Contents
Report 5 of the 22 Mar 04 meeting of the Audit Panel and sets out the proposed plan for the use of Internal Audit resources from 1 April 2004 to 31 March 2005.
Warning: This is archived material and may be out of date. The Metropolitan Police Authority has been replaced by the Mayor's Office for Policing and Crime (MOPC).
See the MOPC website for further information.
Internal Audit Plan for April 2004 – March 2005
Report: 5
Date: 22 March 2004
By: Director of Internal Audit
Summary
This report and associated appendices sets out the proposed plan for the use of Internal Audit resources from 1 April 2004 to 31 March 2005.
The annual plan is based on an updated Audit Needs Assessment and Risk Analysis for the next five years ahead.
The plan has been discussed and agreed with the Deputy Commissioner and other senior police and police staff in the MPS. The Treasurer has approved the proposed annual plan for submission to the Audit Panel.
A. Recommendation
- Members approve the proposed use of Internal Audit resources and note the summary calculation of audit need and comparison to planned work set out in Appendices 1 and 2; and
- Members approve the programme of Internal Audit work, set out in Appendices 3 to 6.
B. Supporting information
Purpose and basis of the Annual Internal Audit Plan
1. The Annual Audit Plan is designed to ensure my auditors obtain sufficient information to enable me to form an opinion on the adequacy and effectiveness of the MPA/MPS control framework. This opinion assists the MPA Clerk and MPS Commissioner in providing a statement on internal control in the published accounts and other public documents of the MPA. My opinion draws on the evaluation of risks and controls found in each audit, the results of Internal Audit investigations during the year and any other relevant professional review work within the MPS.
2. The Plan has been discussed and relevant parts agreed with senior police and police staff in the MPS, including the Deputy Commissioner, the assistant commissioners responsible for Territorial Policing, Specialist Operations and Specialist Crime, the three most senior managers reporting to the Director of Resources and the Director of Information.
3. The MPA Treasurer has also approved the plan for submission to the Audit Panel.
4. The Audit Plan is risk based and the highest current risk determines those systems that will be audited in the financial year. It is drawn from our assessment of need based on a five-year rolling cycle and takes account of anticipated staffing levels with a small amount of contingency time for additional or urgent work. The assessment of audit need takes account of the MPS Corporate Risk Assessment and risk profiles produced by the MPS Director of Risk Management and agreed by the MPS Management Board.
5. Our Internal Audit risk assessment uses a number of factors to determine the likely current risk in a business or financial system. The seven key factors taken into account are:
- The last known annual expenditure on an activity.
- The last known annual income on an activity.
- The value of any other funds/monies affected by the activity.
- The expected or known current level of control of the activity.
- The time since the last Internal Audit review of the activity.
- The impact of a serious system failure on operational police objectives.
- The likelihood of a serious system failure.
6. We combine these factors by giving each one a score between one and five, where one equals least value or control or risk and five equals the maximum value or risk, etc. The first five are added together. The impact and likelihood are combined by adding together and dividing by two. The result is then added to the sum of the other numbers and converted to a percentage of the maximum possible current risk to give an indication of the relative risk of each identified auditable area.
7. For the first time this year we have also applied the systems audit risk assessment process to operational command units, whether at boroughs or in SC or SO. This will guide the selection of OCUs and BOCUs for that part of the audit plan in the next financial year.
8. The attached appendices set out how we have calculated the audit need, the resources available to cover the need and our draft plans for audit work next year.
9. Appendix 1 and Appendix 2 highlight the calculated need and the resources available to meet the need. In summary these show that we are planning to meet 82% of the identified audit need for system advice and planned audits and 88% of the need for investigative work. Overall 84% of the identified need will be met (representing a 2% increase on last year due to additional forensic resources following a recent recruitment).
10. Key systems such as Business Performance Management, Partnerships Control and Funding, Major Incident Response, Security Clearance and Vetting, Property Services Major Works, Police Operational Training, Sponsorship Monitoring and Control and the Payment and Recruitment of Forensic Medical Examiners will be covered during the year. Three audits have been carried forward from last year’s programme at the request of senior MPS line managers, Police Overtime, Budgetary Preparation, Approval and Monitoring and Corporate Risk Assessment and Management.
11. Appendices 3 to 5 list all our planned systems audits, our follow-up programme and significant systems development work for the next financial year.
12. Appendix 6 [To be distributed at Audit Panel] highlights our review programme for Borough Operational Command Units (BOCUs) and Specialist and central MPS Command Units (OCUs). Our work in this area is planned around reviewing ten basic business and financial systems that all Command Units need, including arrangements for police overtime, dealing with sponsorship and partnership funds, crime property and controls over computer systems.
Key themes of our work for 2004-2005
13. We will continue to increase the time spent on BOCU/OCU reviews and increase our profile at the local level – work in this area is being well received and has highlighted a need, particularly at BOCUs, for experienced auditor assistance and advice.
14. On the theme of advice we will issue further guidance to all BOCU/OCU Commanders and further develop our risk awareness training aimed at the local business and financial risks and controls.
15. We will continue with the expansion of our advisory role. Key areas include Outsourcing, C3i, MetDuties, Devolved Financial Management, Partnership funding and control and Crime Property.
16. We hope to build on our successes to date, particularly now we are achieving more of the programme. The achievement of more of our follow-up audit programme in the last year has demonstrated their value in ensuring that real improvements are made to MPS systems. They are, of necessity, not as thorough as a full audit and until now we have rarely had the opportunity to revisit systems already subject to a full audit and follow–up, as we have not had the resources or capability to meet the planned five year cycle. This year we will be carrying out a full review of some systems audited for the first time in the MPS five or so years ago, when we will get an in depth chance to see if implemented control improvements have lasted and remained of value in today’s fast changing policing environment.
Liaison with other review bodies and police auditors
17. I plan to work closely with the MPS Director of Risk Management in ensuring that his agreed strategies help minimise the risks and control weaknesses in the MPS. The MPS has invited me to be a founder member and adviser to their Corporate Risk Management Committee which will examine the reviews of all audit and inspection groups working in the MPS to ensure not only effective co-ordination of audit and inspection strategies but critically that key messages are acted upon by the appropriate senior MPS manager to prevent or minimise weaknesses in control. This Committee also has a wider role in ensuring that the MPS contributes to the overall corporate governance framework.
18. We will continue to be active members of working groups in the MPS co-ordinating internal and external reviewers.
19. We plan to hold regular meetings with Audit Commission and HMIC representatives on our work programme and areas of co-ordinated activity.
20. I am now deputy Chair and hope during 2004-2005 to be elected Chair of the National Group of Police Auditors. My Deputy Director is an active member of the northern group of ‘metropolitan’ police authority auditors and for both groups we plan to contribute as far as we can to the development of auditing within the police environment.
Fraud investigation and liaison
21. For the first time we are approaching full staffing in the Forensic Audit Branch of Internal Audit, through the successful recruitment of two experienced investigators. This will enable us to cover more of our planned investigative work next year.
22. We will continue to expand and increase the effectiveness of our work with MPS Professional Standards at a number of levels. We will continue to have a liaison where appropriate with the Fraud Squad and with local CID units.
23. A key part of our investigative work is the ‘backroom’ analytical support, which will be focused and proactive in supporting both investigations and systems audit work.
C. Equality and diversity implications
Internal Audit continues to reflect the diverse community within which the MPS and MPA operate. Three staff have been appointed this year to date, taking the percentage of visible ethnic minority staff to a third of my total staffing and the number of female staff to seven.
D. Financial implications
The Annual Plan is designed to match the agreed budget for 2004-2005. There are no further financial implications.
E. Background papers
None
F. Contact details
Report author: Peter Tickner, Director of Internal Audit, MPA.
For information contact:
MPA general: 020 7202 0202
Media enquiries: 020 7202 0217/18
Appendix 1
Calculation of annual Internal Audit need
1. Total audit need for a five-year cycle of audits
- Systems audits from the Audit Needs Assessment (based on five year cycle auditing high risk systems three times in five years, Medium risk systems twice in five years, Low risk systems once in five years): 13,035 days.
- Every BOCU/OCU one 45 day audit every five years: 2,600 days
(For both the above the time allowed includes time for the follow-up audit as well)
- Five year total system audits and reviews: 15,635 audit days
2. Annual audit need calculation
- Annual total systems audit need: 3,127 days (53% need)
- Systems development work per annum: 606 days (10% need)
- Analysing key financial systems per annum: 210 days (4% need)
- Total systems audit and audit advice: 3,943 days (67% need)
- Forensic Audit (investigations, preventative advice and National Fraud Initiative): 1,976 days (33% need)
- Total Annual Internal Audit Need: 5,919 audit days (100% need)
Appendix 2
Internal Audit Plan 2004/2005 based on probable staffing levels
| Systems Audit staff days |
Forensic Audit staff days |
Total days | |
|---|---|---|---|
| Total available time | 4240 | 2750 | 6990 |
| Total indirect time | 898 | 507 | 1405 |
| Total direct time available | 3342 | 2243 | 5585 |
| Systems audits carried forward | 185 | 0 | 185 |
| Operational audits | 450 | 143 | 593 |
| Follow up audits | 285 | 40 | 325 |
| Control advice | 60 | 40 | 100 |
| Systems development work | 480 | 40 | 520 |
| Analysing key financial systems | 40 | 170 | 210 |
| Ring fenced for investigations | 30 | 1700 | 1730 |
| National fraud initiative work | 0 | 25 | 25 |
| Total direct audit time committed | 1530 | 2158 | 3688 |
| Balance of in-house days available | 1812 | 85 | 1897 |
| Add | |||
| Contracted in audit days | 15 | 15 | 30 |
| Less | |||
| Corporate Development | 118 | 118 | 138 |
| Internal audit projects | 150 | 150 | 190 |
| Planning | 103 | 103 | 143 |
| Contingency (up to 5% of direct time) | 151 | 151 | 151 |
| Summary | |||
| Time available for new audits | 1305 | 0 | 1305 |
Reconciliation of need against plan
| Days | % Need | Plan Days | % Plan | |
|---|---|---|---|---|
| Annual systems audit need | 3127 | 53% | 2393 | 48% |
| Systems development need | 606 | 10% | 620 | 12% |
| Managed audit work | 210 | 4% | 210 | 4% |
| Total systems audit and audit advice need | 3943 | 67% | 3223 | 65% |
| Total forensic audit need (including support for investigations) | 1976 | 33% | 1740 | 35% |
| Total annual internal audit need | 5919 | 100% | 4963 | 100% |
| Shortfall against need | 956 | 16% |
Appendix 3
| System Group | Audit Title | Risk |
|---|---|---|
| Business Management | Amendments to Pay Standing Data | Mid |
| Business Management | Business Performance Management | High |
| Business Management | Corporate Risk Assessment & Management | High |
| Business Management | Inspection & Review Framework | Mid |
| Business Management | Management & Consultancy Services | Mid |
| Business Management | Police Officers Pensions | High |
| Business Management | Police Staff Pensions | Mid |
| Business Management | Transport & Travel Arrangements | Mid |
| Business Management | Police Overtime Payments | High |
| Corporate | Freedom of Information Control & Enforcement | Mid |
| Corporate | Partnerships Funding & Control | High |
| Corporate | Planning for the Prevention & Detection of Fraud & Corruption | Mid |
| Corporate | Security Clearance & Management Vetting | Mid |
| Covert Activities | Acquisition of Fixtures & Fittings - (Covert) | Mid |
| Covert Activities | Conflict Policing (Covert) | Mid |
| Covert Activities | Covert Communications | Mid |
| Estate | Local Procedures/Minor Works | Mid |
| Estate | Major Works - Contract Control | Mid |
| Estate | Major Works - Post Contract Processes | Mid |
| Estate | Major Works - Pre Contract Processes | Mid |
| Financial Support | Budget Preparation, Approval & Monitoring | High |
| Human Resources | Police - Career Management | Mid |
| Human Resources | Police Operational Training | High |
| Human Resources | Police Specialised Training | High |
| National Policing | Complaints, Monitoring, Statistics & Records | Mid |
| National Policing | Registration of Overseas Visitors & Immigration Checks | Mid |
| Operational Support | Custody - Records & Procedures | Mid |
| Operational Support | Forensic Medical Examiners - Payments | Mid |
| Operational Support | Forensic Medical Examiners - Recruitment & Training | Mid |
| Operational Support | Major Incident Response | High |
| Operational Support | Radio Communications | Mid |
| Operational Support | Resourcing & Management of Specials | Mid |
| Operational Support | System Supporting Service-wide Priorities | Mid |
| Operational Support | System Supporting Visual Identification | Mid |
| Operational Support | DNA and related Forensic Services | Mid |
| Procurement | Procurement & Contract Management Framework | Mid |
| Procurement | Sponsorship Monitoring & Control | Mid |
Appendix 4
Internal Audit programme of follow up reviews 2004/05
| System Group | Audit Title |
|---|---|
| Business Management | Business Performance Management |
| Business Management | Corporate Risk Assessment & Management |
| Business Management | Management of Outsourced Financial Services |
| Business Management | Management of Outsourced Services - IT |
| Business Management | Management of PFI |
| Business Management | Police - Allowances & Expenses |
| Business Management | Police Officer and Police Staff Starters & Leavers |
| Business Management | Police Officers Pensions |
| Business Management | Police Overtime Payments |
| Business Management | Programme Management Framework |
| Business Management | Use and Control of Fuel |
| Business Management | Vehicle Fleet Management (incl. Provision & Disposal) |
| Corporate | Claims Against the Commissioner |
| Corporate | Corporate Strategy & Planning |
| Corporate | Creation, Storage, Security and Disposal of Electronic Documents |
| Corporate | Ethics & Accountability |
| Corporate | Data Protection Control & Enforcement |
| Corporate | IS/IT Access & Usage Control |
| Corporate | Police Collision Claims/Insurance |
| Corporate | Police Officer and Police Staff Support Outside the UK |
| Corporate | Storage & Display of Police Artifacts |
| Covert Activities | Accounts Control – SO/SCD (C) |
| Covert Activities | Accounts Control - SO12 (C) |
| Covert Activities | Accounts Control - TSU SO11 (C) |
| Covert Activities | Provision of Covert Vehicles (C) |
| Covert Activities | Secure Intelligence Systems (C) |
| Estate | Acquisition & Disposal of Property |
| Estate | Engineering Maintenance |
| Estate | Estate Strategy Management |
| Financial Support | Support Cash Security & Disbursement |
| Financial Support | Claims, Debtors and Debtor Control |
| Financial Support | Creditor Payment System |
| Financial Support | Investment, Borrowing and Cash Management |
| Financial Support | Receipt & Banking of Income |
| Financial Support | Statutory Pay & Net Pay Reconciliation |
| Financial Support | VAT Control |
| Human Resources | Diversity Application & Monitoring |
| Human Resources | Induction and Assessment of New Recruits – Police Officers |
| Human Resources | Induction of Police Staff Recruits |
| Human Resources | Police Operational Training |
| Human Resources | Police Probationer Training |
| Human Resources | Police Officer Recruitment |
| Human Resources | Police Specialised Training |
| Human Resources | Police Staff Career Management |
| Operational Support | Barnet BOCU |
| Operational Support | Brent BOCU |
| Operational Support | Havering BOCU |
| Operational Support | Hillingdon BOCU |
| Operational Support | Imaging Services, Identification Services, DNA & Fingerprints |
| Operational Support | Interview Tapes - Retention, Storage and Disposal |
| Operational Support | Major Enquiry Systems |
| Operational Support | MPA Business & Financial Systems |
| Operational Support | Systems Supporting Camera Partnerships |
| Operational Support | Voice Communications |
| Operational Support | Procurement Uniform Services - Procurement & Support |
| Procurement | Uniform Services - Procurement & Support |
Appendix 5
Internal Audit - proposed systems development projects 2004/05
| System Group | Audit Title |
|---|---|
| Business Management | Police Officer Overtime |
| Business Management | MetDuties (CARM & Duties Management) |
| Business Management | e-business - external |
| Business Management | e-business - internal |
| Business Management | Outsourcing of Major Services |
| Business Management | Programme Valiant, KIISMET & IS Strategy |
| Business Management | Project LINK – Directorate of Resources IS/IT Support Systems |
| Corporate | METSEC Project Board |
| Corporate | National Fraud Initiative |
| Corporate | PKI - Corporate IT Security |
| Corporate | Risk Management (Monitoring Financial Status of External Contractors) Group |
| Corporate | Corporate Risk Assessment & BC/DR |
| Covert Activities | Covert Control Environment |
| Financial Support | Activity Based Costing |
| Financial Support | Devolved Financial Management |
| Human Resources | MetHR Corporate Personnel Project |
| Operational Support | Risk & Control Awareness Training |
| Operational Support | Airwave |
| Operational Support | AWARE Implementation |
| Operational Support | C3I |
| Operational Support | Crime Property in MPS |
| Operational Support | DIANE/IIP |
| Operational Support | e-policing |
| Operational Support | Infrastructure Programme Clarity |
| Operational Support | MERLIN (missing persons computer system) |
| Operational Support | METAFOR |
| Operational Support | MetMIS |
Send an e-mail linking to this page
Feedback