064Internal Audit plan PDF

Preview

Summary

Download 064Internal Audit plan PDF

Description

Appendix 4

GLA Internal Audit Plan 2013/14 Introduction This report outlines the strategic approach taken by the MOPAC Directorate, Audit, Risk and Assurance in providing the internal audit service to the GLA under a shared service arrangement. It also contains the proposed GLA audit plan for 2013/14.

Roles and Responsibilities Internal Audit’s role is to provide an assurance function giving an independent and objective opinion on the risk management, control and governance arrangements in the GLA. It also objectively examines, evaluates and reports on the adequacy of the control environment in contributing to the economic, efficient and effective use of GLA resources. The responsibility for effective control, risk management and governance rests with management. The internal audit opinion and supporting work programme will assist the Executive Director of Resources in the discharge of his statutory responsibilities but does not supersede them.

Audit Independence The Head of Audit for the GLA reports to the Executive Director of Resources and has direct access to the Mayor and Chair of the Audit Panel. Internal Audit staff have the required access to all GLA records, assets and personnel, and the GLA Head of Audit reports independently to senior management in line with professional standards. Audit independence and appropriate reporting lines within the GLA group are preserved under this arrangement.

Strategic Approach The overall approach is risk based and focused on reviewing areas that are key to achieving GLA priorities and objectives. It is designed to meet the statutory requirement for an annual opinion on the adequacy and effectiveness of the GLA internal control environment, whilst recognising this is a time of significant change with a demand for improving efficiency and achieving better value for money.

Audit Planning and Work Programme Review activity is planned on a three year cycle and is supported by a risk assessment informed by management’s evaluation of current risk. The annual plan (attached at Annex) will be reviewed on a quarterly basis. Completion of the annual plan enables the GLA Head of Audit to provide the opinion on the effectiveness of the control environment which, in turn, informs the Annual Governance Statement published with the GLA Annual Accounts. Internal Audit works in consultation with management, striking the appropriate balance between providing assurance, challenge and advice. Opportunities for improving efficiency and value for money are considered in all aspects of work conducted. Key strands to the work programme for 2013/14 include; Risk based audits - provide much of the evidence to support the annual opinion. Internal Audit reports give an opinion on the effectiveness of controls in place to manage key risks to achieving objectives and identify areas for improvement. Key reviews planned for 2013/14 include; Housing Programmes and Housing Grants Monitoring and Control, Regeneration Funding Control Framework, Mayor’s Economic Development Strategy and the London Plan

and Implementation. There is a particular focus on reviewing and providing assurance on the key areas of business conducted within the Housing and Land and Regeneration and Development Directorates. An annual review of the GLA risk management and corporate governance arrangements - to provide assurance and recommend improvements as appropriate. We plan to follow up our audit of risk maturity completed in 2012/13 and conduct risk based reviews in key governance areas including; Performance Management Framework and Decision Making Framework. Follow Up audits – to ensure audit recommendations arising from the internal audit reviews carried out in 2012/13 have been implemented effectively. Specialist reviews - focusing on specialist areas of the business, in particular ICT. Specialist skills will be utilised to evaluate the risks and identify areas for improvement in key areas such as ICT procurement, ICT incident and problem management and network/internet security. Material systems - reviewing key financial systems and testing key controls in operation. This work will be conducted in liaison with external audit. In 2013/14 there will be a particular focus on providing assurance around the key financial controls in place within the GLA Finance Directorate and operating within SAP under the shared service arrangement with TfL. Analytical review – analysing key financial systems to identify potential areas of concern and provide assurance on the management of high risk/cost and sensitive areas. This work will be used to support the review of key material systems. Advising change programmes and projects - utilising expertise in risk and control to advise on new and developing systems at an early stage in the development process. This work will also provide assurance to senior management on the effectiveness of programme and project management. Counter fraud activity – contributing to a pro-active fraud awareness programme as agreed with GLA senior management and investigating any potential instances of fraud and abuse. Where fraud occurs there will be analysis of the underlying risk and compliance issues to inform preventative action.

Service Provision Professional Standards All audit work is conducted in line with professional standards and recognised best practice. Internal Audit adopts the CIPFA ‘Code of Practice for Internal Audit in Local Government in the UK 2006’. External Audit use the standards laid down in the Code to assess the effectiveness of internal audit and to provide independent assurance on the quality of the service we provide. Each member of the Audit Team is also bound by the professional standards and code of ethics of their professional body, for example, CIPFA and the Chartered Institute of Internal Auditors. All aspects of our work are also subject to the appropriate level of supervision and review.

Conduct of Assignments Key stages for each aspect of the work programme are summarised as follows;

Risk Based Reviews:  Scope area of activity identifying key risks, audit objectives and approach  Agree terms of reference with senior management prior to review  Assess key risks and identify and evaluate key controls in place  Test operation of key controls  Evaluate management of key risks  Report to senior management giving assurance based on pre-defined criteria  Issue a discussion draft report to confirm factual accuracy  Issue formal draft for senior management response  Issue final report including an agreed action plan Advisory Work:  Issue terms of reference to the Chair of the project/programme board  Attend project boards  Review and advise on project documentation  Report to project/programme lead/Chair on any emerging risk or governance issues  Provide ad hoc advice to management on risk and control issues Counter Fraud Activity:  Agree preventative work programme with senior management  Conduct investigations in line with recognised best practice  Maintain confidential whistleblowing line  Inform senior management of any allegation as appropriate  Conduct investigations confidentially and securely  Preserve evidential trail  Report to senior management on the outcome and make recommendations to address any underlying issues with risk and control Integrated Assurance Review activity will be co-ordinated with external audit. This will include the exchange of risk assessments and work plans and meeting on a regular basis. Reliance will also be placed on internal review activity within the GLA group where appropriate. The level of reliance placed on other review activity will be based on an evaluation of the adequacy of their review framework. Audit Performance All audit work is supported by a robust performance management framework. The GLA Head of Audit provides regular reports to the GLA Audit Panel on audit performance. This includes an annual report giving an independent annual opinion on the control environment and a summary of audit performance. Staff Resources Head of Audit A professionally qualified Head of Audit for the GLA fulfils the professional responsibilities required of the role including;  Producing a dynamic risk based annual audit plan for the GLA  Reporting to senior management following the completion of each audit review

    

Ensuring all work is delivered to meet professional standards Giving quarterly updates on progress against the plan to the Audit Panel Maintaining an effective relationship with external audit Producing an annual report providing an independent annual opinion on the GLA internal control environment Meeting on a regular basis with the GLA senior management team, the Executive Director of Resources and the Chair of the Audit Panel (if necessary)

Audit Team A professionally qualified Audit Manager (qualified to CCAB or CMIIA) oversees the risk review and advisory work conducted by a Risk and Assurance Auditor (qualified to at least AAT or PIIA), and will also conduct the more complex reviews. All work is delivered to meet CIPFA standards. The specialist audits are conducted by appropriately qualified and trained auditors. Counter Fraud Counter fraud activity is carried out by counter fraud specialists under the supervision of a senior manager in counter fraud, and supported by analysis.

GLA Internal Audit Plan 2013/14 The attached Annex highlights the areas for audit coverage in 2013/14 and includes a provision of 446 days, which is in line with the allocation for 2012/13. The work programme is based on a review of the GLA risk register, the GLA objectives and the current Internal Audit plan and assessment of need. Discussions with GLA senior managers have also informed the plan. Further work will be completed in the first quarter of the year to confirm the exact scope and timing of each review with the appropriate senior manager. A plan for each quarter of 2013/14 will then be produced. The annual plan will be reviewed on a quarterly basis to ensure it remains responsive to any key emerging risks. Any suggested changes will be subject to the approval of the Executive Director of Resources and the Audit Panel.

Cost The total cost of this level of service provision is £177,170.

ANNEX

GLA Internal Audit Draft Plan 2013/14 Governance Framework

Days

Performance Management Framework

18

Decision Making Framework – Mayoral and Directorate

18

Housing and Land

Days

Housing Programmes (2 major programmes)

40

Housing Grants - Monitoring and Control Framework

20

Energy and Environmental Policy Development and Implementation

15

Regeneration and Development

Days

London Plan and Implementation

15

Mayors Economic Development Strategy

15

Regeneration Funding Control Framework

15

Mayor’s Outer London Fund

15

Mayor’s Recovery Fund

15

Human Resources

Days

Sickness Monitoring and Control/Attendance Management

12

GLA Recruitment Control Framework

12

Follow Up Reviews

Days

Capital Programme Monitoring and Control Estate Strategy and Management of Assets Facilities Management 2012 Employment and Skills Legacy Programme Gifts and Hospitality Use of Agency Staffing and Consultants Mayors Mentoring Programme Risk Management External Grant Funding - European Programmes

3 3 3 3 3 3 5 5 5

ANNEX Specialist Reviews - Procurement

Days

Contract Monitoring - Follow up ICT Procurement

3 12

Specialist Reviews - ICT

Days

ICT Incident and Problem Management Desktop Management Network/Internet Security

12 12 5

Material Systems – Key Financial Systems

Days

Risk Based Reviews Precepting Control Framework Financial Control Framework

10 16

Key Controls & Analytical Review General Ledger Creditor Payments Debtors Control Payroll

10 12 12 10

Follow Ups Members Allowances and Expenses Control Framework Treasury Management Control Framework External Grants Control Framework

3 3 3

Counter Fraud Activity

Days

Fraud Awareness Programme NFI and Financial System Data Analysis Fraud Investigations

5 5 15

Advisory/Systems Development Activity

Days

Advising Change Programmes/Developing Systems

10

Planning and Management

Days

Planning/Liaison Audit Panel – Attendance and Reporting Contingency

15 10 20

Total Days

446...