Agenda item

This report summarises the activity of Internal Audit for the financial year 2023-24, including an update on work completed since the previous report in December 2023.  In addition, the report sets out the Annual Internal Audit opinion, provided by the Deputy Director Organisational Assurance and Resilience (as the Head of Internal Audit), on the adequacy and effectiveness of the Council’s framework for governance, risk management and control, which is used to support the Council’s Annual Governance Statement and presents revised Internal Audit Charter, reflecting the recent change in the role of the Head of Internal Audit.

Darren Armstrong (Deputy Director Organisational Assurance and Resilience) introduced the report which outlined the activity undertaken by Internal Audit during 2023-24 (and work undertaken since the previous update in December 2023) and included the Annual Audit opinion provided by the Deputy Director Organisational Assurance and Resilience (as Head of Internal Audit) on the adequacy and effectiveness of the Council’s framework for governance, risk management and internal control used to support the Annual Governance Statement.

Members were advised the report also presented the revised Internal Audit Charter, which had been amended to reflect the change in role of the Head of Internal Audit, with the Chair advising he would therefore consider each section of the report as separate items, prior to summarising the overall outcome.

In considering the Internal Audit Annual Report (as detailed within Appendix 1 of the report) the Committee noted the following key points:

·                There had been no actual or perceived threats to the independence and objectivity of the Internal Audit function in relation to the work carried out to deliver the 2023-24 internal audit plan. The Head of Internal Audit and all internal auditors had continued to receive unrestricted access to senior management, officers and all information and records necessary to undertake their work.  This was supported by the internal audit function having also received an External Quality Assessment (EQA) during 2022-23, which identified no concerns regarding to the independence or objectivity of the function.

·                The summary relating to delivery of the internal audit plan during 2023-24 contained within section 3 and Appendix A of the Annual Report;

·                The flexible and risk-based approach adopted towards development and delivery of the Annual Internal Audit Plan, with the summary of risk issues identified during 2023-24 and comparison with 2021-22 and 2022-23 provided in section 4 and Appendix B of the Annual Report.

·                The outline of Follow Up activity undertaken during 2023-24 in relation to previous audit reviews as detailed within section 5 and Appendix C of the Annual Report.  The Annual Report also included an outline of actions partially or still to be implemented along with the process of management engagement on these, as detailed within Appendix D of the Annual Report.

·                As detailed within section 6 of the Annual Report, the Head of Internal Audit had been satisfied that the work undertaken by Internal Audit during 2023-24, as well as wider governance arrangements, had enabled a “reasonable assurance” audit opinion to be provided on the Council’s control framework, risk management and governance arrangements.  In determining the annual opinion, the Head of Internal Audit had considered which key themes from audit work undertaken in 2023-24 could be enhanced in the future to better support the Council’s governance, risk management and internal control frameworks. The areas of improvement identified as a result had been detailed within section 6.17 – 6.24 of the Annual Report and included:

o      The rate of implementation of audit recommendations/actions within original timescales; and

o      The need to continue addressing “second line” gaps in control identified at departmental and operational level.

·                The continued compliance of the Internal Audit function with the Public Sector Internal Audit Standards and quality assurance improvement programme along with outline of key performance indicators, as detailed within section 7 of the Annual Report.

The Chair then invited comments on the outline provided of the Internal Audit Annual Report, with the following issues raised by the Committee:

·                In response to a query raised on the movement identified in terms of delivery of the original Internal Audit Plan, agreed by Committee in March 2023, over the course of 2023-24 members were advised that the Plan had been developed on a risk based approach with the intention of being fluid and adaptable enabling adjusted to be made in-year (in consultation with senior management) to ensure it was able to remain responsive and continue providing assurance against high risk areas as well as being able to respond to any new or emerging risks/issues.  As a result, it was recognised that delivery of the Plan had involved eight of the original audits included either being cancelled or deferred and carried forward for inclusion within the 2024-25 planning process with an additional six audits having been added.  Detail on the status and outcome of each audit review had been provided within Appendix A of the Annual Report.

In response to a further query regarding the Committee’s role in approval and monitoring delivery of the Plan, the Chair reminded members of the balance needing to be achieved in terms of maintaining and supporting the independence of the Head of Internal Audit in being able to provide the necessary flexibility within the Plan. The Plan was presented to members in March to seek the necessary assurance on its development against the key risk areas identified, audit plans and good governance guidelines.  Delivery of the Plan was then subject to mid-year monitoring by the Committee with members reminded that the initial 2024-25 Internal Audit Plan had been presented for review and comment in March 2024.

·                Following the details provided in relation to follow up audit activity and action being taken to address actions arising from audits that remained partially or not implemented (particularly in relation to second line gaps in control) further details were sought on how performance in this area could be enhanced moving forward.  In response, whilst it was acknowledged that some slippage may occur as a result of issues arising which impacted on actions being implemented within original timescales officers had felt it was important to highlight the slippage in rate of implementation of all audit actions (high, medium and low risk combined) within originally agreed timescales in the Annual Report, given these had fallen from 68% to 46% during 2023-24.  The level of audit actions not implemented within original timescales had also increased in terms of both the number and percentage of total actions, with 43 (26%) actions not implemented in-year compared to 7 (4%) in 2022-23 and 15 remaining as outstanding.  As a result, measures were in place to remind departments of the importance that needed to be placed at an operational level on the implementation of audit actions based on realistic achievable target dates and enhanced engagement and monitoring at departmental level to ensure issues with non-implementation of actions were highlighted and addressed prior to escalation (should it be identified as required) utilising the powers available to the Audit & Standards Advisory Committee.

·                In response to further details being sought on deferment and carry forward of the planned audit on the Redefining Local Services (RLS) programme members were advised this reflected the in-year redirection of audit resources tacking account of the alternative review activity being undertaken in relation to the RLS programme, which Internal Audit would continue to support as required.  In terms of the carry forward of the other audits to 2024-25 identified within section 3.5 of the Internal Audit Annual Report, members were advised these also reflected the reprioritisation of resources during the year and level of alternative assurance identified in relation to other review activity focussed around those areas as part of the process in maintaining the flexible approach within the Plan and seeking to maximise the use of available resources.

In terms of details sought on the proposed S106/Community Infrastructure Levy audit carried forward for consideration in 2024-25, members were advised that the scoping for that audit was still underway with members keen to ensure that consideration was given to the inclusion of invoices and use of funding for its intended purpose.  Darren Armstrong advised he would ensure these views were fed back as part the scoping process.

The Committee then moved on to consider the Internal Audit Charter, which had been included as Appendix 2 of the report with the following key points noted:

·                The requirement to maintain an Internal Audit Charter in accordance with the Public Sector Internal Audit Standards and pending Global Internal Audit Standards due to come into effect on January 2025.  The Charter included an outline of the purpose, standards, organisation, scope and mandate for the Internal Audit function along with expectations regarding management support of the function.

·                As a result of the recent senior management re-alignment within the Council, the Charter had needed to be updated to reflect a change in the Head of Internal Audit’s role (now the Deputy Director Organisational Assurance and Resilience) and additional areas of responsibility, including details on how the organisational independence of the Internal Audit function would continue to be preserved and safeguarded in light of the changes outlined with a structure chart also included to demonstrate how the functional and administrative reporting lines of the Head of Internal Audit had been established to preserve independence.

·                In accordance with the internal audit standards, the charter had been presented to the Committee in order to confirm it accurately reflected the understanding and expectations of the internal audit function.

In response to a comment raised in relation to the Charter, clarification was provided on the membership and role of the Assurance Board included within the functional reporting lines for the Deputy Director Organisational Assurance and Resilience (as Head of Internal Audit) which members were advised was an internal officer Board chaired by the Chief Executive responsible for providing corporate oversight of the Council’s governance arrangements, including risk and assurance activity.

As Members had no further questions, the Chair thanked Darren Armstrong for the report and it was RESOLVED:

(1)     To note the outcomes of the Internal Audit work completed during 2023-24.

(2)     To note the Annual Internal Audit opinion on the adequacy and effectiveness of the Council’s framework for governance, risk management & control.

(3)     To note the revised Internal Audit Charter and to confirm this accurately reflected the Committee’s understanding and expectation of the Internal Audit function.