Agenda item

Consideration was given to the Internal Audit Plan for 2025-26 presented by Louise Ivens, Head of Internal Audit.  The report explained Internal Audit’s approach to the development of the Plan, as well as detailing the specific activities Internal Audit planned to review during the year. It reflected a comprehensive risk assessment process including discussions with Strategic Directors and Assistant Directors to obtain their views of key risks and areas for audit coverage.

It was designed to enable the Head of Internal Audit to give their annual opinion at the end of the year on the adequacy and effectiveness of governance, risk management and the control framework.  The Plan would remain flexible and be reviewed during the year to ensure it remained relevant.

In line with auditing standards, the proposed audit plan had been devised adopting a risk based approach using:-

-        The Council’s risk management processes and the strategic and Directorate risk registers

-        Reports by management to the Audit Committee on the management of risks and the outcomes of external inspection reports

-        The results of previous Internal Audit work and ongoing assessment of the auditable entities within the Authority

-        Planned work deferred from 2024-25

-        Council Plan and Year Ahead Delivery Plan

-        Knowledge of existing management and control environments

-        Professional judgement on the risk of fraud or error

-        Consultation with all Directorate Leadership Teams and the Strategic Leadership Team taking into account feedback from Assistant Directors, Strategic Directors, the Monitoring Officer and the Chief Executive

-        Awareness of relevant local and national issues

-        Regular dialogue with authorities within South and West Yorkshire helped to ensure that the Authority was aware of emerging risks within other councils so that they could be considered during audit planning

The outputs from the planning process had been prioritised to produce a plan that balanced the requirement to give an objective and evidence based opinion on aspects of governance, risk management and internal control, the time required for anti-fraud and corruption activity, the requirement for Internal Audit to add value through improving controls and the need to retain a contingency element to remain responsive to emerging risks.

As well as identifying all of the proposed pieces of work to be carried out during the year, the plan also explained the statutory requirements for Internal Audit, described the approach and methodology adopted in producing the plan, showed the level of resources available to deliver the plan (980 days) and included a contingency for responsive work.

In line with auditing standards, the plan did not become fixed once it was approved; it remained flexible and would be revised to take into account any significant emerging risks facing the Authority.  It would be subject to half year review in consultation with Strategic Directors and Assistant Directors.

It was noted that, as in previous years, the technical audits of IT systems would be conducted by Salford City Internal Audit Services who specialised in this field of work.  The Internal Audit Team comprised 7.52 full-time equivalents with 980 days allocated in the plan for 1^st April, 2025 to 31^st March, 2026.  The number of days available had reduced from 2024/25 due to the flexible retirement of one member of the Team (reduction in hours worked).  The plan was considered sufficient to allow the Head of Internal Audit to give the annual opinion at the end of the year.

The Head of Internal Audit was confident that there was sufficient contingency time to add any additional audits if required.  There were time requirements for follow-up audits built into the plan that were only required to be budgeted for the first 6 months of the year.  Any follow-ups required after that would be included in the plan for the next financial year.

The ”very high” priority rated audits were audits that needed to be done within the financial year.  The “high” rated audits were those that the Audit Team would like to do during the year.  All the audits rated as “medium” or “low” were included on a separate list and would be revisited at the 6 monthly period to ascertain if the risk had changed.  The audit planning process included reviewing areas that had not been audited for some time.

Resolved:-  That the Internal Audit Plan for 2025-26 be approved.