Hampshire Fire and Rescue Authority

 

Governance Committee

Item 7

 

26 July 2005

 
 

Annual Internal Audit Opinion 2004/05

 

Report of the Treasurer

Contact: Ejner Knudsen, ext 01962 847403 or email ejner.knudsen@hants.gov.uk

1 Summary

1.1 The internal audit opinion is that Hampshire Fire and Rescue Authority has an effective framework of control that provides reasonable assurance regarding the effective, efficient and economic achievement of the Authority's objectives. Audit testing has shown controls to be generally working in practice. Where improvements to controls are required, we are satisfied that appropriate action has been agreed by relevant managers and that they will be resolved in an appropriate manner.

1.2 The following paragraphs explain how we arrived at this opinion.

2 Background

2.1 From 2002/03 the Code of Practice on Local Authority Accounting in the UK has required the Treasurer to sign a statement on the system of internal financial control as a note to the published accounts. From 2003/04, the Chairman of Hampshire Fire and Rescue Authority and Chief Officer are now required to sign a more general statement of internal control replacing the previous one. To support this process, the Chief Internal Auditor is required to provide an independent opinion on the adequacy and effectiveness of the system of internal control operating across the Authority.

2.2 This opinion is contained in the assurance statement attached at Appendix A.

2.3 It is a management responsibility to develop and maintain the internal control framework, and to ensure that the Authority's resources are properly applied. Internal audit is an assurance function that primarily provides an independent and objective opinion to the Authority on the control environment comprising risk management, control and governance by evaluating its effectiveness in achieving the Authority's objectives. It objectively examines, evaluates and reports on the adequacy of the control environment as a contribution to the proper, economic, efficient and effective use of resources. (source: CIPFA Code of Practice for Internal Audit in the United Kingdom 2003)

3 Objectives

3.1 This report will outline the level of assurance that we are able to provide, based on the internal audit work completed during the year. It will:

4 Audit approach

4.1 A summary outlining the audit approach and audit delivery during 2004/05 is provided in appendix B.

4.2 Detailed reports, giving the internal audit opinion on each of the systems examined have been issued to individual managers who have considered each report and provided a management response. This report provides an opinion on the overall control framework using the following terms which are defined in Appendix C:

5 Overall assurance

5.1 The internal audit opinion is that Hampshire Fire and Rescue Authority has an effective framework of control that provides reasonable assurance regarding the effective, efficient and economic achievement of the Authority's objectives. Audit testing has shown controls to be generally working in practice. Where improvements to controls are required, we are satisfied that appropriate action has been agreed by relevant managers and that they will be resolved in an appropriate manner.

5.2 There has been no change in the overall level of assurance provided compared to that given in our 2003/04 annual internal audit opinion.

6 Issues raised during 2004/05

6.1 Based on our audit evidence obtained during 2004/05, we concluded that 15 reviews had an effective framework of control and seven had a basic framework of control to ensure that the activities and procedures achieve the Authority's objectives. Audit testing has shown controls in these areas to be generally working in practice.

6.2 A summary of the opinions on the reviews carried out in 2004/05 is shown at Appendix D.

6.3 In conducting our review of whole-time and retained fire stations, visits were undertaken to 10 establishments during the year. Internal Control questionnaires were sent to a further eight stations in the Southampton and Fareham and Gosport areas for stations to carry out a self-assessment of the controls in operation and aid our risk assessment.

6.4 Whilst a number of significant recommendations were made during the year, in most cases the specific issues, whilst significant to the systems concerned, were not material in the context of the Authority as a whole. However, the following concerns were raised in the Networks and Communications review:

6.5 The ten day audit of Corporate Governance was reduced to four days to support the development of the Authority's Code of Corporate Governance, which will be subject to full audit review in 2005/06.

6.6 No significant common findings have been identified during the year. However a summary of common issues raised during our reviews of stations is outlined in Appendix D.

6.7 Our audit work confirmed that good progress has been made in respect of the concerns raised in the 2003/04 annual audit opinion, in particular:

6.8 We will continue to review the implementation of audit recommendations made in 2004/05 as part of our 2005/06 audit plan.

6.9 There were no financial irregularities reported to Hampshire Audit Services in 2004/05.

7 Recommendations

7.1 The level of assurance on the control framework, based on audit testing, within Hampshire Fire and Rescue Authority, is noted.

7.2 The main risks identified during the year are noted.

Section 100 D - Local Government Act 1972 - background papers

The following documents disclose facts or matters on which this report, or an important part of it, is based and has been relied upon to a material extent in the preparation of this report.

NB the list excludes:

Published works.

Documents which disclose exempt or confidential information as defined in the Act.

TITLE FILE

None

Annual assurance statement for the year ended 31 March 2005

Introduction

The Accounts and Audit Regulation 2003 require the Treasurer to maintain an adequate and effective system of internal audit.

From 2002/03 the Code of Practice on Local Authority Accounting in the UK has required the Treasurer to sign a statement on the system of internal financial control as a note to the published accounts. From 2003/04, the Chairman of Hampshire Fire and Rescue Authority and Chief Officer are now required to sign a more general statement of internal control replacing the previous one. To support this process, the Chief Internal Auditor is required to provide an independent opinion on the adequacy and effectiveness of the control environment, comprising risk management, control and governance.

Responsibilities

It is a management responsibility to develop and maintain the internal control framework, and to ensure that resources are properly applied in the manner and on the activities intended. It is the responsibility of Internal Audit to form an independent opinion, based on reviews during the year, on the adequacy and effectiveness of the system of internal control.

Basis of opinion

The strategic and annual internal audit plans were prepared by the Chief Internal Auditor to take account of the characteristics and relative risks of the activities involved and were approved by the Treasurer. The internal audit plan has been delivered in accordance with the Code of practice for internal audit in local government in the United Kingdom, issued by CIPFA.

Work has been planned and performed so as to obtain all the information and explanations, which were considered necessary in order to provide sufficient evidence to give reasonable assurance that the internal control system is operating effectively. However, this assurance can never be absolute. The most that the internal audit service can do is to provide reasonable assurance that there are no major weaknesses in the system of control.

Opinion

In my opinion Hampshire Fire and Rescue Authority has an effective framework of control that provides reasonable assurance regarding the effective, efficient and economic achievement of the Authority's objectives. Audit testing has shown that the controls are generally working in practice.

Ejner Knudsen

Chief Internal Auditor

Hampshire Fire and Rescue Authority

30 June 2005

Audit Background

1 Scope of internal audit

1.1 The Chief Internal Auditor is required to provide the Authority with an assurance on the system of internal control. It should be noted, however, that this assurance can never be absolute. The most that the internal audit service can do is to provide reasonable assurance that there are no major weaknesses in the system of control. In assessing the level of assurance to be given the following have been taken into account:

2 Audit service quality

2.1 The service we provide is designed to ensure compliance with the standards for internal audit promulgated by the CIPFA Code of Practice for Internal Audit in Local Government in the United Kingdom 2003. The standards cover the following areas:

2.2 Hampshire Audit Services is registered under ISO9001, the international quality management standard and we have developed comprehensive procedures to ensure that all audits are conducted to the required standard. In particular, the audit outline is approved, before site work commences, by the Audit Manager, who also reviews each draft and final report before it is issued to ensure that all key controls have been properly evaluated and that adequate audit evidence has been obtained to support the findings.

2.3 We also have Investors in People accreditation, which ensures that the training and development needs of all our staff are reviewed on an annual basis as part of our performance development scheme and a detailed training and development programme is planned, delivered and evaluated each year.

2.4 Our quality assurance programme includes:

2.5 Whilst identifying some opportunities for continuous development, the results of the quality assurance programme confirm that we substantially comply with the requirements of the Code of Practice.

2.6 In addition, our work is subject to annual review by the Authority's external auditors who continue to rely on our work to support their audit opinion.

3 Audit Needs

3.1 A risk assessment was undertaken for the 2004/05 audit plan, which involved an analytical review of data relating to the Authority including: size of budgets, content of committee reports or committee decisions, previous audit findings and consultation with the Director of Corporate Services and other finance managers to ensure the audit plan addressed the key risks facing the Authority.

3.2 The audit plan was revised during the year to 213 days. The original and revised audit plans are shown at Appendix E and the agreed changes made to the plan reflect the following:

3.3 The carry forward days relate to audits where a draft was issued and awaiting management response or where testing was still in progress as at 31 March 05.

3.4 The following audits were in progress at 31 March 2005 and will be reported in the 2005/06 annual internal audit opinion:

3.5 No limitations were placed on the scope of our work during the year.

4 Audit approach

4.1 We examined systems operating to achieve objectives set by management in each of the areas detailed in appendix E. We are not aware of any significant changes to any of the systems reviewed since our work was conducted.

4.2 Our work has been carried out using a systems based audit approach. This covers the internal control systems of the service and during the conduct of our work, particular attention was given to arrangements established to ensure:

4.3 An implicit part of our systems based audit approach is an evaluation of the controls in place to prevent and detect fraud and we perform sufficient audit testing to confirm that controls are working in practice.

5 Audit Liaison

5.1 Staff within Hampshire Fire and Rescue Service have been co-operative and helpful during audits, and have worked with us to ensure that audits have been timed to suit both parties.

5.2 Management responses to audit reports have generally been prompt helping to ensure recommendations to address control weaknesses receive management's early attention.

5.3 Audit Appraisal Questionnaires (AAQ) have been received from nine of the 22 audits with an average satisfaction score of 78.5% (90% 2003/04). The decrease in satisfaction score has arisen as a result of requesting Station Officers to complete AAQs rather than the Group/Station Support Manager. This has helped us identify changes needed to the way advance arrangements are made to carry out a station audit. The overall score is evidence of a good working relationship between Internal Audit and HFRS.

5.4 There have been quarterly meetings between the Director of Corporate Services and Internal Audit to discuss progress on the delivery of the internal audit plan and provide an opportunity to share information on audit and operational developments within the service.

Audit opinion definitions:

Good

a comprehensive system of controls is in place to ensure the achievement of service objectives, good financial management and to protect the Authority against loss

Effective

key controls exist to enable the achievement of system objectives and to protect the organisation from material loss. However, cost effective opportunities to strengthen the control system exist

Basic

there is a basic control framework in place but there are gaps which weaken the system and losses or failure to achieve system objectives could occur. There is a need to introduce additional controls to reduce the risk to the organisation.

Inadequate

controls are considered to be insufficient with the absence of at least one critical control mechanism. Failure to improve controls could lead to a decline in financial integrity and lead to an increased risk of major loss or embarrassment to the organisation.

Hampshire Fire and Rescue Authority

Annual internal audit opinion 2004/05 - Summary of main issues reported during 2004/05.

System

Opinion on the framework of control

(note 1)

Controls operating in practice?

Main Issues

Appropriate action has been agreed by relevant managers to address these issues and progress is being monitored.

Key financial systems:

     

Payroll

(FR011)

Effective

Generally

The following issues were identified:

· employees are not signing copies of their contracts of employment accepting the terms and conditions of employment

· the Human Resources Department does not hold a current list of authorising signatures in order to verify changes to payroll data

· user roles have not been sufficiently reviewed regarding access to personal data.

Debtors and Cash Income

(FR014)

Effective

Generally

In the Finance Section two people should open the post and receipt cash and cheque income to protect the individuals concerned as well as the service.

Budgetary Control (FR015)

Effective

Generally

No major issues were identified.

Departmental systems:

     

Ad-hoc Payroll Review

(FR008)

Basic

Not operating in practice.

This additional review was undertaken at the request of the Finance and Office Services Manager to assess the effectiveness of payroll controls surrounding the payment of retained fire-fighters. There following matters were highlighted:

· the Payroll Supervisor does not ensure that the latest error printout has been cleared before payroll download into SAP

· no action was forthcoming from the previous audit recommendation to enhance payroll validation procedures. This required the production of an appropriate report to enable SAP payroll data to be checked by HFRS payroll staff

· the performance of the system would be improved if desk-top procedures for payroll staff are up-dated.

The agreed actions from this review were followed-up during the Payroll audit (FR011). We found that all recommendations had been actioned except that procedure notes had yet to be updated in view of the impending change to the system.

Temporary, Casual and Agency Staff (Follow up)

(FR003)

Effective

Generally

The issues raised at the previous audit had been addressed except one ie. that where expenditure on the appointment of agencies exceeds £5,000, tendering procedures should be followed as required by Standing Orders. The review also highlighted that control would be improved if the rates charged on agency invoices are checked prior to payment.

Fuel Issues

(FR083)

Effective

Not always

The review highlighted the following opportunities for improvement:

· the current procedures should be updated and require delivery notes to be agreed with invoices prior to payment

· there should be regular spot checking of fuel tally records to ensure all fuel issues are entered in the vehicle log book

· not all locations holding fuel stocks regularly reconcile dip readings with the fuel tally book

· budgetary responsibilities should be more clearly defined.

Computer audits:

     

Data Protection

(FR909)

Effective

Yes

No major issues were identified.

Networks and Communications

(FR912)

Basic

N/A

The following significant risks to the performance of the system have been identified:

· there were no Terms of Reference or Project Initiation Document

· costs and alternative options have not been documented or specified

· hardware choice has not been based on formal technical analysis.

An overall opinion on compliance with controls has not been given as the project is at an early stage.

Geographic Information System

(FR917)

Basic

Yes

There are no major issues relating to the geographical information systems, although gaps in the control framework for the Fire Service Emergency Cover module, which is used to develop a risk map, would present a higher risk if the application were fully operational and used to make or aid management decisions.

HFRS Hantsfirenet

(FR916)

Effective

Not always

The audit reviewed interim personal computers (existing personal computers under the ownership and responsibility of HFRS but connected to Hantsfirenet) to ensure that access to hard drives containing programs and data are restricted to authorised personnel. No major issues were identified.

Regularity:

     

St. Mary's Fire Station

(FR101)

Basic

Not operating in practice.

There were no major issues identified, although it was highlighted that; an up-to-date inventory should be held; overtime and TOIL (time off in lieu) claims should be signed by the employee and authorised by an appropriate officer and that there should be greater evidence of a division of duties over indent orders (requisitions).

Hightown Fire Station

(FR102)

Effective

Generally

There were no major issues identified. Areas for improvement include: to hold cash more securely; report significant fuel stock discrepancies to HQ; overtime and TOIL claims should be signed by the employee and authorised by an appropriate officer and there should be greater evidence of a division of duties over indent orders.

Basingstoke Fire Station

(FR103)

Effective

Generally

There were no major issues identified. Areas for improvement include compiling a station inventory and there should be greater evidence of a division of duties over indent orders.

Winchester Fire Station

(FR104)

Basic

Not operating in practice

There were no major issues identified. Areas for improvement include: holding an up-to-date inventory; overtime and TOIL claims should be signed by an officer of appropriate rank and that there should be greater division of duties over indent orders.

Rushmoor Fire Station

(FR105)

Basic

Not always

There were no major issues identified, however, areas for improvement include:

· reclaiming VAT on expenditure whenever possible

· compiling a station inventory

· separate people should authorise the indent orders and receipt goods received

· significant fuel stock discrepancies should be reported to HQ

· all overtime and TOIL should be authorised by an appropriate officer.

Borden Retained Fire Station

(FR106)

Effective

Generally

No major issues were identified, however, areas for improvement include: maintaining a separation of duties between the person raising an indent order and person who signs for the goods; carrying out an annual check of the office inventory and ruling off the retained payment claim forms to ensure there are no unauthorised entries.

Whitchurch Retained Fire Station

(FR108)

Effective

Generally

No major issues were identified, however, it was highlighted that all indent order despatch numbers should be recorded on the blue copy of the indent order and that wherever possible, there should be a separation of duties between the person raising the indent order and the person signing for goods received.

Romsey Retained Fire Station

(FR304)

Basic

Generally

No major issues were identified, however, the following areas for improvement in respect of indents were highlighted:

· wherever possible the goods must be signed for by someone other that the authorising officer

· the person who raises the indent must rule a line across after the last item

· the indent order despatch number needs to be recorded on the blue copy of the indent.

Fordingbridge Retained Fire Station

(FR309)

Effective

Not always

No major issues were identified. Areas for improvement include ensuring all indent order despatch numbers are recorded on the blue copy of the indent and that all goods are signed for when received, by someone other than the person raising the indent.

Brockenhurst Retained Fire Station

(FR312)

Effective

Generally

No major issues were identified. Areas for improvement include ensuring all indent order despatch numbers are recorded on the blue copy of the indent and that all goods are signed for when received, by someone other than the person raising the indent.

Commercial Training

(FR024)

Effective

Generally

No major issues were identified, although the following areas for improvement were highlighted:

· that assets are physically verified at least annually; and

· care is taken to ensure that invoices are raised for all delegates.

Community Fire Safety

(FR026)

Effective

Generally

No major issues were identified, although the following areas for improvement were identified:

· official orders need to be supported by signed requisitions to identify each requisitioner and complete the audit trail

· the receipt of goods/services should be recorded with the signature of the recipient and dated on a delivery/advice note. Alternatively, where no delivery/advice note is available, the same detail should be recorded on either the invoice, or a hard copy of the order.

Common Findings:

     

There should be greater evidence of a division of duties over indents; all goods should be signed for when received, by someone other than the person raising the indent.

All indent despatch numbers should be recorded on the blue copy of the indent.

All overtime and TOIL should be authorised by an appropriate officer.

Station inventories should be kept up-to-date and physically verified annually.

Note 1 - audit opinion definition can be found at appendix C.