Glasgow Caledonian University. Internal Audit Annual Report 2013/2014

Similar documents
Glasgow Caledonian University Internal Audit Annual Report for the year ended 31 July 2008

Annual Audit Letter North East Ambulance Service NHS Foundation Trust Year ended 31 March 2016 July 2016

Internal Audit Report

Internal Audit Report

National Grid Electricity Transmission plc Balancing Mechanism Review

Loch Lomond & The Trossachs National Park Authority. Annual internal audit report Year ended 31 March 2015

SARBANES-OXLEY INTERNAL CONTROL PROVISIONS: FILE NUMBER 4-511

Internal Audit Report

RISK MANAGEMENT FRAMEWORK

Assessment of the effectiveness of the Audit Committee

Cairngorms National Park Authority

Strathclyde Partnership for Transport

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL

1. Membership of the Committee

United Lincolnshire Hospitals NHS Trust

Loch Lomond & The Trossachs National Park Authority and Cairngorms National Park Authority

Auditing of Swedish Enterprises and Organisations

Grant Thornton s annual report on the HCPC s governance, risk management and internal control systems is attached.

The NAO letter is provided to the Committee for its consideration.

Internal Audit Report. IT Change Management Review March 2016

Policies, Procedures and Guidelines

CLIENT ALERT: INTERNAL CONTROL OVER FINANCIAL REPORTING

RGB International Bhd. ( K) (Incorporated in Malaysia) AUDIT COMMITTEE TERMS OF REFERENCE

NOT PROTECTIVELY MARKED. Item Number 5.10 Gary Devlin, Partner, Scott- Moncrieff Recommendation to Members Members are requested to note the report.

INTERNAL AUDIT PLAN AND CHARTER 2018/19

Audit & Risk Committee Charter

Internal Audit Charter

MACQUARIE TELECOM GROUP LIMITED CORPORATE GOVERNANCE

Audit Committee, 20 March Internal Audit Report Stakeholder Communications. Executive summary and recommendations.

IoD Code of Practice for Directors

Internal Audit Charter

NHS West Essex Clinical Commissioning Group

Charter of the Corporate Governance Committee

ORIENTAL INTEREST BERHAD (Company No M) REVISED TERMS OF REFERENCE OF THE AUDIT COMMITTEE AND RISK MANAGEMENT (Revision Date: 17 August 2018)

Quality Control Systems and Engagement Files Monitoring and Inspections the Protocol

Health Department Directorate of Performance Management and Finance

INTERNAL AUDIT AND ASSURANCE MANDATE

Sample Position Description Board of Directors

Charter of the Board of Directors

AUDITOR S RESPONSIBILITY UNDER AUDITING STANDARDS GENERALLY ACCEPTED IN THE UNITED STATES OF AMERICA

City College Plymouth

Annual Regulatory Compliance and Quality Report

Terms of Audit Engagements

Audit Committee Charter

Charter of the Board of Directors

AWE LIMITED ACN

GUIDELINES FOR THE INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM OF THE TOD'S S.P.A. GROUP

Internal Audit Charter

Internal Audit Report

The Corporation of the City of Windsor Manage Changes to Information Systems

International Standard on Auditing (UK) 600 (Revised June 2016)

Dun & Bradstreet (Australia) Pty. Ltd

HSBC HOLDINGS PLC GROUP AUDIT COMMITTEE. Terms of Reference

FORUM HOUSING ASSOCIATION RISK MANAGEMENT

INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE CONTENTS

APB ETHICAL STANDARD 3 (REVISED) LONG ASSOCIATION WITH THE AUDIT ENGAGEMENT

Audit & Risk Management Committee Charter

Audit (Monitoring of Investigations) Sub-Committee 21 July 2014

Wokingham Borough Council

NRCS AUDIT AND RISK COMMITTEE TERMS OF REFERENCE

Financial Reporting Council BDO LLP AUDIT QUALITY INSPECTION

Internal Audit Report Corporate Governance and Risk Management

AUDIT COMMITTEE REPORT

ESSEX POLICE, FIRE AND CRIME COMMISSIONER, FIRE AND RESCUE AUTHORITY

AUDIT COMMITTEES. Fulfilling annual reporting requirements

The Annual Audit Letter for Derby City Council

Auditing and Assurance Standards Council

Annual Regulatory Compliance and Quality Report. Grant Thornton UK LLP June 2015 Audit 2014/15

(the Company) The Committee also monitors the processes which are undertaken by management and auditors.

Loch Lomond & The Trossachs National Park Authority and Cairngorms National Park Authority

King III Chapter 7 & 9 Guidance on the Assessment of the System of Internal Control. June 2010

Sample Audit Committee. of Auditors and Management

PricewaterhouseCoopers, Papua New Guinea Transparency Report Legal structure and ownership of the firm (Article 40(1)(a))

APES 320 QUALITY CONTROL FOR FIRMS

RULES FOR THE SUPERVISORY BOARD

Agreeing the Terms of Audit Engagements

Communicating Key Audit Matters in the Independent Auditor s Report (ISA (NZ) 701)

Assessment of the effectiveness of the board

NOT PROTECTIVELY MARKED

Rising to the challenge Delivering Internal Audit excellence

INTERNATIONAL STANDARD ON AUDITING 210 TERMS OF AUDIT ENGAGEMENTS CONTENTS

AGS 10. Joint Audits AUDIT GUIDANCE STATEMENT

Independent auditor's report

1. The NHS Health Scotland Board has established a Committee to be known as the Audit Committee.

APES 305 TERMS OF ENGAGEMENT

RISK AND AUDIT COMMITTEE TERMS OF REFERENCE

RULES OF PROCEDURE AUDIT COMMITTEE SUPERVISORY BOARD RABOBANK 1

Quality Assurance Manual

AGS 10. Joint Audits AUDIT GUIDANCE STATEMENT

MID ESSEX HOSPITAL SERVICES NHS TRUST ANNUAL AUDIT LETTER Audit for the year ended 31 March July 2016

Boral Limited Audit & Risk Committee Charter

AUDIT COMMITTEE CHARTER

(Adopted by the Board of Directors on 13 May 2009 and amended on 24 September 2009, 13 September 2012 and 27 November 2013)

SMITH & NEPHEW PLC TERMS OF REFERENCE OF THE AUDIT COMMITTEE

Preparing an audit report for Limited Liability Partnerships (LLPs)

AUDIT AND RISK MANAGEMENT COMMITTEE CHARTER

IAASB Main Agenda (December 2008) Page Agenda Item

Devon and Cornwall Police May 2017

Transcription:

www.pwc.co.uk Glasgow Caledonian University 22 September 2014 Internal Audit Annual Report 2013/2014

Contents 1. Executive summary 1 2. Summary of findings 2 3. Internal Audit work conducted 4 4. Follow up work conducted 6 Appendices 7 Appendix 1: Limitations and responsibilities 8 Appendix 2: Basis of our classifications 9 Distribution List For noting For information Audit Committee Professor Pamela Gillies CBE (Principal and Vice-Chancellor) Gerry Milne (Chief Financial Officer & Vice Principal Finance & Planning) Jan Hulme (University Secretary & Vice Principal (Governance)) Lyndsay Brown (Financial Controller) This document has been prepared only for Glasgow Caledonian University and solely for the purpose and on the terms agreed with Glasgow Caledonian University. Glasgow Caledonian University PwC Contents

1. Executive summary Background The purpose of this report is to present the results of our Internal Audit work on Glasgow Caledonian University s system of governance, risk management and control for 2013/14. Whilst this report is a key element of the framework designed to inform the Annual Governance Statement, there are also a number of other important sources to which the Audit Committee should look for assurance. This report does not supplant the Audit Committee s responsibility for forming its own view on governance, risk management and control. This report covers reviews performed for the year ended 31 July 2014. The specific time period covered by our work for each individual review is recorded in Section 3. Scope Our findings are based on the results of the Internal Audit work performed as set out in the Internal Audit Plan and Risk Assessment 2013/2014, approved by the Audit Committee on 21 October 2013, and any subsequent amendments that were approved on 29 April 2014. These amendments included the change of timing of the review People Strategy: The People Passport from 2013/14 to 2014/15, at the request of the Audit Committee. Our work is subject to the inherent limitations of internal audit (covering both the control environment and the assurance over controls) as set out in Appendix 1. Conclusion We have completed the program of Internal Audit for the year ended 31 July 2014. Our work identified 14 medium and 17 low rated findings; our work did not identify any high or critical rated findings. We do not consider it necessary for any of the weaknesses identified to be reported in the Annual Governance Statement. A summary of the key findings are described in further detail in Sections 2 and 3 of this report. Acknowledgement We would like to take this opportunity to thank Glasgow Caledonian University s staff for their co-operation and assistance during the year. Glasgow Caledonian University PwC 1

2. Summary of findings Our Internal Audit Annual Report is timed to inform Glasgow Caledonian University s Annual Governance Statement. A summary of key findings from our programme of Internal Audit work for the year work is recorded in the table below: Description Overview We completed 12 Internal Audit reviews. This resulted in the identification of 14 medium and 17 low risk findings which focused on improving weaknesses in the design of controls and / or operating effectiveness. No critical or high risk findings were identified through our work. Detail Overall, we have completed 12 of the 13 planned Internal Audit reviews included within the Internal Audit Plan and Risk Assessment 2014/2014, approved by the Audit Committee on 21 October 2013. Of these 12 reviews: No reviews resulted in an overall report classification of critical or high; Four reviews resulted in an overall report classification of medium; and Eight reviews resulted in an overall report classification of low. At the meeting of the Audit Committee 29 April 2014, the committee members requested that the review People Strategy: The People Passport be removed from the 2013/14 Internal Audit Plan. The intention of the Audit Committee is to include this review within the 2014/15 Internal Audit Plan. Internal Control Issues During the course of our work we identified no significant weaknesses that we consider should be reported in your Annual Governance Statement. Other weaknesses Other weaknesses were identified within the organisation s governance, risk management and internal control. Whilst our work identified 14 medium and 17 low rated finding, we do not consider these weaknesses to be pervasive throughout the University s system of governance, risk management and control, or of such significance that it is necessary for them to be reported in the University s Annual Governance Statement. Four reviews identified medium-rated findings and resulted in an overall report classification of medium risk. These relate to the following four areas: Student Experience: Registration Business Partnership Working The IT Helpdesk Internationalisation: The Exchange and Study Abroad Team Glasgow Caledonian University PwC 2

Description Follow up During the year we have undertaken follow up work on previously agreed actions. Detail The agreed management actions from five reports issued in 2012/2013 were followed up by Internal Audit. Of the 17 agreed actions in these five reports: Seven had been implemented; Nine were ongoing and had not yet been implemented; and One was not yet due. Good practice We also identified a number of areas where few weaknesses were identified and / or areas of good practice. Additionally, during 2013/2014 we have observed that the University s Management and Audit Committee are clearly taking risk seriously, with the management of risk built into daily operations. As a result, Internal Audit is focussed on the more challenging strategic and operational areas. The reports followed up and the status of agreed actions is set out in more detail within Section 4 of this report. The following seven reviews were classified overall as low risk and identified only low and/or advisory rated findings: Expenses Biomedical Science Unit (BSU) Business Continuity Arrangements Research Funding Early Implementation of the Marketing Strategy Key Financial Controls Use of the Student Attendance and Engagement Monitoring (SAEM) System for Tier 4 Students Glasgow Caledonian University PwC 3

3. Internal Audit work conducted Introduction Our Internal Audit work was conducted in accordance with our letter of engagement and the agreed Internal Audit Plan and Risk Assessment 2013/2014. The table below sets out the results of our work. Results of individual assignments Audit unit Report status Expenses Final Low Biomedical Science Unit (BSU) Business Continuity Arrangements Student Experience: Registration Final Final Final Report classification and period covered 1 August 2013-25 October 2013 Low 1 August 2013-31 October 2013 Low** 1 August 2013-31 October 2013 Medium 1 August 2013 31 December 2013 Business Partnership Working Final Medium Research Funding Final Low ISIS Management Information Final Low 1 August 2013-31 December 2013 1 August 2013-31 December 2013 1 August 2013 28 February 2014 The IT Helpdesk Final Medium Early Implementation of the Marketing Strategy Final 1 August 2013 31 March 2014 Low* 1 August 2013 31 March 2014 Number of findings Critical High Medium Low - - - 1 - - - 3 - - - 1 - - 3 2 - - 5 - - - - 1 - - 2 - - - 2 3 - - - - Glasgow Caledonian University PwC 4

Audit unit Internationalisation: The Exchange and Study Abroad Team Report status Final Report classification and period covered Medium Key Financial Controls Final Low Use of the Student Attendance and Engagement Monitoring (SAEM) System for Tier 4 Students Final 1 August 2013 31 March 2014 1 August 2013 31 March 2014 Low 1 August 2013 30 April 2014 Number of findings Critical High Medium Low - - 2 2 - - - 1 - - - 3 Total - - 14 17 Notes: * Two Advisory findings were noted in our review of Early Implementation of the Marketing Strategy. ** In addition to the low risk finding noted above, one Advisory finding was noted in our review of Business Continuity Arrangements. Glasgow Caledonian University PwC 5

4. Follow up work conducted Introduction Within the Internal Audit Plan and Risk Assessment 2013/2014, eight days were assigned for following up recommendations raised during 2012/2013, in order to assess whether agreed actions had been implemented by management. The recommendations made in five of the reports issued in 2012/2013 were followed up by Internal Audit. The five reports to be followed up by Internal Audit were agreed with management and presented to the June 2014 meeting of the Audit Committee. The table below summarises the follow up work performed. Results of follow up work Audit unit Report rating Number of agreed actions Status of agreed actions Implemented Ongoing Outstanding Not yet due Financial Control Low 1 1 - - - International Partnerships ISIS System Student Records Medium 4 2 2 - - Medium 5 3 2 - - Marketing Low 2-1 - 1 Student Admission Medium 5 1 4 - - Total 17 7 9-1 Summary We recognise that work has been undertaken by GCU to resolve each of the agreed actions included within the scope of our follow-up procedures. We recommend that further work is conducted by Glasgow Caledonian University to ensure those which remain ongoing are implemented at the earliest opportunity. Glasgow Caledonian University PwC 6

Appendices Glasgow Caledonian University PwC 7

Appendix 1: Limitations and responsibilities Limitations inherent to the internal auditor s work We have prepared the Internal Audit Annual Report and undertaken the agreed programme of work as agreed with management and the Audit Committee, subject to the limitations outlined below. Findings Our findings are based solely on the work undertaken as part of the agreed Internal Audit Plan and Risk Assessment 2013/2014, which provided for 13 internal audit reviews in 224 days. This was subsequently updated at the request of the Audit Committee to remove the audit of People Strategy: The People Passport. Our work addressed the control objectives agreed for individual Internal Audit assignments as set out in the agreed Terms of Reference for each of our reviews. The agreed Terms of Reference are included within our report for each individual internal audit assignment, which have been presented to the Audit Committee throughout the year. There might be weaknesses in the system of internal control that we are not aware of because those controls did not form part of our programme of work, were excluded from the scope of individual internal audit assignments or were not brought to our attention. As a consequence, management and the Audit Committee should be aware that our findings may have differed if our programme of work, scope for individual reviews had been different or other relevant matters were brought to our attention. Internal control Internal control systems, no matter how well designed and operated, are affected by inherent limitations. These include the possibility of poor judgment in decision making, human error, control processes being deliberately circumvented by employees and others, management overriding controls, and the occurrence of unforeseeable circumstances. Future periods Our assessment of controls relating to Glasgow Caledonian University is for the year ended 31 July 2014. historic evaluation of effectiveness may not be relevant to future periods due to the risk that: A the design of controls may become inadequate because of changes in operating environment, law, regulation or other; or the degree of compliance with policies and procedures may deteriorate. The specific time period for each individual Internal Audit is recorded within Section 3 of this report. Responsibilities of management and internal auditors It is management s responsibility to develop and maintain sound systems of risk management, internal control and governance and for the prevention and detection of irregularities and fraud. Internal Audit work should not be seen as a substitute for management s responsibilities for the design and operation of these systems. We endeavour to plan our work so that we have a reasonable expectation of detecting significant control weaknesses and, if detected, we shall carry out additional work directed towards identification of consequent fraud or other irregularities. However, Internal Audit procedures alone, even when carried out with due professional care, do not guarantee that fraud will be detected, and our examinations as internal auditors should not be relied upon to disclose all fraud, defalcations or other irregularities which may exist. Glasgow Caledonian University PwC 8

Appendix 2: Basis of our classifications Report classifications The report classification is determined by allocating points to each of the findings included in the report Findings rating Critical High Medium Low Points 40 points per finding 10 points per finding 3 points per finding 1 point per finding Report classification Points Critical risk 40 points and over High risk 16 39 points Medium risk Lower risk 7 15 points 6 points or less Glasgow Caledonian University PwC 9

Individual finding ratings Finding rating Assessment rationale Critical A finding that could have a: Critical impact on operational performance; or Critical monetary or financial statement impact ;or Critical breach in laws and regulations that could result in material fines or consequences; or Critical impact on the reputation or brand of the organisation which could threaten its future viability. High A finding that could have a: Significant impact on operational performance; or Significant monetary or financial statement impact; or Significant breach in laws and regulations resulting in significant fines and consequences; or Significant impact on the reputation or brand of the organisation. Medium A finding that could have a: Moderate impact on operational performance; or Moderate monetary or financial statement impact; or Moderate breach in laws and regulations resulting in fines and consequences ; or Moderate impact on the reputation or brand of the organisation. Low A finding that could have a: Minor impact on the organisation s operational performance; or Minor monetary or financial statement impact; or Minor breach in laws and regulations with limited consequences; or Minor impact on the reputation of the organisation. Advisory A finding that does not have a risk impact but has been raised to highlight areas of inefficiencies or good practice. Pervasive This in a literal sense means all encompassing. A pervasive control weakness is therefore one which has an impact across the system of internal control, and consequently could impact upon the achievement of a number of organisational objectives in relation to: the efficient and effective use of resources; the safeguarding of assets; the preparation of reliable financial and operational information; or compliance with laws and regulations. Glasgow Caledonian University PwC 10

In the event that, pursuant to a request which Glasgow Caledonian University has received under the Freedom of Information Act 2000 (as the same may be amended or re-enacted from time to time), the Freedom of Information (Scotland) Act 2002 or any subordinate legislation made thereunder (collectively, the Legislation ), it is required to disclose any information contained in this terms of reference, it will notify PwC promptly and consult with PwC prior to disclosing such information. Glasgow Caledonian University agrees to pay due regard to any representations which PwC may make in connection with such disclosure and to apply any relevant exemptions which may exist under the Act to such information. If, following consultation with PwC, Glasgow Caledonian University discloses any such information, it shall ensure that any disclaimer which PwC has included or may subsequently wish to include in the information is reproduced in full in any copies disclosed. This document has been prepared only for Glasgow Caledonian University and solely for the purpose and on the terms agreed with Glasgow Caledonian University. We accept no liability (including for negligence) to anyone else in connection with this document, and it may not be provided to anyone else. 2014 PricewaterhouseCoopers LLP. All rights reserved. In this document, "PwC" refers to PricewaterhouseCoopers LLP (a limited liability partnership in the United Kingdom), which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback