Agenda item

To receive the Audit Manager’s Report No. AUD2406 (copy attached) which presents the Internal Audit Manager’s independent annual audit opinion for 2023/24.

The Committee considered the Audit Manager’s Report No. AUD2406 which set out the Internal Audit Manager’s independent annual audit opinion for 2023/24 on the adequacy and effectiveness of the Council’s framework of governance, risk management and internal control. With reference to Appendix 1 of the Report, the Committee noted that assurance levels had been provided for each of these areas in order to provide a clear assessment:

•           Internal Control – It was noted that, in the opinion of the Audit Manager, the internal control environment for the Council was reasonable. Whilst a reasonable assurance had been provided it was noted that this was on the lower level of this assurance bracket, therefore, improvements were required so that this downward trend did not continue – particularly around the financial systems where work was currently being undertaken.

During discussion on Internal Control, the Committee highlighted concerns in respect of audits carried out in 2023/24 where an assessment had been given of a limited assurance level in respect of cyber security within the supply chain and procurement cards.

The Audit Manager confirmed that where weaknesses had been identified through internal audit review, plans and actions had been discussed and developed with managers to address improvements needed. 

•           Risk Management – It was noted that, in the opinion of the Audit Manager, risk management for the Council was reasonable. Whilst a reasonable assurance had been provided the process required improvement and focus to ensure that it was an effective management tool rather than just process driven. The Committee noted that a risk appetite statement had not been defined and agreed with Members, resulting in a lack of clarity against the level of risk that would be deemed as acceptable by the Council, therefore, risks were categorised based upon individual perceptions and not calibrated against the Council’s adopted appetite.

On risk management, the Committee indicated support for the development of a risk appetite statement for the Council to support decision making.  

•           Governance - It was noted that, in the opinion of the Audit Manager, governance for the Council was reasonable. Governance issues were addressed through the corporate governance group, and it had been acknowledged that work needed to be done to improve the governance arrangements within the Council. In this way, the Corporate Governance Group had undertaken a review of the seven characteristics of good governance to assist this work and outcomes had started to be implemented, in particular around consistency and clarity of reports to the Cabinet and Council.

During discussion on governance, the Committee discussed whether a Working Group should be established to review and consider how governance arrangements within the Council’s decision-making structure were working, including the effectiveness of scrutiny, assessing how governance worked previously and how it was proposed to work going forward. In response, Mr Harrison, Executive Director, advised that the recommendations from the recent Peer Review and CIPFA reports, had proposed a review of governance arrangements and that a formal response and action plan was being developed in response to the CIPFA and Peer report recommendations. It was noted that this would establish and agree how a review should be taken forward and the Committee would play an integral part in that process.

RESOLVED That:

(1)       the Cabinet be recommended to develop a risk appetite statement for the Council to support risk management, planning and decision-making within the organisation (proposed to be considered by informal Cabinet)

(2)       further details in respect of those audits carried out in 2023/24 assessed as having limited assurance including cyber security within the supply chain, procurement cards and Rushmoor Homes Limited be reported in the next audit update report. Relevant Service Managers to be invited to report to the committee in the future as needed.

(3)       the Audit Opinion given for governance, risk management and internal control

for 2023/24 be noted, and

(4)       the self-assessment exercise against the Public Sector Internal Audit Standards (PSIAS) and the improvement areas be noted.