You are in:

Contents

Warning: This is archived material and may be out of date. The Metropolitan Police Authority has been replaced by the Mayor's Office for Policing and Crime (MOPC).

See the MOPC website for further information.

Internal Audit Plan for April 2004 – March 2005

Report: 5
Date: 22 March 2004
By: Director of Internal Audit

Summary

This report and associated appendices sets out the proposed plan for the use of Internal Audit resources from 1 April 2004 to 31 March 2005.

The annual plan is based on an updated Audit Needs Assessment and Risk Analysis for the next five years ahead.

The plan has been discussed and agreed with the Deputy Commissioner and other senior police and police staff in the MPS. The Treasurer has approved the proposed annual plan for submission to the Audit Panel.

A. Recommendation

  1. Members approve the proposed use of Internal Audit resources and note the summary calculation of audit need and comparison to planned work set out in Appendices 1 and 2; and
  2. Members approve the programme of Internal Audit work, set out in Appendices 3 to 6.

B. Supporting information

Purpose and basis of the Annual Internal Audit Plan

1. The Annual Audit Plan is designed to ensure my auditors obtain sufficient information to enable me to form an opinion on the adequacy and effectiveness of the MPA/MPS control framework. This opinion assists the MPA Clerk and MPS Commissioner in providing a statement on internal control in the published accounts and other public documents of the MPA. My opinion draws on the evaluation of risks and controls found in each audit, the results of Internal Audit investigations during the year and any other relevant professional review work within the MPS.

2. The Plan has been discussed and relevant parts agreed with senior police and police staff in the MPS, including the Deputy Commissioner, the assistant commissioners responsible for Territorial Policing, Specialist Operations and Specialist Crime, the three most senior managers reporting to the Director of Resources and the Director of Information.

3. The MPA Treasurer has also approved the plan for submission to the Audit Panel.

4. The Audit Plan is risk based and the highest current risk determines those systems that will be audited in the financial year. It is drawn from our assessment of need based on a five-year rolling cycle and takes account of anticipated staffing levels with a small amount of contingency time for additional or urgent work. The assessment of audit need takes account of the MPS Corporate Risk Assessment and risk profiles produced by the MPS Director of Risk Management and agreed by the MPS Management Board.

5. Our Internal Audit risk assessment uses a number of factors to determine the likely current risk in a business or financial system. The seven key factors taken into account are:

  • The last known annual expenditure on an activity.
  • The last known annual income on an activity.
  • The value of any other funds/monies affected by the activity.
  • The expected or known current level of control of the activity.
  • The time since the last Internal Audit review of the activity.
  • The impact of a serious system failure on operational police objectives.
  • The likelihood of a serious system failure.

6. We combine these factors by giving each one a score between one and five, where one equals least value or control or risk and five equals the maximum value or risk, etc. The first five are added together. The impact and likelihood are combined by adding together and dividing by two. The result is then added to the sum of the other numbers and converted to a percentage of the maximum possible current risk to give an indication of the relative risk of each identified auditable area.

7. For the first time this year we have also applied the systems audit risk assessment process to operational command units, whether at boroughs or in SC or SO. This will guide the selection of OCUs and BOCUs for that part of the audit plan in the next financial year.

8. The attached appendices set out how we have calculated the audit need, the resources available to cover the need and our draft plans for audit work next year.

9. Appendix 1 and Appendix 2 highlight the calculated need and the resources available to meet the need. In summary these show that we are planning to meet 82% of the identified audit need for system advice and planned audits and 88% of the need for investigative work. Overall 84% of the identified need will be met (representing a 2% increase on last year due to additional forensic resources following a recent recruitment).

10. Key systems such as Business Performance Management, Partnerships Control and Funding, Major Incident Response, Security Clearance and Vetting, Property Services Major Works, Police Operational Training, Sponsorship Monitoring and Control and the Payment and Recruitment of Forensic Medical Examiners will be covered during the year. Three audits have been carried forward from last year’s programme at the request of senior MPS line managers, Police Overtime, Budgetary Preparation, Approval and Monitoring and Corporate Risk Assessment and Management.

11. Appendices 3 to 5 list all our planned systems audits, our follow-up programme and significant systems development work for the next financial year.

12. Appendix 6 [To be distributed at Audit Panel] highlights our review programme for Borough Operational Command Units (BOCUs) and Specialist and central MPS Command Units (OCUs). Our work in this area is planned around reviewing ten basic business and financial systems that all Command Units need, including arrangements for police overtime, dealing with sponsorship and partnership funds, crime property and controls over computer systems.

Key themes of our work for 2004-2005

13. We will continue to increase the time spent on BOCU/OCU reviews and increase our profile at the local level – work in this area is being well received and has highlighted a need, particularly at BOCUs, for experienced auditor assistance and advice.

14. On the theme of advice we will issue further guidance to all BOCU/OCU Commanders and further develop our risk awareness training aimed at the local business and financial risks and controls.

15. We will continue with the expansion of our advisory role. Key areas include Outsourcing, C3i, MetDuties, Devolved Financial Management, Partnership funding and control and Crime Property.

16. We hope to build on our successes to date, particularly now we are achieving more of the programme. The achievement of more of our follow-up audit programme in the last year has demonstrated their value in ensuring that real improvements are made to MPS systems. They are, of necessity, not as thorough as a full audit and until now we have rarely had the opportunity to revisit systems already subject to a full audit and follow–up, as we have not had the resources or capability to meet the planned five year cycle. This year we will be carrying out a full review of some systems audited for the first time in the MPS five or so years ago, when we will get an in depth chance to see if implemented control improvements have lasted and remained of value in today’s fast changing policing environment.

Liaison with other review bodies and police auditors

17. I plan to work closely with the MPS Director of Risk Management in ensuring that his agreed strategies help minimise the risks and control weaknesses in the MPS. The MPS has invited me to be a founder member and adviser to their Corporate Risk Management Committee which will examine the reviews of all audit and inspection groups working in the MPS to ensure not only effective co-ordination of audit and inspection strategies but critically that key messages are acted upon by the appropriate senior MPS manager to prevent or minimise weaknesses in control. This Committee also has a wider role in ensuring that the MPS contributes to the overall corporate governance framework.

18. We will continue to be active members of working groups in the MPS co-ordinating internal and external reviewers.

19. We plan to hold regular meetings with Audit Commission and HMIC representatives on our work programme and areas of co-ordinated activity.

20. I am now deputy Chair and hope during 2004-2005 to be elected Chair of the National Group of Police Auditors. My Deputy Director is an active member of the northern group of ‘metropolitan’ police authority auditors and for both groups we plan to contribute as far as we can to the development of auditing within the police environment.

Fraud investigation and liaison

21. For the first time we are approaching full staffing in the Forensic Audit Branch of Internal Audit, through the successful recruitment of two experienced investigators. This will enable us to cover more of our planned investigative work next year.

22. We will continue to expand and increase the effectiveness of our work with MPS Professional Standards at a number of levels. We will continue to have a liaison where appropriate with the Fraud Squad and with local CID units.

23. A key part of our investigative work is the ‘backroom’ analytical support, which will be focused and proactive in supporting both investigations and systems audit work.

C. Equality and diversity implications

Internal Audit continues to reflect the diverse community within which the MPS and MPA operate. Three staff have been appointed this year to date, taking the percentage of visible ethnic minority staff to a third of my total staffing and the number of female staff to seven.

D. Financial implications

The Annual Plan is designed to match the agreed budget for 2004-2005. There are no further financial implications.

E. Background papers

None

F. Contact details

Report author: Peter Tickner, Director of Internal Audit, MPA.

For information contact:

MPA general: 020 7202 0202
Media enquiries: 020 7202 0217/18

Appendix 1

Calculation of annual Internal Audit need

1. Total audit need for a five-year cycle of audits

  • Systems audits from the Audit Needs Assessment (based on five year cycle auditing high risk systems three times in five years, Medium risk systems twice in five years, Low risk systems once in five years): 13,035 days.
  • Every BOCU/OCU one 45 day audit every five years: 2,600 days

(For both the above the time allowed includes time for the follow-up audit as well)

  • Five year total system audits and reviews: 15,635 audit days

2. Annual audit need calculation

  • Annual total systems audit need: 3,127 days (53% need)
  • Systems development work per annum: 606 days (10% need)
  • Analysing key financial systems per annum: 210 days (4% need)
  • Total systems audit and audit advice: 3,943 days (67% need)
  • Forensic Audit (investigations, preventative advice and National Fraud Initiative): 1,976 days (33% need)
  • Total Annual Internal Audit Need: 5,919 audit days (100% need)

Appendix 2

Internal Audit Plan 2004/2005 based on probable staffing levels

  Systems Audit
staff days
Forensic Audit
staff days
Total days
Total available time 4240 2750 6990
Total indirect time 898 507 1405
Total direct time available 3342 2243 5585
Systems audits carried forward 185 0 185
Operational audits 450 143 593
Follow up audits 285 40 325
Control advice 60 40 100
Systems development work 480 40 520
Analysing key financial systems 40 170 210
Ring fenced for investigations 30 1700 1730
National fraud initiative work 0 25 25
Total direct audit time committed 1530 2158 3688
Balance of in-house days available 1812 85 1897
Add
Contracted in audit days 15 15 30
Less
Corporate Development 118 118 138
Internal audit projects 150 150 190
Planning 103 103 143
Contingency (up to 5% of direct time) 151 151 151
Summary
Time available for new audits 1305 0 1305

 Reconciliation of need against plan

  Days % Need Plan Days % Plan
Annual systems audit need 3127 53% 2393 48%
Systems development need 606 10% 620 12%
Managed audit work 210 4% 210 4%
Total systems audit and audit advice need 3943 67% 3223 65%
Total forensic audit need (including support for investigations) 1976 33% 1740 35%
Total annual internal audit need 5919 100% 4963 100%
Shortfall against need     956 16%

Appendix 3

System Group Audit Title Risk
Business Management Amendments to Pay Standing Data Mid
Business Management Business Performance Management High
Business Management Corporate Risk Assessment & Management High
Business Management Inspection & Review Framework Mid
Business Management Management & Consultancy Services Mid
Business Management Police Officers Pensions High
Business Management Police Staff Pensions Mid
Business Management Transport & Travel Arrangements Mid
Business Management Police Overtime Payments High
Corporate Freedom of Information Control & Enforcement Mid
Corporate Partnerships Funding & Control High
Corporate Planning for the Prevention & Detection of Fraud & Corruption Mid
Corporate Security Clearance & Management Vetting Mid
Covert Activities Acquisition of Fixtures & Fittings - (Covert) Mid
Covert Activities Conflict Policing (Covert) Mid
Covert Activities Covert Communications Mid
Estate Local Procedures/Minor Works Mid
Estate Major Works - Contract Control Mid
Estate Major Works - Post Contract Processes Mid
Estate Major Works - Pre Contract Processes Mid
Financial Support Budget Preparation, Approval & Monitoring High
Human Resources Police - Career Management Mid
Human Resources Police Operational Training High
Human Resources Police Specialised Training High
National Policing Complaints, Monitoring, Statistics & Records Mid
National Policing Registration of Overseas Visitors & Immigration Checks Mid
Operational Support Custody - Records & Procedures Mid
Operational Support Forensic Medical Examiners - Payments Mid
Operational Support Forensic Medical Examiners - Recruitment & Training Mid
Operational Support Major Incident Response High
Operational Support Radio Communications Mid
Operational Support Resourcing & Management of Specials Mid
Operational Support System Supporting Service-wide Priorities Mid
Operational Support System Supporting Visual Identification Mid
Operational Support DNA and related Forensic Services Mid
Procurement Procurement & Contract Management Framework Mid
Procurement Sponsorship Monitoring & Control Mid

Appendix 4

Internal Audit programme of follow up reviews 2004/05

System Group Audit Title
Business Management Business Performance Management
Business Management Corporate Risk Assessment & Management
Business Management Management of Outsourced Financial Services
Business Management Management of Outsourced Services - IT
Business Management Management of PFI
Business Management Police - Allowances & Expenses
Business Management Police Officer and Police Staff Starters & Leavers
Business Management Police Officers Pensions
Business Management Police Overtime Payments
Business Management Programme Management Framework
Business Management Use and Control of Fuel
Business Management Vehicle Fleet Management (incl. Provision & Disposal)
Corporate Claims Against the Commissioner
Corporate Corporate Strategy & Planning
Corporate Creation, Storage, Security and Disposal of Electronic Documents
Corporate Ethics & Accountability
Corporate Data Protection Control & Enforcement
Corporate IS/IT Access & Usage Control
Corporate Police Collision Claims/Insurance
Corporate Police Officer and Police Staff Support Outside the UK
Corporate Storage & Display of Police Artifacts
Covert Activities Accounts Control – SO/SCD (C)
Covert Activities Accounts Control - SO12 (C)
Covert Activities Accounts Control - TSU SO11 (C)
Covert Activities Provision of Covert Vehicles (C)
Covert Activities Secure Intelligence Systems (C)
Estate Acquisition & Disposal of Property
Estate Engineering Maintenance
Estate Estate Strategy Management
Financial Support Support Cash Security & Disbursement
Financial Support Claims, Debtors and Debtor Control
Financial Support Creditor Payment System
Financial Support Investment, Borrowing and Cash Management
Financial Support Receipt & Banking of Income
Financial Support Statutory Pay & Net Pay Reconciliation
Financial Support VAT Control
Human Resources Diversity Application & Monitoring
Human Resources Induction and Assessment of New Recruits – Police Officers
Human Resources Induction of Police Staff Recruits
Human Resources Police Operational Training
Human Resources Police Probationer Training
Human Resources Police Officer Recruitment
Human Resources Police Specialised Training
Human Resources Police Staff Career Management
Operational Support Barnet BOCU
Operational Support Brent BOCU
Operational Support Havering BOCU
Operational Support Hillingdon BOCU
Operational Support Imaging Services, Identification Services, DNA & Fingerprints
Operational Support Interview Tapes - Retention, Storage and Disposal
Operational Support Major Enquiry Systems
Operational Support MPA Business & Financial Systems
Operational Support Systems Supporting Camera Partnerships
Operational Support Voice Communications
Operational Support Procurement Uniform Services - Procurement & Support
Procurement Uniform Services - Procurement & Support

Appendix 5

Internal Audit - proposed systems development projects 2004/05

System Group Audit Title
Business Management Police Officer Overtime
Business Management MetDuties (CARM & Duties Management)
Business Management e-business - external
Business Management e-business - internal
Business Management Outsourcing of Major Services
Business Management Programme Valiant, KIISMET & IS Strategy
Business Management Project LINK – Directorate of Resources IS/IT Support Systems
Corporate METSEC Project Board
Corporate National Fraud Initiative
Corporate PKI - Corporate IT Security
Corporate Risk Management (Monitoring Financial Status of External Contractors) Group
Corporate Corporate Risk Assessment & BC/DR
Covert Activities Covert Control Environment
Financial Support Activity Based Costing
Financial Support Devolved Financial Management
Human Resources MetHR Corporate Personnel Project
Operational Support Risk & Control Awareness Training
Operational Support Airwave
Operational Support AWARE Implementation
Operational Support C3I
Operational Support Crime Property in MPS
Operational Support DIANE/IIP
Operational Support e-policing
Operational Support Infrastructure Programme Clarity
Operational Support MERLIN (missing persons computer system)
Operational Support METAFOR
Operational Support MetMIS

Send an e-mail linking to this page

Feedback