Transcript
Page 1: v v o µ ] W o v î ì î ì r î í l î ì î î r î ... · / v v o µ ] W o v î ì î ì r î í l î ì î î r î ï ( / v v o µ ] W o v î ì î ì r î í l î ì î î

Internal Audit Plan

2020-21 / 2022-23

Mole Valley District Council

Page 2: v v o µ ] W o v î ì î ì r î í l î ì î î r î ... · / v v o µ ] W o v î ì î ì r î í l î ì î î r î ï ( / v v o µ ] W o v î ì î ì r î í l î ì î î

Draft Internal Audit Plan 2020-21 / 2022-23

2

Contents

Introduction …………………………………………………………………………………………… 3

Your Internal Audit Team …………………………………………………………………………………………… 4

Conformance with Internal Audit Standards …………………………………………………………………………………………… 4

Conflicts of Interest …………………………………………………………………………………………… 4

MVDC Council Strategy …………………………………………………………………………………………… 5

Council Risk …………………………………………………………………………………………… 6

Developing the internal audit plan 2020-21 / 2022 -23 …………………………………………………………………………………………… 7

Internal Audit Plan 2020-21 / 2022-23 …………………………………………………………………………………………… 8 – 16

Adjustments to the 2020-21 Audit Plan …………………………………………………………………………………………… 17

Page 3: v v o µ ] W o v î ì î ì r î í l î ì î î r î ... · / v v o µ ] W o v î ì î ì r î í l î ì î î r î ï ( / v v o µ ] W o v î ì î ì r î í l î ì î î

Draft Internal Audit Plan 2020-21 / 2022-23

3

Introduction

The role of internal audit is that of an: ‘Independent, objective assurance and consulting activity designed to add value and improve an organisations operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes’. The Council is responsible for establishing and maintaining appropriate risk management processes, control systems, accounting records and governance arrangements. Internal audit plays a vital role in advising the Council that these arrangements are in place and operating effectively. The Council’s response to internal audit activity should lead to the strengthening of the control environment and, therefore, contribute to the achievement of the organisation’s objectives. The aim of internal audit’s work programme is to provide independent and objective assurance to management, in relation to the business activities, systems or processes under review that:

the framework of internal control, risk management and governance is appropriate and operating effectively; and

risk to the achievement of the Council’s objectives is identified, assessed and managed to a defined acceptable level. The internal audit plan provides the mechanism through which the Chief Internal Auditor can ensure most appropriate use of internal audit resources to provide a clear statement of assurance on risk management, internal control and governance arrangements. Internal Audit focus should be proportionate and appropriately aligned. The plan will remain fluid and subject to on-going review and amendment, in consultation with the Strategic Leadership Team and Audit Sponsors, to ensure it continues to reflect the needs of the Council. Amendments to the plan will be identified through the Southern Internal Audit Partnership’s continued contact and liaison with those responsible for the governance of the Council.

Page 4: v v o µ ] W o v î ì î ì r î í l î ì î î r î ... · / v v o µ ] W o v î ì î ì r î í l î ì î î r î ï ( / v v o µ ] W o v î ì î ì r î í l î ì î î

Draft Internal Audit Plan 2020-21 / 2022-23

4

Your Internal Audit Team Your internal audit service is provided by the Southern Internal Audit Partnership. The team will be led by Natalie Jerams, Assistant Head of Southern Internal Audit Partnership, supported by Joanne Barrett, Audit Manager. Conformance with internal auditing standards

The Southern Internal Audit Partnership service is designed to conform to the Public Sector Internal Audit Standards (PSIAS). Under the PSIAS there is a requirement for audit services to have an external quality assessment every five years. In September 2015 the Institute of Internal Auditors were commissioned to complete an external quality assessment of the Southern Internal Audit Partnership against the PSIAS, Local Government Application Note and the International Professional Practices Framework. In selecting the Institute of Internal Auditors (IIA) a conscious effort was taken to ensure the external assessment was undertaken by the most credible source. As the authors of the Standards and the leading Internal Audit authority nationally and internationally the IIA were excellently positioned to undertake the external assessment. In considering all sources of evidence the external assessment team concluded:

‘It is our view that the Southern Internal Audit Partnership (SIAP) service generally conforms to all of these principles. This is a notable achievement given the breadth of these Standards and the operational environment faced by SIAP. There are no instances across these standards where we determined a standard below “generally conforms”, and 4 instances where the standard is assessed as “not applicable” due to the nature of SIAP’s remit.’

Conflicts of Interest

We are not aware of any relationships that may affect the independence and objectivity of the team, and which are required to be disclosed under internal auditing standards.

Page 5: v v o µ ] W o v î ì î ì r î í l î ì î î r î ... · / v v o µ ] W o v î ì î ì r î í l î ì î î r î ï ( / v v o µ ] W o v î ì î ì r î í l î ì î î

Draft Internal Audit Plan 2020-21 / 2022-23

5

Corporate Strategy 2019 - 24

Mole Valley District Council’s Corporate Strategy summarises the Council’s vision, values, guiding principles and priority outcomes and is used as a basis for service planning.

Page 6: v v o µ ] W o v î ì î ì r î í l î ì î î r î ... · / v v o µ ] W o v î ì î ì r î í l î ì î î r î ï ( / v v o µ ] W o v î ì î ì r î í l î ì î î

Draft Internal Audit Plan 2020-21 / 2022-23

6

Council Risk

The Council have a clear framework and approach to risk management. The strategic risks assessed by the Council are a key focus of our planning for the year to ensure it meets the organisation’s assurance needs and contributes to the achievement of their objectives. We will monitor the strategic risk register closely over the course of the year to ensure our plan remains agile to the rapidly changing landscape.

Ref Risk Description Current

Risk Score*

C1 Financial Sustainability 15

C1d Loss of rental income from key properties 12

C3 Corporate Health & Safety 12

C4b IT Systems – risk of hacking 6

C4c IT Systems – operational resilience 6

C4d Document Management System 12

C5 Data Protection / Information Governance 8

C7 Organisational capacity to deliver 12

C8 Safeguarding 9

C9 Climate change 15

*Strategic Risks as per the Strategic Risk Register – July 2020 (due to be presented to Cabinet on 16 July 2020)

Page 7: v v o µ ] W o v î ì î ì r î í l î ì î î r î ... · / v v o µ ] W o v î ì î ì r î í l î ì î î r î ï ( / v v o µ ] W o v î ì î ì r î í l î ì î î

Draft Internal Audit Plan 2020-21 / 2022-23

7

Developing the internal audit plan 2020-21 / 2022-23

We have used various sources of information and discussed priorities for internal audit with the following groups:

Strategic Leadership Team Director of Finance and Deputy Chief Executive Executive Heads of Service & Business Manager Audit Committee Other key stakeholders

Based on these conversations with key stakeholders, review of key corporate documents and our understanding of the organisation, the Southern Internal Audit Partnership developed an annual audit strategy for 2020-21 / 2022-23 in March (pre COVID-19) for approval by the Audit Committee at its meeting on 26 March 2020, however, due to the unprecedented consequences of the COVID-19 pandemic this meeting was postponed. The scale of COVID-19 coupled with the speed of its impact and the wide-ranging challenges presented has necessitated new and different ways of working across the Council. Such challenges and subsequent resolutions bring with them new and emerging risks that management need to consider, manage, and mitigate. In response, the Southern Internal Audit Partnership has engaged with the Council’s Strategic Leadership Team to reprioritise the originally drafted audit plan to provide assurance in respect of emerging key risk areas and these are detailed within the section ‘Adjustments to the 2020-21 Audit Plan’ (page 17).

The Council are reminded that internal audit is only one source of assurance and through the delivery of our plan we will not, and do not seek to cover all risks and processes within the organisation. We will however continue to work closely with other assurance providers to ensure that duplication is minimised and a suitable breadth of assurance is obtained.

Internal Audit Plan

20/21 (to 22/23)

Council Strategy

Strategic Risk

Register

External Audit

Internal Audit

Emerging Issues

Key stakeholder

Liaison

Committee minutes /

reports

Page 8: v v o µ ] W o v î ì î ì r î í l î ì î î r î ... · / v v o µ ] W o v î ì î ì r î í l î ì î î r î ï ( / v v o µ ] W o v î ì î ì r î í l î ì î î

Draft Internal Audit Plan 2020-21 / 2022-23

8

Internal Audit Plan

Audit Risk / Scope Strategic / Service Risk

Previous IA Coverage

2020-21 2021-22

2022-23

Corporate

Programme & Project Management

Assurance over project management framework and compliance in relation to delivery on live / ongoing projects.

LEG02; PP02; RMP08 AGS (4-19/20)

2018/19 2017/18 2016/17 2015/16

Financial Sustainability Assurance over budgetary control, efficiency Plans, financial risks relating to assumptions made for medium term financial projections.

C1; FIN06, 07; MVL07, 08; PDC02; PLC03a; PCC04a; RMP10, 11

2019/20 2017/18 2015/16

Financial Resilience Impact of COVID, reassessment of financial risks and impact of assumptions in the MTFS (income, reserves, investments). Implications on future saving programmes / work streams. Also consider the impact on debt recovery.

C1; C1d; FIN04; 06 Q3

Transformation To meet future financial challenges and enable improved and more efficient services. To include digitalisation and new ways of working.

Working in Partnership Working alongside different cultures. Potential for some loss of control / ownership of service delivery. Assurance over governance, rights of access, third party assurance, contingency arrangements, exit strategy, hosting arrangements (accountabilities), benefit realisation.

FIN11

AGS (3-18/19) AGS (1-19/20)

2019/20 2016/17

(Homelessness)

Asset Management (Property Assets)

Assurance over statutory compliance checks for properties. (2020/21 review) Delivery of the Asset Management Plan including repairs and maintenance to non-housing assets (planned & reactive). (2021/22 review)

PRO02, 06, 08; DH07, 10

2018/19 Q1

Page 9: v v o µ ] W o v î ì î ì r î í l î ì î î r î ... · / v v o µ ] W o v î ì î ì r î í l î ì î î r î ï ( / v v o µ ] W o v î ì î ì r î í l î ì î î

Draft Internal Audit Plan 2020-21 / 2022-23

9

Audit Risk / Scope Strategic / Service Risk

Previous IA Coverage

2020-21 2021-22

2022-23

Governance

Human Resources & Organisational Development

Weak or ineffective internal control leading to financial loss resulting in damage to the Council’s reputation and adverse publicity. Assurances over the audit cycle to cover: Performance Management Absence management Recruitment Training & Development Workforce Strategy / Development Flexible Working Volunteers Safeguarding awareness.

2020/21 focus to be recruitment and induction (to include safeguarding awareness and training.)

C7, C8

FIN01, 02; MVL03; PDC01, 11; PRO10;

LEG08; CS12; BEN02, 03; HR01, 02, 03, 04,

05, 06

AGS (2-18/19)

2019/20 2018/19

(Workforce Planning) 2017/18 (Casual

payments & Member

expenses)

Q4

Commissioning & Procurement Implications of COVID on robustness of procurement and decision-making process, emergency procurements / purchases, compliance with Contract Standing Orders. Due diligence of new suppliers. Shared Service arrangement for Procurement with Horsham DC, Crawley BC and Mid-Sussex DC.

I&R04; PRO01 2016/17 Q3

Contract Management Review of contract management arrangements and compliance across a selection of contracts in place.

I&R04; PRK04, 07; ENV08, 10, 12; MVL17

2019/20 2017/18 (Advisory Report)

Market Underwriting Process, due diligence, and impact of payments to providers despite reduced or ceased services.

C1; C7 Q3

Page 10: v v o µ ] W o v î ì î ì r î í l î ì î î r î ... · / v v o µ ] W o v î ì î ì r î í l î ì î î r î ï ( / v v o µ ] W o v î ì î ì r î í l î ì î î

Draft Internal Audit Plan 2020-21 / 2022-23

10

Audit Risk / Scope Strategic / Service Risk

Previous IA Coverage

2020-21 2021-22

2022-23

Risk Management Assurance over the risk management framework including governance, transparency and maturity.

2017/18 2016/17 2015/16

Q3

Fraud & Irregularities Cyclical assurance over the governance arrangements to prevent, detect and investigate fraud and irregularities.

FIN03; RMP10

Health & Safety Assurance over responsibilities to staff whilst home working, effective allocation of PPE, social distancing in the workplace, preparedness for staff returning to the workplace, HSE assessments. Incorporate staff welfare - arrangements over duty of care for staff welfare during extended period of isolation including consideration of wellbeing and mental health.

C3

RMP06; DEM09; EH11; CS03, 14; PDC05;

PRO12; PRK01, 02, 03, 11; DH08, 10; BEN02; HOU07, 08, 09; PR12;

MVL18

2018/19 2015/16

Q2

Information Governance Assurance over information governance arrangements to include FOI, SAR, Transparency and General Data Protection Regulation (GDPR).

C5; I&R05; ED05; LEG05, 06, 07; REV05; DH09; EDT05; FIN12; PRO11; EH09; CSS10,

13, 16; COMM13; BEN04; HOU12; CRP08, PLC09; PDC10; P&P05;

12; CS10, HR07; DEM08; RMP05, 07, 13; MVL16; AGS (2-19/20)

2018/19 2015/16

Q3

Decision Making & Accountability

Assurance over the effectiveness and transparency of the decision-making process at officer and Member level. To consider governance, sufficiency, accuracy and timeliness of information including consultation with the public as necessary.

RMP01; 02; 03 DEM04 05; 06

COMMS06 AGS (3-19/20)

2017/18 (Data quality)

Page 11: v v o µ ] W o v î ì î ì r î í l î ì î î r î ... · / v v o µ ] W o v î ì î ì r î í l î ì î î r î ï ( / v v o µ ] W o v î ì î ì r î í l î ì î î

Draft Internal Audit Plan 2020-21 / 2022-23

11

Audit Risk / Scope Strategic / Service Risk

Previous IA Coverage

2020-21 2021-22

2022-23

Ethical Governance Evaluation of the design, implementation and effectiveness of MVDC’s ethics-related objectives, programmes and activities. Incorporate assurances over interim arrangement put in place to ensure appropriate governance and decision-making arrangements, delegated powers during pandemic.

PDC04; DEM10 2018/19 Q1

Business Continuity & Emergency Planning

Assurance over the governance and recovery actions in place to return to business as usual. To consider the potential of increased and sustained demand on services.

C9 DH02; PBC05; EH10; ENV02, 03, 04, 05;

DEM02, 03

2018/19 2016/17

Q2

Annual Governance Statement Cyclical assurance over the governance arrangements to compile, contribute and deliver the AGS.

2019/20

Core Financial Reviews

Housing Benefits

Programme of cyclical systems reviews

BEN01 2018/19 2017/18 2016/17

Council Tax REV01 2018/19 2017/18 2016/17

Q2

Accounts Payable REV02; FIN13 2019/20 2016/17

Accounts Receivable / Debt Management

REV01, 02; PRO03 2019/20 2016/17

Main Accounting 2017/18 Q3 Treasury Management C1; FIN04 2019/20

2016/17

Income Collection (incl. Cash Office)

2019/20 2018/19 2016/17

Page 12: v v o µ ] W o v î ì î ì r î í l î ì î î r î ... · / v v o µ ] W o v î ì î ì r î í l î ì î î r î ï ( / v v o µ ] W o v î ì î ì r î í l î ì î î

Draft Internal Audit Plan 2020-21 / 2022-23

12

Audit Risk / Scope Strategic / Service Risk

Previous IA Coverage

2020-21 2021-22

2022-23

Capital Accounting 2018/19 NNDR Outsourced to Reigate & Banstead BC. To review

the systems and processes in place operated by Reigate & Banstead as per the Inter Authority Agreement.

REV01, 03 2018/19 2017/18 2016/17

Q2

Payroll Outsourced to Midland HR. Review of contract management arrangements. Assurance that MVDC are receiving all outcomes expected from the contract and to review MVDC in-house operations.

2019/20 2017/18 2016/17

VAT Assurance that VAT is appropriately accounted for and effective policies and procedures are in place.

2010/11 Q3

IT

IT Governance Review of IT strategy, policies, standards and procedures. Other potential areas for consideration to include IT asset management, change management and software licensing.

C4c ICT05, 07

2019/20

Data Management Review of data centre facilities and security including storage and back-up. To also consider database management.

ICT05

Information Security – Cyber Security

Review of cyber security arrangements (including Phishing, Smishing etc.), security controls (including remote access) against the Cyber Essentials Scheme. Focus on vulnerabilities of home working and interim arrangements enforced through response to COVID 19.

C4b, C4c, C4d

ICT02, 03, 05, 08, 09, 15

2016/17 (cyber security)

Q2

System Development & Implementation

Systems Life Cycle, Project Management and Application Management.

C4d REV02

Networking & Communications

Virtualisation, operating system management

Page 13: v v o µ ] W o v î ì î ì r î í l î ì î î r î ... · / v v o µ ] W o v î ì î ì r î í l î ì î î r î ï ( / v v o µ ] W o v î ì î ì r î í l î ì î î

Draft Internal Audit Plan 2020-21 / 2022-23

13

Audit Risk / Scope Strategic / Service Risk

Previous IA Coverage

2020-21 2021-22

2022-23

Payment Card Industry Data Security Standard

Compliance to meet industry standards 2015/16 Q3

Environment

Affordable Housing Opportunities for development and alternative methods of delivery to meet organisational and national priorities. Review of the implementation and delivery of the Affordable Housing Strategy.

HOU03, 04, 10

Environmental Services To review arrangements for refuse collection, recycling & street cleansing. Joint Waste Contract in conjunction with four other local authorities with Amey (effective August 2018), managed through Joint Waste Solutions (hosted by Surrey Heath).

ENV08, 10, 11, 12 2019/20

Environmental Health & Licensing

Shared Service with Tandridge DC (hosted by MVDC). Assurance over governance and accountability. Separate review required for Taxi licensing as this does not form part of the shared service agreement.

EH02, 03

AGS (3-18/19)

2018/19

Development Management Planning (street naming, CIL); Development Control (planning applications, appeals); Planning Policy (local plan).

PDC02, 06, 07, 08, 09, 11; FIN09; PLC02; PP01,

02, 07 10; PLC07, 12; PP11

2019/20 2017/18 x2

2015/16

Building Control Partnership initiated in 2017 hosted by Tandridge DC across three partners MVDC, R&BBC and TDC. Agreement through IAA. To consider governance, deliverables and outcomes.

PBC01, 02, 03, 04; PLC06

2018/19 2017/18

Q4

Page 14: v v o µ ] W o v î ì î ì r î í l î ì î î r î ... · / v v o µ ] W o v î ì î ì r î í l î ì î î r î ï ( / v v o µ ] W o v î ì î ì r î í l î ì î î

Draft Internal Audit Plan 2020-21 / 2022-23

14

Audit Risk / Scope Strategic / Service Risk

Previous IA Coverage

2020-21 2021-22

2022-23

Environmental Sustainability Priority area within the Corporate Strategy. Review of the development and implementation of the Climate Change Strategy.

C9

Prosperity

Economic Development Review business strategy and delivery including processes and outcomes. To review assurances from Coast to Capital LEP review.

ED02, 04

Investments Assurance over the governance, accountabilities, viability and outcomes of Asset Investment Strategy. Significant financial expectations through the successful delivery of the AIS to meet savings targets. Management direction around Risk Management.

C1; I&R01, 02; LEG08; FIN02; PRO01

2019/20

Regeneration Programme management, governance and reporting of the ‘Transform Leatherhead’ and ‘Opportunity Dorking’ programmes against desired outcomes.

I&R03

Parking & Enforcement Assurance over cash collection of car park income (end to end review from point of pay to banking and reconciliation).

CRP02, 06, 07, 09 Q2

Income Generation & Commercialisation

Effectiveness of income generation / maximisation (rental income and leases, optimal use of subsidies, fees and charges). Review of relevant strategies.

C1; C1d PRO03; PH03; MVL07

2019/20

Page 15: v v o µ ] W o v î ì î ì r î í l î ì î î r î ... · / v v o µ ] W o v î ì î ì r î í l î ì î î r î ï ( / v v o µ ] W o v î ì î ì r î í l î ì î î

Draft Internal Audit Plan 2020-21 / 2022-23

15

Audit Risk / Scope Strategic / Service Risk

Previous IA Coverage

2020-21 2021-22

2022-23

Community Wellbeing

Homelessness Assurance over management and prevention of homelessness. Development and Implementation of the Homelessness Strategy.

HOU01, 02 Q4

Housing Effective Housing Policy and procedures to achieve desired outcomes. Effective relationship maintained and performance monitoring of the local housing association. Review of the Local Plan and provide assurance around the progress/delivery.

Disabled Facility Grants Administration and compliance with local / legislative requirements.

2017/18 2015/16

Q1

Community Safety & Enforcement

Response to community safety and anti-social behaviour. To include PREVENT, East Surrey Community Safety Partnership and the development of the JET. 2020-21 to focus on the Community Safety Partnership

C8 CS06, 07; PRK10

2017/18 (community

grants)

Health & Leisure Facilities Thematic reviews based on areas of significant risk. To include contract management of leisure operators for Dorking Sports Centre and Leatherhead Leisure Centre. Delivery of the Leisure & Tourism Strategy.

CS01,02,03,05,09,12,13; PRK02, 03,

2019/20

Community Support Assurances over services designed to help residents retain their independence and reduce social isolation including: Telecare; Community transport; Care Centres, Handyman Services. Inherent risks include funding, demand, safeguarding.

C8, C9 MVL03, 06, 09, 10, 19

AGS (2-19/20)

2019/20

Page 16: v v o µ ] W o v î ì î ì r î í l î ì î î r î ... · / v v o µ ] W o v î ì î ì r î í l î ì î î r î ï ( / v v o µ ] W o v î ì î ì r î í l î ì î î

Draft Internal Audit Plan 2020-21 / 2022-23

16

Audit Risk / Scope Strategic / Service Risk

Previous IA Coverage

2020-21 2021-22

2022-23

Dorking Halls High levels of cash handling and banking. Additionally, the function undertakes significant level of commissioning and procuring artists. Inherent risks include health & safety, fire and safeguarding.

DH03, 04, 05; COMM08

Other Management To include annual planning, reporting and

attendance at SLT and Audit Committee, action tracking, liaison with key stakeholders and annual report and opinion.

-

- -

Page 17: v v o µ ] W o v î ì î ì r î í l î ì î î r î ... · / v v o µ ] W o v î ì î ì r î í l î ì î î r î ï ( / v v o µ ] W o v î ì î ì r î í l î ì î î

Draft Internal Audit Plan 2020-21 / 2022-23

17

Adjustments to the 2020-21 Audit Plan

Plan Variations for 2020/21 Removed from the plan Reason Regeneration Defer until 2021/22 in order to prioritise new risk areas relating to COVID-19

Community Safety & Enforcement Defer until 2021/22 in order to prioritise new risk areas relating to COVID-19 Added to the plan Reason Financial Resilience To review new systems and processes implemented by the Council due to COVID-19. Market Underwriting To review new systems and processes implemented by the Council due to COVID-19.


Top Related