Contents
Report 6 of the 23 March 2009 meeting of the Corporate Governance Committee, updates on the outstanding high-risk MPA Directorate of Audit, Risk and Assurance (DARA) recommendations.
Warning: This is archived material and may be out of date. The Metropolitan Police Authority has been replaced by the Mayor's Office for Policing and Crime (MOPC).
See the MOPC website for further information.
Outstanding high risk audit recommendations
Report: 6
Date: 22 March 2010
By: Director of Resources on behalf of the Commissioner
Summary
This report updates Members in relation to the outstanding high-risk MPA Directorate of Audit, Risk and Assurance (DARA) recommendations, as at 25 February 2010.
A. Recommendation
That members note:
- the status of all outstanding high-risk recommendations made in relation to MPS control systems by the Directorate of Audit, Risk and Assurance.
B. Supporting information
1. This report summarises the present status of accepted high-risk recommendations made by the Directorate of Audit, Risk and Assurance and details the ongoing process by which the MPS responds to audit recommendations.
Progress report on high-risk audit recommendations
2. Since the last report to Corporate Governance Committee (CGC) on 10 December 2009, a further four high risk audit recommendations have been made by DARA and accepted by MPS. Of these one has already been implemented and the other three have target dates for completion by the end of this reporting year (March 2010). Details of all of the high risk audit recommendations can be found in Appendix 1 (with exempt items at Appendix 2), but members’ attention is specifically drawn to the following:
- Significant work has been carried out in parts of the business to implement some of the ‘older’ outstanding high risks, these have been detailed below:
- DoI have gathered and submitted evidence that should prove implementation of the outstanding high risk in respect of IS/IT Access and Usage and are currently waiting for confirmation from DARA that this is the case.
- A paper will be presented to MPS Management Board on 25 March 2010 following a review of MPS Vetting conducted by Commander Pountain (SCD), which if approved will support the implementation of the two outstanding risks for Security Vetting and Clearance.
Progress to ensure the outstanding recommendations are addressed as a high priority continues to be co-ordinated by the Quality Assurance Team (QAT) in Finance Services.
Current position
3. Including the new outstanding recommendations, there are now 10 DARA high-risk recommendations outstanding to the MPS, with a further two that are outstanding to the MPA Treasurer.
4. The table below highlights the progress in implementing the outstanding recommendations, comparing the current position with that reported to the previous two CGC meetings in September 2009 and December 2009.
Table 1: Progress in implementing high-risk DARA recommendations
| Ref Nos. (see table at App. 1) |
Audit Title (responsible Business Group) |
No of High-Risk Recommendations outstanding to MPS | Comment | ||
|---|---|---|---|---|---|
| Sep 2009 | Dec 2009 |
Mar 2010 | |||
| 1 | Systems for Intelligence & Detection - (DoI) | 1 | 1 | 0 | Now downgraded to a medium risk - see progress report at Appendix 1 |
| 2 | Palace Of Westminster - (SO17) | 1 | 1 | 1 | Progress report at Appendix 2 - now exempt |
| 3 | Crime Related Property - (TP) | 1 | 1 | 1 | See progress report at Appendix 1 |
| 4 | H & S Legislation Implementation - (HR) | 1 | 1 | 1 | See progress report at Appendix 1 |
| 5 | Diplomatic Protection Group - (SO6) | 0 | 0 | 0 | Outstanding to MPA Treasurer |
| 6 | Royalty and Specialist Protection - (SO1/SO14) | 0 | 0 | 0 | Outstanding to MPA Treasurer |
| 7 | Security Vetting and Clearance - (SO15) | 2 | 2 | 2 | See progress report at Appendix 1 |
| 8 | Building Security - Physical and Technical Guards - (SO6) | 6 | 0 | 0 | Now complete |
| 9 | IS/IT Access & Usage - (DoI) | 1 | 1 | 1 | See progress report at Appendix 1 |
| 10 | B/OCU - Corporate Issues - (DoR) | 2 | 2 | 2 | See progress report at Appendix 1 |
| 11 | Management of Outsourced Financial Services - (DoR) | 0 | 0 | 0 | Now complete - (see para 5 (iv) below) |
| 12 | Accounts Control (Covert) - (SCD) | 0 | 0 | 0 | Now complete - (see para 5 (iv) below) |
| 13 | Crime Reporting Information System - (DoI) | 0 | 0 | 2 | See progress report at Appendix 1 |
| Total | 14 | 9 | 10 | ||
5. Some specific points of note from Table 1 are as follows:
- The high risk recommendations for the Crime Report Information Systems (CRIS) have previously not been included in this report, but all parties concerned were aware of them and it was agreed that they would not be reported on until all consultation on this audit paper was completed.
- The high-risk recommendations relating to the under funding of Dedicated Security Posts (DSP) for Royalty and Specialist Protection and for Diplomatic Protection are identical and fall under the remit of the Specialist Operations Business Group. Action to resolve the recommendations now rests with MPA Treasurer. Following the update given to members at the last committee meeting advice has been received from the MPA Deputy Treasurer that an announcement is due shortly on the options for reform of the DSP Grant mechanism. As reported last month, both the MPS and MPA have made constructive suggestions about this. It is anticipated that this announcement will in turn support the implementation of these outstanding risks.
- In respect of the two high risk audit recommendations made as part of the Security Vetting and Clearance audit and as briefly referred to earlier in this report, ACSO is producing a paper for MPS Management Board on 25 March 2010 following the review conducted by Commander Pountain (SCD) of MPS Vetting. An update will be given to committee members in due course.
- Following a series of discussions between DoI and DARA, and with their agreement, the recommendation on Systems for Intelligence & Detection (ref nos 1 at Appendix 2) has now been ‘downgraded’ from a high risk to a medium risk. An ITS Health Check is due in March 2010
- The table also includes two new high risk recommendations made as a result of an audit of Management of Outsourced Financial Services and a follow-up audit of Accounts Control (Covert), confirmation has been received that these have both been implemented and within the agreed target date. The details of these are noted in Appendix 1.
Process by which the MPS responds to audit recommendations
6. The Audit and Inspection Protocol agreed between the MPS and the audit and inspection services in November 2008 enables all parties to work together to enhance delivery and response to audit and inspection programmes and ensure that maximum benefit is achieved. The QAT in MPS Finance Services has recently reviewed the protocol in consultation with MPS Business Groups. MPA DARA, HMIC and the Audit Commission are presently being consulted and a refreshed protocol will be published in time for commencement of the 2010/11 Audit and Inspection programme in April 2010.
7. Outstanding high-risk recommendations are reported on a quarterly basis to the MPS Governance Board and the External Audit and Inspection Partnership Meeting attended by representatives from DARA, the Audit Commission and HMIC. Additionally, the Director of DARA is updated through meetings with Finance Services in relation to the development of audit recommendation tracking and reporting.
Environmental implications
There are no direct implications on environmental issues arising from this report.
C. Race and equality impact
There are no direct implications on equality and diversity arising from this report
D. Financial implications
There are no immediate financial implications from this report.
E. Legal implications
1. Under regulation 4 of the Accounts and Audit Regulations 2003, (the ‘Regulations’) as amended by the 2006 Regulations, the MPA are required to have a sound system of internal control, which facilitates the effective exercise of that body’s functions, which includes arrangements for the management of risk, and conduct an annual review. There is also a legal requirement under the Regulations for a Committee to review the effectiveness of the system of control.
2. The Corporate Governance Committee is in receipt of delegated powers in respect of the internal system of control procedures including risk management.
3. The Civil Contingencies Act 2004 also places a number of statutory duties upon the Police Service to assess risk of an emergency occurring and to maintain plans for the purpose of responding to an emergency.
4. This report assists the MPA’s/MPS’ compliance with the requirements referred to above.
F. Background papers
None
G. Contact details
Report author: Nick Rogers, Director of Group Finance, Finance Services, MPS
For information contact:
MPA general: 020 7202 0202
Media enquiries: 020 7202 0217/18
Supporting material
Send an e-mail linking to this page
Feedback