Agenda item
To provide the Committee with a periodic report on the Internal Audit function for the period April 2021 – June 2021 and the Annual Report, as required by the professional standards.
Minutes:
The Committee had before it a report submitted by the Council’s Internal Audit Manager (A.1) which provided a periodic update on the Internal Audit function for the period April 2021 to July 2021 and the annual report of the Internal Audit Manager. That report was split into three sections as follows:-
1) Internal Audit Plan Progress 2020/21
· The 2020/21 Internal Audit Plan had been completed with sufficient work undertaken in order for the Internal Audit Manager to provide an opinion in the Annual Head of Internal Audit Report.
· All audits within the Internal Audit Plan had been completed with only two receiving an overall audit opinion of ‘Improvement Required’. All other audits within the plan had received a satisfactory level of assurance.
2) Annual Report of Internal Audit Manager
· The Annual Report of the Internal Audit Manager had concluded that an unqualified opinion of Adequate Assurance was justified.
· Work carried out throughout the year by the Audit Committee, Senior Management and the Internal Audit Team had been in line with guidance provided by CIPFA on the ‘Head of Internal Audit Opinion due to the impact of COVID-19’ released in November 2020.
3) Internal Audit Plan Progress 2021/22
· Two audits had been completed with both audits receiving a Substantial Assurance opinion.
· A further four audits were in fieldwork with another two audits allocated.
INTERNAL AUDIT PLAN PROGRESS 2020/21
The Committee heard how the 2020/21 Internal Audit Plan had been completed with the exception of two audits being deferred to the 2021/22 Internal Audit Plan and replaced with three audits that had been identified due to the emerging risks from the COVID-19 pandemic. The Audit Committee had agreed those changes to the audit plan in October 2020. A total number of nine audits had been completed during April 2021 to June 2021 and all had received a satisfactory assurance opinions with no significant issues being identified.
The Committee also heard how Internal Audit continued to provide advice on internal control, risk management and governance arrangements on a consultative basis. Further to completing audits within the agreed plan, the team had attended meetings on Digital and Office Transformation, new system / process implementations in areas such as Leisure Services, Princes Theatre and Accountancy. Internal Audit had also continued to provide advice and support in areas such as procurement, payroll and grant management to ensure constitutional and legal requirements were met in new or unique circumstances.
It was reported to Members that the Council had remained focussed on delivering the message that Internal Audit were there to support services and by letting them know about policy and procedural changes, difficult circumstances or just the unknown due to working on new projects / initiatives. The team could advise and support at an early stage rather than create additional work at a later date if governance or internal control issues were identified during an audit at a later date.
Quality Assurance – The Internal Audit function issued satisfaction surveys for each audit completed. In the period under review 100% of the responses received had indicated that the auditee was satisfied with the audit work undertaken.
Resourcing
It was reported to the Committee that Internal Audit was currently working with an establishment of 3 fte with access to a third party provider of Internal Audit Services for specialist audit days as and when required. The Internal Audit Plan had been delivered with the current establishment. However, Internal Audit had explored the possibility of recruiting for the vacant part-time Audit Technician post to provide additional support both within the Internal Audit Function but also to other departments.
Internal Audit’s Apprentice position was still on hold due to the COVID-19 pandemic and the remote working requirements in place. The Internal Audit Manager was currently engaging with Human Resources to understand what options were available going forwards.
Outcomes of Internal Audit Work
Members heard that the Public Sector Internal Audit Standards required the Internal Audit Manager to report to the Audit Committee on significant risk exposures and control issues. Since the last report nine audits had been completed and the final report issued. The Public Sector Internal Audit Standards also required the reporting of significant risk exposures and control issues.
|
Assurance |
Colour* |
Number this Period |
Total for 2020/21Plan |
|
|
Substantial |
|
0 |
5 |
|
|
Adequate |
|
9 |
18 |
|
|
Improvement Required |
|
0 |
2 |
|
|
Significant Improvement Required |
|
0 |
0 |
|
|
No Opinion Required |
|
0 |
4 |
Four consultative engagements in 2020/21 |
*For the purpose of the colour coding approach, both the substantial and adequate opinions are shown in green as both are within acceptable tolerances.
There were no significant issues identified within audits completed during the reporting period.
Management Response to Internal Audit Findings
The Committee heard how there were processes in place to track the action taken regarding findings raised in Internal Audit reports and to seek assurance that appropriate corrective action had been taken. Where appropriate, follow up audits had been arranged to revisit significant issues identified after an appropriate time.
The number of high severity issues outstanding was as follows: -
|
Status |
Number |
Comments |
|
Overdue more than 3 months |
0 |
|
|
Overdue less than 3 months
|
0 |
|
|
Not yet due |
1 |
|
Update on previous significant issues reported
Members recalled that the Head of Public Realm had attended Audit Committee in April 2021 and had provided an update on Fleet Management. As part of the follow up process Internal Audit understood that all outstanding actions bar one, relating to the fleet refuelling process, had now been implemented. The service had identified the best way to manage the refuelling process which Internal Audit would continue to monitor and update the Committee accordingly.
No other significant issues had been identified since the last update in April 2021.
ANNUAL AUDIT REPORT OF INTERNAL AUDIT MANAGER
It was reported to Members that the Public Sector Internal Audit Standards (PSIAS) stated that a professional, independent and objective internal audit service was one of the key elements of good governance, as recognised throughout the UK public sector. The role of the Head of Internal Audit (Internal Audit Manager), in accordance with the PSIAS, was to provide an opinion based upon, and limited to, the work performed on the overall adequacy and effectiveness of the organisation’s governance, risk management, and control processes.
As
set out in the Public Sector Internal Audit Standards PSIAS
there was a requirement under PSIAS 2450 that the ‘Chief
Audit Executive’ must provide an annual report to the Audit
Committee, timed to support the Annual Governance Statement. That
must include:
· An annual internal audit opinion on the overall adequacy and effectiveness of the organisation’s governance, risk and control framework (i.e. the control environment);
· A summary of the audit work from which the opinion was derived (including reliance placed on work by other assurance bodies); and
· A statement on conformance with the PSIAS and the results of the internal audit Quality Assurance and Improvement Programme.
The Committee heard that the Council was accountable collectively for maintaining a sound system of internal control and was responsible for putting in place arrangements for gaining assurance about the effectiveness of that overall system.
Because of that, the Council continued to adopt a ‘Three Lines of Defence’ assurance model which was taken from the following sources:-
1. Senior Management and Departmental Leadership
Under the first line of defence, operational management had ownership, responsibility and accountability for directly assessing, controlling and mitigating risks.
2. Internal Governance
The second line of defence consisted of activities covered by several components of internal governance (Statutory Officers, Corporate Oversight Functions, Quality Control, IT Security, Data Protection and other control departments). That line of defence monitored and facilitated the implementation of effective risk management practices by operational management and assisted the risk owners in reporting adequate risk related information up and down the organisation.
3. Internal Audit
The requirement for an internal audit function in local government was detailed within the Accounts and Audit Regulations 2015, which stated that a relevant body must:-
· Undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes taking into account public sector internal auditing standards or guidance.
Internal Audit Approach
It was reported to the Committee that the Internal Audit function undertook a programme of audits each year to provide the Council and its Audit Committee with assurance on the adequacy of its system of internal control, governance and risk management arrangements. The audit programme had been developed using a risk based approach and different audit techniques to make it leaner and more supportive of service delivery to meet the Council’s needs.
CIPFA released guidance on Head of Internal Audit Annual Opinions in November 2020 due to the impact of COVID-19 on public services that sought to address the risks of limitations of audit scope and noted - ‘CIPFA recognises that local government bodies were struggling with considerable challenges and were having to make difficult decisions on how best to use their available staff and financial resources to meet critical needs. However, the professional and regulatory expectations on local government bodies to ensure that their internal audit arrangements conform with PSIAS had not changed. In that difficult situation, heads of internal audit would need to consider whether they could still issue the annual opinion or whether there would need to be a limitation of scope.’
The key elements identified by CIPFA within the latest guidance were:-
· Planning adequate assurance to support the annual opinion
· Engagement between the leadership team, audit committee and HIA
· Making effective use of internal audit resources
· Early identification of a limitation of scope
· Understanding the consequences of a limitation of scope
It
was also reported to the Committee that discussions were
being had been undertaken at Tendring District Council (TDC)
with the Audit Committee and Senior Management as early as March
2020 around the risks that the Internal Audit Team were facing as
well as Council services in general and at that stage it had been
identified that the Internal Audit Plan for 2020/21 would
need to be fluid as new risks
emerged. As a result additional Audit
Committee meetings had been held to
ensure Members were kept well informed and also to allow for
changes to the internal audit plan to be adopted more effectively
and efficiently as new information arose.
It was reported to Members that communication between Internal Audit, TDC Leadership and the Audit Committee had been effective and more frequent than any other year due to the additional challenges that the pandemic had brought. All of the key areas identified by CIPFA above had been addressed at the beginning of the financial year and continued to be assessed to date.
Internal Audit had continued to work with services on a consultancy basis to support the implementation of new processes, identify and analyse root cause if necessary and ensure that all relevant employees had the appropriate training to competently carry out their role. That had included advising service areas on their response to the COVID-19 pandemic and ensuring that the best possible service could be provided to the public when there had been a change to working practices or a shift in priorities due to the pandemic.
It was also reported to Members that the independent investigatory work had also been undertook throughout the year, as and when required, to support Senior Management when internal control issues had arisen within service areas. In 2020/21, only two audits from a total of 29 reviews undertaken had received an overall audit opinion of “Improvement Required” where high severity issues had been identified. Those audits had been in relation to the Princes Theatre and Fleet Management. Improvement actions had been put in place for those audit areas which had then been followed up by the Internal Audit function to assess the progress of implementation. All significant issues had been reported to the Audit Committee with required improvement actions throughout the year to provide a continuous update on the Council’s control environment, governance arrangements, material issues identified and improvement actions.
Annual Opinion 2020/21
The report to the Committee outlined that the Head of Internal Audit’s annual assurance opinion was based on the following:
· Internal Audit work completed during the course of the year;
· observations from consultancy/ advisory support;
· results of any follow up exercises undertaken in respect of previous years’ internal audit work;
· a review of assurance from other providers including those from first and second lines of defence, independent regulators and peer reviews;
· the extent of resources available to deliver the internal audit work; and
· the quality and performance of the Internal Audit service and the extent of compliance with the Public Sector Internal Audit Standards
Limitations to the Annual Opinion
It was reported to the Committee that although the Council was still in the middle of the pandemic there had not been any limitations to report on the ability to deliver the Internal Audit Plan and provide an annual opinion on the effectiveness of governance, risk management and internal control. There had been changes to the audit plan throughout the year due to emerging risks leading to some audits relating to governance, data protection and business grants being included. The changes to the audit plan had been in consultation with the Audit Committee and Management Team. Furthermore the additional reviews had only added to the overall assurance opinion provided by the Internal Audit Team.
It was also noted that the Internal Audit Plan could not have been completed without the agreement and support of service managers and their staff as they were able to continue to provide a service to the public, address the changes and challenges from COVID-19 and allow time and resources for auditors to review the work they had been doing through 2020/21.
The Head of Internal Audit Annual Opinion
The report informed Members that the overall direction of travel regarding the internal control environment since 2019/20 had improved as all but two audits had received a satisfactory level of assurance throughout the 2020/21 financial year. A total of 38 moderate issues and 6 major issues had been identified with actions agreed with operational management throughout the year. All major actions due had been reported to the Audit Committee and implemented by the relevant department. All moderate actions had been managed through the follow-up process with the service area.
Governance arrangements and internal controls had been evaluated in all audits within the plan, albeit with varying levels of scope. Senior Management continued to review strategic risks on a regular basis within Management Team and the Corporate Risk Register was reviewed bi-annually with any feedback reported to Management Team for consideration.
Members heard that COVID-19 had had a significant impact on the public and public services; however, departments within the Council had managed to continue to provide services to the public whilst managing the pressures and challenges from the pandemic. That had allowed for Internal Audit to complete the Internal Audit Plan and support services when required. There had been procedural and policy changes throughout the year which Internal Audit had had view of and consulted on if needed.
Members also heard the processing of Government business grants had taken up a lot of resource within the Corporate Services department throughout the year in order to undertake the necessary criteria checks prior to making payments. Internal Audit had taken assurance from the post assurance work carried out by the Fraud and Risk Team requested by the Department for Business, Energy and Industrial Strategy which had evidenced only two minor errors in the sample of transactions tested. The Fraud Officer had also carried out many investigations pre and post payment of business grant funds to prevent the Council being exposed to repayment of funds to central government through unnecessary error and fraud.
Internal Audit had also undertaken their own review of business rates which had included a review of business grants and the checks undertaken by Revenue Officers prior to payment with no significant issues being identified. The opinion of the Internal Audit Manager had been drawn from all of the information reported above, external reviews carried out throughout the year from other assurance providers and through the ongoing work in supporting Senior Management and services in delivering the Council’s objectives and vision.
The Internal Audit function had updated the annual Quality Assurance and Improvement Programme (QAIP) which was a self-assessment questionnaire against the Public Sector Internal Audit Standards. The QAIP had been completed and presented to and agreed by the Audit Committee in January 2021.
The report to the Committee showed how the Internal Audit Manager was therefore satisfied that sufficient work had been completed in 2020/21 to draw a reasonable conclusion on the adequacy and effectiveness of the Council’s activities. The internal control environment continued to remain stable with no significant changes from 2019/20 other than those reported to the Audit Committee throughout the year as part of the periodic reporting arrangements. An open dialogue with Senior Management on risk remained in place and a generally sound system of internal control had been assessed across the majority of the Council’s operational areas. Therefore, an overall unqualified opinion of ‘Adequate Assurance’ had been issued by the Internal Audit Manager.
The Committee noted that the above report would be included within the Council’s Annual Governance Statement (AGS) as part of its statutory responsibilities. Further work would be undertaken at a later date on lessons learnt from COVID-19 in line with AGS priorities.
INTERNAL AUDIT PLAN PROGRESS (2021/22)
Members heard how two audits from the 2020/21 Internal Audit Plan had been completed with both receiving an overall opinion of Substantial Assurance with no significant issues identified. A further four audits were in the fieldwork phase and a further two audits had been allocated.
The Internal Audit Team had been monitoring outstanding actions and working hard to ensure that services worked with Internal Audit to confirm that agreed actions were completed in a timely manner. Work had begun in areas such as Bereavement Services, Performance Management, Building Control and Pre and Post Employment Checks. Some resource was currently being used to undertake independent fact finding exercises as part of potential / emerging governance issues. The consultative days allocated within the Internal Audit Plan was being used to support that work.
Appendix B to the Internal Audit Manager’s report provided an update on the status of each audit to date.
There were no significant issues or particular areas of concern to report at this time.
After a detailed discussion, the Committee NOTED the contents of the report.
Supporting documents:
-
A1 Report Internal Audit Periodic Report 2020-21 March 21 - July 21 and Annual Head of Internal Audit Report 2020-21, item 12.
PDF 217 KB -
A1 Appendix A - Internal Audit Plan 2020-21 Progress Report, item 12.
PDF 118 KB
-
A1 Appendix B - 2021-22 Internal Audit Plan Progress Report, item 12.
PDF 115 KB