REPORT NO: 62/07

                              CORPORATE SCRUTINY
                                            8th March, 2007

                    PLAN 2007/08 TO 2010/11
                          Report of the Director of Corporate Services

STRATEGIC AIM:       To be a well managed organisation –

                      4       To meet the requirements of the CIPFA code of practice for Internal
                     5       To improve the efficiency & effectiveness of Corporate support


       a.    To inform Members of the proposed Strategic Plan of internal audit work for the four years to
             31st March 2011; to explain the basis of the planning process and the various elements
             making up the Plan; and to indicate how the planning and deliver process meet the
             mandatory requirements implicit in the CIPFA Code of Practice


       2.1   That the strategic audit plan shown in Appendix A be recommended.

3.     STRATEGIC AUDIT PLAN 2007/08 TO 2010/11

       Mandatory Requirements

       3.1   The CIPFA Code of Practice for Internal Audit has been adopted by the Audit Commission
             as the quality benchmark used to determine whether the external auditors can place reliance
             on the work of internal audit. The Code of Practice calls for the development of a Strategic
             Audit Plan using a risk-based planning approach and for that Plan to be approved by an
             appropriate Member forum.

       3.2   In developing the Plan, there is a requirement to reflect the expectations of the Council’s
             external auditors. In developing his Audit Opinion, set out in the annual Audit Letter, the
             external auditor expects to place reliance on the work of internal audit: in particular there is
             an expectation that internal audit should identify, evaluate and test the key controls
             established over the Council’s fundamental financial systems.

       Developing the Strategic Plan

       3.3   Through consultation with the Council’s Strategic Management Team and Section 151
             Officer, a schedule of audit entities was defined which allowed for audit coverage of all of the
             Council’s significant risks. Each of the audit entities identified was given a risk rating which
             reflected the extent to which failures of control within might impact upon the delivery of
             corporate priorities.

             Audit entities were categorised as:
       (i)     Financial Systems;
       4        Governance & Performance Processes; or
       5        Public Facing Services;

       and the general principle underpinning the planning process was that, within each category,
       those audit entities with the highest risk rating should be subject to audit first. This principle
       was modified where it would have resulted in a disproportionate amount of audit work in an
       individual service area in any one year or where there were sound operational reasons for
       delaying or bringing forward particular audits.

 3.4   Efforts have been made to coordinate, as far as is practical, the Council’s Strategic Audit
       Plan with those of the other local authorities served by the Consortium. Audits of audit
       entities common to all clients have been scheduled for delivery within the same financial
       year to allow for efficiency savings in the design and delivery of those audits and to
       maximise opportunities to identify and share good practice.

       Minimum Assurance Provision

3.5    A risk-based assessment of the Council’s key financial systems would indicate that, with the
       exception of the Benefits System, which is more complex and subject to frequent changes to
       relevant Regulations, they should be subject to audit no more than once every three years.
       However, the Council’s external auditors require assurance on an annual basis that those
       key systems are subject to effective and appropriate control.

3.6    To satisfy the requirements of the external auditor, provision has been made in the Strategic
       Audit Plan for an annual consultancy exercise “Minimum Assurance Provision”. This exercise
       requires the identification, for each financial system, of the key controls upon which the
       external auditor would wish to place reliance and the carrying out of tests sufficient to
       demonstrate that those controls continue to operate effectively throughout the financial year.
       It is the opinion of the Head of Consortium that this minimum level of assurance can be
       provided in significantly fewer days than would be required for full annual audits of all
       financial systems: the days released would allow for a risk-based programme of audit work
       covering all relevant aspects of the Council’s activities, including the coverage of all financial
       systems over a three-year cycle.

 3.7   Minimum Assurance Provision has been the subject of prior discussions with the external
       auditors. In principle, the approach has been deemed acceptable and it has been agreed
       that the detailed design of the exercise will be the subject of further consultation at the
       beginning of the coming financial year.

       ICT Auditing

 3.8   The Council is critically reliant on ITC both for the effective delivery of its corporate priorities
       and for the effective control of its financial processes. A programme of ITC auditing is
       therefore necessary to support the annual internal audit opinion on the Council’s internal
       control framework. The Consortium does not have the resources to maintain the skill base
       required to deliver a comprehensive programme of ITC auditing and a specialist contractor
       will be engaged to carry out the more technically demanding elements of that programme. A
       specialist audit needs assessment was undertaken in 2005 and that assessment will form
       the basis of negotiations with potential partners. The annual allocation within the Plan
       provides for liaison with the specialist and for the delivery of those ITC audits, identified
       through the audit needs assessment, that do not demand high levels of technical skill (e.g.
       back-up arrangements and access control arrangements).

 3.9   A further report identifying ITC auditing to be undertaken in 2007/08 and future years will be
       prepare following the appointment of a suitable specialist contractor.

       Availability of Resources to Deliver the Plan and Other Audit Services
      3.10     It is the opinion of the Head of Consortium that the 325 audit days identified in the Strategic
               Audit Plan, together with a further 10 each year days of specialist ITC auditing would allow
               for the provision of an acceptable level of assurance on the Council’s arrangements for
               internal control, risk management and corporate governance.

      3.11     The Consortium’s approved establishment provides for a minimum of 450 audit days per
               year to be delivered to the Council. This is in line with estimate of audit need set out in the
               business case for the establishment of the Consortium, allowing 115 days for consultancy
               and other support commissioned by the Council. It is planned to recruit to fill remaining
               vacancies within the Consortium by 1st April 2007. The Consortium’s draft budget also
               contains provision for the engagement of a specialist ITC audit contractor: although it
               remains to identify the contractor for 2007/08 and future years, the budget is based upon the
               rates charged by the existing contractor (Worcester City Council) and should finance the
               necessary number of specialist audit days.

      3.12     It is planned that, in 2007/08 and future years, one of the Consortium’s Audit Managers and
               one Auditor will be based at the Council. This would provide the capacity to respond flexibly
               to any requests for consultancy or other support beyond the work set out in the Strategic
               Audit Plan.

      4        RISK MANAGEMENT

                RISK            IMPACT      COMMENTS

                Time            Medium      Progress will be monitored during the year.
                Viability       Medium      The team should be fully staffed early in the new year.
                Finance          Low        All partners have agreed the budget for 2007/08
                Profile          Low        Internal Audit is by definition internal to the organisation.
                Equalities       Low        No specific issues are identified.

Background Papers                                                   Report Author: Richard Gaughran
Appendix A – The Strategic Audit Plan

                                                                    Tel No: (01572) 722577
                                                                    e-mail: enquiries@rutland.gov.uk

A Large Print or Braille Version of this Report is available upon
request – Contact 01572 722577.

To top