INTERNAL AUDIT PLAN 200809 AND FIVE-YEAR STRATEGIC PLAN

Document Sample
INTERNAL AUDIT PLAN 200809 AND FIVE-YEAR STRATEGIC PLAN Powered By Docstoc
					                                                                                                                                                                                                                      AC0307 (6) Annex 2




INTERNAL AUDIT PLAN 2008/09 AND FIVE-YEAR STRATEGIC PLAN

                    Internal Audit Universe            Corporate   Audit                                                      Internal Audit Activities 2008/09                                         Five-Year Strategic Plan
                                                                          Known Reviews /
Ref.                ASSURANCE THEMES                     Risk      Risk                                                                                                                                     2009 / 2010 / 2011 / 2012 /
                                                                         Assurances 2008/09                Reviews                      Advisory Work                     Analysis           2008 / 2009
           & Areas for Internal Audit Review 2008/09     Ref.      Score                                                                                                                                     2010   2011 2012 2013
       SUB-NATIONAL REVIEW IMPLEMENTATION
 1
       (Corporate Plan Objective 6)
1.1    Sub-National Review Implementation and Change     CR3        74                                                           Assurance on Identification                                       5          X                 X
       Management                                                                                                                and planning of changes post
                                                                                                                                 SNR consultation. Reference
                                                                                                                                 to risk management plan.

1.2    Delegation and Decision-making Arrangements       CR3        74                                                           Involvement in considering the                                    5          X                 X
                                                                                                                                 assurances over the new
                                                                                                                                 delegations and ensuring
                                                                                                                                 governance arrangements are
                                                                                                                                 robust. Reference to risk
                                                                                                                                 management plan.
       STRATEGY AND INTELLIGENCE (Corporate
 2
       Plan Objective 6)

       Regional strategy development
2.1    Regional Economic Strategy / Single Regional      CR1        74   Ministerial sign off.                                   Support and advice on the        Consideration as part of         5          X                 X
       Strategy (Single RES / RSS - 2010/11)                             RES process                                             action planning framework        the work on EEDA's
                                                                         evaluation by the                                       going forward. Reference to      assurance framework.
                                                                         Strategy Team.                                          the risk management plan.
2.2    Corporate Planning Process, Resource              CR1 /      74                           Assurance on the adequacy                                                                         5                 X                     X
       Requirements and Operational Planning             CR10                                    of controls operating over
                                                                                                 this corporate risk.
                                                                                                 Reference to the risk
                                                                                                 management plan.

       Regional Intelligence
2.3    Regional Intelligence Centre                      CR2        58                                                           Advice on appropriate                                             2          X                 X
                                                                                                                                 governance arrangements.
                                                                                                                                 Reference to the risk
                                                                                                                                 management plan.
       Planning and Housing policy
2.4    Regional planning body status preparation                    40                                                                                                                                        X                            X



       Evaluation
2.5    EEDA-wide evaluation framework                               53                                                                                                                                        X                 X

2.6    National Impact Evaluation                        CR7        74   Work has been           Ensure due diligence. IA role                                    Consideration as part of         5
                                                                         outsourced to PA        in assurance over                                                the work on EEDA's
                                                                         Consulting / SQW.       implementation of progress                                       assurance framework.
                                                                                                 against actions arising from
                                                                                                 the evaluation report.
                                                                                                 Reference to the risk
                                                                                                 management plan.
       External Risks
2.7    EEDA's response to economic swings / downturn     CR8        74                                                           Assurance on the adequacy of                                      5                 X                     X
                                                                                                                                 controls operating over this
                                                                                                                                 corporate risk. Reference to
                                                                                                                                 the risk management plan.
2.8    EEDA's response to political changes              CR9        74                                                           Assurance on the adequacy of                                      5                 X                     X
                                                                                                                                 controls operating over this
                                                                                                                                 corporate risk. Reference to
                                                                                                                                 the risk management plan.
       DELIVERY PROGRAMMES AND PROJECTS
 3                                                                                                                                            74
       (Corporate Plan Objectives 1 to 5)
3.1    Programme Management                              CR11       74                           Assurance on the adequacy                                                                         10         X      X          X          X
                                                                                                 of programme management
                                                                                                 arrangements across EEDA.
                                                                                                 Assurance on the adequacy
                                                                                                 of controls operating over
                                                                                                 this corporate risk.
                                                                                                 Reference to the risk
                                                                                                 management plan.

3.2    Project Management                                CR12       68   Programme               Assurance on the adequacy                                        Working with PMMT to         8        2     X      X          X          X
                                                                         Management and          of project governance and                                        better understand the
                                                                         Monitoring Team         management arrangements                                          assurances provided and
                                                                         activities. NAO         across EEDA. Assurance on                                        the new project
                                                                         annual audit.           the adequacy of controls                                         management framework,
                                                                                                 operating over this corporate                                    enhancing the use of the
                                                                                                 risk. Include programme and                                      risk assessment
                                                                                                 project exit strategy.                                           framework.
                                                                                                 Reference to the directorate
                                                                                                 risk management plans.


3.3    European Regional Development Funding (ERDF)                 69   CLG audit, May 2008 -Previous commitment.                                                Consideration as part of         10         X      X          X          X
                                                                         assurance on          Assurance on the robustness                                        the work on EEDA's
                                                                         adequacy of           of controls and ensuring                                           assurance framework.
                                                                         proposed              systems are such that EU
                                                                         management and        requirements are met.
                                                                         control systems.
                                                                         Article 71 Assurance.

       Business Support Programme (Corporate Plan
       Objective 1)
3.4    Access to finance funds and grants                           59                           Previous commitment.                                                                              10                           X
                                                                                                 Review of effectiveness of
                                                                                                 systems and controls
                                                                                                 operating over Access to
                                                                                                 Finance grants.
       Business support services
3.5    Business Link East                                CR6        68   Quarterly                                                                                Consideration as part of    Follow up       X                 X
                                                                         performance reviews.                                                                     the work on EEDA's
                                                                         Evaluation.                                                                              assurance framework.
3.6    East of England Tourist Board                                69                                                                                                                                        X                            X



3.7    Integrated Specialist Business Support            CR6        61   Quarterly                                               Advice on the governance,        Consideration as part of         2          X                 X
       Programme (ISBSP) (formerly MAS-East etc.)                        performance reviews.                                    systems and contracting          the work on EEDA's
                                                                                                                                 review processes as the new      assurance framework.
                                                                                                                                 contract starts out.
                                                                                                                                                                                                                      AC0307 (6) Annex 2


                    Internal Audit Universe                Corporate   Audit                                                  Internal Audit Activities 2008/09                                         Five-Year Strategic Plan
                                                                              Known Reviews /
Ref.                ASSURANCE THEMES                         Risk      Risk                                                                                                                                 2009 / 2010 / 2011 / 2012 /
                                                                             Assurances 2008/09               Reviews                      Advisory Work                   Analysis           2008 / 2009
           & Areas for Internal Audit Review 2008/09         Ref.      Score                                                                                                                                 2010   2011 2012 2013
3.8    Women's Enterprise                                    CR6        55                                                                                                                                           X             X




3.9    Olympics 2012 Business Plan                                      56                                                                                                                                    X


3.10 Regional Business Support Information System            CR11       61   Evaluation.             Assurance over data                                           Consideration as part of         5                X                     X
     (RBSiS)                                                                                         management systems and                                        the work on EEDA's
                                                                                                     controls, especially across                                   assurance framework.
                                                                                                     multiple organisations.
                                                                                                     Assurance that actions
                                                                                                     arising from the evaluation
                                                                                                     are implemented. Reference
                                                                                                     to risk management plan.

3.11 Destination Growth 2009                                            42                                                                                                                                    X                            X

3.12 Business Support Simplification Programme                          50   BERR approval of                                                                                                                 X
     (BSSP)                                                                  draft plan

       International services
3.13 East of England International                                      66   Quarterly            Previous commitment.                                             Consideration as part of         5                X                     X
                                                                             performance reviews. Assurance over operational                                       the work on EEDA's
                                                                                                  and governance                                                   assurance framework.
                                                                                                  arrangements - detailed audit
                                                                                                  following light touch review in
                                                                                                  2007/08.
3.14 Future Fest (Sponsorship)                                          40                                                                                                                                           X

3.15 European Structural Funds - 7th Framework R&D                      66                                                                                                                                    X                            X
     programme
       Skills for business productivity
3.16 European Social Fund (ESF) - 'Improving                 CR11       71                                                                                                                                    X                 X
     Capabilities'
3.17 Train to Gain Brokerage Transition                                 55   Ministerial approval.                                                                                                            X                 X



       Science, Innovation and High Level Skills
       Programme (Corporate Plan Objective 2)
3.18 Next Generation Science Parks Programme                 CR12       58                                                          Advice on appropriate                                           3         X                 X
                                                                                                                                    governance arrangements.

       Networks and hubs
3.19 Enterprise Hubs (Existing)                                         51                                                                                                                                    X                            X


3.20 Technology transfer & Innovation Networks                          43                                                                                                                                    X                            X


3.21 Priority Sector Support                                            43                                                                                                                                    X                            X



       Higher Education Institutes
3.22 Higher Education Institutes (strategic role) - AUEE     CR12       55                                                                                                                                    X                            X

3.23 Innovative Learning & Infrastructure                    CR12       55   Reliance upon                                                                         Consideration as part of   Assurance       X                            X
                                                                             Learning and Skills                                                                   the work on EEDA's         framework
                                                                             Council audits.                                                                       assurance framework.
3.24 Knowledge transfer activity (HEIs and Business)                    43                                                                                                                                           X


       Regional Infrastructure Programme (Corporate
       Plan Objective 3)
3.25 Integrated Development Programmes (Capital              CR11       74                                                          Preparation and use of IDPs,                                    5         X                 X
     Investment and Local Delivery Vehicles                                                                                         whether they are fit for
     Sponsorship)                                                                                                                   purpose.
3.26 Economic Development Investment Delivery Plan                      54                                                                                                                                    X                            X
     (with SEEDA & LDA) - Joint Strategic Economic
     Investment Fund

       Physical interventions and investments
3.27 Transformational Economic Investment Projects                      40                                                                                                                                           X

3.28 Prospectus Partnership (with Arts Council                          50                                                                                                                                           X
     England, East)
3.29 Digital Flagship Projects                                          50                                                                                                                                           X


       Skills knowledge and best practice
3.30 Inspire East                                                       40                                                                                                                     Follow up

3.31 Building Research Establishment Enterprise Hub                     40                                                                                                                                           X


       Transport prioritisation and investment tools
3.32 Regional Infrastructure Fund (RIF)                      CR11       58   Consultants report on                                  Advice on appropriate          Consideration as part of         2                X                     X
                                                                             RIF options                                            governance arrangements.       the work on EEDA's
                                                                                                                                                                   assurance framework.
3.33 Transport strategy and Projects                                    53                                                                                                                                    X

       Economic Participation Programme (Corporate
       Plan Objective 4)
3.34 Economic Participation Sub-regional Programme -         CR3 /      74   Local Authority                                        Consultation on assurances     Analysis of assurances       5       7     X      X          X          X
     Local Authority Delegations                             CR11            internal audit                                         required by EEDA. Liaison with received
                                                                             arrangements                                           Local Authority Internal Audit
                                                                                                                                    sections.
       Regional Programme
3.35 Regional Foundation Programmes                                     53                                                                                                                                    X                            X
3.36 Building Communities Fund (Capital Funding)                        53                                                                                                                                    X                            X
       Capacity Building
3.37 COVER (core funding)                                               50                                                                                                                     Follow up                        X


3.38 MENTER (core funding)                                              50                                                                                                                                           X
                                                                                                                                                                                                                          AC0307 (6) Annex 2


                    Internal Audit Universe             Corporate   Audit                                                    Internal Audit Activities 2008/09                                              Five-Year Strategic Plan
                                                                           Known Reviews /
Ref.                ASSURANCE THEMES                      Risk      Risk                                                                                                                                        2009 / 2010 / 2011 / 2012 /
                                                                          Assurances 2008/09                Reviews                       Advisory Work                       Analysis           2008 / 2009
           & Areas for Internal Audit Review 2008/09      Ref.      Score                                                                                                                                        2010   2011 2012 2013
     Sustainable Economy Programme
     (Corporate Plan Objective 5)
3.39 Sustainable Communities Delivery Group                          40                                                                                                                                           X



       Rural and coastal
3.40 Rural Development Programme England (RDPE)                      69                          Internal Audit of claims          Working with the Sustainable                                   10        3     X      X          X          X
                                                                                                 required for RDPE purposes        and Rural Development Team
                                                                                                 (additional funding has been      to ensure appropriate practices
                                                                                                 received from DEFRA for           are in place at the Local Action
                                                                                                 2008/09)                          Groups.


       Carbon reduction strategy
3.41 Renewables East                                                 40                                                                                                                           Follow up              X                     X


3.42 Carbon Neutrality / ISO140001 & Environmental                   59   Accreditation report                                                                        Consideration as part of   Assurance
     Management Accreditation Scheme (EMAS)                               from ISO14001                                                                               the work on EEDA's         framework
                                                                          auditors and EMAS                                                                           assurance framework.

       Resource efficiency
3.43 Centre of Excellence for Water Efficiency                       43                                                                                                                                           X


       PARTNERSHIPS, ADVOCACY AND
 4
       COMMUNICATIONS (Corporate Plan Objective 7)

       Stakeholder management and partnership
       support
4.1    Stakeholder relationship management and            CR5        74                            Assurance over the                                                                                  10         X      X          X          X
       engagement                                                                                  appropriateness and
                                                                                                   adequacy of EEDA's
                                                                                                   stakeholder management
                                                                                                   arrangements, as set out in
                                                                                                   the risk management plan for
                                                                                                   this corporate risk.
4.2    Sub-regional economic partnerships (SREPs)         CR5        57   Input into mid-year      Ensuring future structures                                         Consideration as part of         3          X      X          X          X
       Arrangements                                                       review and joint         and governance                                                     the work on EEDA's
                                                                          relationship manager arrangements are robust in                                             assurance framework.
                                                                          / internal audit visits. light of consultation and IPA
                                                                                                   improvement plans.
       Local Delivery Vehicles
4.3    1st East (Great Yarmouth and Lowestoft) URC                   40                                                                                                                                                  X

4.4    Opportunity Peterborough URC                                  40                                                                                                                                                  X


4.5    Renaissance Southend URC                                      40                                                                                                                                                  X

4.6    Basildon Renaissance Partnership                              40                                                                                                                                                  X


4.7    Bedford Renaissance                                           40                                                                                                                                                             X

4.8    Cambridgeshire Horizons                                       40                                                                                                                                                             X


4.9    Harlow Renaissance                                            40                                                                                                                           Follow up                         X


       Campaigns and Marketing
4.10 Communications - External                            CR5        64                          Assurance on the adequacy                                                                             5          X                 X
                                                                                                 of controls operating over
                                                                                                 this corporate risk.
                                                                                                 Reference to the risk
                                                                                                 management plan.

4.11 Communications - Internal                           CR14 /      58                          Assurance on the adequacy                                                                             5          X                 X
                                                         CR17                                    of controls operating over
                                                                                                 this corporate risk.
                                                                                                 Reference to the risk
                                                                                                 management plan.

4.12 Media relations and management                       CR4        74                          Assurance on the adequacy                                                                             5          X                 X
                                                                                                 of controls operating over
                                                                                                 this corporate risk.
                                                                                                 Reference to the risk
                                                                                                 management plan.

4.13 Public Relations and perception management /         CR5        66                          Assurance on the adequacy                                                                             5          X                 X
     customer service and complaints handling                                                    of controls operating over
                                                                                                 this corporate risk.
                                                                                                 Reference to the risk
                                                                                                 management plan.


       PEOPLE AND ORGANISATIONAL CAPABILITY
 5
       (Corporate Plan Objective 8)
5.1    Leadership and Organisational Development /        CR14       58    IiP Reassessment   Assurance on the adequacy                                               Consideration as part of         5                 X                     X
       Recruitment and Retention                                          July 2008. Employee of controls operating over                                              the work on EEDA's
                                                                          Survey.             this corporate risk.                                                    assurance framework.
                                                                                              Reference to the risk
                                                                                              management plan.

5.2    Human Resources operational systems                           59   IiP Reassessment       Audit of recruitment and                                             Consideration as part of         5                            X
                                                                          July 2008.             selection processes.                                                 the work on EEDA's
                                                                                                                                                                      assurance framework.
5.3    Accommodation Strategy (inc. co-locatees)                     50                                                                                                                                           X

5.4    Health and Safety at Work                                     59   HR review of EEDA's    IA role in assurance over                                            Consideration as part of         2                 X                     X
                                                                          health and safety      implementation of progress                                           the work on EEDA's
                                                                          legislation            against action plans arising                                         assurance framework.
                                                                          compliance.            from internal review.
       GOVERNANCE
 6
       (Corporate Plan Objective 8)
6.1    EEDA's Organisational Corporate Governance and     CR16       56                          Previous commitment.                                                                                  5                 X                     X
       Decision-Making Arrangements                                                              Corporate Governance
                                                                                                 arrangements.
                                                                                                                                                                                                                        AC0307 (6) Annex 2


                    Internal Audit Universe             Corporate   Audit                                                    Internal Audit Activities 2008/09                                            Five-Year Strategic Plan
                                                                           Known Reviews /
Ref.                ASSURANCE THEMES                      Risk      Risk                                                                                                                                      2009 / 2010 / 2011 / 2012 /
                                                                          Assurances 2008/09                Reviews                      Advisory Work                   Analysis            2008 / 2009
           & Areas for Internal Audit Review 2008/09      Ref.      Score                                                                                                                                      2010   2011 2012 2013
6.2    Risk Management                                    -----      61                                                        Assessment of EEDA's Risk                                           5            X      X      X      X
                                                                                                                               Management framework
                                                                                                                               (including programme & project
                                                                                                                               risk management) with a view
                                                                                                                               to developing an improvement
                                                                                                                               plan.
6.3    Performance Management                             -----      51   Validation of           Follow Up of audit completed Assessment of EEDA's           Consideration as part of             5            X                 X
                                                                          milestone evidence      in 2007/08.                  Performance Management         the work on EEDA's
                                                                          by Performance                                       framework (including           assurance framework.
                                                                          Management Team                                      programmes & projects) in
                                                                                                                               underpinning EEDA's
                                                                                                                               objectives.
6.4    Ethical Framework and Fraud Response               -----      46                                                        Implementation of the Fraud                                         3                   X
                                                                                                                               Response Plan

       INTERNAL OPERATIONAL SYSTEMS,
 7     PROCESSES AND ACTIVITIES
       (Corporate Plan Objective 8)
7.1    Management Information                             CR16       64                           Assurance on the adequacy                                      Analysis of management        5         10            X                     X
                                                                                                  of controls operating over                                     information available and
                                                                                                  this corporate risk.                                           how it is used. See also
                                                                                                  Reference risk management                                      7.11.
                                                                                                  plan.
7.2    Business Continuity and Disaster Recovery          CR15       72                           Assurance on the adequacy                                                                        5                   X                     X
       Arrangements                                                                               of controls. Reference to the
                                                                                                  risk management plan.

7.3    Equality and Diversity                                        50   Gold Star standard                                                                     Consideration as part of    Assurance
                                                                          achieved in April                                                                      the work on EEDA's          framework
                                                                          2008 through                                                                           assurance framework.
                                                                          Committed2 Equality

7.4    Procurement                                                   61   Legal Services Team                                                                    Consideration as part of     Follow up         X                 X
                                                                          provide assurance on                                                                   the work on EEDA's
                                                                          the quality of tender                                                                  assurance framework.
                                                                          and contractual
                                                                          information.

7.5    Contract Management                                           59                           Review of contract                                                                               10                  X                     X
                                                                                                  management arrangements
                                                                                                  across EEDA.

7.6    Records Management / Data Protection / Freedom                51                                                                                                                                         X                            X
       of Information
7.7    Efficiency of systems and processes                CR17       61   Review of               Assurance on the adequacy                                      Consideration as part of          5                              X
                                                                          administration costs    of controls operating over                                     the work on EEDA's
                                                                          for the RDA family is   this corporate risk.                                           assurance framework.
                                                                          scheduled for           Reference risk management
                                                                          2008/09.                plan.
7.8    Insurance                                                     33                                                                                                                                                X

7.9    Estate Management - acquisitions and disposals                59                           Assurance of policies,                                                                                        X                            X
                                                                                                  processes and controls.
7.10 Facilities management and Building Services                     35                                                                                                                                         X                            X

7.11 Consistency of use of core business systems          CR13       61                           Assurance on the adequacy                                      Analysis of management        5         5             X                     X
     (PMS, CRM) Cultural issues.                                                                  of controls operating over                                     information held across
                                                                                                  this corporate risk.                                           EEDA - see also 7.1.
                                                                                                  Reference to the risk
                                                                                                  management plan.

       FINANCIAL MANAGEMENT (Corporate Plan
 8
       Objective 8)
8.1    Budgetary Control and Monitoring                              67   NAO Annual Audit                                                                       Consideration as part of     Follow up         X                 X
                                                                                                                                                                 the work on EEDA's
                                                                                                                                                                 assurance framework.
8.2    Capital Expenditure management and monitoring      CR12       69                           Assurance over the                                                                               5                   X                     X
                                                                                                  adequacy and effectiveness
                                                                                                  of capital expenditure
                                                                                                  management and monitoring.
                                                                                                  Reference to the risk
                                                                                                  management plan.

8.3    Key Financial Systems & Controls (General                     62   NAO Annual Audit        Annual audit of key controls                                   Working with the finance      5         5      X      X          X          X
       Ledger/ Income/ Payments/ Travel&Subs/ Cash                                                in EEDA's core financial                                       team to analyse financial
       Management/ Fixed Assets)                                                                  systems. Include budget                                        management information
                                                                                                  setting arrangements,                                          and develop self-
                                                                                                  alignment with funding and                                     assessment.
                                                                                                  corporate plan.
8.4    Payroll and Pensions                                          62   HM Treasury                                                                            Consideration as part of                       X                            X
                                                                          commission an                                                                          the work on EEDA's
                                                                          annual audit on                                                                        assurance framework.
                                                                          behalf of the Central
                                                                          Government
                                                                          consortium who use
                                                                          Logica payroll
                                                                          services.
       INFORMATION TECHNOLOGY (Corporate Plan
 9
       Objective 8)
9.1    IT Strategy and Systems Development                           53                                                                                                                                         X                 X


9.2    IT Control Environment                             CR15       72                                                           Advice and support on the                                    5         3      X      X          X          X
                                                                                                                                  adequacy of controls operating Consideration as part of
                                                                               ISO27001
                                                                                                                                  over this corporate risk area.   the work on EEDA's
9.3    Information Security Management                    CR15       72       accreditation                                                                                                                     X                 X
                                                                                                                                  Reference to the risk           assurance framework.
                                                                                                                                  management plan.
       INTERNAL AUDIT PLAN MANAGEMENT AND
10
       DEVELOPMENT

       TOTAL PLANNED AUDIT DAYS                                                                                                                                                                    255

10.1 Follow up process                                                                                                                                                                             35           X      X          X          X

10.2 Preparation of reports and attendance at Audit                                                                                                                                                10           X      X          X          X
     Committees
10.3 Management of Contract with Ernst and Young                                                                                                                                                   10           X      X          X          X


10.4 EEDA's Assurance Framework                                                                                                                                                                    20           X      X          X          X