Report to FINANCE & AUDIT Committee for information

Transcription

1 Title: Section: Prepared by: Internal Audit Programme Finance Melanie Grant (Internal Audit Manager) Meeting Date: 29 November 2018 Legal Financial Significance = low Report to FINANCE & AUDIT Committee for information SUMMARY The purpose of this report is to provide an update on progress towards an internal audit compliance programme. The proposed delivery of an internal audit plan will provide the Finance & Audit Committee assurance over its risk management and internal control environment. The decisions or matters in this report are considered to be of low significance in accordance with the Council s Significance and Engagement Policy. RECOMMENDATIONS That the Finance & Audit Committee: 1. Notes the contents of this report. Authorised by: Pauline Foreman Chief Financial Officer Keywords: Internal Audit Page 1 of 5

2 BACKGROUND 1. In the past Gisborne District Council have conducted internal audits on an ad hoc caseby-case basis. 2. The demand for an internal audit function has often exceeded available budget and/or resources. 3. The scope of internal audit has not had identifiable and definitive boundaries. While this is rarely the case, internal auditing gives an open ended and broad remit designed to add value and improve an organisation s operations. DISCUSSION and OPTIONS Internal Audit What is it? 4. Internal audit provides assurance by assessing and reporting on the effectiveness of governance, risk management, and control processes designed to help the organisation achieve strategic, operational, financial, and compliance objectives. 5. The scope of internal auditing within an organisation is broad and may involve topics such as an organisation's governance, risk management and management controls over: efficiency/effectiveness of operations (including safeguarding of assets), the reliability of financial and management reporting and compliance with laws and regulations. 6. Internal auditing may also involve conducting proactive fraud audits to identify potentially fraudulent acts; participating in fraud investigations under the direction of fraud investigation professionals, and conducting post investigation fraud audits to identify control breakdowns and establish financial loss. 7. Internal audit is not an isolated or standalone activity. There is a necessary link or flow from the internal audit charter, or internal audit strategy, and then the internal audit strategic plan and finally the annual internal audit plan. 8. A key principle of internal audit is to add value by assisting Council to achieve its objectives. 9. Usually the goals and objectives for the internal audit would be captured within an internal audit charter. Essentially an internal audit charter is the formal document that defines the internal audit s purpose, authority, responsibility and position within an organisation. It may also be known as the terms of reference. History of Internal Audits at Council 10. In the past the need for specific internal audit on controls or processes has been completed on an ad hoc basis. When a need or issue has been identified, an internal audit would have been conducted from the Finance section s existing staff. Usually it would have been from the management accountant who has specialist knowledge of audit practices. 11. Depending on the scope of the audit, they may or may not have had external oversight from specialist accounting firms. 12. The founding principle or terms of reference for the Internal Audit Charter and a long-term program of internal audit has not been established. Page 2 of 5

3 Proposed Approach to Internal Audit Program 13. A specialised Internal Audit section has been established within Finance and Affordability. 14. In simplest terms, the duties of the internal auditor will be to: a. Objectively review processes. b. Evaluate the risk identification processes that are in place. c. Review controls to ensure protection against fraud and theft of assets. d. Ensure that we are complying with laws, statutes and policies. e. Make recommendations on how to improve internal controls and processes. 15. Initially for the first four months (November 2018 to February 2019), there will be the creating of an Internal Audit Charter and liaison with Deloitte Touche Tohmatsu Limited ( Deloitte )to set-up Council s internal audit function. 16. Following this initial set-up, Council s assurance map will be assessed in terms of identifying an internal audit program. The assurance map identifies existing assurance activities and where internal audit can best contribute to the organisation. 17. Finally an internal audit programme of work (over a 3 year period) will be developed. This is to ensure we have a longer term view of internal audits, with the intention of providing the most coverage possible of the audit universe within funding available. The plan will be reviewed annually and also in between years to enable responses to any issues that may arise. Programme of Work 18. Deloittes will help establish the Internal Audit function and they will work with staff to codevelop work plans and establish a template for internal audit methodology. In addition they will conduct two planned reviews which will allow the transfer of approved internal audit methodology to be passed onto staff. 19. Two independent reviews will be run by Deloittes in the first instance. These will be an Employee Benefit forecasting and Accounts Payable/Procurement review. 20. The Employee Benefit review follows on from PWC external audit conducted in 2017, which was on payroll controls. This review will cover efficiency and effectiveness of our procedures, monitoring and tracking progress both in terms of KPI definition and monitoring. Employee costs represent 21% of Council s total planned expenditure. 21. Accounts Payable/Procurement review will incorporate a review of the procure to pay business processes, including the policy and procedures. The purpose of an external reviewer completing this process is to avoid finance staff reviewing their own policies and procedures. This gives assurance to governance over the objectivity and independence on the findings of the review. Page 3 of 5

4 Step 1 Introduction to Internal Audit function Finance and Audit 29 November 2018 Step 2 Step 3 Deloittes Initial Introduction Internal Audit Two planned reviews and internal audit methodology Starting 26 November to mid December 2018 Establish Internal Audit Charter February 2019 Step 4 Step 5 Assurance Map Review February - March 2019 Internal Audit Programme (3 years) Established by June ASSESSMENT of SIGNIFICANCE Criteria This Report The Process Overall The effects on all or a large part of the Gisborne district Low Low The effects on individuals or specific communities Low Low The level or history of public interest in the matter or issue Low Low Inconsistency with Council s current strategy and policy Low Low Impacts on Council s delivery of its Financial Strategy and Long Term Plan. Low Low 22. The decisions or matters in this report are considered to be of low significance in accordance with Council s Significance and Engagement Policy. COMMUNITY ENGAGEMENT 23. The community will not be consulted on with regard to an internal audit compliance programme. CONSIDERATIONS Financial/Budget 24. There is a cost of carrying out internal audits. Internal staffing has been resourced within existing staff, but backfilling of positions to set up an Internal Audit office will incur additional costs. Most of these will be able to be recovered from administrational oncharging from external sources. 25. The external use of contractors to co-work with staff will also incur costs. The estimated cost of setting up an internal audit function are $10,000 $15,000. Separate independent reviews, for example, the payroll efficiency review and accounts payable review will also be in the range of $10,000 $15,000 each. These costs will come from prioritising existing professional service budgets within the finance area. Page 4 of 5

5 26. The range of costs is also dependent on the level of involvement from Council staff. The more involvement, the lower the costs. 27. However, internal audit review should help mitigate financial risks to Council and lead to process efficiencies. Legal 28. There are no legal implications. POLICY and PLANNING IMPLICATIONS 29. There are no policy and planning implications. RISKS 30. The risk profile and risk appetite will determine the priorities. NEXT STEPS Date Nov 18 By June 2018 Action/Milestone Payroll efficiency and effectiveness review Accounts payable controls review Scoping of compliance and control audit processes Develop internal audit charter 30 June 2019 Draft audit plan 1-3 years Page 5 of 5