Agenda item

This report outlines the work undertaken by Internal Audit in respect of delivery of the 2022-23 Internal Audit Plan and also includes the Head of Internal Audit’s annual opinion on the Council’s system of internal control.

Darren Armstrong, Head of Audit and Investigations introduced the report which outlined the work undertaken by Internal Audit in respect of delivery of the 2022-23 Internal Audit Plan and included the Head of Audit’s Annual Opinion. Members were advised that the report had been provided in order to offer assurance about the Council’s framework of governance, risk management and internal control.

In considering the report the Committee noted the following key points:

• There had been no threats to the independence and objectivity of the Internal Audit function in relation to the work carried out to deliver the 2022-23 internal audit plan. The Head of Internal Audit (HIA)and all internal auditors continued to receive unrestricted access to senior management, officers and all information and records necessary to undertake their work.
•  The internal audit function also received an External Quality Assessment (EQA) during 2022-23, which identified no concerns regarding the independence or objectivity of the function.
• Section 3.0 of the report provided a high level summary of the Audits undertaken to date in 22/23, with some audits ongoing and others cancelled or deferred, in agreement with senior management and auditees where it was felt they were no longer required.
• Risks were categorised as critical, high, medium or low and were responded to in priority order. As no critical risks had been identified it had allowed high risk work to be implemented more quickly, although it was acknowledged and referenced in the audit opinion that this had a cumulative effective on the urgency and implementation of medium term risk audit’s completion and as such was identified as an area that required attention going forward.
• In determining the annual opinion, the HIA had considered which key themes from audit work undertaken in 2022-23 could be enhanced in the future to better support the Council’s governance, risk management and internal control frameworks. These areas of improvement were detailed in Appendix A section 6.15 – 6.21 of the report.
• The HIA was satisfied that the work undertaken by Internal Audit during 2022-23, as well as wider governance arrangements, had enabled an audit opinion to be formed on the Council’s control framework, risk management and governance arrangements.

The Committee had a number of follow up questions in relation to the information heard. The following key points were discussed:

• The Committee queried how Internal Audit would respond to the issues highlighted in section 6.21 of the report in relation to expired policies and procedures. In response the Committee were advised that Internal Audit would work with colleagues to ensure that policies and procedures on the intranet were kept up to date and were easily accessible.
• Following a Committee query in relation to the Housing Voids Audit and when KPI’s would be agreed, the Committee were updated that following the audit the Housing Management Team had accepted the suggested actions to set and monitor KPI’s moving forward, therefore it was felt that positive steps would be made going forwards, an update would be provided at a future Committee meeting to measure the effectiveness of the recommended actions.
• The Committee queried whether officers felt that where there were areas of concern identified following audits, if these issues could be adequately addressed by the action plans recommended. Darren Armstrong, Head of Audit, advised that senior managers were aware of the common themes, particularly with reference to second line functions and were supportive of the agreed action plans. As a result of the management support and robust action plans in place it was felt there were sufficient measures in place to overcome the areas of concerns identified and scope to make significant improvements.
• Following a Committee query as to whether Artificial Intelligence (AI) was perceived as a risk to the Council, the Committee acknowledged that AI was an emerging risk that had not yet been fully explored as yet, however this point would be taken forward and discussed with IT Shared Services in order to assess the potential requirements to undertake a further review of any risks posed to cyber security as a result of the recent advancements in Artificial Intelligence
• Following the information shared in the report that identified a lag in the completion of medium risk audits, the Committee required further clarity on why there was a lag and how this could be overcome in the future. In response the Committee were advised medium term audits had been impacted by the increased focus given to high risk audits. Strong consideration had been given to how to ensure that moving forwards, medium risk audits were given the scrutiny required. This would include revising some timescales and ensuring that realistic achievable target dates were set.
• Darren Armstrong, Head of Audit & Investigation, re-iterated to the Committee the importance of setting a realistic Audit scope, having reminded the Committee that with limited resources it was not possible to audit every risk, however every effort had been made to use resources as effectively and efficiently as possible to maximise the Audit service.

As Members had no further questions, the Chair thanked Darren Armstrong and his team for what the Committee felt was a highly informative report. It was RESOLVED to note the contents of the report.