Agenda item

This report details the work undertaken by Internal Audit in the period 1 April to 31 August 2024 and focuses on progress on internal audit coverage relative to the approved internal audit plan, including the number of audit reports issued and finalised – work undertaken by the external provider (Forvis Mazars).

Mr Minesh Jani, Head of Internal Audit and Risk, introduced the report.

The meeting heard:

·      A query was raised in relation to the timeliness of reports. This was important for the Audit Committee to carry out its function as reports submitted late could mean that the data in the report may have dated levels of relevance. The protocol for submitting reports should be followed. In response, the meeting heard that the protocol had been set out and that all audits would follow a timeline. Assurances had also been sought that where timelines had been exceeded, the Committee would be made aware of the reasons why. 

·      It was possible for the Head of Internal Audit and Risk may be asked to audit a certain area. Taking the Risk Management Strategy into account, officers were responsible for knowing what the issues were, implementing the remedial action and asking Audit to provide assurance for the remedial action. Audit should be used to fulfil an assurance role as well. Part of the job of the Head of Internal Audit and Risk was to provide independent assurance on systems and control, but there were some areas where invitations had been accepted to do a new audit, because the level of assurance was so low that it required improvements and sometimes it was better for Audit to identify control gaps in addition to management gaps at the same time so they could be fixed together.

·      The role of the Head of Internal Audit and Risk was quite wide and within the standards for public sector internal audit. This entailed how to support the organisation to achieve the best it could and sometimes when things were found, it could be disconcerting if certain basic required elements were not present. There were some areas where the level of internal control was not at the level it should be. A number of reports had been brought to the Committee but many issues appeared to be around three or four areas; record keeping, supervisory controls, policies and procedures directing staff and the robustness of new systems. Efforts were being made around the audit process and the sense of the implementation of the recommendations. It was unlikely that all recommendations would be implemented, but if a lot of the recommendations could be implemented in a timely way, then the Council would have a much better chance of establishing better internal controls.

·      The importance of completing audit work tied in with recommendations being implemented on time.

·      Monitoring of the implementation of the recommendations was important. Overseeing the implementation of recommendations was also important and there were a few ways this was being done. Detailed final reports were being shared with the Head of Finance and the Chief Executive. There was also a Statutory Officers Group which discussed independent audit. A team data tracker was being developed. Monitoring and management of recommendations needed to be in place, but was separate to accountability and responsibility. Good progress was being made regarding tracking the implementation of recommendations and this was something that would be of interest to the Committee.

·      There was an overall option that all services relied on which set out the principles of how procurement should be carried out in the Council. Concerns had been expressed in the past as to how effective this was. There had been proposals to have changes implemented so there was more oversight over some of the activity so more assurance could be provided to the service and to the Committee.

·      Sometimes, as auditors began their work, if they come up with concerns such as health and safety matters, then they would identify and report those immediately.  The subsequent report would need to be issued when findings were agreed. There was a process from identifying the issues, having a formal meeting (where the issue would be raised again) to the report being drafted for management comments. A final report would then be issued.

RESEOLVED:

To recommended to note the audit coverage and follow up work completed