Jersey Audit Office Audit Plan 2023.

R.4/2023

Contents

Introduction  3 Statutory Responsibilities 4 Purpose, Vision and Values 6 Financial Statements Audit 7 Internal Control, Corporate Governance and Value for Money 9

Introduction

1. Independent external audit is an important part of the process of accountability for public money. It provides assurance on the stewardship of public funds and on corporate governance.
2. This audit plan sets out how I intend to deliver the responsibilities of the Comptroller and Auditor General (C&AG) under the Comptroller and Auditor General (Jersey) Law 2014 (the 2014 Law').
3. Under Article 17 of the 2014 Law the C&AG may not be directed in how he/she undertakes those functions. However, the C&AG has a duty to attend meetings of and liaise with the Public Accounts Committee (PAC). I have done so in preparing this plan and I value the PAC's thoughts and contribution to my thinking.
4. The plan covers the period 2023 to 2026. It provides a detailed plan for the year ending 31 December 2023 and indicative plans for the three years thereafter. I have chosen a four-year period in order to be consistent with the Government Plan period.
5. The plan is subject to review and change in light of changes in the risks identified, including as a result of matters brought to my attention by the PAC, Members of the States Assembly, officers of the States and others. I will advise the PAC of any changes to the plan and a formal update to the plan will be published each quarter.

Statutory Responsibilities

6. My responsibilities are to provide independent, robust assurance about the stewardship of public funds by:

• reporting to the States Assembly on the effectiveness of internal control, general corporate governance arrangements and economy, efficiency and effectiveness (value for money'); and

• appointing auditors of the accounts of the States (including the Social Security Fund, the Social Security (Reserve) Fund, the Health Insurance Fund and the Long-Term Care Fund) and certain other specified entities.

7. My responsibilities are summarised in Exhibit 1. Exhibit 1: Responsibilities of the C&AG

Assurance about the stewardship of public funds

Reporting to  Appointing

the States  auditors of Assembly accounts

Value for  Other Internal control gCorpovernanoratce e money The States specified

bodies

8. Audit is not a substitute for the responsibilities of those providing public services. It is for them to ensure that public business is conducted in accordance with the law and proper standards, that public money is safeguarded, that public funds are properly accounted for and that economy, efficiency and effectiveness are secured.
9. Article 18 of the 2014 Law requires me to prepare and publish a statement of the manner in which I propose to discharge my functions. The Code of Audit Practice (the Code) published in November 2020 discharges that responsibility. Whereas the legislation sets out what my audit work should achieve, the Code sets out how the work should be undertaken.

10. The Code covers:

• the general principles applying to public audit in Jersey

• work on the financial statements

• work on corporate governance, internal control and economy, efficiency and effectiveness

• follow up of previous external audit recommendations

• reporting the results of audit work; and

• liaison with others (including with PAC, the Risk and Audit Committee and Scrutiny Panels).

11. The Code is an important means by which States Members, Ministers, officers of the States, other stakeholders and the public of Jersey can secure a common understanding of what the C&AG and audit firms appointed by the C&AG shall do, what they shall not do, how they shall operate and how they shall interact.
12. I will adhere to the Code when planning and undertaking my work.
13. During 2023 I plan to consult on a revised Code. The proposed revisions to the Code will reflect a number of updates including to align with international professional standards for public sector auditing issued by the International Organisation of Supreme Audit Institutions (INTOSAI).

Purpose, Vision and Values

14. In summary, my purpose and the purpose of the Jersey Audit Office that I head up is to provide independent assurance to the people of Jersey on the extent to which public money is spent economically, efficiently and effectively and on whether the controls and governance arrangements in place within public bodies demonstrate value for money.
15. The vision of the Jersey Audit Office is to be a trusted and innovative audit organisation that champions good governance and the wise use of public money in Jersey.
16. The Jersey Audit Office operates to a set of fundamental values.

• Independence and objectivity – we appoint auditors, determine our work plan, carry out our work and report our findings impartially. We are accessible, transparent and responsive. We drive constructive and positive change through our recommendations and follow-up. We respond with agility to the ever-changing environment in which we operate.

• Fairness and justice – we are open and honest in the way we undertake our work, how we communicate with all stakeholders and how we treat people. We report our evidence-based findings in public, without fear or favour. We undertake audit work as economically, efficiently and effectively as possible.

• Integrity – we speak up for what is right. We strive for and deliver high quality outcomes. We are truthful in making decisions and in responding to challenge. We meet our responsibilities in an ethical and fair way.

• Credibility – we provide insight and promote best practice. We engage proactively with our stakeholders, with whom we work hard to build and maintain trust. Our work follows best practice and is undertaken by a team of reliable and dedicated professionals in accordance with recognised international standards.

Financial Statements Audit

Statutory Requirements

17. Legislation requires the C&AG to appoint auditors of the financial statements of:

• the States of Jersey; and

• certain other entities as detailed in Exhibit 2.

18. In addition, in one case, pending proposed legislative change, I appoint an auditor at the request of the Treasurer of the States.

Exhibit 2: Auditors of other entities appointed by the C&AG

States of Jersey

19. The States have a statutory duty to prepare financial statements (including the accounts of the Social Security Fund, the Social Security (Reserve) Fund, the Health Insurance Fund and the Long-Term Care Fund) within three months of the year end and I have a duty to secure that an audit is undertaken within five months of the year end.
20. The scope of the audit is extended so that it includes not only an opinion on the truth and fairness of the financial statements but also an opinion on the regularity' of income and expenditure, in other words whether it is:

• in accordance with the intentions of the States Assembly; and

• in compliance with relevant legislation, directions and other authorities.

21. Following a competitive tender process in 2020, Mazars LLP were awarded a five- year contract to undertake the audit of the States' accounts.

Audit Quality Framework

22. The Code published in November 2020 includes (in Appendix 3) an Audit Quality Framework covering the means by which I ensure that:

• audit work is undertaken by appropriately trained and supported individuals and audit teams

• there are organisation-wide arrangements for quality control both within the Jersey Audit Office and the audit firms appointed by the C&AG; and

• there is appropriate, independent assurance activity.

23. I have established the following core principles underpinning my Audit Quality Framework:

• audit quality should be embedded in the delivery of all audit work

• audit quality should be assessed in terms of outputs and outcomes as well as inputs and processes; and

• the approach to audit quality should drive continuous improvement in public services.

24. Further details on the specific activities to be undertaken to implement my Audit Quality Framework can be found in the Jersey Audit Office Strategy 2023-26.

Internal Control, Corporate Governance and Value for Money

Statutory Requirements

25. Article 11(3) of the 2014 Law imposes a duty on the C&AG to consider and report to the States Assembly in relation to the States of Jersey, States funded bodies, the Social Security Fund, the Social Security (Reserve) Fund, the Health Insurance Fund and the Long-Term Care Fund on:

• general corporate governance arrangements

• the effectiveness of the internal controls, including internal auditing of those controls; and

• economy, efficiency and effectiveness in the use of resources.

26. Articles 13(1) and 14(3) of the 2014 Law allow the C&AG to report in relation to these three matters in respect of independently audited States bodies and States aided independent bodies.

How I plan my work

27. I plan my work so that in each year I undertake one or more elements of work specifically to consider each of corporate governance, internal control and economy, efficiency and effectiveness.
28. To deliver a proportionate and effective work programme, I plan my work using a risk-based approach. There are five key stages to my audit cycle (see Exhibit 3).

Exhibit 3: The Audit Cycle

Risk assessment and

Planning

Follow Up Conducting

Reporting

29. In developing this audit plan, I take account of a wide range of risks facing the States, including:

• strategic risks arising from governance functions and those risks to the States and managed through their existing risk systems

• operational risks arising from the delivery, support and front functions

that are known -line service

• business change risks arising from the introduction of new systems and processes; and

• emerging risks arising from changes outside the States' control.

30. Work planned for delivery in 2023 will build upon and follow up work undertaken in previous years.

Current Risks and Priorities

31. Corporate governance will continue to be a major focus as it underpins the arrangements that secure value for money and effective internal control.
32. The new Council of Ministers formed after the 2022 election has set out a new Government Programme through the Common Strategic Policy, the proposed Government Plan 2023-2026 and Ministerial Plans. Delivery Plans to support the Government Programme are due to be published in early 2023.

33. My work in 2023 and beyond will continue to concentrate on the risks arising from the considerable change programmes being implemented within Government, including:

• keeping an overview of wider arrangements for ensuring that control is maintained during a period of major and rapid change

• a particular focus on Information and Communications Technology (ICT) implementation over the period of my plan; and

• a focus on the delivery of major projects, including capital and strategic projects.

34. The States have taken steps to embrace sustainable wellbeing in legislation and policy frameworks and intend to continue to do so throughout the period of my plan. I have included within my plan specific reviews of the Jersey Performance Framework and of Sustainable Transport.
35. For the last three years I have produced a Good Practice Guide to Annual Reporting to encourage greater transparency and excellence in the annual reports of publicly funded organisations. I will continue to encourage excellence and transparency in annual reporting and have included this as a theme in all years of my plan.

Indicative Audit Plan to 2026

36. The indicative audit plan for the next four years is presented in Exhibit 4. This indicates the work I propose to undertake each year and the audit objectives to which the work relates. I shall update the plan in light of changes in my assessment of risks and priorities.

37. The plan includes certain work that commenced in 2022 and will report in 2023:

• Deployment of Staff Resources in Health and Community Services

• Efficiency Savings; and  

• Integrated Technology Solution – Follow Up.

38. The plan also includes two reviews that I had initially intended to commence in 2022 but were deferred to 2023:

• Government Response to the COVID-19 Pandemic – Economic, Social and Health-related Recovery; and

• Major and Strategic Projects, including Capital Projects.

Exhibit 4: Indicative plan to December 2026

Detailed Plan to 31 December 2023

39. The detailed plan to 31 December 2023 is set out in Exhibit 5. I will update this plan on a quarterly basis and present it to the PAC. The plan and updates to it will also be published on the Jersey Audit Office website www.jerseyauditoffice.je .
40. I will deliver the reviews through the Jersey Audit Office with the assistance of my Deputy and a number of individual and corporate affiliates with specialist knowledge and experience.

Exhibit 5: Detailed plan January to December 2023

Areas for review   Status  Comment Deployment of Staff  Final draft  Report planned Q1 2023

Resources in Health and  reporting

Community Services  stage

Efficiency Savings  Fieldwork  Report planned Q1 2023

complete

Integrated Technology  Fieldwork  Report planned Q1 2023 Solution – Follow Up  complete  Including follow up of 2021 report

Government Response to the  Planned COVID-19 pandemic:

• Economic, Social and Health-related Recovery

Major and Strategic Projects,  Planned including Capital Projects

Cyber Security Arrangements   Planned Commissioning of Services Planned ICT Implementation –  Planned

Electronic Patient Records

and Digital Care

Tackling Fraud and Error Planned Strategic Property  Planned

Management

1 5 |Audit Plan 2023 to 2026

Areas for review   Status  Comment Oversight of Arm's Length  Planned

Bodies

Annual Reporting  Planned Follow Up of previous audits

Use of Consultants  Planned Handling and Learning from  Planned

Complaints

1 6 |Audit Plan 2023 to 2026

1 7 |Audit Plan 2023 to 2026