We're now part of the York & North Yorkshire Combined Authority

2013 25 March

Introductions and Apologies

Minutes of the meeting held on 6 December 2012
Notes of the meeting held at the Offices of the Police and Crime Commissioner, Barker Business Park, Melmerby on 25 March 2013.


In the Chair:                Erica Taylor, JP (ET)

Members:                     David Portlock (DP) and Michael Wilson (MW).

Officers:                       PCC Julia Mulligan (JM); CFO to PCC Judith Heeley (JH); Temporary Chief Constable Tim Madgwick (TM); Chief Officer of Resources, Joanna Carter (JC); Chief Accountant Jane Palmer (JP); Head of Internal Audit Neil Rickwood (NR); Internal Audit Manager Michael George, External Audit Senior Manager (Mazars) Rochelle Tribe (RT).


Apologies were received on behalf of Head of Organisation and Development Gary Macdonald and Cameron Waddell of Mazars.

ET welcomed the two recently appointed members of the Joint Audit Committee (JAC), David Portlock and Michael Wilson.


Subject to the following updates, the minutes of the JAC held on 6 December were approved as a true record.

Minute 8:

ET enquired what progress had been made against Time Off in Lieu (TOIL).  TM provided a brief update regarding the new management processes and shift system, but advised that due to major operational events such as G8 in 2013 and the Tour de France in 2014, the backlog of TOIL could not be resolved in the short term.  TM suggested a progress report be provided to the September JAC which will allow time for time the new shift system to be established and for the report to be in context against the Winsor 2 Review.


That a TOIL progress report be scheduled for the JAC scheduled for 23 September 2013.

Minute 14: 

JM advised Members that since the last meeting there had been a major review of the Commissioners decision making process and provided a short presentation to explain the new process and meetings structure and how these will feed into the JAC, the Police and Crime Panel, and in contributing towards delivering the Police and Crime Plan.

In regard to JAC having sight of Decision Notices, Members confirmed that their responsibility was to ensure that the correct checks and balances were in place for the Decision Notices, rather than actually having sight of them.  JH confirmed that the decision making structure will be incorporated into the draft Annual Governance Statement which the Committee will have sight of in June.

Minute 15:

ET enquired if there were any further applicants to the JAC.  JM responded that following the recent appointment of DP and MW, further recruitment was due to take place.  The minimum number of Members required is 3 and the maximum is 5, but JM explained that she seeks to appoint further Members to ensure that any meetings are quorate.  It was also confirmed that induction training will be provided to new Members of the Committee.


  • That Induction Training be provided to the new Members of the Committee.
  • That JM will keep the JAC Members updated in regard to the progress of any new appointments.


JC provided a verbal update on petty cash, advising that wherever possible petty cash was being reduced or removed entirely and that dip sampling was taking place by JC to ensure transactions are appropriate and correctly recorded and processed.

In regard to the summary for the NHS report ‘Taking it on Trust’ DP asked if NYP had compared their internal control mechanisms to other forces?  JH and JC advised that this would be undertaken as part of the internal review for the Annual Governance Statement.

There were 2 other matters arising, the NHS report ‘Taking it on Trust’ and an update on petty cash, which Members would be updated on as agenda items.


In response to DP seeking clarity why the current pension costs fall under the Chief Constable and past pension costs fall under the Commissioner, JC explained that as Chief Constables have become new corporations sole in addition to the Commissioner (previously the Police Authority was the body corporate) previous pension costs would stay with the Commissioner for consistency and new and current pension costs would come under the Chief Constable as the new corporate sole.

RT commended the North Yorkshire decision making process in comparison to other forces, adding that the format for the accounts was well supported and evidenced.

RESOLVED – That the approach to be taken in preparation for the 2012/13 accounts, including the draft accounting policies, be approved.


The report provided Members with the progress to date in achieving the Audit Plan which is due to be completed on schedule.  Members discussed the various audit report summaries, in particular the Regional Procurement Report and raised concerns regarding the internal controls, value for money and additional bureaucracy.  MG confirmed that Regional Procurement will be reviewed twice more during 2013/14.

JC requested notice of the Internal Assurance Bodies audit report and to be consulted on the feedback for cultures and behaviour.

RESOLVED – That the progress made is noted.


The report of the Internal Audit to set out the approach for delivering assurance to the Chief Constable and Commissioner.  DP had several detailed points which required clarity, he agreed to contact NR separately to address these.  ET recommended that Internal Audit provide a short presentation of the strategy to the next meeting of the JAC.


  • That the Internal Audit Strategy be noted;
  • That DP contacts NR separately to the meeting to receive clarification on his queries;
  • That Internal Audit provides a short presentation to give an overview of the Strategy to the   JAC on 4 July 2013.


The report of the Internal Auditor to set out the plan for 2013/14.  Members noted the report and made no further comments.

RESOLVED – The Internal Audit Plan 2013/14 was noted.


ET enquired on the progression of the Chief Constable appointment process.  JM confirmed that the selection process will take place on 16 April and the preferred candidate will be recommended to the Police and Crime Panel on 25th April.

DP emphasised that it was not the role of the JAC to scrutinise the decisions made by the Commissioner, but to ensure that the frameworks and procedures for the decision making process are in place.


There were no items to note.

TM welcomed the new members of the JAC and the added value and purpose of their role.


The report of the Internal auditors to provide an update on Internal Audit recommendations.  The Board discussed the recommendations for Additional Allowances, it was felt there is a better process in place but improvements could still be made, such as encouraging the use of pool cars.

RESOLVED – That the report is noted.


Members confirmed that they would find an External Audit progress report to each meeting of the JAC beneficial.  DP enquired if the correspondence to the Commissioner and Chief Constable from the External Auditors outlining their fees for 2013/14 could be circulated to JAC Members, which was agreed.


  • External Audit to provide a progress report to each future meeting of the JAC;
  • That the correspondence providing the External Audit fees for 2013/14 be circulated to JAC members.


As this will be JH’s last meeting, on behalf of the Joint Audit Committee ET expressed her thanks to JH for all her help, support and the contribution she had made to the establishment of the Joint Audit Committee.


The next meeting of the JAC will be 10am Monday 24th June at the Office of the Police and Crime Commissioner, Melmerby (subsequently changed to 10am Thursday 4 July).

Matters arising




Report on the NHS paper “Taking it on Trust” to be presented to the next meeting Summary attached at Appendix A
Update on property other than found Included in item 8
Update on petty cash Verbal update to be presented
Complete review of governance arrangements to be included in the Annual Governance Statement Draft Annual Governance Statement to be presented to the next meeting of the Committee

Review of Accounting Policies


To review the accounting policies to be used in preparation of the Statement of Accounts for 2012/13.


The Police Reform and Social Responsibility Act 2011 established both Police and Crime Commissioners and Chief Constables as corporations sole.  This differs from the previous arrangement where the police authority was the body corporate and a single set of accounts in the authority’s name was prepared.

The accounts are prepared in accordance with the Chartered Institute of Public Finance and Accountancy (CIPFA) Code of Practice on Local Authority Accounting in the United Kingdom, supplemented by additional guidance set out in CIPFA’s Local Authority Accounting Panel Bulletin 95.

The Code indicates that Group Accounts will need to be prepared by the Commissioner, with the Chief Constable corporation sole accounted for as fully controlled subsidiary.

There are a number of decisions which need to taken in respect of preparation of the accounts, and CIPFA recommends that these be discussed at an early stage with the external auditor.

Detailed information on these issues, together with the proposed accounting treatment and draft accounting policies for both the Commissioner and the Chief Constable, are set out in the attached appendices


That members of the Audit Committee endorse the approach to be taken in preparation of the Accounts for 2012/13, including the attached draft accounting policies.

Internal Audit Progress Report


The report sets out the progress made to date in achieving the Audit Plan.


This Progress Report monitors delivery of shared Internal Audit services.  The service is shared with West Yorkshire Police and Commissioner’s Office and Humberside Police and Commissioner’s Office.

The 2012/13 Audit Plan is set out in Appendix A.  Table 1 summarises the progress against the plan.

Table 1: Summary of Progress

STATUS OF AUDITS        March 2012



Final Reports with Response Received


Final Reports – Response awaited


Final Reports – No Response Required


Draft Reports Issued


Audits in Progress




The audits in progress are: Diversity Update, Asset Management, and Complaints Handling.  The final report issued and awaiting response is Property Compliance. Internal Assurance Bodies, and the Second Follow Up audits are reported in draft.  Two reports have been responded to since the last Committee: the Pension Scheme Transfer and Unsocial Hours.

All audits are now either reported or in progress, as such we are on schedule to complete the 2012/13 audit plan.  The Diversity Update audit is largely completed but it is not proposed that it will be reported at this time.  The Force is making progress in this area, since the Diversity Audit proper (undertaken in 2011/12), but it is not yet possible to evidence the impact of the changes that have been made.  Therefore rather then issuing a report repeating our earlier recommendations, additional time will be given until the work is completed and the audit will be completed as part of the 2013/14 audit plan.

Some resource had been allocated in the plan to take forward a priority of the Police and Crime Commissioner.  Following discussion with the PCC we have decided to add that resource in to the time we had planned to undertake the Complaints Handling audit.  This will allow us to consider this area in greater depth and also to contact complainants to assess their satisfaction with the complaints handling process.

Audit Reports are reported in summary and appendix B has summaries of the Pension Scheme Transfer and Unsocial Hours reports.  Full copies of reports are available to members of the Audit Committee, on request.

An initial audit has been undertaken, as part of the Regional Audit Plan, considering the progress being made establishing Regional Procurement.  As procurement practice is an important part of the control environment for each Force, this report is attached in appendix C.


That members monitor the progress made.

Neil Rickwood, Head of Audit

Supporting documentation

  • Appendix A – Internal Audit Plan
  • Appendix B – Summary Internal Audit Reports
  • Appendix C – Summary Regional Audit Report

Appendix A: Internal Audit Plan

Audit Status Coverage 
Follow Up Exercise One Final Report with Response Received To provide assurance that recommendations have been implemented.
Pension Scheme Transfer Final Report with Response Received To provide support regarding the transfer of data of the police pension schemes to a new provider.  In particular information relating to pensioners and existing employees, underpinning the liabilities of the Authority.
Commissioning by the PCC. Final Report, no response required. The objective of the review is to advise the NYPA on commissioning frameworks that would give assurance that the process is likely to produce value for money and demonstrate probity.
Property Compliance Final Report To undertake a compliance programme of audits of connected property stores across North Yorkshire, to provide assurance over the revised policy and resourcing of the property function.
Use of Force Training Update  Final Report with Response Received To assess compliance with Force policy in respect of use of force training, whether the training has been recorded and to review accuracy with the officers who are recorded as being trained.
Diversity Update  In Progress To assess the implementation of changes to the Force’s structures for dealing with equality and diversity.
Contract Standing Orders Compliance Update Final Report with Response Received To assess compliance with the Authority’s Contract Standing Orders in respect of Force procurement activity.
Credit Card Use Final Report with Response Received To audit the use of corporate and covert credit cards.
Asset Management In Progress To review the processes the Force has set up: from prioritisation and establishing of need, asset recording and allocation, maintenance and replacement.  Depending on outcome of 2011/12 Corporate Budget Audit, it is suggested that the focus may shift more onto asset & physical security, insurance etc.
Follow Up Exercise Two Draft Report To provide assurance that recommendations have been followed up.
Complaints Handling In Progress To undertake dip sampling of complaints, including from the point that the complaint was made.  The timeliness of complaints handling and compliance with IPCC Guidance and Force Policy will be evaluated. Feedback will also be sought from complainants to determine their satisfaction with the process.
Internal Assurance Bodies Draft Report To review the bodies within the Force charged with providing an assurance function to the Force, eg the Delivery Unit and Information Management.  The purpose being to see what reliance can be placed on their work which includes benefits realisation of the change programme and data quality audits, as well as how their work does/can fit together with Internal Audit to provide assurance.
Unsocial Hours Final Report with Response Received To provide assurance over the proposed arrangements to commence paying an allowance to police officers for unsocial hours.
Petty Cash Final Report with Response Received The objective of the audit is to undertake a risk based, systems audit of the Authority and Force’s use of credit cards, both covert and non-covert.

Appendix B: Summary Audit Reports

Unsocial Hours

Part 1 of the Winsor Review introduced an Unsocial Hours Allowance for all federated officers, i.e. constable to chief inspector. The supplement is 10% of officers’ basic pay, for any hours worked between 8:00pm and 6:00am on any day of the week.

Until the 1 January 2014, forces have been able to pay officers a fixed monthly amount, as an interim arrangement. The Force has been paying officers a fixed monthly payment since the 1 April 2012 and is planning to pay actual hours from January 2013.

This review was commissioned by the Force to provide assurances over the planned process for paying actual hours. Internal Audit undertook a number of tests in order to ensure the accuracy of the payments being made.

Base Data

Checks were made to ensure that the key report that will be utilised for the payment of unsocial hours, was complete and accurate.

The Duty Management System (DMS) report utilised by Payroll has been filtered to exclude a number of duty codes, where an officer would not attract a payment, for example when an officer is on maternity/ paternity leave. In order to ensure that the filtered report was including all applicable transactions, Internal Audit tested a number of transactions. This process identified a very small number of exceptions which had already been picked up on by the Payroll Manager and these are currently being investigated. These exceptions should be resolved each time the Payroll is run.

Payroll Output

As the Force has yet to commence paying actual unsocial hours, Internal Audit obtained an unsocial hours output report from the Payroll Development System and sought to ensure that these payments were correct, based on comparisons with the base data.

Authorisation of Payments

The Force requires officers to notify the Resource Management Unit (RMU) of any changes to their rostered hours, this includes both overtime and changed hours. To ensure that unsocial hours payments are being duly authorised where applicable (for example, hours worked as part of an officers rostered tour of duty), a sample of transactions was selected and checks made to ensure that an authorised Duty Change Notification was available. Evidence was found of more senior officers making this change on their own account.

Changes to Basic Pay

Internal Audit examined the planned process for ensuring that changes to basic pay also amend any unsocial hours payments made, as appropriate. It was identified that when an increase is applied on the Payroll system, such as an increment or promotion, the system requires the effective date to be entered, which then triggers retrospection if this date occurs in the past. This ensures that any payments made within the affected period (that are based on basic pay), including unsocial hours, will then be recalculated and a back payment made automatically. This process was verified on the Payroll Development system.

It was also identified that duties can be amended on the DMS at any point, even once a payment has occurred as a result of that duty. As a result, Payroll will need to undertake a series of open ended checks of historic data, in order to identify if any amendments are required. It is both burdensome and inefficient for Payroll to undertake checks for an indefinite period, however some checking is required, in order to identify any changes that could affect an unsocial hours payment already made.


Duties should be reminded not to process any changes that would lead to an unsocial hours payment being made, without receiving an appropriately authorised Duty Change Notification.

The Force should risk assess the requirement to re-examine unsocial hours payments made, in order to identify how many previous months it is prudent to review, in case of subsequent duty changes, i.e. sickness, time off in lieu and overtime etc.





Effectiveness of Risk Management Approach


Based on the tests undertaken as part of this review, Internal Audit are able to provide reasonable assurances that the process that has been put in place to ensure the accuracy of unsocial hours payments will be effective.

Efficiency of Risk Management Approach

No comment is made on the efficiency of the management approach, as the audit primarily focussed on the accuracy of payments.

Assurance Level

2 – Reasonable Assurance

Overall Risk


Pension Scheme Transfer

The pension scheme provider for Police Officers was transferred from Greater Manchester Police (GMP) to Mouchel, on the 1April this 2012. Processes remain largely similar, with Mouchel undertaking the administration of the scheme. This includes the provision of pension estimates and the calculation of pension payments and commutations, following authorisation from North Yorkshire Police Payroll Department.

At the time of the transfer, Mouchel used the same software as GMP, the AXISe system provided by Heywood. Since the transfer of the scheme, Mouchel have changed onto the altair system, which is an upgraded version of AXISe.

The transfer of North Yorkshire’s pension data from GMP to Mouchel was undertaken by Heywood, who have standard routines to extract the data. This process was directly handled by Heywood and Mouchel. Heywood ran membership totals both before and after the transfer of data, in order to ensure that all of the member records had successfully moved across. Mouchel has provided Internal Audit with details of the membership totals, showing that the figures matched post transfer. The Head of Payroll was also provided with informal assurances that the transfer process was handled correctly. However, the reconciliations undertaken by Heywood only confirmed that the same number of members, records and documents were present after the transfer. Their checks did not seek to ensure that the actual data that had been transferred across was the same. Given the pension payment amounts involved and the fact that no checks were made on the accuracy of the underlying standing data, Internal Audit would recommend that formal assurances are obtained from Mouchel, to confirm that the transfer process was handled appropriately and that complete and accurate member records were transferred across.

Prior to the changeover from GMP to Mouchel, a period of parallel running was also undertaken, whereby Mouchel ran the pensioners payroll on their system for the March and April payments. Mouchel then compared their output to the actual payroll undertaken by GMP and any differences were identified and explained. The final result was that all of the entries balanced.

In order to ensure that standing data was transferred across accurately, Internal Audit selected a sample of thirty Officers and checked that the information held by Mouchel was correct, by verifying records against those held by the Force. It was found that there were errors in five cases, two of which were a Payroll error (they had recorded the wrong date of birth, Mouchel had the correct date) and three were errors unaffected by the transfer process. In two out of these cases, the errors would have resulted in a very minor financial difference, when calculating these individuals pension payments/commutation. However, none of these errors occurred as a result of the transfer process, as Internal Audit has been able to confirm that these records, where applicable, were also incorrect under the previous pension scheme provider.

In addition, five pension payments and commutations calculated and made since the 1 April were also selected. This accounted for 28% of all retirements undertaken at the time the testing was undertaken. These calculations were re-performed and compared against the payments actually made, in order to provide assurances that payments are being calculated correctly under Mouchel. Payments sampled were all found to be correct.

Payments made by Mouchel directly from the Authority bank account were also examined. Mouchel process the monthly pension payroll by BACS. These payments are approved by the Payroll department. Mouchel provide Payroll with the total amounts to be paid and this is supported by a net payroll report. However, whilst Payroll reconciles the net payroll amount to this report, they do not verify any differences in the payroll amounts on a month by month basis. Given the payment amounts involved, Internal Audit would recommend that Payroll identify any new pensioners and leavers on a monthly basis, to verify that these are correct.

Overall, Internal Audit can provide reasonable assurance that the main risks considered in relation to the pension transfer, are being effectively managed. Whilst the transfer of member records did not ensure the accuracy of the data that was transferred, the sample of records checked by Internal Audit, do not suggest any cause for concern.


NYP should request formal assurances from Mouchel to confirm that the transfer process was handled appropriately and that complete and accurate member records were transferred onto their systems.

Payroll should investigate the possibility of Mouchel providing a report that would detail key information held against each member of the Police Pension Scheme. If provided, this information should then be compared against HR and Payroll records. Internal Audit could assist in the comparing of this data.

Payroll should check the monthly pension payroll amount, by verifying any additional/excluded payments on a monthly basis, i.e. new pension payees.




Effectiveness of Risk Management Approach


In a small number of cases the records held by Mouchel or the Force are incorrect, although these instances have not occurred as a result of the transfer process. However, as no reconciliations were undertaken to ensure the accuracy of member records, Internal Audit would recommend that Payroll carry out further checks, to ensure that the standing data was transferred to the new pension provider appropriately. Pension payments/ commutations were found to have been calculated accurately.

Efficiency of Risk Management Approach

The transfer of member records was directly handled by Heywood in consultation with GMP and Mouchel. The Force had no involvement in this process and therefore no comment is made with regards to the efficiency of the approach.

Assurance Level

2 – Reasonable Assurance

Overall Risk


Appendix C: Summary Regional Audit Reports

Regional Procurement Report

Procurement is an important function within each Force, contributing towards the internal control environment, providing assurance regarding probity and value for money.  Evidence of its continuing effectiveness is therefore important to each Force and also the Police and Crime Commissioner.  When procurement was delivered in each Force, assurance was obtained through direct line management of the procurement team, with procurement delivered regionally a different approach is required.

Regional Procurement need to define what the work that they do, to a greater degree than was necessary previously.  This is to ensure there is a common understanding of their role in each Force; in order that assurance can be obtained that they are dealing with matters and to avoid any duplication of effort with that Force.

Regional Procurement are putting their plans together whilst delivering business as usual with an overall reduction in the number of staff available.  At the outset of their operation they are not able to benefit from running joint procurement as they are still in a transitional stage towards this end.  However the need to establish which internal controls Regional Procurement will exercise and which will be handled locally is of key importance to the control environment and needs to be addressed as a priority.

Progress is being made with category management and early versions of category strategies were reviewed.  Category management depends on co-operation between each of the Forces and it is suggested that Regional Procurement need to develop a Client Management approach in order to understand the positions of each Force, as a whole, in order to facilitate joint procurement.

Whilst compliance with EU legislation and Regional Standing Orders remains the responsibility of each Force, Regional Procurement has a key role to play in this process. This role needs to be defined in order that each Force can ensure their processes and Regional Procurement’s are harmonised.  A control failure in the procedures between a Force and Regional Procurement represents a significant risk to financial control.

Regional Procurement has established a range of measures of its performance.  It is suggested that the most important of these relates to the savings that Regional Procurement have contributed to/achieved through joint procurement.  The approach to defining savings is based on OGC guidance and depends on a reduction in the budget being made following the identification of a saving in respect of: an improved deal, aggregating demand, reducing transaction costs or improved contract management.

The reduction in the budget is important as it ensures that the saving has led to reduced expenditure in future.  However, the reduction in the budget depends on the Force concerned making the change to the budget.  The process to recognise savings and to submit them to Regional Procurement could also be seen as imposing a requirement on a Force to produce information that supports the performance of a Regional function, rather than necessarily being relevant to them.  It is suggested that this process is reviewed to ensure that it is better aligned with local processes to encourage greater take up in each Force.

Given the stage of implementation no overall audit opinion is given and the risks have not been formally assessed.  It is intended that this will take place once there is sufficient evidence of implementation to gauge the risk exposure to Forces in the Region.  Progress is being made, but Regional Procurement need to clearly set out – in conjunction with each Force – respective roles in the internal control processes used to buy goods and services.  Without such clarity there is a significant risk of inappropriate expenditure being incurred.


Regional Procurement should continue to define how they will operate, providing detail to allow stakeholders to determine whether the approach is likely to be effective.  Regional Procurement should define the controls that they will be responsible for in liaison with each Force to ensure that relevant risks are managed and there is no unnecessary duplication of controls.

Consideration should be given as to how Regional Procurement will be able demonstrate broad service coverage.  It is suggested that this could be accomplished through simple time recording. A record could be maintained of time on site of each client, time spent on each Force procurement, time spent on Joint Regional Procurement.  This information can be used to justify existing charging mechanisms or to revise them.

Regional Procurement should consider implementing a client management regime alongside their category management structure.  This could be taken forward with a SPOC for each Force, who would ensure that each client’s satisfaction is maintained.

Consideration should be given to updating the Regional Standing Orders with how other factors will be treated in any tender evaluation.  This would be to define them in the same broad terms as cost factors are currently dealt with.

Regional Procurement should review its approach to dealing with any non-procurement responsibilities it may have acquired through taking over local procurement functions and ensure that they are consistent with fulfilling its responsibilities to provide a regional procurement function.

Regional Procurement should work with Humberside, South Yorkshire and North Yorkshire Police to facilitate greater involvement in the savings capture process.

Consideration should be given to amending the process to align it to existing processes to reduce the administrative burden and increase the reliability of the information used.

Consideration should be given to whether alternative performance measures may be more informative than the ones currently used.

Internal Audit Strategy


To set out the approach of Internal Audit in delivering assurance to the Police and Crime Commissioner and Chief Constable.


The Internal Audit Strategy sets out the approach used by Internal Audit to determine the Internal Audit Plan.  The annual audit programme will then provide an independent opinion and appropriate assurances on the internal control environment.

Internal Audit are responsible for the provision of Internal Audit to both the Police and Crime Commissioner and the Chief Constable in their capacity as separate legal persons.

It is recommended in the Financial Management Code of Practice that each organisation be served by a shared Internal Audit service; in order to minimise duplication and bureaucracy and to maximise value for money.

The Internal Audit service continues to be provided by the same staff in an agreement with the Office of the Police and Crime Commissioner for West Yorkshire.  Efforts are underway to construct a proposal that the service will in future be delivered by a jointly controlled consortia between the Commissioners and Chief Constables of North Yorkshire, West Yorkshire and Humberside.


Members to consider the Internal Audit Strategy.

Neil Rickwood, Head of Audit



Apportionment: 50% Systems Assurance, 25% Op Assurance, 25% Capital/Maintenance

The Internal Audit Strategy (incorporating the Audit Charter) establishes the methodology used to determine how Internal Audit will provide assurance on the internal control environment for the Police and Crime Commissioner (PCC) of North Yorkshire and the Chief Constable of North Yorkshire Police. This document outlines the strategy to be used to create the audit plan that provides those legal persons with assurance.

The strategy acknowledges that there are some specific audit requirements of the PCC, in addition to the assurance provided by internal audit reviews of the Force.

The planning process is risk based, meaning that it is based on the risk assessments of the Chief Constable and the PCC. The plan is also based on areas of concern identified during previous audits, and discussions with Officers and staff within the Office of the Police and Crime Commissioner (OPCC) and the Force.

Outputs of Strategy

The main aims of the strategy are to put into place arrangements whereby:

Internal Audit will support the PCC and the Chief Constable by providing them, the Chief Finance Officers and the Audit Committee with reports and any significant findings in relation to the adequacy and effectiveness of the internal control environment.

Internal Audit will contribute to the Annual Governance Statements for both organisations.

Internal Audit will provide management with recommendations resulting from audit work which are intended to improve the internal control environment.

Internal Audit will co-operate effectively with the External Auditors and other review bodies.  This will include co-operation in relation to any audit and inspection requirements agreed as part of regionalised work programmes.

Internal Audit will deliver the audit programme in accordance with the required professional standards.

Statutory Basis 

The current legal basis for the provision of internal audit services is the Accounts and Audit (England) Regulations 2011 for Local Government.  These regulations state that, “a relevant body must undertake an adequate and effective internal audit of its accounting records and of its system of internal control in accordance with the proper practices in relation to internal control.”

The Chartered Institute of Public Finance and Accountancy’s (CIPFA), Chartered Institute of Internal Auditors, Department of Health, Welsh Government, Department for Finance and Personnel (Northern Ireland), HM Treasury and the Scottish Government have come together to issue the Public Sector Internal Audit Standards.  These become effective from 1 April 2013 and replace the CIPFA Code of Practice for Internal Audit in Local Government in the United Kingdom 2006.

The Standards provides a definition of internal auditing:

“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations.  It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.”

The Home Office Financial Management Code of Practice recommends that PCCs and Chief Constables have a shared internal audit service to cover both bodies, and that the Accounts and Audit Regulations 2011 place a responsibility on both the PCC and the Chief Constable to maintain an effective internal audit of their affairs.

Independence of INTERNAL AUDIT

To be effective, Internal Audit must operate independently and have unrestricted access to all information relevant to the functions of the Chief Constable and PCC which is necessary in the course of our work. In practical terms, this means that auditors should have full access to all records deemed necessary, including information held by or managed by third parties. The Financial Regulations in each organisation provide formal authority for such access.

Internal Audit staff have a right of access to all employees and agents of the Office of Police and Crime Commissioner and Force, including direct access to the Chief Constable and PCC.

The independence of Internal Audit is achieved by reporting in its own name, ensuring that all auditors are free from conflicts of interest and have no direct management responsibility for the development, implementation or operations of systems.


In order to form an opinion on the Internal Control Environment it is necessary that Internal Audit has sufficient coverage of how the organisation is managing its risks.

The allocations of days are divided to acknowledge that the majority of audit days are allocated to provide assurance to the Chief Constable, and through that to the PCC. Internal Audit will also be providing specific assurance on certain activities that are unique to the PCC, such as commissioning services. It is intended that the audit plans will provide reasonable assurance on all significant functions that are the responsibility of the Chief Constable and the PCC within a specified time frame.

The table below shows an estimated allocation of days for North Yorkshire Police and the Office of the Police and Crime Commissioner (OPCC), by the type of audit.  It is proposed that Internal Audit will continue with a Joint Audit Plan, but with a clear lead or sponsor for each piece of work in the Force or OPCC.

The bulk of the audit plan continues to be risk based, with a stable level of resources devoted to work on the financial systems and follow up activity.  Proactive support continues to be important allowing Internal Audit to flexibly support organisational change, as it happens.

Audit Days 2013/14



Total Days


Provision of advice, audit planning, committee reporting, progress meetings, external audit liaison, internal control evaluation and annual opinion drafting.


Audit Days

106 (50%)

Risk Audit

50 (24%)

Financial Systems Audit

12 (6%)

Follow Up Audit

44 (21%)

Proactive Support

Comprehensive Coverage

Below are listed the different types of audit work that make up the audit plan.  In drawing up the plan we have been mindful of the following:

  • The needs of the separate legal entities of the OPCC and Chief Constable;
  • The need for the PCC and Chief Constable to have assurance over their own organisation; and
  • The need for the PCC to have overarching assurance over the Force.

We also seek to gain coverage of a range of areas to ensure that we have a comprehensive picture of internal control.  Therefore whilst the bulk of our work will be aimed at achieving assurance over the underpinning systems relied on by the Force and Commissioner, we will also seek to specifically consider elements of assurance that are important operationally and also assurance over expenditure related to assets or their maintenance.

Assurance Mapping

An effective assurance mapping process will allow Internal Audit to establish the areas that the Force and PCC already scrutinise to enhance the audit coverage and improve its ability to assess the internal control environment. It will also help to minimise the duplication of work within business areas, as two set of reviews into the same area are unlikely to be undertaken.

Internal Audit will review annually the areas of assurance provided by the Chief Constable, to ensure that reliance can still be placed on these systems of internal control.

Risk and Systems Audit

CIPFA require that the internal audit function be risk based and should rely on the organisation’s assessment of risk, if deemed to be sufficiently reliable. Internal Audit will also consider other significant risks that do not currently appear on the risk register, to provide assurance to the PCC and Chief Constable that they continue to be well managed.  These risks will be based on Internal Audit’s knowledge of risks in the Police service. It allows areas no longer appearing on the top of the Corporate Risk Register to be considered and supports an assessment of the effectiveness of the risk management process.  These will be in addition to Financial Systems audits, listed below.

Audits are therefore taken from Corporate Risk Registers and the scope will be to review all or part of the risks identified.  These risks will be supplemented by the risks identified by management, as the risk management process matures.

All risks will be considered.  In deciding what will be subject to a review Internal Audit shall consider:

  •       Coverage by other internal or external assurance bodies, including the timing of previous internal audits;
  •       The degree of scrutiny already in place;
  •       Management concerns;
  •       Significant local and national issues;
  •       Perceived irregularity; and
  •       Whether Internal Audit could add value by providing assurance in particular areas (for example where a particular technical competence would be required).

Financial Systems Audit

The main financial systems of the Force may not always appear on Risk Registers, as they will typically be considered to be operating effectively, therefore not requiring any special attention from management.  However, these systems underpin the financial management of the Force and therefore allow it to be operationally effective, and they are therefore given prominence in internal audit coverage.

Coverage of the main financial systems also allows External Audit to place reliance on those systems and thereby expedite the External Audit of the Chief Constable and PCCs Financial Statements.

Internal Audit will cover the main financial systems each year, either by undertaking a cyclical comprehensive review or by annual compliance testing.

Cycle of Reviews of Main Financial Systems









1 in 3




1 in 5



1 in 3




1 in 4

Treasury Management


1 in 4


Fixed Assets


1 in 4

Financial Management


1 in 4

The cycle is subject to annual review based on any change in risk factors in the systems to be reviewed.  For example the introduction of new financial systems, staff turnover, identified control failures and previous findings from the annual central systems testing.

Follow Up Audit

The follow up of agreed recommendations is an important part of the assurance function of the Internal audit, communicating that actions being relied upon to address particular weaknesses have in fact been taken. This involves obtaining evidence of compliance or substantive improvement, depending on the recommendation that was made.

The approach involves following up recommendations classed as significant or fundamental.

Value for Money Audit

Value for Money studies are designed to review the efficiency, effectiveness and economic use of resources in specific areas. Value for Money considerations are also incorporated into systems reviews.  These audits are decided on following consultation with management and the PCC.

The exact nature of a Value for Money study depends on the nature of subject and the availability of information about resource deployment and use.   A value for money study involves the consideration of whether the outputs from an activity are in reasonable proportion to its cost.  This may involve benchmarking with similar services, considering alternative means of service provision or critically evaluating whether the service is necessary at all.  It may also consist of looking at resourcing of the activity and whether there is evidence of underemployment or excessive demands on the activity.

Risk Management/ Governance Audit

In order to form an opinion on the internal control environment, the Internal audit need to consider aspects of governance and risk management processes of the Chief Constable and PCC.

Proactive Work

Proactive work relates to the provision of advice on control issues and projects in relation to new or changing systems.


Irregularity work relates to the investigation of any instances of suspected irregularities, loss, theft etc. The audit work is essentially reactive and variable dependent upon circumstances.  No contingency is made for such work and a decision will be made with the PCC and Chief Constable as to what work will be substituted on the audit plan should such work become necessary.

Internal Audit will also report to management any systemic weaknesses identified as part of any investigative work, with the intention of preventing a re-occurrence of the incident.


The output of Internal Audit primarily comprises:

  •       Audit reports for each individual assignment
  •       Follow up reports to report whether recommendations the Chief Constable and PCC considers it has discharged have in fact been implemented
  •       Irregularity/ Investigation Reports
  •       Progress reports submitted to the Audit Committee
  •       An Internal Audit Annual Report

Audit assignments will be the subject of formal reports.  Initially a Draft Report will be issued and its factual accuracy will be discussed and confirmed at a post audit meeting.  Reports will identify insufficiently controlled risks and will recommend actions to address these areas.  Once the factual accuracy of a report has been agreed a Final Report is issued for a management response.  Agreed actions and deadlines are required against the recommendations made in the report.

Each audit is rated with one of the following categories and these are based on a judgement of internal control in respect of the systems examined.  This is therefore a relative judgement:




Reasonable assurance can be provided that the main risks considered are being effectively managed; action may still enhance the management of risk in a small number of areas.  In addition the Internal audit has identified that the approach taken to address risk as representing good practice in this area.


Reasonable assurance can be provided that the main risks considered are being effectively managed.  Limited management action may be required to address a small number of significant issues.


Limited assurance can be provided that the main risks considered are all being effectively managed.  Significant management action is required to address some important weaknesses.


Inadequate assurance can be provided that the risks identified are being effectively managed.  Significant weaknesses have been identified in the risk management action, these are likely to involve major and prolonged intervention by management.  These weaknesses are such that the objectives in this area are unlikely to be met.

Reports rated as Limited Assurance or lower are reported in full to the Audit Committee.  Other reports are reported in summary unless in the opinion of the PCC or Chief Constable they warrant reporting in full to better inform the Committee.

The Head of Audit prepares an Annual Report which provides an overall audit opinion and a detailed analysis and commentary on the internal control environment.  The report also provides detail on overall progress against the audit plan and the performance of the internal audit function.

Performance Management

The Standards requires the internal audit function to have a performance management and quality assurance framework in place.

Mechanisms in place include:

  •       A set of targets against which performance is measured
  •       Client feedback questionnaires issued for each audit assignment
  •       Each assignment subject to supervisory review / quality check as part of audit process
  •       Post Audit Review of audit assignments
  •       Audit Development Plan in place which is reviewed annually.
  •       Review of the system of Internal Audit performed on an annual basis.

Resources & Skills

The Internal audit comprises of 9 posts, consisting of a Head of Audit, 3 Audit Managers and 5 Auditors.

These posts have required qualifications, skills and competencies as set out in the respective Role Profiles.

Professional qualifications and ongoing professional development is recognised within the section.  All staff are either professionally qualified (CIIA / CCAB) or are currently undergoing a study programme.

Staff are also encouraged to keep up to date with current auditing developments and regularly attend courses in order that they are continuously updating their professional skills.

A formal Personal Development Review (PDR) process is in place in order that training and development requirements of staff can be regularly assessed and re-evaluated.

Budgets are made available to buy in external specialist services/ skills if required.

Professional Approach

All staff within the Internal audit are reminded of their responsibilities to maintain a professional, courteous approach with all staff subject to the audit process, and they will also conduct themselves in accordance with the Seven Principles of Public Life enunciated by the 1995 Nolan Committee.

The commitment of staff will ensure that they:

  • Notify the appropriate level of management of the scope of an audit assignment in a timely fashion, offering opportunities for the inclusion of any specific areas of concern
  • Discuss any issues found, wherever possible,  with the appropriate level of management so that any control issues can be addressed in a timely fashion
  •  Acknowledge areas of good practice in the audit reporting process
  •  Strive to be both constructive and helpful during the course of an audit assignment

Internal Audit Plan 2013/14

Commissioner’s Decisions

Commissioner’s and Chief Constable’s items

An opportunity for the Commissioner and Chief Constable to update members of the Committee on any items relevant to its Terms of Reference, particularly new or increased risks and governance matters.  To assist members in understanding the context of the Committee’s work and current relevant issues

Progress on Internal Audit Recommendations



To present to the Joint Independent Audit Committee the update on internal audit recommendations conducted by West Yorkshire Internal Audit on behalf of North Yorkshire’s Police and Crime Commissioner and Chief Constable.


i).  West Yorkshire Internal Auditors produce an annual plan of audits for North Yorkshire Police, the annual plan for 2012/13 was reported to the North Yorkshire Police Authority (NYPA) Ethics and Standards Board at the beginning of the financial year 2012/2013.

ii). The Chief Constable’s Delivery Unit input report recommendations onto the Force Risk Register and monitor compliance and progress with action owners.  Any non-compliance with audit recommendations is reported to the relevant Chief Officer Team portfolio lead.  This report is intended to assist Chief Officers and members of the Independent Audit Committee in managing delivery of their assurance role for the Police and Crime Commissioner, Chief Constable and the Public.

iii).  Since the last reporting of audits at the Joint Independent Audit Committee on 6 December 2012 there have been four new audits with 11  audits remaining live/open and five audits closed.

iv).  The status of audit recommendations is shown in summary at Appendix A.

v).  A substantive piece of work on Property Other Than Found (POTF) has been undertaken supported by internal audit.  A more detailed update on this area of work is provided below.


Update on Progress of Property Other Than Found (POTF)

i).  The POTF audit work arose from proactive identification of issues within the Harrogate property store and associated feedback to senior management.  The issues identified led to senior management commissioning a root and branch review of this property store and engaging Internal Audit Services to assist with this work.

ii).  As a result of the audit work there were 10 audit recommendations from the Internal Audit Service as part of their remit of work.  A considerable amount of work has been completed to address the issues identified from this audit.

iii). POTF remains an ongoing area of focus for North Yorkshire Police.  Further detailed on work in this area is provided below.

These include:-

  • Demand Management – The demand analysis data assisted in the identification of peak/off peak times.  As a result of this work the York store opening times have been adjusted to channel demand in order to assist with volume management and to provide a more effective service.  A booking form has been introduced that requires 24 hours notice for property release and the performance of stores are now monitored each day and with formal monthly performance management dashboards.
  • Capability management – The role of the Organisational Support Officer has responsibility for POTF in addition to other activities.  The training for POTF has been prioritised to enable greater capability and flexibility across these resources.  Service delivery is also prioritised with services to the public first priority followed by POTF activity.  Forcewide cascade briefing and training is being commissioned with key messages already underway including the revision of the POTF procedure.
  • Capacity Management – A review of resourcing levels was undertaken to assess current holding volumes, target levels and requirements to clear any backlogs.  As a result of this work temporary additional resources were introduced to clear backlog areas.  The implementation of other measures such as training, demand management and flexibility of resources has enabled the current performance levels to demonstrate a positive trend towards target levels for property stores.
  • Audit and Governance – A full process of audit checks has now been established in addition to formal monthly performance management systems.   A revised POTF Steering Group has been created incorporating senior management representation across all stakeholders.  This group will ensure that compliance and support activity is undertaken across the force and will also have responsibility for managing all closed audit recommendations.  Quality Assurance systems are in the process of being put in place and will be monitored to ensure any closed actions that have new issues are proactively identified and managed.  Development activity to further reinforce POTF performance will also be undertaken and governed by this group.
  • Service Delivery improvements – The service delivery in terms of temporary and permanent stores has now been clarified and enshrined in a revised POTF procedure.  This procedure has been extensively consulted on across the force.  A shortened review period has been introduced to reflect the level of changes within the procedure and the requirement to ensure it remains fit for purpose.
  • Systems support –  a project has been initiated to pilot the use of Niche RMS to record and manage POTF at North Yorkshire Police POTF Stores.  Two POTF Stores will trial the pilot for a four month period, to fully test the POTF process from point of seizure to disposal.  Over the next few months preparations will take place to ensure the pilot POTF Stores, staff and officers are ready for the start of the pilots in Quarter 1 2013/14.  The pilots will run until Quarter 3 2013/14, with an evaluation of their success taking place to coincide with the end of the pilot.

Update on progress of Diversity

i).  In 2012 NYP published a number of Equality objectives. These did not represent all the ongoing work in this agenda but highlighted those areas felt to be most important to the Force and the communities we serve. The objective themes were Operational Delivery, People and Culture and Organisational Processes. These were intentionally chosen to cover all aspects of the Force and, to ensure the force could effectively account for progress made.

ii).  The College of Policing have recently published their proposals on the replacement for the Equality Standard called the Equality Improvement Model. The model is intended to be used by forces as a process of continuous improvement and will be based on forces moving through baseline, integrating and excelling. The key elements for the model are also those used by NYP to set objectives and can be described as follows:

  • Operational Delivery – delivering services that are easy to access and that respond to and meet the needs of all communities.
  • People and Culture – building a working environment that includes everyone and that encourages all staff to develop and make progress.
  • Organisational Processes – building equality into the organisation’s processes and how the service manages performance.

iii).  It has been proposed through the EDHR Leadership Board that existing governance arrangements (that already reference the three key elements) are reviewed to ensure alignment with the model, exists. This will be reviewed on an ongoing basis.


 Members are requested to note the update on internal audit recommendations conducted by West Yorkshire Internal Auditors.

External Audit report