Agenda item

Report of KPMG

The KPMG Auditor introduced the Interim Audit report for 2011/12 and for the sake of new members explained that the report formed part of a chain of reports.  This, the interim report, followed the planning report which was considered in March and summarised the key findings arising from the work carried out to date in relation to council’s control environment for accounts production.

Overall the councils control environment was effective, with all but one of the aspects considered by KPMG being assessed as ‘level 3 - generally sound control environment’.  Risk assessment processes had been graded at level 2 (deficiencies in respect of individual controls) as a result of the number of recommendations raised by internal audit in their review of the area.

The councils IT control environment was effective but one area for further improvement identified was the need to formalise the review of access to various systems.  The reviews were necessary to ensure that only valid individuals had access to specific systems.  The justification for this was the implementation of a new system but KPMG were left with some questions about what this would mean for the accuracy of accounts – could an issue have crept through.

The controls over the financial systems that were selecting for testing were found to be generally sound, however there were known weaknesses in payroll controls.  Internal audit had issued a ‘limited assurance’ audit opinion as there was no reconciliation of the two current systems at the end of each month.  KPMG needed to satisfy them selves that the two systems reconciled at the end of the year and that no journals had been created.  As the control didn’t work they needed to apply alternative testing.  There were some systems that still needed to be tested and these would be tested as part of the work required at year-end.

KPMG relied on Internal Audit to maximise their efficiency, considering reports, assessing their plans and testing some of the work that they had undertaken.  KPMG found that Internal Audit fully complied with the Code of Practice for Internal Audit in Local Government and members should be assured that they could rely on Internal Audit.

The council’s overall process for preparation of the financial statements was adequate.  An issue had been identified last year regarding the lack of evidence of review of journals but this would be addressed following the transition to GO on the 1 April 2012.

In response to a member question, the Director of Resources advised that the £100k journal threshold had been used locally and when this issue had been discussed with the GO partners it was agreed that £100k was an acceptable level given the size of the organisations involved.  Generally, larger journals were dealt with by more senior officers within the finance team.  The KPMG Auditor assured members that this would be the subject of testing and any issues would be reported.  The Chair requested that the issue of the £100k threshold for journals be raised with the GO partners and a response reported back to the Committee in September.

The Director of Resources confirmed that the new ERP system would, as standard good practice, be subject to a regular review of users.  This had not been the case for APTOS as the new system was being developed.  The Head of Audit Cotswolds reassured member that this item was included on the Internal Audit action plan.  The KPMG Auditor explained that KPMG would not test GO as Grant Thornton had been appointed as external auditor for the GO partners.  KPMG would complete the audit for March 2012, which would be 95% complete by September.  The new auditors would be in place on the 1^st September and were welcome to review any information KPMG had. 

The Director of Resources assured members that Cheltenham Borough Council would still be audited as an independent authority as ultimately the new external auditor would still have to sign off separate accounts for each authority.  The decision to use the same auditor was based on the fact that there was now a shared system which would previously have been tested by 3 different external auditors.