The URL can be used to link to this page

Home My WebLink AboutFCS-16-183 - 2017 Service Review & Internal Audit Work Plan_ REPORT TO: Audit Committee DATE OF MEETING: December 12, 2016 SUBMITTED BY: Corina Tasker, Internal Auditor, 519-741-2200 ext. 7361 PREPARED BY: Corina Tasker, Internal Auditor, 519-741-2200 ext. 7361 WARD(S) INVOLVED: ALL DATE OF REPORT: December 1, 2016 REPORT NO.: FCS-16-183 SUBJECT: 2017 Service Review and Internal Audit Work Plan ___________________________________________________________________________ RECOMMENDATION: That the 2017 Internal Audit work plan be approved as outlined in report FCS-16- 183 dated December 1, 2016. BACKGROUND: Under the Audit Committee terms of reference it is the Audit Committee’s responsibility to provide recommendations for areas of focus and types of audits as well as approve the annual internal audit work plan. The integrated service review work plan encompasses not only the work of Internal Audit but also that of other staff across the corporation with responsibility for service review work. By planning service review work corporately it ensures that there is no duplication of effort and that work is integrated across departments where required. This comprehensive approach also ensures that all service areas will be reviewed at some point over approximately a six year period. This report shows the 2017 integrated service review work plan as well as the Internal Audit work plan. Only the Internal Audit work plan requires Audit Committee approval. *** This information is available in accessible formats upon request. *** Please call 519-741-2345 or TTY 1-866-969-9994 for assistance. 2 - 1 2 - 1 REPORT: Service Review Goal The Effective and Efficient City Services priority within the City’s Strategic Plan (2015 - 2018) places a priority on improving the design and delivery of city services, responsible stewardship of public funds and accountability, among other things. The overarching goal of service reviews is to protect the City’s assets and interests, which supports these priorities. This includes, but is not limited to, protecting the long term health of the organization, its financial and physical assets, its reputation, its ability to perform critical services and the safety and well-being of employees and citizens. The way that staff achieves this goal is through three main categories of review work: 1. Ensuring operations are efficient and effective as possible Are we doing the right things? Are we doing things in the right way? Are we making the best use of our limited resources? 2. Ensuring controls are adequate to protect assets from loss Have risks been adequately identified and mitigated? Are there structures and processes in place to prevent or detect loss, theft, fraud? 3. Monitoring compliance with policy, procedures and legislation Has staff been adequately trained on what is expected of them? Are staff following the rules to ensure work is accurate, reliable, timely, efficient, effective, safe, and legal? Are staff putting the corporation at risk in any way through their actions or inactions? This review work is carried out by internal audit, along with staff in the City’s various departments, to review both internal and customer facing services using a variety of tools. These may include: Service delivery reviews Process mapping, including assessing adequacy of controls Time studies Value for money analysis Organizational structure review Review of workplace culture Risk assessments Policy review Compliance audits; and Physical inventory and cash counts 2 - 2 2 - 2 2017 Internal Audit Work Plan The 2017 internal audit work plan includes service reviews as well as controls audits and recurring internal audit activities. Audit Committee is asked to approve the 2017 Internal Audit work plan shown below as per the Audit Committee terms of reference. A description of the types of review is included in Appendix A. New this year, Council priorities for service reviews were solicited during the September 2016 Audit Committee meeting. The following priorities were identified: Water and gas utility – roles clarification By-law Enforcement – workload, capacity Park Open Space Design and Development – service delivery Engineering – value for money of consultants Information Technology (cyber security) – risk assessment and controls Operations division - comprehensive Every effort has been made to include those requests within the work plan. However, there was not capacity for all items in 2017. With regards to the water and gas utility review, a preliminary risk review is scheduled to occur near the end of 2017. Specific areas of risk will be identified which will further direct more in-depth service reviews in 2018. It is felt that this risk assessment is a required first step in order to determine where focus should be placed. Two reviews were requested in the Operations area – a review of the whole area and a more specific look at Park Open Space Design and Development. It is felt that since Operations is now in two separate divisions and there are so many specific lines of business that doing a large comprehensive review of everything would be overwhelming. It would end up being too high level to make any impact. Instead, more focused reviews on specific areas within Operations will be conducted over time. In 2017 the highest priority Operations areas are Winter Maintenance and Aggregates. The remainder of the reviews requested by Council have been included in the work plan. Audit Area Type of Review Service Reviews Revenue (continued from 2016) Comprehensive Engineering – Consultants Value for Money Fire – Administration Process, Capacity By-law Enforcement – Property Standards Workload, Capacity Operations – Aggregates Process Review, Value for Money Operations – Winter Maintenance Process Review Kitchener Utilities Risk Assessment 2 - 3 2 - 3 Controls Audits Information Technology – Cyber Security Risk assessment and controls testing Petty cash Compliance SAP – User Profiles Separation of Duties Recurring Internal Audit Activity Physical Inventory Count verification Confidential Investigations As required 2017 Integrated Service Review Work Plan The 2017 integrated service review work plan is for information only. In addition to the service reviews from the internal audit work plan above, the following reviews are also included in the integrated service review work plan: Service Type of Review Resource(s) Neighbourhood Strategy – at Process review CSD, INS, FCS least two priority “red tape” focus areas Benefits and Pensions Process / Capacity review FCS Administration Recruiting Phase 3: internships Service delivery / Process FCS and co-op placements review For your information, the prioritized list of services has been included in Appendix B. The list was generated through a comprehensive prioritization process in 2016 which ranked all services against one another based on inherent risk, expense budget, and date of last review. The resulting prioritized list is the basis for the service review work plans. Information regarding audits and / or service reviews which have been conducted in the past have been included in the chart. Council priorities for 2017 have been indicated in the chart as well. Reporting All service reviews assigned to Internal Audit will be brought forward through the Audit Committee in audit status reports on a quarterly basis. All service reviews assigned to other resources will be brought forward through the Audit Committee in an annual summary report in conjunction with Internal Audit’s year in review report. The report will contain the status of the reviews and any major findings or recommendations but will be much smaller in scope and detail than the internal audit reports. If further explanation or detail is required by Council this can be provided upon request. Any reports which require a decision by Council will be brought forward to the appropriate committee with a detailed report.For example, if recommendations within the report indicate that a service should be discontinued, changed significantly or additional funding is required then it would be brought forward for Council approval. 2 - 4 2 - 4 ALIGNMENT WITH CITY OF KITCHENER STRATEGIC PLAN: This report supports the achievement of the city’s strategic vision through the delivery of core service. FINANCIAL IMPLICATIONS: There are no financial implications related to this report. COMMUNITY ENGAGEMENT: INFORM – This report has been posted to the City’s website with the agenda in advance of the council / committee meeting. ACKNOWLEDGED BY: Dan Chapman, Deputy CAO, Finance and Corporate Services 2 - 5 2 - 5 APPENDIX A: TYPES OF REVIEWS TypeofReviewDefinition CapacityAreviewoftheactualtransactionorworkvolume,theaverage timetocompleteeachtransactionandtheestimatedrequired resourcingcomparedtotheactualresourcing. ComplianceAtesttodetermineifstaffisfollowingallrules,regulationsand policiesassociatedwiththeservice. ComprehensiveAnallencompassingreviewofthedivisionorserviceincluding thingslikeprocessreview,organizationstructurereview,controls, compliance,riskassessment,servicedelivery,customer satisfaction,valueformoney,capacity,benchmarkingandany otheranalysisrequired. ControlsAnanalysisandtestofcontrolpointswithinaprocesstoensure thatfraudulentactivitycanbeeliminatedormitigated. CostanalysisAdetailedanalysisofdirectandoverheadcostsofaserviceand analysisofchargeoutratesifapplicable. CustomersatisfactionAreviewofcustomersatisfactionwithaserviceandwhere improvementscouldbemade. FollowupAnadditionalreviewofanytype,notsoonerthan1yearafterthe "___________"originalreviewinordertoassesstheimpactoftheoriginal recommendationsandproactivelyidentifyanynew/emerging risks. ProcessAnanalysisofhowaprocessisdoneandwhereefficiency& effectivenessimprovementscouldbemade,including considerationofallstakeholdersrelatedtotheprocess. RiskassessmentAnidentificationofallofthepossiblerisksthatcouldaffecta serviceincludingratingtheprobabilityandimpactoftheriskusing thecorporateriskmatrix. RoleclarificationClarification,documentation,andcommunicationofrolesand responsibilitiesofsimilarrolestoensurethereisnooverlapin duties. ServicedeliveryAreviewtodeterminetheoptimalmethodofdeliveringaservice includingexploringoptionsofcontractingoutornotdeliveringthe serviceatall. ValueformoneyAcomparisonofthefullyburdenedcostofprovidingaservice (includingalldirectcostsplusoverhead)comparedtothecostof obtainingtheservicefroma3rdparty. 2 - 6 2 - 6 U) W LU U) LL O U) J 0 W N 2 CL 00 6 Z W CL CL a C O 70 N U (Q N 70 O O L-- C 70 ° C ca N C N L U Y � O•LD U �- U N (6 O O = 4— U) U 70 N � � U C Ln O C O > N ° 0- E 0 U U (Q C (Q 0 N .> N Q C O O (Q L N N L U N U 0 C 0 0 U Q 3 O 4- N L H 0 N C 70 N 70 C (Q O 70 N N a� N N N Q (D U) (D L 0) C U NC > O (D N Q � C O N U N U � N N E U N (Q U N U ~ ani o U •� (D > O N L U N U U N O N �N � U o�Q• U)UU) -0 C j Q (D E U L C O C U (J.— 0 U) a� QU)UU) J U U LL Z '� U N C O U •— L CO — N .- 0 (n.—O O L 0 C N O (Q C > -0 N N (Q U .V (Q Q N O M N � C U F U OC U ( Q (D ca a� C o � (D 0 N N LU UN C � L N N-04—�• C C ° OU O C C;� 00 (D (D O ° C ° � N (U6 U N (D U > O cn ca � (D cvn N U '> ; N (Q > (D U U (D -o N L (D U Q-0 UC O E C O O (Q O O N U U� 0 (60 O O - N N �: (D .� .(D M to N U -0 to (Q to to to (D (D N � U O � E (D OU U N - Q Q (D (D (� x U O O E �- ° Li m 70 (D (D 0 Cn=� -0 (QN 2-7 Council by Requested 2017201720172017 FutureReview up 2016 Follow 2011201220132013201320132011200720072015201420162013 201020122006201020122016 YearCompleted Maintenance Maintenance Building Sewer Maintenance Sanitary Trails and Management, Office Maintenance Storm Energy Marketing Front Council & Centre and Horticulture,Preparedness and Control ResponseProject Review Planning Contact Planning Centre Mayor Forestry,WinterEnvironmentalTraffic Centres of Section Services Emergency assessment Administration or & Enterprise Planning, Emergency DispatchOfficeWelcome Integrated RiskEquipmentFireElectionsCommunications Corporate Administration Utility a)b)a)a)a)a)b)c)d)e) Repair Legislated Division GasFleetAquaticsFireOperationsOperationsOperationsParkingTransportationFacility&BuildingSecurityCAORevenueCommunityOperations Department INSINSCSDCSDFCSINSINSINSINSINSINSCSDINSCAOFCSCSDINS 23456789 101112131415161718 Rank 2 - 8 2 - 8 Council by Requested 20172017201720172017 FutureReview up 2010 Follow 2005201320132013201320132013200720132014200820112015 2016201420142015 YearCompleted Maintenance Placements competitions Turf led Intern Development and Sanitation & competitions and and led op Design Nepotism HR Department Co Sportfields Administration 1 2 3 Education and Space Services Maintenance Planning Phase MaintenancePhase Phase Public Open Pensions Equipment & and and Concrete Resource ParkRoadsEnvironmentaland Technology Services Transparency Section security Development assessment and Arenas or Resources Projects Enforcement Prevention RiskRecruitmentAccommodations Recruitment ITMarketHiring Recruitment CyberVehicle Benefits and law a)b)c)a)a)b)c)d)e)f)g) By Division InformationOperationsEngineeringOperationsCemeteriesAudOperationsProgramGolfCustodialOperationsEconomicFireHuman Department FCSINSINSINSCSDCSDINSCSDCSDCSDINSINSCAOCSDFCS 192021222324252627282930313233 Rank 2 - 9 2 - 9 Council by Requested 2016 FutureReview up 2013 Follow 20102016201520112012201020112012 200820102010201420142014 annual YearCompleted Bi Administration Cards Expenses Reimbursement Services Section Cash Resources Crib Planning or Services ManagementDevelopment Services SupplyToolDepositsPurchasing StoresEmployeeParking PurchasingPetty Administration Administration Administration a)b)c)d)a)b)c)d)e) Division SupplyLegalINSPlanningFCSAssetSportAccountingVolunteerFinancialCSD Department FCSFCSINSCSDFCSINSCSDFCSCSDFCSCSD 3435363738394041424344 Rank 2 - 10 2 - 10 REVIEW SERVICE PLAN INTEGRATED 183 16 FCS 2017WORK 2 - 11 efficient protect & procedures to źƓƷĻƩĻƭƷƭ Reviews policy, ğƓķ effective adequate with are ğƭƭĻƷƭ are Service of /źƷǤ͸ƭ loss operationscontrolscompliance ƷŷĻ from Goal legislation ƦƩƚƷĻĭƷ EnsuringEnsuringassetsEnsuringand ƚƷŷƩƚǒŭŷʹ••• 2 - 12 years based review on six the last review over of based corporate work for ofapprove date to Process created only reviewed and services priorities, plan allprogram plan Plan areas required budget work Council work service list, prioritize Work consistent Audit all to expense review Committee risk, ProcessonprioritiesOngoing, ServiceprioritizedEnsuresAuditInternal ••••• 2 - 13 consultants controls capacity of clarification delivery money Priorities ΑƩƚƌĻƭ assessment, ΑǞƚƩƉƌƚğķͲ for ΑƭĻƩǝźĭĻ ΑƩźƭƉ utility comprehensive ΑǝğƌǒĻ gas Space Council Enforcement and Security Open law WaterByParkEngineeringCyberOperations •••••• 2 - 14 Plan money for capacity Work money capacityValue Review for of assessment 2) ValueProcess,Process, of 1 approval: Audit (page gas)Risk your 2016)Comprehensive & For MaintenanceProcess from (water standardsWorkload, Internal ΑĭƚƓƭǒƌƷğƓƷƭ Α!ŭŭƩĻŭğƷĻƭΑźƓƷĻƩ Reviews: AreaType ΑğķƒźƓźƭƷƩğƷźƚƓ ƌğǞΑtƩƚƦĻƩƷǤ 2017 Audit Service Revenue(continuedEngineeringFireByOperationsOperationsKitchenerUtilities 2 - 15 Plan controls duties of Work Review of assessment, required 2) ComplianceSeparationCountverificationAs of 2 approval: Audit (page SecurityRisk your For Activity Internal Investigations ĻĭŷƓƚƌƚŭǤΑ/ǤĬĻƩ profiles InternalAudit Audits: Inventory AreaType 2017 Cash Α ƭĻƩ Audit Controls InformationPettySAP Recurring PhysicalConfidential 2 - 16 FCS INS, Plan FCS plus: plan Work work capacityFCS ReviewResources delivery, Audit of information ProcessCSD,Serviceprocess Internal Review the co your of 2 all For least areas Includes AdministrationProcess, ΑźƓƷĻƩƓƭŷźƦƭğƓķ focus Service 3 {ƷƩğƷĻŭǤΑğƷ Pensions ƷğƦĻͼ Phase and ͻƩĻķ AreaType 2017 placements Service NeighbourhoodpriorityBenefitsRecruitingop 2 - 17