internal audit plan 2019-20 / 2021-22 mole valley district ......in september 2015 the institute of...

Internal Audit Plan

2019-20 / 2021-22

Mole Valley District Council

AC53

http://www.google.co.uk/url?sa=i&rct=j&q=borders&source=images&cd=&cad=rja&uact=8&docid=XfJj4PGlJiPolM&tbnid=F6iHD2lTLAvU_M:&ved=0CAUQjRw&url=http://www.w3.org/TR/css3-background/&ei=VXluU8TGIuas0QX_v4GQDg&bvm=bv.66330100,d.d2k&psig=AFQjCNFjqQeE0iVc7yzgZmV2Y5Xub90ptQ&ust=1399835121919138

http://www.google.co.uk/url?sa=i&rct=j&q=borders&source=images&cd=&cad=rja&uact=8&docid=XfJj4PGlJiPolM&tbnid=F6iHD2lTLAvU_M:&ved=0CAUQjRw&url=http://www.w3.org/TR/css3-background/&ei=VXluU8TGIuas0QX_v4GQDg&bvm=bv.66330100,d.d2k&psig=AFQjCNFjqQeE0iVc7yzgZmV2Y5Xub90ptQ&ust=1399835121919138

Draft Internal Audit Plan 2019-20 / 2021-22

2

Contents

Introduction …………………………………………………………………………………………… 3

Your Internal Audit Team …………………………………………………………………………………………… 4

Conformance with Internal Audit Standards …………………………………………………………………………………………… 4

Conflicts of Interest …………………………………………………………………………………………… 4

MVDC Corporate Strategy …………………………………………………………………………………………… 5

Council Risk …………………………………………………………………………………………… 6

Developing the internal audit plan 2019-20 / 2021 -22 …………………………………………………………………………………………… 7

Internal Audit Plan 2019-20 / 2021 -22 …………………………………………………………………………………………… 8 – 15

AC54


3

Introduction

The role of internal audit is that of an: ‘Independent, objective assurance and consulting activity designed to add value and improve an organisations operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes’. The Council is responsible for establishing and maintaining appropriate risk management processes, control systems, accounting records and governance arrangements. Internal audit plays a vital role in advising the Council that these arrangements are in place and operating effectively. The Council’s response to internal audit activity should lead to the strengthening of the control environment and, therefore, contribute to the achievement of the organisation’s objectives. The aim of internal audit’s work programme is to provide independent and objective assurance to management, in relation to the business activities, systems or processes under review that:

the framework of internal control, risk management and governance is appropriate and operating effectively; and

risk to the achievement of the Council’s objectives is identified, assessed and managed to a defined acceptable level. The internal audit plan provides the mechanism through which the Chief Internal Auditor can ensure most appropriate use of internal audit resources to provide a clear statement of assurance on risk management, internal control and governance arrangements. Internal Audit focus should be proportionate and appropriately aligned. The plan will remain fluid and subject to on-going review and amendment, in consultation with the Strategic Leadership Team and Audit Sponsors, to ensure it continues to reflect the needs of the Council. Amendments to the plan will be identified through the Southern Internal Audit Partnership’s continued contact and liaison with those responsible for the governance of the Council.

AC55


4

Your Internal Audit Team Your internal audit service is provided by the Southern Internal Audit Partnership. The team will be led by Natalie Jerams, Assistant Head of Southern Internal Audit Partnership, supported by TBC, Audit Manager. Conformance with internal auditing standards

The Southern Internal Audit Partnership service is designed to conform to the Public Sector Internal Audit Standards (PSIAS). Under the PSIAS there is a requirement for audit services to have an external quality assessment every five years. In September 2015 the Institute of Internal Auditors were commissioned to complete an external quality assessment of the Southern Internal Audit Partnership against the PSIAS, Local Government Application Note and the International Professional Practices Framework. In selecting the Institute of Internal Auditors (IIA) a conscious effort was taken to ensure the external assessment was undertaken by the most credible source. As the authors of the Standards and the leading Internal Audit authority nationally and internationally the IIA were excellently positioned to undertake the external assessment. In considering all sources of evidence the external assessment team concluded:

‘It is our view that the Southern Internal Audit Partnership (SIAP) service generally conforms to all of these principles. This performance is within the top decile of EQA reviews we have performed. This is a notable achievement given the breadth of these Standards and the operational environment faced by SIAP. There are no instances across these standards where we determined a standard below “generally conforms”, and 4 instances where the standard is assessed as “not applicable” due to the nature of SIAP’s remit.’

Conflicts of Interest

We are not aware of any relationships that may affect the independence and objectivity of the team, and which are required to be disclosed under internal auditing standards.

AC56


5

Corporate Strategy 2015 - 19

Mole Valley District Council’s Corporate Strategy is an overarching strategic document providing the Council’s vision, values, guiding principles and priority outcomes and is used as a basis for service planning.

Vision: Values: A place where people want to live, work, do business and spend their leisure time Listen, respect, care, trust, and lead

Guiding Principles:

Sustainability: Meeting the needs of the present without compromising future generations requires responsible decision making and innovation. Helping communities to be resilient

is an important aspect of this principle.

Cost effectiveness: By applying a cost-effective approach to delivering and developing services we are able to give residents the best deal. Reviewing the way in which we provide

our services ensures that we focus on what matters most and that we deliver services that are value for money.

Openness and accountability: Residents need clear timely information that enables them to help themselves, with support for those who need it. Listening to and involving

residents is an important part of how we make decisions, develop our services, and help people shape their communities.

Priorities:

ENVIRONMENT PROSPERITY COMMUNITY WELLBEING A highly attractive area with housing that meets local need A vibrant local economy with thriving towns and villages Active communities and support for those who need it To support this priority, together with our local communities and partners, we will:

To support this priority, together with our local communities and partners, we will:

To support this priority, together with our local communities and partners, we will:

Protect and enhance the natural and built environment and ensure our areas of natural beauty are well looked-after

In consultation with the community, develop plans for how land is used in Mole Valley. We will set out proposals for residential, leisure, and commercial development, which balance residents’ needs with protection of the Green Belt

Pursue policies that encourage the creation of affordable housing

Support residents and businesses in caring for their local environment by tackling fly-tipping, littering and dog fouling

Encourage residents to protect our wider environment by facilitating the recycling and reuse of materials

Work with other agencies to protect the District from the effects of climate change and environmental pollution, paying particular attention to flooding and air quality.

Continue to drive the transformation of Leatherhead Town Centre and support the market-town culture and economy of Dorking

Work with rural communities and businesses to build on their unique strengths and address their challenges, helping them thrive and become more sustainable

Adopt a pro-business outlook across the District, addressing infrastructure needs, in particular parking provision which balances the needs of residents and local businesses

Look for innovative ways to minimise the cost to taxpayers of Mole Valley District Council whilst protecting services.

Improve opportunities for residents to live safe and healthy lives

Deliver a programme of inclusive sports and wellbeing activities, increasing participation across all generations and targeting those communities most in need

Foster community spirit, encouraging individuals, families and communities to support each other especially in times of particular need

Support individuals and families who find themselves unintentionally homeless, seeking to minimize disruption to education and employment

Work with cycling and other leisure groups to encourage healthy lifestyles, and responsible enjoyment of our parks, open spaces, countryside and roads

Council Strategy 2019-24 - MVDC is currently developing its Council Strategy for 2019-24. This will be reflected accordingly in future iterations of the internal audit plan.

AC57


6

Council Risk

The Council have a clear framework and approach to risk management. The strategic risks assessed by the Council are a key focus of our planning for the year to ensure it meets the organisation’s assurance needs and contributes to the achievement of their objectives. We will monitor the strategic risk register closely over the course of the year to ensure our plan remains agile to the rapidly changing landscape.

No. Ref Risk Description Current

Risk Score*

1 C1d Loss of rental income from key properties. 9

2 C3 Corporate Health & Safety – failure to deliver could lead to loss of service and /or preventable accidents to staff, contractors, public or others affected by our undertakings.

8

3 C4b IT Systems – risk of hacking. 8

4 C4c IT Systems – operational resilience 9

5 C4d Document Management System – in the short to medium term the existing system will be unsupported by the vendor 8

6 C5 Data Protection / Information Governance – failure to ensure personal data is secure and that an individual’s right to privacy is protected could lead to a loss of public trust and financial penalties to the organisation.

12

7 C7 Organisational capacity to deliver – if the organisation ceases to have capacity to deliver services this could have serious implications particularly in relation to statutory services ultimately leading to service failure.

9

8 C8 Safeguarding – requirement to ensure all employees are aware of the organisation’s responsibilities in relation to safeguarding children and vulnerable adults.

9

*Strategic Risks as per the Strategic Risk Register - December 2018

AC58


7

Developing the internal audit plan 2019-20 / 2021-22

We have used various sources of information and discussed priorities for internal audit with the following groups:

Strategic Leadership Team

Deputy Chief Executive (S151)

Executive Heads of Service

Audit Committee

Other key stakeholders

Based on these conversations with key stakeholders, review of key corporate documents and our understanding of the organisation the Southern Internal Audit Partnership have developed an annual audit plan for 2019-20 / 2021-22.

The Council are reminded that internal audit is only one source of assurance and through the delivery of our plan we will not, and do not seek to cover all risks and processes within the organisation.

We will however continue to work closely with other assurance providers to ensure that duplication is minimised and a suitable breadth of assurance is obtained.

Internal Audit Plan

19/20

(to 21/22)

Council Strategy

Strategic Risk Register

External Audit

Internal Audit

Emerging Issues

Key stakeholder

Liaison

Committee minutes /

reports

AC59


8

Internal Audit Plan

Audit Risk / Scope Strategic / Service Risk

Previous IA Coverage

2019-20 2020-21 2021-22

Corporate

Programme & Project Management

Assurance over project management framework and compliance in relation to delivery on live / ongoing projects.

LEG02; RMP08 2018/19 2017/18 2016/17 2015/16

Alternative Delivery Models Unique methods of service delivery with the potential for loss of control / ownership over service delivery. Assurance over governance, rights of access, third party assurance. Contingencies, exist strategies, hosting arrangements, accountability.

FIN11

AGS (3-18/19)

Financial Sustainability Assurance over budgetary control, efficiency Plans, financial risks relating to assumptions made for medium term financial projections.

FIN06, 07; PDC02; CSS07, 08, 11, 13; PCL03a; PCC04a;

RMP10, 11

2017/18 2015/16

Q2

Transformation To meet future financial challenges and enable improved and more efficient services. To include digitalisation (new ways of working, CRM, AI, robotics etc.)

Working in Partnership Working alongside different cultures. Potential for some loss of control / ownership of service delivery. Assurance over governance, rights of access, third party assurance, contingency arrangements, exit strategy, hosting

arrangements (accountabilities), benefit

realisation.

FIN11

AGS (3-18/19)

2016/17 (Homelessness)

Q1

Asset Management (Property Assets)

Assurance over effectiveness and delivery of the Asset Management Plan including repairs and maintenance to non-housing assets (planned & reactive).

PRO04, 06, 08; DH07

2018/19

AC60


9



2019-20 2020-21 2021-22

Governance

Human Resources & Organisational Development

Weak or ineffective internal control leading to financial loss resulting in damage to the Council’s reputation and adverse publicity. Assurances over the audit cycle to cover:

Performance Management

Absence management

Recruitment

Training & Development

Workforce Strategy / Development

Flexible Working

Volunteers.

19/20 focus on recruitment and induction (to include safeguarding / agency staff / consultants).

C7, C8

FIN01, 02; CSS03; PRO10; LEG08; CS12; PCC05b;

PP02; PDC01, 11; PTS04; BEN02, 03; HR01, 02, 03, 04,

05, 06

AGS (2-18/19)

2018/19 (Workforce Planning) 2017/18 (Casual

payments & Member

expenses)

Q4

Commissioning & Procurement Assurance over the effective identification and assessment of organisational needs to maximise value for money and efficiencies through procurement.

Assurance over compliance with contract

procedure rules and legislative requirements.

I&R04; LEG09 2016/17

Contract Management Review of contract management arrangements and compliance across a selection of contracts in place. To include the Grounds Maintenance contracts.

I&R04; LEG09; CSS17; PTS02;

PRK04, 07; ENV09

Advisory report 2017/18

Q2

Risk Management Assurance over the risk management framework including governance, transparency and maturity.

2017/18 2016/17 2015/16

Fraud & Irregularities Cyclical assurance over the governance

arrangements to prevent, detect and investigate fraud

FIN03; RMP10

AC61


10



2019-20 2020-21 2021-22

and irregularities.

Health & Safety Effective H&S strategy in place and operating effectively with effective governance, accountability and issue resolution.

C3

RMP06; DEM09; CS03, 14; PRO12; CSS01, 02, 04, 05, 18; PRK01, 02, 03, 11; DH08; BEN02;

PDC05; PTS05; HOU07, 08, 09

2018/19 2015/16

Information Governance Assurance over information governance

arrangements to include FOI, SAR, Transparency and General Data Protection Regulation (GDPR).

C5

I&R05; ED05; LEG05, 06, 07; REV05; FIN12; PRO11; EH09; CSS16; PRK08;

BEN04; HOU12; CRP08, 10; PTS08;

PLC09; PDC10; PP12; CS10, 11, 13;

HR07; SCS05; DEM08; RMP05,

07, 13

2018/19 2015/16

Decision Making & Accountability

Assurance over the effectiveness and transparency of the decision-making process at officer and Member level. To consider governance, sufficiency, accuracy and timeliness of information including consultation with the public as necessary.

RMP01; 02; 03 DEM04 05; 06

COMMS06 SCS02

2017/18 (Data quality)

Ethical Governance Evaluation of the design, implementation and effectiveness of MVDC’s ethics-related objectives,

PDC04; DEM10 2018/19

AC62


11



2019-20 2020-21 2021-22

programmes and activities.

Business Continuity & Emergency Planning

Assurance over planning for extreme events that may lead to delays in responding to situations resulting in increased costs and staff resources

including:

Business Continuity Plan

Emergency Plan.

DH02; PTS01; EH10; ENV02, 03, 04, 05; DEM02, 03

2018/19 2016/17

Annual Governance Statement Cyclical assurance over the governance

arrangements to compile, contribute and deliver the AGS.

Q2

Core Financial Reviews

Housing Benefits

Programme of cyclical systems reviews

BEN01 2018/19 2017/18 2016/17

Council Tax REV01 2018/19 2017/18 2016/17

Accounts Payable REV02; FIN10, 13 2016/17 Q3

Accounts Receivable / Debt Management

REV01, 02; PRO03 2016/17 Q3

Main Accounting 2017/18

Treasury Management FIN04 2016/17 Q3

Income Collection (incl. Cash Office)

2018/19 2016/17 (car

parking, licensing, telecare)

Q3

Capital Accounting 2018/19

NNDR Outsourced to Reigate & Banstead BC. Contract took effect from September 2018. Review of contract

REV01, 03 2018/19 2017/18

AC63


12



2019-20 2020-21 2021-22

management and assurance requirements. 2016/17

Payroll Outsourced to Midland HR. Review of contract management arrangements. Assurance that MVDC are receiving all outcomes expected from the contract and to review MVDC in-house operations.

2017/18 2016/17

Q1

IT

IT Governance Review of IT strategy, policies, standards and procedures. Other potential areas for consideration to include IT asset management, change management and software licensing.

C4c

IT05, 07

Q2

Data Management Review of data centre facilities and security including storage and back-up. To also consider database management.

IT05

Information Security Review of cyber security arrangements, security controls (including remote access) and cloud storage. To also consider network security and infrastructure management

C4b, C4c, C4d

IT02, 03, 05, 08, 09; PCL10

2016/17 (cyber security)

System Development & Implementation

Systems Life Cycle, Project Management and Application Management.

C4d

REV02; PCL10

IT Business Continuity Disaster recovery, system resilience C4c

IT01, 11; PRO05; CSS06, 09

Q3

Networking & Communications Virtualisation, operating system management

Payment Card Industry Data Security Standard

Compliance to meet industry standards

Mobile Working Initiatives to promote agile working. Security (physical, environmental and technical) of data and hardware.

AC64


13



2019-20 2020-21 2021-22

Environment

Affordable Housing Opportunities for development and alternative methods of delivery to meet organisational and national priorities.

HOU03, 04, 06, 10

Environmental Services To review arrangements for refuse collection, recycling & street cleansing. Joint Waste Contract in conjunction with four other local authorities with Amey (effective August 2018), managed through Joint Waste Solutions (hosted by Surrey Heath). Street Cleansing to transition across in April 2019.

ENV09, 10, 11, 12 Q3

Environmental Health & Licensing

Shared Service with Tandridge DC (hosted by MVDC). Assurance over governance and accountability. Separate review required for Taxi licensing as this does not form part of the shared service agreement.

EH02, 03, 08

AGS (3-18/19)

2018/19

Development Management Planning (street naming, CIL); Development Control (planning applications, appeals); Planning Policy (local plan). LGA review undertaken in September 2018. Follow up of recommendations to be carried out in (19/20)

PDC02, 06, 07, 08, 09, 11; FIN09;

PLC02; PP01, 02, 10; PCL07, 10

2017/18 x2 2015/16

Q3

Building Control Partnership initiated in 2017 hosted by Tandridge DC across three partners MVDC, R&BBC and TDC. Agreement through IAA. To consider governance, deliverables and outcomes.

PBC01, 02, 03, 04; PCL06

2018/19 2017/18

Prosperity

Economic Development Review business strategy and delivery

including processes and outcomes. To review assurances from Coast to Capital LEP review.

ED02, 04

AC65


14



2019-20 2020-21 2021-22

Investments Assurance over the governance, accountabilities, viability and outcomes of Asset Investment Strategy. Significant financial expectations through the successful delivery of the AIS to meet savings targets. Management direction around Risk Management.

I&R01, 02; LEG08; FIN02, 04b; PRO01

Q3

Regeneration Programme management, governance and reporting of the ‘Transform Leatherhead Programme’ against desired outcomes.

I&R03

Parking & Enforcement Assess delivery of the Parking Strategy 2018/22 CRP02, 06, 07, 09

Income Generation & Commercialisation

Effectiveness of income generation /

maximisation (rental income and leases, optimal use of subsidies, fees and charges). Review of relevant strategies.

C1d

PRO03; PH03; CSS07, 11; PTS03;

CRP04

Q2

Community Wellbeing

Homelessness Assurance over management and prevention of homelessness.

HOU01, 02

Housing Effective Housing Policy and procedures to achieve desired outcomes.

Effective relationship maintained and performance monitoring of the local housing association.

Disabled Facility Grants Administration and compliance with local /

legislative requirements.

2017/18 2015/16

Community Safety & Wellbeing Response to community safety and anti-social behaviour. To include PREVENT, East Surrey Community Safety Partnership, community funding and grants and the development of the JET.

PTS 06; 07 2017/18 (community

grants)

AC66


15



2019-20 2020-21 2021-22

Health & Leisure Facilities Thematic reviews based on areas of significant risk. To include contract management of leisure operators for Dorking Sports Centre and Leatherhead Leisure Centre.

PTS03; PRK02, 03, 10

Q1

Community Support Assurances over services designed to help residents retain their independence and reduce social isolation including: Telecare; Community transport; Care Centres, Handyman Services. Inherent risks include funding, demand, safeguarding.

C8

CSS06, 07, 08, 09, 10, 11, 12, 13

Q4

Dorking Hall High levels of cash handling and banking. Additionally, the function undertakes significant level of commissioning and procuring artists. Inherent risks include health & safety, fire and safeguarding.

DH03, 04, 05

Other

Management To include annual planning, reporting and attendance at SLT and Audit Committee, action tracking, liaison with key stakeholders and annual report and opinion.

-

- -

AC67

internal audit plan 2019-20 / 2021-22 mole valley district ......in september 2015 the institute of...

Documents