SAMPLE AUDIT PLAN by abstraks

VIEWS: 814 PAGES: 35

									APPENDIX A


                 Bentley Jennison
                      RISK MANAGEMENT LTD




       WESTMINSTER CITY COUNCIL




                   DRAFT
             INTERNAL AUDIT PLAN

                   2006/07
                             CONTENTS

       Section                                  Page

1)   Introduction                               2

2)   Audit Needs Assessment Methodology         3

3)   Emerging Issues                            4

4)   Strategy for Internal Audit                5

5)   Planned Coverage                           6



     Appendices – Departmental Plans

A)   Corporate                                  10
B)   Finance Department                         13
C)   Customer Services Department               16
D)   Transportation Department                  18
E)   Policy and Communications                  20
F)   Planning and City Development              22
G)   Environment and Leisure                    23
H)   Corporate Property                         24
I)   Legal and Administrative Services          25
J)   Children Services                          26
K)   Children and Families, Lifelong Learning   27
L)   Housing                                    29
M)   Adult Social Care                          32
L)   Community Protection                       34




                                   1
1.       INTRODUCTION

Purpose

This document sets out the proposed Westminster City Council annual Internal
Audit plan for 2006/07. The plan has been derived from the 5-year plan agreed
by the Director of Finance and reported to the Audit and Performance Overview
and Scrutiny Sub-Committee. The plan has been reviewed and updated in view
of findings arising from 2005/06 audit work and with reference to departmental
business plans and risk registers. A consultation process has been undertaken
during March with Departmental management to ensure the audit coverage for
each department reflects key risks.


The policy context of the Internal Audit Service is to ensure: Effective control over
Council activities by:

        Monitoring, appraising and reporting upon the Council’s internal control
         procedures.
        Investigating and reporting upon any suspected areas of fraud or
         irregularity.

The purpose of Internal Audit is to provide the Council, through the Audit and
Performance Sub-Committee and the Director of Finance with an independent
and objective opinion on risk management, control and governance and their
effectiveness in achieving the Council's objectives. This opinion forms part of the
framework of assurances that the Council receives and is to be used to help
inform the annual Statement on Internal Control (SIC). Internal Audit also has an
independent and objective consultancy role to help line managers improve risk
management, governance and control.

Our Responsibilities

Our professional responsibilities as Internal Auditors are set out in the CIPFA
Code of Practice for Internal Auditing in Local Government (2004). In line with
these requirements, we perform our Internal Audit work with a view to reviewing
and evaluating the risk management, control and governance arrangements that
the Council has in place to:

        Establish and monitor the achievement of the Council’s objectives
        Identify, assess and manage the risks to achieving the Council’s
         objectives




                                         2
      Formulate and evaluate policy, or provide policy advice, within the
       responsibilities of the Section 151 Officer
      Ensure the economical, effective and efficient use of resources
      Ensure compliance with established policies, procedures, laws and
       regulations, including the Council’s own governance arrangements
      Safeguard the organisation’s assets and interests from losses of all kinds,
       including those arising from fraud, irregularity or corruption
      Ensure the integrity and reliability of information, accounts and data

As well as the planned audits detailed in the Annual Audit Plan, Internal Audit will
also undertake the following work during the forthcoming year:

Follow-up

Recommendations arising from audits will be followed up to confirm that agreed
actions have been implemented. Audits which receive No Assurance will be
followed up on an ongoing basis until all priority 1 recommendations have been
implemented. Audits which receive Limited Assurance will be followed up 3
months after the final report is issued. Audits which receive Substantial
Assurance will be followed up six months after issue of the final report. Follow
ups include testing of key recommendations to ensure that they have been
implemented. A report will be issued in respect of all follow ups with a revised
action plan for the implementation of outstanding recommendations. A revised
assurance level will also be stated which reflects audit’s opinion of the system of
control after the recommendations of the original report have been implemented.

Ad-hoc Advice and Support

Will be provided throughout the year on a range of issues including; risk
management, money laundering, freedom of information, control improvement,
governance, application of Financial Regulations and Standards etc.


2. AUDIT NEEDS ASSESSMENT METHODOLOGY

Our audit approach is risk based. In order to identify the areas that require
Internal Audit coverage, we need to understand the risks facing the Council.
Therefore as a starting point the Council’s risk register is used to inform the audit
needs assessment.

Departmental risk registers are not however consistently in place across all
departments which unfortunately means that we are unable to place reliance on
them. Where risk registers have been provided, Internal Audit have reviewed
and evaluated them.




                                         3
A comprehensive risk based Internal Audit approach has been adopted which
ensures that risk is integrated into strategic and operational reviews, processes
and practices. A summary of our approach is as follows:

         Identification of risk areas;
         Performance of a risk assessment to gauge the degree of risk or
          materiality associated with a particular area;
         Risk is categorised and rated in accordance with; corporate
          importance, corporate sensitivity, inherent risk and control risk;
         Calculation of the audit risk index;
         The audit areas are ranked by reference to the risk index and classified
          as high, medium or low priority;
         Internal Audit resources are focused on the areas of highest risk.
         We used cumulative knowledge of the organisation from previous
          Internal Audit work to identify areas that would benefit from Internal
          Audit coverage
         From the Council’s own risk register and analyses, we identified the
          priorities afforded to the risks by the Council
         The Audit Needs Assessment also identified areas of coverage that do
          not appear as high priority risks, but where Internal Audit can provide
          tangible input to assurance, for example:
                    Requirements of management
                    Minimum Internal Audit coverage requirements e.g. key
                      controls audit and documentation of key information flows
                    Areas of concern flagged by management or the Audit
                      Committee
                    Emerging issues; and
                    Need for ongoing assurance in relation to key aspects of
                      internal control


3. EMERGING ISSUES 2006/7

Key emerging issues in 2005/6 which have shaped the 2006/7 Internal Audit
Planning process are:

Focus on key financial systems

All core financial systems will be audited in 2006/07. This has been requested by
the Director of Finance following on from several audits of key financial
processes which have resulted in significant recommendations. It also reflects
the revised External Audit methodology resulting from changes in International
Accounting Standards which requires an authority to continually update its key
control information in core areas. The audit work will also complement the
substantial revision of financial regulations and procedures which is currently
being undertaken in the Finance Department. In addition the majority of the


                                        4
audits undertaken in departments will include testing to ascertain whether
financial regulations and the Procurement Code are being complied with. One
issue of particular concern is the extent to which Purchase Orders are used in
accordance with financial regulations.

As a result of the enhanced focus on compliance issues a sample of 5 invoices
will be extracted from the main accounting system each month. The extent to
which control systems within departments are robust enough to ensure the
invoice was authorised in accordance with Financial Regulations will then be
verified. An allocation of 90 days has been made within the plan for completing
this compliance review work. This will be reviewed during the year in light of the
findings of completed reviews.



Schools Financial Management Standard

The Department for Education and Skills requires all Secondary schools to be
accredited as compliant with its new financial standards by March 2007. In
subsequent years all schools will need to achieve this standard. The Director of
Finance will be required to certify the number of schools reaching the standard at
the end of each financial year. The Schools audit programme is therefore being
developed and reprogrammed to enable Internal Audit to certify compliance with
the standard at all secondary schools by March 2007.

Line Management Self Assurance

The Chief Executive’s Steering Group and Corporate Management Board have
agreed to the Head of Risk and Audit’s proposals to incorporate a new system
of line management self assurance of the control environment which they are
responsible for . Internal Audit are currently developing a framework to trial in the
Finance Department. The system will then be developed across the Council. It is
essentially a self-assessment exercise which provides an overall assurance level
for the service area, highlights service specific risks, and identifies any significant
control weaknesses and actions proposed. Internal Audit will verify the
information provided on a sample basis.

Key benefits of the system are as follows:

      Support managers in the delivery of services and achievement of
       objectives
      Provide a consistent framework for management monitoring and
       accountability across the Council
      Address external audit concerns about weaknesses in control systems
       and support improvement of the CPA score in this area




                                          5
       Support the external auditor’s plans for increased emphasis on review of
        financial systems
       Underpin the implementation of revised financial regulations and
        procurement code
       Demonstrate compliance with corporate policies and procedures
       Support the preparation of the Statement of Internal Control

A contingency allocation has been included in the 2006/7 plan of 30 days to
enable a programme of self assurance work to be carried out


RAG Status

All audits from 1 April 2006 will be given a Red, Amber or Green Audit Opinion
depending on the risk status of the area to be audited and the assurance level
resulting from the Audit. The purpose is to increase the clarity of audit reporting
and focus management attention on the most significant issues. The RAG status
will be used as part of the performance reporting of internal audit to the Head of
Risk and Audit and the Audit and Performance Committee. Audits will be
accorded a RAG status as set out in Matrix below:

OPINION MATRIX

Risk/impact
High             Amber            Amber            Red              Red

                 Green            Amber            Red              Red
Medium
                 Green            Green            Amber            Amber
Low
                 Full             Substantial      Limited          None

                                       ASSURANCE



Escalation Strategy

In order to ensure that all audit recommendations are implemented on a timely
basis an escalation strategy is being produced in conjunction with the Head of
Risk and Audit. A monthly report will be produced for all audits which it has not
been possible to finalise within one month of issue and all significant
recommendations which have not been implemented by the time of the follow
up. These audits will be reported to the Head of Finance and the Chief Officer of
the relevant Department and to the Director of Finance and the Chief Executive.



                                          6
Agreement of Annual Plan / Circulation of Internal Audit Work

The 2006/07 Plan will be discussed and agreed with each Departmental
Management Team. The circulation of all audit briefs and audit reports will also
be agreed at the DMT meetings as will a protocol in respect of which officers can
sign off briefs and audit reports. Generally all briefs and draft reports will be
signed off by the relevant Departmental management team member with a copy
of the final report being sent to the relevant Chief Officer. Some chief officers
have asked to see draft reports prior to sign off.

Following DMT approval the 2006/07 Plan will also be circulated to the Chief
Executive’s Steering Group for discussion and agreement.

Audit Circulars


Audit circulars will be issued quarterly to all Chief Officers and Heads of Finance
In 2006/07 we will also issue directives to all Chief Officers and Heads of Finance
as and when instances of non compliance which have corporate importance are
found . All Chief Officers will be required to respond confirming implementation
of recommendations made in Audit Circulars. Typically the areas of non
compliance which will be reported will cover:

Procurement Code
Financial Regulations
Standing Orders/Constitution
Value for Money Issues Identified
Contract Monitoring
Response to and implementation of audit recommendations


4. STRATEGY FOR INTERNAL AUDIT              WORK

The timing of audits, that is, how soon they will be undertaken in the cycle will
depend upon:
    The priority for each area of coverage for Internal Audit, in terms of levels
      of risk to the Council
    When the last audit of the area was undertaken and what was the
      outcome
    When the risk to be considered is likely to impact upon the organisation
    Whether there are management concerns about the area
    Whether or not there have been significant systems, staff or organisational
      changes since the last audit.




                                        7
In the course of the period covered by the Internal Audit Strategy, the priority and
frequency of audit work will be subject to amendment in order to recognise
alterations in audit needs assessment/risk analysis, caused by changes within
the Council. A formal update will be performed each year to inform each year’s
periodic plan, but changes may be necessary in-year and these will be agreed
with the Head of Risk and Audit who is responsible for managing the Council’s
Internal Audit Contract. There is a monthly review process in place whereby the
contractor will discuss and agree changes to the plan with the Head of Risk and
Audit.

Our professional judgement has been applied in assessing the level of resource
required for the audits identified in the strategic cycle. The level of resource
applied is a product of:

      The complexity of the system in place
      Factors such as number of locations, number of transactions or frequency
       of transactions
      The assurance which can be brought forward from previous year’s audits
      The type of audit undertaken.

The audit needs assessment is prepared with regard to constraints such as time
and resources. Its purpose is to:

      Determine priorities and establish the most cost effective means of
       achieving audit objectives
      Assist in the direction and control of all audit work
      Ensure that adequate attention is devoted to critical aspects of audit work
      Included within the days allocated to each audit is::

A follow-up allocation. All audits are followed up according to a timetable
dependent on the level of assurance received. The purpose of the follow up is to
assess the degree of implementation achieved in relation to recommendations
agreed by management during the audit. The level of implementation is reported
to the Audit and Performance Sub-Committee.

5 PLANNED COVERAGE

The recommended level and scope of audit coverage is set out in the 5- year
strategic plan. The 2006/07 plan allows for 1700 days of audit work. The audits
identified in this report total approximately 1800 days with the addition of the
line management self assurance and compliance review work identified.
Generally the reassignment of programmed dates as the result of timing
changes during the year means that approximately 100 days of audit work is
deleted or carried over into the following audit year. The audit programme will
be delivered using the following staffing structure.



                                         8
                   INTERNAL AUDIT – STATUTORY AUDIT TEAM

                Name                    Job Title            Contact Number
             Chris Harris            Contract Manager             2820
           Statutory Audit
           Debbie Chisman              Audit Manager               2820
             Marie Males              Principal Auditor            2463
            Kodjo Abolou              Principal Auditor            2463
            Karen Hughes               Senior Auditor              2463
           Frank McVeigh               Senior Auditor              2463
             Carl Walters              Senior Auditor              2820
            Stuart Bartlett           Trainee Auditor              2820
               IT Audit
            Tim Moynihan             Principal IT auditor          5211
              Terry Day               IT Audit Director            5211
            Tom Rybinski                 IT Auditor                5211



     The plan is divided into the following areas:

       Corporate Areas
        Finance Department
        Customer Services Department (includes Licensing)
        Transportation
        Planning & City Development
        Environment & Leisure
        Legal & Administrative Services
        Children & Community Services (includes Children & Families Social
         Services, Older People, Disability & Health and Specialist Social Care
         Services & Development)
        Education (includes Schools, Lifelong Learning)
        Housing ( including City West Homes)
        Community Protection
        Policy & Communications (includes IT audit)


Details of the individual audits planned for each Department are set out below:




                                         9
                                                                   APPENDIX A
                           CORPORATE AUDITS



The following projects are proposed in 2006/07:

Contract Compliance Related Audits:

   1 Corporate Contract Monitoring – High Risk-25 Days

       Departmental arrangements will be reviewed for monitoring and reporting
       key contracts in compliance with the Procurement Code. In particular risk
       identified as part of the corporate risk management process will be
       reviewed. This will include the risks of dishonest contractors, insufficient
       client monitoring, poor providers of services, payment of unnecessary
       costs, failure of service, inflexible operating controls and failure to achieve
       best practice. This audit has been discussed with the Head of
       Procurement . It has been agreed that this audit will focus on the role of
       Departmental Contracts Boards in monitoring the operational and financial
       performance of contracts .

   2   Tendering Processes – Major Contracts – High Risk-20 Days

       A review of the adequacy of controls operated for tendering major
       contracts. In particular the audit will consider the extent of compliance with
       Financial Regulations and the Procurement Code. After discussion with
       the Head of Procurement it has been agreed that this audit will focus on
       the letting of the catering contract (and possibly printing and reprograpics).
       Reviews will be carried out of the letting of the catering contract at three
       stages; specification, responses to Invitation to Tender and at Award
       stage.

   3 Corporate Procurement Code Compliance – High Risk-20 Days

       The Procurement Code provides the corporate framework for letting and
       managing contracts for the City Council. This audit review will perform an
       assessment of compliance with the Procurement Code. The review
       scheduled for 2005/06 was postponed until 2006/07 because the Code
       was in the process of being re-drafted. At management’s request this audit
       will be in two stages. A review of the new code prior to implementation
       and a subsequent review 3 months after implementation to assess the
       impact of the code.



                                         10
    4 Approved List –High Risk- 25 Days

            The 2005/06 audit was postponed until 2006/07 due to a change in the
            system. This audit is to focus on compliance with controls to ensure only
            appropriate contractors are included on the list and that departments use
            the list in accordance with the Procurement Code. At management’s
            request this audit will be carried out October/November to allow a new
            software system to be purchased and installed.


Assurance Framework Related Audits:

    5 Risk Management – High Risk – 15 Days

        Audit to focus on the arrangements in place for the implementation and
        monitoring of the Council’s risk management policy. Sufficient work will
        be carried out to inform the risk management aspect of our annual opinion.
        In particular internal audit will be reviewing the risk management
        arrangements to ensure Council members and senior management know
        that key risks are being managed effectively. This audit will be carried out in
        the second half of the year and co-ordinated with the work of other review
        agencies such as the Audit Commission. The changing requirements of the
        CPA process in respect of risk management will be taken into account.

    6       Governance – High Risk – 20 Days

        The following areas will be covered will be covered:-

            The KLOE on risk management and internal audit.
            Policies and Procedures – a review of how the authority ensures that it
             makes policies and guidance available to all staff, that they have read
             the guidance, and where necessary accepted it.
            Statement on Internal Control – review of the processes in place to allow
             the authority to make a meaningful Statement on Internal Control (SIC).
.
            This audit will also cover compliance with key aspects of the Council’s
            Code of Governance, Constitution and Financial Regulations.

    7 Performance Management and Business Planning - High Risk-20
      Days

            In 2006/7 this review will focus on the Council’s Business Planning
            Process. In the early part of the year there will also be a review of the
            completeness of a sample of Best Value Performance Indicators prior to
            external audit review.




                                           11
8 Compliance Reviews – High Risk – 90 Days

    As a result of the enhanced focus on compliance issues a sample of 5
    invoices will be extracted from the main accounting system each month.
    This sample will cover 5 separate departments each month and will
    concentrate on high value invoices. The extent to which control systems
    within departments are robust enough to ensure the invoice was
    authorised in accordance with Financial Regulations will then be verified.


9   Line Management Self Assurance – 30 Days

    A contingency sum has been allocated for audit involvement in the new
    programme of line management Self Assurance. (See 3 above). In
    2006/07 responsible managers for all core financial systems will be asked
    to assess and report on the extent to which their systems are compliant
    with financial regulations. This audit will take place in the second quarter
    of the year after new financial regulations have been issued.




                                     12
                        FINANCE DEPARTMENT

For 2006/07 the focus of internal audit work will be on core financial systems. All
core financial systems will be audited against a set of expected key controls
which will be agreed with the external auditors prior to the audits being
undertaken.    The key financial controls will reflect the Council financial
regulations and Cipfa and the Audit Commission’s published key control
schedules.

The following projects are proposed in 2006/07:

1    Housing Benefit – High Risk -25 Days (CORE FINANCIAL SYSTEM)

     This audit will concentrate on the operation of controls to ensure that the
     possibility of fraudulent receipt of benefits is minimised and that adequate
     controls exist over the payment and reconciliation of benefit. The audit will
     include auditing of key controls including compliance with financial
     regulations and documentation of information flows in accordance with
     ISA315 (International Accounting Standards).

2    Loans & Investments – Medium Risk -15 days (CORE FINANCIAL
     SYSTEM)

     The focus of this audit will be the Treasury Management Function,
     particularly controls over the movement and reconciliation of funds and
     compliance with financial regulations.

3.   Council Tax – Medium Risk -20 days (CORE FINANCIAL SYSTEM)

     Controls over charging, billing, collection and enforcement. This review is
     to encompass an audit of key controls, and documentation of key
     information flows.

4    NNDR – Medium Risk -12 days (CORE FINANCIAL SYSTEM)

     Focus upon key controls, reconciliation and the collection fund.

5    Debtors – High Risk -15 days (CORE FINANCIAL SYSTEM)

     Review of the level of debt and the effectiveness of the debt recovery
     process. Attention will be focused on those areas of the Council identified
     in the performance monitoring reports to Corporate Management Board as
     under-performing. This review will include an assessment of the extent to


                                        13
     which financial regulations are complied with in the management of debts
     and include a review of key controls and documentation of key information
     flows as per ISA315

6    Creditors – High Risk - 25 days (CORE FINANCIAL SYSTEM)

     Focus on compliance with financial controls in respect of use of the ordering
     system correctly prior to entering into commitments to purchase. This
     review is to encompass a key controls compliance review and
     documentation of key information flows as per ISA315. The sample of
     transactions tested will cover compliance with financial regulations for the
     authorising of payments across the Council.

7    Insurance – Medium Risk -12 Days

     This audit will focus on controls in place to ensure the Council has adequate
     insurance arrangements in place and that these are operating effectively.

8    Duplicate Payments – High Risk- 20 Days

     This audit will concentrate on the controls in place to prevent duplicate
     payments. Data mining analysis will be used to detect possible duplicate
     payments, which will be referred to management for recovery.

9    Cash & Banking Control – High Risk -20 Days (CORE FINANCIAL
     SYSTEM)

     Focus on the progress made towards achievement of full monthly
     reconciliation of the bank account. This audit will include an audit of key
     financial controls and documentation of key information flows as per
     ISA315. Cash accounting controls within the Council’s cash receipting
     system will also be examined.

10   Main Accounting System – High Risk–25 days (CORE FINANCIAL SYS)

     Review to focus on the monthly management accounts process and
     controls to ensure that all expenditure on WIMS is accrued for/correctly
     stated. A review of suspense accounts will also take place to ensure that
     suspense accounts are being managed effectively. Key account
     reconciliations between feeder systems and the General Ledger will also be
     reviewed.

      WIMS is recorded as an Amber risk in the Departmental Risk register with
     two key risks identified:




                                       14
     – Main financial system (WIMS) or support systems fail or not being
       developed to keep up with business needs.
     – Inadequate staff IT training

     Risks; lack of financial controls, inaccurate recording, non-compliance with
     statutory requirements, unable to meet legal/operational needs,
     qualification of accounts and potential for fraud.


11   Budgetary Control – High Risk – 20 Days (CORE FINANCIAL SYSTEM)

     This audit will review the budgetary control        framework     including
     procedures for forecasting income and expenditure in a number of selected
     departments. The audit will concentrate on those areas where performance
     monitoring information has shown problems in controlling budgets.

     This audit links with a key risk identified by the Council which is a potentially
     difficult financial situation arising from reduced central government financial
     settlements. The level of compliance with financial regulations relating to
     budgetary control across the Council will be included in this audit.

12 Fixed Assets – Medium Risk – 10 Days

     The focus of this audit will be on maintenance of the fixed asset register,
     correct accounting for fixed assets and the reconciliation of control
     accounts. This review is to encompass a key controls element and
     documentation of key information flows




                                         15
             CUSTOMER SERVICES DEPARTMENTS



The following projects are proposed in 2006/07:

   1    On Street Parking (3 audits) – High Risk – 40 Days

        The audit will take place in the second quarter of the year. It will
        examine contract monitoring arrangements in place to ensure they
        comply with financial regulations and the procurement code. The precise
        scope of the audit will be discussed with management prior to the audit
        commencing but may include audit work on contractors fixed costs and
        CCTV.

        In addition to the above an audit of the ICPS progressions process was
        requested by management in April 2006 and will be reported in the
        2006/07 financial year. An audit of the key controls required in the
        system for the disposal of vehicles will also be carried out in the first
        quarter of the year as requested by management.

   2    Off Street Parking (2 audits)– Contract Monitoring-High Risk- 30
        Days (2 audits)

        This area of audit work has been discussed with management . It has
        been agreed that the audit work will take place in the 3 rd quarter of the
        year. Two pieces of audit work will be performed:

        The first will focus on the contract monitoring system in place including
        financial controls and compliance with financial regulations and the
        procurement code.

        The second audit will review the adequacy of the barrier controls, cash
        handling, reconciliation and security systems in operation at the car
        parks. The audit will also review cash collection arrangements from the
        car parks.

   3    Review of Vertex Payments/Governance of CSi Related Projects –
        High Risk - 20 Days

        Review the control framework for ensuring that work performed by
        Vertex and paid for by the Council has been delivered to specification.
        The audit will also review the Governance of CSi related projects and
        the management of project delivery. The audit will cover the extent to
        which financial regulations and the Procurement Code have been


                                       16
   followed in respect of payments will be reviewed. After discussion with
   management it was agreed that this audit would take place in November
   after the internal review had reported.

4 Library Services – Low Risk – 25 days (3 audits)

   In order to maximise the value of internal audits carried out on the library
   service it was agreed that audit work on the libraries would be carried
   out on specific issues across all libraries at the same time. For 2006/07
   the audit will focus on two issues: income reconciliation and the receipt
   of external income from third parties. In addition a current audit review of
   stock procurement in the libraries service will be reported in 2006/07.




                                   17
                 TRANSPORTATION DEPARTMENT

The following projects are proposed in 2006/07:

1     Highways – High Risk –20 Days

      Detailed scope of this audit will be agreed with line management prior to
      commencement. Likely to focus on financial and IT controls surrounding
      payments to contractors.      The audit will also review         temporary
      carriageway reinstatements This audit will commence in the first quarter.

2.    Contractor Payments 2005/06 – High Risk – 20 Days

       At the request of line management an audit will be carried out in the first
       quarter relating to budgetary control and invoicing systems exercised by
       a contractor . The precise scope of the audit is to be agreed with line
       management prior to the commencement of the audit.

3.     School Crossing Patrol Service – Risk Register (Amber) – 15 Days

      An audit is likely to be carried out in the second quarter concerning the
      implementation of any recommendations arising from the Health and
      Safety Executive and/or the Coroner’s report.

There are two other audit areas which may be audited in 2006/07. Discussions
will be held with line management during the year in respect of these audits and
the potential scope and timing of the work:

They are:

     Completion of Paddington LTVA – Risk Register (status not assigned)

     The following risks were identified:
     - Cancellation of railway possessions by London Underground or Network
        Rail
     - Uncertainty over the replacement traffic scheme for LTVA +2 taxi tunnel
        which was blighted by Crossrail
     - Uncertainty over traffic arrangements at the Harrow Road roundabout
        caused by alternative proposals by a developer
     - Project accident causes damage or closure of Paddington Station.


      .



                                       18
Electricite de France – Risk Register (Amber)

Review of the progress made towards the achievement of an improved
service. Documentation of management processes and control measures.
Audit to be considered after joint discussions with Transport for London
and the Corporation of London have been completed.




                               19
                  POLICY AND COMMUNICATIONS

The following projects are proposed in 2006/07:

   1   Payroll – Contractor Progress & Key Controls – High Risk-20 Days
          ( Core Financial System)

       This audit will review the control framework in place to control and
       reconcile payments made to staff. The audit will identify progress made
       against the concerns raised in the 2005/06 audit and will encompass a
       review of key controls. This audit will take place in the 3rd quarter of the
       year.

   2 Occupational Health Service –Medium Risk-15 Days

       This is a new service. The audit will focus on the provision of the
       Occupational Health Service, meeting of service objectives and client’s
       needs.

   3 Performance Management – Medium Risk – 25 Days

       An audit will be carried out in the first quarter of the      year covering
       systems in respect of the processes within Department for     preparing and
       supporting BVPI information. The audit will also cover        the corporate
       mechanisms for collecting, analysing and reporting             performance
       management information.


   4 Comprehensive Performance Assessment – Medium Risk – 20 Days

        An audit will be carried out in the 4th quarter of the year to assess the
       extent to which the Council has robust systems to ensure effective action
       is taken to meet the expectations of the Audit Commission’s Key Lines of
       Enquiry. The audit will also seek to confirm that an adequate audit trail is
       being maintained.


   5. Worksmart - High Risk – 20 Days

       An audit will be carried out in the last quarter of the year on the
       Worksmart programme, the success of which is key to the achievement of
       the Council’s financial and operational objectives. The audit will review the
       extent to which the programme is meeting its objectives. The audit will
       focus on known areas of weakness to be agreed with Line Management
       prior to the commencement of the audit



                                        20
     Corporate IT Audits

      Following discussions with the Head of IT , three corporate IT exercises
     are proposed in the 2006/07 audit programme.

6     IT FM Review – High Risk – 40 Days

     This audit will be a Value for Money review of the costs and services
     provided by the Council’s IT Facilities Management Contractors. The audit
     will include a review of the costs and effectiveness of work undertaken in
     respect of change requests and new projects.

7 Post Implementation Review – Migration to Active Directory- High
  Risk – 40 Days

     This will be a post implementation review of the effectiveness of the
     project to migrate to active directory on the Council’s network. The review
     will establish the extent to which the project’s objectives have been
     achieved.

8    Physical/Network Security –High Risk – 20 Days

     This audit will examine high risk issues around the security of the
     Council's network. It will include an evaluation of the improvements made
     to back up and recovery procedures and external penetration testing.


    Other Audits:

    CRB Checks:

    To be discussed with line management whether a corporate audit should be
    carried out in respect of CRB checks as this has cross departmental value
    and has been raised by other departments:




                                     21
                PLANNING & CITY DEVELOPMENT

The following project is proposed in 2006/07:

   1    Building Control – Medium Risk-19 Days

        This audit wil review the effectiveness of invoicing and debt collection
        procedures within the Building Control section together with operational,
        financial and quality control procedures. At the request of the
        department the scope of the audit will include processing and banking of
        fees received for land charge searches and historic records.




                                       22
             ENVIRONMENT & LEISURE (L CODES)

The following projects are proposed in 2006/07:


1    Commercial Waste – High Risk- 19 Days

     The 2005/06 audit focused on the move from Whitespace and consisted of
     an IT applications audit. This audit will focus on financial control in respect
     of commercial waste. In particular the audit will focus on billing, collection,
     debt recovery and write off procedures as well as account reconciliations .

2    Refuse Collection – High Risk-20 Days

     Areas to be covered include contract monitoring and financial controls. The
     audit will cover compliance with the procurement code and financial
     regulations.




                                        23
          CORPORATE PROPERTY DIVISION


Corporate Property – High Risk 20 Days

The internal audit work in this area will focus on implementation of
recommendations arising from the external reviews carried out in 2005/06.
The audit will include an assessment of whether management has
established effective procedures for ensuring compliance with corporate
policies and procedures.




                                24
      LEGAL & ADMINISTRATIVE SERVICE (N CODES)

The following projects are proposed in 2006/07:

   1 Elections – Accounting for Expenditure – Medium Risk-20 Days

      This audit will review the adequacy of the control process for accounting
      for expenditure incurred on the May 2006 Local Elections. This audit will
      take place in the 4th quarter.

   2 Registrars – Medium Risk- 15 Days

      An audit review will be carried out of financial and operational controls. In
      particular the audit will charging and accounting for new income streams
      such as Civil Partnerships. This audit will be carried out in the 3 rd quarter.

   3 Licensing Applications – 15 Days

      An audit will be carried out during the 3 rd quarter . The review will focus on
      the extent to which financial and IT systems now in place are fit for
      purpose i.e. can support the legal, financial and operational requirements
      of the service.

   4 Departmental IT Arrangements – High Risk – 15 Days

      A computer audit review will be carried out on the extent to which
      Departmental systems operating on corporate platforms are secure and
      are robust in respect of business continuity and disaster recovery
      arrangements. (Scope and timing of review to be agreed with John
      Enticott prior to commencement).




                                        25
                CHILDREN SERVICES (P CODES))

The following projects are proposed in 2006/07:

SCHOOLS

1.     Schools Information Management Systems (Computer Audit) –
       Medium Risk-14 Days

      This is an IT application audit covering the security, control and
      effectiveness of the system. Detailed scope to be agreed with Line
      Management prior to the audit.

2     School Audits

      A programme of school audits is carried out on a three year rolling
      programme. Schools are audited against the Ofsted / Audit Commission
      guidelines for financial controls in Schools.

      The Department for Education and Skills requires all Secondary schools to
      be accredited as compliant with its new financial standards by March
      2007. The new standards are an enhancement to the previous guidelines.
      In subsequent years all schools will need to achieve this standard. The
      Director of Finance will be required to certify the number of schools
      reaching the standard at the end of each financial year. The Schools audit
      programme is therefore being developed and reprogrammed to enable
      Internal Audit to certify compliance with the standard at all secondary
      schools by March 2007. It intended that all secondary schools will
      therefore be audited in 2006/7. 5 days are allocated for each primary
      school audit and 6.5 days for each secondary school audit. The Audit
      programme will be adjusted to allow the new requirements to be carried
      out within existing budgets. The complete list of schools to be audited in
      2006/7 is:

      Secondary Schools

         Pimlico School s (1st secondary to be audited)
         Quintin Kynaston School
         Grey Coat Hospital School
         St George’s School
         St. Marylebone School
         Westminster City School
         St. Augustine’s High School
         North Westminster /School Closure




                                       26
      Primary Schools

         Edward Wilson
         Millbank
         Queens Park School
         St Georges Hanover Square CE School (summer term)
         St James & St Michaels
         St Lukes CE School (summer term)
         St Mary Magdalens School
         St Peters Eaton Square School
         St Saviours CE School
         St Stephens CE School
         St Vincent De Paul RC School
         Soho Parish CE
         Westminster Cathedral School
         Queen Elizabeth II School
         Dorothy Gardner Centre (summer term)
         College Park School

3.   Grant Aided Programs e.g. Surestart – High Risk- 20 Days

      Scope of 2006/07 audit to be agreed. Audit to be carried out in the second
      half of the year.

CHILDREN AND FAMILES – SOCIAL SERVICES


4.   Childrens Department – High Risk-20 Days

     Systems audit aimed at reviewing tasks relating to the achievement of
     objectives of this new Department. First year review to be high-level
     assessment of the adequacy of arrangements for meeting statutory
     responsibilities, measuring and managing outputs and budgetary
     arrangements. 2005/06 audit postponed until 2006/07.


LIFELONG LEARNING

5.   Adult Education Service – Medium Risk-20 Days

      Scope of this audit is to be agreed. It is likely to focus on the financial
      control and assurance framework at the Adult Education Service.




                                      27
6.   Cross departmental Audit of Voluntary Sector Grants – Medium Risk –
     15 Days

      Audit included at request of Department. Scope to be agreed prior to
      commencement.


7.   Westminster Play centre Service – Medium Risk – 10 days

      Audit included at request of Department. Scope to be agreed prior to
      commencement.

8.   Early Childhood Services – Low Risk- 10 Days

      Scope of 2006/07 audit to be agreed.


9.   Free School Meals – Medium Risk-20 Days

      Review to focus on the systems in place for the provision of free school
      means including the eligibility criteria, audit trails and accounting to central
      government. Audit to take place in 1st Quarter.




                                         28
                    HOUSING (Q Codes)


HOUSING REVENUE ACCOUNT AUDITS (CITYWEST HOMES
AUDITS)
1   IT Strategy Review – Risk Register – High Risk-12 Days

    The failure of IT to meet the organisation’s needs in terms of
    hardware, software and support was identified as a key risk in the risk
    register. In order to mitigate this risk a review of the current service is
    to be undertaken. This audit will be carried out after the full Business
    Strategy Review has been completed.

2   Academy – OHMS Interface – Medium Risk-16 Days

    This is an IT audit of the interfaces between the Council Housing
    Benefit system and the Housing Rents system run by City West
    Homes.

3   Tenant Management Organisations – Medium Risk-18 Days

    TMOS are run by residents. This audit may be either a broad financial
    controls audit or may concentrate on problems identified in previous
    years. The under-performance or failure of TMOs has been identified
    as a key risk in the risk register. This risk is to be mitigated by close
    monitoring of performance, governance and finances. The Lead
    Officer will be consulted as to which organisations are reviewed and
    the frequency of review which should be no more than every two years
    for TMO’s carrying out major works.

4   Housing Rents Collection/Arrears – Including Former Tenant
    Arrears – Medium Risk-18 Days (CORE FINANCIAL SYSTEM)

    This is a core financial audit . The audit will focus on the financial
    control framework in respect of collection, accounting for and
    reconciliation of rent, and the recovery of arrears.

5   Housing Estates – Repairs & Maintenance              – Medium Risk-18
    Days

    Scope to be agreed with Management. Area to be suggested by City
    West Homes. Likely to focus on the adequacy of the system for


                                  29
     commissioning repairs and ensuring that the work is adequately
     completed. This work will be carried out when the review of
     simplification of ordering of works is completed.


6    Estate Management Contract Monitoring            &   Payments    to
     Providers – Medium Risk-18 Days

     This audit will assess the monitoring arrangements in place and
     payment controls in respect of the new provider contract. Key
     information flows will be documented. This audit will be carried out
     once the new contracts have had a chance to bed in.

7    Health & Safety – Contractors Compliance        – Medium Risk-18
     Days

     Scope of 2006/07 audit to be agreed.

8    Rechargeable Works – Medium Risk-12 Days

     Key control review of the monitoring arrangements in place and
     payment controls. Key information flows will be documented. The
     Performance and Audit Committee wish to receive assurance on
     whether we are recovering costs appropriately and whether works
     have been carried out on properties that should be recharged.

9    Residents Associations-Low Risk-10 Days

     Audit will focus on Corporate Governance and compliance with key
     financial controls

10   Void Properties – 15 Days

     A review of the internal control mechanisms in respect of void
     properties was requested by management. The audit was requested
     in March 2006 and will be completed as part of the 2006/07 Internal
     Audit Programnme.




                                 30
    HOUSING GENERAL FUND PROPOSED AUDITS

1   Private Sector Grants – Medium Risk-15 Days

    Systems review aimed at verifying the adequacy of the Council’s
    arrangements for meeting the requirements of the legal/regulatory
    framework.

2   Housing Options Service - 15 Days –Medium Risk

    This audit was included at Management’s request. The audit will focus
    on a review of systems and controls relating to rent accounting in the
    HOS. Precise scope of the audit will be agreed with management prior to
    commencement. This audit is to be carried out in the 3rd quarter.




                                  31
                 ADULT SOCIAL CARE (R CODES)

The following projects are proposed in 2006/07:

OLDER PEOPLE, DISABILITY & HEALTH


1    Section 31 Pooled Budgets – Medium Risk-20 Days

     Section 31 is part of the National Health Act which requires disclosure in the
     financial statements. The focus of the audit will be on the allocation of
     funds between the health authority and the Council, how the pool is divided
     up, what monitoring is performed, rules and regulations governing the use
     of the pooled budget and the governance arrangements. At management’s
     request this audit is to be carried out in the second half of the year.

2    Receiverships/Appointeeships – Medium Risk-20 Days

     This is a 2005/6 review postponed until 2006/7. Review requested by Chris
     Undrell and Sarah Saward. This audit will cover compliance with financial
     procedures. This audit is to be carried out in the second half of the year at
     management’s request.

3    Residents Savings & Securities – Medium Risk-15 Days

     Review of the arrangements in place for the safeguarding and protection of
     resident’s savings and securities. This audit will encompass a review of key
     controls and document key information flows.

4.   Adoption Allowances – Medium Risk-15 Days

     Systems review aimed at verifying the adequacy of the Council’s
     arrangements for meeting the requirements of the legal/regulatory
     framework.

5    Social Services Residential Charging – Including Debt Recovery &
     Write-off – Medium Risk-20 Days

     Systems review aimed at verifying the adequacy of the Council’s
     arrangements for meeting the requirements of the legal/regulatory
     framework. The audit will determine the extent to which financial regulations
     are complied with. This audit is to be carried out in the first half of the year
     at Management’s request.




                                        32
6   Residential Placements – Medium Risk-20 Days

    Systems review aimed at verifying the adequacy of the Council’s
    arrangements for meeting the requirements of the legal/regulatory
    framework.


7   Meals Services – Medium Risk –15 Days

    This audit will cover financial and operational systems in respect of the
    Home Meals Service. This audit will be carried out in the second half of the
    year at management’s request.




                                      33
             COMMUNITY PROTECTION (S CODES)

The following projects are proposed in 2006/07:

1    Residential & Trading Standards – Including Renovation Grants -
     Medium Risk – 20 Days

     This audit will review the operational and financial management of the
     Trading Standards Service and will be carried out in the second quarter.

2    City Guardians – Medium Risk – 15 Days

     Scope of 2006/07 audit to be agreed. This audit is likely to assess the
     operational and financial systems in operation in respect of this service. The
     audit will be carried out in the second quarter.




                                       34

								
To top