HomeMy WebLinkAboutFND-011-08
Cl!JLiIlglOn
REPORT
FINANCE DEPARTMENT
Meeting:
GENERAL PURPOSE AND ADMINISTRATION COMMITTEE
MONDAY APRIL 28,2008 Resolution #:GP,q--;b:~-O~
Date:
Report #: FND-011-08
File#:
By-law #:
Subject:
INTERNAL AUDIT CHARTER AND BLUEPRINT FOR OPERATIONS
Recommendations:
It is respectfully recommended that the General Purpose and Administration Committee
recommend to Council the following:
1. THAT Report FND-011-08 be received; and
2. THAT the Internal Audit Charter and Blueprint for Operations be approved.
Reviewed bY:~ ;J:;AL ( ~.. (,,-S7~
Franklin Wu,
Chief Administrative Officer.
NT/LB/hjl
FND-011-08
PAGE 2
Background and Comment:
On March 25, 2008, the Audit Review Group met to review and subsequently endorse
the Internal Audit Charter and Blueprint for Operation as detailed in the attached report,
marked Schedule "A".
It is recommended by the Audit Review Group that the Charter and the Blueprint be
approved.
Attachment:
Schedule "AU - Audit Review Group report, including Internal Audit Charter and
Blueprint for Operation
CORPORATION OF THE MUNICIPALITY OF CLARINGTON
40 TEMPERANCE STREET, BOW MANVILLE, ONTARIO L 1 C 3A6 T (905)623-3379 F (905)623-4169
Schedule "A"
Clf!LillglOn
REPORT
FINANCE DEPARTMENT
Meeting:
AUDIT REVIEW GROUP
Date:
March 25, 2008
Subject:
INTERNAL AUDIT CHARTER AND BLUEPRINT FOR OPERATION
Recommendations:
It is respectfully recommended that the Audit Review Group endorse the Internal Audit
Charter and Blueprint for Operation and that this report be forwarded to the General
Purpose and Administration Committee for approval.
Background:
1.0 On August 2, 2007 the Municipality's auditors, Deloitte & Touche issued their
annual Audit Management Recommendation Letter after completing the audit for
the year ended December 31, 2006. As part of this letter they made the following
recommendation:
"We recommend that the Municipality considers developing a formally
documented overall risk management policy. The new internal audit function
could be one method used to help mitigate risk at the entity level, as well as
monitor compliance with documented risk management policies."
Staff had the following response to the recommendation:
"It is within the new Internal Auditor's scope to draft policies to cover the
Municipality's evolving and growing business. The risk management policy will
be considered along with any policies resulting from the Municipality's Corporate
Strategic Business Plan, PSAB 3150 - Tangible Capital Assets and other
business processes."
Resolution #GPA-630-07 received report FND-022-07 and endorsed the
recommendations.
Report to Audit Review Group
Page 2
1.1 The Internal Audit Charter (see Attachment #1) was developed to provide the
frame of reference for the Internal Audit function within the Municipality of
Clarington. It focuses on key operational aspects of the Internal Audit function
including the Authority, Independence and Responsibility of the auditor.
1 .2 The Blueprint for Operations (Attachment #2) provides detail on the types of
audits that may be undertaken, along with the recommended reporting structure
and follow-up necessary to complete the process. The types of audit
assignments include Compliance Reviews; Operational Reviews; Consulting
Reviews; and Investigations. The reporting requirements for each type of audit
will vary greatly depending on the specific reason for the review.
1.3 The I nternal Audit Charter and Blueprint for Operation have been developed as a
basis for the Internal Audit position. As stated in the charter preamble:
"Management staff are responsible for ensuring the efficient and effective
operation of Municipal program and activities. In order to manage the operations
of the Municipality, staff plan, organize, direct, and control programs and
activities in a manner designed to achieve outcomes and objectives defined by
management. Internal Audit provides independent and objective assurance and
consulting services designed to add value and improve the Municipality's
operations."
1.4 For the Internal Audit position to be effective, the Internal Audit Charter and
Blueprint for Operation need to be applied through all Municipal activities. The
function is not restricted to Finance issues and for this reason it is important to
ensure the auditor has the authority to access all operating departments.
1.5 The purpose of this report is to seek the Audit Review Group's endorsement of
the Internal Audit Charter and Blueprint for Operation.
Conclusion:
2.0 In summary, the Municipality is now in a position to implement the Internal Audit
function throughout the Municipality of Clarington's operating departments as
recommended by our auditors Deloitte and Touche. The function as detailed in
the Internal Audit Charter and Blueprint for Operation has been presented for
review by the Audit Review Group.
Attachments:
Attachment #1 - Internal Audit Charter
Attachment #2 - Blueprint for Operations - Form and Function
CORPORATION OF THE MUNICIPALITY OF CLARINGTON
40 TEMPERANCE STREET, BOW MANVILLE, ONTARIO L 1C 3A6 T (905)623-3379 F (905)623-4169
Attachment #1
MUNICIPALITY OF CLARlNGTON
INTERNAL AUDIT CHARTER
1.0 Preamble:
1.1 Management staff are responsible for ensuring the efficient and effective operation of
Municipal programs and activities. In order to manage the operations of the
Municipality, staff plan, organize, direct and control programs and activities in a manner
designed to achieve outcomes and objectives defined by management. Internal Audit
provides independent and objective assurance and consulting services designed to add
value and improve the Municipality's operations. Internal Audit uses a systematic
approach to assess risk and evaluate the effectiveness of controls and organizational
processes used to achieve objectives.
2.0 Objective:
2.1 To contribute to the overall efficiency and effectiveness of the Municipality's operations
and use of resources:
. Identify, assess, measure, and report on key risks faced by the Municipality;
. Examine and evaluate the adequacy, effectiveness, and efficiency of the systems of
internal control;
. Identify opportunities for improvements and streamlining processes.
3.0 Authority, Independence, and Responsibility:
3.1 Authority - The Internal Auditor is authorized to direct a broad, comprehensive program
of internal auditing within the Municipality. The Internal Auditor has unrestricted access
to all records, properties, functions, and personnel necessary to effectively discharge
responsibilities with appropriate communication protocols.
3.2 Independence - The Internal Auditor reports to the Director of Finance and/or the Chief
Administrative Officer and is independent of the programs and activities of the
Municipality. In order to assure the independence of the function, the Internal Auditor
has direct access to the Audit Review Group in situations for which a conflict of interest
is present or may be reasonably inferred.
3.3
.
Responsibility - Internal Audit encompasses the examination and evaluation ofthe
adequacy, effectiveness, and efficiency ofthe systems of internal control and the quality
of performance in carrying out the responsibilities of the Municipality. This can include:
Reviews and evaluations of the soundness of controls and the reliability and integrity of
financial, managerial, and operating data;
Assessments of compliance with legislation and policies and procedures;
Identification and evaluation of the methods and systems utilized for acquiring, using and
safeguarding assets; and
Reviews of operations and programs to assess the economy and efficiency used in
meeting objectives established by the Municipality.
.
.
.
Internal Audit Charter
Page 2
4.0 Objectivity:
4.1 Internal Audit will not implement procedures, prepare original records, or engage in other
activities that could reasonably be construed as compromising independence and
objectivity. Impartial and unbiased judgments essential to the conduct of internal audits
and reviews are enhanced by the independence of Internal Audit. Objectivity is not
adversely affected by the recommendation of standards or controls to be applied in
developing systems and procedures or by the evaluation of existing or planned financial
and operating system controls and procedures.
5.0 Confidentiality:
5.1 Information accessed in the course of an audit or review is used strictly for audit purposes
and is not disclosed without the appropriate authority unless there is a legal or
professional obligation to do so with appropriate communication protocols. Information
received on a confidential basis will not be disclosed to third parties without permission,
subject to applicable legislation.
6.0 Plan of Work:
6.1 Internal Audit will develop an annual work plan using appropriate risk-based
methodology and identification of concerns by senior management. The plan will be
reviewed by the Director of Finance and approved by the Audit Review Group on an
annual basis. The plan will be implemented as approved with modifications and
adjustments as appropriate given changing circumstances. The Blueprint for Operations,
amended from time to time, reflects the method and approach used by Internal Audit in
executing its plan of work.
7.0 Standards of Work:
7.1 In all its activities, Internal Audit will adhere to the code of Ethics adopted by the
Institute ofInternal Auditors (Attachment A) as well as the Municipality's Code of Ethics
policy (as amended from time to time). Engagements are performed with the care and
skill expected of a reasonably prudent and competent internal auditor with consideration
given to:
. The extent of work required to meet objectives;
. The complexity, materiality, and significance of areas under review;
. The adequacy and effectiveness of internal controls;
. The cost of assurance relative to potential benefits; and
. The probability of significant errors, irregularities, or non-compliance.
8.0 Report of Work:
8.1 Internal Audit has a responsibility to inform and advise management as to significant or
substantive issues noted in the course of its activities. Following each review, Internal
Audit reports the results of it examination and makes recommendations to strengthen the
management and control of the area under review. Summary reports are available and an
Internal Audit Charter
Page 3
annual review of work performed is presented to the Audit Review Group. The Blueprint
for Operations, amended from time to time, reflects the method and approach used by
Internal Audit in reporting its work.
9.0 Co-ordination of Work:
9.1 Internal Audit will co-ordinate its efforts with those of any external auditors to ensure
that total audit resources are effectively utilized.
The Institute of Internal Auditors
. Code 01 Ethlca
Attachment A to Internal Audit Charter
Introduetlon "
The purpose of The Institute's Code of Ethics Is to promote an ethical culture In the profeSSion of Internal auditing.
Internal auditing is an independent, objective assurance and consulting activity designed to add value and Improve an
organization's operations. It helps an organization accomplish Its objectives by bringing a systematic, disciplined
approach to evaluate. and improve the effectiveness of risk management, control, and governance processes.
A code of ethics Is necessary and appropriate for the profession of Intemal auditing, founded as It Is on the trust placed
In Its objective assurance about risk management, control, and govemance. The Institute's Code of Ethics extends
beyond the deflnltlon of Intemal auditing to Indude two essential components:
1. Principles that are relevant to the profession and practice of Intemal auditing;
2. Rules of Conduct that describe behavior norms expected of Intemal auditors. These rules are an aid to
Interpretlng the Principles Into practical applications and are Intended to guide the ethical conduct of Internal
auditors.
The Code of ethics together with The Institute's Professional Practices Framework and other relevant Institute
pronouncements proVide guidance to Internal auditors serving others. "Intemal auditors" refers to Institute members,
recipients of or candidates for llA professional certlflcatlons, and those who provide Intemal auditing services within the
definition of Intemal auditing.
Applicability and Enforcement
this Code of Ethics applies to both individuals and entities that provide Intemal auditing services.
For Institute members and recipients of or candidates for IIA professional certlflcatlons, breaches of the Code of Ethics
will be evaluated and administered according to The Institute's Bylaws and Administrative Guidelines. The fact that a
partlcular conduct Is not mentioned In the Rules of Conduct does not prevent It from being unacceptable or
discreditable, and therefore, the member, certification holder, or candidate can be liable for disciplinary action.
Principles
Internal auditors are expected to apply and uphold the following principles:
. Integrity
The Integrity of Internal auditors establishes trust and thus prOVides the basis for reliance on their judgment.
. Objectivity
Intemal auditors exhibit the highest level of professional objectivity In gathering, evaluating, and communicating
Information about the activity or process being examined. Internal auditors make a balanced assessment of all the
relevant circumstances and are not unduly Influenced by their own Interests or by others in forming judgments
. Confldentiallty
Intemal auditors respect the value and ownership of Information they receive and do not disclose Information without
appropriate authority unless there Is a legal or profeSSional obligation to do so.
. Competency
Intemal auditors apply the knowledge, skills, and experience needed In the performance of Intemal auditing services.
Rule. of Conduct
1. Integrity
Internal auditors:
1.1. Shall perform their work with honesty, diligence, and responsibility.
1.2. Shall observe the law and make disclosures expected by the law and the profession.
1.3. Shall not knowingly be a party to any illegal actlvlty, or engage In acts that are discreditable to the profession of
Internal auditing or to the organization.
1.4. Shall respect and contribute to the legitimate and ethical objectlves of the organization.
Z. Objectivity
Internal auditors:
2.1. Shall not participate In any activity or relationship that may Impair or be presumed to Impair their unbiased
assessment. This participation Includes those activities or relationships that may be In conflict with the Interests of the
organization.
2.2 Shall not accept anything that may impair or be presumed to Impair their profeSSional judgment.
2.3 Shall dlsdose all material facts known to them that, If not disclosed, may distort the reporting of activities under
review.
3. Confidentiality
Internal auditors:
3.1 Shall be prudent In the use and protection of information acquired In the course of their duties.
3.2 Shall not use information for any personal gain or In any manner that would be contrary to the law or detrimental
to the legitimate and ethical objectlves of the organization.
4. Competency
Internal auditors:
4.1. Shall engage only In those services for which they have the necessary knowledge, skills, and experience.
4.2 Shall perform Internal auditing services In accordance with the International Standards for the Professional Praroce
of Internal Auditing.
4.3 Shall continually Improve their proficiency and the effectlveness and quality of their services.
Adopted by The IIA Board of Directors, June 17, 2000
Copyright @ 2000 by The Institute of Internal Auditors, 247 Maitland Avenue, Altamonte Springs, Florida 32701-4201.
Permission is hereby given to duplicate and translate this Code provided no substantive changes are made.
The Institute of Internal Auditors
247 Maltiand Avenue, Altamonte Springs Fiorlda, 32701
Tel. 1+407-937-1100, Fax. 1+407-937-1101
Web: http://www.thella.org, Emall: onllne@thella.org
Attachment 2
MUNICIPALITY OF CLARINGTON
INTERNAL AUDIT
BLUEPRINT FOR OPERATIONS - FORM AND FUNCTION
1.0 ORGANIZATION:
. Audit function reports directly to the Director of Finance/Treasurer;
. Reports presented to appropriate Department Heads for information purposes and
decisions on any required action;
. Annual summary of internal audit work presented to Audit Review Group;
. Summary reports available to Council on request;
. Director of Finance reviews and provides guidance for internal audit function with
input from the Chief Administrative Officer as warranted:
o Review internal audit terms of reference, goals, objectives, and audit
schedules;
o Review results of audits, consider recommendations, suggest alternatives
o Provide guidance for control enhancements and implementation.
2.0 AUDIT PLANNING & RISK ASSESSMENT:
. Use risk-based assessment wherever possible to develop audit plans;
. Consider the control environment within the context of:
o Protection of Municipal assets
o Efficient use of resources
o Compliance with policies, regulations, legislation
. Assess the environment to identify high risk areas;
. Criteria to include in the assessment of risk:
o Potential areas for operational audits with identification of best practice;
o Operational audit cycle based on assessment of prioritized need and risk;
o Annual and compliance audits, based on the need to provide assurance that
there is compliance with legislation, policies, and procedures;
o Investigations based on receipt of concerns or allegations;
D Audit cycle planning during the early part of the fiscal year;
o Audits and reviews carried out during the course of the year with reports
prepared and presented as each review is completed.
3.0 ASSIGNMENTS & TYPES OF WORK:
3.1 Compliance Reviews/Audits
. Performed on a cyclical basis;
. Test compliance with Municipal by-laws, procedures, and guidelines;
. Review in context of good business practice;
. Provide recommendations based on observations.
BLUEPRINT FOR OPERATIONS - FORM & FUNCTION
PAGE 2
3.2
3.3
3.4
.
Operational Reviews/Audits
As project leader, coordinate and participate in these reviews involving program
management staff, performance measurement staff, and external consultants as needed
Projects included as part of audit plan based on needs identified by Department Heads
and may include developmental reviews;
May require use of external consultants with expertise in particular service area;
Examine and assess area;
During the course ofthe audit:
D Note best practice.
D Compile this information and share with administrative staff.
D Where appropriate, include in audit observations and recommendations
Identify key points, best practices, training needs;
Provide recommendations.
.
.
.
.
.
.
Consulting Assignments
Performed on an ad hoc basis as requested;
Review processes and procedures;
Provide documentation on procedures;
Identify key points;
Provide recommendations for development for review by departmental staff
.
.
.
.
.
Investigations
Ad hoc reviews based on requests or allegations from or concerns identified by
councillors, staff, vendors, public; and then directed by Chief Administrative Officer or
applicable Department Head;
Initial discussion to determine risk associated with claim and need or ability to follow-up
based on information provided;
D Perform preliminary work, as appropriate, to review the claim and establish
potential validity;
D Pursue further if warranted;
D Prepare report and recommend action if appropriate.
.
4.0 REPORTING AND FOLLOW-UP:
4.1 Compliance and Operational Audits
. Detailed draft report with recommendations prepared at conclusion offield work;
. Draft report and recommendations reviewed with the Director of Finance and/or the
Chief Administrative Officer, the Department Head, and the Director of program area
under review;
. Draft report amended, if necessary, to correct factual errors or omissions and the Director
requested to review the report and provide written management responses to
recommendations within 4 weeks;
. Draft report with management responses is presented to appropriate Department Head;
. Department Head considers the report, recommends revisions if necessary and
appropriate and takes any action required;
. Internal Audit prepares an executive summary of the report available to Chief
Administrative Officer.
BLUEPRINT FOR OPERATIONS - FORM & FUNCTION
PAGE 3
4.2 Consulting Assignments
o Discussions with appropriate departmental staff as review progresses;
o Obtain confirmation and understanding of processes and procedures;
o Detailed draft report prepared at conclusion of review work;
o Draft report and recommendations reviewed with Director of area under review - report
amended, if necessary, to correct factual errors or omissions;
o Director requested to provide written responses within 4 weeks;
o Final report issued to Director, Department Head, and Chief Administrative Officer,
where appropriate.
4.3 Investigations
o Call record/log calls:
o Maintain a record of calls and note information received;
o Consult with appropriate staff to determine actions to be taken;
o Explain action taken and reasons for steps taken.
o Draft reports following investigation:
o Detailed report to the Director of Human Resources, the Chief Administrative
Officer, and Director of Finance as circumstances required;
o Content of report:
o Specify allegation or concern and Conclusion based on investigation;
o Indicate decision to investigate and actions taken;
o Identify what should be done if appropriate in the circumstances.
4.4 Follow-up (applies to all types of audits previously mentioned):
o A follow-up report is prepared after sufficient time has elapsed for the recipient ofthe
report to act on the recommendations;
o The report consists of the recommendation, management's responses, and the
implementation status;
o The status is determined based on a questionnaire to management unless otherwise
requested by Department Heads.
4.5 Annual report
o Summary of audits performed prepared on an annual basis;
o Presentation to Audit Review Group in spring - April/May.
o Presentation to External Auditors prior to Annual Municipal Financial audit.