Agenda item

Report of Audit and Governance Manager - A.1 - Report on Internal Audit - March - May 2017 and Annual Report of the Audit And Governance Manager 2016/17

To provide a periodic report on the Internal Audit function for March to May 2017 and the Audit and Governance Manager’s Annual Report for 2016/17, as required by professional standards.

Minutes:

REPORT ON INTERNAL AUDIT FOR MARCH TO MAY 2017

 

The Council’s Audit and Governance Manager (Steve Blake) provided a periodic report on the Internal Audit function for the period of March to May 2017.

 

The Audit and Governance informed the Committee that 98% of the 2016/17 Internal Audit Plan had been completed by the time of production of this report, with all key systems audits complete or at draft report stage. Eleven audits had been completed in the quarter of which eight had been given either Substantial or Adequate Assurance. Three audits had been rated Improvement Required and no audits had been rated Significant Improvement Required.

 

It was reported that an annual self-assessment against the Public Sector Internal Audit Standards had identified a small number of outstanding compliance issues to be addressed during 2017/18 alongside the changes arising from the introduction of revised Standards from April 2017.

 

The Audit and Governance Manager also informed the Committee of the current position in relation to:

 

(i)      Public Sector Internal Audit Standards;

(ii)     Standard 2060 Reporting to Senior Management and the Board;

(iii)    Internal Audit Plan 2016/17 Progress;

(iv)   Internal Audit Plan 2017/18 Progress;

(v)    Independence of the Internal Audit Activity;

(vi)   Outcomes of Internal Audit Work;

(vii)  Sundry Debtors;

(viii) Risk Management;

(ix)   Uniform Application Review;

(x)    Management response to Risk;

(xi)   Management response to Internal Audit Reports; and

(xii)  Quality Assurance.

 

ANNUAL REPORT OF THE AUDIT AND GOVERNANCE MANAGER 2015/16

 

(1)        Opinion on the Overall Adequacy and Effectiveness of the Council’s Internal         Control Environment

 

The Audit and Governance Manager informed Members that the Internal Audit function had completed 37 scheduled audits during the year, and a further 10 2016/17 audits had been completed by May 2017.  For the audits that had been completed, assurance had been classified as:-

 

Assurance

        Number of Audits

Substantial

15

Adequate

24

Improvement Required

8

Significant Improvement Required

0

 

The Audit and Governance Manager informed the Committee that the result of each audit completed had been included in periodic reports produced during the year, and the Committee’s attention had been drawn to any significant issues where the level of Assurance had been classified as Improvement Required. Whilst there had been audits during the year given this level of Assurance, the number at this level was low, however those audits had included some weaknesses relating to key systems in use across the Council therefore giving a wider risk exposure. No audits had come close to being classified Significant Improvement Required.

 

Taking account of the above and, where appropriate, reviews by other assurance providers, whilst the governance arrangements were generally found to be sound and fit for purpose, the wider risk exposure linked to some of the significant issues reported had resulted in it only being possible to give a qualified assurance.

 

(2)        Qualification to the Opinion

 

It was reported that the opinion that had been given above had been based upon the level of Internal Audit activity that it had been proved possible to deliver with the resources available during the year.  It had not been possible to fully complete the planned work during the year as detailed elsewhere in this report, although all key audits had been undertaken or were in progress at the year end.  In forming an opinion the audit outcomes identified, but not reported until the 2017/18 plan year had been taken into account. The level of coverage achieved was considered sufficient to be able to provide the assurance required.

 

(3)          Summary of the Internal Audit Work Undertaken to Formulate the Opinion,                                    and Reliance Placed on the Work by Other Assurance Bodies

 

In accordance with best practice and the requirements of the Public Sector Internal Audit Standards, the 2016/17 plan had included arrangements for the follow up of issues found at previous audits. This had taken the form of: -

 

·                     Separate follow up audits and embedded follow up work within assurance audits.In those cases any ongoing outstanding issues were formally reported to management, with any significant issues drawn to the attention of the Committee.

·                     Action Tracking – monthly reminders had been issued, and responses verified by evidence where it was appropriate to do so.   

 

A schedule of the audits undertaken during 2016/17 was included at Appendix B of the Report of the Audit and Governance Manager.

 

Upon completion of each audit a draft report was issued to the appropriate Corporate Director / Head of Department, containing details of any findings required addressing that which had been identified. Subsequent discussions had been held with appropriate Senior Managers and final reports were then issued, which included detail of agreed actions to resolve the issues identified. There were no instances, for the reports issued during 2016/17, or subsequently to date, where a satisfactory action had not been identified and agreed.

 

(4)          Issues relevant to the preparation of the Annual Governance Statement

 

The overall opinion given in this report was relevant to the Annual Governance Statement, as was the need to highlight the issues raised in audits on Sundry Debtors, Procurement, Section 106 Agreements, Housing Allocations, Risk Management, Payroll and Human Resources Computer Application Review, and Uniform Computer Application Review all of which had been given an assurance rating of Improvement Required.

 

(5)        Performance of the Internal Audit Function

 

The performance measures used during 2016/17 were as follows: -

 

Performance Measure

Actual 2016/17

Actual 2015/16

Actual 2014/15

Actual 2013/14

Actual 2012/13

Percentage of Audit Plan Completed

86% *

79%

71%

94%

91%

Percentage of Satisfactory Responses to Satisfaction Surveys Issued with Final Audit Reports

100%

96%

96%

100%

96%

 

*At the time of producing this report 98% of the 2016/17 plan had been completed.

 

(6)          Independence of the Internal Audit Activity

 

The Internal Audit function had maintained an independent role during the year, compliant with the requirements of the Public Sector Internal Audit Standards. Effective arrangements as detailed below were in place to maintain independence taking into account the Audit and Governance Manager’s other corporate responsibilities. Effective mechanisms were in place to ensure that any other conflicts of interest within the team were identified and addressed on an audit by audit basis, with no instances where there was considered to be any impairment to independence or objectivity.

 

(7)        Compliance with the Public Sector Internal Audit Standards

 

The Public Sector Internal Audit Standards had been in place from 1April 2013 and updated in 2016 and 2017. Progress updates had been periodically reported to the Committee, on the work being undertaken to demonstrate conformance with the requirements of the Standards. Since their introduction alternate solutions had been agreed by the Audit Committee regarding the following standards:-

 

1110 Organisational Independence

 

The standards required specific input from the Chief Executive and the Chairman of the Audit Committee regarding the Audit and Governance Manager’s performance appraisal. Alternate arrangements that enabled both to comment on the performance of the Audit and Governance Manager at any time, rather than through the formal appraisal process, had been agreed.

 

1130 Impairment to Independence or Objectivity

 

The Audit and Governance Manager had during 2016/17 operational responsibilities regarding Corporate Governance and Risk Management in addition to his Internal Audit duties. The standards identified that audits of activities where such a conflict of interest arose should be overseen by someone outside of Internal Audit. As there were practical issues identifying suitable staff external to the Internal Audit function who did not have a conflict of interest, the alternate arrangement agreed was for the Principal Auditor to undertake the Audit and Governance Manager’s role for such audits, with the latter’s role in the audit being solely that of auditee. This avoided any conflict of interest and ensured that those audits had been managed by a member of staff with Internal Audit skills and expertise.

 

New Standard 1112 Chief Audit Executive Roles Beyond Internal Auditing applicable from April 2017 provided additional clarification and a requirement to periodically review such arrangements – this would be addressed in a future report to the Committee. 

 

As referred to in the periodic report above, a small number of compliance issues relating to the Standards remained outstanding at 31st March 2017, and were listed at Appendix A. Until the external assessment planned for later in 2017 had been undertaken successfully and any issues identified addressed, the Internal Audit function could not be considered fully compliant with the Standards.

 

Following discussion and questions by Members, it was:

 

RESOLVED that the contents of the report be noted.

Supporting documents: