Agenda item

To provide the Committee with a periodic report on the Internal Audit function for the period March 2022 – May 2022, as required by the professional standards.

 

 

Minutes:

The Committee had before it a report submitted by the Council’s Internal Audit Manager (A.1) which provided a periodic update on the Internal Audit function for the period March 2022 to May 2022 together with the Internal Audit Manager’s Annual Report for 2021/22 as required by the professional standards. That report was split into three sections as follows:-

 

1)   Internal Audit Plan Progress 2021/22

 

·      a satisfactory level of work had been carried out on the 2021/22 Internal Audit Plan in order for the Internal Audit Manager to be able to provide an opinion in his Annual Audit Report.

·      two audits from the Internal Audit Plan remained outstanding. All other audits within the plan had been completed with only two receiving an overall audit opinion of ‘Improvement Required’. All other audits within the plan had received a satisfactory level of assurance.

 

2)   Annual Report of Internal Audit Manager

 

·     the Annual Report of the Internal Audit Manager had concluded that an unqualified opinion of Adequate Assurance could be provided.

·     the work carried out throughout the year by the Audit Committee, Senior Management and the Internal Audit Team had been in line with the Public Sector Internal Audit Standards and CIPFA Application Notes (Latest release November 2020).

·      there were risks to being able to provide an unqualified opinion in 2022/23 given some identified wider governance issues and the difficulties reaching an overall opinion for 2021/22. This would form a key element of the Annual Governance Statement (AGS) that was currently being prepared along with a number of actions to ensure that adequate progress could be made to avoid a potentially unfavourable opinion in future.

 

3)   Internal Audit Plan Progress 2022/23

 

·     Six audits within the 2022/23 Internal Audit Plan were currently in fieldwork.

 

INTERNAL AUDIT PLAN PROGRESS 2021/22

 

The Committee heard how two audits within the 2021/22 Internal Audit Plan remained outstanding (Depot Operations and Strategic Housing). All other audits within the plan had been completed.

 

A total number of nine audits had been completed during the period April 2022 to June 2022. One report in this period had received an overall opinion of ‘Improvement Required’ (Housing Repairs and Maintenance) with the other eight receiving satisfactory assurance opinions with no significant issues being identified.

 

It was reported that Internal Audit had continued to provide advice on internal control, risk management and governance arrangements on a consultative basis. Further to completing audits within the agreed plan, the Team had attended meetings regarding Procurement, Career Track and Careline. The Team also allocated some time throughout the year liaising with departments and advising on an ad-hoc basis.

 

The Committee was reminded that the audit plan was fluid, which ensured that Audit worked with services to reaffirm audit priorities continuously throughout the year.

Audit officers remained focussed on delivering the message that they were here to support services.

 

Quality Assurance

 

Members were aware that the Internal Audit Team issued satisfaction surveys for each audit completed. In the period under review 100% of the responses received had indicated that the auditee had been satisfied with the audit work undertaken.

 

Resourcing

 

The Committee was informed that Internal Audit was currently working with an establishment of 3fte with access to a third party provider of internal audit services for specialist audit days as and when required. The Council had recently advertised internally for the vacant Audit Technician post, unfortunately there had been no applicants. Officers were expected to advertise externally soon.

 

Outcomes of Internal Audit Work

 

The Standards required the Internal Audit Manager to report to the Audit Committee on significant risk exposures and control issues. Since the last report nine audits had been completed and the final report issued. The Public Sector Internal Audit Standards required the reporting of significant risk exposures and control issues.

 

Assurance

Colour

Number this Period

Total for 2020/21Plan

 

Substantial

 

0

5

 

Adequate

 

8

15

 

Improvement Required

 

1

2

 

Significant Improvement Required

 

0

0

 

No Opinion Required

 

0

3

Three consultative engagements in 2021/22

 

For the purpose of the colour coding approach, both the substantial and adequate opinions were shown in green as both were within acceptable tolerances.

 

Issues arising from audits completed in the period under review receiving an ‘Improvement Required’ opinion and which required reporting to Committee were:-

 

Housing Repairs and Maintenance

 

1.   Lack of Variation Tracking

 

Issues identified:

 

“When a job was not as straight forward as expected a variation order was raised by the contractor which would then increase the expected cost of the job within the contract. The contractor had a contracted self-authorisation limit of £50 (but must send in photo beforehand) and anything above this must be authorised by the Council. This limit had recently been raised by the Council to £100. Whilst those variations were recorded under ‘Job History’, and looked at during invoice payment stage, there was no independent method of identifying the amount or total value of those works, or how many complied with contractual requirements.”

 

Risk:

 

“Without an overview or method of identifying variations orders, there was a risk of paying for works or parts that were not required which had an adverse financial impact.”

 

Agreed Action:

 

“Explore options within Housing repairs software review to include a reportable process for separately adding, identifying and tracking order variations.

 

This additional step should be linked to authorisation levels for each user, to ensure the value is appropriate for their role and experience.”

 

2.   Tenancy Information

 

Issues identified:

 

“Every housing unit should have an identified tenant, or clearly marked as void if between tenants.

 

Updated records were necessary to ensure the customer service team knew they were dealing with the tenant at the address and to enable any security checks needed as well as complying with any data requirements.

 

There was currently no regular updating of tenant details within the maintenance system if they move in or out. Similarly, it was understood that initially tenant details needed to be completed manually during initial rollout of software. As a consequence, there was limited confidence that all addresses had a tenant listed and there might be a few rogue overlooked blank entries in the database, where no visits had been needed.”

 

Risk:

 

“Apart from reputational damage due to lack of data integrity and apparent professionalism, there was also the risk of allowing unauthorised access or works by a non-tenants.”

 

Agreed Action:

 

“Liaise with IT to identify a data linkage method where existing records held on tenancy system can be exported to Housing Repairs software to ensure the records are current.”

 

3.   Lack of Clear Record Keeping

 

Issues identified:

 

“In a case brought to the Housing Ombudsman against the Council, one major criticism had been the absence of clear and comprehensive record keeping. This was also crucial in any legal defence against growing Housing Disrepair Claims.

 

Although some measures had been brought in, it was considered there was still room for some improvement. Further details and examples had been recorded within the operational audit report.”

 

Risk:

 

“If information was missing or dispersed, there was a risk of overlooking key facts which might impact works in place or potential ones, leading to adverse reputational damage or financial impact (especially if a repeat in nature of the case previously sent to the Ombudsman or subject to growing instances of costly Housing Disrepair Claims).”

 

Agreed Action:

 

“New procedures and processes to be implemented so that information is captured centrally.

 

This will be examined as part of Housing Repairs software review to identify what options are available and any subsequent officer training carried out.”

 

4.   Discrepancies Between Oneserve System and Invoices

 

Issues identified:

 

“Work is raised on OneServe with the job description and cost. Once the job is complete, an invoice is raised and submitted to the council for payment. This invoice is matched against work raised and paid accordingly.

 

In all cases, OneServe (council housing repair software) figures should match invoice to ensure only the work raised is paid for.

 

There are examples identified through testing which showed payment was apparently in excess of raised work.”

 

Risk:

 

“If the correct figures are not matched, this raises the risk that payments forecast may be different from invoice and overpay as a result. The variations are not kept with the main record, adding extra checking time to locate and cross reference any subsequent authorisations.”

 

Agreed Action:

 

“Initially, a reminder will be issued to officers reminding them of the need to ensure the job value matches the received invoice.

 

There will also be investigation into software capability to see if a check function can be incorporated.”

 

The Assistant Director (Building & Public Realm) (Andy White) attended the meeting and updated the Committee in respect of the department’s response to the outcomes of the Housing Repairs and Maintenance audit, especially in relation to the implementation of the OneServe software system; its links to the Northgate system and the automated exchange of information. He also indicated that Officers were investigating the department’s longer-term IT software requirements and its related information management protocols.

 

Mr White then responded to questions posed to him by the Chairman and members of the Committee.

 

Management Response to Internal Audit Findings

 

The Committee was reminded that there were processes in place to track the action taken regarding findings raised in Internal Audit reports and to seek assurance that appropriate corrective action had been taken. Where appropriate, follow up audits had been arranged to revisit significant issues identified after an appropriate time.

 

The number of high severity issues outstanding was as follows: -

 

Status

Number

Comments

Overdue more than 3 months

1

 

Overdue less than 3 months

 

1

 

Not yet due

1

 

 

ANNUAL AUDIT REPORT OF INTERNAL AUDIT MANAGER

 

Members were reminded that the Public Sector Internal Audit Standards (PSIAS) stated that a professional, independent and objective internal audit service was one of the key elements of good governance, as recognised throughout the UK public sector. The role of the Head of Internal Audit (Internal Audit Manager), in accordance with the PSIAS, was to provide an opinion based upon, and limited to, the work performed on the overall adequacy and effectiveness of the organisation’s governance, risk management, and control processes.

 

As set out in the PSIAS there was a requirement under PSIAS 2450 that the Chief Audit Executive must provide an annual report to the Audit Committee, timed to support the Annual Governance Statement. This must include:

 

    an annual internal audit opinion on the overall adequacy and effectiveness of the organisation’s governance, risk and control framework (i.e. the control environment);

    a summary of the audit work from which the opinion is derived (including reliance placed on work by other assurance bodies); and

    a statement on conformance with the PSIAS and the results of the internal audit Quality Assurance and Improvement Programme.

 

The Council was accountable collectively for maintaining a sound system of internal control and was responsible for putting in place arrangements for gaining assurance about the effectiveness of that overall system. The Council continued to adopt a ‘Three Lines of Defence’ assurance model, which was taken from the following sources:

 

1.         Senior Management and Departmental Leadership

Under the first line of defence, operational management had ownership, responsibility and accountability for directly assessing, controlling and mitigating risks.

 

2.         Internal Governance

 

The second line of defence consisted of activities covered by several components of internal governance (Statutory Officers, Corporate Oversight Functions, Quality Control, IT Security, Data Protection and other control departments). This line of defence monitored and facilitated the implementation of effective risk management practices by operational management and assisted the risk owners in reporting adequate risk related information up and down the organisation.

 

3.         Internal Audit

 

The requirement for an internal audit function in local government was detailed within the Accounts and Audit Regulations 2015, which stated that a relevant body must undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account public sector internal auditing standards or guidance.

 

Internal Audit Approach

 

The Internal Audit function undertook a programme of audits each year to provide the Council and its Audit Committee with assurance on the adequacy of its system of internal control, governance and risk management arrangements. The audit programme was developed using a risk based approach that incorporated a number of independent reviews of the Council’s activities to be able to give an overall opinion on the areas mentioned above.

 

CIPFA had released guidance on Head of Internal Audit Annual Opinions in November 2020 due to the impact of COVID-19. There had been no further guidance from CIPFA since then. The Internal Audit Manager continued to refer to this guidance while forming an opinion; however, there had been minimal impact on the delivery of the 2021/22 Internal Audit Plan due to COVID-19.

 

The impact of COVID-19 was now a section of every audit undertaken and would continue to be going forwards. The Internal Audit Team would record changes to procedures and effectiveness and efficiency issues due to COVID-19 and report any significant issues to the Council’s Management Team and Audit Committee, as required.

 

Communication between Internal Audit, the Council’s Leadership and the Audit Committee had been effective and remained consistent which provided reasonable assurance around the effectiveness and transparency of reporting arrangements.

 

Internal Audit had continued to work with services on a consultancy basis to support the implementation of new processes, identify and analyse route cause if necessary and ensure that all relevant employees had the appropriate training to competently carry out their role. This included advising service area transformation projects, procurement, ad-hoc investigations and any further advice on procedures due to the impact of COVID-19.

 

Independent investigatory work had also been undertaken throughout the year as and when required to support Senior Management when internal control issues had arisen within service areas.

In 2021/22, only two audits from a total of 27 reviews undertaken had received an overall audit opinion of “Improvement Required” whereby high severity issues had been identified. It had been difficult to reach an overall unqualified opinion this year as there had been other activity that had to be taken into account when forming an opinion. Examples included the fact that two statutory ‘Section 5’ reports had been issued in order to correct decisions that had contravened law / constitutional requirements, as well as there being early indications from the outturn process suggesting that there had been significant unauthorised overspends of the Council’s budgets. With all of the above to be considered, the balancing factors were that all significant issues identified had been addressed instantly which had included setting up working groups when needed and that overall the Council’s internal control environment was sound, but needed to be followed.

 

Annual Opinion 2021/22

 

The Committee was made aware that the Head of Internal Audit’s annual assurance opinion was based on the following:

 

    Internal Audit work completed during the course of the year;

    observations from consultancy/ advisory support;

    results of any follow up exercises undertaken in respect of previous years’ internal audit work;

    a review of assurance from other providers including those from first and second lines of defence, independent regulators and peer reviews;

    the extent of resources available to deliver the internal audit work; and

    the quality and performance of the Internal Audit service and the extent of compliance with the Public Sector Internal Audit Standards.

 

Limitations to the Annual Opinion

 

There had been no limitations to report on the ability to deliver the Internal Audit Plan and provide an annual opinion on the effectiveness of governance, risk management and internal control. There had been changes to the audit plan throughout the year due to emerging risks and changes to service provision, which had meant that some audits had been merged and some elements had been amended within individual audits. The changes to the audit plan had been made in consultation with the Audit Committee and Management Team, furthermore the amendments to the plan had only added to the overall assurance opinion provided by the Internal Audit Team.

 

The Head of Internal Audit’s Annual Opinion

 

It was reported that the overall direction of travel regarding the internal control environment since 2020/21 had remained the same. Officers were unable to state that the control environment had improved overall as the majority of audits had received an ‘Adequate Assurance’ opinion meaning that although there were no significant issues identified within those audits there was still some work to be done to develop the control environment at an operational level. A total of 39 moderate issues and 6 major issues had been identified with actions agreed with operational management throughout the year. All major actions had been reported to the Audit Committee and all moderate actions had been managed through the audit follow-up process with the service area.

 

Governance arrangements and internal controls had been evaluated in all audits within the plan, albeit with varying levels of scope. Senior Management continued to review strategic risks on a regular basis within Management Team and the Corporate Risk Register was reviewed bi-annually with any feedback reported to Management Team for consideration.

 

The opinion of the Internal Audit Manager had therefore been drawn from all of the information reported above, external reviews carried out throughout the year from other assurance providers and through the ongoing work in supporting Senior Management and services in delivering the Council’s objectives and vision.

 

The Internal Audit function had updated the annual Quality Assurance and Improvement Programme (QAIP), which was a self-assessment questionnaire against the Public Sector Internal Audit Standards. The QAIP had been completed and agreed by the Audit Committee in April 2022.

 

The Internal Audit Manager was satisfied that sufficient work had been completed in 2021/22 to draw a reasonable conclusion on the adequacy and effectiveness of the Council’s activities. The internal control environment continued to remain stable with some significant changes in specific service areas which had been reported to the Audit Committee throughout the year as part of the periodic reporting arrangements. An open dialogue with Senior Management on risk remained in place and a generally sound system of internal control had been assessed across the majority of the Council’s operational areas. Therefore, an overall unqualified opinion of ‘Adequate Assurance’ could be provided.

 

The above report would be included within the Council’s AGS as part of its statutory responsibilities.

 

The Committee was advised that there were risks to being able to provide an unqualified opinion in 2022/23 given the wider governance issues identified and the difficulties reaching an overall opinion for 2021/22. This would form a key element of the AGS that was currently being prepared to ensure that adequate progress could be made to resolve historical issues and avoid a potentially unfavourable opinion in future. As part of an immediate and direct response, the Chief Executive had established a regular cycle of Budget, Performance and Delivery Review meetings with Management Team and other Senior Officers across the Council. It had been recommended that those meetings cover the following key issues:

 

    high level review of the in-year budget position for each Directorate / Department, which needs to aim to draw out any potential financial issues ahead of the associated impact on the budget e.g. potential overspends, underspends and / or other financial issues / pressures;

    following on from the point above, to promote and oversee any associated decision making / governance processes;

    to identify financial pressures that may impact on the Council’s long term financial plan;

    to promote connections / linkages with the recently implemented  Corporate Investment Plan;

    to review the in-year performance against the Council’s key aims and objectives and other key delivery targets;

    to identify and oversee any other key governance issues; and

    set against all of the above, keep under on-going review the level of resources / capacity to meet the various demands on the Council’s departments and services.

 

After discussion it was RESOLVED that –

 

(a)     the contents of the report be noted; and

 

(b)    the Housing Portfolio Holder and the Corporate Director (Operations & Delivery) be required to attend the next meeting of the Committee to give an update on the improvement actions being undertaken in relation to the Housing Repairs & Maintenance audit and to answer Members’ questions thereon.

 

 

Supporting documents: