Internal audit – Summary of findings Audit... · We do not accept or assume any liability or duty...

Aberdeen City Council

Internal audit

Report to Audit and Risk Committee– 29 November 2011

Internal Audit


November 2011


Internal audit – Summary of findings

Report to Audit and Risk Committee29 November 2011

Summary of findings

Report to Audit and Risk Committee

Statement of responsibility

This report, which covers the key findings of our reviews between September and November, has been prepared solely for Aberdeen City Council (ACC) in accordance with the terms and conditions set

out in our engagement contract with ACC. We do not accept or assume any liability or duty of care for any other purpose or to any other party. This report should not be disclosed to any third party,

quoted or referred to without our prior written consent.

Contents

Section 1 – Introduction ..........................................................................................................................................................................................................................1

Section 2 – Business Continuity Planning...............................................................................................................................................................................................2

Section 3 – Financial Ledger ...................................................................................................................................................................................................................5

Section 4 – Children Requiring Additional Support for Learning Needs ................................................................................................................................................7

Section 5 – Commercial Estates ............................................................................................................................................................................................................10

Section 6 – Staff Recruitment and Induction Procedures .....................................................................................................................................................................12

Section 7 - Creditors ..............................................................................................................................................................................................................................14

Appendix A – Progress against 2011/12 plan as at November 2011 ......................................................................................................................................................16

Appendix B – Basis of our classifications ..............................................................................................................................................................................................18

Appendix C – Limitations and Responsibilities ....................................................................................................................................................................................19

Internal Audit Progress Report – November 2011

PwC

1

Background

1.01 The assurance you receive through the internal audit programme is a keycomponent of your overall governance framework, ultimately reflected inthe Statement on Corporate Governance presented in the annualfinancial statements. The purpose of this report is to highlight the keyfindings arising from the Internal Audit work completed since the 20September Audit and Risk Committee.

Internal Audit Activity

1.02 Our overall approach to internal audit is to deliver challenge and supportacross the continuum from value protection (where we primarily provideassurance by protecting the current position) to value enhancement(where we add value with forward looking reviews).

Completed reviews (reports with management commentsfinalised)

1.03 Since the last Audit and Risk Committee meeting we have finalised thefollowing reviews and agreed detailed action plans with management toaddress the recommendations made.

Business Continuity Planning (Housing & Environment) Financial Ledger (Corporate Governance); Children Requiring Additional Support for Learning Needs

(Education, Culture & Sport); Commercial Estates (Enterprise, Planning & Infrastructure);

Staff Recruitment and Induction Procedures (Social Care &Wellbeing );

Creditors (Corporate Governance)

1.04 Within the report we have set out in detail the higher priority findingsand recommendations and summarised the management action inrelation to those recommendations categorised as being of high andmedium priority.

Fieldwork complete (draft reports in progress)

1.05 In terms of current work in progress, we have completed our fieldwork inthe following areas and are in the process of finalising draft reports witha view to issuing these for management comment and response:

Contract Management/Procurement (Corporate Governance/SocialCare & Wellbeing Service)

Common Good Fund (Corporate Governance) Risk Management Arrangements (Corporate Governance) Capital and Repairs Project Management (Housing & Environment) Treasury Arrangements

1.06 In addtion, we have been liasing with the project manager for theCorporate Governance externalisation project to determine internalaudit input at key stages of the project between now and the end of theproject.

1.07 We plan to report the key findings from the above reports at theFebruary 2012 Audit and Risk Committee.

Section 1 – Introduction

Internal Audit Progress Report – November 2011 2

Report classification

High Risk

Number of Findings

Critical High Medium Low Advisory Total

- 1 5 1 - 7

Background

2.01 The Civil Contingencies Act 2004 requires local authorities to haveeffective Business Continuity Plans (BCPs) in place covering keyactivities. As a result the Council’s Corporate Management Team(CMT) has identified key service areas which require BCPs, and hasprioritised a number of these as being critical on the basis of thepotential impact of disruption to service provision should a disastersituation arise.

Coverage of Key Plans

2.02 At the time of our review plans have been developed covering thefollowing key service areas as defined by the CMT:

Aberdeen Scientific Services Laboratory (Public Analystlaboratory)

Bereavement Services (including cemeteries and AberdeenCrematorium)

Facilities Management (covering the provision and maintenance ofall staff accommodation)

Homelessness Services (including temporary accommodation) ICT (provision of key computer systems, email and telephone

network) Payroll and HR Regional Communications Centre (Community Alarm service) and

Customer Contact Centre City Registrar Revenues and Benefits (including Council Tax and Housing Rents) Roads Maintenance (including winter road clearing) Social Care (including residential and day care centres, protection

of vulnerable groups and statutory responsibilities) Schools Trading Standards and Environmental Health Waste collection and disposal

Process for BCP Plan Development

2.03 The plans were developed using a standard process which involvedcarrying out a Business Impact Analysis. As part of this process, aBusiness Continuity Workbook was completed by staff within eachrelevant service area, and was reviewed by Grampian EmergencyPlanning Unit staff for completeness and to ensure that the key risksaffecting the service area had been considered.

Section 2 – Business Continuity Planning


Responsibility for BCP

2.06 It is the responsibility of the Director of each of the Council’s Services toensure that BCPs within their Service are maintained up to date and aresubject to regular testing.

Approach and Scope

2.07 The overall objective of our review was to assess the status of theCouncil’s business continuity plans, considering the extent to which keysystems, facilities and resources have been subject to a business impactanalysis and appropriate continuity plans have been developed andtested.

Our review involved specific consideration of the following matters:

Development and implementation of a formal BCP project plan

Implementation of a BCP training and awareness programme Completion of Business Impact Analysis

BCPs are in place for critical processes

BCPs are subject to periodic review

Programme of periodic testing of BCPs is in place

Successful recovery of critical business processes has beendemonstrated in either a test or live situation

2.08 Our review involved discussion with key control and the identificationand evaluation of key controls. This review did not cover emergencyplanning arrangements, i.e. the processes necessary to deal withincidents or emergencies having a direct impact external to AberdeenCity Council. The role of GEPU with regard to Aberdeenshire andMoray councils was also not examined.

Summary of Findings

2.09 Our review identified that BCPs had been developed for all functionswhich CMT considers to be critical to the Council’s operations. TheseBCPs were verified as covering all of the key customer facing and

internal activities necessary for the Council to deliver its core services,and were developed using a standard process to ensure that they arecomplete and robust.

2.10 No critical recommendations were noted during our review. However,we did identify one high risk and a number of medium priority areas formanagement’s consideration to further enhance business continuityplanning arrangements. In particular, action plans have been agreedwith management in respect of the following recommendations.

Impact of Staff Relocations (high risk)

2.11 We reviewed the current BCPs to assess whether the information withinthe BCPs was accurate and up to date, recognising that a programme ofreview of the critical BCPs is currently being undertaken.

2.12 We noted that whilst many of the current BCPs are up to date or requireonly minor amendments, the programme of staff relocation from StNicholas House and Crown House to Marischal College (which is due tobe completed by early Autumn 2011) will have an impact upon manyBCPs.

2.13 Management should ensure that all BCPs are subject to updatefollowing completion of the current programme of staff relocations toensure that replacement arrangements have been made for anyaccommodation or storage of documentation at St Nicholas House,Crown House, or any other locations which will not be available goingforward. Particular care should be taken to consider the implicationswhere for example shared disaster recovery arrangements were madebetween service functions which previously operated from differentlocations but which however now find themselves in close proximitywithin the same building.

Officer’s response: Agreed. All BCPs will be updated by 31January 2012


2.14 In addition, we have outlined 5 medium risks including:

Health and Safety and Payroll BCP plans should be reviewed; a consistent approach should be adopted for storing BCPs across

the Council; additional training for BCP lead officers due to changes in staffing

in certain areas; testing of BCPs should be undertaken per the agreed testing

timetable; and when reviewing BCP’s the critical business processes should be

reviewed to ensure still relevant and applicable.

Overall officer’s response to the report recommendations:Action agreed in respect of all recommendations, and allrecommendations will be implemented by February 2012.



Low Risk

Number of Findings


- - 1 3 4

Background

3.01 eFinancials is the Council’s corporate finance system and containsseparate modules for debtors, creditors and the general ledger. Thissystem is used by a number of local authorities and other public bodies.There are nine interfaces into the ledger which automatically transferdata from Council systems which carry out financial processing,including cash receipting, payroll and revenues.

3.02 Processing of journal adjustments are restricted to a limited number ofsenior Services and Financial Accounting staff.

3.03 The Principal Accountant, Corporate Accounting Team hasresponsibility for 40 control accounts. This team carries out monthlyreconciliations on the major control accounts relating to debtors,creditors, payroll and banking. Control Accounts relating to Education,Culture & Sport (EC&S) and Social Care & Wellbeing (SC&W) are theresponsibility of specific accountants. The remaining control accountsare the responsibility of five different accounting staff, which isallocated to work within the different Services.

Approach and Scope

3.04 The overall objective of the review was to review the controls in placeover the financial ledger, in particular the controls over entries to theledger (automatic interfaces and journal adjustments), performanceand approval of key control account reconciliations and month endreview procedures.

3.05 Computer Assisted Audit Techniques (CAATs) were used to target ourjournal testing. A set of 16 automated reports were produced coveringjournal activities over a 15 month period. The first 5 reportssummarised the journal data by period, posting user, document type,account code and cost centre.

3.06 Our review involved discussion with key personnel and review ofrelevant documentation. Bank reconciliations were not considered aspart of this review and only a sample of suspense accounts werereviewed.

Summary of Findings

3.07 We noted that appropriate automated checks were in place to ensurethe integrity of the transfer of data from systems interfacing witheFinancials. We reviewed a sample of control account reconciliationrecords and noted that all required reconciliations were carried out on atimely basis and that there were no unresolved discrepanciesremaining.

3.08 No critical or high recommendations were as part of this review.

Section 3 – Financial Ledger


However, one medium risk recommendation was raised formanagement’s attention.Journal Adjustments (medium risk)

3.09 From a test of sixty journal transactions we noted the followingexceptions:

in eight cases the signature of the authoriser was illegible; the spreadsheets completed for block accruals or reversals are not

authorised by a party independent of the officer who created thespreadsheet prior to these being emailed to AccountingDevelopment for posting;

in two cases where journals had been posted by senior staff thesehad not been independently authorised; and

one journal voucher and supporting documentation could not belocated.

Officer’s response: Agreed. Process will be reviewed andcommunicated by end November 2011

3.10 Low risk recommendations included ensuring an appropriate audit trailwas in place to evidence review of key documents for example transferof data via automatic interfaces, and control account reviews.

Overall officer’s response: Action agreed in respect of allrecommendations, which will be implemented by 30th

November 2011.



Medium risk

Number of Findings


- - 3 - 2 5

Background

4.01 The Education (Additional Support for Learning) (Scotland) Act 2004and Education (Additional Support for Learning) (Scotland) 2009provide local authorities and other bodies with a common framework toaddress children’s learning needs by planning and co-ordinatingsupport to prevent, remove or alleviate barriers within the learningenvironment.

4.02 Per the Act a child or young person will have additional support needsif, “the child or young person is or is likely to be unable withoutprovision of additional support benefit from school education providedor to be provided for the child or young person”. Local authorities arerequired to make appropriate arrangements for identifying andsupporting children and young people with additional support needs.

4.03 ACC has a policy of “Inclusion” which aims to ensure that children andyoung people with additional support needs receive adequate andefficient provision as stated in the Education (Additional Support forLearning) (Scotland) Act 2004 and in line with The Education(Additional Support for Learning) (Scotland) Act 2009.

4.04 A staged intervention process is in place within ACC to identify andmeet the learning support needs of children and young people. Supportis initially provided in house by classroom teachers and additionallearning support centres within schools. However, if the support needsof the child or young person are more complex, then there is provisionfor support to be provided out with the school via external agencies andspecialist learning centres.

Approach and Scope

4.05 As part of this review we specifically considered the following sub-processes and related control objectives:

Planning of provision for Additional Support Needs

Policy developed regarding means of addressing each category ofneed and priorities for funding identified.

Forecast of numbers of ASN children calculated over short, mediumand long term.

Section 4 – Children Requiring Additional Supportfor Learning Needs


Assessment of Referrals for Assistance

Assessments carried out in accordance with policies and withoutundue delay.

Wishes of parents taken into consideration during assessmentprocess.

Priority given within budgetary constraints to supporting childrenwith the most urgent needs.

Effectiveness of inter-disciplinary working

Appropriate inter-disciplinary working with key internal andexternal stakeholders, for example, social care and wellbeing andalso NHS and voluntary sector on availability of specialist skills.

Costed options developed for inter-disciplinary working, includingimplications for ACC schools estate.

Measures in place to monitor the effectiveness of support provisionby partner provider.

4.06 Our audit approach involved obtaining an understanding of theprocesses in place through discussions with key personnel, evaluatingcontrols in place and testing the operating effectiveness of key control.

4.07 The scope of this review did not involve addressing the overall schoolsestates strategy or schools zoning policy, other than where these impactupon the accessibility to education for children with additional supportneeds.

Summary of Findings

4.08 From our review we noted that the staged intervention model adoptedby ACC is an adequate framework for meeting the additional supportneeds of children as it allows for prompt identification and assessmentof pupil needs.

4.09 The Learning Strategy outlines how the Council will enhance learningopportunities for children, young people and adults in the short term(1-2 years), medium term (3-5 years) and long term (5-10 years). Thestrategy includes ACC’s priorities for children and young people withASN.

4.10 Whilst no critical or high risk findings were noted we identified anumber of areas where existing controls could be enhanced. We haveagreed an action plan with management in respect of the medium riskfindings and these are summarised below.

Staff Procedure Manual

4.11 In delivering the Learning Strategy, ACC staff follow the proceduresdocumented within the Additional Support for Learning ProcedureManual. From a review of this document we noted that the key sectionshave been updated to reflect current legislation however staff aredirected towards the Scottish Government’s Code of Practice(Supporting Children’s Learning) as the main reference source.

4.12 As part of the planned review of the Inclusion Strategy, a decision willbe made by management about updating the remaining sections of theAdditional Support for Learning Procedure Manual or cross referring tothe Scottish Government’s Code of Practice

Assessment of Referrals for Assistance

4.13 A detailed record of the discussions of the Admission Panel inconsidering referrals and reaching a decision is not maintained,however the result of the process regarding award of support, orotherwise is recorded in a spreadsheet maintained for each base.

4.14 Management will issue the guidelines covering referrals prior tocommencing the next scheduled process in November 2011, and updatethe document as and when required to reflect changed circumstances.In addition, management should as a means of enhancing transparency,maintain records of the key discussion points from the AdmissionPanel.


Financial Arrangements

4.15 Management are currently working through the impact of the budgetreductions which came into effect at the commencement of the newacademic year in August 2011. As part of ongoing management,performance data such as pupil achievements, attendance, and otherfactors will be analysed to determine the impact of the reduced budgetprovision. In addition, a review of the Inclusion Strategy will considerthe consequences of the reduced budget and whether the needs ofchildren with the highest need for support are being met.

4.16 Management may wish to consider further measures designed to assessand address the risks involved with the reduced budget provision foradditional learning support with periodic reports on the mattersubmitted to the Education, Culture and Sport Committee.

Overall officer’s response: Action agreed in respect of allrecommendations, which will be implemented by April 2012.



Medium risk

Number of Findings


- 5 - - 5

Background

5.01 Aberdeen City Council (ACC) maintains a portfolio of 457 commercialproperties, which generate annual rental income of approximately £8.1million. The portfolio covers industrial, office and retail shop units andfarm land. As approved by the Finance and Resources Committee, theAsset Management and Operations team (AMOT) are currentlyundertaking detailed reviews of the commercial property portfolio as abasis for establishing individual strategies for each property grouping.The Estateman system, which has been used for recording andmonitoring commercial property activities, is currently being replacedwith a new database called Uniform, with the transition expected to becompleted by the end of September 2011. This database is expected todeliver additional benefits including ease of navigating between screensand improved facilities for checking that specific tasks have been carriedout by staff.

5.02 Overall, a key objective of the Council is to maximise income from itscommercial property portfolio. The commercial property portfolioconsists of properties varying in age from 15 to 100 years old.Maintenance and repair work to date has been minimal and carried outto ensure that properties are wind and water tight.

Approach and scope

5.03 The overall objective was to to review the current usage of itscommercial estate and consideration of options to upgrade, change ordevelop to meet local business requirements and ensure that incomepotential from the estate is realised where possible. As part of thisreview we specifically considered the following sub-processes andrelated control objectives:

Commercial Estates Strategy

Ensure appropriate overarching commercial estates strategyimplemented regarding

Information gathered on local business requirements and propertymarket movements

Commercial property portfolio reviewed and assets

Options Appraisal Process

Properties for potential upgrade, development, disposal or changeof use identified

Proposed investments or disposals subjected to formal optionsappraisal process

Options selected to maximise income potential

Section 5 – Commercial Estates


Realisation of Income Potential

Vacant assets identified and marketed for all suitable uses Rent reviews carried out in line with lease terms and ACC financial

objectives Action taken to pursue overdue rental payments

Recording and monitoring of commercial estates activities

Consider the effectiveness of ACC’s arrangements to ensureeffective transfer of information from the Estateman system toUniform.

5.04 Our audit approach involved obtaining an understanding of the overallmanagement of the ACC commercial property portfolio throughdiscussions with key personnel, review of systems documentation andwalkthrough tests where appropriate.

Summary of findings

5.05 We identified good practices in managing vacant properties including

advertising on the Council’s web site and monitoring the number of

voids through management review of monthly reports. The effectiveness

of management action in minimising rental income foregone is

demonstrated by a reduction in the number of voids from 24 properties

in April 2011 to 16 as at 30 June 2011. This improvement generated

additional income of £167,500.

5.06 Our review highlighted 5 medium risk recommendations relating to:

determining the nature, extent and value of improvement workrequired to modernise and improve the quality of properties;

undertaking option appraisal for the main income generatingproperty groups;

maintaining a risk register to cover risks, control measures,proposed action and critical success factors;

formalising arrangements around rent reviews; and preparing a programme to complete the transition to the Uniform

system.

Overall officer’s response: Action agreed in respect of allrecommendations, which will be implemented by 30 June2012.



High risk

Number of Findings


- 1 1 - 1 3

Background

6.01 Aberdeen City Council’s (ACC) Corporate Recruitment and Inductionprocedures set out the detailed policies and procedures which applywhen recruiting, selecting and inducting new ACC employees. Thesepolicies and procedures are readily accessible to all council staff as theyare contained within ACC’s intranet (zone).

6.02 ACC’s standard corporate procedures apply when recruiting andinducting new employees within the social care and wellbeing service.The Corporate Recruitment and Resourcing team1 is responsible forensuring that recruitment procedures are followed and documentaryevidence relating to the recruitment, selection and induction of staff areretained in a new start’s personnel file. The Recruitment andResourcing team currently compromises of three HR Co-ordinators(two permanent and one relief staff), four assistant HR Co-ordinators

1The Corporate Recruitment and Resourcing team is part of the HR Shared Service

Centre based at AECC.

(three permanent and one relief staff) and two Support Assistants (onepermanent and one relief staff).

Approach and Scope

6.03 Our review considered the process from the point the initial vacancy isapproved to induction, including the selection process, pre-employmentchecks and initial training and briefing. As part of this review wespecifically considered the following sub-processes and related controlobjectives:

Vacancy advertising Authorisation obtained to fill vacant post. Posts advertised promptly and in suitable media once approved. Closing date for applications set within 3 weeks of advertisement

date except in case of hard to fill posts which are left open ended.

Selection Process Reasons for interview selection clearly recorded and supportable

based on application details. Reasons for selection or rejection of candidate(s) at interview

clearly recorded and supportable based on details recorded andconsider appropriate balance of experience regarding recruitmentdecisions.

No offers made until satisfactory completion of pre employmentchecks (including Disclosure, right to work in UK, qualifications andreferences).

Appropriate procedures in place for ensuring compliance with new‘protection of vulnerable groups’ legislation.

Section 6 – Staff Recruitment and InductionProcedures


Review the effectiveness of arrangements over Robert GordonUniversity recruitment route.

Selection Process

Arrangements made prior to start regarding basic administrativearrangements.

Initial briefing given including introduction to supervisor andcolleagues, explanation of key responsibilities, and administrativearrangements.

Management maintain contact with new employee over first fewweeks to determine any additional training and guidance requiredand to provide feedback on initial performance.

Summary of Findings

6.04 One high risk finding was identified during our review. All findingshave been agreed by management and an action plan agreed.

Compliance with procedures on recruitment of foreignnationals (High Risk)

6.05 From our review we have identified issues which indicate that CorporateRecruitment and Resourcing staff may not be correctly complying withthe procedures for eligibility checks to be carried out in recruitingforeign nationals - both European Economic Area (EEA) and non EEAnationals.

6.06 For example during our testing of a sample of 20 employee personnelfiles (of which 5 related to foreign nationals) we noted that althoughdocumentation to confirm an employee’s right to live and work in theUK (work permit) had been obtained and retained when employing nonEEA nationals the work permit retained in one instance was not valid asit did not cover the employees period of employment. The employee inquestion commenced employment in February 2011 however the copyof the work permit held on file had expired in January 2011 and was

therefore not valid for employment commencing February 2011onwards.

6.07 In another instance during our sample testing we noted that theAccession State Worker Registration Scheme Certificate2 which hadbeen retained when employing a foreign national from within the EEAwas not valid (for employment with ACC) as it was issued in reference toAberdeenshire Council. We understand that Corporate Recruitment andResourcing staff have not been formally trained in procedures to befollowed and checks to be carried out in recruitment of foreign nationalshowever general guidance notes (on employing foreign nationals) areavailable on the council’s intranet.

Officer’s response: Special briefings were held in October 2011 for staff

within the HR Service Centre to clarify legislations and requirements in relation

to recruitment of foreign nationals. Furthermore additional controls for

identifying employee work permits due for renewal have also been put in place

as a result of recent payroll audit which was carried out in August 2011.

6.08 In addition, one medium recommendation was raised in relation to:

Ensuring that documentary evidence is retained to supportrecruitment, selection and induction of social work staff inaccordance with ACC procedures.

Overall officer’s response: Action agreed in respect of allrecommendations, which will be implemented by start ofDecember 2011. .

2This document is issued by the UK Home Office to EEA nationals seeking employment

in the UK. It authorises the person to work for an employer specified in the certificate.


Section 7 - Creditors


Low risk

Number of Findings


- - 1 1 - 2

Background

7.01 The national e-procurement system, PECOS, is used for ordering andreceipting goods and services by all ACC services. Supplier invoices areprocessed and paid centrally by the accounts payable section, which isbased at the Aberdeen Exhibition and Conference Centre (AECC). TheInfosmart system is used to enable payment of supplier invoices andretain documentary evidence to support payments made. Infosmart alsorecords the date invoices are received and applies automated checks toensure proper authorisation prior to payment.

7.02 To ensure that all goods and services are ordered through PECOS asrequired, the accounts payable section complete a monthly reportproviding details of individuals not using PECOS, which is sent to eachService directorate.

Approach and Scope

7.03 Our review involved obtaining an understanding of the creditors’payment process through discussions with key personnel, review ofsystems documentation and walkthrough tests where appropriate. Aspart of this review we specifically considered the following sub-processes and related control objectives:

Creditors’ payment process

Ensure appropriate procedures are implemented with regard to

ordering goods.

Ensure appropriate procedures implemented with regard to

receipt of invoices and goods and services from suppliers.

Consider the effectiveness of the controls within PECOS to

ensure that payments are only made to bona fide suppliers for

goods and services rendered.

Ensure there are appropriate controls implemented in order

that ACC complies with required payment terms.

Improvements to Creditors established via the Vendormanagement Workshop

Ensure that improved procedures have been implemented and

are operating effectively.

Summary of Findings

7.04 Following our review, we identified that the design of controls in placewas adequate and that controls were operating effectively. No critical orhigh risk recommendations were identified; however, one medium riskrecommendation was raised for management’s attention:

Improvement to the Creditor Process

7.05 The vendor management workshop identified a number ofimprovements that were required to improve ACC’s current creditorpayment process. One of these improvements related to the:

i) CPU validating new suppliers by checking Companies House details

and the proposed supplier’s bank account details.


7.06 At the time of review, the CPU had not yet implemented a process tovalidate new suppliers. The CPU are working towards implementing thearrangements agreed for validating new suppliers and are establishing ademinimis spend level for which the process should be applied. Insetting the deminimis level, consideration will be given to the number ofrequests from Services to establish new suppliers, estimated spend andtime required to validate each potential vendors details. This processwill be in place by the end of the financial year..

Officer’s response: Action agreed in respect of allrecommendations, which will be implemented by 31 March2012.


Corporate

Governance

Audit Title Proposed

timing

Terms of

reference

agreed

Draft

Report

Issued

Management

Response

Received

Report

Finalised

Report to Audit

and Risk

Committee

Corporate Governance

Operational Contract management/ Procurement Jun-11 November 2011

Health and Safety Sep-11 February 2011

Performance Management Nov-11 February 2011

Common Good Fund - Best Value Jun-11 November 2011

Risk Management Dec-11 February2012

Finance Housing Benefits Dec 11 March 2012

Pensions Payments May-11 September 2011

Treasury Aug-11

February 2012

Creditors ( payables ) Jul-11 November 2011

Payroll Apr-11 September 2011

Financial Ledger Aug-11 November 2011

Debt Management Dec 11

March 2012

Fraud Governance Jan 11

March 2012

Other finance: Follow up - - - - Ongoing

Core Assurance -

IT

Information Management - data centre Oct-11

February 2012

New hardware / Software Procurement Mar-12

June 2012

IT Control Environment Oct-11

February 2012

Implementation

of Business Plan

Overall Governance and Management of PBB Aug-11

November 2011

Corporate Programme Office Oct 11

February 2012

Implementation of Effective Project Management Sep-11

February 2012

Financial Planning, Budgeting and Monitoring Dec 11

March 2012

Appendix A – Progress against 2011/12 plan as atNovember 2011


Audit Title Proposed

timing

Terms of

reference

agreed

Draft

Report

Issued

Management

Response

Received

Report

Finalised

Report to Audit

and Risk

Committee

Education, Sport and Culture

Sport Aberdeen Feb-12

June 2012

Human Resource Management Dec 11

March 2012

Establishing Arts and Heritage Trust Nov 11

February 2012

Children with Additional Support Needs Jun-11 November 2011

Enterprise Planning and Infrastructure

AECC/ Hotel Development - Project Management Oct 2011

February 2012

Commercial Estates Jun-11 November 2011

Car parking Apr-11 September 2011

Estates Management (Council Occupied Property) Mar 2012

June 2012

Roads Maintenance (including winter planning) Apr-11 September 2011

Housing and Environment

Regeneration - Strategy and Focus Nov 11

March 2012

Housing rents (implementation) Dec 11

March 2012

Property Maintenance and Repairs Jan-12

June 2012

Capital and Repairs Project Management Jan-12

June 2012

Business Continuity Planning Jun-11 November 2011

Trading Accounts May-11 September 2011

Social Care and Wellbeing

Staff Recruitment and Induction Procedures Jun-11 November 2011

Procurement/Contract Award Jun-11

November 2011

Management of sensitive information Feb-12

June 2012


IndividualFinding rating

Assessment rationale

Critical A finding that could have a:

Critical impact on operational performance; or

Critical monetary or financial statement impact; or

Critical breach in laws and regulations that could result in material fines or consequences; or

Critical impact on the reputation or brand of the organisation which could threaten its future viability.

High A finding that could have a:

Significant impact on operational performance; or

Significant monetary or financial statement impact; or

Significant breach in laws and regulations resulting in significant fines and consequences; or

Significant impact on the reputation or brand of the organisation.

Medium A finding that could have a:

Moderate impact on operational performance; or

Moderate monetary or financial statement impact; or

Moderate breach in laws and regulations resulting in fines and consequences; or

Moderate impact on the reputation or brand of the organisation.

Low A finding that could have a:

Minor impact on the organisation’s operational performance; or

Minor monetary or financial statement impact; or

Minor breach in laws and regulations with limited consequences; or

Minor impact on the reputation of the organisation.

Advisory A finding that does not have a risk impact but has been raised to highlight areas of inefficiencies or good practice.

Appendix B – Basis of our classifications


Limitations inherent to the internal auditor’s work

Our report is presented, subject to the limitations outlined below.

Internal control

Internal control, no matter how well designed and operated, can provide only reasonable and not absolute assurance regarding achievement of an organisation'sobjectives. The likelihood of achievement is affected by limitations inherent in all internal control systems. These include the possibility of poor judgment indecision-making, human error, control processes being deliberately circumvented by employees and others, management overriding controls and the occurrenceof unforeseeable circumstances.

Future periods

Our assessment of controls relating is as set out in the individual reports. Historic evaluation of effectiveness is not relevant to future periods due to the risk that:

the design of controls may become inadequate because of changes in operating environment, law, regulation or other; or the degree of compliance with policies and procedures may deteriorate.

Responsibilities of management and internal auditors

It is management’s responsibility to develop and maintain sound systems of risk management, internal control and governance and for the prevention anddetection of irregularities and fraud. Internal audit work should not be seen as a substitute for management’s responsibilities for the design and operation of thesesystems.

We endeavour to plan our work so that we have a reasonable expectation of detecting significant control weaknesses and, if detected, we shall carry out additionalwork directed towards identification of consequent fraud or other irregularities. However, internal audit procedures alone, even when carried out with dueprofessional care, do not guarantee that fraud will be detected. Accordingly, our examinations as internal auditors should not be relied upon solely to disclosefraud, defalcations or other irregularities which may exist.

Appendix C – Limitations and Responsibilities

© 2011 PricewaterhouseCoopers LLP. All rights reserved. “PricewaterhouseCoopers” refers to the

PricewaterhouseCoopers LLP (a limited liability partnership in the United Kingdom) or, as the context requires,

other member firms of PricewaterhouseCoopers International Limited, each of which is a separate and

independent legal entity.

This report is protected under the copyright laws of the United Kingdom and other countries. It contains

information that is proprietary and confidential to PricewaterhouseCoopers LLP, and shall not be disclosed

outside the recipient's company or duplicated, used or disclosed in whole or in part by the recipient for any

purpose other than to evaluate this report. Any other use or disclosure in whole or in part of this information

without the express written permission of PricewaterhouseCoopers LLP is prohibited.

In the event that, pursuant to a request which the Council has received under the Freedom of Information

(Scotland) Act 2002 (as the same may be amended or re-enacted from time to time) or any subordinate legislation

made there under (the "Legislation"), the Council is required to disclose any information contained in this report,

it will notify PwC promptly and will consult with PwC prior to disclosing such information. The Council agrees to

pay due regard to any representations which PwC may make in connection with such disclosure and to apply any

relevant exemptions which may exist under the Legislation to such information. If, following consultation with

PwC, the Council discloses any such information, it shall ensure that any disclaimer which PwC has included or

may subsequently wish to include in the information is reproduced in full in any copies disclosed.

Internal audit – Summary of findings Audit... · We do not accept or assume any liability or duty...

Documents

Transcript of Internal audit – Summary of findings Audit... · We do not accept or assume any liability or duty...