Internal Audit annual report 2001/02

Report: 6
Date: 20 June 2002
By: Treasurer

Summary

The attached draft Annual Report of the Director of Internal Audit on the work of Internal Audit in 2001/2002 gives the Director of Internal Audit’s opinion on the adequacy and effectiveness of internal control within the MPS. This covering report provides a brief overview.

A. Recommendations

The Audit Panel is asked to:

1. Approve the attached Annual Report of the Director of Internal Audit for circulation to all members of the MPA.

B. Supporting information

1. The annual report of the Director of Internal Audit is attached as appendix 1. The report summarises the work of internal audit in 2001/02 and sets out the Director of Internal Audit’s opinion on the adequacy of internal control.

Programme performance

2. Internal audit has covered 67% of the planned systems audit programme for 2001/2002. Although this is only a marginal improvement on the previous two years this has to be taken together with internal audit carrying out a number of significant reviews and investigations which have provided essential support to the MPA in developing corporate financial processes and to the MPS in addressing financial management issues.

Internal audit staffing

3. The shortfall against the programme was partly due to the continuing level of staff vacancies, running at about 25-30% through the year. However steps were taken during the year through a review of pay and location to address this problem. The resulting benefits are already apparent in improved recruitment in the current year.

Internal Audit budget

4. The achievement of the internal audit programme was also affected by the need to secure an underspending on the section’s budget in order to contribute to the requirement to manage the overall MPA budget. The internal audit budget was underspent by £141,000, about 10%. This resulted from planned action to limit the use of external consultants to offset the effect of staff vacancies and delayed recruitment to fill professional auditor posts.

Quality assurance

5. During the year the external auditor reviewed the work of internal audit. This represented an independent review of the quality of internal audit. The District Auditor confirmed his initial view that the work of internal audit is of a sufficient quality for him to be able to rely on its conclusions.

Financial savings

6. As a result of forensic audit work savings or losses stemmed during the year were approximately £382,000 and recoveries made approximately £231,000.

Management response

7. 93% of internal audit recommendations were accepted by management in 2001/02 against a target of 90%. Four high risk recommendations were not accepted. Information on the implementation of recommendations should be available by the time of the Panel meeting.

Opinion on internal control

8. The Director of Internal Audit introduced in 2001/02 a grading system to indicate the relative adequacy of controls in the systems audited. The Average of the results across all the year’s audits enables the Director to add a quantitative measure to his opinion on the overall adequacy of internal control. This provides a benchmark against which future improvement can be assessed.

9. On a five point scale where 1 represents controls performing well, a score of 2 indicates that controls are adequate. An average score of 2 would therefore mean that controls overall were adequate and this should be the target to aim for. The average score in 2001/02 was 3.5 but with high risk systems performing better with an average score of 3 and follow-up audit reviews scoring 2.8. This suggests a degree of improvement as internal audit recommendations are implemented. Furthermore reports in the latter part of the year were able to give a more positive assurance because of the alacrity with which some recommendations were adopted.

10. On the basis of the average overall score the Director of Internal Audit gives his opinion as follows: In summary, while I am satisfied that efforts continue to be made to correct identified weaknesses, I can only offer a 50% assurance on the adequacy of control and the effectiveness of systems within the MPS.

11. Although not on the same basis this does suggest a more hopeful picture compared to last year’s opinion when the Director of Internal Audit could ‘offer little assurance on the adequacy of internal control’.

Looking Forwards

12. The Director of Internal Audit has balanced the programme for the forthcoming year towards more advisory reviews and less programmed audits. This should not only ensure that the MPS is able to deal more effectively with the recommendations that have already been made but also should allow Internal Audit to carry out more follow up reviews to confirm implementation of accepted recommendations.

8. The increased level of staffing should enable Internal Audit to achieve a greater level of coverage in 2002/03.

C. Financial implications

1. The risk of loss through fraud, abuse, waste or inefficiency if Internal Audit recommendations are not effectively implemented.

2. Occasional savings that where appropriate can be off-set against budgets.

D. Background papers

None.

E. Contact details

Report author: Peter Martin, Treasurer, MPA.

For information contact:

MPA general: 020 7202 0202
Media enquiries: 020 7202 0217/18

• Annex A: Report on Internal Audit activities 2001/02
• Annex B: Internal Audit investigations 2001/2002 (see Supporting material)
• Annex C: Internal Audit assurance criteria (see Supporting material)

Annex A: Report on Internal Audit activities 2001/02

Reporting framework

Audit reports are issued to management at various stages of the audit these are summarised as follows:

Draft issued for Discussion - at the end of our fieldwork we issue a draft report to management for discussion. We then hold a meeting to clarify any points that are raised before issuing the formal draft.

Formal Draft Report - once the report has been discussed with the auditee the formal draft is issued together with a request for a formal response within three weeks.

Final Report - when a response is received from the auditee it is incorporated in the report and the final report is issued.

Each audit also has a summary of the main findings and an analysis of the recommendations made. Recommendations are classified as ‘high’, ‘medium’ or ‘low’ risk. Any high risk recommendations rejected by line management are raised with the policy board member responsible and if necessary the Audit Panel.

Systems Audits

Final reports

Warehousing, Stocks and Stores Control - Ammunition

Draft Report issued May 2001
Final Report issued August 2001

Summary of Findings

Adequate controls are not in place to meet all the system objectives and controls are not being consistently applied. The holding of a quantity of ammunition and pyrotechnics awaiting disposal at SO19 contravenes regulations. This matter may have since been addressed through SO19 moving to Leman Street. Whilst the stock records at SO19 stores are accurate and detailed this is not always the case at other locations. None of the sites are able to produce figures on the quantities of ammunition issued.

Periodic stock takes do not take place at each location and this means that stock discrepancies will not be identified. There are inadequate stock controls over stock re-order levels.

Analysis of Recommendations

Management accepted all 24 recommendations made:

7 High Risk
17 Medium Risk

Senior Line Management Comment (Assistant Commissioner Veness)

The report is comprehensive and informative. The recommendations are formally accepted and are now the subject of work to achieve them.

Directorate of Legal Services – Imprest Account

Final Report issued August 2001

Summary of Findings

This review was carried out following an investigation. Insufficient documentation was retained to support claims, advance payments were being made, claims were not correctly authorised, the cash book contained a significant number of errors and reimbursement claims were not checked before being submitted to FSD. The majority of claims were for staff travel expenses which contravenes the Finance Directorate’s requirements.

Analysis of Recommendations

Management accepted all 18 recommendations made:

18 Medium Risk

Senior Line Management Comment (David Hamilton, Director of Legal Services)

The Director of Legal Services has addressed every agreed recommendation in the report through issuing additional guidance to staff, bringing in additional checks and updating our IT package. Internal audit have recently re-audited the Imprest account and have indicated that significant improvements have been made.

Road Accident and Traffic Reports and Intelligence

Draft Report issued September 2000
Final Report issued August 2001

Summary of Findings

The lack of controls over the receipt of Collision/Accident Report Books (CARBs) means that there is a risk that all accidents reported are not processed. CARBs and Self-Reporting Forms are not properly completed and authorised in some cases thereby creating delays in processing the forms. This results in cases not being completed within the six-month statutory time limit.

Analysis of Recommendations

Management accepted 19 of the 26 recommendations made:

25 Medium Risk (18 Accepted)
1 Low Risk (1 Accepted)

Senior Line Management Comment (Assistant Commissioner Ghaffur)

Fixed Penalty Notices

Draft Report issued January 2001
Final Report issued August 2001

Summary of Findings

An adequate control framework is not in place. There is a risk that unauthorised amendments and suppressions of FPNs may take place. Effective controls over the database access are not exercised. There is no reconciliation of input and output data as a result we are unable to give assurance that all revenue due is collected. There is also a lack of segregation of duties over the receipt and banking of income.

Analysis of Recommendations

Management accepted 42 of the 48 recommendations made:

6 High Risk (6 Accepted)
38 Medium Risk (32 Accepted)
4 Low Risk (4 Accepted)

Senior Line Management Comment (Assistant Commissioner Todd)

Health and Safety – Compliance with Legislation

Draft Report issued June 2001
Final Report issued August 2001

Summary of Findings

Adequate controls are not in place to meet all the system objectives defined within the MPS Health and Safety Policy and controls are not being applied consistently. Several system deficiencies have already been identified by the MPS and the HSE, and are reinforced through the findings of this audit. It is recognised that the MPS has committed to developing appropriate H&S systems.

Analysis of Recommendations

Management accepted all 44 recommendations made:

20 High Risk
19 Medium Risk
5 Low Risk

Senior Line Management Comment (Assistant Commissioner Hogan-Howe)

Audit of Pay Standing Data

Draft Report issued April 2001
Final Report issued August 2001

Summary of Findings

Significant improvement is needed before business objectives can be met. Whilst adequate controls were available within the system a number of the controls operated by the outsourced payroll service provider were not operating effectively.

Analysis of Recommendations

Management accepted all 19 recommendations made:

3 High Risk
10 Medium Risk
6 Low Risk

Senior Line Management Comment (Keith Luck, Director of Resources)

Audit of IT Support of Major Incident Response

Draft Report issued January 2001
Final Report issued September 2001

Summary of Findings

We found that the processes for dealing with major incidents are generally well managed, documented and are organised to be effective as quickly as possible. The Command and Control computer systems used during major incidents are some fifteen years old but still perform adequately to control police resources and manage data during major incidents. However improvement is required to ensure that business objectives are met particularly with regard to business continuity where a suspension or reduction in the functionality of the computer systems would have an impact on the way the MPS manages major incidents.

Analysis of Recommendations

Management accepted all 29 recommendations made:

3 High Risk (2 implemented and one in progress)
14 Medium Risk ( 12 implemented, one in progress and one superseded)
12 Low Risk (12 implemented)

Senior Line Management Comment (Ailsa Beaton, Director of Information)

This audit has proved valuable in drawing attention, in particular, to deficiencies in the MPS business continuity arrangements. However the audit process followed in this case tended to overlap other recent wok which could have been avoided. Whilst appreciating that there were problems in the way this audit was conducted the delay in publishing the report resulted in some recommendations being overtaken by events. It would also have helped to have seen a copy of the draft report for comment even thought the DoI was not the main sponsor.

Systems Supporting External Financial Reporting

Draft Report issued June 2001
Final Report issued September 2001

Summary of Findings

Controls over the reconciliation of subsidiary systems to the general ledger were not operating effectively. Key subsidiary systems, such as police, civil pay and pension bank accounts are not being reconciled. Controls over the clearance of suspense accounts were not operating effectively. There is also no consistent monitoring system in place to ensure suspense accounts are reconciled appropriately.

Analysis of Recommendations

Management accepted 36 of the 47 recommendations made:

6 High Risk (6 Accepted)
27 Medium Risk (21 Accepted)
14 Low Risk (9 Accepted)

Senior Line Management Comment (Keith Luck, Director of Resources)

This audit was reported nearly a year ago and significant improvements have occurred with the increase in departmental capacity. Civil and police pay interfaces are now reconciled immediately they are received from Capita i.e. twice a month. Pay and pension bank accounts are reconciled monthly.

Suspense and control account management responsibilities are clearly defined and all are reconciled at regular interval; predominately on a monthly basis in accordance with the needs of the finance reporting cycle.

Financial and Accounting Advice

Draft Report issued January 2001
Final Report issued September 2001

Summary of Findings

Controls in place for Financial and Accounting Advice are not fully effective. Financial procedures are not adequately or promptly distributed to staff and there is inadequate guidance on fixed assets. The Resource Budget Manual and VAT procedures are also not user friendly. Controls over the finance helpdesk and distributing and updating documented procedures are also not operating effectively. There is lack of awareness of the finance helpdesk and calls are not logged or monitored.

Analysis of Recommendations

Management accepted all 15 recommendations made:

13 Medium Risk 
2 Low Risk

Senior Line Management Comment ( Keith Luck, Director of Resources)

This report was answered in August 2001, and both the Business Support and Corporate Finance Divisions of the Directorate are now significantly improving both financial and accounting advice to the organisation. The MPS Financial Instructions have recently been revised and subsequently approved by the MPA and adequate guidance has been issued on fixed assets for compliance with Financial Reporting Standards No. 15.

A revised updated Scheme of Devolved Financial Management is out for consultation prior to formal issue. Budget and Monitoring instructions/guidance is issued regularly by Corporate Finance with Business Support Accountants available for local support. Partnership guidance has been issued. A customised VAT guide for non-Finance Department users is being prepared.

The Finance helpdesk together with MetFIN support is currently located within the Business Support Division. Contacts and responses are monitored but increasingly advice and support is routed through the business accountants service whose ‘reason for being’ is local financial management advice.

Imprest Account Control - Temporary Imprests

Draft Report issued September 2001
Final Report issued October 2001

Summary of Findings

There are inadequate controls over: authorisation, information provided by applicants, minimum amounts advanced, recovery action, accounting reconciliation, access to secure documents and monitoring of spend. There is high risk of double claiming via payroll and the system does not offer value for money.

Analysis of Recommendations

Management accepted 21 of the 27 recommendations made:

24 Medium Risk (20 Accepted)
3 Low Risk (1 Accepted)

Senior Line Management Comment (Keith Luck, Director of Resources)

Temporary imprests are offered as a support service to meet operational needs. Therefore, it is not appropriate to be prescriptive over the service offered(for example, strictly applying a minimum level of advance). With this in mind, many of the accepted recommendations will be addressed by the issue of the detailed delivery plan of the relevant section, and is planned to be actioned as a current project.

The support nature of the service is at odds with value for money analysis, and the rigid application of controls ( for example precluding further advances to parties recorded as debtors may adversely impact operations). Having made this point, outstanding advances are reconciled and subject to escalating recovery procedures. The value of outstanding debt is reported monthly. Basic controls over secure documents (e.g. cheque books) have been agreed and implemented. The section is pro-active in seeking to prevent fraud but cannot be tasked with absolute prevention. Whilst advances are reported monthly, the value of monitoring spends is limited due to the one-off nature of operational projects.

Creation, Storage, Security and Disposal of Electronic Documents

Draft Report issued September 2001
Final Report issued October 2001

Summary of Findings

Whilst systems and procedures for the management of paper records are well established and subject to annual inspection by the Public Record Office (PRO), the MPS does not have an established Electronic Records Management (ERM) policy. ERM is a corporate requirement and not the responsibility solely of the Department of Information but there is not yet the endorsement and active support from top-management that is required if ERM is to succeed in the MPS. Planning for the development of an ERM system across the MPS is still at the early stages. As little tangible progress had been made by the MPS the scope of this audit was limited to an overview of strategic direction and plans.

Analysis of Recommendations

Management accepted the 2 recommendations made:

1 High Risk (implementation in progress)
1 Medium Risk (implemented)

Senior Line Management Comment (Ailsa Beaton, Director of Information)

The findings of this audit have made a positive contribution to the creation of a dedicated Information Governance Unit. The Best Value Review on Records Management has now reported and their recommendations are wholly consistent with those of the audit.

Systems for Intelligence and Detection

Draft Report issued July 2001
Final report issued November 2001

Summary of Findings

There are inadequate controls over access to intelligence data and also a lack of effective audit trails. Data standards are not adhered and this increases the risk that breaches of the Data Protection Act could occur. There has been inadequate project control which could lead to the failure of systems to meet their objectives.

Analysis of Recommendations

Management accepted all 21 recommendations made:

9 High Risk 
6 Medium Risk 
6 Low Risk

Senior Line Management Comment (Assistant Commissioner Veness)

The audit has drawn attention to a number of control weaknesses, which are being addressed by means of a comprehensive programme of improvement activity.

Fees & Charges

Draft Report issued February 2001
Final report issued November 2001

Summary of Findings

Controls in place to ensure all relevant factors are considered in calculating fees and charges are inadequate. Reviews are not undertaken to identify whether the fees are covering the cost of the activity. Inadequate controls are also in place to monitor income raised from the fees and charges.

Analysis of Recommendations

Management accepted all 18 recommendations made:

18 Medium Risk

Senior Line Management Comment (Keith Luck, Director of Resources)

A review of all fees and charges has been completed, which was sufficient to include rates and amounts in devolved budget guidance for the 2002/03 financial year. Where fees are set by the Home Office they are rarely reviewed before the due date; but others under MPS control have been revised in line with inflation. Every effort has been made to allocate individual fees and charges account lines to reduce the use of ‘miscellaneous’ or ‘operational’ receipts postings.
Local Procedures and Minor Works

Draft Report issued June 2001
Final report issued December 2001

Summary of Findings

The records retained locally and by Carillion are of insufficient detail to accurately ascertain the exact location, status of works and whether works were checked on completion. PSD place full reliance on Carillion for the management of contractors and for the payment of invoices. Management information is inadequate for the monitoring and review of work

Analysis of Recommendations

Management accepted 19 of the 21 recommendations made:

1 High Risk (1 Accepted)
18 Medium Risk (16 Accepted) 
2 Low Risk (2 Accepted)

Senior Line Management Comment (Keith Luck, Director of Resources)

Conflict Policing Group (NPOIU)

Draft Report issued November 2001
Final Report issued December 2001

Summary of Findings

The framework of control is adequate, controls are generally operating effectively and the control objectives are being met. Overall the system is adequate to achieve business objectives. Both of the high-risk recommendations relate to security: that is, access to the restricted accounts on MetFIN and backup arrangements for data.

Analysis of Recommendations

Management accepted all 9 recommendations made and implementation is in progress:

2 High Risk
6 Medium Risk
1 Low Risk

Senior Line Management Comment (Assistant Commissioner Veness)

The positive findings of the audit are welcome. Action will be taken to address the risks, which have been identified.

Gifts and Hospitality

Draft Report issued September 2001
Final report issued January 2002

Summary of Findings

Inadequate controls are in place for the monitoring of the receipt and recording of gifts and hospitality received or offered. There is a need to review the existing policy and to issue fresh guidance. The review also highlighted the need for maintaining an up to date register of gifts and hospitality.

Analysis of Recommendations

Management accepted 13 of the 14 recommendations made:

3 High Risk (3 Accepted)
11 Medium Risk (10 Accepted)

Senior Line Management Comment (Assistant Commissioner Hogan-Howe)

Warehousing, Stocks and Stores Control - OTSU

Draft Report issued May 2001
Final report issued January 2002

Summary of Findings

There is a lack of controls within the stores function particularly in the segregation of duties. Maximum and minimum stock levels have not been set nor are periodic stocktakes performed. The stores held and issued stock on behalf of the client unit but do not maintain detailed stock records.

Analysis of Recommendations

Management accepted 13 of the15 recommendations made:

2 High Risk (not accepted)
6 Medium Risk (4 Accepted, 3 implemented and 1 in progress)
7 Low Risk (7 Accepted and implemented)

Senior Line Management Comment (Ailsa Beaton, Director of Information)

This was a useful audit which drew to our attention a number of efficiency issues that were timely to address. In particular there was a stock issue which, on review, prompted the unit to find an operational use for previously redundant equipment.

Environmental Policy and Procedures

Draft issued August 2001 
Final report issued January 2002

The commendable progress in developing environmental management is confined to initiatives taken forward by PSD. The necessary resources required to implement an effective MPS-wide environmental management system have not been identified and made available. Thus environmental management has not extended across all levels and functions of the MPS and MPS-wide identification and control of environmental risk/opportunity/compliance is incomplete. There is no overall responsibility or procedure in place to co-ordinate MPS assurance on compliance with environmental legislation.

Analysis of Recommendations

Management accepted all 18 recommendations made:

4 High Risk
8 Medium Risk
6 Low Risk

Senior Line Management Comment (Keith Luck, Director of Resources)

Energy Policy and Procedures

Draft Report issued August 2001
Final report issued January 2002

There are no formal responsibilities for energy management and efficiency at individual building level across MPS, hindering full compliance with policy. The energy management procedures and targets are not prioritised according to key risks or issues for MPS. There is inadequate resource available in PSD to manage and monitor energy consumption and resource has not been allocated to promote energy awareness, management and good practice across all levels and functions of the MPS.

Analysis of Recommendations

Management accepted all 15 recommendations made:

6 Medium Risk
9 Low Risk

Senior Line Management Comment (Keith Luck, Director of Resources)

DPA – Marketing, Advertising and Printing Contracts

Draft Report issued November 2001
Final report issued February 2002

Summary of Findings

The control framework is adequate but a number of controls are not operating effectively. Contracts are not always let in accordance with the MPS guidelines or EC Regulations. The system of control may not secure value for money.

Whilst orders for goods and services are made in accordance with laid down procedures within DPA, there is a need to improve controls over receipt of goods and services.

Analysis of Recommendations

Management accepted all 21 recommendations made:

4 High Risk
17 Medium Risk

Senior Line Management Comment (Dick Fedorcio, Director of Public Affairs)

This was a welcomed and timely audit which allowed us to review and update our processes and procedures. It was unfortunate that the Auditor based many of his recommendations on the handling of one particular contract – media research. As there was no industry standard available at the time this contract was awarded, the DPA had difficulty in applying the audit guidelines that we normally follow. However, this issue has already been addressed with the Director of Internal Audit and we are grateful for his support and assistance.

Systems Supporting Underwater Searches

Draft Report issued November 2001
Final report issued March 2002

Summary of Findings

There is no evidence to support the priority allocated to each search or that the search has been approved by the Inspector before it commenced. Inadequate controls exist over the authorisation of overtime as there is no evidence of prior authorisation by a senior officer.

Although adequate controls exist over the monitoring of the MSU budgets, expenditure incurred by the Search Unit is difficult to identify as all MSU transactions are posted to a single cost centre. A policy has not been established for the recharging of searches undertaken for external organisations.

Analysis of Recommendations

Management accepted all 12 recommendations made:

11 Medium Risk
1 Low Risk

Senior Line Management Comment (Assistant Commissioner Todd)

Security Clearance - Vetting and Passes

Draft Report issued April 2001
Final report issued March 2002

Summary of Findings

There is a clear security vetting policy in place but the control framework for ensuring compliance with the policy is not effective. There are control weaknesses in the processes of conducting security clearance checks and vetting, and responsibility for carrying out security vetting checks needs to be clearly defined.

Analysis of Recommendations

Management accepted 51 of the 55 recommendations made:

11 High Risk (8 Accepted)
44 Medium Risk (43 Accepted)

Senior Line Management Comment (Assistant Commissioner Ghaffur)

Boat Support and Maintenance

Draft Report issued November 2001
Final report issued April 2002

Summary of Findings

At the time of the audit controls were not in place to meet all the systems objectives and controls were not being consistently applied. However, during the review management undertook action to implement many of the recommendations made. The control framework therefore improved as a result of these actions.

The weaknesses identified during the audit included service objectives and performance indicators not being set and inadequate controls over the authorisation of repairs and servicing. There was also an absence of procedures for acquisition, transfer and disposal of assets and entries in the asset register were inaccurate.

Local budget monitoring did not take place and the security of the site against intruders was found to be inadequate in that no alarm or CCTV facilities were in place.

Analysis of Recommendations

Management accepted 48 of the 54 recommendations made:

1 High Risk (1 Accepted)
49 Medium Risk (43 Accepted)
4 Low Risk (4 Accepted)

Senior Line Management Comment (Keith Luck, Director of Resources)

All the recommendations in the report that were accepted in full have been implemented. The covering letter sent by the Director of Internal Audit with the Final Report stated that the control framework is now adequate.

Rent and Housing Allowance

Draft Report issued August 2001 
Final Report issued April 2002

Summary of Findings

There has been an improvement in the level of control in accuracy of payment since the last audit. However, the underlying potential for anomalies, errors and misuse remains, especially if there is any diminution in the expertise currently available in MPS Personnel and at the outsourced service provider (Capita BS Ltd.). This is why we consider that a fundamental review and simplification of the policy and procedures for payment of rent and housing allowances is long overdue.

Analysis of Recommendations

Management accepted 11 of the 12 recommendations made:

2 High Risk (1 accepted)
7 Medium Risk (7 accepted)
3 Low Risk (3 accepted)

Senior Line Management Comment (Keith Luck, Director of Resources)

e-purchasing of Office Supplies

Draft Report issued November 2001
Final Report issued April 2002

Summary of Findings

Ordering and receipting Office Supplies by computer through B2B has made aspects of the ordering process more secure and better controlled. However implementation of B2B has brought unforeseen in-house overheads at the centre and using B2B can be more time consuming than the manual process for the end-user. The system is vulnerable, as there are no effective arrangements in place for backup and business continuity. There were weaknesses in project control and management that a post implementation review will identify.

Analysis of Recommendations

Management accepted all 17 recommendations made:

8 Medium Risk
9 Low Risk

Senior Line Management Comment (Keith Luck, Director of Resources)

The summary is agreed but as always with caveats. The in house overheads comment refers to the considerable amount of DoP resources used to maintain the catalogues. In the past we have suggested that suppliers undertake this task but technical and security considerations have been put forward for not taking this route. We understand that the upgrade of B2B available shortly will enable this to be done through secure portals. The reference to time consuming relates partly to slow system response and partly to some users’ preference for ticking a box on a faxable pre-printed order form.

Public Order Operations

Draft Report issued February 2002
Final report issued May 2002

Summary of Findings

The control framework is adequate but a number of controls are not operating effectively. Systems in place for the documentation, approval and review of public order strategy are well controlled.

Controls over the identification and notification of public order events are operating effectively. Budgets have not been established and a structured debriefing process is not in place. However, since the audit action has been taken to implement a number of recommendations and a time table has been drawn up to address all the others.

Analysis of Recommendations

Management accepted all 23 recommendations made:

21 Medium Risk
2 Low Risk

Senior Line Management Comment (Assistant Commissioner Todd)

Follow up audits

Custody Records and Procedures

Draft Report issued July 2001
Final report issued September 2001

Summary of Findings

Management have implemented 12 of the 35 recommendations we made in our final report issued in October 1999 and control has improved in these areas. However 23 recommendations (including eight high risk) have not been implemented.

Asset Registers and Inventories

Draft Report issued July 2001
Final report issued October 2001

Summary of Findings

In our original report of January 1998 we made 21 recommendations (all High Risk). Sixteen of the these recommendations have been partially implemented and one has not been implemented.

At present there is no published MPS-wide policy addressing the issues relating to fixed assets and inventories. Whilst the Capital Accounting Paper was endorsed by the Finance Policy Group on 22 July 1999, the guidance included in the paper has not been issued to staff throughout the MPS.

Cash Handling and Cheque Security

Draft Report issued October 2001
Final report issued November 2001

Summary of Findings

Thirty-two of the 62 recommendations made in our original report have either not been implemented or have been partially implemented. These include 13 high-risk recommendations that have not been implemented, and seven high-risk recommendations that have been partially implemented.

Controls over cheques received through the post, prompt banking of cheques, monitoring of high level payments and system for preventing misappropriation of cheques continue to be inadequate.

Travel & Transport Arrangements DPCS4

Draft Report issued August 2001
Final report issued December 2001

Summary of Findings

Management have implemented 39 of the 41 recommendations we made in our original report issued in May 2000. In our opinion control has improved in these areas. However, our recommendation on the use of Airmiles for personal benefit has not been implemented although it was originally accepted. We have now recommended that this issue is referred to AC Human Resources.

Registration of Overseas Visitors

Draft Report issued August 2001
Final report issued December 2001

Summary of Findings

Management have implemented 10 of the 24 recommendations we made in our final report issued in February 2000 and control has improved in these areas. However, 14 recommendations (including one high risk) have not been or only partially implemented.

Control weaknesses still exist over reconciliation of income and accounting for stocks of blank certificates. A formal contingency plan has also not been set up and visitors are not being summoned as required.

Dispatch and Distribution

Draft Report issued October 2001
Final report issued January 2002

Summary of Findings

Management have implemented 6 of the 19 recommendations we made in our final report. Control has improved in these areas. Three recommendations are no longer applicable due to the withdrawal of the motorcycle courier service and 10 recommendations have not been addressed.

System development & control advice

Procurement

In response to concerns raised over the procurement of major outsourced contracts, we produced a document highlighting the key controls that should be in place for the process. Our Control Framework for the Procurement and Management of Major Service Contracts was endorsed by the FPBV in October 2001. This document is now being used to inform the MPS Procurement Strategy and process.

Budgetary Control

Budgetary control is a high risk area within the MPS. This advisory piece of work has identified the key controls and principles that would help to achieve effective budgetary control. Our Budgetary Control Framework paper was endorsed by FPBV in February 2002. The principles laid down in the paper are now being incorporated in MPS guidance and they will also be used to inform the devolved financial management process.

Best Value Co-ordination Group

We are a member of the Best Value Co-ordination Group, set up to support the Best Value reviews. We are reviewing the outcome of the Crime Investigation Best Value review and will be represented on each of the best value project teams this year. We will be acting in an advisory capacity and will also draw on any relevant work that we have done in the area under review i.e. Bringing Young Offenders to Justice and Records Management.

Records Management Best Value Review Project Board

We advise this project board both with regard to the Best Value Review process and with our specialist knowledge of best practice in management of paper and electronic records. The Project is due to report in June 2002.

National Fraud Initiative

We have the MPA/MPS lead for participation in this nation-wide fraud prevention and detection strategy. We are the liaison point between MPS colleagues, the Audit Commission and other public sector participants. MPS payroll and pensions data was provided to the NFI for the first time in October 2000 for data matching with that of other local authorities. We have investigated 29 cases, most of which have been dealt with by either local management action, and a further 2 cases await resolution. A total of £14,333 overpayment of pension has been recovered to date. The next NFI data matching exercise is due to start in autumn 2002.

Crime Related Property

A working group was set up to progress the implementation of recommendations made in our final report issued in March 1999. This has been superseded by another working group set up to discuss proposals for a new crime property computer system. We provide advice on the control issues that arise.

MPS IT Security Policy and the METSEC Project Board

We attend the quarterly METSEC Project Board meetings to advise and participate in discussions on matters of physical security (personal, asset and building security) and also logical controls for information systems. We comment on drafts of METSEC policies and proposed METSEC Standards at the request of PRS11(2). We share the results of investigations and audits and also provide advice and support to PRS11(2) on security issues.

MPS Corporate Personnel System – the MetHR project

The MetHR project is intended to provide a single corporate personnel system to replace a number of MPS legacy and local systems. We attend the MetHR Project Board as designated advisors to the project focussing on control aspects of software modules under development, in particular controls over the core database product and the MetHR to Payroll interface. We attend the Senior User Assurance Group as advisors and have been consulted on project management, logical and physical security and process and system testing. There continues to be a significant commitment by internal audit to this project.

Language Services Contracts Project Board

Following the issue of our audit report on Interpreters and Translators Services in August 1999, Linguistic Services launched a project to examine the payment structure. We attended project team meetings and provided control advice when required. Following negotiations between DPCS9 Linguistic and Medical Services Branch and the Association of Police and Court Interpreters a new fee structure was introduced on the 1st September 2001. Total potential annual savings have been estimated at £417,000.

IMSG Audit and Benefits Realisation sub-group.

We attend and advise this group which is chaired by the Director of Information and reports to the Information Management Steering Group. The group meets quarterly to track the progress of audits and monitor the implementation of internal audit recommendations pertinent to the Department of Information and PRS11(2).

MPS Infrastructure Programme Board

This Board is managing the projects to deliver the MPS technology upgrade for the corporate IT infrastructure. The Board meets monthly and we attend as advisors on control issues and respond to discussion papers when appropriate.

AWARE Senior User Assurance Group

The MPS is upgrading and standardising its corporate IT system. This group represents users of the MPS corporate Intranet and we attend monthly meetings as users and also to advise on controls. Significant internal audit resource is devoted to this developing corporate system.

Cheque Security

We advised on the adequacy of controls in place for the security of cheques being held and processed by an outsourced contractor. A number of areas for improvement were identified and the contractor has now been instructed by the MPS to implement our recommendations. An adequate level of control should now be in place.

Send an e-mail linking to this page

Feedback