Agenda item

To present the Internal Audit progress report to November, 2014.

The report of the Internal Audit Manager on the work of the internal Audit Section for the period from 1 April to 14 November, 2014 was presented for the Committee’s consideration. The report made reference to audit reviews undertaken and reports issued along with the assurance opinion awarded; referrals to Internal Audit and action taken, together with the internal audit recommendations issued and their implementation status.

The Internal Audit Manager highlighted two specific areas which were the subject of Red review reports reflecting a number of control weaknesses in the review areas, and these were in relation to System Controls – Logical Access and Segregation of Duties, and Third Sector Grants. A follow up report on progress in implementing the recommendations made as part of these reviews will be provided to the February, 2015 meeting of the Audit Committee. The Internal Audit Manager said that he would also update the Committee in February on current Audit concerns following the submission by the Deputy Chief Executive of an action plan to the September, 2014 meeting to address those concerns.

The Committee considered the information presented and was dismayed by the shortcomings reflected by the red review reports as regards the absence of policy and procedures in the areas reviewed and where those did exist, the lack of awareness and/or non-adherence to them. The issue of accountability was raised and consequently, the feasibility of calling to account the managers concerned. The Internal Audit Manager confirmed that the SLT and Heads of Service have been provided with a copy of the reviews and that the Deputy Chief Executive and the Head of IT are looking at ways of resolving the issues raised with regard to the System Controls review.

The Interim Head of Resources and Section 151 Officer said that the issues highlighted by the internal audit report replicate some of the issues raised with regard to risk management in terms of non-compliance with proper processes, and whilst the Committee’s sentiments in wanting to highlight responsibility are understood, it is Management’s responsibility to respond appropriately to the internal audit review reports by implementing the recommendations therein. The follow up report to the Committee in February will confirm whether or not that has happened. The Committee’s oversight discipline might be more productively applied to scrutinising the audit recommendation implementation rates by service as set out in Appendix A, and in identifying and calling to account the managers of those services who demonstrate a repeated failure to implement internal audit recommendations satisfactorily over the course of time.

The Internal Audit Manager pointed out the absence of a corporate mechanism for ensuring and monitoring that policies, processes and recommendations are implemented and are adhered to. He said that he would bring a more detailed analysis of internal audit recommendations outstanding, the length of time they have remained unimplemented and the services/managers to which they pertain to the February meeting of the Audit Committee.

The Committee recognised that there appeared to be a disconnection between policies and processes promulgated and the active management of their implementation and conformity with what is required, and suggested that as part of its action plan for 2015/16 it should focus on areas that are not moving forwards. Mrs Lynn Pamment, PwC said that the Audit Committee’s challenge function lies in following through on actions subsequent to a Red review and that it might wish to consider taking a more rigorous stance on implementation.

It was resolved to accept the Internal Audit progress report for April to November, 2014 and to note its contents.

ACTIONS ARISING: Internal Audit Manager to provide the following to the Committee’s February meeting:

•           Follow up reports on the Red Reviews with regard to System Controls – Logical Access and Segregation of Duties and Third Sector Grants including recommendations implemented.

•           A detailed analysis of internal audit recommendations outstanding, the length of time they have remained unimplemented and the services/managers to which they pertain.