Agenda item

This report also fulfils the relevant statutory requirements of the 2017 UK Public Sector Internal audit Standards (PSIAS); the 2017 Local Government Transparency Code; and the Audit Committee’s terms of reference.

Mr Minesh Jani, Head of Audit and Risk Management, introduced the report. Members welcomed the report stating that it was easy to follow and had provided clear information.

The meeting heard:

·      In addition to the audits that the Council did which were compliance type audits, there were some audits classed as “consultancy”. In those specific areas, the work that the auditors tended to more to inform what the service was trying to do. In regard to recommendations for community engagements, the Council had an audit on the plan to carry out a review of how effective it was in engaging with the community, but the service was of the view that if Mazars could share some of their expertise from other boroughs or organisations, the information could be used to inform the Council’s methods.  Any recommendations that were made would be shared with the Committee.

·      The Council had asked Mazars for their expertise and this contributed to the audit process. Management also put time and effort into allowing audit to look at their systems and also contributed to how it was possible to improve the dialogue between auditors and management to make improvements. This was lost if recommendations were not implemented. More focus would be placed on this for the future. The number of recommendations not implemented had come down, but some of the older recommendations were worth reflecting on. If a recommendation was valid - and some older ones were - they would remain on the register, but if things had moved on or if they could be combined with other recommendations, this would be actioned. In relation to resources, the Council had compared the level of audit resource in other London boroughs and Haringey was not the lowest. There were some boroughs with very low levels of audit days. The Council’s audit plan tended to be about 820 days whilst other London boroughs probably ranged from 900 to 950. Boroughs with a lower number of days would be around 500. There was no concern regarding the assurances the Council could bring to members to fulfil professional auditing needs. There had been a lot of focus on areas where things needed to improve. On balance, this was probably the right approach. The Committee would see audits where the risk was relatively high, but less so where the risk was lower.

·      In relation to how auditors could work in a way where their recommendations were implemented so that risks were managed even after they had left, the Council had arrangements whereby it reported on the follow-ups that were done. There was a mechanism to report the status of recommendations to the Statutory Officers Group. This was the Chief Executive, Director of Finance and the Head of Legal. Previous reporting had been done where recommendations which did not get implemented quickly enough. An audit was a point in time reference. When an audit was completed, a certain level of assurance could be given at the time with a view to improve systems, but sometimes, things could go backwards, especially if there was a factor such as a change in personnel which could undermine the control environment. Funding was the other thing that could be an issue. There were areas where there were control issues which were probably not linked to the follow-up work, but to other fundamental issues such as void management.

·      The Director for Housing had a view to doing less audit work this year, more follow-up work on the recommendations already raised. However, only a small window could be provided.

·      Monitoring of the outstanding recommendations and the actions was going to be important. Discussion with the statutory officers group strengthened internal reporting. It was the director's responsibility to be accountable for ensuring that recommendations were dealt with in the timescales and the key milestones. Reporting could be done, not just to the Statutory Officer’s Group, but to the Corporate Leadership Team.

·      In the quarterly update of the recommendations not implemented, a column or some text around the risk could be added. This could be done for the Statutory Officer’s Group as well as the Corporate Leadership Team.

·      In relation to recommendations that had not been implemented which were classified as priority one, two, or three, it would be useful to translate what this meant for the Committee. At the next meeting, the “P1” recommendations which were outstanding specifically would be useful. It would also provide a chance to refresh the recommendations.

·      The Chief Executive had made it a priority to make sure that all FOIs, Members Enquiries and Subject Access Requests were responded to in a timely way. This was important not just from a data protection act point of view, but also being transparent and being engaging with the community. Efforts had been made to create an application which was more up to date with the enquiries.

The Chair wished to draw attention to the leisure services as there was likely some risks involved in addition to governance and processes that needed to be examined. The cloud strategy status appeared to state that the risk associated had been re-evaluated and the audit was not deemed to be needed at this point. This appeared to be a risk prone approach as cloud services tended to have minimum control. In response, the meeting heard that was an audit in the plan which was about to start to look at the implementation route by which Leisure Services would come back in-house. This was not to review the leisure service in function, but the program in place for the delivery of insourcing leisure functions. The report for this would be submitted to the Committee in October 2024.  Risks were high for the cloud strategy, but the audit was pushed out because of all the other audits that were on the plan. This would be brought back into the audit space. 

RESOLVED:

To note the content of the Head of Audit and Risk Management’s annual audit report and assurance statement for 2023/24 and the accompanying appendices.