National Assembly for Wales Commission. Internal Audit Plan April Gareth Watts, Head of Internal Audit

Transcription

1 National Assembly for Wales Commission Internal Audit Plan -17 April Author: Gareth Watts, Head of Internal Audit

2 Risk Management Undertake a deep dive into the detail of Service Level Risk Registers. May Corp Risk GA07. Non-compliance with, or inconsistencies in Outsource Send out prior to November Challenge the risks identified, the mitigating controls and timeliness of the reviews and updates. applying internal controls, governance framework, policies and procedures. Meet with a selection of Risk Owners and Risk Champions and ensure the registers truly reflects the risks facing the service area. Look for connections and linkages between service level risks, service and capacity planning, and project prioritisation. Security Review Review the conclusions of the Commission s security restructuring project. February 2017 Corp Risk SEC009. Terrorist threats to Assembly estate. In house April 2017 Consideration of how the people and change management elements of the project has been managed. Ensuring that the team is fit for purpose to respond to the changing challenges.

3 Procurement Following on from the procurement June/July Corp Risk GA07. Outsource Compliance audit of in 2015 undertake a Non-compliance with, review across all service areas to or inconsistencies in determine if procurement rules and applying internal procedures are being properly controls, governance adhered to. framework, policies and procedures. Send out prior to November Findings from the 2015 Internal Audit on Procurement. Pensions Review of the systems, controls and November Financial Services Review of the Administration procedures in place of the Risk FS6 systems, February Commission s administration of the pension schemes which operate at the Assembly Commission. Increased pressures on pensions team due to introduction of new rules to schemes. Plus additional administration due to incoming and outgoing Assembly Members. controls and procedures in place of the Commission s administration of the pension schemes which operate at the Assembly Commission. 2017

4 Cyber Security Validate Management s selfassessment against the criterion September Discussions with Head of ICT and Outsource November set out by IS Broadcasting. Review the procedures and plans which the Commission have in place to respond to a potential future cyber-attack. ICT Security issues highlighted in 2015 WAO Management Letter. Integrated Review the workings of the March 2017 Corp Risks: In House April 2017 Committees Assembly s Integrated Committees. CAMS20 - Legal challenge or Evaluate their effectiveness and how they contribute to delivery of Assembly Business. reputational risk on perceptions of Commission staff (ref the Fifth Assembly) CAMS21 - Insufficient corporate bilingual capacity to deliver services in the preferred language (ref Fifth Assembly)

5 Findings from the Internal Audit on Enhance Bilingual Services Payroll Data Utilise computer assisted audit Identification of Outsource February Analytics tools and techniques to provide January payroll as key 2017 assurance over the Commission s 2017 component of main area of spend. Commission spend. Identify any unusual trends or Further risk in - outliers and seek explanations. 17 due to new and retiring members, new office holders plus potential new pay deals. Project Undertaking a series of reviews to October Corp Risk In House November Management ascertain whether Commission GA07 - non- projects are following the revised compliance with, and updated guidance issued in or inconsistencies in applying internal Evaluation of the business cases controls, produced. governance Identifying whether lessons have framework,

6 been learned from past projects policies and and audit reports e.g. the HR- procedures. Payroll Audit Report. Findings from 2015 audits. Reimbursement To review and assess the internal On-going Standing part of In of control arrangements in place for Internal Audit House/Outsou Assembly the reimbursement of members programme going rced Member expenses during /17. forward to provide Expenses The audit seeks assurance that: additional assurance claims submitted by Members are on this sensitive area subject to appropriate checks of Commission spend. and controls; payments are only made for valid and complete claims; and that claimants give consideration to value for money. Follow Up of Following up the On-going Part of annual Internal In House recommendations raised in Audit rolling Audits Internal Audit Reports programme Throughout the Year. Throughout the Year

7 Detailed Time Allocation for Head of Internal Audit Audit Activity Timing Estimated Days Annual Governance Statement and Assurance Framework January/February and July 5 Additional controls checks quality assurance on draft financial statements/ 5 accounts preparation May/June Legislative Software Replacement Board Attendance and Ad hoc advice on controls On-going 5 and systems Audit Advice and Guidance to Management and Teams On-going 6 Other Audit and Governance work including review of Assembly Investment On-going 10 Programme Review of Effectiveness of Investment and Resourcing Board and ongoing governance and assurance support to MySenedd Programme Managing Internal Audit Contract On-going 5 with Independent Advisors On-going 2 Review of TIAA Work On-going 10 Audit and Risk Assurance Committee s (preparation, meetings and Key target dates November, 10 actions) February, April and June Intra Parliamentary Internal Audit Forum Commitments September, January and 6 March Audit Liaison (External Internal) On-going 4 Planning January March

8 Audit Activity Timing Estimated Days Training and Administration On-going 10 Contingency N/A 25 Quality Assurance and Improvement Plan On-going 5 In House Work as per plan On-going 86 Line Management of Governance Team (PMDR, Catch Ups, Team s etc.) On-going 20 Total N/a 219