Agenda item

Purpose: The Public Sector Internal Audit Standards (PSIAS) require the Audit Manager to make a formal annual report to those charged with governance within the Council. The report is required to include an opinion on the effectiveness of the Council’s governance, risk management and internal control frameworks, which in turn supports the Council’s Annual Governance Statement.

The Committee considered the report (Agenda Item 5) concerning the Annual Internal Audit Assurance Report for 2024/25.

The Audit Manager introduced the report and highlighted that it was a requirement for it to be brought to the Committee annually. Members noted the conclusion of the report, that reasonable assurance could be given that the Council’s governance, risk management, and internal audit control framework were robust. The reason for this opinion was due to the low number of low opinions audits, as opposed to those considered satisfactory or above. In addition, the report also updated the Committee on the audits undertaken and completed over the past quarter.

On a question about the Council’s financial resilience, and what the consequences would be if the Council did not receive Emergency Financial Support (EFS) from the Department of Housing Communities and Local Government (MHCLG), the Audit Manager indicated that these types of questions were not covered by the Internal Audit Team. As their work was retrospective, ensuing that the Council was operating effectively, questions about policy decisions and their potential consequences would be for the Section 151 Officer and the relevant Portfolio Holder.

The Committee discussed the rate of senior management vacancies as it was considered a risk in past audits. Members were assured that only one of the top 15 positions was not filled and that, although work on recruitment was ongoing, this area was no longer considered to be a concern.

In response to a question about allegations of potential fraud/wrongdoing that had been raised, the Audit Manager confirmed that several whistleblowers had raised concerns but that, upon investigation, there was no evidence to substantiate the allegations. In addition, the Executive Portfolio Holder for Finance and Resources indicated that fraud was a risk in every organisation, but that the Council had robust internal controls and a whistleblower policy to control that risk. The Audit Manager also assured Members that the allegations were not malicious and that the staff who submitted them had not been subject to victimisation as a result of whistleblowing. 

The Audit Manager went on to confirm a number of points made in the report. For example, it was highlighted that the Committee would receive progress reports on previous audits which received a limited assurance rating and that any issues relating to corporate risk management would be dealt with by the services’ risk registers and taken to the Committee through the regular risk management reports. The risks around Local Government Reorganisation were also noted as being a part of services’ risk registers, although the internal audit team could scrutinise a reorganisation plan once it had been agreed. In addition, school audits were noted as providing recommendations, but that it would be up to the schools to implement them.

Members noted Appendix D to the report and asked if Agresso was fit for purpose, given that some tasks had been found to be unwieldy and time consuming. The Audit Manager indicated that, as a system upgrade was imminent, resources had not been put into tailoring the system for specific tasks. However, once the upgrade was complete, greater consideration could be given to the effectiveness of the technology and if any concerns remained.

In response to a question about personnel matters, the Audit Manager indicated that recruitment issues were included on the audit plan, and an audit was taking place on recruitment and retention, which included day-to-day processes, and the strategic approach to improving the situation. The Audit Manager noted that day-to-day operational risk was covered by Service Managers, and HR matters should be included in service risk registers.

On a question about local government reorganisation and the risks associated with the contracts which the authorities had, the Audit Manager indicated that the risks should be on department risk registers. Audit work was not involved at this stage. However, if there were key issues of concern, they would be included in the audit plan.

On a question about the resourcing of the internal audit team, the Audit Manager indicated that she believed their performance indicator of completing 80 per cent of the audit plan was sufficient given the number of internal audit staff and their available workdays. In addition, as they completed 86 per cent on the audit plan for 2024/25, she considered their resources sufficient for their current target.

In response to a question regarding a weak audit report outcome on a school, the Audit Manager indicated that the Audit Team would follow up, and could plan another audit, and bring forward the next review.

As they were satisfied with the report, the Committee agreed to note the Annual Internal Audit Assurance Report for 2024/25.