DOC

Summary of Internal Audit Report 200607 Report - Summary of

By Kathryn Hawkins,2014-11-25 11:18
8 views 0
Summary of Internal Audit Report 200607 Report - Summary of

    Broads Authority

    29 June 2007

    Agenda Item No 18

    Summary of Internal Audit Reports 2006/07

    Report by Director of Corporate Services

    Summary: This report summarises the work carried out by the Authority’s

    internal auditors during 2006/07, including their

    recommendations for action and the Authority’s response.

Recommendation: That the report be noted.

1 Introduction

    1.1 In the response to the recommendations in the Audit Commission’s 2004/05

    Regularity Report, it was agreed that a summary of the findings and

    recommendations of Internal Audit would be reported to the Broads Authority

    on an annual basis.

    1.2 The attached summary has therefore been prepared by the Authority’s

    internal auditors Bentley Jennison Risk Management Ltd, based on the

    following programme of work:

    ; Review of cash handling and security arrangements at Norwich Yacht

    Station and Whitlingham Visitor Centre.

    ; Review of Electronic Payment of Invoices.

    ; Review of Sundry Debtors.

    ; Review of Tolls System and Collection of Income.

    1.3 Members should note that in future it is proposed to develop a strategic audit

    plan for the Authority, using a risk based approach, to ensure that all major

    internal control issues are covered over a three year period. This will be

    discussed with the Treasurer and Financial Adviser and internal auditors in

    the autumn, with a view to drawing up the strategic plan by the end of October.

    1.4 It will also be necessary for the Authority to carry out a review of the

    effectiveness of internal audit. This is referred to in more detail in the

    Statement of Internal Control, reported separately on these agenda papers.

RGH/JM/rpt/ba290607/Page 1 of 14/180607

2 Recommendation and Action

2.1 The reports include a series of recommendations, which are set out in the

    Action List, together with the Authority’s response (Management comment),

    implementation date and responsibility.

Background papers: Nil

Author: Rob Holman

    Date of report: 14 June 2007

    Appendices: APPENDIX 1 Internal Audit Work 2006/07

Enclosures: Nil

    RGH/JM/rpt/ba290607/Page 2 of 14/180607

    The Broads Authority

    INTERNAL AUDIT WORK 2006/7

    23rd May 2007

RGH/JM/rpt/ba290607/Page 3 of 14/180607

1 Work Performed

    Internal Audit performed two visits to the Broads Authority in September 2006 and December 2006/January 2007 which

    incorporated the areas of potential risk to the Authority listed below as agreed in the Authority’s audit plan. It should be noted that no reviews have been undertaken in respect of Information Technology subjects. The only IT subject originally included in the plan

    (Disaster Recovery) was again deferred at the Authority’s request.

    1.1 Unit Visits - September 2006

    Area of Risk Area Assessment Exceptions

    Review

    Unit Visits - Unit cash handling and Norwich Yacht Station There was a disparity between shower Norwich security arrangements charges at the Norwich and Gt Yarmouth Internal Audit found the station to be Yacht may not be properly Yacht stations. generally secure and that testing confirmed Station and controlled. that income was received and banked intact There was no safe facility in the Quay Whitlinghaon a regular basis and petty cash was Rangers office that would provide a more m TIC disbursed and reimbursed appropriately. secure location for retaining cash during

    the day when the ranger on duty may be Whitlingham Tourist Information Centre out on the quay.

    Internal Audit found the information desk to Audit Follow-up be appropriately secured and that testing

    confirmed income was received and banked These points were made as

    intact on a regular basis and petty cash was recommendations in a management letter

    disbursed and reimbursed appropriately. to the Authority in September 2006. When

    following-up these points with the Head of

    Finance at the main visit in December

    2006 it was confirmed that a safe had been

    purchased for use at the Norwich Yacht

    Station and that the shower charges had

    RGH/JM/rpt/ba290607/Page 4 of 14/180607

Area of Risk Area Assessment Exceptions

    Review

    been considered but would not be changed

    at this time.

1.2 Main Review - December 2006/ January 2007

    Area of Risk Area Controls in place Exceptions

    Review

    Electronic Staff may not There is no reference to the ; Procedural guidance is available

    Payment of understand how to process of adding and Invoices process electronic removing access rights to

    payments the payment system

    Action Plan Para 1

    Payments may be The signatory list was not ; A signatory list is in place

    authorised by persons re-tabled following ; Financial limits are placed on officers ability to authorise not entitled to do so amendments invoices

    Action Plan Para 2 ; Only designated signatories are allocated access rights

    to the payment system

    ; Access rights for the approval of invoices are controlled

    by officers in the IT Department based on information

    from Finance.

    nd; Payments can only be made on 2 approval from an

    officially designated signatory of the authority

    RGH/JM/rpt/ba290607/Page 5 of 14/180607

    Area of Risk Area Controls in place Exceptions

    Review

    Payments may not be in ; All invoices require electronic approval firstly from an line with goods/services officer in the initiating department and then by an official ordered/received signatory who is different from the first

    Payments may be for ; The system recognises the attempted re-entry of the

    the wrong amount same supplier invoice number

    ; A batch report from the system is printed and checked by

    an independent officer

    Payments may be sent ; A check is made prior to dispatch to ensure that names to the wrong creditor and amounts on printed cheques agree with names and

    amounts on invoices. A suggested payments report is

    produced and individual payments listed are checked to

    the corresponding invoices prior to cheque runs

Payments may not be Although the computer ; The Authority produces an annual best value

    made in compliance with system provides much of performance plan which includes statistics in respect of prompt payment the information required, the the percentage of undisputed invoices paid within 30 requirements collation of statistics is days of being received

    undertaken manually

    Action Plan Para 11

    Payments may be ; If the system were to malfunction the IT team will be prevented as a result of contacted to establish the extent of the problem and to system malfunction arrange for the system to be restored.

    ; Back-ups are made on a regular basis

    ; In the event of long-term disruption it is possible to revert

    to a paper system

    RGH/JM/rpt/ba290607/Page 6 of 14/180607

Area of Risk Area Controls in place Exceptions

    Review

    Sundry Staff may not The note does not provide ; A procedure note is available

    Debtors understand how to enough detail to reflect the

    process debtor invoices system as it currently

    and income received operates Action Plan Para

    13

    All possible income due ; Departmental and senior Broads Authority management

    from services provided are responsible for reporting any new sources of income

    might not be identified so that it can be budgeted for.

    for billing ; An annual budget book is produced which highlight

    variances

    Debtors may not be ; Debtors accounts are raised by Finance on receipt of

    invoiced for services requests from departments via email or in writing

    provided ; Computer batch reports of invoices raised are checked to

    manual listings

    ; A monthly sundry debtor reconciliation is performed

    showing accounts raised and income received

    Income may not be There is no provision for ; Debtors invoices are raised and distributed following

    collected promptly providing dates on invoice receipt of notification

    requisition forms and, as

    such, it cannot be

    determined how quickly an

    account has been raised

    Action Plan Para 18

    RGH/JM/rpt/ba290607/Page 7 of 14/180607

    Area of Risk Area Controls in place Exceptions

    Review

    Income received may ; Income received is supported by remittance advice not be identifiable to stating the account number

    specific debtors ; Bank statements are reviewed to identify any accounts unrecognised income

    The Authority may not ; A monthly aged debtor report is produced to show all

    be paid for services accounts outstanding and this is used as a trigger to provided produce reminder letters

    ; Where an account is not paid after one month a reminder

    letter is sent to the debtor. Where no response is

    received after two months, a further reminder is sent

    signed by the Director of Corporate Services. If nor

    response is then received either court action or write-off

    will be considered.

    ; All potential write-offs are identified by the Finance

    Assistant and reviewed by the Head of Finance . Further

    authorisation is then required from the Treasurer, Chief

    Executive and is reported to the Authority

    Debtors may not be ; Management responsible for individual income streams charged at the correct each have their own processes for reviewing and rate updating their charges

    RGH/JM/rpt/ba290607/Page 8 of 14/180607

Area of Risk Area Controls in place Exceptions

    Review

    Tolls Toll charges may not be ; Toll charges are reviewed annually and are subject to Income set at reasonable levels ratification by the main Broads Authority.

    ; Approximately every 5 years a detailed review of the tolls

    charging system is undertaken. The most recent of these

    was in 2005

    ; Toll charges are built into the HARPS database and

    these are updated as above.

    Staff may not There is no procedural ; New members of staff are trained by the Assistant

    guidance available understand how to Collector of Tolls

    operate the tolls Action Plan Para 27

    collection system

    Toll plaques may be There is no receipts and ; Plaques may only be issued after payment is received

    issued before payment issues record that would ; Toll plaques are pairs of self-adhesive, pre-numbered is received demonstrate exactly how labels on continuous stationery retained in the Tolls many plaques should be office at HQ. Stationery is ordered from an external available in the Tolls office supplier and numbers received are checked to ensure

    Action Plan Para 29 that deliveries agree with the order and there are no

    numbers missing The Office keypad number

    has not been changed ; There is a single entrance to the Tolls office with a

    during the last three years keypad which is operational whenever the office is

    unmanned Action Plan Para 30

    RGH/JM/rpt/ba290607/Page 9 of 14/180607

Area of Risk Area Controls in place Exceptions

    Review

    Boats may be operating One outstanding unpaid toll ; The display of toll plaques on boats is mandatory.

    on the Broads that had not been chased ; Navigation Rangers as part of their duties are required to haven’t paid their tolls recently check that boats have plaques displayed or to establish

    Action Plan Para 31 why not

    ; Notices may be served on boats that have not paid tolls

    requesting payment to be made. Reminders and follow-

    up letters are sent at 2 and 4 weeks from the issue of the

    notice

    There may not be a Short visit receipt books do ; Payment of tolls may be made by phone via PDQ

    system for collecting not have provision to record machine or by cheque or cash in person. All receipts are

    income the type of income received entered onto the cash receipting system

    (cash, cheque or PDQ) ; Cash/cheques received are banked as a minimum once

    Action Plan Para 34 per week

     ; All income received is batched, input to the system and

    reconciled to paying-in slips

    ; Income in sealed bags is collected by Securicor at least

    once per week and a signed receipt is provided by

    Securicor

    ; Cash/cheques received are retained in the tolls office

    safe. The safe is accessible via three keys to four officers

    1.3 Follow-up of Agreed Recommendations made in January 2006 Recommendation Response at Previous Audit Position at January 2007

    Requests for journals to be raised be Evidence will be obtained for all journals from This has been addressed

    evidenced by the requesting officer via the requesting officer or an explanation of the RGH/JM/rpt/ba290607/Page 10 of 14/180607

Report this document

For any questions or suggestions please email
cust-service@docsford.com