Internal Audit Plan

Agenda Item No. 4

Standards and Audit Committee - 10 March 2016

Internal Audit Plan 2016/17

Executive Summary

The purpose of this report is to present the Internal Audit Plan for 2016-17 to members for approval. The annual Internal Audit Plan sets out the areas to be reviewed by Internal Audit in the forthcoming financial year. The plan takes account of the Council’s control environment and current risks.

In compiling the Internal Audit Plan, the Head of Internal Audit has reviewed the current risk profile of the Council taking into account emerging issues in the wider local government arena. Continuous assessment of organisational risks is becoming increasingly necessary given that some risks can escalate or diminish over time while others may disappear altogether or be superseded by new risks over fairly short timescales. The development and retention of shorter audit plans is therefore now considered to be better practice than long term strategic audit plans.

Members of CMG, which includes the s151 officer, have been consulted in preparing the Internal Audit Plan for 2016-17 and their views on current key risks to the Council have taken into account in its formulation. The Council’s External Auditors KPMG will have sight of the plan.

The Internal Audit Plan will be delivered by Mazars with support from Spelthorne BC for IT audit.

The draft Internal Audit Plan for 2016-17 is attached as Appendix 1.

Recommendations

The Committee is requested to:

RESOLVE Thatthe annual Internal Audit Plan for 2016-17 be approved.

The Committee has authority to determine the above recommendations.

Background Papers:

None.

Reporting Person:

Leigh Clarke, Financial Services Manager

Ext. 3277, E Mail:

Pat Stothard, Head of Internal Audit

Ext. 3212, E Mail:

Contact Person:

Pat Stothard, Head of Internal Audit

Ext. 3212, E Mail:

Date Published:

2 March 2016

1.0Introduction

1.1The purpose of this report is to present the Internal Audit Plan for 2015-16 to Members for approval.

1.2In compiling the Internal Audit Plan, the Head of Internal Audit has reviewed the current risk profile of the Council taking into account emerging issues in the wider local government arena. Continuous assessment of organisational risks is becoming increasingly necessary given that some risks can escalate or diminish over time while others may disappear altogether or be superseded by new risks over fairly short timescales. The development and retention of shorter audit plans is therefore now considered to be better practice than long term strategic audit plans.

1.3Members of CMG, which includes the s151 officer, have been consulted in preparing the Internal Audit Plan for 2016-17 and their views on current key risks to the Council have taken into account in its formulation. The Council’s External Auditors KPMG will have sight of the plan.

1.4The Internal Audit Plan will be delivered by external contractor resource (Mazars and Spelthorne BC).

1.5The draft Internal Audit Plan for 2016-17 is attached as Appendix 1.

2.0Internal Audit Draft Plan 2016-17

2.1The proposed allocation of Internal Audit resources is shown in summary in the table below, together with the audit allocations for the previous two years. The draft Internal Audit Plan at Appendix 1 shows in more detail the areas that the individual reviews will cover.

Planned audit days 2014/15 / Planned audit days 2015/16
(revised) / Planned audit days 2016/17
Total resource days / 415 / 330 / 287
Non chargeable / 86 / 0 / 0
Major Financial Systems / 77 / 69 / 61
Corporate/Cross Cutting Reviews / 88 / 57 / 63
Service Based Reviews / 50 / 53 / 66
Computer Audit / 40 / 40 / 40
Group Companies / 10 / 4 / 6
Follow ups / 6 / 6 / 6
Other Work / 58 / 55 / 45
Total Chargeable Audit Days / 329 / 278 / 287

2.2The Audit Plan for 2016-17 has been prepared on the basis of the current revenue budget for the section and will be delivered by external contractors.

2.3Audit risk evaluation is based on consideration of:

- Control environment/vulnerability, i.e. quality of controls, risk of fraud, complex or new systems, changes in key staff members

- Materiality, i.e. value and volume of transactions

- Sensitivity, i.e. political sensitivity, impact on other services

-Management Concerns, i.e. senior management views, direct requests, control weaknesses identified in previous audits still not corrected

- Auditor judgement

2.4The Audit Plan comprises work on key financial systems, known as ‘core systems’ which Internal Audit are required to review every year to enable them to fulfil their assurance role and continues to undertake annual testing rather than a full audit on a rotation basis in order to focus audit resources. The plan is put together using a risk based approach, providing assurance to key risk areas as identified by the corporate risk register and input from the Corporate Management Group on key issues requiring assurance. Internal Audit’s role extends to the need to give assurance over the whole control environment, i.e. not just finance, and this key source of assurance informs the Annual Governance Statement.

2.5A contingency element is built in to accommodate urgent reviews/investigations that arise during the year.

2.6Implementation of agreed audit report recommendations is monitored through Shikari. A small element of time is allowed in the Audit Plan for follow up work to confirm effective implementation by management of agreed actions.

3.0Implications

Financial

3.1The plan has been prepared to be delivered within the current revenue budget of Internal Audit.

Human Resource/Training and Development

3.2Considered but not applicable

Community Safety

3.3Considered but not applicable

Risk Management

3.4The provision of an Internal Audit Service is a statutory requirement as defined by s151 of the Local Government Act 1972 and the Accounts and Audit Regulations 2006. Internal control and risk management are essential components of corporate governance. Internal Audit need to provide an annual opinion on risk management, control and governance and their effectiveness in achieving the organisation’s agreed objectives. This opinion should underpin the Annual Governance Statement. By completing the scheduled reviews in the Audit Plan Internal Audit will have done sufficient work to enable the provision of that assurance opinion.

Sustainability(Note: Officers preparing a report are required to complete the Sustainability Impact Assessment at the end of this report. Please outline a brief summary of the outcome of the Assessment below.)

3.5Considered – any sustainability issues will be picked up in individual audit reviews where relevant

Equalities(Note: Officers preparing a report are required to complete the Equalities Impact Assessmentat the end of this report.Please outline a brief summary of the outcome of the Assessment below.)

3.6Considered – any equality issues will be picked up in internal audit reviews where relevant

REPORT ENDS

1