Agenda item

To provide a periodic report on the Internal Audit function for the period March 2019 to June 2019 and the Acting Audit and Governance Manager’s Annual Report for 2018/19 as required by the professional standards.

 

There was submitted a report by the Council’s Acting Audit and Governance Manager (Craig Clawson) (report A.1) which provided a periodic update on the Internal Audit function for the period March 2019 to June 2019, together with his Annual Report for 2018/19 as required by the Public Sector Internal Audit Standards (PSIAS). The report A.1 was split into four sections as follows:-

 

(1)       Internal Audit Plan Progress 2018/19;

(2)       Annual Report of the Acting Audit and Governance Manager;

(3)       Internal Audit Plan Progress 2019/20; and

(4)       Internal Audit Charter.

 

(1)       INTERNAL AUDIT PLAN PROGRESS 2018/19

 

It was reported that a total of nine audits had been completed in the March 2019 to June 2019 period. As at 31 March 2019, 87% of the audit plan had been completed. The Internal Audit Plan was a rolling programme and there was always an expectation for some audit reviews to progress into the next financial year. However, resourcing issues had challenged the team’s capacity to deliver a higher percentage of the plan by 31^st March 2019.

 

The Committee was informed that, as at the 30 June 2019, 97% of the plan had been completed. Only two audits remained outstanding, with the majority of fieldwork on those completed. The audits still in progress were Housing Repairs and Maintenance and Housing Allocations. With the addition of an external resource the team had been able to catch up with the audits from the 2018/19 whilst the external contractor commissioned on a daily rate completed some of the 2019/20 audits.

 

Members were reminded that the PSIAS required an audit opinion on Risk Management and therefore a corporate review of the Council’s risk management arrangements had been undertaken during the year and was ongoing. Senior Management continued to monitor strategic risks on a regular basis with the Audit Committee’s input throughout the year. This assurance allowed Internal Audit to work with Senior Management and the Council’s Fraud and Risk Manager to concentrate on reviewing the overall risk appetite of the Council and to support implementation of departmental risk management at an operational level.

 

Quality Assurance

 

The Internal Audit function had issued satisfaction surveys for each audit completed. In the period under review 100% of the responses received had indicated that the auditee was satisfied with the audit work undertaken.

 

Resourcing

 

As previously reported, the Internal Audit Team had been operating with reduced capacity due to one Officer being on long term sick leave and another on maternity leave. The capacity of the Internal Audit Team was currently 2 FTE with an apprentice supporting where she could. The Audit Committee had previously suggested that Officers explore the use of an external contractor or employ a temporary agency Auditor for a fixed term.

 

The Committee was informed that Officers had explored both scenarios and had decided that the best way forward was to utilise a framework set up by Croydon London Borough Council in partnership with a professional services company, Mazars LLP. This Council had commissioned work from Mazars to support the team in delivering a number of audits within the 2019/20 Internal Audit Plan.

 

Members were also made aware that the Internal Audit team was also currently being restructured. The consultation period for all Officers within the team had now passed. This would allow the Council to recruit to a vacant Auditor post and to bring the establishment back to around 80% capacity.

 

Outcomes of Internal Audit Work

 

The standards required the Acting Audit and Governance Manager to report to the Audit Committee on significant risk exposures and control issues. Since the last periodic report nine audits had been completed and the final report issued. Of those nine completed audits, one had received a ‘Substantial Assurance’ audit opinion and six had received an ‘Adequate Assurance’ audit opinion. One audit had not required an opinion to be issued and the remaining audit had received an ‘Improvement Required’ audit opinion. That audit had been the one undertaken in relation to Inventory Management / Stock Control management processes across the Council.

 

This had never been done before on a Council wide basis. However, in 2018/19 it had been decided to undertake an arm’s length audit to review processes only without detailed testing to identify any inconsistencies and add value by promoting good practice across all departments. A good practice guide had subsequently been developed which would be distributed to all relevant areas of the Council and would be available on the Intranet. Unfortunately, there had been a significant issue identified with required management actions relating to more than one department which was that some departments had a rudimentary stock control system or did not have a working inventory stock control system in place. The required actions were:-

 

• To use the generic inventory management spreadsheets provided by Internal Audit or procure a bespoke inventory control system that works more flexibly with the service need; and

 

• Heads of Service with stocks and stores to review the best practice guide and distribute to their relevant Officers.

 

Management Response to Internal Audit Findings

 

There were processes in place to track the action taken regarding findings raised in Internal Audit reports and to seek assurance that appropriate corrective action had been taken. There were no high severity issues currently outstanding.

 

Update on previous significant issues reported

 

Facilities Management (FM)

 

• A fire evacuation testing process is to be introduced that adheres to Health and Safety regulations while considering the sensitivity of the services provided to the public. Liaise with Health and Safety to establish an acceptable approach.

 

Although there were no significant actions outstanding in this period Members were made aware that the issue reported above regarding fire evacuation testing at the Crematorium at Weeley had now been resolved. The crematorium now had a fire evacuation plan in place that had been reviewed and approved by the Council’s Health and Safety Team.

 

(2)       ANNUAL AUDIT REPORT OF THE ACTING AUDIT AND GOVERNANCE MANAGER

 

The Committee was aware that there was a requirement under PSIAS 2450 that the Chief Audit Executive must provide an annual report to the Audit Committee, timed to support the Annual Governance Statement. This must include:

 

·           an annual internal audit opinion on the overall adequacy and effectiveness of the organisation’s governance, risk and control framework (i.e. the control environment);

·           a summary of the audit work from which the opinion was derived (including reliance placed on work by other assurance bodies); and

·           a statement on conformance with the PSIAS and the results of the internal audit Quality Assurance and Improvement Programme.

 

Members were reminded that an unqualified opinion of adequate assurance had been provided in 2017/18 due to the control improvements implemented by departments.  So far to date all significant issues identified within the 2018/19 financial year had been addressed and mitigated.  The immediate corrective actions by operational teams had provided assurance that the control environment was being monitored and direct action taken when significant issues had been identified.

 

Internal Audit continued to work with services on a consultancy basis to support the implementation of new processes, identify and analyse route cause if necessary and ensure that all relevant employees had the appropriate training to competently carry out their role.  Transformation, Project Management, Risk Management and Financial Resilience were some of the areas where this type of work had been undertaken and continued to collaborate resources.

 

In 2018/19 to date, only three audits from a total of 33 undertaken had received an overall audit opinion of “Improvement Required” where high severity issues had been identified. Those audits were Development Management, Facilities Management and Inventory Control. All significant issues were reported to the Audit Committee with required improvement actions throughout the year in order to provide a continuous update on the Council’s control environment, governance arrangements, material issues identified and improvement actions.

 

The Committee was informed that the overall direction of travel regarding the internal control environment since 2017/18 had not changed. In some areas it had weakened and in others it had improved; however, as the majority of audits in 2018/19 had continued to receive an adequate or substantial assurance opinion it was reasonable to suggest that there had not been a considerable deterioration in internal control and operational processes within the year.

 

It was reported that governance arrangements and internal controls had been evaluated in all audits within the plan, albeit with varying levels of scope. Consultancy work was continuing in respect of risk management, working with the Fraud and Risk Manager to improve processes at a departmental level. Senior Management continued to review strategic risks on a regular basis within Management Team and the Corporate Risk Register was reviewed bi-annually with any feedback reported to Management Team for their consideration.

 

Members were made aware that the opinion of the Acting Audit and Governance Manager was drawn from all of the information reported above, external reviews carried out throughout the year from other assurance providers and through the ongoing work in supporting Senior Management and Services in delivering the Council’s objectives and vision.

 

The Internal Audit function was expected to commission an independent assessment on compliance with the PSIAS that had been set by the Institute of Internal Auditors and adopted by the Chartered Institute of Public Finance and Accountancy every five years. Internal Audit had received such an independent report in 2017/18 which had concluded that there was conformance with the standards. Although this assessment was undertaken, the Internal Audit function was also obliged to complete an annual Quality Assurance and Improvement Programme which was a self-assessment questionnaire against the PSIAS. Work remained on-going in respect of this year’s assessment with the final position planned to be reported to the September 2019 meeting of the Committee.

 

It was considered that the internal control environment continued to remain stable with no significant changes from 2017/18, an open dialogue with Senior Management on risk remained in place and a generally sound system of internal control had been assessed across the majority of the Council’s operational areas. Therefore, an overall unqualified opinion of Adequate Assurance could be provided.

 

(3)       INTERNAL AUDIT PLAN PROGRESS 2019/20

 

It was reported that a total of 14 audits from the 2018/19 Internal Audit Plan had been allocated, were in progress or fieldwork had been completed. Final Reports were yet to be sent out for Quarter One audits in 2019/20. Appendix B to the report provided an update on the status of each audit to date within the 2019/20 Internal Audit Plan. There were no significant issues or particular areas of concern to report at this time and a further update on progress against the 2019/20 Internal Audit Plan would be presented to the Committee in September 2019.

 

Members were informed that Internal Audit were working a lot more on a consultative basis with services to ensure internal control and governance arrangements were incorporated as an integral part of a project, system implementation or when re-engineering a process. This had helped build better working relationships with departments as it added value early on in a process rather than after the event. Therefore Internal Audit would undertake more reviews in this capacity within the 2019/20 financial year.

 

(4)       INTERNAL AUDIT CHARTER

 

Members were made aware that a requirement of the PSIAS was for the Audit Committee to review and approve the Internal Audit Charter on an annual basis. The Internal Audit Charter defined the purpose, authority and responsibility of the Internal Audit function within the Council and set out the principles which the Internal Audit function must adhere to.

 

The Committee was informed that the Charter had last been updated and approved in September 2018. Although it was less than a year since its last review, it was felt that with a number of new members on the Committee it would be of benefit to review the Internal Audit Charter at this meeting. A copy of the Internal Audit Charter was before Members as Appendix C to the report.

The Council’s Head of Finance, Revenues and Benefits (Richard Barrett) referred to the restructuring of the Internal Audit section and informed the Committee that Craig Clawson had been appointed to the post of Internal Audit Manager. The duties of that post would include carrying out the statutory roles and functions as the Council’s designated ‘Head of Internal Audit’. 

 

Having considered and discussed the contents of the Acting Audit and Governance Manager’s report and its appendices it was:-

 

RESOLVED that –

 

(a)    the contents of the report and its appendices be noted; and

 

(b)    consideration of the Internal Audit Charter be deferred until the September 2019 meeting of the Committee when it is due for its annual review.