BOROUGH OF POOLE
REPORT TO AUDIT COMMITTEE
08 APRIL 2010
INTERNAL AUDIT – TERMS OF REFERENCE, STRATEGY & AUDIT PLAN 2010/11
PART OF PUBLISHED FORWARD PLAN: YES
STATUS – GENERAL
1.PURPOSE AND POLICY CONTEXT
1.1 The CIPFA Code of Practice for Internal Audit in Local Government in the United
Kingdom 2006 (“the Code”), requires Internal Audit to:
- regularly review its Terms of Reference
- ensure its Audit Strategy is kept up to date with the Council’s changing priorities
- produce a risk based Audit Plan.
The purpose of this report is to request Members to approve the Internal Audit Terms of Reference, Strategy and Audit Plan 2010-11.
2. DECISIONS REQUIRED
2.1 Members are asked to approve:
- the updated Internal Audit Terms of Reference
- the updated Internal Audit Strategy
- the updated Internal Audit Plan 2010-2011
2.2Members are also asked to identify audits from the Detailed Audit Plan they wish to be reported in detail to future Audit Committee meetings.
- BACKGROUND
3.1The CIPFA Code of Practice for Internal Audit sets out the requirements for the provision of internal audit services within local authorities. All local authority internal audit sections are expected to comply with the Code, which is considered best practice. Compliance is reviewed by the Audit Commission as part of its assessment of Internal Audit.
3.2The Code requires a regular review of the Internal Audit Terms of Reference and Audit Strategy documents.
3.3The Code also states that the Head of Internal Audit should prepare a risk based audit plan designed to implement the audit strategy.
3.4The Internal Audit Terms of Reference, Audit Strategy and Audit Plan were last approved by the Audit Committee 2nd April 2009.
- INTERNAL AUDIT TERMS OF REFERENCE
4.1Internal Audit Terms of Reference describe the purpose, authority, responsibilities and scope of the Authority’s Internal Audit Section.
4.2The Terms of Reference have been reviewed (see Appendix A) and some minor changes made to reflect the introduction of the new Financial Regulations, and to ensure compliance with the CIPFA Code of Practice for Internal Audit in Local Government, specifically Standard 1.1 ‘Scope of Internal Audit – Terms of Reference’.
- INTERNAL AUDIT STRATEGY
5.1The Internal Audit Strategy explains how the Internal Audit service will be delivered and developed in accordance with the Terms of Reference.
5.2The Audit Strategy has been reviewed (see Appendix B) and some minor changes made, and to ensure compliance with the CIPFA Code of Practice for Internal Audit in Local Government, specifically Standard 7.1 ‘Audit Strategy and Planning – Audit Strategy’.
6.AUDIT PLAN 2010/11
6.1The draft Audit Plan for 2010/11 (see Appendix C) is split into seven activities; Core Audit & Assurance Work, Efficiency & VFM Work,Corporate Projects & Business Development Work, Partnership & Income Works, Governance Work, Service Management Work, and Non Productive Time.
6.2The majority of the audit resource (713 days) is allocated to Service Unit Audit Days within the Core Audit & Assurance Work activity. This work includes regularity audits, follow up reviews, and support/advice to managers.
6.3The regularity audits are determined using a detailed risk assessment process as detailed in the Internal Audit Risk Assessment Criteria (see Appendix D). This process scores each auditable area against a series of criteria, including materiality, system complexity, control environment assessment, and the risk of fraud and corruption. The results of previous audit work or external inspections together with issues from the corporate risk management process are also used to inform the audit risk assessment.
6.4Based on the risk assessment process and score for each auditable area, the frequency that the audit will be undertaken is determined. The highest risk areas are audited every year, others are audited every two to five years and derive the Detailed Audit Plan (see Appendix E). This process allows Internal Audit to target its resource at the highest risk areas in the Authority.
6.5Members have the opportunity to identify audits from the Detailed Audit Plan (Appendix E) to be reported in detail to future Audit Committee meetings. In order to optimise the use of Audit Committee time, it is suggested that Members limit the number of audits identified, for example, to these with the highest risk.
6.6Other activities within the Core Audit & Assurance Work are Contingency Audits (time required for specific requests from Management & Audit Committee/new risks arising/other unplanned potential control weaknesses), Special Investigations (responding to and reporting on financial irregularities/whistleblowing), Waivers/Breaches (reviewing and reporting on Financial Regulations Waivers and Breaches), Audit Planning (time required for planning audit activities across the Authority), Anti-Fraud (specific work to review effectiveness of anti-fraud measures) and Contract Audit (reviewing contract procedures across the Authority).
6.7Efficiency and VFM Work includes time allocated to support the Efficiency Review Programme (this work will involve providing professional support and constructive challenge to the relevant lead officers for each review within the programme), VFM Profiling (integration of VFM Profiling into the Authority’s annual budgetary process/cycle and ongoing identification of new efficiencies),Efficiency Target (compilation and reporting of the Council's NI179 efficiency target) and CAA Use of Resources (assisting with the Use of Resources assessment, working in partnership with the Audit Commission).
6.8Corporate Projects & Business Development Work consists of Corporate Projects (to support and develop corporate projects including Risk Management)
6.9Partnership & Income Work covers FMSiS (requested external financial management assessments on schools), LAA (requested assurance work on systems in place for Local Area Agreement funding) and Voluntary Funds (requested audits of school non-LEA funded accounts).
6.10Governance Work includes the AGS (preparation and monitoring of the Authority’s Annual Governance Statement), Corporate Management & Liaison (work with the Audit Commission, and Senior Management) and Member Liaison (Audit Committee and other Member work)
6.11Service Management Workconsists of Staff Management (staff meeting and recruitment time), Performance Management & Audit Development (monitoring/reporting on section performance & implementation of integrated risk/audit management system) and Other Management (Risk & Insurance/Procurement).
6.12Non Productive Time includes Leave/Training/Sick and Resource Contingency (to allow for staff vacancies/recruitment)
6.13The Audit Plan is updated on a regular basis, in keeping with the changing risk profile of the Authority.
6.14The Section 151 Officer (Head of Financial Services) has approved the Audit Plan. The Audit Commission have been consulted on the Audit Plan detail. Consultation with Service Unit Heads is being finalised and any significant revisions of the Audit Plan will be brought back to the Audit Committee.
6.15Internal Audit and External Audit (Audit Commission) planning is co-ordinated to take account of respective work streams and to utilise scarce resource. The Audit Commission’s work plan is outlined in their ‘Opinion Plan for 2009/10 Audit’ which is also being presented at this Audit Committee meeting.
6.16Future monitoring of the Audit Plan completion will be brought to the Audit Committee on a bi-annual process (mid and year end).
Liz Wilkinson
Head of Financial Services
Name and Telephone Number of Officer to Contact:Beccy Drummondext 3123
File:metis/committee reports/audit committee/apr 10 TOR Strategy & Plan/Apr 10 TOR Strategy & Audit Plan 1011.doc
Appendix AInternal Audit Terms of Reference
Appendix BInternal Audit Strategy
Appendix CAudit Plan 2010-2011
Appendix DInternal Audit Risk Assessment Criteria
Appendix EDetailed Audit Plan
1