SECRETARIAT AUDIT AND RISK COMMITTEE (SARC)
TUESDAY 18 MAY 2010
ROOM 106, PARLIAMENT BUILDINGS
Members:
Alan McQuillan, Chairperson
Colm McKenna
Stephen Moutray MLA
Attendees:
Trevor Reaney, NIA
Stephen McCormick, NIAO
Brian Moreland, NIA
Richard Stewart, NIA
Catherine Dornan-Weir, NIA
Paula McClintock, NIA
Georgie Campbell, NIA (agenda items 10, 11, 12 & 13)
David Johnston, NIA, Secretary
1. APOLOGIES
1.1 No apologies were received.
2. DECLARATIONS OF INTERESTS
2.1 No interests were declared.
3. MINUTES OF LAST MEETING
3.1 The draft minutes of the meeting held on 3 February 2010 were approved without amendment.
4. MATTERS ARISING
4.1 Paragraph 4.4
Trevor Reaney reported that the draft report and determinations in relation to Members’ expenses and allowances would be discussed by the Assembly Commission on 27 May 2010, and a draft of the Members’ Financial Services Handbook is to be finalised before the summer recess.
4.2 Paragraph 4.5
Trevor Reaney advised that a more comprehensive format of Stewardship Statements would be introduced in 2010/11.
5 INTERNAL AUDIT ACTIVITY / ASSURANCE
5.1 Brian Moreland informed SARC that the 2009/2010 year had seen a significant increase in the number of Internal Audit assignments completed across each of the Directorates of the Assembly. The majority of assignments had resulted in a satisfactory level of assurance and this was reflected in the overall assessment for the year.
5.2 Brian Moreland advised that the final report for HR Managing Attendance was issued on 25 February 2010 with a total of 4 recommendations; 3 at risk rating 1 and 1 at rating 2. Recommendations made included management consideration of targets re attendance, the information available from the Cintra system and line management responsibilities. Internal Audit arrived at a limited level of assurance.
5.3 The final report for the audit of HR Recruitment was issued on 26 February 2010. 15 recommendations were made, 8 of which were risk rating 1, 6 were rated risk rating 2 and the remaining recommendation was rated 3. Recommendations were made regarding greater clarity on contract specifications where third party support is used for recruitment competitions, records of management decisions regarding competitions and enhanced controls over consistency in recruitment administrative practices. This assignment was given a satisfactory assurance rating.
5.4 The final report on the Assembly Members’ Pension Scheme
was issued on 1 March 2010, and a total of 11 recommendations were made, 3 of which were risk rating 1, 6 rated 2 and the remaining 2 rated 3. The assurance level for this audit was satisfactory.
The main recommendations related to the requirement for a Memorandum of Understanding between the Trustees and the Commission, the calculation of benefits, and contract management.
5.5 Brian Moreland informed SARC that, as reported in February, the review of Data Protection Act Compliance had been undertaken as an advisory exercise rather than a full Internal Audit because of the work currently underway on the Information Management Strategy. A final report was issued on 5 March 2010, with a total of 8 recommendations made for management consideration.
5.6 The final report on the External Liaison Unit was issued on 8 March 2010, and a total of 27 recommendations were made. Only 1 of these was given a risk rating of 1, with 11 given risk rating 2 and the remaining 15 rated as 3. The assurance level from this audit was satisfactory and recommendations were made in relation to training needs, costings for events and data capture from evaluation processes.
5.7 On the Review of Members’ Expenses, Brian Moreland advised that,
following the initial exercise (in relation to the recommendation on the Review Bodies on Senior Salaries Report), which was performed between January and February 2010, a draft report had issued on 12 March 2010.
Two recommendations were made for management consideration (one each at risk category 2 and 3) relating to rental agreements and the uploading of expenses information to the website. The level of assurance for this exercise was satisfactory.
5.8 The final report on the Business Office – Table Section was issued on 10 May 2010. A total of 11 recommendations were made for management consideration, of which 7 are rated risk category 2, with the remaining 4, category 3. Recommendations were made in respect of documentary evidence of checks performed, records of changes to items of business and access levels to the AIMS database. The assurance level for this audit was satisfactory.
5.9 A final report on the Speaker’s Office was issued on 6 May 2010, with a total of 7 recommendations, 6 of which were accepted. Four of the accepted recommendations were allocated risk category 3 and the remaining 2 were category 2. Recommendations were made in respect of the records of advice to the Speaker, approval of gifts and hospitality and the identification of relevant risks. The assurance level for this audit was satisfactory.
5.10 Brian Moreland advised that he hoped to be able to give a substantial level of assurance in relation to Faster Closing.
5.11 Brian Moreland reported that, in relation to the investigation into the unauthorised release of Members’ expenses information , the Clerk / Director General had written to the PSNI referring the matter for consideration in respect of criminal investigation. Discussions had also taken place between the Head of Internal Audit and the Detective Chief Inspector responsible in order to clarify the work that had already been performed by the Assembly’s Internal Audit unit. Following receipt of a response from PSNI on 12 April 2010, the Clerk / Director General had written back for clarification. The PSNI has responded that there are no grounds for a criminal investigation. Brian Moreland raised the issue of the retention of evidence, and it was agreed that Brian would email Stephen McCormick to ascertain NIAO’s views and then write to the Chairperson and Independent Member of SARC on the matter.
ACTION: BRIAN MORELAND
5.12 In light of the above incident, Stephen McCormick requested that the wording in the Statement of Internal Control in relation to data protection issues be re-examined and cross-referenced as appropriate.
ACTION: PAULA McCLINTOCK
5.13 Brian Moreland informed SARC that the overall level of assurance for the period 1 April 2009 to 31 March 2010 is satisfactory. This represents an improvement on the Limited Assurance for 2008/09.
This is based on the levels of assurance arising from individual Internal Audit assignments that were carried out as per the plan approved by the Committee in 2009. Although there was some interruption to the programme of audits because of the investigation into the unauthorised release of Members’ expenses information, disruption was kept to a minimum and the plan for 2010/11 has been amended accordingly.
Stephen McCormick noted the report did not detail which four areas had received limited assurances. Brian Moreland agreed to provide this information to those preparing the Statement of Internal Control for consideration of need for disclosure. In addition, it was agreed that the NIAO would be given the draft report on Members’ Expenses to assist in its consideration of the draft Assembly Accounts.
ACTION: BRIAN MORELAND
5.14 Brian Moreland advised SARC that a draft Internal Audit Plan, based on the second year of the three year plan approved by SARC in 2009, has been produced. The plan has been amended to take account of the impact of the time set aside to perform the investigation into the unauthorised release of Members’ expenses, but the majority of the coverage remains unchanged. SARC noted the plan and requested that Brian Moreland give an update to the September SARC meeting on whether all of the plan could be realistically achieved in the current year.
ACTION: BRIAN MORELAND
5.15 Brian Moreland informed SARC that n o further Freedom of Information requests have been received in relation to Internal Audit.
5.16 Brian Moreland advised that t he next meeting of the Inter-Parliamentary Head of Internal Audit Group is due to be held in either the Isle of Man or Guernsey during the summer of 2010.
5.17 Brian Moreland reported that consultancy support continues to be offered by Internal Audit to various business areas of the Assembly. This has included advice on Business Continuity arrangements, and advice on risk and control issues to the Information Management Project Board.
5.18 Brian Moreland advised that Carla Campbell, Trainee Auditor, is due to sit the first paper of the Practitioner-level qualification (PIIA) in June 2010.
6 OUTSTANDING AUDIT RECOMMENDATIONS
6.1 Alan McQuillan explained that he and Colm McKenna had met with the Clerk/Director General recently to review limited assurances and the degree of progress in implementing audit recommendations. This was illustrated by the size of the schedule produced by Internal Audit. Following discussion, it was agreed that responsible officers could advise Internal Audit as soon as actions are complete, providing evidence as appropriate, and these could then be colour-coded accordingly in advance of a formal follow-up audit. Any early recommendations that had been overtaken by events could be removed. It was requested that the colour coding be removed from the left of the schedule and replaced by a column giving the priority rating.
As much progress as possible on implementation is to be made over the next month or so, and the resulting revised schedule will be considered in detail at the June 2010 SARC meeting. The revised schedule should be made available to members well in advance of the June meeting to allow them time to fully review it.
ACTION: BRIAN MORELAND
7 DRAFT ASSEMBLY ACCOUNTS 2009-10
7.1 Paula McClintock gave SARC an overview of the figures in the draft Assembly Accounts, and SARC members sought and received clarification on a number of issues. It was acknowledged that further action was required in the following areas: wording in relation to Ormiston House; contingent liabilities wording in relation to Equal Pay within the Assembly; and wording in the Statement of Internal Control in relation to the review of Members’ Expenses and Priority 1 outstanding issues. The finalised version is to be emailed to SARC members before it is submitted to the NIAO on Friday 21 May 2010.
ACTION: PAULA McCLINTOCK
8 NIAO AUDIT STRATEGY FOR ASSEMBLY ACCOUNTS
8.1 Stephen McCormick outlined the NIAO’s Audit Strategy for the Assembly Accounts 2009-10. He highlighted the risk-based audit approach, the key audit areas and the list of main audit risks, to which Equal Pay would be added. The communication of audit matters was noted, along with the list of information required and the associated dates. In particular, it was noted that the final audit meeting is scheduled for 23 June 2010. SARC agreed to meet the following day.
9 PROPOSALS TO IMPROVE ASSURANCE LEVELS
9.1 Brian Moreland informed SARC of the proposals that he had recently put to the Secretariat Management Group in relation to improving assurance levels. Proposed actions include the publication of final audit reports on AssISt, revisions to Stewardship Statements, reminding managers of the Internal Audit consultancy role, holding risk management awareness sessions, process mapping certain procedures, training, and occasional attendance at SARC by Directors. SARC welcomed these measures to develop a culture of accountability.
It was agreed that a Heads of Business workshop should take place before the summer recess, covering individual responsibilities and the roles of Internal Audit, the Accounting Officer and SARC.
ACTION:TREVOR REANEY / BRIAN MORELAND
9.2 It was also agreed that a Director should attend SARC on a rolling-programme basis, commencing with the Director of Engagement being invited to the September 2010 SARC meeting.
ACTION: DAVID JOHNSTON
10 STEWARDSHIP STATEMENTS
10.1 The Stewardship Statements to 31 March 2010 were noted by SARC. The intention to move to a more comprehensive format for 2010/11 was acknowledged.
Colm McKenna undertook to provide some good practice examples from the public and private sectors. It was suggested that contact should be made with the Department for Regional Development for its template as an example of good practice. It was agreed that we should look at ways of making the whole governance / risk management system more streamlined and more real with less paperwork.
ACTION:COLM McKENNA /BRIAN MORELAND
11 CORPORATE RISK REGISTER
11.1 The contents of the Corporate Risk Register as at 11 May 2010 were noted. Discussion followed on the Inadequate Information Security risk, with the hope being expressed that the residual likelihood rating could be reduced over time. It was also suggested that “Engaging with Members on Information Security issues” should be added to either the Information Security or Reputational risk pages.
ACTION:GEORGIE CAMPBELL
12 SARC ANNUAL REPORT
12.1 SARC discussed the draft annual report and requested a number of additions. It was agreed to complete and approve the report by email correspondence. The report is to be tabled at the Assembly Commission meeting on 17 June 2010.
ACTION:GEORGIE CAMPBELL
13 SARC SELF ASSESSMENT
13.1 It was agreed that the self assessment form should be completed as an annex to the Annual Report.
ACTION:GEORGIE CAMPBELL
14 A.O.B.
14.1 None.
15 DATE OF NEXT MEETING
15.1 It was agreed that SARC would meet on Thursday 24 June 2010 at 3.00 pm in Room 106, Parliament Buildings to consider the Assembly Accounts and the Outstanding Audit Recommendations schedule.
|
