Agenda item
Internal Audit Annual Report 2019/20
The Head of Internal Audit, Anti-Fraud and Assurance will submit his annual report prepared in accordance with the updated Public Sector Internal Audit Standards providing his opinion on the overall adequacy and effectiveness of the Authority’s Framework of Governance, Risk Management and Control based on the work undertaken by Internal Audit for 2019/20.
Minutes:
Further to minute 60 of the meeting held on the 3rd June, 2020, the Head of Internal Audit, Anti-Fraud and Assurance submitted his finalised annual report prepared in accordance with the updated Public Sector Internal Audit Standards. The report provided his opinion on the overall adequacy and effectiveness of the Authority’s Framework of Governance, Risk Management and Control based on the work undertaken by Internal Audit for 2019/20.
In order to comply with these Standards the report provided:
· An opinion on the overall adequacy and effectiveness of the Authority’s framework of governance, risk management and control
· A summary of the audit work undertaken to formulate the opinion
· Details of key control issues identified which could be used to inform the Annual Governance Statement (AGS)
· The extent to which the work of other review or audit bodies had been relied upon.
Appendices to the report provided a summary of Internal Audit reports for the year, details and outcome of other Audit Activities concluded in the period and projects and work currently in progress as at 12th July, 2020.
The report indicated that based on the overall results of Internal Audit work undertaken to date, together with the management’s implementation of recommendations, the opinion given was a reasonable (positive) assurance and this position had not changed from his interim opinion given at the June meeting. This was based on an agreed programme of risk based audit coverage and input which had enabled a valid assurance opinion to be provided.
It was important that Senior Managers remained alert to and focussed on maintaining an appropriate, risk based and effective framework of controls as the Council entered the recovery stage of Covid 19 and also as work continued towards Barnsley 2030.
It was noted that the key results of all completed audits reported throughout the year were summarised within this report and that the Committee had been made aware of progress in the implementation of agreed management actions.
The current Audit Plan, therefore, focussed on supporting management to consider the approach to controls in the context of the impact of Covid 19.
The Head of Internal Audit, Anti-Fraud and Assurance gave a brief resume of the way in which he weighted the outcomes of audits in order to provide his assurance opinion. Whilst the updated statistical information appeared to show a worsening position, it needed to be remembered that every audit year covered different audits and so it was not easy to have a direct year-on-year comparison. It was pleasing that the culture of the Council and Senior Managers was very open to Internal Audit coverage, and as such, the service identified and was invited into areas known to require improvement which was extremely positive. Reports were always actioned, with revised dates agreed as appropriate, and the Service was also undertaking more advice and consultancy the information and feedback from which was an increasing aspect of the overall assurance opinion.
He reported that the current year was likely to have significant and unique challenges around controls and keeping things safe but at the moment, based on the work undertaken and being undertaken, there were no concerns. The financial year 2020/21 was likely to have further significant challenges around controls, governance and risk and the Audit Plan was constantly being updated to reflect changing priorities.
Mr G Mills commented on the Plan from the External Audit perspective and supported the Internal Audit Service position of considering issues in a holistic manner as now outlined.
In the ensuing discussion, the following matters were highlighted:
· There was a discussion about what would be considered an appropriate level of internal audit. It was not possible to state what any ‘tipping point’ would be as this was based on a number of factors including areas audited, advice offered, challenge provided and management response including the implementation of remedial actions. The Council did, however, recognise the value that audit contributed to the organisation as a whole and the Head of Internal Audit, Anti-Fraud and Assurance was confident that he had sufficient resources to be able to deliver the audit function in an appropriate and satisfactory manner. He assured the Committee that if he had any concerns, these would be highlighted but he was confident that this was not the case given the enhanced liaison arrangements that had been put in place and particularly through the Covid period
· In response to specific questioning, information was provided in relation to the additional work that had resulted following the Covid pandemic, particularly in relation to emergency arrangements that had been put in place and emergency payments made etc. Internal Audit staff had undertaken appropriate investigations and no major issues had been identified as processes and systems had been found to be robust
· The Annual Governance Review process had given reasonable assurance and there remained a clear focus on risk within all Business Units. The inherent framework of controls and governance was well understood and there were high levels of compliance
· In relation to the five outstanding recommendations, the Head of Internal Audit, Anti-Fraud and Assurance reported on the dates for completion as follows (all of which had been agreed as part of the audit process and better reflected a more realistic approach to timescales):
o SAP Concur (2) – 30th September, 2020
o Systems Fit for Purpose – 31st March, 2021
o Procurement (2) – 30th September, 2020 and 31st December, 2020
· In response to questioning, the Head of Internal Audit, Anti-Fraud and Assurance stated that all recommendations emanating from previous years were followed up and their implementation was reported to management and to this Committee. He then went on to give a brief overview of how this work was undertaken
· In relation to the Core Financial Systems audit, questions were raised as to whether or not a high level analytical review might be advisable covering all 10 systems detailed. In response, the Head of Internal Audit, Anti-Fraud and Assurance explained that such a high level review of audit coverage was determined by a Core Systems Audit Strategy developed and discussed with the Service Director Finance and other Senior Members of the Finance Team. This also gave the opportunity to identify and assess key areas that were likely or could potentially change the control framework and this type of analysis enabled a decision to be made on which pieces of work would be the focus of attention. It was suggested, therefore, that details of the way this was undertaken be highlighted at the Audit and Governance Workshop/training day scheduled for October. This would also then give the opportunity to influence the development of the following years Audit Strategy
· Arising out of the above, it was noted that alternative approaches to developing the Audit Plan were always being considered. Consideration was currently being given to the use of computer aided techniques and software which was also part of the development plan
RESOLVED:-
(i) that the assurance opinion provided by the Head of Internal Audit and Corporate Anti-Fraud on the adequacy and effectiveness of the Authority’s framework of governance, risk management and control be noted;
(ii) that the key issues arising from the work of Internal Audit in the context of the Annual Governance Statement be noted; and
(iii) that a presentation outlining the way in which the Audit Plan is prepared be submitted to the Workshop/training and awareness day to be held on the 28th October, 2020.
Supporting documents:
PDF 370 KB