PAPER E

 

AUDIT PANEL - 29 JULY  2004

 

INTERNAL AUDIT PERFORMANCE REPORT 2003/2004

 

REPORT OF THE CHIEF INTERNAL AUDITOR

 

REASON FOR AUDIT PANEL CONSIDERATION

 

This report is to provide the Panel with a summary of Internal Audit performance for the financial year 2003/04 and future prospects.  The Panel is invited to note the contents of the report and to seek clarification of any issues arising from internal audit’s performance.

 

BACKGROUND 

 

1.                  It is appropriate to set out the roles and responsibilities of the Head of Internal Audit, The Internal Audit Service and the Audit Panel so that the Panel can better fulfil its scrutiny role over the Internal Audit Service.

 

2.                  The Responsibilities of The Head of Internal Audit

 

The Chief Internal Auditor is responsible for:

 

(a)               developing a strategic audit plan based on an understanding of the significant risks to which the authority is exposed;

(b)               developing an annual audit plan based on the strategic plan and an understanding of the significant risks to which the authority is exposed;

(c)               submitting the plans to the Audit Panel for review and agreement;

(d)               implementing the agreed annual audit plan;

(e)               maintaining a professional audit staff with sufficient knowledge, skills and experience to carry out the plan;

(f)                 developing audit staff for redeployment elsewhere in the authority.

 

3.                  Role and Scope of Internal Audit

 

The role of Internal Audit is to understand the key risks of the authority and to examine and evaluate the adequacy and effectiveness of the system of risk management and internal control as operated by the authority. Internal Audit, therefore, has unrestricted access to all activities undertaken in the authority, in order to review, appraise and report on:

 

(a)               the adequacy and effectiveness of the systems of financial, operational and management control and their operation in practice in relation to the business risks to be addressed;

 

(b)               the extent of compliance with, relevance of, and financial effect of, policies, standards, plans and procedures established by the Council and the extent of compliance with external laws and regulations, including statutory reporting requirements;

 


(c)               the extent to which the assets and interests are acquired economically, used efficiently, accounted for and safeguarded from losses of all kinds arising from waste, extravagance, inefficient administration, poor value for money, fraud or other cause and that adequate business continuity plans exist;

 

(d)               the suitability, accuracy, reliability and integrity of financial and other management information and the means used to identify measure, classify and report such information;

 

(e)               the integrity of processes and systems, including those under development, to ensure that controls offer adequate protection against error, fraud and loss of all kinds; and that the process aligns with the authority’s strategic goals;

 

(f)                 the suitability of the organisation of the units audited for carrying out their functions, and to ensure that services are provided in a way which is economical, efficient and effective;

 

(g)               the follow-up action taken to remedy weaknesses identified by Internal Audit review, ensuring that good practice is identified and communicated widely;

 

(h)               the operation of the authority’s corporate governance arrangements.

 

4.                  The Role of the Audit Panel

 

In keeping with good corporate governance practice, a Panel of elected members should have oversight of the activities of the Internal Audit Service for the following purposes:

 

v                  The Panel should monitor Internal Audit’s performance, both in terms of the quality and quantity of its work;

v                  The Panel should satisfy itself that Internal Audit has devoted its attention to the appropriate issues;

v                  The Panel should consider the results of Internal Audit reviews to ensure that any significant findings are addressed, including control weaknesses and to ascertain whether, in the opinion of the Chief Internal Auditor, adequate and satisfactory responses have been given by the Authority’s management;

v                  The Panel should recommend, if necessary, that further attention should be given to some of the issues raised.

 

5.                  REVIEW OF 2003/2004

 

(a)               Developments In The Internal Auditing Profession

 

The professional environment within which internal audit operates continued to be dynamic during the last financial year. The Office of the Deputy Prime Minister published new Accounts and Audit Regulations in March 2003 that inter alia introduced the requirement for local authorities to include a Statement on Internal Control (SIC) within its published financial statements. This initiative has a wide-ranging impact not just on the work of internal audit but also on all senior managers across the council. The implications of this development are discussed in more detail below.

 

Aside from specific initiatives such as the SIC, in general terms there has been an increasing expectation that internal audit units will become more involved in reviewing risk management and corporate governance arrangements operating in their host organisations. The driver for this comes from H.M. Treasury that is keen to see the roll out of sound corporate governance practices as developed in the private sector some ten years ago across the entire public sector. In this regard, Local Government is behind the Civil Service and the Health Service in being required to adopt these practices.  

 

(b)               The Isle of Wight Council Response to Required Change

 

Comprehensive Performance Assessment

 

In October 2002 the original CPA assessment and in particular the Auditor Judgement for  the Internal Audit Service was graded as 2 out of a potential maximum score of 4. A score of 2 means generally satisfactory service but with weaknesses. The Audit Commission made a number of recommendations for improvement in the Audit Service which have been addressed during financial year 2003/04 and before. The CPA scores were reviewed by the Audit Commission in autumn of 2003 and the score for Internal Audit Services improved from a 2 to a 3. A score of 3 means satisfactory with no major areas of weakness. Our ambition for the future is to further improve on this score to a 4.

 

Risk Based Auditing

 

 In response to the central government drive to embed risk management in local authorities, during 2003/2004 Audit Services re-assessed the audit methodologies we employ and developed a new approach to operational/management audits called risk based auditing. This involves working collaboratively with management to determine service objectives, to identify and assess the risks threatening the achievement of objectives and to identify the management information and performance targets needed to ensure business success. The majority of these audits commence with a risk assessment workshop facilitated by internal audit staff. We revert to a more traditional audit approach when testing the reliability of the management information that informs management decision-making.

 

A consequence of changing methodologies and essentially re-tooling the section has been a considerable investment in staff training and development during the financial year. This in turn has impacted upon productivity and the achievement of the internal audit plan. Whereas our original aim was to achieve 90% of the approved audit plan, the actual achievement was 68%. Other factors which contributed to the lower than expected output were unforeseen staff vacancies arising during the year and other development work detailed below. 

 

Development of New Audit Manuals and the Quest for Quality Assurance Certification

 

The process of re-tooling the service has also required comprehensive re-writing of the Internal Audit Manuals to reflect modern best practice. This process was largely completed during the financial year and the new manuals are now being used by internal audit staff.

 

It is our intention to seek certification to the internationally recognised Quality Assurance standard ISO 9001. In order to successfully achieve this standard it is essential that all procedures are documented and therefore the development of up to date audit manuals supports this aspiration.  We hope to achieve certification by mid 2005.

 

6.                  Benchmarking Comparisons.

 

The service annually submits data to the Institute of Public Finance benchmarking Club to allow us to monitor our performance against other Internal Audit sections in Unitary Authorities. Attached at appendix A are the benchmarking results for the financial year ended 31st March 2004.

 

(a)               Cost Analysis

 

Table one in appendix A compares the IOW performance in terms of costs against the average for unitary authorities. The cost per £m gross turnover shows that on average unitary authorities invested 29% more on internal audit services for the amount of money at risk than does the Isle of Wight Council.

 

The days per auditor at 141 chargeable days compares unfavourably with the unitary average. However, much of this reduced productivity can be explained by the consequences of changing operating methods with the inevitable training requirement that accompanied the changes. This is illustrated in table two where training time is higher as well as other non-chargeable days. The other non-chargeable days figure is high owing to the need to have far more staff meetings than normal to explain the changes required and to win the hearts and minds of audit staff so that they would accept the required changes.

 

(b)               Audit Coverage

 

Table four shows the areas of audit coverage per £m compared with the average for unitary authorities.  In general our coverage is less than other authorities with the significant exception of ICT audit  when we were fortunate to have two qualified ICT auditors for part of the year which bolstered activity in this important area of audit work. Coverage of ICT audit was also enhanced by purchasing particular ICT audit technical expertise from the private sector to cover technical audits that we could not resource in-house.

 

(c)               Staffing Matters

 

During the course of the year we had an average of 6.53 full time equivalent staff in post. This includes an additional whole time staff member that was an agreed growth bid for financial year 2003/04. Additionally, as one member of staff was seconded to the GAGs programme for part of the year, we recruited a temporary member of staff who provided an additional 52 days of productive time during the year. We also, as mentioned above bought some 50 days specialist ICT audit time from an external contractor ACIT services Ltd.

 

Table five illustrates the overall pay structure of internal audit staff. As can be seen some 27% of audit staff are paid more than 25k compared with 53% for the average of other unitaries. Table 6 shows that in terms of qualified accountants/internal auditors, 61% of our staff are qualified compared with 34% for the average of all other unitaries. Table 7 demonstrates the high levels of audit experience our staff bring to the task.

 

(d)               Overall Direction of Travel

 

The benchmarking data for 2003/04 shows an overall improvement in the performance of the service over the recent past. If the plans for further improvements (discussed in more detail below) are realised, then the service should be performing in line with the average of unitary authorities during the current financial year.

 

Moreover, the changes made in methodologies have increased the added value delivered by the service and will make a positive contribution to assisting the authority in improving its overall CPA score. We also are geared up to assist in improving the council’s corporate governance and risk management arrangements.

 

7.                  OUTLOOK FOR 2004/2005

 

(a)               Benchmarking Comparisons

 

Attached at appendix B are the benchmarking estimates projecting to the end of the current financial year.

 

Table 1 projects a better cost performance with our cost per auditor forecast to fall below the average for unitary authorities for the first time in three years. Table two projects an 18% improvement in productivity by increasing productive days per auditor from 141 in 2003/04 to 167 in the current year. The first quarters actuals for 2004/05 indicate that we are on track to achieve this higher level of productivity.  Finally table 4 shows improved audit coverage over the various categories of audit work albeit still below the averages for all unitaries due to staff resource constraints.

 

(b)               Consolidation

 

The main aims for financial year 2004/2005 are to consolidate on the methodological improvements achieved in 2003/2004 and to drive up productivity levels so that the service can be seen to be delivering value for money in all its activities. Allied to these aims, as stated above, we also wish to demonstrably improve the quality of our work by establishing a robust quality management system capable of being certified to ISO 9001 by mid 2005. 


 

8.                  THE COUNCILS INTERNAL CONTROL ENVIRONMENT

 

(a)               The Statement on Internal Control

 

This year for the first time, the authority is obliged to publish a Statement on Internal Control to be published as part of the council’s financial statements. The mechanism for developing the statement relies on Heads of Service producing assurance statements that they are actively managing their risks through the development and maintenance of robust control systems. In circumstances where they are not adequately managing their risks this must be acknowledged in the statement and a plan for remedial action must be identified.

 

Internal audit’s role as far as the SIC is concerned is to give independent assurance that there are no significant control problems which have not been identified and therefore effectively give assurance that the statements made in the compilation of the SIC are accurate. Additionally, internal audit, together with colleagues in the Insurance and Risk Management section have worked hard during the year to raise the awareness of risk management across the organisation so that the authority is in a position to sensibly respond to the requirements of the SIC.

 

(b)               Internal Audit’s Overall Opinion on the State of the Council’s Internal Control Environment.

 

During the course of financial year 2003/2004, we have performed audit reviews of the council’s operations and the core financial systems operated by the council in accordance with the agreed annual audit plan for the year. During the course of that work, we found no evidence of significant control failures which would materially damage either the councils financial standing or its reputation. The only issue which we felt needed to be identified in the Statement of Internal Control is the fact that the authority’s risk management arrangements were underdeveloped for much of the duration of financial year 2003/2004, albeit by the end of the financial year much progress had been made in remedying this situation.

 

Therefore, we can give the Audit Panel reasonable assurance that the internal control system operating in financial year 2003/2004 met the Council’s requirements.

 

RELEVANT PLANS, POLICIES, STRATEGIES and PERFORMANCE INDICATORS

 

None

 

CONSULTATION PROCESS

 

None

 

FINANCIAL, LEGAL, CRIME AND DISORDER IMPLICATIONS

 

There are no significant financial or legal implications of this report , given that it is a progress report on the Internal Audit function. The Panel is reminded that the Council is required by statute (the Accounts and Audit Regulations) to have an adequate and effective Internal Audit function.

 

APPENDICES ATTACHED

 

Appendix A - Compares the IOW performance in terms of costs against the average for unitary authorities

 

Appendix B - benchmarking estimates projecting to the end of the current financial year.

 

BACKGOUND PAPERS USED IN THE PREPARATION OF THIS REPORT

 

13. IPF Benchmarking file held by G Richardson  - extension 3683

 

Contact Point : G Richardson, Chief Internal Auditor ( 823683

 

 

 

 

GED RICHARDSON

Chief Internal Auditor

 

 
APPENDIX  A

 

BENCHMARK COMPARISONS 2003/2004 ACTUALS

 

TABLE ONE – COST ANALYSIS - 2003/2004 ACTUALS

 

BENCHMARKS

IOW

AVERAGE ALL UNITARIES

Audit days per £m gross turnover

3.35

4.99

Cost per £m gross turnover

£959

£1,237

Days per auditor (staff on payroll)

141

165

Cost per auditor

£45,468

£41,916

Staff cost per auditor (all staff)

£34,027

£32,413

Overheads cost per auditor (all staff)

£11,411

£9,504

Hours per Audit Day

7.4

7.3

 

TABLE TWO – CHARGEABLE DAYS  PER AUDITOR  2003/04 ACTUALS

 

Chargeable days – Staff on payroll

IOW

DAYS

IOW

DAYS/FTE

AVERAGE ALL UNITARIES

DAYS/FTE

Total days pa

1,719

263.2

260

Non-Chargeable Days:

 

 

 

Public holidays

79

12.1

9.1

Annual leave

199

30.5

29

Special leave

na

na

4.4

Sickness

49

7.5

10.5

Training – Audit qualification

25

3.8

4.9

Training - other

82

12.6

7.6

Other non-chargeable days

362

55.4

32.3

Chargeable days

923

141.3

165

 


TABLE THREE – OVERHEAD COSTS – 2003/04 ACTUALS

 

Overhead costs

IOW

£’000

IOW

£’000/FTE

AVERAGE ALL UNITARIES

£’000/FTE

Transport and travel

7

1.0

0.5

Other running costs

8

1.2

2.0

Accommodation

8

1.2

1.9

IT

10

1.5

2.0

Other central charges

44

6.5

3.1

Total

77

11.4

9.5

 

TABLE FOUR – AUDIT DAYS PER £M BY TYPE OF AUDIT - 2003/2004 ACTUALS

 

Audit days per £m

IOW

DAYS

IOW

DAYS/£M

AVERAGE ALL UNITARIES

DAYS/£M

Fundamental financial systems

155

0.51

0.84

Assurance work on other systems

180

0.59

1.2

Risk management

113

0.37

0.07

Corporate governance

8

0.03

0.14

Performance management

12

0.04

0.12

Establishment audit

121

0.40

0.75

Audit of IT Systems

223

0.74

0.26

Fraud etc.

41

0.14

0.59

Contract audit

105

0.35

0.26

VFM/Management

-

-

0.10

Consultancy, advice

26

0.09

0.40

Other

30

0.10

0.23

Total

1,014

3.35

4.99

 


TABLE FIVE – STAFF SALARY BANDINGS AT 31ST MARCH 2004

 

Salary bandings

IOW

FTE

IOW

%

AVERAGE

ALL UNITARIES

%

Under £15k

0.5

6

9

£15 – 20k

-

0

15

£20 – 25k

5.1

67

23

£25 – 30k

1.0

13

23

£30 – 40k

1.0

13

22

Over £40k

-

0

8

Total

7.6

 

 

 

TABLE 6 – AUDIT STAFF QUALIFICATIONS AT 31ST MARCH 2004

 

Qualifications

IOW

FTE

IOW

%

AVERAGE ALL UNITARIES

%

CCAB/MIIA/PIIA

4.6

61

34

AAT

1.8

24

26

Other specialists

-

0

6

Part Qual/Trainees

-

0

19

Non-Qualified

1.2

15

15

Total

7.6

100

100

 

 

 

 

 

 

 

 

 

TABLE 7 – AUDIT EXPERIENCE AT 31ST MARCH 2004

 

Audit Experience

 

Overall

At current authority

 

IOW

FTE

IOW

%

AVERAGE

ALL

UNITARIES

%

IOW

FTE

IOW

%

AVERAGE ALL UNITARIES

%

Under 1 yr

-

0

6

2.0

26

13

1 – 5 yrs

2.0

26

26

2.0

26

34

6 – 10 yrs

2.0

26

20

2.0

26

23

Over 10 yrs

3.6

48

48

1.6

21

28

Total

7.6

 

 

7.6

 

 

 


APPENDIX  B

 

BENCHMARK COMPARISONS 2004/2005 ESTIMATES

 

TABLE ONE – COST ANALYSIS - 2004/2005 ESTIMATES

 

BENCHMARKS

IOW

AVERAGE ALL UNITARIES

Audit days per £m gross turnover

3.84

5.04

Cost per £m gross turnover

£885

£1,223

Days per auditor (staff on payroll)

167

174

Cost per auditor

£42,763

£43,316

Staff cost per auditor (all staff)

£32,237

£34,192

Overheads cost per auditor (all staff)

£10,526

£9,124

Hours per Audit Day

7.4

7.3

 

TABLE TWO – CHARGEABLE DAYS  PER AUDITOR  2004/05 ESTIMATES

 

Chargeable days – Staff on payroll

IOW

DAYS

IOW

DAYS/FTE

AVERAGE ALL UNITARIES

DAYS/FTE

Total days pa

1,910

251.3

260

Non-Chargeable Days:

 

 

 

Public holidays

88

11.6

10.3

Annual leave

177

23.3

29.3

Special leave

na

na

2.9

Sickness

56

7.4

6.9

Training – Audit qualification

25

3.3

4.7

Training - other

74

9.7

7.0

Other non-chargeable days

218

28.7

25.8

Chargeable days

1,272

167.4

174.1

 


TABLE THREE – OVERHEAD COSTS – 2004/05 ESTIMATES

 

Overhead costs

IOW

£’000

IOW

£’000/FTE

AVERAGE ALL UNITARIES

£’000/FTE

Transport and travel

8

1.1

0.6

Other running costs

8

1.1

1.7

Accommodation

7

0.9

1.9

IT

10

1.3

1.8

Other central charges

47

6.2

3.1

Total

80

10.5

9.1

 

TABLE FOUR – AUDIT DAYS PER £M BY TYPE OF AUDIT - 2004/2005 ESTIMATES

 

Audit days per £m

IOW

DAYS

IOW

DAYS/£M

AVERAGE ALL UNITARIES

DAYS/£M

Fundamental financial systems

190

0.58

0.83

Assurance work on other systems

290

0.89

1.25

Risk management

25

0.08

0.09

Corporate governance

34

0.10

0.15

Performance management

25

0.08

0.11

Establishment audit

130

0.40

0.69

Audit of IT Systems

221

0.68

0.32

Fraud etc.

120

0.37

0.48

Contract audit

129

0.39

0.30

VFM/Management

-

-

0.15

Consultancy, advice

45

0.14

0.36

Other

63

0.19

0.20

Total

1,272

3.88

5.04