Consideration was given to a report presented by David Webster, Head of Internal Audit, on the role of Internal Audit, the work completed during the 2021/22 financial year and highlighted the key issues that had arisen. It provided the overall opinion of the Head of Internal Audit on the adequacy of the Council's control environment as well as the performance of the Internal Audit function during 2021/22.
Based upon internal audit work undertaken and taking into account other internal and external assurance processes, it had been possible to complete an assessment of the Council’s overall control environment. In the opinion of the Head of Internal Audit, the Council had overall an adequate and effective framework of governance, risk management and control during 2021/22.
Appendix 1 of the report submitted included:-
· Legislative requirements and Professional Standards
· The Head of Internal Audit’s annual opinion on the control framework, risk management and governance
· Resources and audit coverage during the year
· Summary of audit work undertaken during 2021/22 including both planned and responsive/investigatory work
· Summary of other evidence taken into account for control environment opinion
· Summary of audit opinions and recommendations made
· Internal Audit Performance Indicators
The Head of Internal Audit’s opinion was that there was overall an adequate and effective framework of governance, risk management and control during the majority of the year.
The emergency measures implemented in response to Covid-19 continued during the year. Standards of governance and control were maintained with risk management being utilised to help manage the response.
Internal Audit had not issued any No Assurance audit opinions during the year and had given an opinion of Partial Assurance in 4 areas subject to audit, however, none were considered serious enough for inclusion in the Annual Governance Statement. Action plans had been agreed with management in respect of all final audit reports issues.
During the year, the Audit Team had supported the Finance Department in the processing of Business Support Grant, but this had only totalled 23 days. The unused days were used for investigations, grants and audit work. Overall resource levels provided sufficient capacity to provide an adequate level of assurance and sufficient work was completed to enable the Head of Internal Audit to provide his overall opinion.
Public Sector Internal Audit Standards (PSIAS) required that an assessment of the Internal Audit function must be undertaken annually with an external assessment at least every 5 years; in 2020-21 an external assessment was completed which showed general conformance with the standards. A Quality Assurance and Improvement Programme (QAIP) was put into place during 2021 using the results of the external assessment with the results reported to the Audit Committee in March 2022. 9 of the 11 actions from the external assessment had been implemented along with 3 of the 4 actions from the previous year. An updated QAIP, based on the external assessment, had been produced to maintain and increase the level of conformance within the team.
The Chair queried if Internal Audit worked to external audit standards and if it was a risk if they changed in relation to the identified risk relating to ‘Management introduces new systems / Processes with inadequate controls’. The Head of Internal Audit explained that there was a risk, however, it was unlikely. He had a stable, competent department.
In response, the Head of Internal Audit explained they had engaged the services of another local authority’s ICT Internal Audit team to complete 2 audits during the year due to a lack of that particular expertise within the department.
The Head of Internal Audit explained that the team’s performance against a number of key indicators had been affected by things such as annual leave. Although 3 red recommendations had been made within audits conducted within the Finance and Customer Services Directorate, there were no areas of concern as opinions were provided in relation to each audit. He clarified that planning meetings were held with each Directorate every 6 months, which could trigger more audits in certain areas in comparison with others.
Resolved:- (1) That the Internal Audit work undertaken during the financial year 2021/22 and the key issues that have arisen from it be noted.
(2) That the overall opinion of the Head of Internal Audit on the adequacy and effectiveness of the framework of governance, risk management and control within the Council be noted.