Agenda item

Consideration was given to the Internal Audit Plan for 2024-25 presented by Louise Ivens, Head of Internal Audit.  The report explained Internal Audit’s approach to the development of the Plan, as well as detailing the specific activities Internal Audit planned to review during the year. It reflected a comprehensive risk assessment process including discussions with Strategic Directors and Assistant Directors to obtain their views of key risks and areas for audit coverage.

It was designed to enable the Head of Internal Audit to give his annual opinion at the end of the year on the adequacy and effectiveness of governance, risk management and the control framework.  The Plan would remain flexible and reviewed during the year to ensure it remained relevant.

In line with the PSIAS, the proposed audit plan had been devised adopting a risk based approach using:-

-        The Council’s risk management processes and the strategic and Directorate risk registers

-        Reports by management to the Audit Committee on the management of risks and the outcomes of external inspection reports

-        The results of previous Internal Audit work and ongoing assessment of the auditable entities within the Authority

-        Planned work deferred from 2023/24

-        Council Plan and Year Ahead Delivery Plan

-        Knowledge of existing management and control environments

-        Professional judgement on the risk of fraud or error

-        Consultation with all Directorate Leadership Teams and the Strategic Leadership Team taking into account feedback from Assistant Directors, Strategic Directors, the Monitoring Officer and the Chief Executive

-        Awareness of relevant local and national issues

-        Regular dialogue with authorities within South and West Yorkshire helped to ensure that the Authority was aware of emerging risks within other councils so that they could be considered during audit planning

The outputs from the planning process had been prioritised to produce a plan that balanced the requirement to give an objective and evidence based opinion on aspects of governance, risk management and internal control, the time required for anti-fraud and corruption activity, the requirement for Internal Audit to add value through improving controls and the need to retain a contingency element to remain responsive to emerging risks.

In line with auditing standards, the plan did not become fixed once it was approved; it remained flexible and would be revised to take into account any significant emerging risks facing the Authority.  It would be subject to half year review in consultation with Strategic Directors and Assistant Directors.

It was noted that, as in previous years, the technical audits of IT systems would be conducted by Salford City Internal Audit Services who specialised in this field of work.  The Internal Audit Team comprised 7.72 full-time equivalents with 1,005 days allocated in the plan for 1^st April, 2024 to 31^st March, 2025.  The plan was considered sufficient to allow the Head of Internal Audit to give the annual opinion at the end of the year.

It was clarified that in 2023/24 20 days had been included in the Finance and Customer Services Directorate for projects boards/groups but they had now been split out and recorded on separately.  There were a number of audits within the Corporate/Crosscutting audit area that would provide greater assurance across the organisation e.g. cash controls, health and safety, Sundry Debtors.

Previously the policy review was included in “management time” and therefore classed as non-productive.  When the plan was reviewed the policy work had been identified separately in order that progress could be recorded against the plan.

Resolved:-  That the Internal Audit Plan for 2024/25 be approved.