internal audit activity report - West Midlands Police and Crime ...
internal audit activity report - West Midlands Police and Crime ...
internal audit activity report - West Midlands Police and Crime ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
David Giles CPFA, Head of Internal Audit<br />
31 st May 2012<br />
INTERNAL AUDIT ACTIVITY REPORT<br />
Head of Internal Audit - David Giles<br />
Ext: 7800 2380<br />
e-mail: giles_57340<br />
Copies to:<br />
Audit Committee<br />
Mike Williams – Treasurer to the <strong>Police</strong> Authority
Internal Audit Activity Report 31 st May 2012<br />
Contents<br />
Introduction ............................................................................................................. 2<br />
Progress Summary ................................................................................................. 2<br />
Overall Opinion on Control Environment 2012/13 ................................................ 3<br />
Recommendations in 2011/12 ................................................................................ 4<br />
Other Areas of Activity............................................................................................ 5<br />
Appendix 1 – Internal Audit Plan – Status / Assurance Summary ........................6<br />
Appendix 2 – Summary of agreed action plans for reviews completed to date<br />
with Major or Significant Recommendations ............................................ 10<br />
Appendix 3 – Audit opinion <strong>and</strong> recommendation definitions .......................... 16<br />
1
Internal Audit Activity Report 31 st May 2012<br />
Introduction<br />
1. This <strong>report</strong> provides an overview of the work undertaken by Internal Audit during the<br />
period 1 st April 2012 to the 31 st May 2012 <strong>and</strong> the progress against the Internal Audit<br />
Plan for 2012/13.<br />
Progress Summary<br />
2. Attached at Appendix 1 is a summary of Internal Audit progress against planned<br />
<strong>activity</strong> to 31 st May. The appendix summarises the status of each <strong>audit</strong> review <strong>and</strong> the<br />
level of assurance provided where applicable. 9 reviews have been completed during<br />
the period.<br />
3. Since the 1 st April 2012, Table 1 details the Internal Audit reviews that have been<br />
<strong>report</strong>ed <strong>and</strong> agreed with management:<br />
Audit Review Assurance provided Appendix<br />
Intelligence Department<br />
Controlled, but<br />
needs improvement<br />
N/A<br />
PPU Follow Up Controlled N/A<br />
Walsall LPU<br />
CJPT<br />
S<strong>and</strong>well LPU<br />
General Ledger<br />
Payroll<br />
Fleet Services Department<br />
Controlled, but<br />
needs improvement<br />
Controlled, but<br />
needs improvement<br />
Controlled, but<br />
needs improvement<br />
Controlled, but<br />
needs improvement<br />
Controlled, but<br />
needs improvement<br />
Controlled, but<br />
needs improvement<br />
2 (i)<br />
2 (ii)<br />
2 (iii)<br />
N/A<br />
2 (iv)<br />
2 (v)<br />
Certificate Income Follow Up Well-Controlled N/A<br />
Table 1<br />
4. Appendix 2 contains the agreed action plan of any review with a significant or major<br />
recommendation, but does not include the detailed findings. Full <strong>report</strong>s can be made<br />
available to Audit Committee members upon request but are not included as a matter<br />
2
Internal Audit Activity Report 31 st May 2012<br />
of course. The exception to this where a review gives an “inadequately controlled”<br />
assurance opinion when the full <strong>report</strong> will be made available to the committee to<br />
enable members to fully underst<strong>and</strong> the reasons why this opinion has been given <strong>and</strong><br />
the implications for the Authority. A summary of the <strong>audit</strong> opinions <strong>and</strong><br />
recommendation descriptions at Appendix 3.<br />
Overall Opinion on Control Environment 2012/13<br />
5. An <strong>audit</strong> opinion is provided as part of each Internal Audit <strong>report</strong>. It is derived from the<br />
work undertaken during the <strong>audit</strong> review <strong>and</strong> is intended to provide assurance about<br />
the <strong>internal</strong> controls in place in that system or particular Force / Authority <strong>activity</strong>. The<br />
Internal Audit work to date has covered a number of areas across the Force / Authority.<br />
The assurance provided by this work is as follows in Table 2:<br />
Assurance provided Q4 Q3 Q2 Q1<br />
Year to<br />
Date<br />
Well Controlled 1 1<br />
Controlled 1 1<br />
Controlled, but needs<br />
improvement<br />
7 7<br />
Inadequately Controlled 0 0<br />
Number of reviews <strong>report</strong>ed 9 9<br />
Table 2<br />
6. A number of recommendations have been agreed as part of each review completed to<br />
date. However, no major areas of concern have been highlighted as a result of the<br />
Internal Audit reviews completed to the end of May 2012. In each case appropriate<br />
action <strong>and</strong> a timescale has been agreed with senior managers across the Force /<br />
Authority to implement the recommendations made. Progress in implementing agreed<br />
recommendations will be monitored <strong>and</strong> <strong>report</strong>ed accordingly. As a result of the<br />
reviews completed recommendations for improvement have been agreed with<br />
management where necessary <strong>and</strong> is summarised in Table 3 below under the following<br />
categories.<br />
3
Internal Audit Activity Report 31 st May 2012<br />
Recommendations agreed Q4 Q3 Q2 Q1<br />
Year to<br />
Date<br />
Major 0 0 0 0 0<br />
Significant 7 7<br />
Moderate 28 28<br />
Low<br />
<br />
11 11<br />
Number of<br />
recommendations agreed<br />
46 46<br />
Number of reviews <strong>report</strong>ed 9 9<br />
Table 3<br />
Recommendations in 2011/12<br />
7. An analysis of recommendations made by Internal Audit is given in Table 4<br />
(Recommendations made <strong>and</strong> accepted in 2011/12) <strong>and</strong> Table 5 (Recommendations<br />
implemented, in relation to 2011/12 where appropriate – i.e. followed up) below.<br />
Recommendations Major Significant Moderate Low Total<br />
Made 0 14 117 94 225<br />
Accepted 0 14 114 93 221<br />
Percentage Accepted N/A 100% 97% 99% 98%<br />
Table 4<br />
Recommendations Major Significant Moderate Low Total<br />
Accepted 0 14 (3) 114 (12) 93 (14) 221 (29)<br />
Implemented 0 (2) (10) (8) (20)<br />
Percentage Implemented 0 67% 83% 57% 69%<br />
Table 5<br />
8. The unimplemented significant recommendation in Table 5 above relates to issues<br />
regarding detained property within Walsall LPU. It was found that the number of items<br />
missing from its property stores has increased along with the number of items being<br />
booked out <strong>and</strong> not promptly returned. To address the issues identified by Internal<br />
Audit, LPU management have agreed to place an additional member of staff into the<br />
property store.<br />
4
Internal Audit Activity Report 31 st May 2012<br />
9. There is an <strong>audit</strong> allocation during the current year to review detained property across<br />
the Force as issues were identified with the majority of LPU property stores during the<br />
most recent round of LPU reviews.<br />
Other Areas of Activity<br />
10. In addition to planned Internal Audit work that requires assurance levels to be<br />
assessed, other planned work relates to those areas of work / <strong>activity</strong> that support <strong>and</strong><br />
underpin the overall concept of Internal Control rather than individual control systems.<br />
11. Where requests are made that fall in this category but have not been originally<br />
budgeted for, these will be met from the small contingency allocation held within the<br />
plan (4%).<br />
12. During the period covered by this Activity Report, the following work in this category<br />
has been undertaken.<br />
Riots Damages Act<br />
PCC Transition Project<br />
5
Internal Audit Activity Report 31 st May 2012<br />
Appendix 1 – Internal Audit Plan – Status / Assurance Summary<br />
2012/13 Internal Audit Plan<br />
DEPARTMENTAL REVIEW<br />
Property Services<br />
Fleet<br />
Corporate Services<br />
Information Department<br />
Finance<br />
<strong>Crime</strong> Support<br />
Criminal Justice Department & Custody<br />
Organisational Support<br />
Intelligence<br />
Operations<br />
CTU<br />
Public Protection Unit<br />
Local Policing<br />
LPU REVIEW<br />
Birmingham North<br />
Birmingham South<br />
Birmingham East<br />
Birmingham <strong>West</strong> <strong>and</strong> Central<br />
Dudley<br />
Walsall<br />
Wolverhampton<br />
S<strong>and</strong>well<br />
Solihull<br />
Coventry<br />
LPU REVIEW (Completion 2012)<br />
Birmingham North<br />
Birmingham East<br />
Dudley<br />
Wolverhampton<br />
Walsall<br />
S<strong>and</strong>well<br />
Solihull<br />
Coventry<br />
Status at 31 st<br />
May 2013<br />
Final<br />
On-Going<br />
Draft<br />
Final<br />
Draft<br />
Draft<br />
Draft<br />
Draft<br />
Final<br />
Final<br />
Draft<br />
Draft<br />
Assurance<br />
provided<br />
Controlled, but<br />
needs improvement<br />
Controlled, but<br />
needs improvement<br />
Controlled, but<br />
needs improvement<br />
Controlled, but<br />
needs improvement<br />
6
Internal Audit Activity Report 31 st May 2012<br />
2012/13 Internal Audit Plan<br />
SYSTEMS/APPLICATIONS/CAATS<br />
Status at 31 st<br />
May 2013<br />
Assurance<br />
provided<br />
National Fraud Initiative Support role N/A<br />
FUNCTIONAL AREAS<br />
Detained Property<br />
Certificate Income Final Well-Controlled<br />
General Stores Audit<br />
On-Going<br />
Building Security (Physical, Technical & Guards)<br />
Building Maintenance<br />
Fleet Management<br />
Fuel Management<br />
On-Going<br />
Garage Stores<br />
On-Going<br />
Mobile Storage Devices<br />
On-Going<br />
Inv/Asset Registers<br />
On-Going<br />
Fixed Penalties<br />
Spec Servs Income<br />
Bank Reconciliation<br />
Creditors<br />
Draft<br />
Payroll - <strong>Police</strong>, Staff And Pensions<br />
Final<br />
Controlled, but<br />
needs improvement<br />
Cash Office<br />
On-Going<br />
Write Offs & Losses (Physical)<br />
Core Financial Systems<br />
General Ledger<br />
On-Going<br />
Final<br />
Establishment Control<br />
On-Going<br />
Sickness Management<br />
Management Of Staff Time<br />
On-Going<br />
Occupational Health<br />
Hospitality<br />
Gateway Project<br />
On-Going<br />
Wide B<strong>and</strong>ing<br />
Workforce Planning<br />
On-Going<br />
Interpreters<br />
On-Going<br />
<strong>Crime</strong><br />
ID Parades<br />
Data Protection<br />
Community Init Funds<br />
St<strong>and</strong> Orders/Fin Regs<br />
On-Going<br />
Members Allowances<br />
On-Going<br />
Risk Management Support Role N/A<br />
Corporate Governance (To Include Transition) Support Role N/A<br />
Strategic Partnerships Support Role N/A<br />
Collaboration / Regional Services Support Role N/A<br />
Controlled, but<br />
needs improvement<br />
7
Internal Audit Activity Report 31 st May 2012<br />
2012/13 Internal Audit Plan<br />
Status at 31 st<br />
May 2013<br />
Assurance<br />
provided<br />
Audit Committee Reports / Workplans Support Role N/A<br />
Audit Planning Support Role N/A<br />
Strategic Business Plan Support Role N/A<br />
Organisational Change Support Role N/A<br />
<strong>Police</strong> Authority Inspections (HMIC) Support Role N/A<br />
Source H<strong>and</strong>lers<br />
Covert Operations<br />
Final<br />
Controlled, but<br />
needs improvement<br />
Intelligence Related Reviews<br />
Firearms Unit<br />
Dog Training<br />
Operation Supp Unit<br />
Business Continuity<br />
On-Going<br />
Major Incident Response<br />
CTU Covert Accounts<br />
Public Protection Unit Related Reviews<br />
Management Of <strong>Police</strong> Information<br />
Insurance<br />
Draft<br />
BACSTEL<br />
Treasury Management<br />
Overtime<br />
External Funding<br />
Seized Monies (POCA)<br />
Specific Grant Funding<br />
On-Going<br />
PIC Monies / Custody<br />
Internal Investigations / Professional St<strong>and</strong>ards<br />
Air Support Unit<br />
Health <strong>and</strong> Safety<br />
Draft<br />
Fleet Management - Blameworthy<br />
On-Going<br />
Financial Planning<br />
On-Going<br />
Events Management<br />
On-Going<br />
CONTRACTS & PROCUREMENT<br />
Final Accounts processes 2013<br />
Final Accounts review 2013 Support role N/A<br />
Contracts & Procurement<br />
CONTINGENCY<br />
PCC Transition Project<br />
LPU Overpayments<br />
HONORARY AUDITS & ADVICE<br />
Support Role<br />
On-Going<br />
Tally Ho! Sports Club Accounts Support role N/A<br />
Superintendents Association Accounts Support role N/A<br />
Rainbow Club Accounts Support role N/A<br />
8
Internal Audit Activity Report 31 st May 2012<br />
2012/13 Internal Audit Plan<br />
Status at 31 st<br />
May 2013<br />
Association of <strong>Police</strong> Lawyers Support role N/A<br />
MANAGEMENT / DEVELOPMENT / TRAINING<br />
General Administration Support role N/A<br />
Courses - External Support role N/A<br />
Post Entry Training Support role N/A<br />
<strong>Police</strong> Internal Auditors Group Support role N/A<br />
Performance Development <strong>and</strong> Review Support role N/A<br />
Audit Website Support role N/A<br />
<strong>West</strong> <strong>Midl<strong>and</strong>s</strong> Chief Auditors Group Support role N/A<br />
CIPFA - CPD Support role N/A<br />
Galileo Project Support role N/A<br />
Audit Away Day Support role N/A<br />
OTHER NON PRODUCTIVE<br />
Annual Leave Support role N/A<br />
Bank Holidays Support role N/A<br />
Sickness Management Support role N/A<br />
Flexi time Support role N/A<br />
FOLLOW UPS<br />
Assurance<br />
provided<br />
PPU Final Controlled<br />
9
Internal Audit Services<br />
Internal Audit Activity Report 31 st May 2012<br />
Appendix 2 – Summary of agreed action plans for reviews completed to date with Major or Significant Recommendations<br />
(i)<br />
Walsall LPU – Final Recommendation Action Plan<br />
Key<br />
Risk<br />
Major<br />
Significant<br />
Moderate<br />
Low<br />
Rec.<br />
No.<br />
1<br />
<br />
Recommendation Agreed Responsibility Action to be Taken to Implement Recommendation Date By<br />
Management should ensure that all required<br />
Management Control Checks are undertaken within the<br />
recommended timescales.<br />
Yes<br />
Business manager<br />
/ SSTM<br />
Cash received through the post is now checked every month.<br />
PBB2 should rectify the need for additional resources in the<br />
Walsall Property store. Additionally, the SBM has allocated an<br />
additional .5 post to assist the Property Officer address missing<br />
items of property <strong>and</strong> progress disposals with a view to reducing<br />
the number of items in the store.<br />
Issues<br />
addressed <strong>and</strong><br />
property<br />
reduced by 30 th<br />
June 2012<br />
10
Internal Audit Services<br />
Internal Audit Activity Report 31 st May 2012<br />
(ii)<br />
CJPT – Final Recommendation Action Plan<br />
Key<br />
Risk<br />
Major<br />
Significant<br />
Moderate<br />
Low<br />
Rec.<br />
No.<br />
Recommendation Agreed Responsibility Action to be Taken to Implement Recommendation Date By<br />
3 <br />
Management control checks should be undertaken on a<br />
monthly basis.<br />
Yes<br />
Finance Team<br />
Response from Strategic Business Manager<br />
Management control checks will be completed on a monthly<br />
basis.<br />
June 12<br />
11
Internal Audit Services<br />
Internal Audit Activity Report 31 st May 2012<br />
(iii)<br />
S<strong>and</strong>well LPU – Final Recommendation Action Plan<br />
Key<br />
Risk<br />
Major<br />
Significant<br />
Moderate<br />
Low<br />
Rec.<br />
No.<br />
Recommendation Agreed Responsibility Action to be Taken to Implement Recommendation Date By<br />
3 <br />
Management control checks should be undertaken on a<br />
monthly basis.<br />
Yes<br />
Finance Team<br />
Response from Strategic Business Manager<br />
Management control checks will be completed on a monthly<br />
basis.<br />
June 12<br />
12
Internal Audit Services<br />
Internal Audit Activity Report 31 st May 2012<br />
(iv)<br />
Payroll – Final Recommendation Action Plan<br />
Key<br />
Risk<br />
Major<br />
Significant<br />
Moderate<br />
Low<br />
Rec.<br />
No.<br />
Recommendation Agreed Responsibility Action to be Taken to Implement Recommendation Date By<br />
1<br />
<br />
Copies of authorised documentation relating to new<br />
starters should be held on the employee personal file to<br />
provide evidence of the authority to create the employee<br />
record within the payroll system. Where bulk notifications<br />
are used, these should be filed in a manner which allows<br />
source documentation to be easily retrieved as required.<br />
Any new appointment of Authority Members should only<br />
be actioned on receipt of an appropriately authorised<br />
variation form. (This matter has also been raised <strong>and</strong><br />
agreed with the <strong>Police</strong> Authority Team to ensure that the<br />
correct procedures are followed in the future).<br />
Agreed<br />
Payroll Section<br />
Managers<br />
Where individual starter variations are received, they are <strong>and</strong><br />
should always be held in the individual’s personal file. In the case<br />
of Bulk/electronic notifications staff have been advised that e-<br />
mailed notifications should be filed on the shared drive rather<br />
than individual hard disks.<br />
Payroll team have been instructed that all future new<br />
appointments/changes to the <strong>Police</strong> Authority team should only<br />
be accepted via a payroll variation signed by the Chief Executive.<br />
Implemented<br />
Implemented<br />
13
Internal Audit Services<br />
Internal Audit Activity Report 31 st May 2012<br />
Rec.<br />
No.<br />
Recommendation Agreed Responsibility Action to be Taken to Implement Recommendation Date By<br />
2<br />
<br />
Officers who are designated signatories should be<br />
requested to include their collar number alongside their<br />
signature when authorising documentation.<br />
Payroll officers should check to ensure that all payroll<br />
forms received are authorised only by designated<br />
signatures. Any forms which are incorrectly authorised<br />
should be referred back to the originating department for<br />
the correct authorisation.<br />
Agreed<br />
Payroll Section<br />
Managers<br />
Staff should be checking the signatures against the authorised<br />
signatory list <strong>and</strong> have been reminded of the importance of this.<br />
However, the authorised signatory list only shows the current<br />
status <strong>and</strong> does not show historical changes. The database<br />
changes frequently when staff move around the Force <strong>and</strong><br />
individuals that are not showing against a department or LPU<br />
now, may have been at the time they signed the form. One of the<br />
examples provided by <strong>audit</strong> has demonstrated this where a HR<br />
officer was working in one department at the time of authorising<br />
the variation but who has since moved to SSC.<br />
Implemented<br />
4<br />
<br />
Payroll officers should be reminded of the need to check<br />
all leaver data processed through the payroll <strong>and</strong> to<br />
ensure that transactions are checked, independently<br />
verified <strong>and</strong> evidenced on the variation form <strong>and</strong> daily<br />
<strong>audit</strong> <strong>report</strong>.<br />
Agreed<br />
Payroll Section<br />
Managers<br />
Checks are being done but staff have been reminded to<br />
demonstrate this by initialling the documents<br />
Implemented<br />
14
Internal Audit Services<br />
Internal Audit Activity Report 31 st May 2012<br />
(v)<br />
Fleet Services Department – Final Recommendation Action Plan<br />
Key<br />
Risk<br />
Major<br />
Significant<br />
Moderate<br />
Low<br />
Rec.<br />
No.<br />
Recommendation Agreed Responsibility Action to be Taken to Implement Recommendation Date By<br />
1 <br />
The Department should ensure that management control<br />
checks are undertaken within the recommended<br />
timescales <strong>and</strong> evidenced accordingly in the<br />
management control check file <strong>and</strong> source<br />
documentation.<br />
Agreed<br />
SSTM / LPO<br />
Check list has been implemented to ensure a monthly review is<br />
being performed. The source of income received has been<br />
updated in to a folder to assist with future <strong>audit</strong>s. A consolidation<br />
of CIT books <strong>and</strong> a revised spreadsheet has already been<br />
introduced to assist with reconciliation of income received to CIT<br />
book.<br />
Immediately<br />
15
Internal Audit Activity Report 31 st May 2012<br />
Appendix 3 – Audit opinion <strong>and</strong> recommendation definitions<br />
Overall Opinion<br />
Status Assurance Rating Assurance Criteria<br />
Well<br />
Controlled<br />
Controlled<br />
Controlled, but<br />
needs<br />
improvement<br />
Inadequately<br />
controlled<br />
The system is performing<br />
particularly well to achieve<br />
business objectives.<br />
The system is adequate to<br />
achieve business objectives.<br />
Some improvement is<br />
required to ensure that<br />
business objectives are met.<br />
Significant improvement is<br />
needed before business<br />
objectives can be met.<br />
There is a sound framework of control<br />
operating effectively to achieve business<br />
objectives.<br />
The framework of control is adequate <strong>and</strong><br />
controls are generally operating effectively.<br />
The control framework is adequate but a<br />
number of controls are not operating<br />
effectively.<br />
Adequate controls are not in place to meet<br />
all system objectives <strong>and</strong> controls are not<br />
being consistently applied.<br />
Key <strong>and</strong> description of recommendation gradings<br />
Grade Status Definition<br />
<br />
<br />
<br />
<br />
Major<br />
Significant<br />
Moderate<br />
Low<br />
A control issue has been identified which exposes the<br />
Force / Authority to an unacceptably high level of material<br />
risk.<br />
A control issue has been identified which is likely to<br />
prevent an individual system or unit from achieving its<br />
purpose, or may give rise to a considerable vulnerability to<br />
impropriety, loss or exposure.<br />
A weakness in control has been identified which may<br />
reduce the ability of a system or unit to achieve its<br />
objectives, or which may give rise to a potential for<br />
impropriety, loss or exposure.<br />
A minor improvement to the control is needed. The risk to<br />
the individual system or unit is low, but remedial action is<br />
required by Management.<br />
16