ITEM AU6
AUDIT COMMITTEE – 22 APRIL 2009
REVIEW OF THE EFFECTIVENESS OF THE SYSTEM OF INTERNAL AUDIT 2008/09
Report by the Monitoring Officer
Introduction
1. As part of the Council’s assurance process for the Annual Governance Statement, and in accordance with the requirements of the Accounts and Audit Regulations 2003 as amended in 2006, this report reviews the effectiveness of the system of internal audit undertaken by the Council.
2. At the request of the Audit Committee this review has been conducted by the Council’s Monitoring Officer.
3. This report outlines the statutory requirements for the review, the methodology used, and the overall findings and conclusions. The focus of this report is primarily on the role of the Internal Audit Team; whilst the system of Internal Audit is wider than that of just the Internal Audit Team, it is encompassed within the overall Annual Governance Framework that is separately considered by the Audit Committee.
4. There are actions for improvements identified in this report that have been agreed with Assistant Head of Finance (Audit), (AHOF (Audit)) who is taking responsibility for their implementation. It is recommended to the Audit Committee that progress on implementation should be reported to the Audit Working Group by the AHOF (Audit) as part of the Internal Audit quarterly reports.
Background
5. The Accounts and Audit (Amendment) (England) Regulations 2006 came into force on 1st April 2006. They included a change in respect of Internal Audit:
Regulation 6 requires bodies to review the effectiveness of their system of internal audit once a year and for the findings of the review to be considered by a committee of the body, or by the body as a whole, as part of the consideration of the system of internal control referred to in regulation 4.
6. The Department for Communities and Local Government (DCLG) issued guidance on the new regulation:
· Review of internal audit: On the requirement for an annual review of the effectiveness of the system of internal audit and for a committee of the body to consider the findings the guidance says that this process is also part of the wider annual review of the effectiveness of the system of internal control.
7. In January 2009, the CIPFA Audit Panel produced further guidance on reviewing the System of Internal Audit, suggesting the following areas should be reviewed:
§ The process by which the control environment and key controls have been identified - the organisation’s risk management system; § The process by which assurance has been gained over controls – its coverage of the key controls and key assurance providers; § The adequacy and effectiveness of the remedial action taken where there are deficits in controls, which will be led by the audit committee or its equivalent and implemented by management; and § The operation of the audit committee and the internal audit function to current codes and standards.
8. The Audit Committee annually reviews the process for reviewing the effectiveness of the system of internal audit. At their meeting on 21 January 2009, the Committee considered the new guidance and agreed that there is duplication with the Council’s Annual Governance Framework and the Use of Resources assessment, in particular relating to assurance on the risk management system, and the operation of the Audit Committee; it was therefore agreed by the Committee that the focus of its annual review of the effectiveness of the system of internal audit should remain the same as the last two years, looking at the Internal Audit Service. The Committee authorised the Monitoring Officer to conduct the review and report back to the Audit Committee.
Methodology
9. The review has been conducted primarily as a desk top exercise with the collation of evidence from the Assistant Head of Finance, (Audit); by reference to Committee reports on the Councils intranet site from both Internal and External Audit; by reference to progress reports on Internal Audit presented to the Audit Working Group (attended by the Monitoring Officer); and by canvassing the views of Directors and Heads of Services by way of a questionnaire.
Findings
10. 2008/09 has been a year of relative stability for the Internal Audit Team, building on the continuous improvement demonstrated since 2006/07.
11. The management team remained unchanged during the year, and the service has benefited from this continuity, in particular the permanent appointment in February 2008 of the Audit Manager.
12. There has also been very little change to the team. A new post of AAT Trainee was filled in December 2008, to support the strategy of “growing our own”; and in February 2009, the Principal Auditor for Schools was released on a 6 month secondment to manage the School Support Team through their transition period. Although through the secondment the team has lost an auditor of considerable knowledge and skill with regards to Financial Management Standards in Schools (FMSiS) and Schools finance in general, the secondment was suggested by the Head of Audit, as it will support a joint working approach that will overall strengthen the critical S151 assurance process for schools.
13. Overall these changes will strengthen the internal audit service, and with regard to the secondment, demonstrate their flexibility and can do attitude to supporting the Council in delivering its objectives.
14. The two areas of internal audit work that have been outsourced, Schools Audits and IT Audit have been successful, with delivery of both plans achieved to a good standard, with the school auditors in particular receiving excellent feedback in the post audit questionnaires.
15. There has been an increase in the number of fraud/irregularities that Internal Audit have been required to respond to. They have managed to absorb this unplanned work without impacting on the overall Internal Audit Plan. However this has created a pressure in the final quarter which has resulted in some delays in producing management reports arising from investigations. No one can predict when whistle blowing or frauds will occur, but the team would benefit from introducing performance targets for carrying out and reporting investigations, that should be reported on to the Audit Committee.
Action: The AHOF (Audit) should identify a performance target for the length of time taken between initiating an investigation and reporting on the findings, and should report on performance against the target quarterly to the AWG.
16. This report has been compiled before the year end, but the team in on target to substantially achieve its target of issuing all draft reports before 31 March 2009 and issuing all final reports before 30 April 2009. This is a significant achievement and demonstrates the progress that has been made since change to the provision of the internal audit service in September 2005.
17. The review has considered the performance of Internal Audit in the following areas:
Compliance with CIPFA Code of Practice
18. The AHoF (Audit) has completed a self assessment against the CIPFA Code of Practice for Internal Audit 2006. The self assessment has also been presented to the Audit Working Group (9 April 2009) for their consideration and comment.
19. The internal self assessment and sources of evidence provided, confirms that the service is being delivered in compliance with the Code. There remains a small number of instances where the adherence to the standard is either identified as partial or not met, including two actions outstanding from last years review. The issues are not materially impacting on the delivery of an effective internal audit, they are to with the documenting of processes, however target implementation dates have been agreed as 30 June 2009:
ACTION - The Audit Manual requires a comprehensive update.
ACTION - The Audit Charter need to be reviewed and reissued.
External Audit Reports
20. In September 2008, KPMG LLP the Councils external auditors presented their Interim Report to the Audit Committee. This included details of their review of the arrangements and controls that ensure an adequate system of internal financial control is in place, including an effective internal audit service. No material issues or concerns were raised.
21. Internal Audit has developed a good working relationship with KPMG, our outgoing External Auditors. It is important that the AHOF (Audit) quickly establishes a similar relationship with the new External Auditors from the Audit Commission. KPMG and Internal Audit agreed a protocol for working together, ensuring that the External Auditors could place reliance on the work of Internal Audit as part of their annual review of the Accounts. It would be good practice for a new working protocol to be established with Audit Commission.
ACTION – The AHOF (Audit) to develop a joint working protocol with the Audit Commission.
Reports to the Audit Committee
22. There are clearly defined reporting processes in place with the AHoF (Audit) reporting on quarterly performance and progress to the Audit Working Group (AWG).
23. The AHoF (Audit) also takes an annual report to the Audit Committee.
24. The reports are well received and Members are generally satisfied with the levels of information they are receiving. The section on “Follow Up” below refers to an action required for improving the process and reporting on follow ups to the AWG.
25. Whilst all reports to
the Committee were in the name of the Director for Resources, or the Head of
Finance & Procurement, they are presented by the AHoF. To protect the
independence of the AHoF, a protocol has been approved that makes it clear he
has direct access to the Chairman of the Audit Committee should he consider it
necessary. Achievement of Performance Indicators
26. The Audit Working Group receives reports every quarter on progress with performance indicators. Whilst it is clear there is improvement required across all indicators, the results are satisfactory with no areas for concern.
27. Customer satisfaction feedback is collected on completion of each audit, and this remains an area of high performance for Internal Audit. Using a scale of 1- 4, where 1 is good and 2 is satisfactory, the team is currently averaging a response of 1.3 overall for general audits, and 1.2 for FMSiS audits.
Follow Up
28. The process for following up recommendations, (now referred to as management actions), was not operating efficiently during 2008/09, and as a result a change was made within the team to give responsibility to the individual auditors who completed the audits to follow up the agreed actions. Although this change has been welcomed in the team, it is taking longer than expected to embed, in part due to the heavy workload anyway in quarter 4. The new year presents an opportunity to refocus on getting the follow up data accurate and up to date, and from this baseline it will be easier to monitor and report. One significant change to the follow up process has been the quarterly reporting to Directorate Leadership Teams, which is now embedded as a routine and enables direct reporting of issues or concerns over implementation to the Chief Officers.
ACTION – Priority should be given in the first quarter of 2009/10 to improving the recording, monitoring and reporting process for follow up within the team, ensuring there is a consistency in the approach and timeliness of the process.
Annual Survey
29. Questionnaires were sent out to 31 Senior Managers, (Directors, Heads of Service and Business Managers), to obtain feedback on the internal audit service. The response rate of 93.5% (29 responses) provides a real measure of how effective Internal Audit is for the Senior Management in the Council.
30. A full analysis of the results is attached as appendix 1 (download as .doc file) to this report. Overall the results are very good, including additional comments made in the responses that clearly demonstrate a very high degree of confidence in the Internal Audit Service. One issue raised by a small number of the respondents relates to the arrangements for the exit interview which I would recommend that the AHoF (Audit) should consider. The unedited comments are also included in appendix 1.
31. There is one result of the survey in particular that demonstrates the quality of the Internal Audit Service:
- 93% tended to agree or strongly agreed that Internal Audit recommendations in the final report are practical and address the control issues identified.
CONCLUSION
32. The evidence justifies an overall assessment of acceptable effectiveness with no significant weaknesses.
33. Areas for improvement are identified in this report and specifically identified in the CIPFA Code of Practice for Internal Audit 2006 self assessment. Progress will be monitored both by the Audit Working Group and the Monitoring Officer
RECOMMENDATION
34. The Committee is RECOMMENDED to approve the Monitoring Officer’s assessment of the effectiveness of the system of Internal Audit 2008/09.
PETER CLARKE Monitoring Officer
Background Papers: Nil
Contact Officer: Peter Clarke Tel: (01865) 323908
April 2009
|