Agenda item

Update on Internal Audit Strategy and Priorities 2020/21

To present the report of the Head of Audit and Risk.

Minutes:

The report of the Head of Audit and Risk providing an update as at 16 November, 2020 on the work of Internal Audit  since the last report to Committee on Internal Audit activity in September, 2020 together with the priorities for the short to medium term was presented. The report was a shortened version of the usual quarterly update report in line with the requirements of the Meetings Strategy during the emergency period.

 

The Head of Internal Audit and Risk –

 

           Updated the Committee on the assurance work completed since the last update with reference to the table at paragraph 6 of the report. Of the audits listed, three had resulted in a Substantial Assurance rating; two had resulted in a Reasonable Assurance rating and a further two audits – Management of School Unofficial Funds and Leavers Process had resulted in a Limited Assurance rating.(The Limited Assurance reports were issued separately to the Committee’s members and relevant Portfolio Holders). A further two audits not listed in the table relating to Education Grants – the one in relation to the Pupils Development Grant 2019/20 and the other in relation to the Financial Pressures around the Teachers Pay Award had also been finalised and both attracted Substantial Assurance.

 

In elaborating on the Action Plan and the status of the risks/issues identified by the Management of the School Unofficial Funds Limited Assurance audit, the Head of Audit and Risk advised that although oversight of school unofficial funds is the responsibility of school governing bodies there is a reputational risk associated with such funds and there have been instances both local and national where fraud and mismanagement have occurred. Given that they are linked to fund raising activities and can involve significant amounts of money school unofficial funds are considered high risk in terms of the potential for fraud. Against this background therefore the Internal Audit undertook to assess the situation in Anglesey and the audit was carried out in collaboration with the Learning Service. The Officer highlighted the audit as a good example of the collaborative audit culture which the Internal Audit Service  has been seeking to develop -  the Learning Service having responded proactively to the risks/issues raised meaning that a great deal of progress has been made in addressing them. The Senior Education Manager confirmed that the level of collaboration had been excellent and that the Service would continue to progress matters over the coming months. The Portfolio Member for Education also expressed his thanks to both services and urged members in their capacity as school governors to avail themselves of the planned training on the effective management of school funds (the absence of training being one of the  risks/issues raised) when arrangements are confirmed.

 

The Head of Audit and Risk similarly guided the Committee through the Leavers Process Limited Assurance audit report and confirmed that Human Resources had likewise been proactive in responding to the risks and issues raised by the audit.

 

           Reported on work in progress as illustrated by the table in paragraph 9 of the report which provided information regarding the audits underway and the stage reached at the time of writing.

           Referred to the National Fraud Initiative - a biennial exercise that is currently underway. Internal Audit is working with services to extract data for uploading to the NFI portal which is mandatory and must be completed by 1 December, 2020 for the main bulk of datasets required. A new exercise had been added this year to undertake data matching to identify potential fraud in relation to the Covid-19 relief programme. In December, Internal Audit will be required to submit data from the Small Business Grant Fund and Retail, Hospitality and Leisure Grant Fund.

           Clarified the position with regard to Overdue Actions as at 16 November, 2020 as shown in the 4action dashboard at Appendix 1 to the report. Services have been working hard to address outstanding issues/risks currently leaving only five actions overdue relating to procurement, payroll and the payment of housing rent by standing order. Work is progressing to support services with implementing all outstanding actions.

           Outlined the priorities for the remainder of the year mindful also of the need to remain agile to react to any work arising at short notice and any requests from the Senior Leadership Team.

           Confirmed that two pieces of work will be undertaken before the end of the financial year to provide assurance that the ICT Service is equipped with the required technology, capacity and capability to maintain a level of service to align to the Council’s core objectives and to ensure the confidentiality, integrity and availability of the Council’s data. Internal Audit has commissioned the City of Salford IT Audit Team to undertake the two pieces of assurance work one of which will be confidential with more information to be provided in due course and the topic of the other piece is to be confirmed.    

           Advised that 3 audits linked to Corporate Risk Register priorities (paragraph 33 of the report refers) have been parked and are deemed low priority for assurance. The subject areas of the audits – Investment in Leisure facilities; school modernisation and Island infrastructure have not advanced significantly as projects and therefore an audit as this stage would not provide any significant benefit or assurance.                     

 

The Head of Audit and Risk responded to points raised by the Committee in discussing the report by providing the following clarifications -

 

           That with regard to the risk that collaborative auditing could compromise the independence and objectivity of Internal Audit, the Head of Internal Audit and Risk advised that a collaborative approach is a way of working which Internal Audit as a sector is moving towards and whilst it does involve a joint approach to resolving issues in which the client service is fully engaged it still requires Internal Audit to maintain a professional distance so there is no conflict of interest. By acting jointly it is less a matter of Internal Audit telling the client service what to do and more  a matter of giving the client service greater ownership of what needs to be done hence the no recommendations audit process adopted by Internal Audit whereby the issuing of recommendations has been replaced by raising risks and issues. A collaborative approach also means working with the client service towards a common goal of achieving    corporate priorities and delivering quality services for the residents of Anglesey.

           That with regard to the coverage of the audit in connection with managing the risk of fraud (one of the priority areas for the reminder of the year) which suggests a wide remit, the Head of Audit and Risk clarified that an audit review of managing the risk of fraud was brought to Committee earlier in the year in which six risks were identified that needed to be addressed;  implementing the action plan in relation to these risks  will form the basis of the work to be undertaken and will  involve looking at strategy, policy and  the culture and tone at the top meaning working with the Senior Leadership Team to increase awareness of the risk of fraud throughout the Council.

 

It was resolved to note Internal Audit’s assurance provision and priorities going forward.

 

NO PROPOSAL FOR ADDITIONAL ACTION WAS MADE

Supporting documents: