《雅芳审计计划书.pdf》由会员分享,可在线阅读,更多相关《雅芳审计计划书.pdf(7页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、 Avon and Somerset Police Authority Avon&Somerset Police Authority Internal Audit Strategy 1 April 2007 to 31 March 2008 This report is prepared on the basis of the limitations within our Statement of Responsibility.This report and the work connected therewith are subject to the Terms and Conditions
2、 of the engagement letter dated 29/9/05 between Avon and Somerset Police Authority and Deloitte&Touche LLP.The report is produced solely for the use of Avon and Somerset Police Authority.Its contents should not be quoted or referred to in whole or in part without our prior written consent except as
3、required by law.Deloitte&Touche LLP will accept no responsibility to any third party,as the report has not been prepared,and is not intended,for any other purpose.Avon and Somerset Police Authority 1.INTRODUCTION.1 1.1 PURPOSE OF THE AUDIT STRATEGY.1 1.2 IDENTIFYING INTERNAL AUDIT COVERAGE.2 2.DEFIN
4、ITIONS OF AUDIT OPINION.3 APPENDIX I-2007/08 OPERATIONAL AUDIT PLAN APPENDIX II-STATEMENT OF RESPONSIBILITY Avon and Somerset Police Authority 1 1.INTRODUCTION 1.1 Purpose of the Audit Strategy This draft audit strategy covers the period 1 April 2007 to 31 March 2008.The purpose of this audit strate
5、gy is to define the approach and methodology to be followed which will enable us to:?Produce an Annual Internal Audit report and opinion to the Treasurer and Performance and Audit Committee on the system of internal control.?Audit the Authoritys risk management,control and governance arrangements th
6、rough an internal audit plan,prioritised according to the organisations objectives and risks.?Identify improvements to the Authoritys risk management,control and governance arrangements.?Identify the audit resources required to deliver an audit service which meets the standards defined in the CIPFA
7、Code of Practice for Internal Audit and in the auditing guidelines Guidance for Internal Auditors issued by the Auditing Practices Board of the Consultative Council of Accountancy Bodies(CCAB).?Maintain effective links and communication with the Authoritys external auditors.RSM Robson Rhodes LLP act
8、 as external auditors to the Authority,as appointed by the Audit Commission,and we will work with them in the delivery of the strategy to eliminate any duplication.Avon and Somerset Police Authority 2 1.2 Identifying Internal Audit Coverage It is not necessary to audit every aspect of risk,control a
9、nd governance every year,but in determining the internal audit coverage for the coming 12 months we have taken account of the following:?The Constabularys Strategic Risk Register;?High risk systems or processes,as identified by key members of the Authority and Constabulary during a series of structu
10、red interviews undertaken during 2005;?Input from both Chief Officer Group and the Police Authority;?Findings from audits undertaken during 2006/07;?A range of non-key risks will be included in each years coverage to add to the comprehensiveness of the opinion.Risks not defined as key still require
11、attention,to gain assurance that adverse impacts are not arising;?Discussions with the Authoritys previous internal auditors;external auditors and HMIC;and,?In addition to the consideration of existing risks and issues,consideration has been given to the extent of change taking place or planned to t
12、ake place in the Constabulary.Changing processes can be inherently more risky than established and known processes and the identification and correction of weaknesses during development is more economical than after the process has been put in place.The annual audit programme is at Appendix 1.Avon a
13、nd Somerset Police Authority 3 2.DEFINITIONS OF AUDIT OPINION Level of Assurance Description Low The system of internal control does not meet minimum acceptable standards overall because control deficiencies exist,which could allow material losses to take place and not be detected.Satisfactory Whils
14、t there is a basically sound system of internal control,there are weaknesses that put some of the system objectives at risk.The overall system of internal control may meet minimum acceptable standards overall but could be improved.Substantial Overall the system of internal control meets acceptable s
15、tandards and provides reasonable,but not absolute,assurance that the process covered is reliable and material losses will be detected in the normal course of business.Definitions of risk levels:Level of Risk Description High A critical control deficiency,which could allow material losses to take pla
16、ce and not be detected.Such a risk could lead to an adverse impact on the Police Service and expose the Authority and Senior Officers to criticism.Remedial action must be taken urgently.Medium A control deficiency which could allow losses to take place.Low A process improvement opportunity that is n
17、ot indicative of a control weakness but indicative of an opportunity for improvement in the efficiency or effectiveness of a process.These definitions of evaluations should be interpreted in conjunction with the scope of the audit work as defined in Section 2 and in the overall context that our find
18、ings should only be relied upon to be representative of the operation of control procedures at the time of discussion or observation of these control practices and in relation to the transactions tested.Projection of evaluations to future periods is subject to the risk that the policies and procedur
19、es may become inadequate because of changes in conditions,or that the degree of compliance with these policies and procedures may deteriorate.Avon and Somerset Police Authority Internal Audit Strategy Page 4 APPENDIX I 2007/08 OPERATIONAL AUDIT PLAN Primary Area of Risk(s)Audit Area Quarter Resource
20、s(Days)Governance?GAP analysis against CIPFA guidelines 2 5 Risk Management?Risk management framework 4 5 Planning?HR strategy?Initial Police Learning Development Programme 1 1 5 9 Delivery&Operations?Race relations?Transport services?Force Service Centre 2 2 3 6 6 7 Financial&Support Functions?Pens
21、ions management?General control environment -2 BCU visits(5 days each)?Business Continuity Planning?Training?Payroll and expenses incl.Trent Application Review?Purchasing and procurement collaborative arrangements?Estates management?Fixed assets and charges?Automatic Number Plate Recognition?Financi
22、al management review?General computer controls NSPIS HR 1 1 1 2 2 3 3 3 3 4 4 4 5 6 6 20 10 7 5 8 5 8 Operational Change?Guardian?Corporate Change Management Policy 3 4 10 5 Follow up?Follow up of prior audit reviews 4 10 Management?Management,Development of Audit Strategy,Meetings and Audit Committ
23、ee preparation and attendance 20 TOTAL DAYS 177 Avon&Somerset Authority Internal Audit Strategy APPENDIX II-STATEMENT OF RESPONSIBILITY We take responsibility for this report which is prepared on the basis of the limitations set out below.The matters raised in this report are only those which came t
24、o our attention during the course of our internal audit work and are not necessarily a comprehensive statement of all the weaknesses that exist or all improvements that might be made.Recommendations for improvements should be assessed by you for their full impact before they are implemented.The perf
25、ormance of internal audit work is not and should not be taken as a substitute for managements responsibilities for the application of sound management practices.We emphasise that the responsibility for a sound system of internal controls and the prevention and detection of fraud and other irregulari
26、ties rests with management and work performed by internal audit should not be relied upon to identify all strengths and weaknesses in internal controls,nor relied upon to identify all circumstances of fraud or irregularity.Auditors,in conducting their work,are required to have regards to the possibi
27、lity of fraud or irregularities.Even sound systems of internal control can only provide reasonable and not absolute assurance and may not be proof against collusive fraud.Internal audit procedures are designed to focus on areas as identified by management as being of greatest risk and significance a
28、nd as such we rely on management to provide us full access to their accounting records and transactions for the purposes of our audit work and to ensure the authenticity of these documents.Effective and timely implementation of our recommendations by management is important for the maintenance of a
29、reliable internal control system.Deloitte&Touche LLP Bristol March 2007 In this document references to Deloitte are references to Deloitte&Touche LLP.Deloitte&Touche LLP is a limited liability partnership registered in England and Wales with registered number OC303675 and its registered office at St
30、onecutter Court,1 Stonecutter Street,London EC4A 4TR,United Kingdom.Deloitte&Touche LLP is the United Kingdom member firm of Deloitte Touche Tohmatsu(DTT),a Swiss Verein whose member firms are separate and independent legal entities.Neither DTT nor any of its member firms has any liability for each others acts or omissions.Services are provided by member firms or their subsidiaries and not by DTT.2007 Deloitte&Touche LLP.All rights reserved.