Agenda item

To provide the Committee with a periodic report on the Internal Audit function for the period July – August 2018 and to propose an updated Internal Audit Charter to be reviewed and approved by the Committee.

REPORT ON INTERNAL AUDIT FOR JULY TO AUGUST 2018 AND INTERNAL AUDIT PLAN PROGRESS 2018/19

The Council’s Acting Audit and Governance Manager (Craig Clawson) provided a periodic report on the Internal Audit function for the period of July to August 2018.

The Acting Audit and Governance Manager informed the Committee five audits had been completed in the period in question of which two had been given Adequate Assurance. Two audits had been rated Substantial Assurance and one audit had been rated Improvement Required. No audits had been rated Significant Improvement Required.

The Committee was informed that the audit completed in the period under review which had received an ‘Improvement Required’ opinion and which therefore required reporting to Members was:-

Development Management -Retention of Funds by Third Party Company (Income Management)

It was reported that the planning portal had recently amended the circumstances relating to payments made by applicants and how they were received by Councils. Those new arrangements allowed the company administering the planning portal to keep the monies paid; take their £20 charge per application and then transfer the funds to the Council in one BACS payment. This created a risk because customer monies were retained by a third party, which if they were to become insolvent the money would be lost and the Council would still have an obligation to honour the application without ever having received the money. There was also an increased risk of fraud from outside of the Council. This was a national issue as the planning portal was used by the majority of district and borough councils across the country.

The Committee was informed that the agreed action was for the service to explore whether the planning portal could revert to the previous process of allowing the payments to be sent directly to the Council and the Council then paid back the commission owed to the planning portal supplier. If this was not an option then it had been recommended that a portal be created ‘in-house’ in order to allow applications to be processed via the Council’s own website.

Members were aware thatthe Internal Audit function issued satisfaction surveys for each audit completed. In the period under review 100% of the responses received had indicated that the auditee was satisfied with the audit work undertaken.

The Committee was reminded that at its previous meeting there had been two significant issues reported. One related to Payment Card Industry Data Security Standard (PCI DSS) compliance which had been addressed in this report. The second related to a Health and Safety programme of works. That action was not due yet. However, the Fraud and Risk Manager had reported that her team was currently working on creating that programme of works for the Health and Safety Officer to work to and to pro-actively plan ahead.

The Acting Audit and Governance Manager also informed the Committee of the current position in relation to the following continuous or consultative audits:

(i)         Office Transformation Programme;

(ii)        Digital Transformation Programme;

(iii)       Project Management; and

(iv)      PCI DSS.

INTERNAL AUDIT CHARTER

The Committee was reminded that the Public Sector Internal Audit Standards required the Council’s Internal Audit Charter to be a formal document that: -

·      Defined the Internal Audit activity’s mission, purpose, authority and responsibility;

·      Established the Internal Audit activity’s position within the organisation including the nature of the “Chief Audit Executive’s” (i.e. the Audit and Governance Manager’s) functional reporting relationship with the Board (i.e. the Audit Committee);

·      Authorised access to records, personnel and physical properties relevant to the performance of engagements;

·      Defined the scope of Internal Audit activities;

·      Defined the terms “Board” and “Senior Management” for the purpose of Internal Audit activity;

·      Covered the arrangements for appropriate resourcing;

·      Defined the role of Internal Audit regarding fraud-related work; and

·      Included arrangements for avoiding conflicts of interest if Internal Audit undertook any non-audit activities.

Members were informed that the Internal Audit Charter had been updated to reflect the current working arrangements of the Internal Audit function. The key principles of the Charter remained as they had been as they were the foundations of all Internal Audit activity. However, there had been some changes made where areas had been expanded further in order to explain ways of working and some elements had been removed to provide a leaner audit charter that reflected the current structure of the function.

The aesthetics of the Charter had also been updated to provide a consistent design in line with all other Internal Audit Reports. The amended Internal Audit Charter was set out in Appendix B to the report.

EXTERNAL QUALITY ASSESSMENT (EQA) UPDATE

It was reported that there was only one issue outstanding from the EQA undertaken by an approved assessor and previously reported in full to the Committee and this was due to be completed by December 2018. That issue had related to a consistent approach to risk management to be followed by all departments as well as Internal Audit. This was being addressed as part of the Risk Management review within the annual audit plan in order to develop a risk framework that all service areas and Internal Audit could use as a consistent basis for assessing risk.

It was moved by Councillor Scott, seconded by Councillor Alexander and RESOLVED that –

(a)    the contents of the periodic report be noted; and

(b)     the amended Internal Audit Charter, as set out as the Appendix to the Report of the Acting Audit and Governance Manager, be approved.