Agenda item
Third line assurance: Internal Audit Performance Report and revised Annual Audit Plan 2023/24
The report of the Head of Policy and Governance is attached.
Contact: Barry Hanson 07990 086409
Minutes:
The Committee received the report of the Head of Policy and Governance - copy attached to the signed Minutes – which provided members with an update of the work undertaken by Internal Audit in the first four and half months of the approved internal audit plan for 2023/24.
The Head of Policy and Governance explained that significant revisions were being proposed to the plan, as set out in the report, resulting in a reduction of 510 days due to a reduction in available resources. The revisions were however targeted to provide enough cover to inform a year end opinion.
The Head of Policy and Governance reported that 31 final reports had been issued in the previous quarter containing 182 recommendations (detailed at paragraph 8.8 of the report). He confirmed that given the limited data available no strong patterns of lower levels of assurance were emerging.
The Head of Policy and Governance informed the meeting that as at 3rd September 2023, 20 reports had been issued providing good or reasonable assurances (64%) which represented a slight increase in the higher levels of assurance than the previous year (62%), offset by a corresponding decrease in the number of limited and unsatisfactory assurance levels (36%) (38% last year). There were also 10 reports awaiting management responses which would be included in the next performance report. He then drew attention to two fundamental recommendations that had been identified in relation to IT Contract Management and the Disposal of IT equipment (set out in paragraph 8.14 of the report).
The Head of Technology and Automation updated Members in relation to the two fundamental recommendations. He reported that the first (IT Contract Management) had been completed and they had gone further and were now meeting on a more frequent basis to discuss internal contracts so they have a spreadsheet of all the contract information so there were no surprises in relation to which contracts were coming to an end etc.
In relation to the Disposal of IT equipment, he confirmed that there was now a contract in place for the formal disposal of IT equipment that ran for two years following which a new Contract would be procured.
In response to a query around the lack of resources within the Internal Audit team, the Head of Policy and Governance confirmed that internal audit had to comply with the Public Sector Internal Audit Standards (PSIAS) and as such had to provide an internal audit service that covered the right areas in order for them to deliver a year end opinion on the internal control environment hence why they had had to adjust the resources so that they could actually deliver that opinion. Members expressed concern that the actual number of available hours was declining. In response, the Head of Policy and Governance stated that it was a concern due to recent staff turnover being higher followed by an unsuccessful recruitment exercise however this was a national issue and was also being experienced by External Audit.
It was queried whether a self-assessment process could be introduced whereby each department complete their own audits with Internal Audit providing verification that they were being done. In response, the Internal Audit Manager confirmed that self-assessments were used for school audits, for example, but it was difficult to get the evidence to back it up so significant resources were still required to verify the information.
In response to a query around why certain seemingly minor audits were being audited when very short of staff, the Internal Audit Manager explained that although not significant in terms of strategic risks they had to take into account both the strategic risk environment and the available resources within the team and allocate work according to the skills within the team, for example they had a number of trainee auditors so they had to adjust the type of audits undertaken by them however they were excellent for training purposes and they did provide an insight into the activity of the organisation and whilst small in value, gave a feel for how staff were controlling the finances and how they might be dealing with income so gave a flavour of what was going on in the wider organisation.
In response to concerns around the Blue Badge Scheme, Members requested a management update for the next meeting.
A brief discussion ensued in relation to the reduction in resources within the internal audit team and how the Council could attract and retain auditors in order to fill vacant posts. The Head of Policy and Governance explained that it was an issue within the market that it was very difficult to recruit but they were looking at other ways in which to fill that resources gap and it was confirmed that the establishment within the audit team had not been reduced. In response to comments, the Executive Directive of Resources (Section 151 Officer) explained that there were a number of options open to the Council in terms of recruitment but that the rates of pay were in line with other local authorities. There were opportunities to pay market supplements if deemed necessary and work was currently being undertaken around the ‘shop window’ by demonstrating why Shropshire is a good place to work and with an open policy around agile working could recruit from across the country.
RESOLVED:
To endorse the performance of Internal Audit against the 2023/24 Audit Plan.
To request a management update for the next meeting in relation to the Blue Badge Scheme.
Supporting documents: