PAPER E
Committee : AUDIT PANEL
Date : 24 FEBRUARY 2003
Title : STRATEGIC PLAN FOR INTERNAL
AUDIT
REPORT OF THE COMPLIANCE
AND RISK MANAGER
PAPER E
Committee : AUDIT PANEL
Date : 24 FEBRUARY 2003
Title : STRATEGIC PLAN FOR INTERNAL
AUDIT
REPORT OF THE COMPLIANCE
AND RISK MANAGER
1.1
The purpose of this
report is to inform the Audit Panel of the proposed internal audit activity for
the coming financial year (and to show how all Council activities will be
covered over a six year period).
2.
BACKGROUND
2.1
The Council is the
largest organisation on the Island, spending and receiving around £300 million
per annum and employing around 5,000 staff.
In addition it manages its own pension fund valued at £150 million. The Council seeks to achieve probity and
regularity in the way it manages such large sums through maintaining a
comprehensive system of internal control.
Internal Audit is part of the regime of control, and being a finite
resource, needs to plan and allocate resources in a rational and systematic way
in order to ensure that all the Council’s activities receive an appropriate
amount of attention.
2.2
The Strategic Audit Plan
which is attached to this report at Appendix A is the result of a rigorous
planning exercise which has involved :
·
long experience of the
Council’s range of activities and its systems
·
a risk assessment process
using a computerised planning system (the results of which are also summarised
as Appendix B)
·
extensive consultation
with all of the Council’s Service Heads.
2.3
The Plan sets out the
specific activities to be audited and the time needed to audit them. Clearly there are some activities and
systems which need to be audited more frequently than others. This can be illustrated by the approach to
the Council’s main, or fundamental systems such as the main accounting system where
we need to check that it is operating satisfactorily and on a frequent
basis. This is determined by its sheer
size and because it underpins all the Council’s financial affairs. At the other end of the spectrum, small,
single size functions where risk is minimal, will receive attention only once
in the term of a six year strategic plan.
The idea therefore is to match risk with internal audit resource.
2.4
Internal Audit resources
are finite and that in itself requires that their use is planned. Currently, by reference to benchmarking
comparisons, the Council’s audit team is under-resourced – employing 6.5
full-time equivalents compared to an average of 11 for other (unitary)
Councils. As a consequence, resources
are only adequate to deliver the most basic coverage, barely satisfying
statutory obligations. In order to help
narrow this gap, and to begin the development of audit towards ‘operational’
audit and value for money audit, a bid has been made in the current budget
round for 1 extra full-time auditor.
2.5
Existing audit resources,
after making allowances for training and other ‘indirect’ activity are included
in summary in the Plan. The number of
available days totals 1,040, and is close to the amount of audit required
(subject to the comments made above at paragraph 2.4).
3.
OPTIONS
3.1
The Audit Panel is
requested to :
(i)
endorse the methodology
used to construct the Audit Plan;
(ii)
consider the relative
priorities, frequencies and amounts of time devoted to areas of Council
activity;
(iii)
note the reservations
made in this report about audit resources; and
(iv)
make recommendations
about the priorities of the Audit Team’s work.
Contact Point : R
J Streets, Compliance and Risk Manager, F 3622
|
R J STREETS Compliance and Risk Manager |
G B RICHARDSON Chief Internal Auditor |