Agenda item

Purpose: This report sets out the proposed plan of work for internal audit over the next three years and outlined the method used to compile the plan, which is based around risk.

The Committee considered a report (Agenda Item 7) which set out the proposed plan of work for internal audit over the next three years and outlined the method used to compile the plan, which was based around risk. The purpose of this report was to set out a risk based plan of work for Internal Audit that would provide assurance to the Governance and Ethics Committee on the operation of the Council’s internal control framework and which would support the Committee’s review of the Annual Governance Statement.

Ian Priestley highlighted the fact that there were a number of changes to the priorities of the team which had been made in response to the reduced level of resource available to the team as follows. 

(1)     The audits of the "Key Financial Systems", in Customer Services and Finance, used to be carried out annually, partly because of the scale and materiality of them and partly as the Council's external auditor relied on the work Internal Audit did on these systems. However, the external auditor no longer required these systems to be audited annually, and so they had been moved over to a cyclical basis. 

(2)     In the past all audits were subject to a follow up audit to measure the extent to which agreed recommendations had been implemented. In future only audits with weak or very weak opinions would always be followed up. Audits with a satisfactory opinion might be followed up if, in the opinion of internal audit or management, the weaknesses identified by the audit warranted a follow up.

(3)     The frequency and depth of audits of schools would be reduced. Over recent years the Finance Service – Schools Accountancy Team - had delivered very effective training and support to schools, that was paid for by schools, and that would compensate for the reduced audit coverage. 

The Public Sector Internal Audit Standards provided the following definition of Internal Audit:

"Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation's operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes".

Internal Audit was there to help Services deliver the Council Strategy by identifying and helping to mitigate weaknesses in service delivery systems and procedures, whilst staying within the statutory framework that governed local authorities. The objectives for Internal Audit were set out in the Audit Charter which formed an appendix to the Terms of Reference of this Committee.

The work programme for Internal Audit for the period 2016-19 was attached at Appendix B. The plan analysed the different areas of Council activity that Internal Audit felt required auditing. The work programme was based on levels of risk. The risk registers were used to inform the level of risk where appropriate and this was supplemented by an audit view of risk.

The work of Internal Audit formed the basis of the opinion given by the Chief Internal Auditor on the Council’s internal control framework. The work of Internal Audit was regulated by the Public Sector Internal Audit Standards. This set out the standards and methods that should be applied in doing the work. At an operational level Internal Audit had a procedure manual that explained in detail how work was delivered. In addition an Audit Protocol was published to all Heads of Service setting out how the service operated.

The work produced by Internal Audit was designed to identify and remedy weaknesses in the internal control framework. Weaknesses that were identified were categorised according to their severity (fundamental, significant, moderate and minor).

Taken together, the above provided a sound basis for the Chief Internal Auditor to provide an annual opinion of the internal control framework of the Council.

The Chief Internal Auditor now had the support of 4 Full Time Equivalent (FTE) staff and the service was provided entirely through in-house provision.

Councillor Quentin Webb queried what impact the closure of the Calcot Office would have on internal audit. Julie Gillhespey explained that although there would be one fewer area to audit, the revised processes that would ensue would need auditing.

Councillor Lee Dillon asked for a comment on auditing of schools. Ian Priestley explained that the frequency of these audits would decrease as would the depth of these audits. Audits would focus on leadership and governance, financial management, budget control, the handling of payments and how any income was dealt with.

Councillor Rick Jones thanked Officers for the comprehensive report and for the clarity given the complexity of this area of work. Officers explained that the audit plan was based on risk. High risk areas were audited every four or five years, medium risks every seven years and low risk areas were audited less frequently. However as resources were depleted the frequency of audits would be lengthened.

Councillor Jones queried if internal audit looked at value for money of capital projects. Officers explained that this would be a time consuming exercise and that with the resources available they could only look at processes.

The Chairman thanked Officers for the well written report. He also thanked the team for doing such a good job.

RESOLVED that the work plan be approved.