Corporate Services department - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Corporate Services department

Description:

Rough guide to SIC, AGS. The Excellent' Auditor (competencies) Audit Learning Centre ... Does the existing opinion truly reflect the entire ICE? My guess ... – PowerPoint PPT presentation

Number of Views:68
Avg rating:3.0/5.0
Slides: 20
Provided by: helen150
Category:

less

Transcript and Presenter's Notes

Title: Corporate Services department


1
Review of the Effectiveness of the System of
IA Neil Hunter
2
Who Am I?
  • Head of Audit Leeds City Council
  • Chair of CIPFA NE Region
  • Member of CIPFA Council and Board for the Regions
  • Been involved with
  • Rough guide to SIC, AGS
  • The Excellent Auditor (competencies)
  • Audit Learning Centre
  • Working with CIPFA Audit Panel to finalise
    guidance on the review of effectiveness of IA
  • And, judging by the above, a crashing bore!

3
Aim of Session
  • To discuss
  • The System of Internal Audit
  • The Role of the Head of Internal Audit
  • If time touch on partnerships

4
Background
  • The local public service provision environment is
    changing and to remain relevant and give a useful
    assurance to the many stakeholders Internal
    Audit must evolve with it
  • We shouldnt need legislation to tell us that!

5
Regulatory Framework
  • Accounts and Audit Regulations 2006, Regulation 4
    - Relevant body should conduct a review at least
    once a year of its system of internal control.
    Are partnerships/outsourced services part of the
    system of Internal Control?
  • Accounts and Audit Regulations 2006, Regulation 6
    - Relevant body should conduct an annual review
    of the effectiveness of their system of internal
    audit.
  • Code of Practice for IA in LG in the UK
  • 1.2.1 Scope of IA remit includes the orgs entire
    control environment
  • 10.4.2 (a) HOA annual report (timed for SIC) must
    include opinion on the adequacy
    effectiveness of control environment
  • 10.4.2 (c) Present a summary of the work from
    which the opinion is derived, including
    reliance placed on work by other assurance
    bodies.

6
Possible Issues
  • Control environment systems of governance, risk
    management and internal control (whatever that
    means) have you determined and agreed the
    boundaries of this?
  • How do we deal with new stuff that we havent
    traditionally audited (and what are)
    Partnerships?
  • Have we access/skills to gain that assurance?

7
Possible Issues
  • Head of Audit may struggle to give useful annual
    opinion based on traditional audit plan and own
    work (I do) almost not possible unless we take
    a very broad view of a risk based plan
  • Can we place reliance upon other assurances
  • How do we make this new (unclear) legislation
    actually add value to the organisation? Its
    objective is to strengthen governance and
    accountability within relevant bodies!

8
Key Question (1)
  • Can the Head of IA give an added value, relevant
    assurance on the organisations ICE based on audit
    plan work alone? Does the existing opinion truly
    reflect the entire ICE?
  • My guess
  • Possibly but probably not yet and not without a
    clear understanding of where other assurances may
    exist and some evidence that they are robust
  • And would such an opinion add value to the
    stakeholders?

9
Key Question (2)
  • Could the system of IA be a suite of assurances
    needed by the Audit Committee to support the AGS
    and opinion on the ICE?
  • If yes do these assurances need an independent
    reality check? If yes again, who is best placed
    to do it (and how do we get the resources and
    skills?)
  • Assuming we think its IA, challenged by the Audit
    Committee how do we demonstrate that we are
    both fit for purpose and our assurance can be
    relied on?

10
Minimum Standards!
  • Such as
  • The CIPFA Toolkit for Local Authority Audit
    Committees 2006
  • The Code of Practice for IA in Local Government
    in the UK 2006

11
So - What is the Suggested System of IA?
  • The most confusing diagram in the world - ever
  • (but I am an auditor so please forgive me!)

12
(No Transcript)
13
Triangulation
  • Directors/Managers to give assurances, e.g.
  • Objectives aligned to Corporate Priorities
  • Risk register and MIS/PIs linked and monitored
  • Corporate policies /procedures communicated/embedd
    ed/complied with
  • Can give evidence based assurance
  • Key Functions to give assurances, e.g.
  • Policies and procedures current, communicated,
    embedded (some monitoring?) across organisation
  • Head of Audit to give opinion based on
  • Risk based Audit Plan (inc. partnerships etc.)
  • Review of Directorates governance arrangements
  • Review of key Functions Governance arrangements

14
The System of Internal Audit
  • The System of Internal Audit is that which an
    effective Audit Committee (or equivalent) relies
    upon to provide timely assurances on the overall
    adequacy and effectiveness of the organisations
    entire control environment, which in turn will
    support the conclusions in the Annual Governance
    Statement.
  • To support his/her opinions on the overall
    adequacy and effectiveness of the organisations
    entire control environment, the Head of Audit
    must deliver a Risk Based Plan that is
    sufficiently robust to confirm that assurances
    provided as part of the System of Internal Audit
    can be relied upon by the Audit Committee.
  • It is essential that both the Audit Committee (or
    equivalent) and the Internal Audit function are
    compliant with the appropriate Code of Practice
    or best practice standard.
  • The Review of the Effectiveness of the System of
    Internal Audit is
  • Confirmation that both the Audit Committee and
    Internal Audit functions are compliant with the
    appropriate Code of practice or best practice
    standard, and
  • An assessment of the extent to which the Audit
    Committee can place reliance upon the assurances
    it receives on the adequacy and effectiveness of
    the entire control environment throughout the
    year.

15
Summary
  • Even without the legislation the Head of IA
    should be doing this.
  • Must have fit for purpose IA function and Audit
    Committee.
  • Head of IA must be satisfied that any other
    assurances (e.g. directors, functions,
    partnerships) taken into account must be
    underpinned by a robust process to evidence that
    assurance

16
Summary
  • The HIA could be the focal point for an
    assessment of the whole framework of assurances
    available to management/ governors.
  • The "system of internal audit" could be the
    internal audit service, whose scope encompasses
    this framework of controls even if we do not do
    the work in each area of control.
  • If we get it right - the review of the system of
    internal audit could be a review of the internal
    audit function - but firstly facing inwards (fit
    for purpose) and secondly facing outwards, to the
    scope of its work.

17
Just a Comment on Partnership Assurances
  • Key lines of enquiry for use of resources 2008
  • 4.2 (Sound ICE) level 2 - The Council has
    identified its significant partnerships and has
    appropriate governance arrangements in place for
    each of them.
  • 4.2 level 4 - Governance arrangements with
    respect to partnerships are subject to regular
    review and updating and
  • The Council obtains assurance on a risk basis of
    the viability of its significant
    contractors/partners business continuity plans.

18
Problem Resources!..
  • If we are happy all partnerships are included on
    a central register (after audit review of system)
    then
  • If we are happy there are good (and appropriate)
    organisational generic governance protocols
    adopted (and embedded) by departments to
    manage partnerships, then..
  • It just requires a simple risk based plan of key
    partnerships to get IA assurance on for the
    annual opinion

19
Possible Assurances
  • Risk Based Assessment of key partnerships
    appropriate assurances!
  • None take the risk
  • Assurance on outcome monitoring controls PIs,
    Customer Outcomes (CAA)
  • Assurance from appropriate Audit Committee or
    Governing Body
  • Assurance from other appropriate audit body or
    review body internal and/or external audit?
  • But need agreement for independent audit/open
    book reviews in key partnerships?
  • CIPFA COP Compliant
  • Your organisations own IA service
Write a Comment
User Comments (0)
About PowerShow.com