To provide the Committee with a periodic report on the Internal Audit function for the period January 2025 – March 2025, as required by the professional standards and to seek approval of the Audit Committee for the 2025/26 Internal Audit Strategy & Operational Plan.

 

 

The Committee was provided with a progress report on the Internal Audit function for the period January 2025 – March 2025 and approval was sought from the Committee for the Internal Audit Strategy and Operational Plan 2025/26.

 

The report was summarised as follows:

 

·         A total of four audits had been completed since the previous update in January  Eight audits were still in fieldwork. The audits completed this period were Housing Benefit, Main Accounting System and Budgetary Control, Corporate Governance and Accounts Payable. All had received satisfactory opinions of Adequate or Substantial Assurance.

·         The Global Internal Audit Standards required Internal Audit functions to have a Internal Audit Strategy in place which not only set out the annual plan but also looked to the future. A new Internal Audit Strategy and Operational Plan for 2025/26 had been developed for the Audit Committee to review and approve. The strategy included a three-year plan with provisional audits for future years which could be adjusted each year dependant on the priorities of the Council. It was designed to be resilient and flexible with the ever changing regulatory and external environment.

·         The 2025/26 Operational Plan had been developed using a risk based approach, taking account of the Council’s Corporate Objectives, Corporate Risks, horizon scanning from other Government agencies and best value standards from the Ministry of Housing, Communities and Local Government (MHCLG). The plan had been collated based on the information gained from liaising with Directors, Heads of Service and entire departments to target areas that might benefit from an independent review of processes and procedures to determine potential efficiency gains, improved technology / software requirements or if the function has not been audited for a substantial period of time due to it being considered of lower risk historically.

 

The Committee was made aware that the Internal Audit Manager had continually risk assessed the progress of the plan against the level of resource available throughout the year to determine whether a measured annual assurance opinion could be provided based on the level of work completed. A determination had then made as to whether audit days needed to be procured to support the delivery of the plan.

 

Members heard that in order to provide the Head of Internal Audit’s Annual Opinion at the June 2025 Audit Committee, it was important that the following audits were completed as they formed part of the Council’s key systems. Those audits were Procurement, Housing Repairs and Maintenance, Accounts Receivable, Payroll and Health & Safety. All were currently in fieldwork and close to completion.

 

Quality Assurance – The Internal Audit function issued satisfaction surveys for each audit completed. All satisfaction surveys were yet to be returned from the four audits completed in this period.

 

Resourcing
Internal Audit currently had an establishment of 4 fte posts with access to a third-party provider of Internal Audit Services for specialist audit days as and when required. There was currently an Audit Technician post vacant.

 

Outcomes of Internal Audit Work

The Public Sector Internal Audit Standards required the Internal Audit manager to report to the Audit Committee on significant risk exposures and control issues. Since the last report four audits had been completed and the final report issued.

 

 

Assurance	Colour	Number this Period	Total for 2023/24 Plan
Substantial		2	4
Adequate		2	13
Required Improvement		0	1
Significant Improvement Required		0	0
No Opinion Required		0	2	Two consultive engagement in 2025/26 to date

 

For the purpose of the colour coding approach, both the substantial and adequate opinions were shown in green as both were within acceptable tolerances.

 

There were no issues arising from the audits completed in the period under review as none had received an ‘Improvement Required’ opinion that required reporting to Committee.

 

Management Response to Internal Audit Findings – There were processes in place to track the action taken regarding findings raised in Internal Audit reports and to seek assurance that appropriate corrective action had been taken. Where appropriate follow up audits had been arranged to revisit significant issues identified after an appropriate time.

 

The number of high severity issues outstanding was as follows:-

 

Overdue more than 3 months	4	Long term actions reported to the Audit Committee periodically (Appendix B)
Overdue less than 3 months	0
Not due yet	0

 

Update on previous significant issues reported:-

 

All previously significant issues were now provided within Appendix B of this report.

 

Development of the Audit Plan

 

The Committee heard that the Internal Audit Plan had been produced taking into account the requirements as set out in the Global Internal Audit Standards and the current Internal Audit Charter. The Internal Audit Team continued to aspire to add value by targeting particular areas of the Council that could benefit from an independent review of processes and procedures to determine potential efficiency gains, improved technology / software requirements or changed through new innovative ways of working.

 

Risk Management was also an aspect that required consideration when developing an audit plan. Although risk registers were considered as part of this process, leadership, managers and officers considered risk every day in the work they did, therefore interviews with Officers at all levels were key when reviewing whether risks were considered in decision making.

 

Risk was defined as 'the possibility of an event occurring that will have an impact on the achievement of objectives’. Therefore, risk could have a positive and negative aspect, so as well as managing things that could have had an adverse impact (downside risk) it was also important to look at potential benefits (upside risk). All audits would look at adverse impact and potential opportunities and all significant areas were reported to the Audit Committee periodically.

 

Discussions had been held with Management Team members individually and collectively. The feedback from Management Team had been taken into account and incorporated within the plan presented to the Committee. The Committee now had the opportunity to input into the draft plan provided.

 

Other factors also considered when developing the plan were:-

·         The risk maturity of the organisation;

·         The need to use specialists e.g. IT Auditors

·         Contingency time to undertake ad-hoc reviews and fraud investigations; and

·         Having the right balance of different reviews e.g. Systems and risk-based versus added value and consultative assessments

 

 

Internal Audit Resource Requirements

 

The establishment for the Internal Audit function was currently four full-time equivalents (fte). The team currently held a vacancy for a full-time Audit Technician post.

 

The Committee was informed that the proposed plan had been developed based on the current resource available as well as consideration to the continued oversight of the Fraud and Compliance team. The number of audit days proposed was 400 per year. The plan had been created with the following in mind:-

 

·         A leaner more practical audit plan had been developed using a risk-based approach, knowledge of all operational processes within service areas, historical assurance opinions and an understanding of where procedural changes had occurred around the Council.

 

·         A hybrid structure of both internal and external resource had provided additional resilience within the team as well as different experience, skills transfer for more junior staff and access to a hub of audit resource. The combination of staff between Internal Audit and Fraud and Compliance had added an extra level of resilience and allowed both teams to share knowledge and skills in different areas.

 

·         Emphasis on adding value in delivering objectives by providing more consultative work and advice on upcoming initiatives, projects, programmes and emerging risks.

 

Internal Audit Operational Plan Detail

 

The plan provided an outline of the work currently proposed to be undertaken during the 2025/26 financial year. In order to continue to provide a proactive and flexible approach, the plan should be considered indicative of the work currently intended. The Internal Audit Plan needed to be flexible to ensure that Internal Audit resources were directed where they were most needed, and added as much value as possible to the organisation.

 

The plan would be kept under review during the year, in consultation with the Council’s senior management, and taking account of changes to the Council’s priorities, operations and risk. Changes to the plan would be brought to the attention of the Committee for its approval.

 

The plan was considered to be in effect a rolling programme of work, rather than  specific to one year, and audits scheduled, but incomplete at the end of any financial year would roll forwards and would be completed in the new financial year.

 

A detailed breakdown of the Audit Plan was included in Appendix C.

 

As referred to above, mechanisms existed to allow amendments to the plan and if any issues had arisen regarding the risks in the current Corporate Risk Register, or new risks emerge including any identified by the Council’s external auditors, then plan adjustments would be considered.

 

The level and range of coverage was considered sufficient for the Internal Audit Manager to be able to provide an annual opinion on the Council’s assurance framework.

 

After discussion it was moved by Councillor Sudra, seconded by Councillor Fairley and unanimously:-

 

RESOLVED that –

 

(a)  the periodic update and the action tracking report be noted; and

 

(b)  the proposed Internal Audit Strategy and Operational Plan for the 2025/26 financial year be approved.