Agenda item

To present the report of the Head of Audit and Risk.

The Annual Report of the Internal Audit Service for 2023/24 was presented for the Committee’s consideration. The report summarised the work and performance of Internal Audit during 2023/24 and provided the Head of Audit and Risk’s opinion on the overall adequacy and effectiveness of the Council’s governance, risk management and control framework for the year along with a statement on conformance with the Public Sector Internal Audit Standards (PSIAS)

The report was presented by the Head of Audit and Risk who highlighted the main points including the Head of Audit and Risk’s opinion that for the 12 months ended 31 March, 2024 the Council had an adequate and effective framework for risk management, governance, and internal control; the work supporting the opinion; the performance of Internal Audit against agreed indicators and conformance with the PSIAS. The Head of Audit and Risk referred also to Appendix B of the report which detailed the audit coverage of red and amber residual risks in the strategic risk register over the past six years.

The following were points of discussion by the Committee –

·      Whether the responsibility for strategic risk YM9 (the risk of a lack of suitable housing that local residents can afford in their local communities) should lie with the Council and whether in being rated “Yellow” in the June 2022 audit it is being underrated given the increase in the number of people on the Council housing waiting list.

·      The approach to measuring new risk YM16 (the risk that the Council is unable to manage change effectively which limits its ability to modernise and deliver sustainable, effective, and efficient services)

·      Whether given the addition of strategic risk YM16 to the Corporate Risk Register, the Internal Audit Service is adequately resourced with 3.3 actual FTE in 2023/24 against a target of 4.0 FTE in 2023/24 and a target which was 5.0 FTE in 2022/23.

·      Whether paragraph 35 of the report indicates that management’s understanding and awareness of risks has evolved and matured.

The Committee was advised as follows –

·      That strategic risk YM9 remains Red on the Strategic Risk Register and that the Yellow rating refers to the outcome of the audit work undertaken with regard to the control environment and the effectiveness of the control measures in relation to YM9 which have been assessed as providing reasonable assurance. Internal Audit is also in the process of scoping a piece of work to examine the Council’s housebuilding programme and strategy which is scheduled to be undertaken over the summer.

·      That with regard to risk YM16, the approach will entail examining the controls currently in place to evaluate their effectiveness and whether they are fit for purpose. An audit opinion will be issued based on the outcome of the evaluation.

·      That the funding from the vacancy in Internal Audit is being used to commission specialist expertise both for IT audits as well as for other audits that may be especially complex meaning the service is thereby obtaining high quality and high value subject expertise that may not be available through having a person in post. Additionally it would be difficult to make a case for additional staff at a time when Internal Audit is able to provide an annual audit opinion based on the scope of the work executed which is the service’s objective. The Head of Audit and Risk confirmed that with continued flexibility to use the savings from vacancies to commission external support as and when required, she was confident the Internal Audit can continue to deliver with the resources available to it.

·      That the risks/issues identified and presented to management by Internal Audit are evaluated according to the Council’s strategic risk assessment matrix. Management is expected to prioritise risks/issues rated “Amber” ahead of those rated “Yellow”/Moderate which is the approach management is taking.

Having considered the Internal Audit Annual Report for 2023/24, it was resolved to note the summary of the work carried out during the year and the assurances provided, together with the overall opinion and the performance of the Internal Audit function in particular the level of conformance with the Public Sector Internal Auditing Standards.