The URL can be used to link to this page

Home My WebLink AboutFND-011-08 Cl!JLiIlglOn REPORT FINANCE DEPARTMENT Meeting: GENERAL PURPOSE AND ADMINISTRATION COMMITTEE MONDAY APRIL 28,2008 Resolution #:GP,q--;b:~-O~ Date: Report #: FND-011-08 File#: By-law #: Subject: INTERNAL AUDIT CHARTER AND BLUEPRINT FOR OPERATIONS Recommendations: It is respectfully recommended that the General Purpose and Administration Committee recommend to Council the following: 1. THAT Report FND-011-08 be received; and 2. THAT the Internal Audit Charter and Blueprint for Operations be approved. Reviewed bY:~ ;J:;AL ( ~.. (,,-S7~ Franklin Wu, Chief Administrative Officer. NT/LB/hjl FND-011-08 PAGE 2 Background and Comment: On March 25, 2008, the Audit Review Group met to review and subsequently endorse the Internal Audit Charter and Blueprint for Operation as detailed in the attached report, marked Schedule "A". It is recommended by the Audit Review Group that the Charter and the Blueprint be approved. Attachment: Schedule "AU - Audit Review Group report, including Internal Audit Charter and Blueprint for Operation CORPORATION OF THE MUNICIPALITY OF CLARINGTON 40 TEMPERANCE STREET, BOW MANVILLE, ONTARIO L 1 C 3A6 T (905)623-3379 F (905)623-4169 Schedule "A" Clf!LillglOn REPORT FINANCE DEPARTMENT Meeting: AUDIT REVIEW GROUP Date: March 25, 2008 Subject: INTERNAL AUDIT CHARTER AND BLUEPRINT FOR OPERATION Recommendations: It is respectfully recommended that the Audit Review Group endorse the Internal Audit Charter and Blueprint for Operation and that this report be forwarded to the General Purpose and Administration Committee for approval. Background: 1.0 On August 2, 2007 the Municipality's auditors, Deloitte & Touche issued their annual Audit Management Recommendation Letter after completing the audit for the year ended December 31, 2006. As part of this letter they made the following recommendation: "We recommend that the Municipality considers developing a formally documented overall risk management policy. The new internal audit function could be one method used to help mitigate risk at the entity level, as well as monitor compliance with documented risk management policies." Staff had the following response to the recommendation: "It is within the new Internal Auditor's scope to draft policies to cover the Municipality's evolving and growing business. The risk management policy will be considered along with any policies resulting from the Municipality's Corporate Strategic Business Plan, PSAB 3150 - Tangible Capital Assets and other business processes." Resolution #GPA-630-07 received report FND-022-07 and endorsed the recommendations. Report to Audit Review Group Page 2 1.1 The Internal Audit Charter (see Attachment #1) was developed to provide the frame of reference for the Internal Audit function within the Municipality of Clarington. It focuses on key operational aspects of the Internal Audit function including the Authority, Independence and Responsibility of the auditor. 1 .2 The Blueprint for Operations (Attachment #2) provides detail on the types of audits that may be undertaken, along with the recommended reporting structure and follow-up necessary to complete the process. The types of audit assignments include Compliance Reviews; Operational Reviews; Consulting Reviews; and Investigations. The reporting requirements for each type of audit will vary greatly depending on the specific reason for the review. 1.3 The I nternal Audit Charter and Blueprint for Operation have been developed as a basis for the Internal Audit position. As stated in the charter preamble: "Management staff are responsible for ensuring the efficient and effective operation of Municipal program and activities. In order to manage the operations of the Municipality, staff plan, organize, direct, and control programs and activities in a manner designed to achieve outcomes and objectives defined by management. Internal Audit provides independent and objective assurance and consulting services designed to add value and improve the Municipality's operations." 1.4 For the Internal Audit position to be effective, the Internal Audit Charter and Blueprint for Operation need to be applied through all Municipal activities. The function is not restricted to Finance issues and for this reason it is important to ensure the auditor has the authority to access all operating departments. 1.5 The purpose of this report is to seek the Audit Review Group's endorsement of the Internal Audit Charter and Blueprint for Operation. Conclusion: 2.0 In summary, the Municipality is now in a position to implement the Internal Audit function throughout the Municipality of Clarington's operating departments as recommended by our auditors Deloitte and Touche. The function as detailed in the Internal Audit Charter and Blueprint for Operation has been presented for review by the Audit Review Group. Attachments: Attachment #1 - Internal Audit Charter Attachment #2 - Blueprint for Operations - Form and Function CORPORATION OF THE MUNICIPALITY OF CLARINGTON 40 TEMPERANCE STREET, BOW MANVILLE, ONTARIO L 1C 3A6 T (905)623-3379 F (905)623-4169 Attachment #1 MUNICIPALITY OF CLARlNGTON INTERNAL AUDIT CHARTER 1.0 Preamble: 1.1 Management staff are responsible for ensuring the efficient and effective operation of Municipal programs and activities. In order to manage the operations of the Municipality, staff plan, organize, direct and control programs and activities in a manner designed to achieve outcomes and objectives defined by management. Internal Audit provides independent and objective assurance and consulting services designed to add value and improve the Municipality's operations. Internal Audit uses a systematic approach to assess risk and evaluate the effectiveness of controls and organizational processes used to achieve objectives. 2.0 Objective: 2.1 To contribute to the overall efficiency and effectiveness of the Municipality's operations and use of resources: . Identify, assess, measure, and report on key risks faced by the Municipality; . Examine and evaluate the adequacy, effectiveness, and efficiency of the systems of internal control; . Identify opportunities for improvements and streamlining processes. 3.0 Authority, Independence, and Responsibility: 3.1 Authority - The Internal Auditor is authorized to direct a broad, comprehensive program of internal auditing within the Municipality. The Internal Auditor has unrestricted access to all records, properties, functions, and personnel necessary to effectively discharge responsibilities with appropriate communication protocols. 3.2 Independence - The Internal Auditor reports to the Director of Finance and/or the Chief Administrative Officer and is independent of the programs and activities of the Municipality. In order to assure the independence of the function, the Internal Auditor has direct access to the Audit Review Group in situations for which a conflict of interest is present or may be reasonably inferred. 3.3 . Responsibility - Internal Audit encompasses the examination and evaluation ofthe adequacy, effectiveness, and efficiency ofthe systems of internal control and the quality of performance in carrying out the responsibilities of the Municipality. This can include: Reviews and evaluations of the soundness of controls and the reliability and integrity of financial, managerial, and operating data; Assessments of compliance with legislation and policies and procedures; Identification and evaluation of the methods and systems utilized for acquiring, using and safeguarding assets; and Reviews of operations and programs to assess the economy and efficiency used in meeting objectives established by the Municipality. . . . Internal Audit Charter Page 2 4.0 Objectivity: 4.1 Internal Audit will not implement procedures, prepare original records, or engage in other activities that could reasonably be construed as compromising independence and objectivity. Impartial and unbiased judgments essential to the conduct of internal audits and reviews are enhanced by the independence of Internal Audit. Objectivity is not adversely affected by the recommendation of standards or controls to be applied in developing systems and procedures or by the evaluation of existing or planned financial and operating system controls and procedures. 5.0 Confidentiality: 5.1 Information accessed in the course of an audit or review is used strictly for audit purposes and is not disclosed without the appropriate authority unless there is a legal or professional obligation to do so with appropriate communication protocols. Information received on a confidential basis will not be disclosed to third parties without permission, subject to applicable legislation. 6.0 Plan of Work: 6.1 Internal Audit will develop an annual work plan using appropriate risk-based methodology and identification of concerns by senior management. The plan will be reviewed by the Director of Finance and approved by the Audit Review Group on an annual basis. The plan will be implemented as approved with modifications and adjustments as appropriate given changing circumstances. The Blueprint for Operations, amended from time to time, reflects the method and approach used by Internal Audit in executing its plan of work. 7.0 Standards of Work: 7.1 In all its activities, Internal Audit will adhere to the code of Ethics adopted by the Institute ofInternal Auditors (Attachment A) as well as the Municipality's Code of Ethics policy (as amended from time to time). Engagements are performed with the care and skill expected of a reasonably prudent and competent internal auditor with consideration given to: . The extent of work required to meet objectives; . The complexity, materiality, and significance of areas under review; . The adequacy and effectiveness of internal controls; . The cost of assurance relative to potential benefits; and . The probability of significant errors, irregularities, or non-compliance. 8.0 Report of Work: 8.1 Internal Audit has a responsibility to inform and advise management as to significant or substantive issues noted in the course of its activities. Following each review, Internal Audit reports the results of it examination and makes recommendations to strengthen the management and control of the area under review. Summary reports are available and an Internal Audit Charter Page 3 annual review of work performed is presented to the Audit Review Group. The Blueprint for Operations, amended from time to time, reflects the method and approach used by Internal Audit in reporting its work. 9.0 Co-ordination of Work: 9.1 Internal Audit will co-ordinate its efforts with those of any external auditors to ensure that total audit resources are effectively utilized. The Institute of Internal Auditors . Code 01 Ethlca Attachment A to Internal Audit Charter Introduetlon " The purpose of The Institute's Code of Ethics Is to promote an ethical culture In the profeSSion of Internal auditing. Internal auditing is an independent, objective assurance and consulting activity designed to add value and Improve an organization's operations. It helps an organization accomplish Its objectives by bringing a systematic, disciplined approach to evaluate. and improve the effectiveness of risk management, control, and governance processes. A code of ethics Is necessary and appropriate for the profession of Intemal auditing, founded as It Is on the trust placed In Its objective assurance about risk management, control, and govemance. The Institute's Code of Ethics extends beyond the deflnltlon of Intemal auditing to Indude two essential components: 1. Principles that are relevant to the profession and practice of Intemal auditing; 2. Rules of Conduct that describe behavior norms expected of Intemal auditors. These rules are an aid to Interpretlng the Principles Into practical applications and are Intended to guide the ethical conduct of Internal auditors. The Code of ethics together with The Institute's Professional Practices Framework and other relevant Institute pronouncements proVide guidance to Internal auditors serving others. "Intemal auditors" refers to Institute members, recipients of or candidates for llA professional certlflcatlons, and those who provide Intemal auditing services within the definition of Intemal auditing. Applicability and Enforcement this Code of Ethics applies to both individuals and entities that provide Intemal auditing services. For Institute members and recipients of or candidates for IIA professional certlflcatlons, breaches of the Code of Ethics will be evaluated and administered according to The Institute's Bylaws and Administrative Guidelines. The fact that a partlcular conduct Is not mentioned In the Rules of Conduct does not prevent It from being unacceptable or discreditable, and therefore, the member, certification holder, or candidate can be liable for disciplinary action. Principles Internal auditors are expected to apply and uphold the following principles: . Integrity The Integrity of Internal auditors establishes trust and thus prOVides the basis for reliance on their judgment. . Objectivity Intemal auditors exhibit the highest level of professional objectivity In gathering, evaluating, and communicating Information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly Influenced by their own Interests or by others in forming judgments . Confldentiallty Intemal auditors respect the value and ownership of Information they receive and do not disclose Information without appropriate authority unless there Is a legal or profeSSional obligation to do so. . Competency Intemal auditors apply the knowledge, skills, and experience needed In the performance of Intemal auditing services. Rule. of Conduct 1. Integrity Internal auditors: 1.1. Shall perform their work with honesty, diligence, and responsibility. 1.2. Shall observe the law and make disclosures expected by the law and the profession. 1.3. Shall not knowingly be a party to any illegal actlvlty, or engage In acts that are discreditable to the profession of Internal auditing or to the organization. 1.4. Shall respect and contribute to the legitimate and ethical objectlves of the organization. Z. Objectivity Internal auditors: 2.1. Shall not participate In any activity or relationship that may Impair or be presumed to Impair their unbiased assessment. This participation Includes those activities or relationships that may be In conflict with the Interests of the organization. 2.2 Shall not accept anything that may impair or be presumed to Impair their profeSSional judgment. 2.3 Shall dlsdose all material facts known to them that, If not disclosed, may distort the reporting of activities under review. 3. Confidentiality Internal auditors: 3.1 Shall be prudent In the use and protection of information acquired In the course of their duties. 3.2 Shall not use information for any personal gain or In any manner that would be contrary to the law or detrimental to the legitimate and ethical objectlves of the organization. 4. Competency Internal auditors: 4.1. Shall engage only In those services for which they have the necessary knowledge, skills, and experience. 4.2 Shall perform Internal auditing services In accordance with the International Standards for the Professional Praroce of Internal Auditing. 4.3 Shall continually Improve their proficiency and the effectlveness and quality of their services. Adopted by The IIA Board of Directors, June 17, 2000 Copyright @ 2000 by The Institute of Internal Auditors, 247 Maitland Avenue, Altamonte Springs, Florida 32701-4201. Permission is hereby given to duplicate and translate this Code provided no substantive changes are made. The Institute of Internal Auditors 247 Maltiand Avenue, Altamonte Springs Fiorlda, 32701 Tel. 1+407-937-1100, Fax. 1+407-937-1101 Web: http://www.thella.org, Emall: onllne@thella.org Attachment 2 MUNICIPALITY OF CLARINGTON INTERNAL AUDIT BLUEPRINT FOR OPERATIONS - FORM AND FUNCTION 1.0 ORGANIZATION: . Audit function reports directly to the Director of Finance/Treasurer; . Reports presented to appropriate Department Heads for information purposes and decisions on any required action; . Annual summary of internal audit work presented to Audit Review Group; . Summary reports available to Council on request; . Director of Finance reviews and provides guidance for internal audit function with input from the Chief Administrative Officer as warranted: o Review internal audit terms of reference, goals, objectives, and audit schedules; o Review results of audits, consider recommendations, suggest alternatives o Provide guidance for control enhancements and implementation. 2.0 AUDIT PLANNING & RISK ASSESSMENT: . Use risk-based assessment wherever possible to develop audit plans; . Consider the control environment within the context of: o Protection of Municipal assets o Efficient use of resources o Compliance with policies, regulations, legislation . Assess the environment to identify high risk areas; . Criteria to include in the assessment of risk: o Potential areas for operational audits with identification of best practice; o Operational audit cycle based on assessment of prioritized need and risk; o Annual and compliance audits, based on the need to provide assurance that there is compliance with legislation, policies, and procedures; o Investigations based on receipt of concerns or allegations; D Audit cycle planning during the early part of the fiscal year; o Audits and reviews carried out during the course of the year with reports prepared and presented as each review is completed. 3.0 ASSIGNMENTS & TYPES OF WORK: 3.1 Compliance Reviews/Audits . Performed on a cyclical basis; . Test compliance with Municipal by-laws, procedures, and guidelines; . Review in context of good business practice; . Provide recommendations based on observations. BLUEPRINT FOR OPERATIONS - FORM & FUNCTION PAGE 2 3.2 3.3 3.4 . Operational Reviews/Audits As project leader, coordinate and participate in these reviews involving program management staff, performance measurement staff, and external consultants as needed Projects included as part of audit plan based on needs identified by Department Heads and may include developmental reviews; May require use of external consultants with expertise in particular service area; Examine and assess area; During the course ofthe audit: D Note best practice. D Compile this information and share with administrative staff. D Where appropriate, include in audit observations and recommendations Identify key points, best practices, training needs; Provide recommendations. . . . . . . Consulting Assignments Performed on an ad hoc basis as requested; Review processes and procedures; Provide documentation on procedures; Identify key points; Provide recommendations for development for review by departmental staff . . . . . Investigations Ad hoc reviews based on requests or allegations from or concerns identified by councillors, staff, vendors, public; and then directed by Chief Administrative Officer or applicable Department Head; Initial discussion to determine risk associated with claim and need or ability to follow-up based on information provided; D Perform preliminary work, as appropriate, to review the claim and establish potential validity; D Pursue further if warranted; D Prepare report and recommend action if appropriate. . 4.0 REPORTING AND FOLLOW-UP: 4.1 Compliance and Operational Audits . Detailed draft report with recommendations prepared at conclusion offield work; . Draft report and recommendations reviewed with the Director of Finance and/or the Chief Administrative Officer, the Department Head, and the Director of program area under review; . Draft report amended, if necessary, to correct factual errors or omissions and the Director requested to review the report and provide written management responses to recommendations within 4 weeks; . Draft report with management responses is presented to appropriate Department Head; . Department Head considers the report, recommends revisions if necessary and appropriate and takes any action required; . Internal Audit prepares an executive summary of the report available to Chief Administrative Officer. BLUEPRINT FOR OPERATIONS - FORM & FUNCTION PAGE 3 4.2 Consulting Assignments o Discussions with appropriate departmental staff as review progresses; o Obtain confirmation and understanding of processes and procedures; o Detailed draft report prepared at conclusion of review work; o Draft report and recommendations reviewed with Director of area under review - report amended, if necessary, to correct factual errors or omissions; o Director requested to provide written responses within 4 weeks; o Final report issued to Director, Department Head, and Chief Administrative Officer, where appropriate. 4.3 Investigations o Call record/log calls: o Maintain a record of calls and note information received; o Consult with appropriate staff to determine actions to be taken; o Explain action taken and reasons for steps taken. o Draft reports following investigation: o Detailed report to the Director of Human Resources, the Chief Administrative Officer, and Director of Finance as circumstances required; o Content of report: o Specify allegation or concern and Conclusion based on investigation; o Indicate decision to investigate and actions taken; o Identify what should be done if appropriate in the circumstances. 4.4 Follow-up (applies to all types of audits previously mentioned): o A follow-up report is prepared after sufficient time has elapsed for the recipient ofthe report to act on the recommendations; o The report consists of the recommendation, management's responses, and the implementation status; o The status is determined based on a questionnaire to management unless otherwise requested by Department Heads. 4.5 Annual report o Summary of audits performed prepared on an annual basis; o Presentation to Audit Review Group in spring - April/May. o Presentation to External Auditors prior to Annual Municipal Financial audit.