A MOTION WAS MOVED BY MR MICHAEL BLAIR AND A SECOND BY COUNCILOR DR LOWE TO CONFIRM THE MINUTES OF THE MEETING OF THE AUDIT COMMITTEE HELD ON 20 NOVEMBER 2014. Adjunct Professor Mr Jim Taggart OAM asked if the Internal Audit Committee had minutes with Committee members serving on the committee when they moved residence from the Shire. Adjunct Professor Mr Jim Taggart OAM also advised the Audit Committee that he would like to remain on the Internal Audit Committee until the end of his term.
It is a requirement of the Audit Charter for the Audit Committee, the Audit Charter for the Internal Auditor and the Internal Auditor's performance component of its contract that a Strategic Internal Audit Plan be developed. In 2011, the Audit Committee approved a four (4) year Strategic Internal Audit Plan for the period until June 30, 2015. To ensure the continuity of the internal audit function, a Strategic Internal Audit Plan for the period from July 1 2015 to December 31, 2016 has now been developed and attached for review by the Audit Committee.
It is planned, following the completion of the attached plan, that a (4) four year Internal Audit Strategic Plan will be developed for the period from 1 January 2017 to 31 December 2020 to ensure that future Internal Audit Strategic Plans reflect the Board's term . The adoption of the Internal Audit Strategic Plan will ensure the continued effectiveness of the Internal Audit function as a management mechanism.
AUDIT COMMITTEE MEETING 25 JUNE, 2015
- To achieve its purpose the Strategic Plan will, as far as possible within the resources available to the function, cover all activities of the Council
- Core Characteristics of the Internal Audit Function within THSC 1 As outlined in the Internal Audit Charter, Internal audit is responsible to
- In order to carry out its responsibilities as outlined in the Internal Audit Charter, the Internal Auditor has
- To ensure its independence Internal Audit will also be free of operational activities, that is, it is not involved in day-to-day management or
- Development of the Internal Audit Strategic Plan (underlying principals)
- This document sets out the details of Internal Audits audit coverage and the factors that have been taken into account in developing the Internal Audit
- In line with best practice, the Strategic Plan aims to address the ‘key risks’
- As such, to ensure that this Strategic Plan retains its currency and relevance, it should be viewed as a ‘living document’ in that it may require
- At this time it is proposed that a formal process will be undertaken annually to ensure that the audits listed in the Strategic Plan reflects the relevant
- The identification of ‘Key Risks’
- Managements risk management priorities are reflected in the Councils risk register (as recorded in the Councils Risk Management Module). This
- As well as using the risk priorities identified as the basis for its planning, internal audit will undertake additional work to ensure the internal audit
- Annually a formal process will be undertaken to take account of revisions in the Councils risk assessment. This will enable new developments to be
- The following considerations have been made in determining the coverage necessary to provide the assurance to both management and the elected
- As outlined in the Strategic Plan, the audit approach and strategy undertaken are based on the following elements
- Sharing of information between Internal and External Audit can avoid duplication of effort and enhance the knowledge of the whole system of risk
- Internal audit is required to conduct all audit activity in accordance with the professional and ethical standards below: -
- Performance Measures and Indicators
- Internal Audit has in place a range of performance measures and indicators as set out in its Charter
- Staffing
- The development of the Internal Auditor will include attendance at relevant seminars and conferences to keep up to date with advances in the fields of
- Audit Reporting Assignment Level
- A review program shall be implemented to evaluate the operations of Internal Audit
- The purpose of this program is to provide assurances that audit work conforms to the standards for professional practice of internal auditing, the
In order to determine the risk priorities for THSC management, internal audit has prepared its plan with reference to the risk register. In this way, internal audit will be able to provide assurance to management and elected representatives about the key risks facing the council, as well as help reduce those risks through its recommendations. To what extent Internal Audit can coordinate activities with the external auditor to minimize duplication of work.
Internal Audit will work with External Audit to develop practical processes for effective collaboration. External and Internal audit have already met to discuss how this objective can be achieved. At the end of each audit, a copy of the report on the audit outcome will be issued to the relevant department and to the General Manager.
Internal audit reports will not be finalized until the General Manager's approval of the corrective action implementation timeline is obtained. Internal audit will prepare regular progress reports for the audit committee, which will coincide with the agenda of the committee's meetings.
The following are the key identified auditable areas that make up the Council’s
Detailed Strategic Audit Plan 2015 - 2016
- Key assumptions in the development of the Strategic Audit Plan 1. Established internal audit practice had been to review all major systems
- The Internal audit plan for 2015-16 reflects this changing environment
- The Internal Audit plan also reflects the recommendations made by the Department of Local Government in their Promoting Better Practice
- The focus of this plan is on Councils identified risk priorities whilst ensuring a sufficient body of work across the full range Councils operations
- Flexibility to be built into the annual audit plan. A sufficient number of hours to be reserved for special requests and audit assistance so that no
- Key: Types of Audit that may be undertaken
- Protocol for the Implementation of Management Agreed Actions to Internal Audit Findings
The Internal Audit Plan also reflects the recommendations of the Department of Local Government in their Department for Promoting Better Practice in Local Government in the Council's review/decisions on Promoting Better Practice and management requirements. Although the planned audits have been mapped to the Council's key risks, the audit areas under review will also provide a wide range of non-key risks. The relative priority of audits will change over the life of this plan as the relevant risks managed by the Council change and, following review, internal audit's confidence in the management of these systems increases.
A sufficient number of hours to be reserved for special requests and audit assistance so that no audits covering high risks need to be postponed. Internal Audit can set the following range of reviews in its delivery plan: Application: Corporate level review will be conducted at least once during the life of the plan.
Systems Audit (SA) Definition A “full” audit in which every key aspect and phase of the audited area is fully considered. Application: All critical and high-risk systems are scheduled to undergo a full systems audit at least once during the life of the plan. Application: Certain high risk systems that have undergone a full system review during the period and where compliance failures would materially affect the Council's risk management, control and governance.
Application: Certain high or medium risk systems which have been subject to a comprehensive system review during this period and where non-compliance in key aspects would significantly affect the Board's risk management, control and governance arrangements. Application: This type of review will be subject to developments in Councils' information systems or significant changes to working practices. It follows the critical controls identified in the last systems audit and complements this with a critical view of data and data relationships.
It provides assurance that accepted recommendations in internal audit reports have been effectively implemented, resulting in improvements in the management of identified risks. Application: All reviews carried out during the plan period will be subject to regular, appropriate follow-up measures. Protocol for implementing management-approved actions for internal audit findings Internal audit findings.
Protocol
ITEM-3 INTERNAL AUDIT REPORT
MEETING DATE: 25 JUNE 2015
INTERNAL AUDIT COMMITTEE
AUTHOR: INTERNAL AUDITOR KERRIE WILSON
RESPONSIBLE OFFICER: GENERAL MANAGER DAVE WALKER
EXECUTIVE SUMMARY The Internal Audit report
REPORT
IMPACTS Financial
RECOMMENDATION The report be received
ATTACHMENTS
Internal Audit Report (26 Pages)
Internal Audit Report
Background to the Internal Audit Function, the Audit Committee, and the audit reporting practices at The Hills Shire Council
Risk Assessment Matrix
Attachment 3: List of outstanding audit recommendations (including management comments) at the reporting date
- Summary
DLG Better Practice Review (2007); Legislative; DLG/ICAC recommended activity; . Audit Committee; Council resolution; Award/EBA);. The actual audit time required to perform (or spent on) the audit activity. The status of the audit activity at the end of the period (“completed”/”in progress” or “not yet started”).
Summary of the Status of the 2014/15 Audit Plan at 30 May 2015
- Governance Structures/Code Of Conduct
- Special Projects/Assignments Objective
- RMS Drives System Objective
- Contract Management Objective
- Library Objective
- Other Audit Activities completed in the period to 30 May 2015
- Status of Recommendations
- Key Information to be reported in the Annual Community Report Concerning the Audit Committee
- Internal Audit is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations
- Best Practice
- The Strategic Audit Plan
- Reporting
Review of the controls that ensure the council has sufficient staff with the necessary skills and experience to achieve its objectives. Reviewed ICAC reports relevant to local authorities in the period up to the date of the Audit Committee. As part of the completed procurement audit, the audit has independently assessed the Council's invoice payment system.
Purchases made outside the purchase order system are closely monitored by the Council's finance department. However, the procurement guidance required minor updates to reflect the changed structure of the Council's finance area referred to in the guidance. It was noted that framework orders were used by a minority of Council (purchase orders have order dates >6 months).
Findings Overall the audit found a significant improvement in the compliance aspects of the procurement system. Best practice would include implementing formal performance management processes to ensure active management of the Council's suppliers and to ensure there is open and transparent communication. This time includes drafting the audit report/finalizing the report; discussion of audit findings; and management action agreement.
The actual internal audit costs to date consist of the salary and expenses of the internal auditor and the risk coordinator. In the period up to 5/30/2015, the budget of the internal audit function was not exceeded. The role of internal audit is primarily to provide independent assurance on internal control and the global risk management framework.
It provides the council with independent oversight and monitoring of the council's audit processes, including the council's internal control activities. The current members of the Audit Committee are: Mayor, Clr AJ Hay (OAM), Clr Dr JN Lowe, Clr MG Thomas, Mr Michael Blair, Mr Trevor Bland and Adjunct Professor Jim Taggart (OAM). The functions, powers and responsibilities of the Audit Committee are described in the Charter of the Audit Committee which has been approved by the Council.
Internal audit regularly communicates its findings and recommendations to the audit committee, the general manager and the management of the audited areas via the internal audit report. Board members and the community have access to the minutes of the audit committee (and the internal audit report) as they are published on the board's web page.
THSC Risk Matrix
Risk Complete remediation within 1 calendar month or as agreed Risk Complete remediation within 3 calendar months or as agreed isk Complete remediation within 4 calendar months or as agreed ciliation of outstanding audit recommendations as of May 30, 2015 from internal report Total recommendations from audit since 2005 (Raised) . 1Implement the approved 2015 governance planIncrease the chances of the Board achieving its goals by applying transparent and impartial decision-making. Until the new system is implemented, the information available in the current system will not be updated.
License Management/Certificate of Currency/Registration Key requirements are not related to role statements (personnel) or contracts. Information provided to contractors, volunteers and staff online may differ from that available to staff (intranet), which can lead to confusion and the introduction of inconsistent practices. This was last updated in 2004 and refers to practices that the Council no longer has.
No consistent, up-to-date and accurate information available to the operations team, meaning inconsistent decision-making - increasing the council's public liability risk. The Information Technology Council has no information management strategy to ensure that the company record is complete. Testing the IT disaster recovery plan Failure of critical business applications Ensure that Council's critical systems can be recovered within agreed timeframes and that there is no reliance on individuals within the IT department.
Manager – IT Initially March 1, 2015 Extended until June 30, 2015 due to the number of systems to be addressed. Create a formal ITDR team Add document recovery procedures to ITDRP Create a communication template to ensure timely and accurate communication Manager - IT March 1, 2015 Extends to June 30, 2015 due to IT Team review. In progress, ITDRPs should be in place for all systems used by the Council. Ensuring efficient restoration of Council systems where required.
Cemeteries The quality of the Council's cemeteries data reflects inconsistent practices that have been implemented in relation to Cemeteries over many years. Since taking office in 2009, the Special Projects Officer has standardized procedures related to the main functions of the Cemetery, including selling plots, booking funerals, placing plaques, obtaining headstones, etc. Status at 30 May 2015 Minor procurement updates are required to the procurement guidance and variation workflow to ensure they are accurate and reflect the current structure at Council.
ITEM-4 GENERAL MANAGER'S EXPENSES THEME: Proactive Leadership
AUTHOR: GENERAL MANAGER DAVE WALKER
HISTORY
After Approval, the expenses be submitted to the Audit Committee for notation
The Hills Future - Community Strategic Plan
RECOMMENDATION
The report be received
The expenses tabled (which outlines a total of $943.45) be noted
ITEM-5 QUESTIONS AND ANSWERS - AUDIT COMMITTEE MEETING - 23 APRIL 2015
STRATEGY
Facilitate strong two way relationships and
Questions & Answers – Audit Committee 23 April 2015
QUESTIONS WITHOUT NOTICE
AUDIT COMMITTEE MEETING 23 APRIL 2015
13 PROTOCOL WITH MOVING
