9 Internal Audit Plan 201213CW PDF

Manchester City Council Item 9
Audit Committee 7 June 2012
Manchester City Council

Report for Resolution
Report to: Audit Committee - 7 June 2012
Subject: Internal Audit Plan 2012/13
Report of: City Treasurer / Head of Internal Audit and Risk Management
Summary
In accordance with the Chartered Institute for Public Finance and Accountancy Code
of Practice for Internal Audit in Local Government, the proposed areas of coverage
for the Council’s Internal Audit Section are set out in an annual plan. The plan is
designed to support an annual opinion on the effectiveness of the systems of
governance, risk management and internal control across the Council and is
informed by the audit strategy, consultation with stakeholders and a dynamic
assessment of risks.
The Code of Practice emphasises the need for a strong working relationship between
Internal Audit and the Audit Committee and that this should include Audit
Committee’s “approval (but not direction) of, and monitoring of progress against, the
internal audit strategy and plan”.
Recommendations
Members are requested to consider and approve the Annual Internal Audit Plan for
2012/13.
Wards Affected:
The plan comprises audits that could affect all wards in the city.
Contact Officers:
Richard Paver
City Treasurer
234 3564
Email richard.paver@manchester.gov.uk
Tom Powell
Head of Internal Audit and Risk Management
234 5273
E-mail t.powell@manchester.gov.uk
Background documents (available for public inspection):

• Internal Audit Plan 2011/12

• Emergent Audit Plan 2012/13
• Annual Internal Audit Report 2011/12
• Annual Governance Statement 2011/12 and 2012/13
All of the above were presented to Audit Committee in 2011/12 and 2012/13.
• Manchester City Council Corporate Plan 2011-2014
2012/13 Internal Audit Annual Plan
1. Background to report
1.1. The Chartered Institute for Public Finance and Accountancy Code of Practice
for Internal Audit in Local Government in the United Kingdom 2006 (The CIPFA
Code) established the expected professional standards for internal audit in local
government. The CIPFA Code is informed by standards from other professional
institutes, including the Institute of Internal Auditors (IIA) and the Government
Internal Audit Standards (GIAS) issued by HM Treasury, and is the standard
against which the quality of internal audit in local government is assessed.
1.2. The CIPFA Code sets out the requirement for an internal audit strategy and an
annual internal audit plan. The focus of this report is the Internal Audit plan for
2012/13.
2. Approach to plan development

2.1. Section four of the CIPFA Code states the need for an effective working
relationship between internal audit and the Audit Committee and that this should
include Audit Committee’s “approval (but not direction) of, and monitoring of
progress against, the internal audit strategy and plan”. Whilst the annual plan is
not being presented for approval, it is intended that the following provides
assurance to members on the approach being taken, the key characteristics of
the plan and the areas proposed for review.
2.2. The approach to audit planning in the Council for 2012/13 has been based
largely, but not exclusively, on the following:
• Draft annual governance statement.
• Review of the Corporate Risk Register.
• Review of directorate / service business plans and related risk registers.
• Review of the Corporate Plan, Community Strategy and other key strategy
documents.
• Cumulative audit knowledge and experience.
• Engagement with Heads of Service and directorate management teams.
• Engagement with audit colleagues across Greater Manchester and the Core
Cities.
• Engagement with Strategic Business Partners.
• Engagement with the Risk & Resilience, Insurance & Claims and Health &
Safety teams within the Audit and Risk Management Division.
2.3. On this basis, an emergent plan of areas for audit coverage was been
developed and presented to Audit Committee in March 2012.
2.4. The final plan reflects the resources available for the year. It reflects current
resources following a management restructure and deletion of two vacant posts
but is based on an expectation that two vacant auditor posts will be filled in the
year. It also assumes the modest use of external resources to support delivery
of the ICT audit elements of the plan.
2.5. Having accounted for planned non-chargeable time there are a total of 2,858
audit days to be spent on the delivery and management of direct audit work.
This is a reduction from the available 3,180 days planned for 2011/12 based on
the following key planning assumptions:
• Staffing compliment of 21 posts equating to 19.8 FTE as a consequence of
five staff in post working reduced hours.
• Recruitment to five posts currently vacant being achieved no later than
September 2012. The process for recruitment through M People is
underway but the plan is based on an assumption that internal movement
of staff and induction may not be completed until mid way through the year.
• 400 days of staff time for professional training and other learning and
development activity, appraisal and induction. This includes time for new
starters to obtain appropriate professional qualifications and is essential to
ensure the team retains the skills and knowledge required to deliver the
service.
• Non chargeable time spent across the team supporting elections during
May and November 2012.
2.6. The allocation of this time to auditable areas is set out in section 4.
3. Key characteristics of the annual plan

3.1. As set out in diagram 1, the annual plan is comprised of a combination of
different audits tailored to reflect the specific needs of the Council.
3.2. As in 2011/12 and as referred to in the Emergent Plan for 2012/13 the types of
audit in the plan are as follows:
• Strategy: To provide an assurance opinion on the Council’s strategic
approach to the management of core business processes. Past examples
include the Information, People and Financial Management Strategies. For
2012/13 the key strategy we will focus on relates to ongoing property
rationalisation and premises closures although we will remain abreast of the
financial and ICT strategies in particular.
• Business Unit: To provide an assurance opinion on the adequacy and
effectiveness of arrangements to ensure the achievement of business plan
objectives, specifically through the management of finance, people,
performance and risk. For 2012/13 the focus of some of our business unit
audit work will be short, targeted work on closing services, premises and the
management of identified business unit risks.
• Risk Based: To provide assurance on the arrangements in place to manage
key business risks. These are the audits that focus on risks in service and
directorate plans and the corporate risk register and are designed to provide
management and members with assurance that appropriate steps are being
taken.
• System and Compliance: To provide assurance to statutory officers and key

stakeholders that key systems and processes are operating as intended.
This remains critically important during a period of change and will include
work on the core financial systems.
3.3. The plan also includes other assurance work as follows:
• Anti Fraud, Irregularity and Probity Programme: There will be ongoing
proactive testing of systems and processes to identify potential fraud and
misappropriation, as well as potential non-compliance with policies and
procedures. In addition the service investigates potential wrongdoing, fraud
and corruption and expect the number of referrals in this area to increase
during 2012/13.
• Schools: The time in the plan is based on the assumption that there is an
ongoing requirement for assurance over governance and financial
management in schools, to support Governing Bodies, the Local Authority
and allow the City Treasurer to discharge his statutory obligations. This is a
reduced allocation compared to 2011/12 although we will also be
undertaking cross cutting audits of thematic risk areas across a sample of
schools. This has proven popular with schools and enabled us to share
good practice and proposals for further improvement in areas of common
concern.
• Developing Systems: To provide early engagement on the development of
new systems or processes and make recommendations to mitigate risks
where appropriate. This applies not just to ICT systems but to new ways of
working and the implementation of new structures and processes.
• Advice and Guidance: Internal Audit provides ongoing advice across the
Council. Whether through attendance at working groups or responding to
telephone enquiries this remains an area where early advice and support
can help maintain a robust control environment. It is likely to be an area of
ongoing demand during 2012/13 as managers at all levels, especially those
moving around the Council through M People or implementing new
arrangements seek support. There are also many significant changes
impacting the Council including welfare reform, the transfer of public health,
localisation of business rates and Council Tax and the establishment of
academies and free schools where early Internal Audit involvement and
support is valued by management and provides us with the opportunity to
ensure appropriate, streamlined and effective controls are built into
development arrangements. This approach of using different types of audits
and other work is considered the most effective way to deliver the vision for
Internal Audit.
3.4. In summary, there are fewer strategy audits this year which reflects the
transformation programme across the Council from 2011-2013. 2011/12 was
characterised by the development and agreement of strategies to deliver
savings and transform services. Good progress has been made to date and
so the audit focus for 2012/13 has moved from the development of strategies
to focus more on emerging risks and the operation of controls within the
Council’s governance arrangements, its systems and its processes. The need
for continued investment of time in anti-fraud, irregularity and probity work
continues as does the requirement to provide ongoing advice and guidance to

all service areas in helping them manage their risks effectively.
Diagram One – Audit Plan Framework
Business Unit Audits
Developing
Systems
Support
Anti-Fraud,
Irregularity,
Probity and
Strategy Compliance
Audits Risk Based Audits
Advice and
Guidance
System and
Compliance
Audits
Community Strategy / Corporate Plan Objectives

Corporate Risk Register / Business Plan Risks
4. Audit Plan Allocations 2012/13

4.1. The final allocations of time in the plan are set out in diagrams 2 and 3 as
follows:
Diagram 2 – Allocation of direct audit days in 2012/13 – By Audit Type

External Clients
178 Advice and Guidance
2011/12
151
Brought Forward
89 Proactive Anti-Fraud and Probity
215
Schools
289 Reactive Anti-Fraud
181
Business Unit
79
System
574
Compliance
571
Strategy
34
Risk Developing
301 System
156
4.2. Further details of the specific reviews in these areas are included at appendix
one but in summary the main areas of focus are as follows:
2011/12 Brought Forward

4.3. Completion of work from the 2011/12 audit plan year that was carried forward
for completion in early 2012/13. In particular this includes the finalisation of
reports, work relating to year end processes including final testing on core
financial systems, support in production of the annual governance statement.
Advice and Guidance

4.4. Increased allocation to 151 days for formal advice and guidance to all services.
Historically this has involved advice to schools, support for the development of
governance arrangements and ongoing support to officers in areas such as
procurement and compliance with financial regulations. The time includes
officer attendance at key working groups advising on matters of governance,
risk and control in the development of both corporate and directorate level
strategies, systems and processes.
4.5. The plan for each directorate also includes time for client management which is
used for ongoing advice and guidance throughout the year.
Recommendation follow-up
4.6. Each service allocation includes time for the follow-up and reporting of
recommendations issued in prior years. This accounts for 120 days across the
plan and includes time for follow-up of recommendations issued in school
reports and as a result of reactive fraud investigations.
Anti Fraud, Irregularity and Probity

4.7. Programme of proactive and reactive anti-fraud work. This includes an
allocation of 181 days for investigations across the team which is a reduction
from 2011/12 and will need to be kept under review throughout the year and
may need to be increased depending on the volume and complexity of referrals
to the service as well as the capacity and capability of management in services
to conduct investigations with targeted audit support. The plan also includes 255
days of work in the conduct of intelligence-led investigation work, probity
reviews and the development of corporate anti-fraud arrangements.
System and Compliance

4.8. System audits are reviews of key financial, business and ICT systems and
involve a full evaluation of the adequacy of controls and testing how they are
operating in practice. Compliance audits focus on the testing element only and
are designed to provide assurance that systems are working as intended.
4.9. Much of this work is designed to provide assurance to the Council’s statutory
officers including the City Treasurer and City Solicitor. It also includes review of
grants, contracts and procurement and audits of casework management in adult
and children’s social care as well as compliance reviews designed to provide
assurance over probity issues including cash handling in directorates.
4.10.There has been an increase in the allocation of time in this area reflecting the
audit focus on ensuring that systems and processes developed during 2011/12
as a result of transformation and cost saving programmes are now operating as
intended.
Developing System Support

4.11.The developing system allocation has reduced from 300 to 156 days for
2011/12. As referred to above this is because a lot of time was spent in
2011/12 reviewing and supporting arrangements that were developed in
response to fiscal and transformation priorities. The allocation does however
reflect the ongoing need to provide early assurance on systems and processes
that are under development. This is designed to provide both support and
challenge to management at an early stage, providing early warning of issues of
audit concern and helping ensure appropriate systems of risk management,
control and governance are embedded from the outset.
Cross Cutting
4.12.The plan includes 133 days for business unit and strategy audits referred to
earlier in this report that for 2011/12 will focus on the management of business
unit risks as well as the delivery of planned financial savings.
School Audits
4.13.As in 2011/12 the approach to schools audit for 2012/13 comprises risk based
audits and targeted audits that focus on specific issues at individual schools as
well as thematic audits covering common areas of concern such as
procurement, self-employment and safeguarding. Following positive feedback
from schools in 2011/12 the plan allows for advance visits to a sample of
schools to support them in preparation for submission of their financial value
standard (SFVS) returns to the Local Authority and Department for Education.
4.14.The allocation also includes time to support corporate working groups dealing
with schools and audits to ensure the effective transition of schools that may
move to trust or academy status during the year.
Risk Based Audit Work

4.15.Risk based audit work has been informed by business and corporate risk
registers as well as our understanding of key risks and engagement with
management from across all services. For 2012/13 this includes ongoing
assurance in relation to the delivery of savings, closure of premises, information
security and ICT.
External Clients
4.16.The final element of the audit plan is for audit work provided to the Greater
Manchester Combined Authority, PATROL and Mersey Valley Joint Committee
where the Council acts as lead authority. From 2012/13 the service will also
provide audit services to an academy, OneEducation and the Mancheter family
of companies linked to the GMCA comprising Marketing Manchester, MIDAS
and New Economy. This is part of the workplan for the section but results in
outputs that are reported to these respective bodies.
Allocation by Directorate
4.17.The work of the Internal Audit Section is aligned to the Council’s directorates
and key risk area. The allocation of work within each is set out below:
Diagram 3 – Allocation of direct audit days in 2012/13 – By Directorate

Reactive Anti-Fraud Adults, Health and

181 Wellbeing
330
Systems,
Information & Data
236 Advice and Guidance
151
Pro Active Anti-Fraud,

Schools Irregularity and Probity,
289
215
2011/12
Brought Forward
Neighbourhood 89
Services
237 Chief Executive's
342
External Clients
178
Corporate Services Childrens Services

348 262
4.18.In 2011/12 the greatest proportion of time in the plan was allocated to Corporate
Services (21%) which reflected the volume of audit work delivered in respect of
financial savings and property rationalisation which despite impacting on all
directorates, was allocated to the City Treasurer as the SMT member with lead
responsibility for these areas. For 2012/13 the allocation is evenly spread
across Corporate Services, Chief Executive’s and Adults, Health and Wellbeing,
Childrens and Neighbourhoods, with each accounting for approximately 10% of
the plan.
4.19.Schools remain a significant proportion of the plan with 289 days allocated
demonstrating the continued role delivered by Internal Audit in providing
assurance over the governance and financial arrangements in operation across
Manchester schools.
4.20.As a result of changes in the roles and responsibilities across the audit team to
reflect corporate priorities a new block of work has been allocated for 2012/13
referred to as systems, information and data. This work cuts across all
directorates and includes ICT as well as information governance and
information security.
4.21.The overall allocation of time includes the apportionment of 456 days of
planning, audit and client management, corporate reporting and
recommendation monitoring across the plan.
5. Conclusions
5.1. Members are asked to approve the Internal Audit Plan for 2012/13
Manchester City Council Appendix 1 - Item 9
Appendix 1 Audits in 2012/13 Internal Audit Plan

Corporate CRR
Plan
Area and Audit Title Audit Type Internal Proposed assurance to be 1 2 3 4 5 6
Allocation Audit obtained
Assessed
Risk
Adults, Health Manchester Business Medium Actions set out in service plans X X X 10
and Wellbeing Equipment and Unit relating to people, finance and
(330 days) Adaptations procurement are progressed
Partnership following reorganisation.
Primary Assessment Compliance High Compliance with the new X X 10

Team assessment process resulting
from the Customer Journey
Improvement Project.
Casework Compliance High There is compliance with X 19
Management expected casework practice
and with procedures.
Financial Developing High Changes in the process for X X 19
Assessments Review System service user financial
assessments support effective
management of risks through
appropriate controls.
Community Care Developing High Changes in the arrangements X X 10
Grants System for distribution of community
care grants support effective
management of risks through
appropriate controls.
Corporate CRR
Plan
Assessed
Risk
Public Health Developing High Governance and management X X X 10,
Transition System arrangements support an 13,
effective transition of public 17,
health responsibilities from the 20
NHS to the Council.
Homelessness Risk Medium Arrangements support X X
reduction in the use of
temporary accommodation.
Service User Cash Risk High Adequate arrangements are in X X X 10,

Handling operation for the management 19
and handling of service users
cash.
Delivery of Savings – Risk High Arrangements support the X X 1
Monitoring effective monitoring of the
Arrangements delivery of savings and
management of changes in
assumptions.
Asylum, Refuge and System High Systems and processes X X X 10
Migration support the provision of social
care to customers seeking
asylum or refuge.
Corporate CRR
Plan
Assessed
Risk
Social Care Contact System High Emergency and duty X X 10
Service arrangements support the
identification and delivery of
appropriate social care and
support to adults.
Homecare – Financial System Medium Invoicing and payment X X
Management arrangements ensure that the
right payments are made to the
right suppliers for the right
services at the right time.
Individual Budgets – System High Arrangements are in place to X X 19
Financial Recovery maximise the recovery of
Arrangements individual budget funding
arising from unspent and
unsupported allocations.
Commissioning – System Medium Governance and management X X X 10,
Older People and arrangements support the 17
Supporting People effective commissioning of
appropriate services and
interventions.
Corporate CRR
Plan
Assessed
Risk
Mental Health System High There is compliance with X X 19
Casework expected casework practice
Management and with procedures across the
Council and Mental Health
Trust – joint review with NHS
audit.
Transition System Medium Systems for managing X X 19
Management transition from children’s social
care to adults are appropriately
designed and support
compliance.
Anti Fraud Awareness and Development High Delivery of awareness training X X 23
(396 days) Training to senior managers and staff
and targeted stakeholder
groups. To include reference
to key anti-fraud policies and
procedures
Fraud Risk Development High Council risk assessment and X 23
Assessment analysis.
Fighting Fraud Locally Development High Analysis of key requirements of X 23

Strategy the Strategy and the Council
response.
Corporate CRR
Plan
Assessed
Risk
Fraud Response Plan Development High Development of a fraud risk X X 23
response plan to address the
current assessment of
exposure to risk.
Expenses Claims Proactive High Follow up to work done on X X 23
and Probity expense claims with
transaction level testing to
provide assurance over the
accuracy and validity of claims.
Duplicate Payments Proactive High Analysis and targeted review of X X 23
and Probity potential areas of duplicate
payments using interrogation
software.
Cash Management Proactive High Compliance with cash handling X X 23

and Control and Probity policies and procedures.
National Fraud Proactive High Co-ordination and facilitation of X X 23
Initiative and Probity the Council’s response to the
NFI including data collation,
review of matches and action
to address anomalies.
Corporate CRR
Plan
Assessed
Risk
Overtime, ad hoc and Proactive High Transaction based testing of X X 23
additional payments and Probity claims made by individuals for
a range of specified activities.
To provide assurance over
compliance with the need for
validating, authorising and
verifying payments.
Purchasing and Proactive High Transaction based testing of X X 23
Procurement and Probity expenditure to provide
assurance over compliance
with key controls and to identify
any anomalies.
Investigations and Reactive High To provide skilled resource to X X 23
investigation support support managers and HROD
in the conduct of specific
investigations as they are
identified during the year.
Chief Grant Reviews and Compliance Mandatory Support to City Treasurer, X X
Executive’s Certifications Deputy Chief Executive
(314 days) (Performance) and Assistant
Chief Executive (Regeneration)
to ensure that a range of grant
claims are fairly stated.
Corporate CRR
Plan
Assessed
Risk
Workforce Strategy Strategy High Strategy implementation X X 11,
Implementation including effectiveness of 14,
induction process under M 18
People.
Declarations and Compliance Medium Testing cross-directorate X 23
Registers of Interests compliance with policy on
notifying personal and
pecuniary interests.
Gifts and Hospitality Compliance Medium Testing cross-directorate X 23
compliance with policy on the
treatment of offers to officers of
gifts and hospitality.
Performance Compliance Medium How the PMF is used across X X 2, 9
Management the Council including data
Framework Data quality and effectiveness of
Quality and action / outcomes based on
Outcomes performance data.
Manchester Compliance High Quality of data supporting X X 2, 9,
Investment Fund – performance reporting 17
Performance focussing on monthly
Reporting and Data performance reports submitted
Quality by Neighbourhood Teams.
Directorate Compliance High Delivery of service X 15
Transformation improvements through
Projects - Service Directorate Change
Improvement Programmes.
Corporate CRR
Plan
Assessed
Risk
Annual Governance Compliance High Assurance over compliance X
Statement with the process for evidencing
and compiling the Annual
Governance Statement.
SAP Upgrade – Developing Medium Assurance over the design of X 15
Employee / Manager System controls for the automation of
Self Service processes in SAP.
SHARP Management Developing Medium Assurance over the process for X
Company System awarding a building
management contract for the
SHARP Building.
Town Hall ‘Coming Risk High Progress with delivery of the X X 15
Home’ Strategy programme for taking up
occupation and ICT fit-out of
the renovated Town Hall
Extension.
Neighbourhood System High Effective operation of X X X X X 10
Regeneration Teams Neighbourhood Regeneration
Teams, following service
redesign and restructure.
Administration of System Medium The effectiveness of X X 10
Planning Appeals arrangements for administering
and responding to appeals
against planning and
enforcement decisions.
Corporate CRR
Plan
Assessed
Risk
Childrens Cash Management Compliance High There are appropriate systems X 23
Services and Control and Probity and processes for collecting,
(262 days) managing and controlling cash
within Children’s Services to
minimise the risk of loss or
fraud.
Social Care SRF Area Business Medium There are effective X X X 18
Unit arrangements for delivering the
objectives of the Social Care
SRF Area objectives through
the application of the
Manchester Standards.
Quality Assurance Developing High Arrangements support the X X X 9, 15
and Contract System effective monitoring and
Monitoring – Youth challenge of money
Fund commissioned from the Youth
Fund and provide assurance
on delivery of key objectives
and outcomes.
Quality Assurance Developing High Arrangements provide X X X 9, 15,
and Contract System assurance that activity 25
Monitoring – delivered by OneEducation
OneEducation through agreed SLAs is being
delivered as planned and is
supporting the delivery of
agreed objectives and targets.
Corporate CRR
Plan
Assessed
Risk
Childrens’ Individual Developing High Governance and management X X X 19
Budgets System arrangements applied in
respect of individual budgets
support effective decisions.
Looked After Children Risk High The redesigned Central X X 10,
Placement Team arrangements 18
are operating in line with
expectations to support the
delivery of key objectives and
outcomes.
Delivery of Savings Risk High Arrangements support the X 1
Assurance – Early effective monitoring of the
Years delivery of savings and
assumptions.
Delivery of Savings Risk High Arrangements support the X 1
Assurance – Looked effective monitoring of the
After Children delivery of savings and
assumptions.
Youth Service – Risk Medium Systems are in place to support X X 9
Delivery of Statutory decision making and provide
Obligations assurance over the delivery of
statutory obligations.
Corporate CRR
Plan
Assessed
Risk
Childrens’ Partnership Risk Medium Children’s Partnership X X 10
governance arrangements are
operating as planned and are
supporting effective decision
making and achievement of
outcomes.
Residential Services System High Systems in place are X X 18
appropriate to support the
effective delivery of service
objectives.
Social Care System High The quality monitoring X X 9, 18
Casework framework is effective in
providing assurance over
compliance with casework
policies and procedures in
supporting improvements in
compliance and the quality of
social care casework activity.
Early Years Centres – Risk High Local management X X
Establishment arrangements and systems in
early years centres are
appropriate and in line with
Council policy and procedures.
Corporate CRR
Plan
Assessed
Risk
Corporate Core Financial System and Mandatory Full system and compliance X 1, 2,
Services Systems Compliance audits to provide assurance 23
(348 days) over the effectiveness of the
Council’s core financial
systems:
• Council Tax.
• Benefit Administration.
• Income Management.
• Creditor Payments.
• Business Rates.
• Payroll.
• Grant Payments.
• Cash.
• Budget Monitoring &
Reporting.
• Budget Setting.
• Treasury Management.
• General Ledger.
• Asset Accounting.
Town Hall Compliance High Payments to contractors are X 24
Programme – supported by appropriate
Contractor Payments evidence and assurance to
confirm that the Council pays
only for approved and agreed
works and services.
Corporate CRR
Plan
Assessed
Risk
Town Hall Compliance High Arrangements operated by the X 9, 24
Programme – Quality Council and contractors assure
Assurance the quality of supplier works
and services.
Construction Cost Compliance Medium Compliance with systems and X 24
Planning processes for the development,
review and finalisation of
capital cost plans.
Revenue Compliance High Compliance with financial X 23
Procurement regulations for revenue
contracts.
Benefits – Inquiry and Risk High Systems and processes for X X X 10
Claims Handling dealing with customer enquiries
and claims are efficient and
effective.
Employment Status Risk High Systems and processes ensure X 23
the classification of employees,
consultants and suppliers is in
accordance with HMRC
regulations.
Use of Consultants System High Improved controls over the use X X 9
of consultants and fees payroll
introduced in 2011/12 are
operating as intended.
Corporate CRR
Plan
Assessed
Risk
Grant Certifications Compliance Mandatory Support to the City Treasurer to X
ensure that a range of grant
claims are fairly stated.
Neighbourhood Manchester Markets Business High Assurance over the effective X X X 10
Services Unit management and control of
(237 days) markets.
Carbon Reduction Compliance Mandatory The Carbon Reduction Return X X 22
Return is fairly stated and supported
by appropriate evidence of
energy use.
Waste Contract Compliance High New waste contract X X 10
Management performance management
arrangements are in place
including development of
confidence ratings and testing
the integrity of supporting data.
Essential and Casual Compliance Medium The allocation and use of X 23
Car User Review essential and casual car users
is managed and controlled in
line with Council policy.
Highways – Traffic Compliance Medium Compliance with legal X X 10
Orders requirements and procedures
for issue of permanent traffic
orders.
Corporate CRR
Plan
Assessed
Risk
Governance and Compliance High Assurance over the X X X
planning of major identification, management, co-
events ordination and control over the
delivery of major events.
Neighbourhood Developing High Neighbourhood delivery teams X X X X X
Delivery Approach System are embedding in the new
structure, training is being
undertaken and delivery of
services is being achieved as
planned.
Income management Compliance High Income management for car X
– car parking and Probity parking is effective including
record keeping, verification and
cash handling.
Case management – System Medium Case work is appropriately X 10
contact centre managed and controlled
through the contact centre.
Taxi Licensing – System High Assurance that the basis for X
financial control and the taxi licence charges is
reporting sound
Freedom of System Medium Assurance over the quality and X
Information Act timeliness of action to respond
to FOI Act requests.
Schools School audits System High Annual programme of school X X X X 23,
(289 days) focused work including: 25
• Risk based school audits.
Corporate CRR
Plan
Assessed
Risk
• Targeted schools audits
focused on specific issues
of concern.
• Support visits to selected
schools to guide SFVS
returns.
• Thematic audits including
use of sole suppliers
employment status and
safeguarding.
• Supporting S151 Officer
assurance to the
Department for Education.
• Closing schools / transfer
audits.
Systems, Information Compliance High Information security risks X

Information Governance and relating to records and
and Data Security Assurance equipment are managed, at a
(264 days) selection of operational
buildings.
ICT Code of Compliance Medium Support to S151 Officer and X 8
Connection Head of ICT in assuring the
Council’s ongoing compliance
with Code of Connection
requirements.
Corporate CRR
Plan
Assessed
Risk
ICT Disaster Developing High ICT’s approach to identifying X 4, 7,
Recovery (DR) System and addressing directorate and 8
corporate DR requirements
supports organisational
resilience.
ICT Decant from Risk High Risks around service provision X 4
Daisy Mill and security are managed as
part of the closure of premises
and/or transfer of services.
Use and Control of E- Risk Medium Assessment of controls to X
mail Groups safeguard against information
security risks.
ICT Hardware Asset Risk High Systems and processes ensure X
Control and Disposal the proper control and disposal
of ICT assets.
Information Security Risk High Information security is X
Visits managed as part of the closure
of premises and/or transfer of
services.
Information Risk Medium High level assessment of X
Governance Risk corporate information risks and
Assessment how these are managed.
Corporate CRR
Plan
Assessed
Risk
ICT Delivery Strategy High ICT’s delivery and X X 4, 5,
management of key projects 8
and priorities supports
achievement of the ICT
strategy.
ICT Penetration System High Management testing of X 8
Testing systems enable the timely
identification and resolution of
actual and potential risk issues.
ICT Software System High The Council has arrangements X 8
Licensing to ensure the cost effective and
efficient deployment of
licences.
ICT Service Desk System Medium There is an effective process X 5, 8
for ICT service desk dealing
with reactive incidents and
approach to proactive
management and reduction of
incidents.
ICT Application Audits System High Application audits focusing on X 5, 8
key controls to ensure security
and resilience of key systems -
proposed focus for 2012/13
being Flare and Sharepoint.
Corporate CRR
Plan
Assessed
Risk
SAP Upgrade Developing Medium Assessing the proposed
System upgrade of SAP and
determining whether it affects
the existing controls and if so,
whether the replaced controls
are appropriate to ensure
transactions continue to be
processed completely and
accurately within the system.
External GM Combined External Mandatory Contract audit service

Clients (178 Authority Client
days) Patrol External Mandatory Contract audit service
Client
Mersey Valley Joint External Mandatory Contract audit service
Committee Client
Cheetham Academy External Mandatory Contract audit service
Client
OneEducation External Mandatory Contract audit service
Client
Manchester Family External Mandatory Contract audit service
Client
Block Brought Forward Various Medium Completion and finalisation of
Allocation 2011/12 audits from 2011/12 plan.
(89 days)
Block Targeted Advice and Various High Support to key working groups
Corporate CRR
Plan
Assessed
Risk
Allocation Guidance and boards as well as targeted
(151 days) support in key risks areas
including:
• ICT Project Board.
• Business Support Board.
• Closing Schools Working
Group.
• Governance Working
Group.
• Schools’ Finance Board.
• SEND Pathfinder Project.
• Social Care Systems Board.
• Information Assurance &
Risk Group.
• Council Tax System
Upgrade.
• Third Sector Grants Project.
• Individual Budgets.
• Schools Causing Concern
Group.
• Income and Assessment
Project Board.
Corporate CRR
Plan
Assessed
Risk
Block Follow-up of Internal
Allocation Audit
(within the recommendations
above General Advice and
directorate Guidance
allocations) Client and Delivery
Management
Key showing how audits in the plan link to the Council’s Corporate Plan priorities and Corporate Risk Register
Corporate Plan Priorities
1. 2. 3. 4. 5. 6.
People Pride Place Transformation Governance & Corporate Risk
Assurance Register
• Reducing • Physical • Neighbourhoods • Value for money • Performance References refer to
dependency environment • Resident • One Council management risks reported on the
• Skills and • Sustainability engagement approach framework update of the
outcomes • Neighbourhoods • Transport • Resources • Information to Corporate Risk
• Community • Climate change • Culture • Savings and support decision Register presented to
cohesion • Affordable • Safe finance making SMT in May 2012.
• Civic homes and communities • Public Sector • Democratic
participation housing • Accessibility of Reform processes,
• Health and services and • Modern scrutiny and
Wellbeing amenities workforce accountability
• Reducing • Growth and • Efficiency, • Management of
worklessness resilience of effectiveness risk
• Supporting businesses, and flexibility
vulnerable communities,
residents voluntary and
community
sector.

9 Internal Audit Plan 201213CW PDF

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

9 Internal Audit Plan 201213CW PDF

Hochgeladen von

Copyright:

Verfügbare Formate

Manchester City Council Item 9

Audit Committee 7 June 2012

Manchester City Council

Report to: Audit Committee - 7 June 2012

Subject: Internal Audit Plan 2012/13

Background documents (available for public inspection):

• Internal Audit Plan 2011/12

2012/13 Internal Audit Annual Plan

2. Approach to plan development

3. Key characteristics of the annual plan

• System and Compliance: To provide assurance to statutory officers and key

continues as does the requirement to provide ongoing advice and guidance to

Diagram One – Audit Plan Framework

Business Unit Audits

Community Strategy / Corporate Plan Objectives

4. Audit Plan Allocations 2012/13

Diagram 2 – Allocation of direct audit days in 2012/13 – By Audit Type

2011/12 Brought Forward

Advice and Guidance

Anti Fraud, Irregularity and Probity

System and Compliance

Developing System Support

Risk Based Audit Work

Diagram 3 – Allocation of direct audit days in 2012/13 – By Directorate

Reactive Anti-Fraud Adults, Health and

Pro Active Anti-Fraud,

Corporate Services Childrens Services

Appendix 1 Audits in 2012/13 Internal Audit Plan

Primary Assessment Compliance High Compliance with the new X X 10

Service User Cash Risk High Adequate arrangements are in X X X 10,

Fighting Fraud Locally Development High Analysis of key requirements of X 23

Cash Management Proactive High Compliance with cash handling X X 23

Systems, Information Compliance High Information security risks X

External GM Combined External Mandatory Contract audit service

Das könnte Ihnen auch gefallen