Docstoc

FIFE COUNCIL

Document Sample
FIFE COUNCIL Powered By Docstoc
					Standards and Audit Committee




17th May 2011
Agenda Item No. 4


ASSURANCE STATEMENT 2010 - 11
Report by: Geoff McDonald, Audit and Risk Management Services Manager
Wards Affected: All


Purpose
      The Audit and Risk Management Services Manager is required to produce an
      annual statement of assurance (Assurance Statement) on the adequacy and
      effectiveness of Corporate Governance and the internal control system of the
      Council for the year ended 31 March 2011.

      This report is intended to provide some background for Members on the
      processes adopted for preparing the Assurance Statement, a copy of which
      is appended to this report.


Recommendation(s)
       Members are asked to note the contents of this report and the Assurance
       Statement attached in Appendix 1.
Resource Implications
       None.


Legal & Risk Implications
       If the Council does not have proper corporate governance and internal
       controls, there is an increased risk that it will not achieve its objectives and
       may suffer losses and reputational damage


Policy & Impact Assessment
       None


Consultation
       None
1.0 Process

      1.1    The Assurance Statement contains the Audit and Risk Management
             Services Manager’s overall view on the state of Corporate Governance
             and internal control within Fife Council. The opinion expressed in the
             statement is based on the work undertaken by Audit Services and
             reported to this Committee and is strongly influenced by the outcomes
             of follow up reports.

      1.2    The statement also considers the high level controls and direction
             across the Council's activities which contribute positively to the
             standards required in terms of Corporate Governance and internal
             control in place.    This includes, for example, sound corporate
             regulations, comprehensive financial management systems, a risk
             management strategy, regular reviews of financial reports,
             responsibilities of Chief Officers well defined, well established
             Standards and Audit Committee in place, a sound Code of Corporate
             Governance and its ongoing monitoring and reporting to committee. It
             also takes cognisance of work carried out by External Audit and the
             response reports by Heads of Service.

      1.3    The statement is then provided to the Chief Executive who uses it
             along with information from a number of other sources as the basis of
             the Corporate Governance Statement.

      1.4    Members are reminded that a further report will be provided to the
             meeting of the Committee in September to consider the annual
             accounts.


2.0 Conclusion

2.1   My opinion is that in the current year the overall objectives of internal controls
      have been met although some non-compliance or weaknesses of a
      minor/insignificant nature have been identified. The systems of Corporate
      Governance and internal control remain robust with improvements in a
      number of areas and that in general a medium/high level of control exists and
      it is my opinion that reasonable assurance can be placed upon the adequacy
      and effectiveness of the Council's systems of Corporate Governance and
      internal control system in the year to 31 March 2011.

Report contact:
Geoff McDonald, Audit & Risk Management Services Manager
Fife House, North Street, Glenrothes
Telephone - 08451 555555 Ext 446079)
Email: geoff.mcdonald@fife.gov.uk
                                                                           APPENDIX 1



To the Executive Director Finance and Resources and the Chief Executive

As Audit and Risk Management Services Manager of Fife Council, I am pleased to
present my annual statement on the adequacy and effectiveness of Corporate
Governance and the internal control system of the Council for the year ended 31
March 2011.


Respective responsibilities of management and internal auditors in relation to
Corporate Governance and internal control

It is the responsibility of the Council’s senior management to establish an appropriate
and sound system of Corporate Governance and internal control and to monitor the
continuing effectiveness of these systems. It is the responsibility of the Audit and
Risk Management Services Manager to provide an annual overall assessment of the
robustness of the Corporate Governance and internal control system. The Audit and
Risk Management Services Manager can only give reasonable assurance that
control weaknesses or irregularities do not exist.


Sound internal controls

The main objectives of the Council’s Corporate Governance and internal control
systems are:

      to ensure adherence to management policies and directives in order to
       achieve the organisation’s objectives;
      to safeguard assets;
      to secure the relevance, reliability and integrity of information, so ensuring as
       far as possible the completeness and accuracy of records; and
      to ensure compliance with statutory requirements.

A sound system of Corporate Governance and internal control reduces, but cannot
eliminate, the possibility of poor judgement in decision-making, human error, control
processes being deliberately circumvented by employees and others, management
overriding controls and the occurrence of unforeseeable circumstances.

Therefore, a sound system of Corporate Governance and internal control provides
reasonable, but not absolute, assurance that the Council will not be hindered in
achieving its objectives or in the orderly and legitimate conduct of its business by
circumstances which may reasonably be foreseen. However, a system of Corporate
Governance and internal control cannot provide protection with certainty against any
organisation failing to meet its objectives or all material errors, losses, fraud, or
breaches of laws or regulations.
                                                                         APPENDIX 1



The work of internal audit

Internal Audit is an independent appraisal function established by the management
of an organisation for the review of the Corporate Governance and internal control
system as a service to the organisation. It objectively examines, evaluates and
reports on the adequacy of Corporate Governance and internal control as a
contribution to the proper, economic, efficient and effective use of resources.

The Audit and Risk Management Services Division provides the internal audit for Fife
Council and operates in accordance with the Chartered Institute of Public Finance
and Accountancy’s Code of Practice for Internal Audit in Local Government in the
United Kingdom. The Division undertakes an annual programme of work approved
by the Standards and Audit Committee based on a five year strategic audit plan.
The strategic audit plan is based on a formal risk assessment process and is
amended on an ongoing basis to reflect evolving risks and changes within the
Council since that date.

All internal audit reports, including those identifying system weaknesses and/or non-
compliance with expected controls, are brought to the attention of management and
include appropriate recommendations and agreed action plans. It is management’s
responsibility to ensure that proper consideration is given to internal audit reports.

 The Audit and Risk Management Services Manager is required to ensure that
appropriate arrangements are made to determine whether action has been taken on
internal audit recommendations or that management has understood and assumed
the risk of not taking action. This is done by means of the follow up procedures and
bi-annual reports to the Standards and Audit Committee.

All internal audit reports are issued to the appropriate Head of Service and copied to
the Chair of Standards and Audit Committee, Chair of the spending Committee,
Executive Director Finance and Resources, the Executive Director Performance and
Organisational Support, other relevant Executive Directors and Heads of Service and
the External Auditor. Summaries of all audit reports are provided to the Standards
and Audit Committee for their scrutiny. Full copies of all reports are available to all
Committee members. Where necessary the Standards and Audit Committee can
seek further reports from the appropriate Executive Director or Head of Service.

                                  Basis of opinion

My evaluation of the control environment is informed by a number of sources:

      the audit work undertaken by internal audit during the year to 31 March 2011,
       and work carried out in prior years with agreed improvements being
       implemented in that year or later;
      the assessment of risk completed during the preparation and updating of the
       strategic audit plan;
      risk management progress reports;
      reports issued by the Council’s external auditors, Scott Moncrieff;
      reports issued by other inspection agencies and
                                                                           APPENDIX 1


         my knowledge of the Council’s governance, risk management and
          performance monitoring arrangements.

    Qualified opinion arising from failing or weakness in Corporate Governance
                                 and internal control

There are a number of areas of high level control and direction across the Council's
activities which contribute positively to the standards of internal control in place, for
example:

         sound corporate regulations in place and subject to regular review;
         comprehensive financial management systems in place;
         targets for measuring financial and other performance;
         clearly defined capital expenditure guidelines;
         regular reviews of periodic and annual financial reports which indicate
           financial performance against forecasts;
         unqualified external audit opinion on 2003/04, 2004/05, 2005/06, 2006/07,
           2007/08, 2008/09 and 2009/10accounts;
         responsibilities of Chief Officers well defined;
         well established Standards and Audit Committee in place;
         corporate and service plans produced annually which include financial and
          other performance targets; and
         finalisation of a comprehensive risk management strategy with detailed
          improvement plans.

Audit Findings

    From the work done by internal audit and external audit there is evidence that the
     Council has in place a sound system of Corporate Governance which is
     monitored and reviewed on a regular basis.

    The majority of the reports done by internal and external audit identified
     processes and procedures had met the control requirements and had only minor
     non-compliance or system weakness. These included a number of major
     systems and critical processes including Business Continuity, Corporate Risk
     Management, Corporate Health and Safety, Corporate Governance, Corporate
     Budget Setting and Monitoring, HR, Council Tax, OneWorld Accounts Payable
     and the Delphi Manuals payroll and bank reconciliation.

    External Audit has confirmed their view that the Council’s Corporate Governance
     arrangements are in general, satisfactory. Updated accountability frameworks for
     policing in Fife and for the Fire and Rescue Service were approved by the Police,
     Fire and Safety Committee. They have identified that the Council has made
     progress in addressing recommendations arising from their review of the
     Council’s asset management arrangements.

    They also concluded that Fife Council is able to demonstrate a commitment to
     delivering effective Public Performance Reporting (PPR) arrangements and are
                                                                         APPENDIX 1


    continually improving in this area. The Council has an approved PPR Strategy
    which seeks to improve the Council’s PPR arrangements.

   The last year has seen continued progress in a number of previously identified
    areas for improvement including the monitoring of reconciliations, the procedures
    relating to the purchase to payment process, the development of an IT Strategy
    and the development of Business Continuity.

   The Audit User Group (re-named the Best Practice Group) continues to meet
    regularly and to provide advice and assistance to Services through the delivery of
    presentations on relevant topics and the production of a number of Good Practice
    Guides. Areas recently covered include Documented Procedures and Risk
    Management.

However, set against these, my opinion on the level of internal controls has been
adversely affected by the following matters:

   A number of the audits done by internal and external audit identified processes
    where control objectives had not been fully achieved or there was a lack of
    compliance of a less minor nature. The External Auditors have identified that
    whilst Fife Council is able to demonstrate a commitment to delivering effective
    Public Performance Reporting arrangements and to continuously improving this
    area, the council does not set out timescales and measurable targets for how it
    will address areas of poor performance. The current PPR arrangements are
    limited to stating the next steps the council will take against each of its eight
    priorities.

   Arrangements for reporting efficiency savings are not clearly linked across the
    Council and this can lead to confusion. They identify that further work is required
    to identify all savings being delivered through collaborative contracts and the
    Council should undertake work to demonstrate the benefits and savings being
    delivered through its membership of Procurement Scotland and Scotland Excel.
    In addition they suggest that efficiency savings should be clearly linked to
    financial and performance information

   Audit and Risk Management Services continue to identify instances where written
    procedures were not reviewed and updated on a regular basis. There were also
    some instances of poor controls over sums of cash in establishments. Whilst not
    material, these have been addressed through the Best practice Group, which was
    set up to provide guidance on internal control and procedures and revised
    procedures are being implemented in the Education Service.           Continued
    improvements were made in completing bank reconciliations and most Services
    are working to improving their Risk Management processes with a third phase of
    audits due to be undertaken in the coming year. Overall, the main financial
    systems were all operating well. As part of each audit, a detailed action plan
    improving controls was agreed and the outcome monitored.

   As stated earlier, good internal control can minimise but cannot eliminate the
    possibility of poor judgement in decision-making, human error, and the
    occurrence of unforeseeable circumstances. There have been three specific
                                                                        APPENDIX 1


    instances where tendering procedures and project management have fallen short
    of what would be expected, which has led to the Council incurring additional
    costs and suffering reputational damage. I am of the view that these are not
    systemic failings but notwithstanding that recommendations have been made and
    action is being taken to address the weaknesses identified. Audit Services has
    planned additional work on project management in the coming year to ensure
    that proper processes and procedures are now in place and are operating
    effectively.

   Some weaknesses have also been identified in our partnership arrangements but
    controls are being put in place to address this.

   However, where control failings or weaknesses were identified, management
    responded well and have taken appropriate remedial action. Follow-up audits
    show that whilst not all agreed actions are achieved within the agreed timescales
    the majority of the major ones are and, in most instances, work continues to
    complete all the action points agreed. Where actions have not been completed it
    is my opinion that these do not pose a significant risk.

   Adequate procedure notes or other written guidance are not in place for all
    significant systems. Although procedure notes have been issued for parts of
    these, they are not always tailored or supplemented by Services for local
    application. Additionally these procedures are not always updated regularly.


Level of opinion

In determining the level of opinion to be provided, I have had regard to four possible
categories as detailed in Appendix A


Opinion

It is my opinion that a medium/high level of control exists and that reasonable
assurance can be placed upon the adequacy and effectiveness of the Council's
systems of Corporate Governance and internal control system in the year to 31
March 2011.




G P McDonald
Audit and Risk Management
Services Manager
1 May 2011
                                                                       APPENDIX A



Evaluation Criteria


1   High      level  of       :   objectives of internal control have been met
    assurance     / well          - neither non-compliance nor control
    controlled - clean            assurance      weaknesses       have    been
    opinion                       identified

2   Medium/high level of      :   the objectives of internal controls have
    assurance           /         been met although some non-compliance
    adequately controlled         or weaknesses of a minor/insignificant
    - clean opinion or            nature have been identified
    qualified opinion

3   Medium      level   of    :   the control objectives have not been fully
    assurance             /       achieved - control weaknesses or lack of
    inadequately                  compliance of a less minor/ more
    controlled - qualified        significant nature have been identified
    opinion

4   Low/medium level of       :   the control objectives have not been met -
    assurance - qualified         significant or material non-compliance
    opinion or adverse            and/or control weaknesses have been
    opinion                       identified

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:3
posted:9/15/2011
language:English
pages:8