Avon and Somerset Police Authority Avon ? High risk systems or processes, as identified by key members of the Authority and Constabulary during a series of structured interviews undertaken during 2005; ? Input from both Chief Officer Group and the Police Authority; ? Findings from audits undertaken during 2006/07; ? A range of non-key risks will be included in each years coverage to add to the comprehensiveness of the opinion. Risks not defined as key still require attention, to gain assurance that adverse impacts are not arising; ? Discussions with the Authoritys previous internal auditors; external auditors and HMIC; and, ? In addition to the consideration of existing risks and issues, consideration has been given to the extent of change taking place or planned to take place in the Constabulary. Changing processes can be inherently more risky than established and known processes and the identification and correction of weaknesses during development is more economical than after the process has been put in place. The annual audit programme is at Appendix 1. Avon and Somerset Police Authority 3 2. DEFINITIONS OF AUDIT OPINION Level of Assurance Description Low The system of internal control does not meet minimum acceptable standards overall because control deficiencies exist, which could allow material losses to take place and not be detected. Satisfactory Whilst there is a basically sound system of internal control, there are weaknesses that put some of the system objectives at risk. The overall system of internal control may meet minimum acceptable standards overall but could be improved. Substantial Overall the system of internal control meets acceptable standards and provides reasonable, but not absolute, assurance that the process covered is reliable and material losses will be detected in the normal course of business. Definitions of risk levels: Level of Risk Description High A critical control deficiency, which could allow material losses to take place and not be detected. Such a risk could lead to an adverse impact on the Police Service and expose the Authority and Senior Officers to criticism. Remedial action must be taken urgently. Medium A control deficiency which could allow losses to take place. Low A process improvement opportunity that is not indicative of a control weakness but indicative of an opportunity for improvement in the efficiency or effectiveness of a process. These definitions of evaluations should be interpreted in conjunction with the scope of the audit work as defined in Section 2 and in the overall context that our findings should only be relied upon to be representative of the operation of control procedures at the time of discussion or observation of these control practices and in relation to the transactions tested. Projection of evaluations to future periods is subject to the risk that the policies and procedures may become inadequate because of changes in conditions, or that the degree of compliance with these policies and procedures may deteriorate.Avon and Somerset Police Authority Internal Audit Strategy Page 4 APPENDIX I 2007/08 OPERATIONAL AUDIT PLAN Primary Area of Risk(s) Audit Area Quarter Resources (Days) Governance ? GAP analysis against CIPFA guidelines 2 5 Risk Management ? Risk management framework 4 5 Planning ? HR strategy ? Initial Police Learning Development Programme 1 1 5 9 Delivery & Operations ? Race relations ? Transport services ? Force Service Centre 2 2 3 6 6 7 Financial & Support Functions ? Pensions management ? General control environment - 2 BCU visits (5 days each) ? Business Continuity Planning ? Training ? Payroll and expenses incl. Trent Application Review ? Purchasing and procurement collaborative arrangements ? Estates management ? Fixed assets and charges ? Automatic Number Plate Recognition ? Financial management review ? General computer controls NSPIS HR 1 1 1 2 2 3 3 3 3 4 4 4 5 6 6 20 10 7 5 8 5 8 Operational Change ? Guardian ? Corporate Change Management Policy 3 4 10 5 Follow up ? Follow up of prior audit reviews 4 10 Management ? Management, Development of Audit Strategy, Meetings and Audit Committee preparation and attendance 20 TOTAL DAYS 177 Avon & Somerset Authority Internal Audit Strategy APPENDIX II - STATEMENT OF RESPONSIBILITY We take responsibility for this report which is prepared on the basis of the limitations set out below. The matters raised in this report are only those which came to our attention during the course of our internal audit work and are not necessarily a comprehensive statement of all the weaknesses that exist or all improvements that might be made. Recommendations for improvements should be assessed by you for their full i