Agenda item

Report of the Director of Finance and Resources

The Audit and Procurement Committee considered a report of the Director of Finance and Resources that submitted the draft Internal Audit Plan for 2024/25, attached as an appendix to the report, to enable the Committee to express its views on the extent and nature of the planned coverage.

In terms of proposed audit activities, the draft Internal Audit Plan documented the outcome of the audit planning process for 2024/25. The report set out the mechanism for allowing the Audit and Procurement Committee to discharge its responsibility and also enable it to support delivery of the Internal Audit Charter by approving the Internal Audit plan.

The report indicated that the draft plan was based on an allocation of priorities against the current level of audit resources available.  For 2024/25, it had been assessed that the resources available were 650 days for audit and corporate fraud work. This was an increase of approximately 250 days when compared with 2023/24 and reflected that as the two trainee posts had now completed their level four Internal Audit Apprenticeship and successfully obtained a professional Internal Audit qualification, they had been included within the assessment of resources. The structure of the Internal Audit Service was currently being reviewed and in the event that there was a significant change in the available audit days over the course of the year, flexibility would be retained in how these resources were utilised. Updates on the resource position and any resulting change to the Plan would be provided in future reports to the Committee.

In focusing the available resources to develop a plan which met the needs of the Council and added value, the following approach had been taken:

·  An initial risk assessment had been undertaken which considered the Council’s corporate risk register and any priorities identified from consultation with Directors and other senior managers, alongside other priorities linked to areas of risk which had been highlighted by the Chief Internal Auditor. Where appropriate, an assessed risk level had been included in the Appendix to the report. Where the risk had been assessed as medium rather than high, this generally reflected the findings of previous audit reviews in the respective area / an initial assessment of the control environment.

·  Where appropriate to do so, the audits of key financial systems were undertaken on a bi-annual basis, e.g. where there was a history of the system being well controlled. 

·  Given that the number of local authority-maintained schools had reduced over recent times, a cyclical programme of school audits had been re-introduced, with the strategy that all schools were now audited every five years.

·  A flexible and responsive approach to issues highlighted by senior officers with dialogue to ensure resources were directed in accordance with their priorities.

·  A flexible approach to corporate fraud investigations, offering expert advice and support rather than undertaking the Investigating Officer role.

·  Where appropriate, planned days for individual audits had taken account of the individual auditor’s level of experience and supervision required. 

Areas of planned work included:

·  Corporate Risks – the focus in respect of the corporate risk register would align to those areas where a clear Internal Audit could contribute to the management of the risks, including emerging issues linked to the activities. This included reviews of near miss reporting, homelessness, equal pay working practices, public health funding outcomes and assurance over the governance of the Council’s group of companies. 

·  ICT – the programme was established through an IT audit needs assessment which identified areas of focus. The areas agreed were artificial intelligence, governance and IT disaster recovery.

·  Council / Audit priorities – this incorporates audit work linked to specific priorities which had a corporate impact such as equality impact assessments, payment kiosks, and emergency planning / business continuity.

·  Regularity – this included work to meet the assurance requirements of grant funding received by the Council, and co-ordination of the Annual Governance Statement and declarations of interest exercise. For grant funding, the required audit work represented less than 10% of the overall audit plan and consequently did not significantly impact on the Service’s ability to undertake its core assurance related work.

·  Directorate risks – this included those issues highlighted through dialogue with Directors which could affect the achievement of operational objectives.  Identified areas included management of plant and equipment, property disposals, energy billing, building control, and the Health Visitors contract. 

The report concluded that it was believed that the draft Internal Audit Plan for 2024/25 was sufficient for the work required to report on governance, the management of risks and internal controls in the year and to prepare the annual opinion and report.

Members asked questions and received assurances at the meeting from officers on matters that included the recent Microsoft outage, ICT action plans and engagement of a third party, and apprenticeship level posts.

RESOLVED that the Audit and Procurement Committee approves the draft Internal Audit Plan for 2024/25, as appended to the report.