To consider the Audit Manager’s Report No. AUD2207 (copy attached) which sets out the Internal Audit Coverage, findings and performance for 2021/22 and presents the Audit Manager’s overall assurance opinion on the adequacy and effectiveness of the Council’s framework of governance, risk management and control (GRC) environment. The Report also covers the self-assessment carried out against the Public Sector Internal Audit Standards (PSIAS) and the progress on the Quality and Assurance Improvement Plan (QAIP) for the year.
Minutes:
The Committee considered the Audit Manager’s Report No. AUD2207, which set out the Internal Audit coverage, findings and performance for the 2021/22 municipal year and presented the Audit Manager’s overall assurance opinion on the adequacy and effectiveness of the Council’s framework of governance, risk management and control (GRC) environment. The Report also covered the self-assessment carried out against the Public Sector Internal Audit Standards (PSIAS) and the progress on the Quality and Assurance Improvement Plan (QAIP) for the year.
The Committee was advised that, in accordance with the Accounts and Audit (England) Regulations 2015, the Audit Manager was required to report on an annual basis on the overall adequacy and effectiveness of the Council’s framework of GRC. Appendix A to the Report set out Annual Report and Audit Opinion.
It was noted that the Audit Manager was also required to carry out a self-assessment on the Internal Audit activities conformance with the PSIAS and report on this to the Committee and this information was set out in Appendix 2 to the Annual Report and Audit Opinion.
The Report set out details of the areas of assurance obtained in order to form the Audit Opinion. In assessing the level of assurance to be given for 2021/22 the opinion was based on:
· written reports on all Internal Audit work completed during the course of the year (assurance and consultancy);
· results of any follow up exercises undertaken in respect of previous years’ Internal Audit work;
· the results of work of other review bodies where appropriate (eg Public Sector Network certification);
· the quality and performance of the Internal Audit service and the extent of compliance with the PSIAS;
· participation on the Corporate Governance Group; and
· mitigations in place to minimise the risks identified within the Corporate Risk Register.
In the opinion of the Internal Auditor, sufficient assurance work had been completed within the year to enable an overall Audit Opinion of ‘reasonable’ to be provided on the Council’s GRC framework. Where weaknesses had been identified through Internal Audit review, the Internal Auditor had worked with management to agree appropriate corrective actions and a timescale for improvement.
The Report identified the following reasons key areas of non-compliance for the PSIAS:
· An external assessment carried out on the Audit activity – This was due to have been carried out every five years. Previously, this had not been done on the basis of cost/benefit due to the size of the function. However, this would be reviewed in 2022/23.
· Structure of Internal Audit function – The position of Internal Audit in the Council needed to be reviewed to assist with the improvement of its effectiveness in assisting senior management with the GRC framework. A strategy paper had been produced on the subject.
· Up-to-date Audit policies and procedures – These had not been updated in 2020/21 due to other higher priority work and Covid-19. These would be reviewed in 2022/23.
· Regular meetings with External Audit – Regular meetings had not been carried out with External Audit. This would be reviewed in 2022/23.
· An assurance map in place – A recent assurance map had not been developed to identify all the areas of assurance which could be/were obtained, including third parties. This would be addressed in 2022/23.
It was noted that all items had been included as actions within the QAIP, as set out in Appendix 3 to the Annual Report and Audit Opinion.
Members raised questions concerning staffing resources and the impact of working from home on workloads.
RESOLVED: That
(i) the coverage of assurance obtained across the Council, as set out in the Audit Manager’s Report No. AUD2207, be noted;
(ii) the level of GRC assessment in 2021/22 through opinion-based audit assurance work be noted;
(iii) the Audit Opinion given for 2021/22 be noted;
(iv) the Performance Indicators for the Internal Audit activity for 2022/23 be endorsed;
(v) the self-assessment exercise against the PSIAS and the areas of non-conformance with them, as set out in Appendix 2, be noted; and
(vi) the QAIP for 2021/22, as set out in Appendix 3, detailing areas of improvement to reduce the areas where the Audit activity did not conform to the PSIAS, be endorsed.
Supporting documents: