Torfaen County Borough Council - Internal Auditmoderngov.torfaen.gov.uk/documents/s38093/Appendix...
Transcript of Torfaen County Borough Council - Internal Auditmoderngov.torfaen.gov.uk/documents/s38093/Appendix...
Torfaen County Borough Council - Internal Audit
Page 1 of 20
INTERNAL AUDIT
FINAL REPORT
Resources
Gwent Archives
Audit Reference: RES-HRP-16006
Audit Scope: Key Controls
Audit Type: Systems Audit
Auditor: Arran Rosser, PIIA
Manager: Michael Corcoran, CMIIA QiCA GradICSA
Distribution List:
Nigel Aurelius
Assistant Chief Executive Resources
Graeme Russell
Head of Human Resources & Pensions
Tony Hopkins
County Archivist
Key Dates:
Date of Field Work: 14 Nov 2016
Date of Draft Report: 14 Nov 2016
Receipt of Responses: 24 Nov 2016
Date of Final Report: 19 Dec 2016
Torfaen County Borough Council - Internal Audit
Page 2 of 20
TABLE OF CONTENTS
1. Executive Summary ..................................................................... 3
2. Audit Scope .................................................................................. 3
3. Audit Objective ............................................................................ 3
4. Approach & Methodology ........................................................... 3
5. Assessment of Control Environment ........................................ 4
6. Audit Opinion ............................................................................... 5
7. Observations & Recommendations ........................................... 7
Appendix 1 ......................................................................................... 11
Torfaen County Borough Council - Internal Audit
Page 3 of 20
1. Executive Summary
1.1. A systems audit of the Council’s Gwent Archives function was undertaken in accordance with
the Operational Internal Audit Plan for 2016 - 17.
2. Audit Scope
2.1. In accordance with the agreed Planning Memorandum document, the work was undertaken to
cover the following sub systems:
Financial Reporting & Budgetary Control
Insurance
Income Collection and Banking
General Security
Reproduction of Documents
Accessions Procedure
Holding Policy Documents
Administration (Accreditation Scheme / Annual Return)
Purchase to Pay
3. Audit Objective
3.1. The objective of the audit is to independently review the system and its controls, financial and
non-financial, in order to determine whether the system and controls provide management with
a satisfactory level of internal control to ensure:
Compliance with statutory requirements and internal policies and procedures;
The achievement of stated objectives;
The safeguarding of assets; and
The completeness and accuracy of records.
4. Approach & Methodology
4.1. The following procedures were adopted to identify and assess risks and controls and thus
enable control improvements to be recommended:
Agreed objective and scope of audit using a Planning Memorandum;
Discussions with key members of staff to ascertain the nature of the systems in operation;
Evaluation of the current systems of internal control through walk-through and other non-
statistical sample testing;
Identification of control weaknesses and potential process improvement opportunities;
Discussions of findings with management by discussion of a draft audit report at an Exit
Meeting; and
Distribution of agreed final report to key officers agreed at the Planning Stage.
4.2. This report is a full report. Areas where control improvements are recommended are detailed
in Section 7. Controls which were assessed as operating as management intended are
detailed in Appendix 1.
Torfaen County Borough Council - Internal Audit
Page 4 of 20
5. Assessment of Control Environment
5.1. No High Priority issues were identified. The table below details the number of:
controls reviewed for each area within the scope of the audit; and
Recommendations made for the controls reviewed.
System No.
Reviewed
High Medium Low Total
Finding / Priority
Financial Reporting & Budgetary
Control 4 - - - -
Insurance 1 - - - -
Income Collection and Banking 4 - 2 - 2
General Security 9 - 1 - 1
Reproduction of Documents 1 - - - -
Accessions Procedure 2 - 1 - 1
Holding Policy Documents 3 - - - -
Administration (Accreditation
Scheme / Annual Return) 13 - 1 - 1
Purchase to Pay 14 - 1 - 1
TOTAL 51 - 6 - 6
5.2. Each recommendation is prioritised and the key is as follows:
High Action considered imperative to ensure the Authority is not exposed to
significant risk.
Medium Action that is considered necessary to avoid exposure to moderate risks.
Low Action that is considered desirable and should result in enhanced control or
efficiency and effectiveness
5.3. The following matters were also observed during the audit and are brought to your attention:
The buildings and contents policy does not specify the TCBC insurance responsibilities
that would arise from a document getting damaged / requiring repair following an
uninsured incident e.g. officer negligence.
No visitor authentication for the search room public access computers on the Blaenau
Gwent infrastructure.
Reviewing of a sample of Search Room users, noted 1 visitor day ticket card that could
not be located and day tickets not supported by identification.
Torfaen County Borough Council - Internal Audit
Page 5 of 20
The Terms of Acquisition contains separate sections on Deposits and Gifts. Reference to
the Archive records being accepted in good faith that the depositor is the owner or legal
custodian of the records deposited is only referenced with regard to Deposits. No check
is made upon deposit to ensure the depositor is someone with the proper authority / title to
transfer them.
Evidence for the Procurement Card payments is being held on site, but nothing is
scanned to the appropriate M:\drive folder as a result of the difficulty of being on the
Blaenau Gwent Network.
6. Audit Opinion
6.1. The audit has established areas in need of management attention with 6 of the 51 key
controls tested (12%) generating a review point and recommendation for management action.
45 Key Controls are therefore operating effectively (88%)
6.2. These control weaknesses should be addressed to deliver improvement in the control
environment, reduce the exposure to risk and provide management with greater assurance on
the adequacy of the system and its processes. All weaknesses have been allocated a priority
and management, in accordance with the stated action plan timescales, should take action.
6.3. As a result of the audit, SUBSTANTIAL assurance can be provided to management in
accordance with the following model:
OPINION LEVEL DESCRIPTION
NIL
0 – 10%
Internal control environment is weak and does not meet minimum expected standards leaving the system / process open to error and / or abuse. There is non-compliance with controls on a significant level and required controls are not present.
LIMITED
11 – 49%
Internal control environment does not meet minimum expected standards and has weaknesses which put the system objectives at risk. There is non-compliance with controls and those operating are not effective or are inadequate.
MODERATE
50 – 69%
Internal control environment does meet minimum expected standards but has weaknesses which put the system objectives at risk. There is some non-compliance with controls and those operating are not effective or are inadequate.
SUBSTANTIAL
70 – 89%
Internal control environment meets minimum expected standards, is basically sound and whilst there is reasonable assurance that the system / process is reliable, weaknesses exist which MAY put SOME of the system objectives at risk. There is some non-compliance with controls but most are adequate and operating satisfactorily.
FULL
90 – 100%
Internal control environment is sound and designed to achieve the system objectives. No evidence of controls being inconsistently applied or operating unsatisfactorily. Absolute assurance that the system / process is reliable.
Torfaen County Borough Council - Internal Audit
Page 6 of 20
6.4. The functional objectives detailed below were assessed and those consider to be ‘at risk’ of
being achieved as a result of the deficiencies in the control environment
Income is received promptly by the organisation
Records and assets are protected against loss / damage and unauthorised access.
Accessions are appropriately recorded in accordance with Guidelines
The Requirements of the Smaller Local Government Bodies Annual Return 2015/16 have
been addressed.
An official order is raised at the time of commitment, with a segregation of duties, which is
authorised in accordance with the schools delegation levels.
VAT receipts / invoices are retained in accordance with current guidelines.
Torfaen County Borough Council - Internal Audit
Page 7 of 20
7. Observations & Recommendations
7.1. Invoicing
Audit Reference: ISS.3 Priority: Medium
Issue:
Basis of sample: 19 invoices raised from April 2016
No payment had been received or reminder issued for 4 invoices over 30 days old. The payments not received by BACS check had yet to be made.
Risk:
Income may not collected in a prompt and timely manner.
Recommendation:
An invoice should be raised promptly following the provision/supply of a service and monitoring should exist on a regular basis to identify those not paid within expected timescales and which require action such as a reminder to effect payment and receipt of the income.
Management Response: Agree to recommendation and will implement immediately
Responsible Party: Admin and Finance Officer
Action Date: 24th November 2016
7.2. Income
Audit Reference: ISS.8 Priority: Medium
Issue:
Whilst all till receipt income is being banked intact, the till receipts do not identify the income source as a result of the way it is being recorded through the till (multiple items are being entered as a total rather than as individual items). It was not possible to confirm income is collected in accordance with the Charging Policy.
Risk:
Lack of management trail and income may not be maximised.
Recommendation:
There should be a system in place that allows identification of what the income was for. (i.e. items are entered into the till individually rather than as a total (i.e. 2 photocopies are entered as 2 x 40p rather than 1 x 80p)
Management Response: Officers have been instructed to enter each payment into the till individually to allow identification of what the payment was for. However it is not being consistently applied. All staff will be reminded of the need to follow procedures and periodic checks will be carried out to ensure consistency.
Responsible Party: Admin and Finance Officer
Action Date: 28th February 2017
Torfaen County Borough Council - Internal Audit
Page 8 of 20
7.3. Access Keys
Audit Reference: ISS.5 Priority: Medium
Issue:
Monitoring of the key fobs in circulation is not possible as the Building Manager periodic reports are not being received. The key safe combination has not been changed since the building was occupied.
Risk:
Unknown and unauthorised individuals may have access to the Archivist.
The key safe combination may become known to individuals who do not need to know it.
Recommendation:
Management should ensure that:
It receives regular information regarding the Archive access key fobs in circulation, questioning any issued without County Archivist approval or to inappropriate officers.
the key safe combination is changed periodically and as a minimum after staffing changes.
Management Response: To be discussed with BG. There is a difficulty at present with the landlord, BG, undergoing changes in the caretaking rota so changing the code would be unwise at this time. Agreed that the code should be changed at set intervals.
Responsible Party: Senior Assistant Archivist
Action Date: 30th June 2017
7.4. Accessions Agreement
Audit Reference: ISS.4 Priority: Medium
Issue:
Basis of sample: 7 recent accessions
No Accessions Agreement in 1 instance as the depositor left the building before it could be completed (21/06/16). An agreement was to be sent to the depositor but this has not occurred.
Risk:
Nothing formally in place between the depositor and the archives.
Recommendation:
All necessary accessions should be supported by a signed agreement, where possible completed at the time of deposit or the next earliest opportunity.
Management Response: This was a one-off which is impossible to prevent – standard procedure is to support all accessions with an signed agreement but this can be emphasised to staff to ensure its application
Responsible Party: County Archivist
Action Date: 24th November 2016
Torfaen County Borough Council - Internal Audit
Page 9 of 20
7.5. Asset Register
Audit Reference: ISS.6 Priority: Medium
Issue:
Archive Service assets are not recorded in a register.
Risk:
No true record of assets and an inability to effectively determine missing / lost assets in the event of fire, theft etc.
Recommendation:
All assets need to be detailed in a register and maintained as complete.
Management Response: Agreed – An asset register will be created for all assets over a determined level.
Responsible Party: County Archivist
Action Date: 31st January 2017
7.6. Commitment
Audit Reference: ISS.1 Priority: Medium
Issue:
Basis of Sample: 10 orders
4 orders not raised at the time of commitment:
ORDER REF DATE
RAISED INVOICE
Arch01131 10/03/16 24/02/16 Arch01124 10/03/16 01/03/16
Arch01110 20/11/15 19/11/15
RFAU002930 26/10/15 23/10/15
Risk:
The budget will not reflect the commitments and thus show a false position possibly leading to an overspend.
Recommendation:
Each order represents a commitment that needs to be reflected in the budget to ensure that it is accurate and prevent an overspend situation.
Consideration should be given to:
increasing the number of officers able to generate Purchase Orders / authorise orders to ensure that there is appropriate cover for individuals leave;
Using the “additional comments” box on the Purchase order to request the Purchase Order reference’s inclusion on the Reisswolf invoices.
Management Response:
Order Arch01131 was raised verbally whilst the Finance and Admin officer was on leave and formally upon the officer’s return. Order Arch01124 relates to a heating bill from BGCBC. Payments were halted whilst queries / problems were addressed. This year has been an exception due to circumstances beyond our control with purchase orders raised when invoiced.
Hopefully in the next financial year a ‘value’ order will be raised for the year. Order Arch01110
relates to confidential waste collection by Reisswolf. Previous Reisswolf orders were raised
Torfaen County Borough Council - Internal Audit
Page 10 of 20
verbally by our IT Manager but the lack of a collection date led to confusion when matching invoices to purchase orders so it was decided to wait until collection to input the date on the purchase order and match it with the correct invoice. I agree with the recommendation in principle and am fully aware of it and endeavour to adhere to it as closely as possible. The examples you quote all have reasoning behind them, whether correctly or incorrectly and are not mere oversights.
Responsible Party: Admin and Finance Officer
Action Date: 31st January 2017
Torfaen County Borough Council - Internal Audit
Page 11 of 20
Appendix 1
The following table details those controls assessed as adequate / operating effectively and which are contributing to the minimisation of risks within the system /
function and the achievement of its objectives.
Procedure Step: Control Objective: Risk: Expected / Actual Control:
Budget 1 To ensure the budget
position is reported,
monitored and
controlled.
Management information may not be received in a timely manner. Irrelevant, inaccurate or not enough information may not be provided to the delegated budget holder. Corrective or preventative action may not be taken.
Monthly budget monitoring reports are received by the delegated budget holder in a timely manner with adequate information to allow him/her to monitor the budget
Budget 2 Virements may not be carried out in accordance with Financial Standing Orders. Incorrect budget monitoring may take place.
Virements / Variations are completed in accordance with the approved revenue virement / variation procedure.
Budget 3 The budget holder may not be aware of their total client debt. Ineffective budget monitoring may take place. Loss of revenue funding may occur for the Authority. Efficient action may not be taken with the outstanding debtor.
The budget holder is aware of outstanding debtors and the bad debts provision. Where applicable the budget holder is provided with a list of outstanding debtors.
Budget 4 Budget pressures may not formally be communicated and dealt with timely.
The budget holder has regular meetings/communication with an assigned finance officer to discuss the revenue budget position. The budget holder is required to formally report to a finance officer on a monthly basis the budget forecast outturn.
Torfaen County Borough Council - Internal Audit
Page 12 of 20
Procedure Step: Control Objective: Risk: Expected / Actual Control:
Insurance 1 Buildings and contents are adequately insured.
Without the appropriate insurance in place should an incident occur to the building may not be able to operate.
Assets cannot be replaced should loss, theft or fire damage occur without the appropriate insurance in place.
Insurance may be void should the establishment not comply with the insurance arrangements for the security of assets.
Insurance / risk for buildings is determined and recorded and adequate insurance is in place.
Charging Policy There is adequate documentation in support of income due and monies banked.
Unauthorised/incorrect charges could be made. The facility may not be receiving sufficient income to cover the cost of providing the service.
The facility has a written charging policy in place which is subject to annual approval by the joint committee
Cashing Up / Till
Records
There would not be any proof that the money was collected.
Officers responsible for the collection of income are not being recorded. / It is not possible to identify the till users
Patterns or consistent discrepancies would go unnoticed.
Appropriate administrative / security measures are in place for the cashing up of daily takings / use of any tills. (i.e. 2 person cash up, till user identification, variance identification / investigation etc.)
General Security 1 Records and assets are protected against loss / damage and unauthorised access.
Increased potential for documents to be removed from the facility or damaged.
Appropriate Precautions should be taken to ensure that the integrity of documents are preserved (i.e. no coats and bags in study places, use of pencils, visitors are recorded etc.)
General Security 2 Security and safety of documentation could
be compromised if exterior of the building is
not secure.
The perimeter and all parts of the repository must be secure against unauthorised entry and vandalism.
Torfaen County Borough Council - Internal Audit
Page 13 of 20
Procedure Step: Control Objective: Risk: Expected / Actual Control:
General Security 4 Access to the documents is not appropriately controlled
Inappropriate / unapproved access to documents.
External and strongroom doors must be of strong construction and fitted with mortice deadlocks or security locks.
When staff are not on duty the repository and more particularly the strongrooms should be protected by intruder alarms linked to a police station or security agency.
Access to the strongrooms should be restricted to archival staff and other authorised persons accompanied by them.
General Security 5 Damage / destruction of documents Strongrooms, including their doors, walls and ceilings, should offer 4-hour fire resistance. This requirement can only be abated if a full fire risk assessment has been conducted, in consultation with the appropriate fire safety officer or local fire service, and the overall strategy for fire protection offers a corresponding (or greater) degree of assurance.
Smoke detectors, preferably capable of detecting a fire in its incipient phase, with automatic fire alarms linked to the fire station or security agency should be fitted to strongrooms, plant rooms, and adjacent areas and preferably throughout the repository.
General Security 6 Risk to the security of documentation.
The repository must be free-standing or, if in a shared building, be capable of being completely isolated from other activities.
General Security 7 Potential hazards from external sources including neighbouring properties or other parts of a shared building must be carefully assessed and appropriate defensive measures taken. BSI PD 5454 identifies particular hazards against which precautions must be taken.
Torfaen County Borough Council - Internal Audit
Page 14 of 20
Procedure Step: Control Objective: Risk: Expected / Actual Control:
General Security 8 Inappropriate use of the internet etc. Access to the IT infrastructure is controlled and monitored
General Security 9 To ensure that the purchasing card is securely retained.
Fraudulent transactions may be processed. The cardholder keeps the purchasing card in a safe place, and takes reasonable steps to prevent it from being lost, stolen or used by anyone else.
Reproduction 1 Documents should be reproduced in accordance with requirements
Breach of Copyright
Facilities for reproduction are not provided
Reproductions of archived materials are provided / carried out in line with appropriate guidance (copyright, fragility of documents etc.)
Accessions 2 Documents are obtained without provenance being established / confirmed
Before accepting records, the archivist in charge should be satisfied that the transferor has proper authority or title to transfer them
Conflict and Duplication Appropriate Policies and Procedures are in place that have been appropriately approved by the Joint committee
Duplicate documentation is retained In acquiring records every effort should be made to avoid conflict and duplication with the collecting policies of other record repositories.
Collecting Policy Details Lack of a approved collection policy could result in inappropriate record collection
The archivist in charge should draw up, and the governing body should approve, a clearly defined statement of collecting policy which indicates the subject areas within which records are sought and acquired, any geographical restrictions affecting the scope of material collected, and the various media for which appropriate storage and access facilities are provided
Storage and
Transportation of Digital
Media
Ensure adherence to appropriate standards
Digital media could be damaged of not correctly stored and transported
Transport and storage of digital storage media should be in accordance with BS 4783 Storage, transportation and maintenance of media for use in data processing and information storage.
Torfaen County Borough Council - Internal Audit
Page 15 of 20
Procedure Step: Control Objective: Risk: Expected / Actual Control:
Admin - A - Archive
Service Accreditation -
July 2014
The Requirements of the Archive Accreditation Scheme are being addressed
Lack of direction for the Archive Service The Archive Service is guided by a mission statement that defines its purpose in relation to its collections, and connects the organisations governing document to appropriate archive service policies and plans.
Admin - B - Archive
Service Accreditation -
July 2014
Poor Managerial control of the service
Purposes and Objectives of the service are not being met
The relationship of the Archive Service to its parent body is clear and legally robust. Top management formally recognise and support the purpose of the archive service; lines of authority and decision making responsibilities between the governing body and service managers are transparent and effective.
Admin - C - Archive
Service Accreditation -
July 2014
Lack of long term focus and resilience could increase the potential of the service not being able to cope with future requirements
The Archive Service has effective forward plans and planning processes in place, which demonstrate a good understanding and an appropriate response to the organisational and wider context in which the service operates
Admin - D - Archive
Service Accreditation -
July 2014
Lack of documented responsibilities etc
Formal written terms of occupancy exist for all buildings and premises housing archives and archive services. Arrangements are sufficient to keep the collections physically secure and accessible. Arrangements also allow for effective forward planning, including the future expansion of collections.
Admin - E - Archive
Service Accreditation -
July 2014
Incorrect budget monitoring may take place. Accountability for budgets may not take place. The unapproved expenditure may not be able to be funded.
Insufficient funds are available
The archive service can demonstrate that it is financially stable. Sufficient funds have been identified to enable the archive service to deliver its stated forward plans.
Torfaen County Borough Council - Internal Audit
Page 16 of 20
Procedure Step: Control Objective: Risk: Expected / Actual Control:
Admin - F - Archive
Service Accreditation
Unqualified staff
The archive service has a workforce appropriate in experience and numbers to carry out the service’s responsibilities and plans. Employment procedures and volunteering policies are in place to support competent professional performance and ongoing staff development.
Admin - G - Archive
Service Accreditation
Lack of clear policies could result in inefficient / ineffective practices
The archive service has a co-ordinated approach to collections management / collection development / collection information activity, guided by coherent policies for collections development, information, care and conservation, and access. Policies should cover both analogue and digital materials, where relevant, and be approved by top management, or an appropriate delegated authority.
Admin - H - Archive
Service Accreditation
The Archive Service has a clear policy on access and engagement, which specifies the way in which access is provided and enhanced for all stakeholders, appropriate to the organisations mission statement and the nature and scale of its collections. The policy should be approved by top management, or an appropriate delegated authority.
Admin - I - Archive
Service Accreditation
The service is not meeting the needs of the community / stakeholders
The archive service demonstrates a good understanding of the needs and interests of the community it is established to serve. It has plans in place which detail the actions that are being taken to meet stakeholders’ access requirements and to continuously improve service provision, appropriate to the organisation’s mission statement and the nature and scale of its collections.
Torfaen County Borough Council - Internal Audit
Page 17 of 20
Procedure Step: Control Objective: Risk: Expected / Actual Control:
Admin - J - Archive
Service Accreditation
Lack of communication / publicity with its community / stakeholders
The archive service provides access to its holdings. It communicates clear, practical information on how to access services and collections, which responds to the needs and interests of its community and protects the rights of copyright owners and data subjects
Risk Register Risks have not been identified and therefore cannot be mitigated
Risk Register is in place, regularly monitored and reported to the board on risk levels and mitigation strategies.
Salaries Incorrect payments are made Employee Salaries are correct and accurate
Purchase to Pay - Order
Authorisation
Unauthorised purchases may be made.
Accountability for the budget may not take place.
All orders are approved by an authorised officer prior to dispatch.
Purchase to Pay -
Official Invoice
Payments are promptly and accurately processed on receipt of a bona fide creditor invoice and for goods / services received with a segregation of duties in place.
Unauthorised / unofficial payments may be made.
Noncompliance with HMRC Vat regulations may occur which may result in fines being imposed.
Payment may be made for goods/services that have not been ordered or duplicate payments may be made.
Payments are only made when an official VAT invoice, containing all appropriate information, has been received, checked and coded.
Purchase to Pay -
Duplicate Payments
Non stewardship of public funding may occur.
Any duplicate payments made, may not be subsequently identified.
Checks are made to previous expenditure information to prevent the duplicate payment of an invoice.
Purchase to Pay -
Invoice/Order match
Payment may be made for goods / services which were not ordered.
Invoices are checked to copy orders to agree prices and quantities.
Torfaen County Borough Council - Internal Audit
Page 18 of 20
Procedure Step: Control Objective: Risk: Expected / Actual Control:
Purchase to Pay - Paid
Promptly
The statutory N.A.W Performance Indicator (NAWPI) may not be met.
Inaccurate performance information may be reported.
Invoices are paid promptly in accordance with legislative timescales.
Purchase to Pay -
Outstanding Orders
Commitments may be reported in budgetary control information which may be used for alternative purposes.
There is a periodic review of outstanding orders.
Procurement Card -
Orders
Orders are only place with secure suppliers, made within transaction limits and merchant categories and available budgets and the transactions are recorded promptly.
Fraudulent transactions may be processed.
Private purchases may be made.
Payment may be made for items that have not been ordered.
Scheme conditions are not complied with.
The Council may not obtain value for money unless the current contracts are used.
Increased potential for duplicate payments.
Purchases are only made for product types which the officer has been authorised to buy.
All purchasing card transactions are made by the individual to whom the purchasing card is issued and personal benefits are not received, i.e., loyalty points.
Orders are only placed with Internet suppliers who provide a secure site with appropriate encryption facility.
The procurement card is not used for any items that can be ordered via FMS 6.
Procurement Card -
Available Budget
Insufficient budget available.
Unauthorised transactions may be made.
Budgetary Control information is inaccurate lending to ineffective budget monitoring.
Non-compliance with the Authority's Standing Orders.
Increased potential for duplicate payments being made.
Goods / services are only ordered when an available budget exists.
Torfaen County Borough Council - Internal Audit
Page 19 of 20
Procedure Step: Control Objective: Risk: Expected / Actual Control:
Procurement Card -
Transaction Logs
Payment may be made for goods that have not been ordered or received.
Duplicate payments may be made.
Incomplete management records may be in place for budget monitoring.
The transaction log is completed promptly by the cardholder for all purchases, upon placement of each order. (All relevant details of the transaction should be recorded on the transaction log i.e. date of order; supplier name; goods/ services ordered; value; Vat Amount; Cost Code; Date Goods Received; Date Paid etc).
Procurement Card -
Cardholder
Reconciliation
The Card Holder and Approving Officer will review and approve the transactions, the System Team will complete and review a control account and will pay the bank promptly.
Payment may be made for goods that have not been ordered.
Payment may be made for goods that have not been received.
Duplicate payments may be processed.
Incorrect VAT treatment may result in fines imposed by HMRC.
The Cardholder receives a weekly transaction report to show the;
validity of the transactions;
VAT codes assigned to the transactions; and
ledger codes assigned to the transactions.
Where necessary the cardholder makes changes to the ledger codes and VAT codes.
Once the cardholder is satisfied that the transactions are valid ones (having verified to the supporting order/delivery note/invoice/receipt) and that the ledger code and Vat code is correct, the transaction is marked as reviewed by the cardholder and ready for independent approval by the appropriate nominated Approving Officer.
Torfaen County Borough Council - Internal Audit
Page 20 of 20
Procedure Step: Control Objective: Risk: Expected / Actual Control:
Procurement Card -
Approving Officer
Reconciliation
Fraudulent transactions may be processed.
Payment may be made for goods that have not been ordered.
Payment may be made for goods that have not been received.
Duplicate payments may be processed.
The Nominated Approving Officer will receive a weekly e-mail to independently review;
the validity of the transactions;
that all transactions are appropriate, both in terms of value and type of purchase;
the VAT codes assigned to the transactions; and
the ledger codes assigned to the transactions.
Once the Nominated Approving Officer is satisfied that the transactions are valid ones (having verified to the supporting order/delivery note/invoice/receipt) and that the ledger code and Vat code is correct, the transaction is marked as reviewed by the nominated Approving Officer.
Procurement Card -
Control Accounts /
Prompt Payment
Incorrect payments may be made to the bank.
Late payment/ interest charges may be incurred.
Failure to operate within the terms of the card issuer.
The purchasing cards may be cancelled or suspended.
The Authority makes payment in respect of all transactions within 7 days of the request for payment from the bank.
Procurement Card -
VAT Receipts
VAT receipts / invoices
are retained in
accordance with current
guidelines.
VAT may not be able to be reclaimed in accordance with HMRC guidelines.
Incorrect accounting for VAT may result in penalties being imposed by HMRC.
A VAT Receipt / Invoice is retained for the required time.