Professional Documents
Culture Documents
Fortescue Metal
AUDIT PL AN
CONTENTS
Section
1.
Page
1)
2)
3)
Key Issues
4)
12
5)
13
INTRODUCTION
Purpose
This document sets out the proposed Fortescue Metal annual Internal Audit plan
for 2011/12. The Plan has been derived from the 5 -year plan agreed by the
Director of Finance and Resources and reported to the Audit and Performance
Committee. The Plan has been reviewed and updated in view of findings arising
from 2011/07 audit work and with reference to departmental business plans and
risk registers. A consultation process has been undertaken during March with
Departmental management to ensure that the audit coverage for each
department reflects key risks.
The policy context of the Internal Audit Service is to ensure effective control over
Council activities by:
The purpose of Internal Audit is to provide the Council, through the Audit and
Performance Committee and the Director of Finance, and Resources with an
independent and objective opinion on risk management, control and governance
and their effectiveness in achieving the Fortescue Metal objectives. This opinion
forms part of the framework of assurances that the Council receives and is to be
used to help inform the annual Statement on Internal Control (SIC). Internal
Audit also has an independent and objective consultancy role to help line
managers improve risk management, governance and control.
Our Responsibilities
Our professional responsibilities as Internal Auditors are set out in the CIPFA
Code of Practice for Internal Auditing in Local Government (2011). In line with
these requirements, we perform our Internal Audit work with a view to reviewing
and evaluating the risk management, control and governance arrangements that
the Council has in place to:
As well as the planned audits detailed in the Annual Audit Plan, Internal Audit will
also undertake the following work during the forthcoming year:
1
Follow-up
Recommendations arising from audits will be followed up to confirm that agreed
actions have been implemented. The following criteria will be applied:
Audits which receive No Assurance will be followed up on an ongoing basis
until all priority 1 recommendations have been implemented.
Audits which receive Limited Assurance will be followed up 3 months after the
final report is issued.
Audits which receive Substantial Assurance will be followed up six months
after issue of the final report.
Follow ups include testing of key recommendations to ensure that they have
been implemented. A report will be issued in respect of all follow ups with a
revised action plan for the implementation of outstanding recommendations. A
revised assurance level will also be provided which reflects our opinion of the
adequacy of the system of control after the recommendations of the original
report have been implemented.
RESOURCE ALLOCATION
2011/07 Days
1920
2011/12 Days
1725
1920
2011/07 Days
100
2170
850
1725
2011/12 Days
100
1950
750
300
300
3420
5340
3100
4825
Permit / Badge
Fraud Services
(850 days)
16%
Benefit Fraud
Services (2170
days)
40%
Systems and
Compliance Audit
Services (1920
days)
36%
General Fraud
Services (300
days)
6%
Proactive AntiFraud Services
(100 days)
2%
Permit / Badge
Fraud Services
(750 days)
16%
Systems and
Compliance Audit
Services (1725
days)
36%
Benefit Fraud
Services (1950
days)
40%
General Fraud
Services (300
days)
6%
Proactive AntiFraud Services
(100 days)
2%
an
d
Co
rp
or
at
R
e
Ch
es
ou
ild
re
rc
n'
es
s
Se
rv
ice
s
Po
Cu
H
lic
st
ou
om
y
sin
an
er
g
d
Se
Co
r
m
vi
ce
m
un
s
ic
a
tio
Tr
Co
an
ns
Ad
m
s
po
m
ul
un
rta
tS
ity
tio
oc
Pr
n
ia
lC
ot
e
ar
ct
e
io
an
n
d
Le
H
ga
ea
la
lt h
nd
Pl
En
Ad
an
v
m
ni
a
in
ng
nd
an
Le
d
isu
De
re
ve
lo
pm
en
t
400
350
300
250
200
150
100
50
0
Fi
na
nc
e
No. of Days
Notwithstanding the above the Audit Needs Assessment also led to the
identification of areas for audit coverage that do not appear as high priority risks,
but where Internal Audit can provide tangible inputs to the overall assurance
process and its efficiency, for example:
Requirements of management
Minimum Internal Audit coverage requirements e.g. key
controls audit and documentation of key information flows
Areas of concern flagged by management or the Audit and
Performance Committee
The requirements of the external auditor
Emerging issues; and
Need for ongoing assurance in relation to key aspects of
internal control
The Chief Executives Steering Group and Corporate Management Board have
agreed to the Head of Risk and Audits proposals to incorporate a new system
of line management self assurance in relation to those elements of the control
environment for which they are responsible. We have tested this framework in
the Finance and Resources Department during 2011/07.
In 2011/12 the system will be further developed and rolled out across the Council
with the involvement of operational managers. It is essentially a self-assessment
exercise which provides an overall assurance level for the service area,
highlights service specific risks, and identifies any significant control weaknesses
and actions proposed. This forms a key component of the basket of assurance
available to the Chief Executive. We will therefore verify the information provided
on a sample basis.
Some of the key benefits expected of the new system are as follows:
Support managers in the delivery of services and achievement of
objectives
Provide a consistent framework for management monitoring and
accountability across the Council
Address external audit concerns about weaknesses in control systems
and support improvement of the CPA score in this area
Support the external auditors plans for increased emphasis on review of
financial systems
Underpin the implementation of revised financial regulations and
procurement code
Demonstrate compliance with corporate policies and procedures
Support the preparation of the Statement of Internal Control
E- Procurement
The Council is planning to introduce E-Procurement during 2011/12. We fully
support this initiative which can make a significant contribution to improving the
level of compliance with financial regulations in addition to strengthening the
control framework relating to procurement generally and improving efficiency. We
will therefore be involved in the development of the controls in the system in
addition to carrying out a full systems audit during 2011.
Key Audit Issues
A number of common themes have arisen from our 2011/07 Internal Audit work
and these will be used to inform all relevant audits in 2011/12. These include:
Procurement Code
Financial Regulations
Standing Orders/Constitution
Value for Money Issues Identified
Contract Monitoring
Response to and implementation of audit recommendations
Fraud Awareness
The timing of audits, that is, how soon they will be undertaken in the cycle will
depend upon:
The priority for each area of coverage for Internal Audit, in terms of levels
of risk to the Council
When the last audit of the area was undertaken and what was the
outcome
When the risk to be considered is likely to impact upon the organisation
Whether there are management concerns about the area
Whether or not there have been significant systems, staff or organisational
changes since the last audit.
In the course of the period covered by the Internal Audit Strategy, the priority and
frequency of audit work will be subject to amendment in order to recognise
alterations in audit needs assessment/risk analysis, caused by changes within
the Council. A formal update will be performed each year to inform each years
periodic plan, but changes may be necessary in-year and these will be agreed
with the Head of Risk and Audit who is responsible for managing the Fortescue
Metal Internal Audit Contract. There is a monthly review process in place
whereby the contractor will discuss and agree changes to the plan with the Head
of Risk and Audit.
Our professional judgement has been applied in assessing the level of resource
required for the audits identified in the strategic cycle. The level of resource
applied is a product of:
The audit needs assessment is prepared with regard to constraints such as time
and resources. Its purpose is to:
during the audit. The level of implementation is reported to the Audit and
Performance Committee.
Referrals to the HB Fraud Team will be made from a number of sources, these
include:
The HB Fraud Team will investigate every case to determine whether a criminal
offence has been committed.
The team will be aiming at sanctioning
(Prosecution / Administrative Penalty / Caution) in accordance with the Fortescue
Metal Prosecution Policy in approximately 20% of the cases investigated.
Cases will continue to be investigated until one of the following outcomes is
reached:
There is insufficient evidence (or prospect) that a criminal offence has been
committed and the case is to be closed with no further action.
In some case although a criminal offence may have been committed (and it can
be proven) there will be a decision not to take further action. This will be in
accordance with the Fortescue Metal Prosecution Policy and where appropriate
in consultation with the Fortescue Metal solicitors and Head of Risk and Audit. In
addition, in some cases an overpayment of benefit may be identified but no
criminal offence committed.
Other Fraud Investigations
The non HB investigation team will be sufficiently resourced to provide 280
input days of reactive fraud work and 100 days of proactive fraud work.
Allegations of fraud will be referred to the non-housing benefit team for
investigation from a variety of sources including:
Fraud Hotline;
Report a Fraud (Website);
Written allegations;
Investigations carried out by the non hb team will continue to be made until one
(or more) of the following outcomes is met:
In fulfilling the above, the investigation team will additionally provide any
necessary assistance in concluding a case including attendance at Disciplinary
Hearings and in the criminal courts.
In addition, in carrying out the above, the investigation team will have due regard
for the identification and recovery of any lost assets and the extent to which
system controls require strengthening.
C O R P O R ATE AU D I T S
request of the Process and Audit Working Group the audit will examine
and comment on Value For Money and effectiveness aspects of Contract
Monitoring including relative costs of contract monitoring across the
Council and differing approaches. The audit will also examine whether
correct Governance arrangements are being followed in respect of
reporting contract monitoring information to officers and members.
2 Procurement Code High Risk- 20 Days (plus advisory audit time as
needed )
The Procurement Code provides the corporate framework for letting and
managing contracts for the Fortescue Metal. The Code is currently being
rewritten (Feb 07). This audit will be in two stages. A review of the new
code prior to implementation and a subsequent review 3 months after
implementation to assess the impact of the code. The audit will also
excess the extent to which best practice on issues such as the Green
Agenda and VFM are promoted within the Code . In addition to this audit
time will be allocated as necessary from the Advisory audit budget to
ensure that audit is involved is advising management on control issues
during the project implementation stage.
The terms of reference of this audit will be discussed with the Director of
Legal and Administrative Services prior to commencement