Three Year Audit Programme and 2012/13 Audit Plan

Transcription

1 ITEM: 7(vii) AUDIT COMMITTEE 12 NOVEMBER 2012 Nottingham City Homes Three Year Audit Programme and 2012/13 Audit Plan Final (Updated August 2012)

2 Contents 1 Introduction Audit Needs Assessment Strategic Audit Programme...4 Appendix A: Three Year Strategic Audit Programme...6 Appendix C /13 Audit Plan...10 Appendix D /13 Management requested reviews...14

3 1 Introduction 1.1 This plan sets out the proposed internal audit plan for the Organisation for 2012/13 and represents an update to the three year strategic internal audit plan approved by the Audit Committee (previously Finance and Audit Committee) at its meeting in May This report has been prepared as part of the internal audit of Nottingham City Homes under the terms of the contract for internal audit services. It has been prepared for Nottingham City Homes and we neither accept nor assume any responsibility or duty of care to any third party in relation to it. In the course of our internal audit work, conclusions and recommendations are based on the results of audit work carried out and are reported in good faith. However, our methodology relies upon explanations by managers and sample testing and management should satisfy itself of the validity of any recommendations before acting upon them. 2 Audit Needs Assessment 2.1 The Audit Needs Assessment was undertaken to assess and discuss our and your view of risk within the Organisation and then align our resources with the Organisation s areas of highest risk. 2.2 The audit plan was designed to support the Audit Committee in ensuring that the Organisation s internal audit service works in line with the principles of internal controls assurance and risk management. We will work in line with the principles laid out in the Government Internal Auditing Standards (GIAS) and the standards for the professional practice of internal audit issues by the Chartered Institute of Internal Auditors (IIA). The audit plan will provide both the Board and Management with support in the effective operation of the Organisation. 2.3 The proposed audit strategy was been set at a level to: Ensure the Board has adequate assurance to make a declaration on financial and operational control for the financial statements; and Provide Management and the Board with assurance that governance, risk management and control is being undertaken appropriately within the Organisation. 2.4 Key factors that impact upon the strategy are: The current risk register; Strategic and operational planning; May 2011 Introduction 3

4 Corporate priorities; Current and future planned changes, such as IT systems; and Previous internal audit and assurance review outcomes. 3 Strategic Audit Programme 3.1 Our proposed Three Year Strategic Audit Programme is set out in Appendix A of this report. This takes account of the factors referred to above and seeks to direct the audit effort on the areas where assurance is required and where the potential benefits are greatest. 3.2 Our proposed 2012/13 audit plan along with details of the outline per audit area is included within Appendix C. 3.3 There are areas which have not been included within the 3-year plan but which are identified within the Organisation s Risk Register. We have focussed our resources upon the areas of most risk to the Organisation (as shown within Appendix A). The Committee have previously agreed that they accept the risk of internal audit not performing the following reviews within the current 3-year strategic plan, in line with their view of the risk and assurance requirements within the Organisation: Leasehold and service charges Caretaker and estate services Off site and office based staff health and safety Health and safety - Construction, Design and Management (CDM) regulations and DLO risk assessment and training programmes Performance management review Compliance with the Data Protection Act and information management Purchase ledger, general ledger, cash and bank (finance systems reviewed annually and payments reviewed in 2008/09 as part of TIAA internal plan). 3.4 We continue to review the Organisations risks as part of our internal audit work and will highlight to the Audit Committee where risks may arise which may not be included within the internal audit plan. Specific risk areas which have arisen following the completion of the Audit Needs Assessment include: May 2011 Strategic Audit Programme 4

5 3.4.1 Welfare reform and the introduction of universal credit, including the potential impacts upon arrears management and financial inclusion. (Arrears management is planned for internal audit review within 2012/13) Supporting People reduction in funding and viability of services. We will consider this area for review as part of our internal audit planning discussions for 2013/ The potential for increased right to buys under the Governments new arrangements for applications and 60% discount alongside the replacement requirements on a 1:1 basis for all right to buy completions. Management requested reviews 3.5 In addition to the risk based plan referred to above, management also requested core assurance reviews in certain operational areas as identified within Appendix B. We will undertake compliance reviews in these areas. May 2011 Strategic Audit Programme 5

6 Appendix A: Three Year Strategic Audit Programme Area Planned days Planned days Planned days Proposed timing of 2012/13 Audits Governance and Risk Management Governance review, including: Year 1 Anti-fraud arrangements Year 2 Board development Year 3 - Procurement Quarter 3/4 Risk management framework Quarter 2/3 Total Strategic and Business Areas Partnership agreement HRA reform and preparing for self financing Key performance indicators and management information Corporate planning and strategic development Housing Services modernisation programme Quarter 3/ Appendix A: Three Year Strategic Audit Programme 6

7 Property Services modernisation programme Disaster recovery and contingency planning Health and safety Year 1 Fire risk Year 2 Asbestos management Year 3 Legionella Human resources, succession planning, recruitment and selection Quarter 1/ Quarter Quarter 1/2 & Quarter 3/4 Equality and diversity Quarter 1/2 Total Core Financial Areas Key financial systems review Year 1 Payroll Year 2 Shared services Year 3 Budgeting Total Main Support and Operational Areas Arrears management and income maximisation (including FTA s and impact of mobilisation plan and restructuring of cash offices) Voids, allocations and lettings (including CBL) Customer profiling and use of information Quarter Quarter 1/ Appendix A: Three Year Strategic Audit Programme 7

8 Supporting People sheltered housing service delivery Quarter 2/3 Responsive repairs review Management and productivity of the DLO, including stores and stock control Management of capital spend and achievement of Decent Homes Standard Contract management and contractor viability Anti social behaviour management framework review IT security Total Follow-up arrangements Quarter 2 (2 days) and 4 (1 days) Planning, management, review and annual reporting TOTAL Ongoing 8

9 Appendix B: Management Requested Reviews Area Planned days Compliance Reviews Planned days Planned days Proposed timing of 2012/13 Audits Lettings an Allocations Cash Collection Quarter 3/4 TRA Grants Quarter 2/3 Standing Orders and Procurement Quarter 1/2 TOTAL TOTAL AUDIT DAYS

10 Appendix C /13 Audit Plan AREA Review Outline Days Governance and Risk Management 9 Governance review Board development We will review the key governance arrangements within the Organisation in order to ensure that these are in line with good practice. 5 Specifically we will consider whether Board constitution, skills assessment, appraisal and review, recruitment, succession planning, induction, training and development supports effective decision making. We will also consider whether there is relevant attendance and that Board skills are utilised to inform decision making in line with skills requirements for effective decision making. With regard to anti-bribery, we have discussed the Organisation s approach to anti bribery and will review management reporting to the Audit Committee regarding Organisational activity in this area in order to provide assurance that actions taken will be adequate to ensure compliance with the Ministry of Justice requirements of all Organisations in relation to the Bribery Act. Risk management We will consider the Organisation s approach to risk 4 framework management and whether this is in line with good practice seen within other housing providers. Our review will consider the application of the risk management framework, including review of identified risks, scoring of risks, internal controls, the monitoring and review process and how risk management informs key decision making. Strategic and Business Areas 26 Key performance indicators and management information We will consider how the Organisation has updated Housing Management Services and Property Services performance indicators to align to the structure and approach of the Organisation following the completion of the modernisation programme in these areas. 4 We will provide assurance regarding whether performance management indicators are adequate and reflective of the operational and strategic objectives of the Organisation in Appendix C /13 Audit Plan 10

11 AREA Review Outline Days these services areas and will support effective decision making. We will consider the use of Covalent in supporting the reporting and monitoring of performance indicators and links to strategic planning are identified and maintained. Disaster recovery and contingency planning We will review the Organisations arrangements for business continuity in the event of a disaster. 6 We will include consideration to whether the Organisation has adequately risk assessed all of it s systems and agreed critical recovery timescales and arrangements in line with the risk to the Organisation of the system not being recovered. We will also consider system resilience and whether adequate activity and resource are being utilised in order to provide adequate resilience in line with the risk assessment of potential system or information loss. Our review will be completed by our IT audit specialist and will incorporate consideration to relevant standards and principles such as BS Specifically, we will consider the payroll system contingency arrangements and also whether there is adequate awareness of potential risks in the Organisation. Health and safety Asbestos management We will consider the Organisations framework for the management of asbestos including how this is applied in practice. Our review will incorporate consideration to how the Organisation has risk assessed it s assets in relation to the risk of asbestos, policies for the completion of type 1 and/or 2 surveys in line with legislative requirements, training of operatives and contractors in relation to their responsibilities and also system information to support asbestos management systems. Specifically, we will consider whether the Health and Safety procedures for asbestos were followed in relation to the refurbishment of the Harvey Road depot and potential identification of asbestos (both pre and post potential identification). 5 Appendix C /13 Audit Plan 11

12 AREA Review Outline Days Human resources, succession planning, recruitment and selection We will consider the arrangements in place for the recruitment and selection of staff to ensure that this process is comprehensive, transparent and enables the Organisation to recruit relevant skills on a timely basis and in line with budget and corporate and operational planning. 6 We will consider how the Organisation succession plans, agrees future staff and skills requirements and achieves these through further training, recruitment or staff development. Equality and diversity The Organisation is in the process of developing actions in order to achieve Gold IIP status, having been awarded Silver earlier this year. We will consider the outputs from the IIP report and discuss planned action and identify where this may be enhanced if necessary. We will review the equality and diversity framework and how this applied in practice. The specific areas for the focus of the review will be discussed and agreed at the time of our review. 5 Core Financial Areas 6 Key financial systems review Shared services We will identify where the Organisation utilises financial services from NCC and consider what arrangements are in place for ensuring the adequate control of financial processes in these areas. 6 We will consider whether there are any wider opportunities for the Organisation in relation to shared services. Main Support and Operational Areas 12 Arrears management and income maximisation (including FTA s and impact of mobilisation plan and restructuring of cash offices) We will consider the action the Organisation has taken in relation to welfare reform, including reductions in housing benefit and the potential for universal credit, which will lead to direct payment of housing benefit. We will review the following three areas to ensure that the action taken by the Organisation in relation to the management of current and former tenant arrears both currently and in the future, following welfare reform. We will consider the following key areas: 8 Appendix C /13 Audit Plan 12

13 AREA Review Outline Days Financial planning and potential impacts upon revenue streams and the Management Agreement Frontline service delivery and rent collection methods Policies and procedures for working with tenants, rent collection and arrears escalation and management We will look to share good practice we have seen being undertaken at other housing providers wherever possible throughout this review. Supporting People sheltered housing service delivery The Organisation has rebranded its elderly support as the Independent Living Service and now applies a more complex approach to support, with levels and type of support being based upon individual needs. Our review will consider the adequacy of controls in order to provide assurance in relation to the management and control of these more complex arrangements. 4 We will carry out sample testing to verify that the needs of sheltered housing tenants have been assessed accurately and robustly, and that outcomes of the assessments have been accurately recorded. We will also carry out sample testing to verify that visits are being fully completed and accurately recorded. Our review will also consider whether there are adequate procedures in place to enable effective management oversight of the above processes. Follow up arrangements 3 Appendix C /13 Audit Plan 13

14 Appendix D /13 Management requested reviews AREA Review Outline Days Management requested review 16 Tenants Resident Association (TRA) Grants We will review the arrangements in place for grants made to TRAs by the Organisation, and the Organisation s role in supporting TRAs where they receive grants from other bodies, including checks, reporting and audits of these by the TRAs. 5 We will consider the Organisations stewardship role in relation to where they are not the main grant providers but where they may be exposed to potential reputational risk in relation to the misuse of TRA grants. Additionally, we will consider the strategic approach to the provision of grants and whether there are wider methods of supporting communities, for example by supporting the acquisition of wider grant funding or match funding other available community grant schemes. Standing Orders and Procurement We will review the controls in place over standing orders and procurement procedures, including the circumstances surrounding the recent legal action brought by a supplier. 7 We will also consider whether the standing orders expose the Organisation to particular risk in any area, and whether the documents may be streamlined without loss of control/ oversight. Our review will incorporate consideration to the case in relation to the breach of contractual arrangements and whether adequate action has been taken in order to adequately manage risks in relation to contract management and application of the procurement manual into the future. Cash collection We will complete transaction testing in relation to cash collection to ensure that procedures are applied effectively in practice. 4 Appendix D /13 Management requested reviews 14