Audit Committee Tuesday 14 June 2011 Item No 9

Accounts Payable: Risk Assessment Report by Gerald Tait, Risk and Audit Manager 1. Introduction This report invites scrutiny of the risk assessment into the Accounts Payable system which is one of the Council’s main financial systems. 2. Background At previous meetings, the Audit Committee has received and promoted risk assessments in the IT systems and Accounts Receivable. Recently, the risk assessment of Accounts Payable has been concluded by management and is attached. The assessment has been used to promote robust internal control and to highlight specific controls that could be improved. The right-hand column of the appendix highlights any residual risks viz:Control 3 – discussions are ongoing as to when leavers should be deleted from user accesses to computer systems; Control 5 – work is underway to agree the exception reports most appropriate for the business; Control 14 – User guidance is to be updated and version controls put in place; Control 18 – Procurement procedures to be expanded to encourage robust audit trails; Control 19 – review of separation of duties in ordering goods and services; Control 21 – Specimen authorised signatories are being secured so that they cannot be copied; Control 22 – Internal Audit will review the counter-signatory procedures for orders over £50k; Control 22 – Review counter-signatures when an official order is not used e.g. engagement via letter; Control 23 – Review of signatory powers and use in ‘electronic’ systems; Control 46 – Use of credit cards by council officials being reviewed and new procedures to be produced; and Control 49 – new authorising powers for credit card use to be set up in the electronic authorised signatories system. 3. Report Implications 3.1 Resource There are unlikely to be any direct resource implications arising from this report.

Equalities – there are no equalities issues arising from this report Sustainability – the Audit Committee has a key role in promoting sound governance. and (3) Note that a follow-up report on residual will be presented to the committee at a later date. Risk and Audit Manager Tel: 0131-271-3284 E-Mail: Gerald. management of risk and the internal control environment and the risk assessment of the main financial and IT systems helps to ensure the sustainability of the Council and in particular the control over payments. 3. 4. Audit Scotland and the Head of Finance and Human Resources (s95 officer). Consultation – consultation has taken place with the Risk and Audit team.2 Risk Risk assessment provides an opportunity to review in detail internal controls and the means to manage risk. the Business Services section. The assessment has highlighted where internal control could be improved. 30 May 2011 Report Author: Gerald Tait.3 Policy Strategy – this report addresses directly the council’s policy to have a robust internal control environment. (2) Note the residual risks being . management of risk and effective governance.2 3. Recommendations The Audit Committee is invited to:(1) Welcome the risk assessment.tait@midlothian. The risk assessment is included in the Finance and Human Resources risk register and will be subjected to regular

Sign up to vote on this title
UsefulNot useful