Agenda item

Report of the Director of Finance

The Audit and Procurement Committee considered a report of the Director of Finance that submitted the draft Internal Audit Plan for 2021-22, attached as an appendix to the report, to the Audit and Procurement Committee to allow the Committee to express its views on the extent and nature of the planned coverage.

In terms of proposed audit activities, the draft Internal Audit Plan documented the outcome of the audit planning process for 2021-2022. The report set out the mechanism for allowing the Audit and Procurement Committee to discharge its responsibility but also enabled them, as a key stakeholder of the Internal Audit Service, to comment on the content and scope of the proposed Internal Audit Plan.

The priorities of internal audit activity were determined through the development of an annual risk- based Internal Audit Plan. The report documented the planning process and identified the outcome of the process, namely the draft Internal Audit Plan for 2021-2022.

Key points to note from the results of the initial assessment of priorities included:

 i.  The draft plan was based on an allocation of priorities against the current level of audit resources available. The resource requirements had been assessed taking into account the requirement to produce an annual audit opinion and the Council’s overall assurance framework. Due to current vacancies in the Service, it was difficult at this stage to precisely define the overall level of resources that would be available for 2021-2022, however a current estimate had been made that there would be 650 days for audit and corporate fraud work, compared to 500 days in 2020-21. In the event that there was a significant change in the available audit days over the course of the year, flexibility would be retained in how these resources were utilised. Updates on the resource position and any resulting change to the audit plan would be provided in future reports to the Committee. 

ii.  In focusing the available resources to develop a plan which met the needs of the Council, the following approach had been taken:

•  A documented risk assessment has been undertaken, which considered the Council’s corporate risk register and key priorities as identified from consultation with Directors and other senior managers, alongside other priorities linked to areas of risk which have been highlighted by the Chief Internal Auditor. Where appropriate, an assessed risk level had been made. Where stated as medium rather than high, this generally reflected findings of previous audit reviews in the respective area / an initial assessment of the control environment.

•  A risk-based approach to the audit of schools, rather than a cyclical programme of audit work.

•  A flexible and responsive approach to issues highlighted by senior officers with dialogue to ensure resources were directed in accordance with their priorities.

•  A flexible approach to corporate fraud investigations, offering expert advice and support rather than undertaking the Investigating Officer role. 

•  The need to continue to allocate some resource to supporting the administration and assurance requirements linked to the government’s Covid-19 business related grants. 

Other areas of planned work included:

  i.  Corporate Risks – the focus of audit coverage in 2021-22 regarding the corporate risk register, was aligned to those areas where it was clear Internal Audit could make a contribution to the management of the risks, including emerging issues linked to activities. This included reviews of budgetary control, equality and diversity in recruitment, and arrangements linked to the prevention and relief of homelessness.

  ii.  ICT – The programme of work of IT audit work was established through an IT audit needs assessment which identified areas of focus over a three-year period (subject to annual review.) In 2021-2022, the areas which had been agreed were File Storage (optimising and making the best use of available platforms), Service Desk (assessment of the new system for raising IT issues and associated processes), and Storage Area Network (a modernisation project.)

  iii.  Council / Audit priorities – this incorporated audit work linked to specific priorities which had a corporate impact such as purchasing cards, IR35 compliance and climate change. 

  iv.  Regularity – this included work to meet the assurance requirements of grant funding received by the Council, and co-ordination of the Annual Governance Statement and declarations of interest exercise.

  v.  Directorate risks – this audit area included those issues highlighted through dialogue with Directors which could affect the achievement of operational objectives. In 2021-2022 identified areas include Public Health information management system, Fleet Services and buildings statutory compliance. 

As a result, it is believed that the draft Audit Plan for 2021-22 was sufficient for the work required to report on governance, the management of risks and internal controls in the year and to prepare our annual opinion and report.

The Committee agreed that consideration be given to a future audit of Customer Services performance and also that equality and diversity remained a focus in next year’s Audit Plan.

RESOLVED that the Audit and Procurement Committee notes the content and scope of the draft Internal Audit Plan for 2021-22, attached as Appendix 1 to the report, and approves the Plan.