Annual Report Year Ending 31 March 2012

SECRETARIAT AUDIT AND RISK COMMITTEE
REPORT TO THE ASSEMBLY COMMISSION

YEAR ENDING 31 MARCH 2012

CHAIRMAN’S FOREWORD

I am pleased to present the Annual Report for 2011/2012 on behalf of the Secretariat Audit and Risk Committee (SARC). This Report describes how SARC fulfilled its role of providing support and advice to the Assembly Commission and the Clerk/Director General in order to ensure sound financial and governance arrangements. In line with its policy of openness and accessibility, SARC Annual Reports and the minutes of SARC meetings are placed on the Assembly website.

This has been another interesting and busy year for SARC as the Commission and the Secretariat Management Group (SMG) have pressed on with their programme of reform of corporate governance including:

• Publication of Members’ expenses
• New rules on the payment of expenses and allowances
• The establishment of the Independent Financial Review Panel to set future pay and allowances
• The review of Financial Assistance for Political Parties

During the reporting year, SARC provided support to the Secretariat in relation to managing risk and contributed to the completion process for 2010/11 Accounts. In particular, SARC concentrated on procurement compliance, the implementation of outstanding audit recommendations and on further improving and refining Management Controls, including the further development of Stewardship Statements. SARC also considered Risk Management policy, issues relating to the Spending Review and Business Efficiency Programme, and the Report to those charged with Governance. The Corporate Risk Register was reviewed each quarter by SARC.

The Internal Audit Plan for 2011/2012 (the final year of a three-year plan originally agreed by SARC in 2009) was reviewed by SARC on 1 June 2011, and Activity Reports were received from the Head of Internal Audit at each meeting. With the exception of an audit of Security and Usher services, which was deferred at Management’s request, the revised programme was successfully completed. A draft Audit Strategy was considered by SARC at its meeting on 14 March 2012.

When SARC was created some three years ago, it and the newly appointed Secretariat Management Group (SMG) inherited a list of over 100 earlier audit recommendations at various stages of implementation. We have put in place an effective system for systematically assessing new audit recommendations as they arise and actively managing and monitoring implementation with clear timetables and targets. During the past year, this has resulted in SARC ensuring that all audit recommendations have now been implemented or have action in hand to implement them.

In these financially challenging times, I am also pleased to report that we achieved all this and made a substantial saving on our allocated budget

I am grateful to the Assembly Commission for its support and for allowing me and my predecessor to attend its meetings and to contribute to its discussions. This has been very helpful in providing a broader perspective for the work of SARC. I have also been privileged to have an active role in the ongoing work of the Business Efficiency Project Board.

I would like to thank my predecessor Alan McQuillan, who chaired SARC until July 2011, for his support, professionalism, insight and enthusiasm. I also wish to thank Pat Ramsey MLA for his important and valued contribution to the work of SARC, and I am delighted to welcome Douglas Bain as the new independent member of SARC.

Finally, my thanks go to the Clerk/Director General and the staff of the Assembly Secretariat for their commitment and diligence in providing SARC with the information necessary to achieve its objectives as well as very valuable secretarial services.

COLM McKENNA
CHAIRMAN

CONTENTS

Introduction

The Secretariat Audit and Risk Committee (SARC)

• Meetings
• Management Information Systems and Controls

Progress of SARC 2011/2012

• Performance against key objectives
• SARC budget and expenditure

Internal Audit Activity 2011/12

NI Assembly Accounts 2010/2011

Evaluation of SARC 2011/12

SARC Plan 2012/13

• SARC Key objectives
• SARC Budget

Internal Audit Strategy

Annexes

A - Internal Audit Programme Progress Report 2011/2012

B - Definition of Audit Ratings

C - SARC Self Assessment

D - SARC Budget 2012/2013

SECRETARIAT AUDIT AND RISK COMMITTEE
REPORT TO THE ASSEMBLY COMMISSION
FOR YEAR ENDING 31 MARCH 2012

1 INTRODUCTION

This Report provides the Assembly Commission with an account of the activity and achievements of the Secretariat Audit and Risk Committee (SARC) in 2011/2012 in relation to its objectives for that year. The Report also sets out SARC’s objectives and budget for 2012/2013.

2 SECRETARIAT AUDIT AND RISK COMMITTEE (SARC)

SARC plays an important role in the overall system of corporate governance in the NI Assembly Secretariat. It is independent of the Secretariat and aims to support the Clerk/Director General in his role as Accounting Officer. It also provides independent support to the Assembly Commission in monitoring its responsibilities for issues of risk, control and governance and by reviewing the comprehensiveness of assurances.  

2.1 Meetings

SARC meets at least four times a year, although the Chairperson may convene additional meetings should he feel that this is necessary. During 2011/12, SARC met six times (1 June 2011; 27 June 2011; 6 September 2011; 11 October 2011; 9 December 2011; and 14 March 2012).

SARC meetings are normally attended by the Accounting Officer, the Director of Corporate Services, the Head of Internal Audit and a representative from the Northern Ireland Audit Office. Secretarial support is provided by the Legal and Governance Services Directorate.

The Chairperson of SARC attends meetings of the Assembly Commission as an observer. Mr McQuillan attended meetings of the Commission on 23 May 2011 and 31 May 2011. Mr McKenna attended the Commission meetings on 4 July 2011; 27 September 2011; 8 November 2011; 29 November 2011; 13 December 2011; 24 January 2012; and 28 February 2012. Douglas Bain attended the Commission meetings on 28 February 2012 and 20 March 2012.

2.2 Management Information Systems and Controls

At each meeting, SARC is provided with a number of analyses and reports including:

• A log of all outstanding Audit Recommendations together with a statement of the current position on each and a target date for completion of any outstanding actions. This is used at each meeting to monitor progress and ensure that recommendations are managed and closed in a controlled manner.
• Any significant changes to the Corporate Risk Register and any areas of concern. SARC monitors the actions taken by SMG to manage the Corporate Risks to ensure they remain both relevant and effective. Copies of the Assurance Statements completed by Risk Owners are submitted to the SARC for scrutiny every six months.
• A report in relation to any issues of concern relevant to SARC regarding the delivery of the Corporate Plan objectives.
• A progress report from the Head of Internal Audit summarising:
• Work performed (and a comparison with work planned)
• Key issues emerging from Internal Audit work
• Management response to audit recommendations
• Changes to the Periodic Plan
• Any resource issues affecting the delivery of Internal Audit objectives
• A progress report from the NI Audit Office representative summarising work done and emerging findings.

As and when appropriate, or when requested, the SARC will also be provided with:

• Proposals for the Terms of Reference of Internal Audit;
• The Internal Audit Strategy;
• Head of Internal Audit’s Annual Opinion and Report;
• Quality Assurance reports on the Internal Audit function;
• The draft accounts of the Assembly;
• The draft Statement on Internal Control;
• A report on any changes to accounting policies;
• A report from the Accounting Officer summarising progress against the Secretariat’s Business Plan, highlighting any issues that may be relevant to the work of the SARC;
• The NIAO’s Report to those charged with Governance;
• A report on any proposals to tender for audit functions;
• A report on co-operation between Internal and External Audit;
• The NIAO audit strategy;
• Information on any impending changes (as identified by Internal or External Audit) that may impact upon the work of the SARC.

3 PROGRESS OF SARC IN 2011/12

3.1 Performance against key objectives

KEY OBJECTIVE	PERFORMANCE
To consolidate and embed the recent changes in the rapid implementation of audit recommendations to make them even more effective.	Noticeable improvement in the rapid implementation the outstanding audit recommendations. An effective system for assessing new audit recommendations as well as managing and monitoring their implementation was maintained and improved.
To adapt SARC processes to any changes emerging from the work of the Independent Financial Review Panel.	Watching brief to date.
To continue to work with the SMG on key risk areas including procurement to help manage risk and secure value for money.	Significant emphasis placed on monitoring procurement throughout the year.
To support the Commission and SMG in the challenges posed by declining budgets and the desire to refine and improve services to MLAs and the public in this new Mandate.	SARC Chairperson attends meetings of the Business Efficiency Project Board.

3.2 SARC budget and expenditure

The budget for 2011/2012 was estimated based on anticipated activity and the activity in the previous year. Adjustments were made in year in line with the actual level of activity.

BUDGET HEADING	ORIGINAL BUDGET £	IN YEAR ADJUSTED BUDGET £	EXPENDITURE £
Committee members’ fees	22,670	10,000	8,221
Travel and subsistence	2,240	200	185
General Business Expenditure	2,434	395	312
TOTAL	27,344	10,595	8,718

4 INTERNAL AUDIT ACTIVITY 2011/12

4.1 Internal Audit Programme 2011/12

Details of the progress in relation to the Internal Audit Programme for 2011/12 are attached at Annex A.

4.2 Work completed

Risk Rating Definitions are attached at Annex B. Final Internal Audit reports have been issued in respect of the following assignments:

ASSIGNMENT	AUDIT RATING
Use of Procurement Cards	Limited
Review of Members’ Expenses	Satisfactory
N.I. Assembly & Business Trust	Limited
Managed Print Contract	Unacceptable
Learning & Development	Satisfactory
Bill Office	Substantial
Events Office	Satisfactory
FOI unit	Satisfactory

In addition the following assignments were in progress:

ASSIGNMENT

Secretariat Payroll

Members’ Expenses

Business Continuity Planning

Systems Under Development

4.3 Key Issues

A range of risk and control issues was brought to Management’s attention during the year and included risks relating to minor breaches of usage guidelines for procurement cards, financial management arrangements for the NI Assembly and Business Trust, and the availability of information relating to the managed print contract.

5 NI ASSEMBLY ACCOUNTS 2010/2011

Based on an examination of the Accounts and the Report to Those Charged with Governance, SARC recommended on 27 June 2011 that the Clerk/ Director General sign the 2010/11 accounts.  The SARC Chairperson and the Clerk/Director General thanked the Secretariat and NIAO staff involved for delivering the accounts to timetable.

6 EVALUATION OF SARC 2011/12

At the SARC meeting on 14 March 2012, SARC members completed a self-assessment checklist for 2011/2012 which is attached at Annex C. This indicates the extent to which SARC has complied with its remit.

7 SARC PLAN 2012/13

7.1 SARC Key Objectives

On 9 December 2011, the Secretariat Audit and Risk Committee agreed the following objectives for 2012/2013:

• To consolidate and embed the recent changes in the rapid implementation of audit recommendations to make them even more effective.
• To adapt SARC processes to any changes emerging from the work of the Independent Financial Review Panel.
• To continue to work with the SMG on key risk areas including procurement to help manage risk and secure value for money.
• To support the Commission and SMG in the challenges posed by declining budgets and the desire to refine and improve services to MLAs and the public in this new Mandate

7.2 SARC Budget

Details of the SARC budget for 2012/13 are attached at Annex D.

8 INTERNAL AUDIT STRATEGY

A draft revised Internal Audit strategy is in development and was considered by SARC on 14 March 2012.

MEMBERS OF SARC 2011/12:

COLM McKENNA, INDEPENDENT CHAIRPERSON FROM 1 DECEMBER 2011 (ACTING INDEPENDENT CHAIRPERSON FROM 11 JULY 2011 TO 1 DECEMBER 2011)
ALAN McQUILLAN, INDEPENDENT CHAIRPERSON TO 11 JULY 2011
DOUGLAS BAIN, INDEPENDENT MEMBER FROM 1 FEBRUARY 2012
PAT RAMSEY MLA, ASSEMBLY COMMISSION REPRESENTATIVE

ANNEX A

INTERNAL AUDIT PROGRAMME 2011/2012

PROGRESS REPORT

DIRECTORATE/BUSINESS AREA	RISK SCORE	ASSURANCE	REPORT
CLERKING & REPORTING
Review of Bill Office	105	Substantial	September 2011
CORPORATE SERVICES
Review of Procurement Cards	130	Limited	May 2011
Review of Members’ Expenses	130	Satisfactory	May 2011
Review of Learning & Development	140	Satisfactory	September 2011
INFORMATION & OUTREACH
NI Assembly & Business Trust	N/A	Limited	June 2011
Managed Print Contract	N/A	Unacceptable	June 2011
Review of Events Office	90	Satisfactory	October 2011
Review of Freedom of Information unit	110	Satisfactory	December 2011

 

FOLLOW-UP AUDITS	ASSURANCE	REPORT
Building Services	Satisfactory	May 2011
Hansard	Substantial	May 2011
Secretariat Travel & Subsistence	Substantial	August 2011
Procurement	Limited	June 2011
FAPP	Satisfactory	November 2011
NI Assembly & Business Trust	Limited	November 2011
Procurement Cards	Substantial	December 2011

ANNEX B

ASSURANCE DEFINITIONS

SUBSTANTIAL

There is a robust system of risk management, control and governance which should ensure that objectives are fully achieved.

SATISFACTORY

There is some risk that objectives may not be fully achieved. Some improvements are required to enhance the adequacy and / or effectiveness of risk management, control and governance.

LIMITED

There is considerable risk that the system will fail to meet its objectives. Prompt action is required to improve the adequacy and effectiveness or risk management, control and governance.

UNACCEPTABLE

The system has failed or there is a real and substantial risk that the system will fail to meet its objectives. Urgent action is required to improve the adequacy and effectiveness of risk management, control and governance.

ANNEX C

SELF ASSESSMENT OF THE ASSEMBLY SECRETARIAT AUDIT AND RISK COMMITTEE FOR YEAR ENDING 31 MARCH 2012

ROLE AND REMIT	YES/NO/NA	COMMENTS/ACTION
Does SARC have written terms of reference?	YES
Do the terms of reference cover the core functions of an audit committee as identified in the HM Treasury Audit Committee Handbook?	YES
Are the terms of reference approved by SARC and reviewed periodically?	YES	The Terms of Reference were reviewed on 30 September 2010
Has SARC been provided with sufficient membership, authority and resources to perform its role effectively and independently?	YES
Does SARC periodically assess its own effectiveness?	YES	This is done annually
MEMBERSHIP, INDUCTION AND TRAINING	YES/NO/NA	COMMENTS/ACTION
Has the membership of the SARC been formally agreed by the Assembly Commission and/or Accountable Officer and a quorum set?	YES
Are the independent members of SARC appointed for a fixed term?	YES	The Chairperson and Independent member are appointed for an initial period of three years with the option of two additional periods of one year each.
Does SARC have the appropriate skills eg does at least one member of SARC have a financial background?	YES
Are all members of SARC, including the chair, independent of the executive function?	YES
Are new SARC members provided with an appropriate induction?	YES
Has each SARC member formally declared his/her business interests?	YES
Are SARC members sufficiently independent of the other key management committees of the Assembly?	YES
Has SARC considered the arrangements for assessing the attendance and performance of each member?	YES	This is carried out annually.
MEETINGS	YES/NO/NA	COMMENTS/ACTION
Does SARC meet regularly, at least four times a year?	YES
Do the terms of reference set out the frequency and broad timing of meetings?	YES
Does the SARC calendar meet the Assembly’s business and governance needs, as well as the requirements of the financial reporting calendar?	YES
Do SARC members attend meetings on a regular basis and if not, is appropriate action taken?	YES
Does the Accounting Officer attend all meetings and, if not, is he/she provided with a record of discussions?	YES
Do appropriate officials attend SARC meetings, including representatives from Internal Audit, External Audit and Finance?	YES
Does SARC have sufficient time to give proper consideration to its business?	YES
INTERNAL CONTROL	YES/NO/NA	COMMENTS/ACTION
Does SARC consider the findings of annual reviews by Internal Audit and others, on the effectiveness of the arrangements for risk management, control and governance?	YES
Does SARC consider the findings of reviews on the effectiveness of the system of internal control?	YES
Does SARC have responsibility for review of the draft Statement on Internal Control (SIC) and does it consider this separately from the accounts?	YES
Does SARC consider how accurate and meaningful the SIC is?	YES
Does SARC satisfy itself that the arrangements for risk management, control and governance have operated effectively throughout the reporting period?	YES
Has SARC considered how it should coordinate with other management committees that have responsibility for risk management and corporate governance ie the Assembly Commission and the Secretariat Management Group?	YES	Independent Members of the SARC attend meetings of the Assembly Commission. Members of the Secretariat Management Group attend meetings of the SARC on a rolling-programme basis.
Has SARC satisfied itself that the Assembly has adopted appropriate arrangements to counter and deal with fraud?	YES
Has SARC been made aware of the role of risk management in the preparation of the internal audit plan?	YES
Does SARC’s Terms of Reference include oversight of the risk management process?	YES
Does SARC receive and consider Stewardship Statements from senior staff including those in key business areas such as Finance, HR and Information Systems?	YES
FINANCIAL REPORTING AND REGULATORY MATTERS	YES/NO/NA	COMMENTS/ACTION
Is SARC’s role in the consideration of the annual accounts clearly defined?	YES
Does SARC consider, as appropriate: the suitability of accounting policies major judgments made large write-offs changes in accounting treatment the reasonableness of accounting estimates the narrative aspects of reporting?	YES TO ALL
Is a SARC meeting scheduled to receive the external auditor's report to those charged with governance including a discussion of proposed adjustments to the accounts and other issues arising from the audit?	YES
Does SARC have an understanding of management's procedures for preparing the Assembly’s annual accounts?	YES
Does SARC have a mechanism to keep it aware of topical legal and regulatory issues?	SARC members are kept aware of such developments through circulation of all DAO letters and information provided by external auditor and Assembly officials. SARC members also attend relevant training courses and conferences.
INTERNAL AUDIT	YES/NO/NA	COMMENTS/ACTION
Does the Head of Internal Audit attend meetings of SARC?	YES
Does SARC approve, annually and in detail, the internal audit plans including consideration of whether the scope of internal audit work addresses the Assembly’s significant risks?	YES
Does Internal Audit have a direct reporting line, if required, to SARC?	YES
As well as an annual report from the Head of Internal Audit, does SARC receive progress reports from the Internal Audit service?	YES
Are outputs from follow-up audits by Internal Audit monitored by SARC and does it consider the adequacy of implementation of recommendations?	YES
If considered necessary, is the SARC chair able to hold private discussions with the Head of Internal Audit?	YES
Is there appropriate co-operation between the internal and external auditors?	YES
Does SARC review the adequacy of internal audit staffing and other resources?	YES
Are Internal Audit performance measures monitored by SARC?	YES
Has SARC considered the information it wishes to receive from Internal Audit?	YES
Do formal terms of reference exist defining Internal Audit's objectives, responsibilities, authority and reporting lines?	YES	The responsibilities of the Head of Internal Audit are defined in a letter of delegation from the Clerk/DG
EXTERNAL AUDIT	YES/NO/NA	COMMENTS/ACTION
Does the External Audit representative attend meetings of SARC?	YES
Do the external auditors present and discuss their audit plans and strategy with SARC (recognising the statutory duties of external audit)?	YES
Does the SARC chair hold periodic private discussions with the external auditor?	YES	The SARC Chairperson meets with the Comptroller and Auditor General as appropriate and with the NIAO representative on SARC on a regular basis.
Does SARC review the external auditor's annual report to those charged with governance?	YES
Does SARC ensure that officials are monitoring action taken to implement external audit recommendations?	YES
Are reports on the work of External Audit presented to SARC?	YES
Does SARC assess the performance of External Audit?	NO	Whilst there is no formal assessment mechanism, SARC sees all of this work. Where there are any concerns that have not been resolved at operational levels these are discussed between SARC and the NIAO representative on the Committee.
ADMINISTRATION	YES/NO/NA	COMMENTS/ACTION
Does SARC have a designated secretariat?	YES
Are agenda papers circulated in advance of meetings to allow adequate preparation by SARC members?	YES
Do reports to SARC communicate relevant information at the right frequency, time, and in a format that is effective?	YES
Does SARC issue guidelines and/or a pro forma concerning the format and content of the papers to be presented?	YES
Are SARC minutes prepared and circulated promptly to the appropriate people, including all SARC members?	YES
Is a report on matters arising presented or does the Chair raise them at SARC's next meeting?	Action points in relation to issues discussed are circulated to all attendees following each SARC meeting.
Do action points indicate who is to perform what and by when?	YES
Does SARC provide an effective Annual Report on its own activities?	YES
OVERALL	YES/NO/NA	COMMENTS/ACTION
Does SARC effectively contribute to the overall control environment of the Assembly?	YES
Are there any areas where SARC could improve upon its current level of effectiveness?	YES	The culture of SARC is to seek continuous improvement in its work and around the audit business processes. Its work in this is also driven in part by the commitment of the Commission and SMG to improvements in areas like the framework of rules around Members’ pay and allowances, audit of expenses and procurement. SARC members attend induction training and continue to develop skills.
Does SARC seek feedback on its performance from the Assembly Commission and Accounting Officer?	YES

ANNEX D

SECRETARIAT AUDIT AND RISK COMMITTEE
BUDGET 2012/2013

BUDGET HEADING	AMOUNT (£)
Committee members’ fees	12,000
Travel and Subsistence	2,186
General Business Expenditure	2,370
TOTAL (excluding fees)	4,556