Agenda item

To present the report of the Internal Audit Manager.

The report of the Internal Audit Manager incorporating the Strategic Audit Plan for 2017/18 to 2019/20 and the Annual Plan for 2017/18 was presented for the Committee’s consideration and approval in compliance with the Public Sector Internal Audit Standards produced by CIPFA and other standard setting bodies, which came into force on 1 April, 2013.

The Internal Audit Manager reported as follows –

•           That the Internal Audit Strategy at Appendix A is a high level statement of how the Internal Audit Service will be delivered and developed and it is supported by a detailed Annual Plan as set out in Appendix B to the report.

•           The purpose of the Strategy is to put in place an approach that enables IoAC’s Internal Audit Service to be managed in a way that will facilitate the objectives described in paragraph 1.1.2 of the report. The Strategy and Annual Plan is supported by Appendices B to E detailing the Annual Plan for 2017/18, a 3 year Strategic Plan for the period 2017 to 2020, an analysis of Internal Audit resources and the performance targets for 2017/18.

•           In order to identify the areas that require internal audit coverage, the risks facing the organisation need to be understood. An audit needs assessment for 2017/18 has therefore been undertaken using the processes set out in paragraph 1.2.2 of the report.

•           Other documentation consulted which informed the development of the plan included but was not limited to the Annual Governance Statement 2015/16; the Deloittes Audit of Accounting Statements and the Annual Delivery Document (Improvement Plan) 2016/17.

•           Internal Audit’s risk based approach is to use the Council’s Corporate Risk Register to drive the Internal Audit Strategic and Operational Plans and to use the resources to provide assurance over the greatest risks to the Council where possible and where appropriate. Assurance would then be reported against risks familiar to the Management and Members of the Council through their knowledge of corporate risk.

•           A review of the Risk Management Framework and the effectiveness of actions to mitigate the Council’s highest risks has been included in the 2017/18 Operational Plan.

•           The Annual Operational Plan is produced to provide Internal Audit with its work programme for the year. The Audit Needs assessment is reviewed and the input of the Senior Leadership Team and Heads of Service sought to identify any risks not currently covered. The revised Audit Needs assessment is used to direct Internal Audit resources to those aspects of the organisation that are assessed as generating the greatest risk to the achievement of the objectives.

•           The provision of the Internal Audit service will be delivered by an in-house team of 6 officers as outlined in Appendix D.

•           The service continues to focus on ways in which to maximise audit resources and improve performance, whilst maintaining a quality service and ensuring compliance with professional standards. This is achieved through robust quality assurance processes and the setting of objectives in the Annual Service Plan. Progress in achieving those objectives is monitored through quarterly service performance reviews and the performance of the service is reported to this Committee on a quarterly basis. Performance targets for 2017/18 are set out in Appendix E to the report.

The Committee considered the report and made the following points –

•           That whilst it was satisfied that the Strategic Internal Audit Plan for 2017/18 to 2019/20 covers the right areas in terms of the nature and extent of the risks facing the Council, and that those risks have been properly identified and evaluated, the Committee noted that it does not contain a reference to the Council’s savings agenda. The Committee noted further that the Plan although comprehensive as regards coverage of individual service areas, does not provide the  means by which the Committee can be assured that the Council overall is delivering on its savings plans or that the impact on the Council’s objectives of not being able to achieve proposed savings has been planned for and mitigated. Neither is the Committee able to derive a sense of how the Council as a whole is providing value for money. The Internal Audit Manager said that she noted the point made and would take it into consideration in formulating the Internal Audit Strategic Plan in future. 

•           The Committee noted that whilst the level of assurance is generally satisfactory, some areas included for review as part of the Strategic Internal Audit Plan in Appendix C reflect a Limited Assurance level; the Committee sought clarification of the progress of improvement with regard to these areas and the process for dealing with them. The Internal Audit Manager said that in developing the Strategic Plan the assurance level deriving from each audit is considered and then fed into the planning process. All audit reviews resulting in a Limited Assurance opinion are followed up within six months of the original audit and the outcome reported to the Committee.

•           The Committee noted the performance targets set out in Appendix E; it sought clarification with regard to the progress made in terms of the Internal Audit Service being able to meet the targets at year end. The Internal Audit Manager said that to date 72.73% of planned audits have been completed and 49 audits undertaken.

It was resolved to –

•           Approve the Internal Audit Strategy and Annual Plan for 2017/18

•           Approve the Internal Audit Service’s Performance targets for 2017/18.

NO FURTHER ACTION ENSUING