Agenda item

This provides an update on the activity of Internal Audit for Quarters 1 & 2 2024-25.

Darren Armstrong (Deputy Director Organisational Assurance and Resilience) introduced a report providing and update on the activity of Internal Audit for Q1  and Q2 2024-25 based on the Internal Audit Plan 2024-25 which had been agreed by the Audit and Standards Advisory Committee in March 2024.  Members noted the report had been prepared as a light-touch update for information purposes, with a more comprehensive 2024-25 Interim Report due to be presented to the Committee for consideration December 2024.

In presenting the report the following key areas were highlighted:

·             The 2024-25 Internal Audit Plan had been the first prepared under the new Internal Audit Strategy for 2024-2027 (also approved in March 2024), which had introduced a new method for determining the activity of internal audit in-year and moved away from the more traditional ‘annual plan’ approach. This new approach was designed to enable the Internal Audit function to work more flexibly and to ensure it was more responsive to the Council’s changing risks, priorities and assurance needs.  In view of the nature of challenges and risks faced by the Council, and increasing demand and stakeholder expectations, the Strategy had identified the need to ensure the Internal Audit service remained agile, responsive and closely aligned with the strategic objectives, risks and needs of the Council and was able to provide a programme of robust assurance in the highest risk areas with the Plan developed therefore focussed around the following four areas core assurance work; a list of audit areas identified under an agile risk based approach designed to provide enhanced flexibility in order to respond to changing risks and priorities; consultancy & advice work and finally follow up activity to track agreed actions arising from internal audit activity to ensure improvements in the Council’s governance, risk management and control arrangements.

·             In terms of Internal Audit activity during Q1 & Q2 service had continued to deliver a broad range of work in the first half of 2024-25 including a focus on the scoping and planning of audits that would take place later during the year. This included core assurance work, in particular key financial system reviews, which members were advised was intentionally undertaken during Q3 & Q4 to ensure that assurance was provided across as much of the financial year as possible to help underpin the Head of Internal Audit’s annual opinion.

·             Details of the audit work undertaken during Q1 & Q2 had been included within Appendix 1 of the report with members advised that seven reviews had been completed, five high risk/high assurance need audits were at draft report stage, awaiting management responses with five in progress and fieldwork underway.  Ten core assurance reviews were in progress, with fieldwork due to commence in Q3 and Q4 with six follow-up reviews having been concluded, and a further twelvein progress.  A summary of the risks/issues identified in audits completed during Q1 & Q2 had also been included as Appendix 2 of the report with comprehensive management responses provided for each action and Internal Audit due to undertake follow-up reviews based on relevant implementation dates.  This activity had been delivered with the team operating at reduced capacity due to on auditor currently being on maternity leave.

·             The progress made, as detailed within Appendix 1 of the report, by the Internal Audit team towards delivery of the Core Assurance plan, with fieldwork for a number of audits due to commence during Q3 and Q4. It was anticipated that at least 90% of the plan would be completed by 31^st March 2024 (draft report stage), which would enable the Head of Internal Audit to provide an informed and evidence based opinion as to the effectiveness of the Council’s governance, risk management and control framework.

·             The Agile Risk-Based plan, detailed within Appendix 1 of the report, had also outlined the potential high risk and high assurance audit areas that would be prioritised for delivery in Q3 and Q4.  Members were advised this remained a fluid plan and would be subject to change in response to new/emerging risks and/or changes in priorities.  Whilst not designed as a rigid list of audits for delivery (given the resources required to deliver all of the work identified significantly exceeded available resources), the plan had been included to provide assurance in respect of how the work of Internal Audit would be determined and directed for the remainder of the year with a further update on progress and projected activity to be provided as part of the interim Internal Audit report in December 24.

The Chair thanked Darren Armstrong for presenting the report and then invited the Committee to ask any questions or clarifying points they had in relation to the Internal Audit Update. In response to Committee questions, the following responses were provided:

·             In response to clarification being sought around the way assurance was being delivered in relation to the Council’s budgetary controls as part of the core focus on key financial systems, members were advised that whilst not subject to specific review evaluation of key budgetary controls would be undertaken as part of the wider financial system reviews being undertaken, including the General Ledger.  It was noted this approach had been designed to avoid cross over and duplication with other key control assurance testing and the next interim update providing further detail on the activity being undertaken to provide assurance in relation to the Council’s overall financial sustainability and key budgetary controls.  In response to a further query, members were advised that whilst the annual programme of core key financial system assurance work was not directly aligned with the timetable for the Council’s budget setting process the outcomes of specific audit activity and assurance work was still designed to feed into ongoing development and review of the Council’s financial position and would support the annual internal audit opinion.

·             In commending the nature of the report, members advised they would also be keen to review performance in relation to the implementation of audit findings, given previous concerns highlighted in relation to delays and slippage identified.  In recognising the issues raised, the Committee was advised that the interim update scheduled for presentation in December 24 would include further details on performance in this respect along with the action being undertaken to address any delays and slippage in implementation of key audit recommendations involving the relevant departments.

·             Focussing on specific audit activity further clarification was sought on the findings identified as part of the audit undertaken to provide assurance around the effectiveness and robustness of arrangements relating to management of the Brent Music Service given the issues highlighted in relation to safeguarding, IT and data.  In response, officers advised that concerns regarding the gaps identified had been shared with the service with a further update due to be included as part of the interim Audit Plan report in December 24 on the work being undertake in response to address and mitigate against the risks identified and deliver the accompanying audit recommendations.

·             Following on, support was expressed by the Committee identified in relation to the automation and integration of data under the True Compliance (Housing) system as a measure designed to mitigate against the risk identified (following internal audit review) in relation to data integrity, which Darren Armstrong advised would be passed on to Housing Team for further consideration.

·             As a general comment on development of the Audit Plan, members queried the work being undertaken to provide assurance around the securing and delivery of social value through the Council’s procurement arrangements.  Whilst recognising the issues raised, Darren Armstrong advised members of the agile risk based approach undertaken towards the identified and inclusion of audit activity on the Plan which had been designed to not only match available capacity and resources but also provide maximum flexibility in order to respond to changing risks and priorities.  Based on an assessment of current risk and wider priorities in relation to core assurance activity social value had not currently been identified as a high priority on the Plan, although based on the comments and gaps in assurance identified members were advised the level of risk would continue to be kept under review with assurance continuing to be sought through alternative sources.

·             In response to additional clarification being sought on the outcome of an audit carried forward from 2023-24 in relation to i4B and FWH SLA billing arrangements (given the length of time the SLA arrangements had been in place) officers advised that the risks identified had been based around a wider focus on second line of defence control issues.

·             As a final issue, details were sought on the systems in place to manage the flow of requests for audit assurance activity through to the service.  Officers advised that the process for identifying potential audit areas involved a number of methods including risk assessment, assurance mapping and consultation with senior management with the service well positioned in terms of access and relationships with senior officers to facilitate this approach in an open and proactive manner which encouraged services to work with the team.  Whilst recognising the capacity available to respond to requests for support, the service continued to receive multiple requests with the plan flexible enough to adapt and respond to emerging risks and priorities throughout the year and subject to ongoing review in relation to the work identified for Q3 and Q4.

As there were no further comments raised, the Chair thanked Darren Armstrong for the update provided, and it was RESOLVED to note:

(1)        the progress made towards delivering the planned core assurance work.

(2)        the Internal Audit Activity for Quarters 1 and 2 of 2024-25.

(3)        the potential audit areas for Quarters 3 and 4, with members encouraged to feedback any further comments on potential audit areas identified to Darren Armstrong

(4)        As a result of the discussion at the meeting that the interim update on delivery of Internal Audit Plan 24-25 scheduled for consideration by Committee in December 24 would also include:

(a)        Further detail on the way in which core assurance is being provided in relation to Council’s budget and financial control measures.

(b)        The measures in place to address performance in relation to the delivery of follow up recommendations from audit reviews.

(c)        A further update on the measures being developed to address and mitigate against the risks identified following the review of Brent Music Service.