Summary of Internal Audit Report 200607 Report - Summary of

By Kathryn Hawkins,2014-11-25 11:18
9 views 0
Summary of Internal Audit Report 200607 Report - Summary of

    Broads Authority

    29 June 2007

    Agenda Item No 18

    Summary of Internal Audit Reports 2006/07

    Report by Director of Corporate Services

    Summary: This report summarises the work carried out by the Authority’s

    internal auditors during 2006/07, including their

    recommendations for action and the Authority’s response.

Recommendation: That the report be noted.

1 Introduction

    1.1 In the response to the recommendations in the Audit Commission’s 2004/05

    Regularity Report, it was agreed that a summary of the findings and

    recommendations of Internal Audit would be reported to the Broads Authority

    on an annual basis.

    1.2 The attached summary has therefore been prepared by the Authority’s

    internal auditors Bentley Jennison Risk Management Ltd, based on the

    following programme of work:

    ; Review of cash handling and security arrangements at Norwich Yacht

    Station and Whitlingham Visitor Centre.

    ; Review of Electronic Payment of Invoices.

    ; Review of Sundry Debtors.

    ; Review of Tolls System and Collection of Income.

    1.3 Members should note that in future it is proposed to develop a strategic audit

    plan for the Authority, using a risk based approach, to ensure that all major

    internal control issues are covered over a three year period. This will be

    discussed with the Treasurer and Financial Adviser and internal auditors in

    the autumn, with a view to drawing up the strategic plan by the end of October.

    1.4 It will also be necessary for the Authority to carry out a review of the

    effectiveness of internal audit. This is referred to in more detail in the

    Statement of Internal Control, reported separately on these agenda papers.

RGH/JM/rpt/ba290607/Page 1 of 14/180607

2 Recommendation and Action

2.1 The reports include a series of recommendations, which are set out in the

    Action List, together with the Authority’s response (Management comment),

    implementation date and responsibility.

Background papers: Nil

Author: Rob Holman

    Date of report: 14 June 2007

    Appendices: APPENDIX 1 Internal Audit Work 2006/07

Enclosures: Nil

    RGH/JM/rpt/ba290607/Page 2 of 14/180607

    The Broads Authority


    23rd May 2007

RGH/JM/rpt/ba290607/Page 3 of 14/180607

1 Work Performed

    Internal Audit performed two visits to the Broads Authority in September 2006 and December 2006/January 2007 which

    incorporated the areas of potential risk to the Authority listed below as agreed in the Authority’s audit plan. It should be noted that no reviews have been undertaken in respect of Information Technology subjects. The only IT subject originally included in the plan

    (Disaster Recovery) was again deferred at the Authority’s request.

    1.1 Unit Visits - September 2006

    Area of Risk Area Assessment Exceptions


    Unit Visits - Unit cash handling and Norwich Yacht Station There was a disparity between shower Norwich security arrangements charges at the Norwich and Gt Yarmouth Internal Audit found the station to be Yacht may not be properly Yacht stations. generally secure and that testing confirmed Station and controlled. that income was received and banked intact There was no safe facility in the Quay Whitlinghaon a regular basis and petty cash was Rangers office that would provide a more m TIC disbursed and reimbursed appropriately. secure location for retaining cash during

    the day when the ranger on duty may be Whitlingham Tourist Information Centre out on the quay.

    Internal Audit found the information desk to Audit Follow-up be appropriately secured and that testing

    confirmed income was received and banked These points were made as

    intact on a regular basis and petty cash was recommendations in a management letter

    disbursed and reimbursed appropriately. to the Authority in September 2006. When

    following-up these points with the Head of

    Finance at the main visit in December

    2006 it was confirmed that a safe had been

    purchased for use at the Norwich Yacht

    Station and that the shower charges had

    RGH/JM/rpt/ba290607/Page 4 of 14/180607

Area of Risk Area Assessment Exceptions


    been considered but would not be changed

    at this time.

1.2 Main Review - December 2006/ January 2007

    Area of Risk Area Controls in place Exceptions


    Electronic Staff may not There is no reference to the ; Procedural guidance is available

    Payment of understand how to process of adding and Invoices process electronic removing access rights to

    payments the payment system

    Action Plan Para 1

    Payments may be The signatory list was not ; A signatory list is in place

    authorised by persons re-tabled following ; Financial limits are placed on officers ability to authorise not entitled to do so amendments invoices

    Action Plan Para 2 ; Only designated signatories are allocated access rights

    to the payment system

    ; Access rights for the approval of invoices are controlled

    by officers in the IT Department based on information

    from Finance.

    nd; Payments can only be made on 2 approval from an

    officially designated signatory of the authority

    RGH/JM/rpt/ba290607/Page 5 of 14/180607

    Area of Risk Area Controls in place Exceptions


    Payments may not be in ; All invoices require electronic approval firstly from an line with goods/services officer in the initiating department and then by an official ordered/received signatory who is different from the first

    Payments may be for ; The system recognises the attempted re-entry of the

    the wrong amount same supplier invoice number

    ; A batch report from the system is printed and checked by

    an independent officer

    Payments may be sent ; A check is made prior to dispatch to ensure that names to the wrong creditor and amounts on printed cheques agree with names and

    amounts on invoices. A suggested payments report is

    produced and individual payments listed are checked to

    the corresponding invoices prior to cheque runs

Payments may not be Although the computer ; The Authority produces an annual best value

    made in compliance with system provides much of performance plan which includes statistics in respect of prompt payment the information required, the the percentage of undisputed invoices paid within 30 requirements collation of statistics is days of being received

    undertaken manually

    Action Plan Para 11