| 1.2
Statements of Internal Financial Control |
|
| The
IG/ACE as agency accounting officer is required to sign a Statement of
Internal Control at the end of each financial year in effect confirming
the above. A copy of the type of control statement that the IG has to
sign can be seen at Annex C (details are given in parts 5 and 6 as to
Section Heads and Directors obligations). |
|
| 1.3
The Aim of this Manual |
|
| ‘To
bring together all of the threads (risk management, risk registers,
Statements of Internal Control, audit practice etc) which contribute to
the totality of good corporate governance.’ |
|
| Each
thread is interlinked, Section heads will not be able to sign off their
Statements of Internal Control without having made a risk assessment,
have compiled a risk register and ensured that all identified key risks
have been adequately controlled. Audits being but one of the many
controls to be utilised. |
| Carrying
out good corporate governance should, if sections are managed well now,
involve little or no extra work; moreover it involves a refocusing of
limited resources concentrating on the key risk areas. This manual aims
to explain why this should be and how it can be achieved. |
|
| 2.0
The
Role Of the Corporate Governance Group |
|
| 2.1
The role of the Corporate Governance Group |
|
| The Corporate Governance Group was formed to |
|
- To provide a forum for discussion for those directly
involved in The Service’s corporate governance review procedures
and managers of The Service’s key risks.
- To enable The Service to best direct resources in the
areas of risk management and audit.
- To ensure that The Service’s corporate governance and
risk management practices remain focussed, relevant and in
accordance with the views expressed by the Directing Board and Audit
Committee.
|
| 2.2
Accountability |
|
- To report to the Directing Board (annually) and Audit
Committee (at each meeting) on The Service’s corporate governance
practices
- To maintain and manage The Service’s Risk Register,
including the appropriateness of risk control strategies
- To plan and coordinate annual and long-term programmes
for corporate governance review
- To deal with matters referred to it by the IG/ACE,
Directing Board or Audit Committee
- To advise on/agree HQ Directorates and OR Ops risk
registers and management thereof, including the appropriateness of
risk control strategies
- To receive reports from The Service’s own corporate
governance review team on the corporate governance reviews carried
out
|
| 3.0
The Role of Internal Audit |
|
| Internal Audit are required to prepare an audit
strategy which provided the IG as Agency Accounting Officer with an
objective evaluation of the effectiveness of risk management, internal
control and corporate governance arrangements. |
|
| 3.1
Audit Focus and Approach |
|
| The
focus of the work carried out by Internal Audit is to provide
independent assurance to the IG on the following aspects of The Services
work: |
|
- Risk Management and Corporate Governance.
- Financial Control
- Project and Case Management Processes
- Other Significant Processes
|
| Areas selected for Internal Audit review are based upon
the following criteria: |
|
- Areas identified and agreed with senior management as
high risk or medium risk
- Key controls or controls processes which address a
number of key risks
- Areas that have not been subject to Internal Audit
review in the last year. Except areas where significant control
weaknesses have been found.
|
| 3.2
Example Audit Plan |
|
| The
following example audit plan provides guidance as to the timing and
scope of the ‘top level’ audits to be carried out by Internal Audit.
This provides assurance to the IG on a number of wide ranging areas
throughout HQ sections. |
|
| Audit
|
Initial
Scope/Processes to be audited
|
Auditor
Days
|
Quarter
|
|
|
|
|
|
|
Corporate Management and Control
|
Review of the Corporate Governance Process. It will
satisfy the NAO that appropriate Corporate Governance processes
are followed and allow the Internal Control Statement to be signed
|
30
|
Q1
|
|
|
|
|
|
|
Finance & Accounting
|
Review of key financial controls. To cover high level
Resource Budgeting and financial control, procurement, payments
and receipts processes
|
30
|
Q3
|
|
|
|
|
|
|
Central Accounting
|
Review of the key financial controls in the banking of
ISA monies, as highlighted in the NAO Management letter for 2001
|
10
|
Q3
|
|
|
|
|
|
|
Information Systems (1)
|
Review of the Project Management for ReFIT Project
including attendance at Project Board meetings
|
20
|
Q1
to Q4
|
|
|
|
|
|
|
Information Systems (2)
|
Review of the Key controls over the IT system
|
20
|
Q2
|
|
|
|
|
|
|
Human Resource Management
|
Review of the key controls over the pay and grading
systems, possibly including pay and pensions.
|
20
|
Q3
|
|
|
|
|
|
|
Policy
|
Review of the key controls over policy setting in
relation to the Enterprise Bill
|
10
|
Q4
|
|
|
|
|
|
|
Marketing, Media and Publicity
|
Risk Workshop on The Service’s marketing, media and
publicity processes e.g. in respect of the Enterprise Bill
|
0
|
Q4
|
|
|
|
|
|
|
|
| It should be noted that this only covers broad areas and
processes within The Service. At Directorate and section level each of
the key business processes should be subjected to audit. Section Heads
are required to produce an annual audit plan for their respective
sections in agreement with their Director, a copy of which must be
placed on the section’s Intranet site. |
| 5.0
The role of
the section head and local management |
|
| The Section head and their local management team play
an important part in ensuring that the IG is able to sign his statement
of Internal Control at year-end, the IG and DIG (HQ) placing reliance on
the Directors and Section Heads own statements of Internal Control. |
|
| 5.1
Section Head Requirements |
|
- Section Heads must ensure that each section has an
audit plan in place by the beginning of each new financial year
- Section Heads must review audit performance against
each Section Heads audit plan at least three times a year
- Section Heads must ensure that they sign a statement of
Internal Control at the end of each financial year
|
| 5.2
Bold Decisions |
|
| Section heads in agreement with their directors may at
times need to take bold decisions, which will differ according to
circumstances, about things which must be done, those which ideally
should be done but which may be governed by available resources and
those which it would be desirable to do given the resources but which
are of relatively little importance. |
|
| Section heads will not be required nor indeed expected to
personally have checked or ensured that every ‘t’ had been crossed
or every ‘i’ dotted. Section heads and directors will be required
however, to promote and engender a working culture of both
accountability and responsibility -removing the blame culture. |
|
| 5.3
Staff |
|
| Staff should be encouraged to take sensible and well
judged risks, within set parameters according to their role, and not to
be criticised the first time a mistake is made. Occasional error is
inevitable; a pattern of error, repeated by the same person or in the
same way is not acceptable. Proper managed application of audit practice
and risk management should minimise the possibility of this. |
|
| 5.4
A Consistent Approach |
|
| For reliance to be placed upon a section’s own corporate
governance practices, sections need to aim for consistency in what they
do but it is recognised this is not always possible due to the diverse
nature of the work they carry out and have leeway to do more, not less,
if they feel it appropriate to do so.
|
|
| 5.5
Audit Planner |
|
| The proforma statement of internal control, guidance
for which is found at part 9, must be completed on time. Completeness,
consistency and clarity of answers are essential. |
|
| Finally it should not be forgotten that corporate
governance is not just about finding fault, it is about recognising best
practice, rewarding best practice and ‘spreading the word!’ |
| 6.0
Local Assurance and Audit
Plans |
|
| 6.1
Introduction |
|
| This manual covers only the areas common to all
Sections and Directorates. Section heads should evaluate which are the
key processes within the section and devise an audit plan to ensure that
that these processes are effectively managed and controlled. |
|
| If you need guidance on what a business process is please
contact Tony Kisiel in Finance and Planning who will be able to assist
you in the production of your audit plan.
|
|
| 6.2 The
Audit Plan
|
|
| This range of internal checks of key processes are to
provide assurance to the Director on the range and scope of controls in
place within the section, individual section audit plans and timings are
to be produced by the Section Head and agreed, approved and signed off
by the respective Director. |
|
| Your finalised plan should then be submitted to Tony Kisiel
in Finance and Planning for collation and distribution to the Corporate
Governance Group members. The plan must be produced at the same time as
your business plan and attached as an annex to it as well as being
placed upon your intranet site.
|
|
| 6.3
IiP |
|
| As an IiP accredited organisation Section heads should
ensure that the section adheres to the principles and has in place an
effective induction programme, that pre and post course evaluation takes
place and that members of the management team can evidence their
commitment to training and development of their staff. |
|
| 6.4
Training and Development |
|
| It is important for Section heads to assess the
training and development needs of staff at the commencement of the year
or as early as possible to ensure that sufficient monies are available
within Section/Directorate budgets to ensure that staff training needs
are met. |
|
| 6.5
Audits |
|
| Staff management audits have been timed to coincide
with particular milestones during the year. The Directors will audit
PARS in May of each year (see 7.4). |
|
| With regard to PPP’s, come September the first PPP review
should have been carried out (during August) the Section Head is to then
ensure that these PPPs support the achievement of the Sections Business
Plan objectives and the audit plan.
|
|
| A check as to the adequacy of the review would be
sensible and if failings are identified there is ample time in which to
make amends and so possibly avoid an appeal of the forthcoming PAR. |
|
| 6.6
PPPs |
|
| Directors will notify Section Heads of how many and which
of their staff’s PPP’s to audit and as such will enable a sense of
independence to be maintained. It is envisaged that PPPs will be chosen
to cover 2/3 staff reporting to each line manager within the office (if
practical).
|
|
| 6.7
Health & Safety |
|
| The
form is based on that completed once a year by PSP – just slightly
shorter. Sections may feel that with PSP reviewing practices once a year
the form produced here is overly long, sections will have to make a
judgement if that is the case. Irrespective of that sections should
undertake the ‘visual inspection’ part of the form and this should
be factored into your section’s audit plan |
|
| 6.8
Public Service – Charter Standards |
|
| As
a holder of the Charter Mark award The Service needs to be sure that HQ
Units are meeting our own Charter Standards. Section heads should
undertake an audit of performance and monitoring of performance at least
two times a year. |
| 7.0
Directorate Audit and
Assurance |
|
| As
highlighted in the Statement of Internal Control at annex A, the
Director is not expected, nor should they re-audit everything audited by
the Section Head and their team. |
|
| 7.1 Carrying
out Audits
|
|
| However as well as relying on reports from the Section Head
the Director must also carry out a percentage of audits relating to
directorate processes (where appropriate).
|
|
| 7.2
Consistency in Approach |
|
| Directors
will be expected to audit the same processes audited by the Section Head
in the Sections Audit plan. Whilst this may seem laborious it is
essential to ensure that both the audit process is tested as well as the
judgement of the Section Head and their team in their audit findings. |
|
| 7.3 Auditing
Independently
|
|
| When auditing processes the Director should audit
independently of the findings already noted by the Section Head, only
once the Director has completed the audit should the findings be
compared.
|
|
| The Director should also comment, additionally, on the
way the audit forms have been completed, i.e. have they been completed,
if so are they wholly complete as far as possible, are they consistent
and legible. |
|
| 7.4
Staff Issues |
|
| Directors will not be expected to audit staff related
issues in the same was as Section heads and their teams. Directors will
be expected to audit a number of PARs in May of each financial year
(before they are forwarded to HR). |
|
| In conjunction with placing reliance on the audits
carried out by the office Directors will be expected to carry out a
‘Communications and Welfare’ audit half way through each financial
year. This will ensure that staff are satisfied (or not satisfied but
for no good reason) with the staff appraisal system, that they are being
adequately trained, that the office has sound communication processes
and that they are being treated fairly. |
|
|
As the issues being considered are of a more wide-ranging
nature and because some staff will be more able to give replies of use
than others, the audit sample will again be determined independently by
directors. All grades of staff will be included, as will differing
levels of experience. |
|
| 7.5
Section Head Accountability |
|
| It should also be noted that Sections Heads commitment
to Corporate Governance should be reflected in their PPPs and objectives
set for the achievement of their audit plans |
| 9.0
Guide to using
Corporate Governance Checklists |
|
| 9.1
Index of Audit
work (Proforma B)
|
|
| The index should be kept at the front of the
folder where all audit work should be located. Audit work must not be
kept by individual section members but filed in one place |
|
| 9.2
HQ
SECTION HEAD STATEMENT OF INTERNAL CONTROL and Directors Review
checklist (proformas C and D) |
|
| The
guidance below is to be read in conjunction with the Certificate of
Internal Control and Directors Review Checklist and will aid in their
completion. Whether or not questions require a YES/NO answer, examples
of good practice and/or explanations of what has not been done but will
be done within a given timescale should be given in the comment column. |
|
| 9.2.1
Organisational Framework |
|
| 9.2.1.1
Roles and Responsibilities |
|
| This section deals with ‘how do your staff know what
to do?’ i.e. are they adequately trained, if so how, what instructions
are there available to them, if so where. |
|
| For example there are many procedural instructions ranging
from guidance in the technical manual to simple at the desk instructions
and idiot guides on how to carry out a specific role or task. Only list
those your staff use or have access to. Likewise there are numerous ways
in which staff are trained to do their job. Either centrally driven, as
with NVQ’s in customer service or audit or ad hoc in the office all of
which should be in the sections training matrix and PPPs.
|
|
| It should also be noted that there cannot possibly be
instructions to cover every aspect of every job, this is particularly
the case in HQ where much project and liaison work is undertaken.
However, written objectives, notes of meetings etc should be kept to
ensure managers can determine outputs achieved and ensure that others
could take on that role when necessary.
|
|
| 9.2.1.2
Reviewing the effectiveness of processes and systems |
|
| This
section asks whether systems of internal control (such as management
checks, audits etc) and the underlying processes within the section are
monitored (if so how) and whether any weaknesses were found. Any
improvements made/action plans agreed as a result should be
listed/annexed to the checklist. |
|
| 9.2.1.3
Reaction to weaknesses |
|
| Once
weaknesses have been identified this section asks how were they
addressed, i.e. how and by whom were staff informed, examples should be
listed, what remedial action was taken, if any and if none why not. |
|
| 9.2
Accountability for section performance and resources |
|
| 9.2.1
Internal control environment |
|
| This
section covers a wide area of responsibility. The first five questions
relate to how you assess and review risks and the controls in place to
enable the section to achieve its objectives. The risk management
workshops will provide some evidence, as will other forms of audit etc |
|
| The
next three questions relate to section and individuals’ performance.
There is an abundance of management information you can list as well as
referring to the staff appraisal process. Specific examples should be
given |
|
| The
remaining questions relate to purely financial matters, desk
instructions together with any section notices can be given as examples
if applicable. |
|
| 9.2.3
Business Plans and Budgets
|
|
| 9.2.3.1
Planning systems
|
|
| This section should detail how your business plan and
budgets are agreed, reviewed and disseminated to staff. Evidence may
come from discussions with the Director and/or a section notice/e-mail
to show all staff are aware of the business plan and budgets.
|
|
| 9.2.3.2
Monitoring |
|
| Having
agreed the business plan and budgets this section asks for evidence to
show that actual performance has been assessed against the business plan
and budget, and if action was necessary as a result what it was, e.g.
how were matters managed to ensure that timeliness targets within the
section continued to be met despite rising inputs. |
|
| Internal reporting should be interpreted as management
information produced within the section, such as local database reports,
prepared budget spreadsheets etc |
|
| 9.2.4
Reliability of Management and Financial information
|
|
| 9.2.4.1 Internal
Reporting |
|
| This section asks you how you know the management and
financial information internal to your section is accurate, or in the
instance of Finance and Planning that provision of The Service’s
financial information is accurate |
|
| Management information should include (if appropriate),
budget monitoring spreadsheets, internal performance statistics for the
section, charter standards etc. |
|
| 9.2.4.2
External Reporting |
|
| This
section asks for your views on information provided about your section
by your Director and HQ. List comments as appropriate. If information
received has not been sufficient/accurate comment as to how and when the
issue was raised and eventually resolved if that is the case. |
|
| 9.2.5
Standards
of Behaviour |
|
| 9.2.5.1
Leadership |
|
| Evidence
can be provided of any workshops held or minutes of relevant meetings
held |
|
| 9.2.5.2
Regularity and Propriety |
|
| The Service provides discipline and grievance
procedures as well as a compulsory gifts and hospitality register. List
any other local activities here |
|
| 9.3
Staff Management (proformas E,F
& G) |
|
| Section heads and their teams will be expected to complete
forms for PPPs and Training and Development, Directors will audit the
PARs. Mention has been made in part 7 of this manual, local assurance
and audit plans as to the frequency and timing of such audits.
|
|
| If there are any concerns as to the findings of such
reviews throughout the year, HR can be contacted for advice on standards
of reporting If it is a grievance or discipline matter Inspectorate can
be contacted for advice |
|
| 9.4
FIRE, Health and Safety (proforma H) |
|
| PSP are responsible for all aspects of Heath and Safety
throughout 21 Bloomsbury Street and Ladywood House, they will bring to
Section heads attention any possible areas for concern or things that
should be addressed locally, these should be actioned upon and this
manual updated accordingly |
|
| 9.5
Public Service (proformas I,J &K)
|
|
| This area is split into two parts, Charter Standard
Compliance generally which should be completed by each section and a
review of the reception areas in London and Birmingham. PSP should agree
with a third party/ other section to conduct this audit on their behalf. |
|
| 9.6
Communication and Welfare (proforma L)
|
|
| This form should be sent to staff (nominated by
Directors) once a year by the director. In the main it deals with
communication issues, in the directorate, in the section and on a more
personal level. Effective communication is essential to the successful
running of any section or directorate |
|
| There are some questions that may
pose a greater degree of difficulty for Directors when they come to
assess the completed forms, such as relating to ‘staff feelings and
perceptions’ .If there are any concerns as to the findings of such
reviews, the Inspectorate should be contacted for advice.
|
|
| 9.7
Record of Audit Work (proforma M) |
|
| A ‘Record of audit work’ form should be completed
after each ‘batch of auditing’. This is to enable the findings of
such reviews to be bought together more easily. It must be remembered
that not only the negative be highlighted, the positive must also be
highlighted and best practice praised and disseminated |
|
| 9.8
Review
Assessments Summary (proforma N) |
|
| This form is to be completed by
the Director to bring together the findings of their reviews to compare
performance across the directorate over a range of activities and again
to highlight both good and not so good practice.
|
