Section 1 Roles and Responsibilities

Section 1 Roles and Responsibilities

Section 1 – Roles and responsibilities

(revised January 2011)

Why have Internal Audit?

There are two reasons why the Council has an internal audit department:

i)legal requirements

ii)as a service to management

The legal requirement

The need for internal audit in local authorities in England and Wales is defined in statute under the terms of the Accounts and Audit Regulations 2003.

Regulation 5 of these Regulations specify that:-

“a relevant body (the Council) shall maintain an adequate and effective system of internal audit of its accounting records and of its system of internal control in accordance with the proper internal audit practices and any officer or member of that body shall, if the body requires–

(a) make available such documents of the body which relate to its accounting and other records as appear to that body to be necessary for the purpose of the audit; and
(b) supply the body with such information and explanation as that body considers necessary for that purpose

The Council has delegated these responsibilities to the section 151 Officer, currently the Director of Resources.

Service to management

The legal framework is important, but in practice many of our customers within the Council value the service offered by Internal Audit. Requests for assistance and advice are often sought, and provided we have available resource we are always happy to get involved in any ad hoc work on risk and control that is asked of us.

Reporting lines

Reporting to Members

It is best practice that internal audit should report to an appropriate member forum (CIPFA Local Government Internal Audit Manual). The Chief Internal Auditor has a direct reporting line to the Audit Committee and attends each meeting of the committee. If the Chief Internal Auditor is unable to attend the Audit Committee the Audit Manager or Investigations Manager deputise. The Chief Internal Auditor has the right to request private meetings with the Audit Committee or the Chair / Vice Chair, and similarly they can ask to speak to the Chief Internal Auditor confidentially.

The work of the section is reported on a quarterly basis to the Resources Directorate ManagementTeam and to the Audit Committee.

Reporting to Senior Officers

The Chief Internal Auditor has a direct line reporting arrangement on strategic matters to the responsible Section 151 Officer (Director of Resources), and to the Chief Financial Officer on operational issues.

The Chief Internal Auditor also has access to the Chief Executive and Corporate Leadership Teamon all matters considered appropriate. This has been confirmed in writing by the Chief Executive.

Objectives

The objectives of the Internal Audit department are reviewed annually as part of our business planning process and commitment to continuous improvement.

Objectives for 2011/12 are currently being set as part of the Resources Directorate business planning process, but are likely to focus on offering a satisfactory level of assurance given reduction in resource.

Professional standards / Code of conduct

It is the policy of the department that all auditors should be members of an appropriate professional body, or working towards membership of such a body. Each team member will therefore adhere to the professional standards and ethical code of their professional body. As a minimum all team members are expected to comply with the principles below:

  • Integrity
  • Objectivity
  • Confidentiality
  • Competency
  • Courtesy

Integrity

  • Perform work with honesty, diligence and responsibility demonstrating fair dealing and truthfulness
  • Observe the law and make expected disclosures
  • Refrain from professional activity which is illegal or discredits either the audit profession or the organisation
  • Respect and contribute to the legitimate and ethical objectives of the organisation
  • Work without being corrupted by self interest of undue influence of other parties

Objectivity

  • Avoid participating in any activity or relationship that may impair or be presumed to impair their unbiased assessment, or make appropriate disclosures of them
  • Do not accept anything that may impair or be presumed to impair their professional judgement
  • Have regard to all considerations relevant to the task in hand

Confidentiality

  • Be prudent in the use and protection of information acquired in the course of their duties
  • Do not use information for personal gain, in a manner contrary to the law or which would be detrimental to the legitimate and ethical objectives of the organisation

Competency

  • Engage only in those services for which the necessary knowledge and skills are held, supplemented where necessary by appropriate training, assistance and consultation
  • Perform work in accordance with appropriate professional standards
  • Continually improve their proficiency and the effectiveness and quality of their services

Courtesy

  • Conduct self with courtesy, and show consideration and respect towards all they come into contact with during the course of performing their audit work

The processes of the department adhere to the CIPFA Code of Practice for Internal Audit in Local Government. The work of the section is reviewed annually by KPMG, with in depth reviews every three years. No significant weaknesses have been identified from this review in recent years.

Client responsibilities / partnership working

We see the whole process as one of partnership. Internal audit and service delivery units have a common aim, to provide an excellent service to the public of Blackpool. Effective internal controls are an important part of providing excellent service, the consequences of weak controls on the finances and reputation of the authority have been made very clear in recent years.

It is important to develop a set of recommendations which management welcome and are willing to implement.To facilitate a smooth partnership we undertake to:

  • give adequate notice of the audit visit (when surprise is not required) and any facilitated workshop required as part of the audit process
  • initially contact the appropriate senior officer to explain the purpose of the audit
  • behave courteously and in a responsible manner
  • hold a final meeting with the appropriate officer to discuss the report and, if possible, agree audit findings, conclusions and/or draft report and recommendations
  • provide interim feedback on progress on longer reviews, and always provide immediate feedback on very significant issues arising

To ensure the audit is a success what we expect from the customer is:

  • all appropriate staff to be made available during the review, if it is not the right time for an audit to be undertaken we can agree a mutually convenient time
  • reasonable treatment of our staff, they may be saying things which are occasionally unpalatable but they are only doing their job
  • provision of an area for audit staff to work in
  • provision of all information requested

Mission statement

Our mission is to:

Assure Quality Services for Blackpool’

This reflects the fact that we are an assurance function of the Council, and that indirectly our work is as important in delivering quality services to Blackpool residents and visitors as front line teams.

Access rights

Internal auditors have unrestricted access at all times to documents, records and other information relating to the financial and operational activities of the Council. They also have authority to make enquiries of Council officers and members.

Whenever possible Internal Audit will give reasonable notice of any information they wish to see, and make enquiries by prior appointment at mutually convenient times. On rare occasions, normally relating to investigation work, such prior notification will not be appropriate.

Internal Audit charter

Purpose

Internal audit is an independent, objective assurance and consulting activity designed to add value and improve the Council’s operations. It helps the Council accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of the internal control environment.

The internal control environment comprises the policies, procedures and operations established to ensure:

  • The achievement of objectives.
  • The appropriate assessment and management of risk.
  • The reliability of internal and external reporting and accountability processes.
  • The prevention of fraud and corruption.
  • Compliance with applicable laws and regulations.
  • Compliance with the behavioural and ethical standards set for the Council.
  • Economic, effective and efficient use of resources.
  • Safeguarding of the organisation’s assets and interests.

Independence

Internal Audit is independent of the activities that it audits to ensure the unbiased judgements essential to its proper conduct and impartial advice to management.

Internal auditors adhere to the codes of ethics of the department, which draws on the key elements of the relevant professional bodies including the Institute of Internal Auditors and the Chartered Institute of Public Finance and Accountancy.

Authority

Internal Audit has authority to carry out reviews of the financial and operational activities of the Council. Internal Audit does not have direct responsibility for, nor authority over, the activities it reviews.

Internal auditors have unrestricted access at all times to all records, assets, personnel and premises relating to these activities and have authority to make enquiries of Council officers, elected members and partner organisations.

Internal Audit has authority to conduct audit work on services provided by the Council to third parties, and to provide results of that testing to those third parties on request.

Responsibility

The Chief Internal Auditor is responsible for:

  • Developing an annual audit plan based on an understanding of the significant risks to which the Council is exposed.
  • Submitting the plan to the Audit Committee and the Chief Financial Officer for review and agreement.
  • Implementing the agreed audit plan.
  • Ensuring the internal audit service complies with professional standards.
  • Maintaining a professional internal audit team with sufficient knowledge, skills and experience to carry out the plan.

Purpose

Internal audit is an independent, objective assurance and consulting activity designed to add value and improve the Council’s operations. It helps the Council accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of the internal control environment.

The internal control environment comprises the policies, procedures and operations established to ensure:

  • The achievement of objectives.
  • The appropriate assessment and management of risk.
  • The reliability of internal and external reporting and accountability processes.
  • The prevention of fraud and corruption.
  • Compliance with applicable laws and regulations.
  • Compliance with the behavioural and ethical standards set for the Council.
  • Economic, effective and efficient use of resources, i.e. value for money.
  • Safeguarding of the organisation’s assets and interests.

Independence

Internal Audit is independent of the activities that it audits to ensure the unbiased judgements essential to its proper conduct and impartial advice to management.

Internal auditors adhere to the codes of ethics of the department, which draws on the key elements of the relevant professional bodies including the Chartered Institute of Internal Auditors and the Chartered Institute of Public Finance and Accountancy.

Authority

Internal Audit has authority to carry out reviews of the financial and operational activities of the Council. Internal Audit does not have direct responsibility for, nor authority over, the activities it reviews.

Internal auditors have unrestricted access at all times to all records, assets, personnel and premises relating to these activities and have authority to make enquiries of Council officers, elected members and partner organisations.

Internal Audit has authority to conduct audit work on services provided by the Council to third parties, and to provide results of that testing to those third parties on request.

With regard to work to give an opinion on value for money internal audit may be required to access information from sources other than direct auditees and to give recommendations outside the traditional internal audit remit of risk and control.

Responsibility

The Chief Internal Auditor is responsible for:

  • Developing an annual audit plan based on an understanding of the significant risks to which the Council is exposed.
  • Submitting the plan to the Audit Committee and the section 151 Officer for review and agreement.
  • Implementing the agreed audit plan.
  • Ensuring the internal audit service complies with professional standards.
  • Maintaining a professional internal audit team with sufficient knowledge, skills and experience to carry out an annual audit plan that supports the audit opinion.
  • Delivering an annual audit opinion on the adequacy of the Council’s internal control arrangements.
  • Delivering value for money audit work as requested by the section 151 officer.
  • Ensuring that the internal audit department is appropriately qualified to undertake other work within its remit including the investigation of fraud and corruption and process consultancy. and value for money reviews.

2 – Staffing and structures

(Revised January 2011)

Organisation chart

Since April 2007 the Chief Internal Auditor has been responsible for the following services:

-internal audit

-fraud investigation

-business continuity

-emergency planning

-insurance and risk management

In terms of the internal audit reporting line the Internal Audit Manager reports in to the Chief Internal Auditor, and as at early 2011 eight auditors report into the Internal Audit Manager (six auditors and two value for money auditors).

Job descriptions

Job descriptions for the roles of Auditor, Audit Manager and Chief Internal Auditor are available on the network in P:\IA\Admin\Staffing Matters\Job Descriptions.

Training

Training Strategy

The department actively encourages staff to obtain appropriate qualifications and financial and other assistance is available for those undertaking such study.

The training strategy for the department is saved on the network under P:\IA\Admin\Staffing Matters\Training & Development. The key points are:

Objectives:

  • Team members are qualified to do the job
  • Team members are competent to do the job
  • Retention levels are acceptable, e.g. <30%
  • Team members have a high level of job satisfaction/morale

Priorities (in order of importance):

1)All team members are appropriately qualified

2)The service has expertise (and cover) in all areas of its remit

3)Team members are trained to meet the core competencies

4)Team members are able to adopt new working methods

5)Team members are offered continuous development, variety and enrichment

6)The service is able to adapt to developments in internal auditing

Career Development / CPD

Career development is addressed through the Individual Performance Appraisal (IPA) scheme. IPA interviews are held annually to set individual target, with interim progress meetings to measure achievements against the objectives.

The IPA scheme is allowed for CPD purposes by most of the professional accountancy bodies in England and Wales including the ICAEW, ACCA and CIMA.

Health and Safety Requirements

General health and safety requirements will be cascaded to all new staff as part of the corporate induction process. Specific job related health and safety issues such as use of laptops in remote locations are covered in the departmental induction process.

Staff in Risk Services are qualified to undertake Display Screen Equipment. Sarah Payne and David Wolfenden are trained and available to do these at present.

An Occupational Health and Safety Manual is held by the Chief Internal Auditor. This includes details of all corporate H&S policies, and is updated whenever new guidance is issued.

In terms of internal audit the job specific risks that are considered most significant are, in approximate order of priority:

-lone working

-manual handling of laptops and files

-driving at work

-dealing with difficult customers / potentially aggressive situations

3 – Risk and Control

(Revised January 2011)

General

The Internal Audit section’s mission is to ‘assure quality services for Blackpool’. The audit approach we use to deliver this is the risk based approach, as if there is no significant risk to service delivery arising from the absence of management controls it is not a major issue that such controls are.

Risk

Risk is the likelihood of an event occurring or the possibility that events will turn out less favorably then expected. For internal auditors risk is usually classified into three types as follows:-

Inherent risk / The existence of threats relevant to a particular concern, because of the nature of its business activity, the regulatory framework, its size, its growth rate, its history, etc. An example might include a liability arising from a concern’s exposure to events outside its control.
Control risk / Relates to the level to which the internal controls in place can or cannot be relied upon to prevent loss or errors occurring and remaining undetected. The risk here might relate to personnel and the ability of people to maintain controls or their tendency to circumvent them.
Residual risk / Residual risk is the chance of things going wrong despite the presence of control procedures. You can determine residual risk by assessing the inherent risk and the control risk (i.e. inherent risk x control risk = residual risk).

Why risk assessment and risk management are important to Blackpool Council

The senior officers of the Council and the elected members are responsible for achieving these. To ensure achievement of the Council’s objectives, senior managers and members must identify the risks to their achievement and ensure adequate controls are in place to minimize the risks or avoid them completely. Managers are also responsible for monitoring the effectiveness of these controls and their continued relevance in environments that are constantly changing.

Risk assessment may be defined as an exploration or analysis of the potential threats faced by a concern, which could prevent the business objectives being achieved. Risk assessment involves:

  • Knowing the threats the organisation faces, for example the threat of competition or the threat of suffering from fraud;
  • Identifying those parts or processes of the organisation which are most vulnerable to the recognised threats, for example the loss of a customer base, failure to maintain adequate staffing levels or the threat to financial systems; and identifying the impact of the threats and vulnerabilities upon the delivery of the business and/or service, for example:

Examples of the different types of risk can be found in the Risk Toolkit produced by Risk and Insurance, which is available on the intranet.

Top View