To provide a periodic report on the Internal Audit function for the period March 2020 – June 2020 and the Internal Audit Managers Annual Report for 2019/20 as required by the professional standards.
The Committee had before it a report submitted by the Council’s Internal Audit Manager (A.1) which provided a periodic update on the Internal Audit function for the period March to June 2020 as well as the Internal Audit Manager’s Annual Report for 2019/20. That report was split into three sections as follows:-
(1) Internal Audit Plan Progress 2019/20;
(2) Annual Report of Internal Audit Manager; and
(3) Internal Audit Plan Progress 2020/21.
(1) Internal Audit Plan Progress 2019/20
The Committee was informed that the 2019/20 Internal Audit Plan had been completed with the exception of three audits which had been deferred to the 2020/21 Internal Audit Plan. It had been agreed previously to defer both the North Essex Garden Communities and the Financial Resilience Audits to the 2020/21 Audit Plan and the Health and Safety service review had had to be stopped during fieldwork due to the impact of COVID-19 on that service.
All further audits completed during March 2020 to June 2020 had received satisfactory assurance opinions with no significant issues being identified.
Members were reminded that an update was usually provided to the Committee on the continuous and consultative work undertaken by the Internal Audit Team in order to ensure that the Committee was aware of service area supportive work that was not measured in the same way as a standard Internal Audit. Unfortunately, due to the impact of COVID-19 the Internal Audit Team had been unable to provide the same level of support to the transformation programme and the digital transformation programme due to other emergency planning priorities across the District.
However, an update could be provided on the Northbourne Depot Security Review. The Corporate Director responsible for the Northbourne Depot had provided the following update:
· the locks on the compound area had been changed with access limited to specific Officers;
· the CCTV System had been fully upgraded;
· an electronic gate had been installed on the front entrance to the Depot which required fob access and was locked in the evenings and at weekends;
· the job scheduling system was currently being implemented.
The Committee was advised that Internal Audit were supporting the service on the implementation of the job scheduling system. This was a staged process which would potentially benefit other service areas such as Horticultural Services and Facilities Management in the long term if it was implemented effectively.
Members were aware that the Internal Audit function issued satisfaction surveys for each audit completed. In the period under review 100% of the responses received had indicated that the auditee had been satisfied with the audit work undertaken.
It was reported that the Internal Audit section was currently working with an establishment of 3 ‘Full Time Equivalents with access to a third party provider of internal audit services for specialist audit days as and when required. Due to COVID-19 all recruitment had been put on hold and Officers had therefore had not been in a position to continue with the recruitment process of a new Apprentice to the section. However, the recruitment process had recently re-started and it was expected that an Apprentice would be appointed shortly.
From March 2020 until July 2020 no Internal Audits had been undertaken as every service area across the Council had had to adapt to the changes required by their service due to the global pandemic. In order to support the Council and the emergencies it faced, the Internal Audit Team had offered up resources to tackle the emerging challenges. The Internal Audit Manager had been a part of the Silver Command Team within the Council’s Emergency Planning function as the information and communication lead. In addition, two Auditors had assisted the support hubs by taking phone calls and ensuring that the most vulnerable persons in the community received food parcels. At the same time the Team had continued to ensure that audits where information was readily available either online or on the network had continued to progress in order to ensure that the Team did not fall too far behind on the audit plan.
Outcomes of Internal Audit Work
The Public Sector Internal Audit Standards (PSIAS) required the Internal Audit Manager to report to the Committee on significant risk exposures and control issues. Since the last such report five audits had been completed and the final report issued. One audit had received a ‘Substantial Assurance’ audit opinion and the other four had received an ‘Adequate Assurance’ audit opinion.
Management Response to Internal Audit Findings
Members were aware that there were processes in place to track the action taken regarding findings raised in Internal Audit reports and to seek assurance that appropriate corrective action had been taken. Where appropriate, follow up audits had been arranged to revisit significant issues identified after an appropriate time. There were five high severity issues overdue (by less than three months) which all related to either Planning Enforcement or Housing Allocations.
Update on previous significant issues reported
The Committee recalled that this service had previously stated that they were awaiting the approval for a new Housing Allocations System to be implemented as the previous Northgate module was no longer fit for purpose. An update had been provided by that service which stated that a new system was currently at a testing phase with a ‘soft’ implementation date in November 2020. Internal Audit would review the implementation process as part of the Housing Allocations ‘Follow-Up’ Audit.
An update had been provided by the Assistant Director (Planning). Some work had begun to implement the changes required for Planning Enforcement; however, due to the impact of COVID-19 they had not been able to fully implement all agreed actions because the work was being led by the Council’s Corporate Enforcement Group which had only met for the first time in August 2020 since lockdown in March 2020.
It was also reported that work on the Planning Enforcement Policy was still ongoing but use of the Planning System was now expected for all complaints and HARM assessments were also expected to be completed for every review. All of which would be assessed fully as part of the Planning Enforcement ‘Follow-Up’ Audit.
(2) Annual Report of the Internal Audit Manager
The Committee was aware that there was a requirement under PSIAS 2450 that the Chief Audit Executive must provide an annual report to the Audit Committee, timed to support the Annual Governance Statement. This must include:
· an annual internal audit opinion on the overall adequacy and effectiveness of the organisation’s governance, risk and control framework (i.e. the control environment);
· a summary of the audit work from which the opinion was derived (including reliance placed on work by other assurance bodies); and
· a statement on conformance with the PSIAS and the results of the internal audit Quality Assurance and Improvement Programme.
Members were made aware that the Council had adopted a ‘Three Lines of Defence’ assurance model which was taken from the following sources:
1. Senior Management and Departmental Leadership;
2. Internal Governance; and
3. An Internal Audit function operating in accordance with the Accounts and Audit Regulations 2015.
Internal Audit Approach
The Internal Audit function undertook a programme of audits each year in order to provide the Council and its Audit Committee with an assurance on the adequacy of its system of internal control, governance and risk management arrangements. The audit programme had been developed to be risk based and comprised of different audit techniques in order to make it leaner and more supportive of service delivery to meet the Council’s needs.
Internal Audit had continued to work with services on a consultancy basis in order to support the implementation of new processes, identify and analyse route cause if necessary and ensure that all relevant employees had the appropriate training to competently carry out their role. Transformation, Project Management, Procurement and Risk Management were some of the areas where this type of work had been undertaken.
In 2019/20 to date, only three audits from a total of 34 undertaken had received an overall audit opinion of “Improvement Required” where high severity issues had been identified. Those audits were Planning Enforcement, Housing Repairs and Maintenance and Housing Allocations. Improvement actions had been put in place for all of the above audits which were followed up in order to assess the progress of implementation. All significant issues were reported to the Audit Committee with required improvement actions throughout the year in order to provide a continuous update on the Council’s control environment, governance arrangements, material issues identified and improvement actions.
Annual Opinion 2019/20
The Committee was advised that the assurance opinion was based on:
· Internal Audit work completed during the course of the year;
· observations from consultancy/ advisory support;
· results of any follow up exercises undertaken in respect of previous years’ internal audit work;
· a review of assurance from other providers including those from first and second lines of defence, independent regulators and peer reviews;
· the extent of resources available to deliver the internal audit work; and
· the quality and performance of the Internal Audit service and the extent of compliance with the Public Sector Internal Audit Standards.
Limitations to the Annual Opinion
As the COVID-19 pandemic had forced a national lockdown in March 2020 and as a result forced the Council into remote working and in some areas a complete halt on service provision other than emergency work, it had become particularly challenging to complete outstanding audits. However, with the exception of one core audit (Health and Safety), fieldwork had been completed on all other audits within the audit plan. Health and Safety priorities had naturally shifted in March 2020 which meant that their workload had increased dramatically. Therefore a decision had been taken to suspend work on that audit in order to support the Health and Safety Team during the lockdown period.
It was the opinion of the Internal Audit Manager that the overall direction of travel regarding the internal control environment since 2018/19 had improved in core areas such as the Council’s key systems. However, there were some service areas that required further improvement and others where the expected controls and risk mitigation had not been implemented as expected. Nevertheless, as the majority of audits in 2019/20 had continued to receive an adequate or substantial assurance opinion it was reasonable to suggest that there had not been a considerable deterioration in internal control and operational processes within the year.
Governance arrangements and internal controls had been evaluated in all audits within the plan, albeit with varying levels of scope. Senior Management continued to review strategic risks on a regular basis within Management Team and the Corporate Risk Register was reviewed bi-annually with any feedback reported to Management Team for its consideration.
As the majority of the year had been unaffected by the COVID-19 pandemic the annual opinion would reflect normal operations. However, governance arrangements and key systems would need to be reviewed for the period from March 2020 in order to provide assurance that good governance and control remained strong in light of the procedural changes across all service areas.
Members were reminded that the opinion of the Internal Audit Manager was drawn from all of the information reported above, external reviews carried out throughout the year from other assurance providers and through the ongoing work in supporting Senior Management and Services in delivering the Council’s objectives and vision.
The Committee was further informed that the Internal Audit function was expected to commission an independent assessment on compliance with the Public Sector Internal Audit Standards that had been set by the Institute of Internal Auditors (IIA) and adopted by the Chartered Institute of Public Finance and Accountancy (CIPFA) every five years. Internal Audit had received an independent report in 2017/18 which had confirmed conformance with the standards. Although this assessment was undertaken, the Internal Audit function must continue to complete an annual Quality Assurance and Improvement Programme (QAIP) which was a self-assessment questionnaire against the PSIAS. A QAIP had been completed and presented to the Audit Committee at is meeting in January 2020.
The Internal Audit Manager was satisfied that sufficient work had been completed in 2019/20 in order to draw a reasonable conclusion on the adequacy and effectiveness of the Council’s activities. The internal control environment continued to remain stable with no significant changes from 2018/19; an open dialogue with Senior Management on risk remained in place and a generally sound system of internal control had been assessed across the majority of the Council’s operational areas. Therefore, an overall unqualified opinion of Adequate Assurance could be provided.
Internal Audit Plan Progress 2020/21
It was reported that a total of 17 audits from the 2020/21 Internal Audit Plan had been either allocated; were in progress; or fieldwork had been completed. Four Audits had been completed with no significant issues identified.
Members were informed that Internal Audit had been working closely with services to maintain a control environment whilst moving to fully electronic service provision across the Council. The Team had also been supporting some departments with the implementation of new systems and supporting the Emergency Planning function wherever possible.
From July 2020, Internal Audit had been able to progress further with audits allocated within the Internal Audit Plan as services were now adapting to the ‘new normal’.
Due to the impacts of COVID-19 the Internal Audit Manager proposed that some changes be made to the Internal Audit Plan in order to incorporate risk areas that had emerged. Some areas that he wanted to add to the audit plan for consideration were as follows;
· Fraud and Corruption
· Change Management
· Financial Strategy and Resilience
· The impact on governance arrangements due to COVID-19
The Committee was aware that work on the above areas would, of course, add additional pressure to the current resources available and it was therefore proposed to use external Internal Audit provision to support the In-House Team in completing the audits within the current plan and to free up resources to undertake work on the additional audits required.
Furthermore, some work had begun on the Carbon Neutrality audit with initial assessments indicating that it might be worth waiting until 2021/22 in order to allow work to begin on the agreed action plan for the Council. This would then free up a further 10 resource days for the Internal Audit Team to use for the additional audit reviews proposed.
Appendix B to the Internal Audit Manager’s report provided an update on the status of each audit to date. There were no significant issues or particular areas of concern to report at this time.
Having considered and discussed the contents of the Internal Audit Manager’s report and its appendices it was:-
RESOLVED that –
(a) the contents of the report be noted; and
(b) the additional proposed audits be included within the 2020/21 Internal Audit Plan.