To consider the Audit Manager’s Report No. AUD1803 (copy attached) which sets out the self-assessment exercise against the Public Sector Internal Audit Standards and the Quality and Assurance Improvement Plan for 2018/19.
The Committee considered the Audit Manager’s Report No. AUD1803, which set out the Internal Audit coverage, findings and performance for 2017/18 and presented the Audit Manager’s overall assurance opinion on the adequacy and effectiveness of the Council’s framework of governance, risk management and control environment. The Report also covered the self-assessment carried out against the Public Sector Internal Audit Standards and the progress on the Quality of Assurance Improvement Plan for the year.
It was noted that twelve audits had originally been planned to be completed within 2017/18 in order to contribute to the audit assurance opinion. However, due to additional higher priority work having been identified within 2017/18 on card payments, IT equipment and an investigation into a potential data breach, the following lower priority audits had been dropped from the Audit Plan in order to free up audit time: planning applications; weekly refuse and recycling contract; and, financial borrowing. Members were advised that an audit from the 2016/17 Audit Plan – Activation Aldershot – had now been completed and had been incorporated as part of the 2017/18 audit opinion. It was advised that the audit on the Depot was a piece of work in progress and would be carried forward into the 2018/19 Audit Plan as part of providing an audit assurance opinion in 2018/19. It was further noted that six follow-ups on recommendations made within previous audits had also been carried out in 2017/18 in order to ensure that recommendations were implemented in a timely manner. These audited areas were: HMRC – IR35 requirements; external tenants; capital projects; Farnborough and Aldershot Markets; community assets; and, IT network security.
The Committee was advised of the various factors that had been taken into account in assessing the level of assurance to be given for 2017/18. It was noted that the Audit Manager was satisfied that sufficient internal audit work had been undertaken to allow a reasonable opinion to be given on the adequacy and effectiveness of the Council’s risk management, control and governance processes. There were, however, a few areas where action would enhance the adequacy and effectiveness of governance, risk management and control, which included: rolling out of the reconstituted risk management process across the Council; incorporating the requirements of the General Data Protection Regulations within all areas of the Council; development of an Asset Management Strategy; and, improvement in the implementation of audit recommendations.
Members noted that the Quality Assurance and Improvement Plan would address some of the non-compliance and partial compliance issues over the following financial year, taking into account resources available.
The Annual Governance Statement, which was published alongside the Council’s Statement of Accounts, set out how the Council had complied with its Code of Corporate Governance and reported on the governance framework at the Council. It was noted that the Internal Auditor would be recommending that the progress towards the roll-out of the reconstituted risk management process should be reported within the Annual Governance Statement as well as progress on incorporating the General Data Protection Regulations requirements within all areas of the Council. The Internal Auditor would also include mention of progress towards developing an Asset Management Strategy.
(i) the Audit Manager’s Report No. AUD1803 be noted; and
(ii) the Quality and Assurance Improvement Plan for 2018/19 be endorsed.