Initiative 2014/15 •
Information Governance & Security •
Business Continuity / Emergency Plan •
Counter Fraud & Corruption (post Single Fraud Investigation Service transfer) •
Impact of reduced Repairs & Maintenance •
Partner’s Financial Failure •
Officer Declarations of Interest •
Health & Safety •
18
19
APPENDIX 2
INTERNAL AUDIT
KEY SYSTEMS AUDIT AREAS 2015/16
Financial Systems & Controls
Payroll (SAP)
Housing Rents
Debtors (SAP)
Procurement / Creditors (SAP)
Payments for Social Care
School Payments
Treasury Management
Council Tax
NDR
Benefits / Council Tax Reduction Scheme
Internal Recharging - Building Maintenance
Key Organisation & Business Controls
Code of Corporate Governance
Contract Management
HR Operations
Risk Management
IT Controls
Partnership Governance
Emergency & Business Continuity Planning
Information Security
Health & Safety
19
20
APPENDIX 3
INTERNAL AUDIT PERFORMANCE TARGETS 2015/16
Objectives
Performance Measures
Achieve planned audits or near substitute
each year, and full coverage over 5 years.
Achieve each planned audit within
budgeted time allowed
90% of planned priority
audits achieved
80 % of planned work
achieved within initial time
budget
90% good or better
responses to customer
questionnaires
85% of draft reports issued
within 10 days of
completion of site work
Achieve high level of work quality and
customer satisfaction
Delivery of completed audit work
APPENDIX 4
INFORMATION TO ASSIST WITH DETERMINATION OF THE
EFFECTIVENESS OF THE SYSTEM OF INTERNAL AUDIT
The Accounts & Audit Regulations (England) 2011 require Authorities to conduct an
annual review of the effectiveness of their system of internal audit.
Possible sources of information to assist in this determination include:
• performance indicators (report section 4.2)
• CIPFA Benchmarking (report section 4.1 & additional note below)
• client satisfaction (report section 4.2)
• quality assurance (report section 4.2)
• consultation with Director of Resources and Directors
• compliance with the Public Sector Internal Audit Standards.
Internal assessment (report section 5.2 and appendix 5)
Benchmarking (by CIPFA) for 2014 is available, but as the numbers participating in
continue to reduce the value has declined; we are not participating in 2015.In
comparison with our geographical neighbours, pro-rata to size and responsibility(eg
only 1 of 4 neighbours has a HRA) these teams remain similarly sized, or larger, than
the current Kirklees operation.
20
21
APPENDIX 5
Recommendations from the (Head of Internal Audits own) Annual Review of
Internal Audit- 2015
1
2
3
4
5
6
Recommendations
Actions
Date
Managers should consider if
rotation of some roles would
benefit the overall quality,
outcome etc of IA (psias3.3)
Check that arrangements to
review IT areas are adequate
given recent staff changes
(3.3)
Reassessment of overall risk
base and map of KMC, and
how this impacts on the audit
plan, considering what areas
are considered to constitute
business risks and how they
should be controlled and
assessed (4.1);
Communicating IA outcomes
to all stakeholders (especially
Cabinet)(4.2)
Understanding of extent to
which CAEs role in risk
management may be an
advantage, and a conflict(4.2)
Work with Calderdale should
be covered by a sharing
protocol(4.3/5)
CAE & Au Ms to discuss
and agree extent to which
they may be an advantage,
or otherwise
CAE & AuM responsible to
agree revised approach,
and to highlight if this
results in risks
An overall reassessment of
what the real entity risk are
and how these are
understood, controlled and
appraised is quite a
significant task;
CAE & Au Ms
July 15
CAE to circulate report
more widely
June 15
Protocol to be prepared
(jointly) and shared with all
staff involved
July 15
Progress
June 15
Summer
15
All of the actions are the responsibility of the Head of Audit & Risk supported by the Audit Managers
21
22
APPENDIX 5A
Review of progress in implementing the recommendations from the (internal)
Annual Review of Internal Audit- 2014
Recommendations
Actions
Date
To ensure that compliance
with the standards is
supported by quality
control processes to
ensure that the outputs
from the audit section are
effective.
To highlight to Senior
Management the potential
risks associated with the
current position in the
management hierarchy of
the CAE.
To ensure that the level of
detail included in reports
and working papers
reflects the direction
provided in the PSIAS.
Agreed- addressing other
recommendations should
assist this
Summer
14
Noted; Head of Audit & Risk to
consider issue with Chief
Executive and Director of
Resources
July 14
Recognised
4
To consider reviewing the
current process for
developing the annual
audit plan
Summer
14
5
To consider reviewing how
unplanned engagements
are reported, i.e. it may be
appropriate to reflect these
in the annual audit plan at
the expense of previously
agreed engagements.
Agreed. There will be
discussion with senior
managers about their
expectations from IA. This will
then be balanced with the
obligations regarding
compliance with PSIAS
requirements, in determining
plan mix, methods of reporting
etc, which can be considered
by CGAC in the Summer
Agreed. Reporting will more
overtly state where an audit is
a substitute, and the
opportunity cost
New
arrangements
for reporting
(and
recording)
agreed from
April 2015
Additional
efforts made
in preparing
2015/16 plan
to reflect
“needs” and
“key risks” to
the
organisation
6
To consider the
introduction of lead
schedules in order to aid
the clarity of working
papers and move towards
a more concise audit
report.
To ensure that the QA
Manual is updated to
reflect the PSIAS and the
IA Charter.
Agreed
June 14
Agreed and updating in
progress
June 14
1
2
3
7
The contents of IA reports, and
the split of detail contained in
reports v working papers will
be addressed through 4
July 14
(from
QR1
14/15)
Progress
Quarterly
report now
includes
information
about
changes in
resource
deployment
New
arrangements
for reporting
(and
recording)
agreed from
April 2015
Done
All of the actions are the responsibility of the Head of Audit & Risk supported by the Audit Managers
22
23
APPENDIX 6
CALDERDALE COUNCIL
INTERNAL AUDIT
KIRKLEES COUNCIL
INTERNAL AUDIT
JOINT WORKING 2014/15
1. During 2014/15 the Internal Audit teams of the two authorities have been working
together on a number of projects.
2. Although the Councils’ have identical functions (+Kirklees retains also a HRA
operation), and many cultural similarities, the methods of service delivery have evolved
differently over the years, with generally more outsourcing by Calderdale.
3. Notwithstanding this there are many areas with similar audit features and risks, and it
has been possible to identify a programme of working together that fits the risk profiles
of each authority.
4. Staff have carried out work within their own authority (given their familiarity with local
IT systems, procedures etc) on the basis of agreed common objectives, and with a view
to comparing findings and identifying best practice. In some cases the work actually
carried out has then been extended on a discrete basis to reflect local arrangements
and needs. In making arrangements it has been important to ensure that the costs of
carrying out the sharing do not exceed the value that can be achieved by working
together.
5. Different projects have progressed in different ways with different outcomes.
Sometimes the simple sharing of practice and methodology has improved the product
(eg Kirklees adopted the Calderdale approach to reporting risk, whereas Calderdale
incorporated some of the analytical approach used by Kirklees).
6. Not all the original planned work has progressed to completion, but many have
identified areas of commonality and others methods for improving practice. The work
areas and the general outcomes are set out in detail below, but issues identified
include;
• Each authority could improve its arrangements for monitoring and recovery of
direct payments to care clients.
• Calderdale have a simpler system for school staff absence cover. Kirklees could
benefit from a simpler system too.
• Kirklees have a more thorough system of governance for the Stronger Families
project, but Calderdale on the ground delivery appears more effective.
• Both Kirklees and Calderdale have been reviewing their arrangements for home to
school transport. Scope in both authorities to revise some arrangements.
7. It proved impractical to achieve coordination of some pieces of work intended for
mutual activity. One piece of work is ongoing.
8. By working together the authorities have been able to identify examples of good
operational practice, comparative information about activities and to share effective
techniques for audit work.
9. A further programme of work has been identified for mutual working in 2015/16.
23
24
PIECES OF JOINT WORKING IN 2014/15
School Transport Policy & Practice
Direct Payments for Social Care
Stronger Families Project
School Staffing Cover Insurance Scheme
Business Rates (in progress)
Fostering placements (not completed together-C only)
Public Health (not completed together- K only)
Corporate Risk Management arrangements
PROPOSED PIECES OF JOINT WORKING IN 2015/16
Agency Staffing (all Council)
External Placements of Older People
Childrens Centres
Transport Services
Better Care Fund
Declarations of Interest
Officer Travel Expenses (processing)
Council Tax Reduction scheme
Fraud Verification (Blue badge, social tenancy etc)
Deferred Payments (Care Act)
Business Continuity
Calderdale are also to carry out some exploratory work associated with the use of digital
mapping as an audit technique, where outcomes will be shared with Kirklees.
24
25
APPENDIX 7
TABLE OF ACTIVITY OF INTERNAL AUDIT 2014/15
Number of days spent on
audit work
Number of processes and
systems examined
Percentage found
"unsatisfactory".
Number of location/
establishment audits
undertaken.
Percentage found
"unsatisfactory"
Number of school audits
undertaken
Percentage found
"unsatisfactory"
Follow up audit work carried
out
Percentage where progress
was "unsatisfactory"
Number of business control
audits undertaken
Percentage found
"unsatisfactory"
Number of investigations
into irregularity
Number of management,
governance or value for
money studies
Number of grant audits,
consultancy, projects
Completed formal tasks
2014/15
2013/14
2012/13
2011/12
2010/11
1844
2,083
2,194
2,484
2,637
55
67
35
52
79
11%
9%
9%
12%
14%
26
36
52
41
40
8%
14%
15%
7%
13%
44
43
25
38
75
7%
13
7%
21
8%
13
5%
16
1%
10
8%
5%
23%
6%
0%
12
20
16
19
9
0%
20%
0%
21%
0%
8
10
19
16
8
1
2
3
3
2
7
8
6
9
10
166
207
169
194
233
14%
19%
15%
9%
Overall proportion of work 8%*
found "unsatisfactory"
* The statistics are potentially distorted in 2014 /15 because;
- a number of pieces of work which are completed, but not yet agreed with
management, appear to be likely to be unsatisfactory (and which would, if included in
these statistics make the overall unsatisfactory outcome 10-12%).
- investigations are no longer given an outcome rating; they were in general more likely
to be “unsatisfactory”
25