Agenda item

To present the report of the Head of Audit and Risk.

The report of the Head of Audit and Risk which provided an update on Internal Audit’s latest progress with regard to service delivery, assurance provision and reviews completed was presented for the Committee’s consideration.

The Head of Audit and Risk highlighted the main points as follows –

•           That three audit reports were finalised in the period. The first relating to CONTEST – Counter Terrorism resulted in a Reasonable Assurance opinion with the review finding  that the Council is making good progress in implementing an effective framework of controls to ensure that it can successfully discharge its statutory “Prevent”  responsibilities in respect of HM Government’s Counter Terrorism Strategy (CONTEST) 2018. The second report was in relation to Welfare Reform – Housing Rent Income which also resulted in a Reasonable Assurance opinion with the review concluding that the Council has a number of effective operational controls in place to manage the impact on the Council’s ability to collect Housing Rent income. For both reviews, Internal Audit identified scope for improving controls in future in the areas audited which is reflected in action plans agreed with Management (available to the Committee’s members on request to the Head of Audit and Risk). Internal Audit raised 4 major Risk/Issues on the CONTEST – Counter Terrorism review and 1 Major and 3 Moderate Issues/Risks on the Welfare Reform – Housing Rent Income which the Officer elaborated upon.  The third audit report completed was a health check of information governance and General Data Protection Regulation embedding across all the schools on the Island conducted by Strategic Risk Practice of Zurich Risk Engineering (ZRE) which as a consultancy piece of work for internal information only, did not provide an assurance rating.

•           That one Follow-up review was finalised in the period relating to Payment Card Industry Data Security Standard Compliance which resulted in the original Limited Assurance rating being upgraded to a Reasonable Assurance opinion. Follow-up reviews of Primary Schools Income Collection (First Follow-up) and Sundry Debtors (Second Follow-up) are currently in progress. A further three Follow-ups are scheduled for the remainder of the year in connection with the areas listed in paragraph 21 of the report.

•           That there had been a slight dip in addressing High/Red/Amber issues/risks from 89% in Quarter 4 of 2018/19 to 87% in Quarter 1 of 2019/10 although no High or Red issues/risk remain unaddressed. The decline is accounted for in paragraph 23 of the report.

•           That Internal Audit was hoping to finalise and report the outcome of four audits to the Committee at this meeting (Business Continuity Arrangements, Corporate Safeguarding Follow-up, IT Resilience and Corporate Information Governance Health Check)  but due to the reasons outlined in paragraph 29 of the report this has not been possible. Following the recommendation made in the Corporate Risk Management Health Check that the corporate risk register be reviewed and the corporate risks rationalised, the Senior Leadership Team reviewed the Corporate Risk Register and reduced the corporate risks by approximately half. This is reflected in the internal audit priorities going forwards. The Head of Audit and Risk referred to the Operational Plan under Appendix A  highlighting the changes made and the reasons therefore whilst also drawing attention to the fact that the  Plan provides the Committee with assurance about when the corporate risks on the Corporate Risk Register were last reviewed.

•           The Committee at its previous meeting sought clarification of whether there is a standard national definition of assurance ratings, and if there was not, whether in the interests of benchmarking and consistency this should be introduced. Internal Audit confirmed that a standard definition for assurance ratings was not in use and further, the Service sent a query to all heads of audit across Wales as well as the Governance Advisor at CIPFA’s Better Governance Forum to determine whether there was support for the introduction of the same. The exercise confirmed that councils’ definitions are not dissimilar and that of the 14 responses received, only one supported the idea of standardised assurance ratings with the remainder in favour of retaining local flexibility to report conclusions in the way most suited for their organisation.

•           CIPFA launched its Statement on the role of the Head of Internal Audit in April 2019 which sets out five principles aligned with the UK Public Sector Internal Audit Standards that outline the key expectations of heads of internal audit and the conditions that will allow them to thrive. The Head of Audit and Risk said that it was her opinion that the role of Head of Internal Audit at the Council satisfies the five principles and, in the context of “leading and directing an Internal Audit Service that is resourced appropriately, sufficiently and effectively”, she confirmed that a neighbouring authority will be able to provide a resource for Anglesey’s Internal Audit Service to backfill some of the resources that the Service is missing through maternity absence and long-term sickness absence.

The Committee discussed the following issues –

•           The Committee welcomed the confirmation of a temporary additional staffing resource for the  Internal Audit Service to bridge the gap created by staff absence reaffirming its view  that the Internal Audit function needs to be adequately resourced to provide the information for the Committee to be able to do its job properly but querying whether in light of the staff shortage  it was feasible for the Service to be undertaking the Corporate Information Governance Health Check referred to in paragraph 29 of the report instead of using an external assurance provider. The Head of Audit and Risk said that the Internal Audit Service’s familiarity with the Council’s internal processes and personnel has its advantages over an external assurance provider and in the case of the Corporate Information Governance Health Check and following consultation with the Information Governance Manager, it was felt that this piece of work could be done more effectively internally.

•           With regard to the audit review of Welfare Reform – Housing Rent Income, the Committee noted that system issues had hindered the Council’s ability to monitor the performance of those tenants on Universal Credit, and that further, the Council had not fully profiled its tenants (the Committee was updated that the response to letters requesting this information was 40%) meaning that without accurate knowledge and information about the demographics of the Island, it could hamper the Council’s ability to forward plan and gather intelligence to shape services for the future. The Committee was concerned that without this information which it felt should have been obtained as part of the preparatory work, the Council is not able to assess the impact of Universal Credit on housing rent arrears with possible implications for its income. The Committee proposed that the Head of Housing Services be asked to attend the next meeting to provide an update on the tenant profiling position.

The Head of Audit and Risk clarified that the Housing Service did not support an initial proposal for a dedicated profiling officer on the basis that the role was incorporated within the job descriptions of the Customer Care team who are now carrying out the task as part of their day to day contact with housing tenants.

It was resolved that having considered the information presented and the clarifications provided by Officers, the Audit and Governance Committee accepts and notes Internal Audit’s latest progress in terms of its service delivery, assurance provision, reviews completed, performance and effectiveness in driving improvement.

ADDITIONAL ACTION PROPOSED: Head of Housing Services to be asked to attend the Committee’s next meeting to provide an update on the tenant profiling position.