Agenda item

To present an update on Internal Audit activities.

The report of the Head of Internal Audit and Risk which provided an update on Internal Audit’s latest progress with regard to service delivery, assurance provision, and reviews completed was presented for the Committee’s consideration.

The Head of Audit and Risk reported as follows –

•           That the three Internal Audit reports finalised during the period, relating to grant certification work (Rent Smart Wales Grant 2016/17, Education Improvement Grant 2016/17 and the Pupil Deprivation Grant 2016/17), all produced Substantial Assurance ratings.

•           That one follow-up review in relation to the Council’s Corporate Safeguarding arrangements was finalised in the period the outcome of which is summarised in section 5 of the report. A further follow up review will be undertaken during October, 2017.

•           That progress in delivering the Internal Audit Operational Plan for 2017/18 is set out in section 6 of the report and shows that work is currently ongoing in 12 areas. The Head of Audit and Risk will review and amend the Annual Plan during the year to ensure the coverage remains relevant and risk-based. Changes will be reported to the Audit and Governance Committee at each meeting.

The Committee noted the information presented; the Committee sought clarification of whether the progress on Corporate Safeguarding was considered satisfactory given the sensitivity of the area and given that the initial review was conducted back in September, 2016, and resulted in a Limited assurance opinion. The Committee noted that it would have expected the planned follow-up review in October, 2017 to confirm completion of the recommendations rather than assessing progress. The Head of Audit and Risk said that the majority of the recommendations will have been completed by September, 2017; a further recommendation is due to be implemented in December, 2017 and involves exploring an ICT solution to monitor compliance with DBS checks – the service is in discussions with Northgate to provide a central database of DBS records. The Head of Function (Resources) and Section 151 Officer said that the whole Payroll/HR system and how it is used is under review which is a long-term project. A number of modules need to be examined and these include Recruitment and Training encompassing the recording of DBS checks. The recommendation referred to by the Head of Audit and Risk is linked to the corporate project for reviewing and improving the use of the Payroll/HR system and explains the longer implementation timeframe.

The Committee inquired whether it was reasonable to keep the Corporate Safeguarding audit review open simply because an element of it forms part of a larger project. The Committee, whilst recognising that putting the right system in place to deal with DBS records might take time, took the view that it should not be a reason for delaying the finalisation and sign off of the Corporate Safeguarding review as long as there is assurance that the issue of DBS checks is covered and will be actioned under the broader Corporate Payroll/HR system review. If that is the case, the Committee suggested that consideration should be given to removing the outstanding recommendation relating to DBS checks under the Corporate Safeguarding review from that review’s schedule of recommendations.

The Head of Audit said that as a result of the follow up, Corporate Safeguarding has now been re-assessed as providing Reasonable Assurance, and as such it will not be brought back to the Committee. Under the new system only reviews where Catastrophic or Major recommendations remain unimplemented will continue to be followed up. If a reassessment shows that sufficient work has been done to reduce the risk to a moderate or minor level then a review will be effectively parked.

The Committee further requested with regard to the Internal Audit Operational Plan that the “On Track” column in the table showing progress of delivery against the Plan be amended to indicate the Audit Committee meeting to which the outcome of the review is due/likely to be reported.

It was resolved to accept and to note the progress to date by Internal Audit in terms of service delivery, assurance provision, reviews completed and its performance and effectiveness in driving improvement.

ACTION ENSUING: Head of Audit and Risk to amend the “On Track” column in the table showing the progress of  delivery against the IA Operational Plan to indicate the Audit Committee meeting to which the outcome of the review is due/likely to be reported.