internal audit plan 2019-20 / 2021-22 mole valley district ......in september 2015 the institute of...
TRANSCRIPT
Internal Audit Plan
2019-20 / 2021-22
Mole Valley District Council
AC53
Draft Internal Audit Plan 2019-20 / 2021-22
2
Contents
Introduction …………………………………………………………………………………………… 3
Your Internal Audit Team …………………………………………………………………………………………… 4
Conformance with Internal Audit Standards …………………………………………………………………………………………… 4
Conflicts of Interest …………………………………………………………………………………………… 4
MVDC Corporate Strategy …………………………………………………………………………………………… 5
Council Risk …………………………………………………………………………………………… 6
Developing the internal audit plan 2019-20 / 2021 -22 …………………………………………………………………………………………… 7
Internal Audit Plan 2019-20 / 2021 -22 …………………………………………………………………………………………… 8 – 15
AC54
Draft Internal Audit Plan 2019-20 / 2021-22
3
Introduction
The role of internal audit is that of an: ‘Independent, objective assurance and consulting activity designed to add value and improve an organisations operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes’. The Council is responsible for establishing and maintaining appropriate risk management processes, control systems, accounting records and governance arrangements. Internal audit plays a vital role in advising the Council that these arrangements are in place and operating effectively. The Council’s response to internal audit activity should lead to the strengthening of the control environment and, therefore, contribute to the achievement of the organisation’s objectives. The aim of internal audit’s work programme is to provide independent and objective assurance to management, in relation to the business activities, systems or processes under review that:
the framework of internal control, risk management and governance is appropriate and operating effectively; and
risk to the achievement of the Council’s objectives is identified, assessed and managed to a defined acceptable level. The internal audit plan provides the mechanism through which the Chief Internal Auditor can ensure most appropriate use of internal audit resources to provide a clear statement of assurance on risk management, internal control and governance arrangements. Internal Audit focus should be proportionate and appropriately aligned. The plan will remain fluid and subject to on-going review and amendment, in consultation with the Strategic Leadership Team and Audit Sponsors, to ensure it continues to reflect the needs of the Council. Amendments to the plan will be identified through the Southern Internal Audit Partnership’s continued contact and liaison with those responsible for the governance of the Council.
AC55
Draft Internal Audit Plan 2019-20 / 2021-22
4
Your Internal Audit Team Your internal audit service is provided by the Southern Internal Audit Partnership. The team will be led by Natalie Jerams, Assistant Head of Southern Internal Audit Partnership, supported by TBC, Audit Manager. Conformance with internal auditing standards
The Southern Internal Audit Partnership service is designed to conform to the Public Sector Internal Audit Standards (PSIAS). Under the PSIAS there is a requirement for audit services to have an external quality assessment every five years. In September 2015 the Institute of Internal Auditors were commissioned to complete an external quality assessment of the Southern Internal Audit Partnership against the PSIAS, Local Government Application Note and the International Professional Practices Framework. In selecting the Institute of Internal Auditors (IIA) a conscious effort was taken to ensure the external assessment was undertaken by the most credible source. As the authors of the Standards and the leading Internal Audit authority nationally and internationally the IIA were excellently positioned to undertake the external assessment. In considering all sources of evidence the external assessment team concluded:
‘It is our view that the Southern Internal Audit Partnership (SIAP) service generally conforms to all of these principles. This performance is within the top decile of EQA reviews we have performed. This is a notable achievement given the breadth of these Standards and the operational environment faced by SIAP. There are no instances across these standards where we determined a standard below “generally conforms”, and 4 instances where the standard is assessed as “not applicable” due to the nature of SIAP’s remit.’
Conflicts of Interest
We are not aware of any relationships that may affect the independence and objectivity of the team, and which are required to be disclosed under internal auditing standards.
AC56
Draft Internal Audit Plan 2019-20 / 2021-22
5
Corporate Strategy 2015 - 19
Mole Valley District Council’s Corporate Strategy is an overarching strategic document providing the Council’s vision, values, guiding principles and priority outcomes and is used as a basis for service planning.
Vision: Values: A place where people want to live, work, do business and spend their leisure time Listen, respect, care, trust, and lead
Guiding Principles:
Sustainability: Meeting the needs of the present without compromising future generations requires responsible decision making and innovation. Helping communities to be resilient
is an important aspect of this principle.
Cost effectiveness: By applying a cost-effective approach to delivering and developing services we are able to give residents the best deal. Reviewing the way in which we provide
our services ensures that we focus on what matters most and that we deliver services that are value for money.
Openness and accountability: Residents need clear timely information that enables them to help themselves, with support for those who need it. Listening to and involving
residents is an important part of how we make decisions, develop our services, and help people shape their communities.
Priorities:
ENVIRONMENT PROSPERITY COMMUNITY WELLBEING A highly attractive area with housing that meets local need A vibrant local economy with thriving towns and villages Active communities and support for those who need it To support this priority, together with our local communities and partners, we will:
To support this priority, together with our local communities and partners, we will:
To support this priority, together with our local communities and partners, we will:
Protect and enhance the natural and built environment and ensure our areas of natural beauty are well looked-after
In consultation with the community, develop plans for how land is used in Mole Valley. We will set out proposals for residential, leisure, and commercial development, which balance residents’ needs with protection of the Green Belt
Pursue policies that encourage the creation of affordable housing
Support residents and businesses in caring for their local environment by tackling fly-tipping, littering and dog fouling
Encourage residents to protect our wider environment by facilitating the recycling and reuse of materials
Work with other agencies to protect the District from the effects of climate change and environmental pollution, paying particular attention to flooding and air quality.
Continue to drive the transformation of Leatherhead Town Centre and support the market-town culture and economy of Dorking
Work with rural communities and businesses to build on their unique strengths and address their challenges, helping them thrive and become more sustainable
Adopt a pro-business outlook across the District, addressing infrastructure needs, in particular parking provision which balances the needs of residents and local businesses
Look for innovative ways to minimise the cost to taxpayers of Mole Valley District Council whilst protecting services.
Improve opportunities for residents to live safe and healthy lives
Deliver a programme of inclusive sports and wellbeing activities, increasing participation across all generations and targeting those communities most in need
Foster community spirit, encouraging individuals, families and communities to support each other especially in times of particular need
Support individuals and families who find themselves unintentionally homeless, seeking to minimize disruption to education and employment
Work with cycling and other leisure groups to encourage healthy lifestyles, and responsible enjoyment of our parks, open spaces, countryside and roads
Council Strategy 2019-24 - MVDC is currently developing its Council Strategy for 2019-24. This will be reflected accordingly in future iterations of the internal audit plan.
AC57
Draft Internal Audit Plan 2019-20 / 2021-22
6
Council Risk
The Council have a clear framework and approach to risk management. The strategic risks assessed by the Council are a key focus of our planning for the year to ensure it meets the organisation’s assurance needs and contributes to the achievement of their objectives. We will monitor the strategic risk register closely over the course of the year to ensure our plan remains agile to the rapidly changing landscape.
No. Ref Risk Description Current
Risk Score*
1 C1d Loss of rental income from key properties. 9
2 C3 Corporate Health & Safety – failure to deliver could lead to loss of service and /or preventable accidents to staff, contractors, public or others affected by our undertakings.
8
3 C4b IT Systems – risk of hacking. 8
4 C4c IT Systems – operational resilience 9
5 C4d Document Management System – in the short to medium term the existing system will be unsupported by the vendor 8
6 C5 Data Protection / Information Governance – failure to ensure personal data is secure and that an individual’s right to privacy is protected could lead to a loss of public trust and financial penalties to the organisation.
12
7 C7 Organisational capacity to deliver – if the organisation ceases to have capacity to deliver services this could have serious implications particularly in relation to statutory services ultimately leading to service failure.
9
8 C8 Safeguarding – requirement to ensure all employees are aware of the organisation’s responsibilities in relation to safeguarding children and vulnerable adults.
9
*Strategic Risks as per the Strategic Risk Register - December 2018
AC58
Draft Internal Audit Plan 2019-20 / 2021-22
7
Developing the internal audit plan 2019-20 / 2021-22
We have used various sources of information and discussed priorities for internal audit with the following groups:
Strategic Leadership Team
Deputy Chief Executive (S151)
Executive Heads of Service
Audit Committee
Other key stakeholders
Based on these conversations with key stakeholders, review of key corporate documents and our understanding of the organisation the Southern Internal Audit Partnership have developed an annual audit plan for 2019-20 / 2021-22.
The Council are reminded that internal audit is only one source of assurance and through the delivery of our plan we will not, and do not seek to cover all risks and processes within the organisation.
We will however continue to work closely with other assurance providers to ensure that duplication is minimised and a suitable breadth of assurance is obtained.
Internal Audit Plan
19/20
(to 21/22)
Council Strategy
Strategic Risk Register
External Audit
Internal Audit
Emerging Issues
Key stakeholder
Liaison
Committee minutes /
reports
AC59
Draft Internal Audit Plan 2019-20 / 2021-22
8
Internal Audit Plan
Audit Risk / Scope Strategic / Service Risk
Previous IA Coverage
2019-20 2020-21 2021-22
Corporate
Programme & Project Management
Assurance over project management framework and compliance in relation to delivery on live / ongoing projects.
LEG02; RMP08 2018/19 2017/18 2016/17 2015/16
Alternative Delivery Models Unique methods of service delivery with the potential for loss of control / ownership over service delivery. Assurance over governance, rights of access, third party assurance. Contingencies, exist strategies, hosting arrangements, accountability.
FIN11
AGS (3-18/19)
Financial Sustainability Assurance over budgetary control, efficiency Plans, financial risks relating to assumptions made for medium term financial projections.
FIN06, 07; PDC02; CSS07, 08, 11, 13; PCL03a; PCC04a;
RMP10, 11
2017/18 2015/16
Q2
Transformation To meet future financial challenges and enable improved and more efficient services. To include digitalisation (new ways of working, CRM, AI, robotics etc.)
Working in Partnership Working alongside different cultures. Potential for some loss of control / ownership of service delivery. Assurance over governance, rights of access, third party assurance, contingency arrangements, exit strategy, hosting
arrangements (accountabilities), benefit
realisation.
FIN11
AGS (3-18/19)
2016/17 (Homelessness)
Q1
Asset Management (Property Assets)
Assurance over effectiveness and delivery of the Asset Management Plan including repairs and maintenance to non-housing assets (planned & reactive).
PRO04, 06, 08; DH07
2018/19
AC60
Draft Internal Audit Plan 2019-20 / 2021-22
9
Audit Risk / Scope Strategic / Service Risk
Previous IA Coverage
2019-20 2020-21 2021-22
Governance
Human Resources & Organisational Development
Weak or ineffective internal control leading to financial loss resulting in damage to the Council’s reputation and adverse publicity. Assurances over the audit cycle to cover:
Performance Management
Absence management
Recruitment
Training & Development
Workforce Strategy / Development
Flexible Working
Volunteers.
19/20 focus on recruitment and induction (to include safeguarding / agency staff / consultants).
C7, C8
FIN01, 02; CSS03; PRO10; LEG08; CS12; PCC05b;
PP02; PDC01, 11; PTS04; BEN02, 03; HR01, 02, 03, 04,
05, 06
AGS (2-18/19)
2018/19 (Workforce Planning) 2017/18 (Casual
payments & Member
expenses)
Q4
Commissioning & Procurement Assurance over the effective identification and assessment of organisational needs to maximise value for money and efficiencies through procurement.
Assurance over compliance with contract
procedure rules and legislative requirements.
I&R04; LEG09 2016/17
Contract Management Review of contract management arrangements and compliance across a selection of contracts in place. To include the Grounds Maintenance contracts.
I&R04; LEG09; CSS17; PTS02;
PRK04, 07; ENV09
Advisory report 2017/18
Q2
Risk Management Assurance over the risk management framework including governance, transparency and maturity.
2017/18 2016/17 2015/16
Fraud & Irregularities Cyclical assurance over the governance
arrangements to prevent, detect and investigate fraud
FIN03; RMP10
AC61
Draft Internal Audit Plan 2019-20 / 2021-22
10
Audit Risk / Scope Strategic / Service Risk
Previous IA Coverage
2019-20 2020-21 2021-22
and irregularities.
Health & Safety Effective H&S strategy in place and operating effectively with effective governance, accountability and issue resolution.
C3
RMP06; DEM09; CS03, 14; PRO12; CSS01, 02, 04, 05, 18; PRK01, 02, 03, 11; DH08; BEN02;
PDC05; PTS05; HOU07, 08, 09
2018/19 2015/16
Information Governance Assurance over information governance
arrangements to include FOI, SAR, Transparency and General Data Protection Regulation (GDPR).
C5
I&R05; ED05; LEG05, 06, 07; REV05; FIN12; PRO11; EH09; CSS16; PRK08;
BEN04; HOU12; CRP08, 10; PTS08;
PLC09; PDC10; PP12; CS10, 11, 13;
HR07; SCS05; DEM08; RMP05,
07, 13
2018/19 2015/16
Decision Making & Accountability
Assurance over the effectiveness and transparency of the decision-making process at officer and Member level. To consider governance, sufficiency, accuracy and timeliness of information including consultation with the public as necessary.
RMP01; 02; 03 DEM04 05; 06
COMMS06 SCS02
2017/18 (Data quality)
Ethical Governance Evaluation of the design, implementation and effectiveness of MVDC’s ethics-related objectives,
PDC04; DEM10 2018/19
AC62
Draft Internal Audit Plan 2019-20 / 2021-22
11
Audit Risk / Scope Strategic / Service Risk
Previous IA Coverage
2019-20 2020-21 2021-22
programmes and activities.
Business Continuity & Emergency Planning
Assurance over planning for extreme events that may lead to delays in responding to situations resulting in increased costs and staff resources
including:
Business Continuity Plan
Emergency Plan.
DH02; PTS01; EH10; ENV02, 03, 04, 05; DEM02, 03
2018/19 2016/17
Annual Governance Statement Cyclical assurance over the governance
arrangements to compile, contribute and deliver the AGS.
Q2
Core Financial Reviews
Housing Benefits
Programme of cyclical systems reviews
BEN01 2018/19 2017/18 2016/17
Council Tax REV01 2018/19 2017/18 2016/17
Accounts Payable REV02; FIN10, 13 2016/17 Q3
Accounts Receivable / Debt Management
REV01, 02; PRO03 2016/17 Q3
Main Accounting 2017/18
Treasury Management FIN04 2016/17 Q3
Income Collection (incl. Cash Office)
2018/19 2016/17 (car
parking, licensing, telecare)
Q3
Capital Accounting 2018/19
NNDR Outsourced to Reigate & Banstead BC. Contract took effect from September 2018. Review of contract
REV01, 03 2018/19 2017/18
AC63
Draft Internal Audit Plan 2019-20 / 2021-22
12
Audit Risk / Scope Strategic / Service Risk
Previous IA Coverage
2019-20 2020-21 2021-22
management and assurance requirements. 2016/17
Payroll Outsourced to Midland HR. Review of contract management arrangements. Assurance that MVDC are receiving all outcomes expected from the contract and to review MVDC in-house operations.
2017/18 2016/17
Q1
IT
IT Governance Review of IT strategy, policies, standards and procedures. Other potential areas for consideration to include IT asset management, change management and software licensing.
C4c
IT05, 07
Q2
Data Management Review of data centre facilities and security including storage and back-up. To also consider database management.
IT05
Information Security Review of cyber security arrangements, security controls (including remote access) and cloud storage. To also consider network security and infrastructure management
C4b, C4c, C4d
IT02, 03, 05, 08, 09; PCL10
2016/17 (cyber security)
System Development & Implementation
Systems Life Cycle, Project Management and Application Management.
C4d
REV02; PCL10
IT Business Continuity Disaster recovery, system resilience C4c
IT01, 11; PRO05; CSS06, 09
Q3
Networking & Communications Virtualisation, operating system management
Payment Card Industry Data Security Standard
Compliance to meet industry standards
Mobile Working Initiatives to promote agile working. Security (physical, environmental and technical) of data and hardware.
AC64
Draft Internal Audit Plan 2019-20 / 2021-22
13
Audit Risk / Scope Strategic / Service Risk
Previous IA Coverage
2019-20 2020-21 2021-22
Environment
Affordable Housing Opportunities for development and alternative methods of delivery to meet organisational and national priorities.
HOU03, 04, 06, 10
Environmental Services To review arrangements for refuse collection, recycling & street cleansing. Joint Waste Contract in conjunction with four other local authorities with Amey (effective August 2018), managed through Joint Waste Solutions (hosted by Surrey Heath). Street Cleansing to transition across in April 2019.
ENV09, 10, 11, 12 Q3
Environmental Health & Licensing
Shared Service with Tandridge DC (hosted by MVDC). Assurance over governance and accountability. Separate review required for Taxi licensing as this does not form part of the shared service agreement.
EH02, 03, 08
AGS (3-18/19)
2018/19
Development Management Planning (street naming, CIL); Development Control (planning applications, appeals); Planning Policy (local plan). LGA review undertaken in September 2018. Follow up of recommendations to be carried out in (19/20)
PDC02, 06, 07, 08, 09, 11; FIN09;
PLC02; PP01, 02, 10; PCL07, 10
2017/18 x2 2015/16
Q3
Building Control Partnership initiated in 2017 hosted by Tandridge DC across three partners MVDC, R&BBC and TDC. Agreement through IAA. To consider governance, deliverables and outcomes.
PBC01, 02, 03, 04; PCL06
2018/19 2017/18
Prosperity
Economic Development Review business strategy and delivery
including processes and outcomes. To review assurances from Coast to Capital LEP review.
ED02, 04
AC65
Draft Internal Audit Plan 2019-20 / 2021-22
14
Audit Risk / Scope Strategic / Service Risk
Previous IA Coverage
2019-20 2020-21 2021-22
Investments Assurance over the governance, accountabilities, viability and outcomes of Asset Investment Strategy. Significant financial expectations through the successful delivery of the AIS to meet savings targets. Management direction around Risk Management.
I&R01, 02; LEG08; FIN02, 04b; PRO01
Q3
Regeneration Programme management, governance and reporting of the ‘Transform Leatherhead Programme’ against desired outcomes.
I&R03
Parking & Enforcement Assess delivery of the Parking Strategy 2018/22 CRP02, 06, 07, 09
Income Generation & Commercialisation
Effectiveness of income generation /
maximisation (rental income and leases, optimal use of subsidies, fees and charges). Review of relevant strategies.
C1d
PRO03; PH03; CSS07, 11; PTS03;
CRP04
Q2
Community Wellbeing
Homelessness Assurance over management and prevention of homelessness.
HOU01, 02
Housing Effective Housing Policy and procedures to achieve desired outcomes.
Effective relationship maintained and performance monitoring of the local housing association.
Disabled Facility Grants Administration and compliance with local /
legislative requirements.
2017/18 2015/16
Community Safety & Wellbeing Response to community safety and anti-social behaviour. To include PREVENT, East Surrey Community Safety Partnership, community funding and grants and the development of the JET.
PTS 06; 07 2017/18 (community
grants)
AC66
Draft Internal Audit Plan 2019-20 / 2021-22
15
Audit Risk / Scope Strategic / Service Risk
Previous IA Coverage
2019-20 2020-21 2021-22
Health & Leisure Facilities Thematic reviews based on areas of significant risk. To include contract management of leisure operators for Dorking Sports Centre and Leatherhead Leisure Centre.
PTS03; PRK02, 03, 10
Q1
Community Support Assurances over services designed to help residents retain their independence and reduce social isolation including: Telecare; Community transport; Care Centres, Handyman Services. Inherent risks include funding, demand, safeguarding.
C8
CSS06, 07, 08, 09, 10, 11, 12, 13
Q4
Dorking Hall High levels of cash handling and banking. Additionally, the function undertakes significant level of commissioning and procuring artists. Inherent risks include health & safety, fire and safeguarding.
DH03, 04, 05
Other
Management To include annual planning, reporting and attendance at SLT and Audit Committee, action tracking, liaison with key stakeholders and annual report and opinion.
-
- -
AC67