INTERNAL AUDIT ACTIVITY REPORT - westmidlands … · 2014 (Inc Risk Mgt) Controlled, but needs improvement N/A West Midlands Office for Policing and Crime Department 2014 (inc Risk

Ben Jarrett CPFA, Head of Internal Audit

25th July 2014

INTERNAL AUDIT ACTIVITY REPORT Head of Internal Audit – Ben Jarrett

Ext: 7800 2324

e-mail: jarrett_57356

Copies to: Joint Audit Committee / PCC / CC Mike Williams – Chief Financial Officer David Wilkin – Director of Resources

Internal Audit Services

Internal Audit Activity Report 25th

July 2014

1

Contents

Introduction ............................................................................................................. 2

Progress Summary ................................................................................................. 2

Overall Opinion on Control Environment 2013/14 ................................................ 4

On-Going Status of Major/Significant Recommendations ................................... 6

Other Areas of Activity............................................................................................ 7

Appendix 1 – Internal Audit Plan – Status / Assurance Summary ........................8

Appendix 2 – On-Going Status of Major/Significant Recommendations .......... 12

Appendix 3 – Audit opinion and recommendation definitions .......................... 16



July 2014

2

Introduction 1. This report provides an overview of the work undertaken by Internal Audit during the

period 1st April 2014 to the 30

th June 2014 and the progress against the Internal Audit

Plan for 2014/15.

Progress Summary 2. Attached at Appendix 1 is a summary of Internal Audit progress against planned

activity to 30th

June 2014. The appendix summarises the status of each audit review and the level of assurance provided where applicable. 26 reviews have been completed and finalised during the period.

3. Since the 1

st April 2014, Table 1 details these 26 Internal Audit reviews that have been

reported and agreed with management. This table also cross references with Appendix 2 on-going and significant recommendations where relevant.

Audit Review Assurance provided Appendix 2 Reference

Birmingham South LPU 2014 (Inc Risk Mgt) Controlled N/A

Building Security Arrangements Follow Up Controlled, but

needs improvement N/A

Operations Firearms Unit and Training Unit Follow Up (2)

Controlled N/A

OSD Department 2014 (Inc Risk Mgt - INTEL) Controlled N/A

Overtime Controlled, but

needs improvement 51

Specific Grant Funding Follow Up (2) Controlled N/A

Creditor Payments Follow Up (2) Controlled, but


Force Contact Department (Inc Risk Mgt) Controlled, but


Shared Services Department (Inc Risk Mgt) Controlled, but




July 2014

3


Bad Debts/Write Offs Follow Up Controlled, but


Operations Department 2014 (Inc Risk Mgt) Controlled, but


Energy Conservation Follow Up (2) Controlled, but

needs improvement 53 / 54

ICT/Information Management Department 2014 (Inc Risk Mgt)

Controlled, but needs improvement

N/A

West Midlands Office for Policing and Crime Department 2014 (inc Risk Mgt)


55

Dog Training Follow Up Controlled N/A

Proceeds of Crime Act (POCA) Follow Up Controlled, but


Coventry LPU Controlled, but


Property Services Controlled N/A

Shared Services Functional Review Controlled, but

needs improvement 56 / 57 / 58 / 59

Building Maintenance Follow Up Controlled N/A

Birmingham West & Central LPU Controlled, but


Health and Safety Follow Up (2) Controlled N/A

Interpreters Follow Up Controlled, but


Payroll Controlled, but


Central Secure Stores Follow Up Controlled, but




July 2014

4


BACSTEL Follow Up Controlled, but


Table 1 4. Appendix 2 contains the agreed recommendations and actions of any review with a

significant or major recommendation, the appendix also gives an indication of the current status of the recommendation and, if applicable, when previously reported to the Joint Audit Committee. Full reports can be made available to Audit Committee members upon request but are not included as a matter of course. The exception to this is where a review gives an “inadequately controlled” assurance opinion when the full report will be made available to the committee to enable members to fully understand the reasons why this opinion has been given and the implications for the Commissioner / Chief Constable. A summary of the audit opinions and recommendation descriptions are attached at Appendix 3.

Overall Opinion on Control Environment 2014/15

5. An audit opinion is provided as part of each Internal Audit report. It is derived from the work undertaken during the audit review and is intended to provide assurance about the internal controls in place in that system or particular Force/ WMOPC activity. The Internal Audit work to date has covered a number of areas across the Force/WMOPC. The assurance provided by this work is as follows in Table 2:

Assurance provided Q4 Q3 Q2 Q1 Year to Date

Well Controlled 0 0

Controlled 8 8


18 18

Inadequately Controlled 0 0

Number of reviews reported 26 26

Table 2



July 2014

5

6. A number of recommendations have been agreed as part of each review completed to date. However, no major areas of concern have been highlighted as a result of the Internal Audit reviews completed to the end of June 2014. In each case appropriate action and a timescale has been agreed with senior managers across the Force/WMOPC to implement the recommendations made. Progress in implementing agreed recommendations will be monitored and reported accordingly. As a result of the reviews completed recommendations for improvement have been agreed with management where necessary and is summarised in Table 3 below under the following categories.

Recommendations agreed Q4 Q3 Q2 Q1 Year to

Date Total

2013/14 Total

2012/13

Major 0 0 0 0

Significant 11 11 20 46

Moderate 45 45 117 152

Low 16 16 58 84

Number of recommendations agreed

72 72 195 282

Table 3



July 2014

6

On-Going Status of Major/Significant Recommendations 7. All Major and Significant Recommendations are reported by Internal Audit to the Joint

Audit Committee and Appendix 2 gives details of all on-going Major and Significant recommendations. Table 4 below summarises the current position in relation to the 77 recommendations referred to in table 3 and listed in Appendix 2.

2012/13 2013/14 2014/15 Total

Total Number 46 20 11 77

Total Reviewed To Date 40 11 - 51

Of Which:-

Total Implemented 31 8 - 39

Total Re-issued 9 3 - 12

Total Outstanding Awaiting Review (App 2 refers)

6 9 11 26

Table 4

(Note: Of the 12 re-issued recommendations, follow up reviews have identified that 4 recommendations are now implemented. The outstanding 8 recommendations can be found in Appendix 2, reference numbers 34, 44, 46, 52, 53, 54, 60 and 61)



July 2014

7

Other Areas of Activity 8. In addition to planned Internal Audit work that requires assurance levels to be

assessed, other planned work relates to those areas of work / activity that support and underpin the overall concept of Internal Control rather than individual control systems.

9. Where requests are made that fall in this category but have not been originally

budgeted for, these will be met from the small contingency allocation held within the plan (4%).

10. During the period covered by this Activity Report, the following work in this category

has been undertaken.

Riots Damages Act

Salary Overpayments



July 2014

8

Appendix 1 – Internal Audit Plan – Status / Assurance Summary

2014/15 Internal Audit Plan Status at 30

th

June 2014 Assurance provided

DEPARTMENTAL REVIEW

Corporate Services

Property Services

Fleet Services

Information Department

Finance

Human Resources

Force CID

Criminal Justice Services

Professional Standards

OSD

Intelligence

Operations

Policy Group/Secretarial (Command Team)

CMPG

CTU

Public Protection Unit

Learning & Development

Corporate Communications

Force Contact

Office Of PCC

Forensics

LPU REVIEW

Birmingham North

Birmingham South

Birmingham East

Birmingham West and Central

Dudley

Walsall

Wolverhampton

Sandwell

Solihull

Coventry

LPU / DEPARTMENT REVIEW (Completion 2014)

Birmingham West and Central LPU Final Controlled, but needs improvement

Coventry LPU Final Controlled, but



July 2014

9


th


needs improvement

Birmingham South LPU Final Controlled

Force Contact Department Final Controlled, but needs improvement

Office Of PCC Final Controlled, but needs improvement

CMPG Draft

Operations Department Final Controlled, but needs improvement

Information Department Final


Property Services Department Final Controlled

OSD (INTEL) Final Controlled

Shared Services Department Final Controlled, but needs improvement

SYSTEMS/APPLICATIONS/CAATS

ICT Risk Based Plan

National Fraud Initiative Support Role N/A

FUNCTIONAL AREAS

Air Support Unit - NPAS On-Going

Anti-Fraud and Corruption

BACSTEL Final


Bank Reconciliation Draft

Building Maintenance Final Controlled

Business Continuity

Child-Adult Protection Unit

College of Policing

Community Init Funds On-Going

Community Services-Sponsorship - Building Blocks

Compliance & Disclosure Unit

Core Financial Systems

Corporate Governance

Creditors

Crime Reporting Information System

CTU Covert Accounts

Debrief Team On-Going

Debtors

Dedicated Source Unit

Dogs Unit & Training Final Controlled

Driving School

Energy Conservation

Establishment Control On-Going



July 2014

10


th


Estates Strategy Management

Expenses & Allowances

External Funding (DIP) - Reporting Requirements On-Going

Firearms Unit Final Controlled

Flex Time Review

Force Negotiators

Force Surveillance Unit

Forensic Support

Fuel Card Management

GRS Project

HMIC Liaison

Interpreters Final


Inv - Asset Reg On-Going

Major Inv Team

Management of Police Information

Messenger & Mail Services

Occupational Health

Overtime Policy Final Controlled, but needs improvement

Payroll - Police, Staff and Pensions Final


Police Officers & Staff - Induction of New Recruits

Police Probationer Training

Procurement

Project Implementation Review - PMO

Public Protection Unit

Recruitment

Security Contract Final Controlled

Sex Offender Management - PPU

Shared Service Centre - Functional Review Final Controlled, but needs improvement

Shared Service Centre Quality & Compliance On-Going

Special Constabulary

Special Operations Unit - Covert Operations

Stand Orders-Fin Regs

Training (Internal-External)

Treasury Management

Value for Money

WITRPO - ROCU

CONTRACTS & PROCUREMENT

Final Accounts review 2014/15 Support role N/A

Contracts & Procurement



July 2014

11


th


CONTINGENCY

PCC Budget Activities Support Role N/A

Commissioning Grants Support Role N/A

Overpayments On-Going

RDA 1886 On-Going

HONORARY AUDITS & ADVICE

Tally Ho! Sports Club Accounts Support role N/A

Superintendents Association Accounts Support role N/A

Rainbow Club Accounts Support role N/A

Association of Police Lawyers Support role N/A

MANAGEMENT / DEVELOPMENT / TRAINING

PCC Decision Making Process/Audit Planning Support role N/A

General Administration Support role N/A

Post Entry Training Support role N/A

Police Internal Auditors Group Support role N/A

Performance Development and Review Support role N/A

Audit Website Support role N/A

West Midlands Chief Auditors Group Support role N/A

CIPFA - CPD Support role N/A

Galileo Project Support role N/A

OTHER NON PRODUCTIVE

Annual Leave Support role N/A

Bank Holidays Support role N/A

Sickness Management Support role N/A

Flexi time Support role N/A

FOLLOW UPS

Specific Grant Funding 2nd

Follow Up Final Controlled

Creditors 2nd

Follow Up Final Controlled, but needs improvement

Energy Conservation 2nd

Follow Up Final Controlled, but needs improvement

Bad Debts/Write Offs Follow Up Final Controlled, but needs Improvement

POCA Follow Up Final Controlled, but needs improvement

Central Secure Stores Follow Up Final Controlled, but needs improvement

Health and Safety 2nd

Follow Up Final Controlled


Internal Audit Activity Report 25th July 2014

12

Appendix 2 – On-Going Status of Major/Significant Recommendations

Ref Reported to

JAC Audit Recommendation Action to be Taken to Implement Recommendation Date By Status

Previously Reported to

JAC

3 27 September

2012 Dept/LPU Controls

Checks

Details should be provided to Internal Audit of the actions to be taken by the Strategic Business Manager, managing the ‘business as usual’ interim model to ensure management control checks are completed accordingly.

To stress to SSTM’s that performing control checks over other work must be prioritised. To find additional resources for Coventry and Birmingham East to assist as their position is not tenable. A supervisor level person will be provided to Birmingham East full time on 11

th June to

concentrate on audit control checks. Another full time person has been given responsibility for the Property Store, who has been working on missings for the past 2 months and reduced them from over 800 to less than 400. Another Property Officer is temporary seconded to Birmingham East to introduce improved methods of working and increase output. The vacating Property Officer will be concentrating on property cash and drugs that are open on the system for some time and need to be addressed as priority. At Coventry, I have released three FTE staff from typing duties to business support to allow more resources to be available to perform control checks. In addition, the SSTM was previously tasked with writing numerous delivery plans, which took their time away from actual delivery and priority away from control checks. Audit checks are now their priority. I have moved the part time SSTM from Lloyd House to allow another SSTM to take control of this team, with the emphasis on audit control checks being carried out and improved. I will be seeking some reassurance in relation to audit control checks from the other LPUs as I assess their reports and deal with improving their poor areas.

Done

Work is currently on-going with

Quality and Compliance

team to identify who

will be responsible for

completing checks

N/A

4 4 December

2012 CMPG

The HR Manager and Strategic Business Manager should devolve Payroll/Establishment data checks to line managers on a monthly basis to ensure the team details are correct and the check evidenced accordingly.

We will now start to send out the Payroll to "supervision" for checking. 31 December

2012

In Draft – Action plan

returned, but dates need to be confirmed.

N/A

8 28 June 2012 Payroll

Officers who are designated signatories should be requested to include their collar number alongside their signature when authorising documentation. Payroll officers should check to ensure that all payroll forms received are authorised only by designated signatures. Any forms which are incorrectly authorised should be referred back to the originating department for the correct authorisation.

Staff should be checking the signatures against the authorised signatory list and have been reminded of the importance of this. However, the authorised signatory list only shows the current status and does not show historical changes. The database changes frequently when staff move around the Force and individuals that are not showing against a department or LPU now, may have been at the time they signed the form. One of the examples provided by audit has demonstrated this where a HR officer was working in one department at the time of authorising the variation but who has since moved to SSC.

14 May 2012

Reviewed as part of SSC Quality and Compliance review - In

Draft

N/A

12 26 June 2013 Public Protection

Unit

The level of management control checks in operation needs to be improved in the areas of receipt and banking of income, inventory records, overtime and credit cards.

A management control check file has now been introduced. Credit card statement received on a monthly basis and checked to ensure all purchases are appropriate. Safe checks are now conducted on a monthly basis by a Band C member of the Department. A postal remittance register has been introduced and receipt and banking of income control checks are now undertaken by a Band C member of staff. Inventory records will continue to be built (including serial numbers) and checks will be carried out. Records of time owing hours / units and re-rostered rest days have been received from the Central RMU team for a number of months. A Band C member of staff has been highlighting areas where Officers exceed the Forces limits and informing their line management that corrective action should be taken on a monthly basis. All Police overtime is checked monthly to ensure records on cards mirror payments made. When Police Staff overtime FINs are passed to the SSTM for authorisation, the overtime cards are included for reference and a check takes place to ensure payments are correct before they are signed off and sent to Payroll. A record of receipt books is kept and we will check the stocks of these against our records on a bi-annual basis.

15 January 2013

Follow Up On-Going

(SSC Q&C Review)

N/A



13

16 26 June 2013 Force CID The level and frequency of the management control checks in operation needs to be improved in the areas of receipt and banking of income, inventory records, overtime, safes and property.

A management control check file has now been introduced. Safe checks are now conducted on a monthly basis by a Band C member of the Department. Two Band C members of staff are now asked to ensure that Safes at Bradford Street are completed on a monthly basis. Two Band C members of staff are now asked to ensure that property checks at Bradford Street are completed on a monthly basis. A postal remittance register has been introduced and receipt and banking of income control checks are now undertaken by a Band C member of staff. It is accepted that our inventory records require serial numbers. This is something that we will address when updating the inventory record. Annual checks will also be implemented. All Police overtime is checked monthly to ensure records on cards mirror payments made. When Police Staff overtime FINs are passed to the SSTM for authorisation, the overtime cards are included for reference and a check takes place to ensure payments are correct before they are signed off and sent to Payroll. A record of receipt books is kept and we will check the stocks of these against our records on a bi-annual basis.

15 January 2013

Follow Up On-Going

(SSC Q&C Review)

N/A

26 26 June 2013 Fixed Penalties

Monthly checks should be undertaken by the CTO Manager on a random sample of tickets which have been cancelled to confirm that the reason for cancellation in each case is legitimate and supported by relevant documentation. Records should be retained to evidence the checks which have been performed.

A process is in place to enable cancelled tickets to be dip sampled via VP. It is intended to produce a cancellations report within PentiP, as per point 2 above, to enable a more efficient process for dip sampling of cancelled tickets. This will be part of the CTO performance reporting frame work.

11 April 2013 In Draft N/A

34 26 June 2013 Witness Protection Management control checks should be undertaken on a monthly basis

Strategic Business Manager was disappointed with the lack of checks and will be assessing the capability of staff in carrying out the checks to decide how it will be taken forward. The Quality and Compliance Team may be able to assist with this function. They have also formally requested training from Internal Audit for this area of business. The review will be completed in the next few months and implemented by September 2013.

30 September 2013

Due to be Followed Up

Qtr 1/2 2014/15

28 June 2012

42 26 March 2014 Attendance

Management

It should be ensured that following each absence due to sickness line managers complete a return to work interview which is then updated on the individual’s personal record in GRS.

MOTD and News Beat article reinforcing the role of the line manager in undertaking RTW interviews. GRS published advice regarding completing the process on GRS.

29 January 2014

Due to be Followed Up

Qtr 2 2014/15

N/A

43 26 March 2014 Detained Property

Management need to ensure that Officers respond to property reminders, details of Officers who fail to respond should be escalated to their line manager in the first instance and then further if necessary.

The CDP Team will continue to escalate issues through the ranks in line with standard operating procedures. Command Teams need to be engaged by Shared Services Command Team to ensure officers compliance.

31 March 2014

To be Followed Up

Qtr 2 2014/15 N/A

44 26 March 2014 Finance Department

The Strategic Business Manager should discuss the management control checks with the various sections within the Department to determine the required checks and who will be responsible for the completion of these checks in line with Internal Audit guidelines. Evidence of these checks should be retained on a management control check file

A paper has been submitted to the Command Team for agreement as to where completion of control checks sit. Having collated the checks, and worked with IA, it is proposed that Finance will complete their own control checks.

30 April 2014

To be Followed Up

Qtr 3/4 2014/15

27 September 2012

46 25 July 2014 Corporate Services

Department

Corporate Services management should ensure that the required levels of management control checks are undertaken on a regular basis.

The recent lapse will be remedied by a regular programme of suitable checks to be formed and agreed by the SLT. This will be done as part of the new Corporate Asset Management Department’s post-SMR control plan

30 June 2014

To be Followed Up

Qtr 2 2014/15

4 December 2012

47 25 July 2014 Compliance and Disclosure Unit

The policy in respect of data loss and an associated procedure for the management of security incidents should be presented to the SIIMB for approval and circulation throughout the Force.

This will be completed and in fact the DPM has already started work on it. Timescale reflects the time taken to consult on policy before publication. (EQIA etc)

30 June 2014

To be Followed Up

Qtr 3 2014/15

N/A



14


Following this initial work, IAOs should be identified for all other IM systems and training provided for officers as required. It should be ensured that continuity arrangements are also be put in place to meet future training needs when responsibilities change and/or new officers take up the role. Implementation of these tasks should be built into and monitored through the SIIMB delivery plan.

IAO 1st phase training is complete. IAO now being worked with to complete IA register which has been increased to cover all areas. It should be noted that IAO level colleagues regularly move and so the requirement to keep training live is an ongoing one and not one that a completion date can be set for.

30 June 2014

To be Followed Up

Qtr 3 2014/15

N/A


Due to the number of IM Strategies and policies currently under review, a timetable for completion and publishing of each of the strategies/policies should be drawn up and monitored through the SIIMB delivery plan

A Gold group has been set up – led by Dep. Each stakeholder has been met with and tasked to present a plan to next Gold (March 2014)

30 November 2014

To be Followed Up

Qtr 3 2014/15

N/A

50 25 July 2014 Forensics

Department

The Department should ensure that the appropriate management control checks are being undertaken on a regular basis with evidence retained accordingly.

Management control checks should still be in place – to be evidenced at next wider SLT on 17/04/14.

25 March 2014

To be Followed Up

Qtr 3/4 2014/15

N/A

51 25 July 2014 Overtime Individuals authorising overtime should undertake a greater degree of scrutiny when approving overtime claims to ensure that the claim is accurate.

Publication of the responsibilities of Line Managers in regard to overtime claims scrutiny should be undertaken either via “Message of the Day” or “Newsbeat” or similar.

30 July 2014

To be Followed Up

Qtr 3/4 2014/15

N/A

52 25 July 2014 Operations

Department 2014 (Inc Risk Mgt)

The Department should ensure that the appropriate level of management control cheques are undertaken on a regular basis with evidence retained accordingly.

Departmental Chief Inspectors have been tasked to remedy / action recommendation 1. Ian Marsh and Kerry Bakeman have been tasked to look at recommendation 1 in relation to the safes at Park Lane and Balsall Common around checks / audit and documentation and liaise with Gail Baddams over business process. Will need to check the imprest at airport regularly.

17 April 2014

To be Followed Up

Qtr 3/4 2014/15

26 June 2013

53 25 July 2014 Energy

Conservation Follow Up (2)

A strategic energy management strategy should be developed and approved at Command Team level which incorporates performance measures and targets for better energy management. Responsibility for implementing the policy across the force should be assigned to a chief/command team level officer. A process of regular reporting to the responsible officer of performance against targets should be established.

A draft strategy has been developed and implementation has been planned taking into account maternity leave considerations. The Director of Resources is the responsible chief officer and performance is reported to the Property Board on a regular basis.

31 March 2015

To be Followed Up

Qtr 4 2014/15 26 June 2013

54 25 July 2014 Energy

Conservation Follow Up (2)

A set of performance indicators should be established for energy management which can be used to determine meaningful trends and comparisons and for investigation of any disparities. Performance against targets should be reported on a regular basis to the Chief/Command Team level officer assigned responsibility for delivery of the energy strategy.

A draft strategy has been developed and implementation has been planned taking into account maternity leave considerations. The Director of Resources is the responsible chief officer and performance is reported to the Property Board on a regular basis.

31 March 2014

To be Followed Up

Qtr 4 2014/15 26 June 2013

55 25 July 2014

West Midlands Office for Policing

and Crime Department 2014

(inc Risk Mgt)

The WMOPC should ensure that the risk register is brought up to date to reflect the current governance arrangements of the Police and Crime Commissioner. Once this has been achieved the risk register should be reviewed on a regular basis by the management team within the WMOPC.

Meeting to be arranged between Acting Head of Internal Audit and WMOPC Chief Executive to review and update the register. Once reviewed the register will be shared with the SCPB for comment. Following this the register will be reviewed quarterly by the internal management team and annually by the Board and Audit Committee.

31 May 2014

To be Followed Up

Qtr 3/4 2014/15

N/A

56 25 July 2014 Shared Services – Functional Review

Risk assessments to be undertaken in accordance with Regulation 18 of the Health and Safety at work regulation 1999 and SS to chase any outstanding that are not filed on the personal file.

Response from Shared Services Manager

Managers to be reminded of the importance of risk assessments. Where we don’t receive a completed risk assessment (for new cases) – managers will be chased.

Missing risk assessments for current employees who are expecting and are in work – managers will be contacted and reminded of the importance of risk assessments.

Response from Head of Corporate HR

Need to ensure the RAs are proportionate to the circumstances and do not place unnecessary administrative burdens on mangers and staff.

30 August 2014

To be Followed Up

Qtr 3 2014/15 N/A



15


Risk assessments to be undertaken on the return to work in accordance with Regulation 18 of the Health and Safety at work regulation 1999 and SS to chase any outstanding that are not filed on the personal file.

Managers to be reminded of the importance of risk assessments. Where we don’t receive a completed risk assessment (for new cases) – managers will be chased.

30 August 2014

To be Followed Up

Qtr 3 2014/15 N/A


Ratification of the Additional Travel Expenses Policy for Police staff will ensure that equality is central to the Forces activities.

Missing risk assessments for current employees who have returned to work – managers will be contacted and reminded of the importance of risk assessments.

30 June 2014 To be

Followed Up Qtr 3 2014/15

N/A


All Prime documents to be endorsed by the Officer witnessing by stating that it is a true copy of the original and sign and date.

Recruiting managers to be reminded of the importance of this task. An email will be developed that will be sent to recruiting managers at the point they receive the completed application forms to outline the correct process.

30 June 2014 To be

Followed Up Qtr 3 2014/15

N/A

60 25 July 2014 Central Secure

Stores Facilities management should ensure that the required levels of management control checks are undertaken on a quarterly basis.

To re-introduce regular recorded control checks 01 September

2014

To be Followed Up

Qtr 3 2014/15 Year End 2014

61 25 July 2014 BACSTEL

It should be ensured that a secure routine is in operation to transfer BACs payroll output files into the BACS Payaway System which does not allow access to the files which could permit modifications to be made.

To explore the possibility of Read Only Notepad files.

Until IT can restrict the files, as per BACS procedure, transmission will be completed under dual control.

01Sept 2014

01 Jul 2014

To be Followed Up

Qtr 3 2014/15

04 December 2013



July 2014

16

Appendix 3 – Audit opinion and recommendation definitions

Overall Opinion

Status Assurance Rating Assurance Criteria

Well Controlled

The system is performing particularly well to achieve business objectives.

There is a sound framework of control operating effectively to achieve business objectives.

Controlled The system is adequate to achieve business objectives.

The framework of control is adequate and controls are generally operating effectively.


Some improvement is required to ensure that business objectives are met.

The control framework is adequate but a number of controls are not operating effectively.

Inadequately controlled

Significant improvement is needed before business objectives can be met.

Adequate controls are not in place to meet all system objectives and controls are not being consistently applied.

Key and description of recommendation gradings

Grade Status Definition

Major A control issue has been identified which exposes the

Force / OPCC to an unacceptably high level of material risk.

Significant A control issue has been identified which is likely to

prevent an individual system or unit from achieving its purpose, or may give rise to a considerable vulnerability to impropriety, loss or exposure.

Moderate A weakness in control has been identified which may

reduce the ability of a system or unit to achieve its objectives, or which may give rise to a potential for impropriety, loss or exposure.

Low A minor improvement to the control is needed. The risk to

the individual system or unit is low, but remedial action is required by Management.

Documents

INTERNAL AUDIT ACTIVITY REPORT - westmidlands … · 2014 (Inc Risk Mgt) Controlled, but needs improvement N/A West Midlands Office for Policing and Crime Department 2014 (inc Risk