The Committee is asked to note that the performance of Internal Audit meets the required standards.
Theresa Mortimer, Chief Internal Auditor (CIA) presented the Committee with an annual report on Internal Audit activity, which met the CIA annual reporting requirements as set out in Public Sector Internal Audit Standards 2017 (PSIAS).
The report provided an annual opinion on the overall adequacy and effectiveness of the Council’s Internal Control environment comprising risk management, control and governance, this opinion supported the Council’s Annual Governance Statement. Members felt the report displayed the wide remit of activities that Internal Audit covered.
Members were referred to page 324 of the report, where a ‘Satisfactory’ opinion was provided by the CIA. It was explained that the report provided information on what was taken into account to arrive at the opinion. It was confirmed that there had been no limitations on internal audits scope. The CIA provided a summary of IA activity undertaken, with the net affect being that 92% of the overall revised plan had been delivered. Members were advised that the key changes were as a result of the number of irregularity work undertaken.
Member’s attention was drawn to page 329 of the report, which provided the Committee with a pie chart summary of the overall opinions given during 2017/2018. The CIA demonstrated that 82% of audited activity received a substantial or satisfactory opinion on control and 86% received on risk. The Committee noted the spreadsheet which provided a summary of the activity undertaken from which the CIA’s opinion was derived.
The Committee were referred to the summary of counter fraud activity undertaken during the year, such as work on special investigations, participation in the National Fraud Initiative Data matching exercise, update and review of the Council’s anti fraud polices and compliance with the Local Government Transparency Code 2015 fraud and irregularity reporting requirements and working with Gloucestershire Fraud Hub to support counter fraud work.
In terms of Internal Audit Effectiveness, the CIA explained that the PSIAS required the CIA to annually report on conformance with the PSIAS, reporting any non conformance and to summarise the performance of the Internal Audit function. The CIA was pleased to report that following an external quality assessment by the Chartered Institute of Internal Auditors (national standard setters) the Authority received 100% conformance.
On a positive note, it was reported that at the end of each audit review Internal Audit request customer feedback. Members were referred to the overview of customer satisfaction survey results, all categories of assessment exceeded Internal Audit’s target of 80% as good or excellent. It was noted that the positive comments received could be found on pages 337 – 339 of the report.
The CIA added there were always lessons to be learned and customer feedback was used to ensure that Internal Audit fully considered where improvements could be made. As such, individual staff targets had been set to assist with achieving any improvements identified.
The Committee was provided with a progress report in relation to those audits undertaken during the period April – June 2018. Members’ attention was drawn to limited assurance opinions provided on control relating to Schools. It was noted that whilst management had accepted and responded positively to the recommendations made, Internal Audit would continue to monitor their implementation. In response to a question, it was noted that five out of the seven schools referred to were maintained primary schools.
During the discussion, one member made reference to the ICT disaster recovery audit being deemed as satisfactory, it was noted that some members disagreed strongly with this statement given the audit findings. The CIA explained that there was a positive direction of travel and had agreed with management a timeline and a deadline for improvement actions to be completed by. Some members questioned this decision, as they felt at the time of writing the report it should have been deemed as limited assurance as the actions had not yet been completed. The CIA recognised their concerns and it was recommended that management attend the next meeting of the Committee to provide an update on the actions taken in relation to the recommendations made. The Committee welcomed this approach. (Action – TM)
That the Committee assessed, from the findings set out in the report that it could take reasonable assurance that the internal control environment, comprising of risk management, control and governance was operating effectively.
That senior management attend the next meeting of the Committee to provide an update on the actions taken in relation to the recommendations made in the ICT Disaster Recovery audit report.
That the Committee noted that the performance of Internal Audit met the required standards.