Agenda item

This report sets out the Internal Audit Strategy for the period 2024-2027, and the Internal Audit Plan for 2024-2025.

Darren Armstrong (Head of Audit & Investigations) introduced a report setting out the Internal Audit Strategy for the period 2024-2027 and the Internal Audit Plan 2024-2025.  In presenting the report the following key areas were highlighted:

·             The introduction of the Internal Audit Strategy as a newly developed document designed to outline the way in which the Council would continue to enhance the effectiveness and delivery of its Internal Audit function.  In covering a three year period, the Strategy set out a number of objectives, priorities and initiatives to ensure that the work carried out by Internal Audit was aligned with the Council’s strategic objectives and assurance needs as well as introducing a new approach to audit planning and delivery.

·             The requirement to develop and implement a strategy for the Internal Audit function had been introduced under the new Global Internal Audit Standards, which would officially come into force in January 2025, with the Strategy having been attached as Appendix 1 to the report.

·             In view of the growing challenges and risks faced by the Council, and increasing demand and stakeholder expectations, the Strategy had identified the need to ensure the Internal Audit service remained agile, responsive and closely aligned with the strategic objectives, risks and needs of the Council and was able to provide a programme of robust assurance in the highest risk areas. In developing this strategy, the opportunity had therefore been taken to re-consider and evaluate how the level of assurance and advisory services were delivered with the following four strategic objectives being developed to guide and shape the services work across the next three years - To adopt a more agile and enhanced risk-based approach to planning and delivery; To provide an ongoing and robust programme of core assurance; To offer and provide high-quality insight, foresight and advise; and lastly To lead and coordinate the implementation of an integrated assurance framework.

·             In addition to the Strategy, the Head of Internal Audit was also responsible for creating an Internal Audit Plan based on an assessment of the Council’s strategies, objectives and risks, informed by input senior management as well as the Internal Audit function’s understanding of the Council’s governance, risk management and control processes.  Under the new Global Internal Audit Standards the Plan would now be subject to more frequent update and in view of these new requirements (and in-line with the objectives set-out within the supporting Strategy) the Committee were advised of the new approach and method to audit planning reflected within the Plan (attached as Appendix 2 to the report), which (whilst still focussed around the provision of assurance around core/key systems and processes) moved away from the more traditional ‘annual plan’ to a less rigid, more flexible and agile approach.

·             The Plan had been divided into four sections split between core assurance work; a list of audit areas identified under an agile risk based approach designed to provide enhanced flexibility in order to respond to changing risks and priorities; consultancy & advice work and finally follow up activity with a strategic and inherent risk assurance map also provided covering the three year plan period which also set out how Internal Audit resources would be utilised and deployed, underpinned by the Internal Audit Charter.

Prior to seeking comments on the Strategy & Plan and new approach outlined, the Chair felt it important to outline and clarify a change in role involving the current Head of Audit & Investigations under the realignment of senior management responsibilities across the Council due to be introduced at the start of April 2024.  As a result of these changes members were advised that the current Head of Audit & Investigation role was due to be redesignated as Deputy Director Organisational Assurance and Resilience which in addition to the role relating to Audit & Investigations and Counter Fraud would now include responsibility for the Council’s health and safety, insurance, emergency planning and resilience functions.  In order to provide the necessary level of assurance relating to the continued independence of the internal audit function and avoid any conflicts of interest given the focus within the Audit Plan on the newly added areas of responsibility, members were advised that the delivery of audits and assurance on these areas would be managed through the Council’s co-sourced audit partner PWC with the Internal Audit Manager also now having a direct reporting line (if required) to the Chair and Vice-Chair of the Audit & Standards Advisory Committee.

Members noted that Darren Armstrong in the redesignated role, would continue to fulfil the existing responsibilities in terms of the Head of Audit and Investigations, with continued direct access to senior management including the Chief Executive and Corporate Director Finance & Resources as well as the Chair of the Audit & Standards Advisory Committee.  The changes would, however, require an amendment to the Internal Audit Charter to reflect the new role and additional controls established to maintain independence which members were advised had been a similar approach adopted across other local authorities and the External Auditor had also been advised of and raised no objection to.

In response to the update provided a request was made for an organisational structure chart to be provided for the Committee and independent co-opted members detailing the Council’s senior management realignment and inclusion of the newly created Deputy Director Organisational Assurance and Resilience (incorporating the Head of Internal Audit) along with arrangements to maintain independence of the role, which Minesh Patel (Corporate Director Finance & Resources) advised he would arrange to provide.

Moving on, the Committee was then invited to raise any comments on the Strategy and Plan which are summarised below:

·             In response to a query regarding the availability of resources to support the new approach identified, members were advised that the overall level of audit resource remained consistent.  Whilst the new Plan would require a balance in resources to meet the new standards and requirements, the Head of Internal Audit remained satisfied that adequate resources were available for the provision of an effective internal audit function focussed around the provision of core assurance.

·             Clarification was provided in relation to the action being taken to address an issue concerning the reconciliation of bank account payments as part of the work around the strategic risk relating to Financial Resilience and Sustainability which it was noted had now been completed.

·             In relation to a query on Audit Ref RB7 (Health Inequalities) within the Internal Audit Plan, members were advised that the scope for this review was currently being developed and would include, as suggested, a focus on co-ordination with relevant health partners.

·             As a final issue, members were assured of the ongoing oversight by Audit & Standards Advisory Committee in relation to delivery and development of the Internal Audit Strategy and Plan with the intention to provide more regular updates for the Advisory Committee in September & December (in preparation for year end).

As no further issues were raised the Chair thanked Darren Armstrong for the update provided and having noted the assurance provided relating to the ongoing independence of the audit function it was RESOLVED to:

(1)    note and endorse the newly developed Internal Audit Strategy for 2024 – 2027.

(2)  approve the draft Internal Audit Plan for 2024 – 2025 developed to reflect the new approach towards audit planning and Internal Audit Strategy.