Agenda item

Internal Audit activity report

Minutes:

The committee considered the latest Internal Audit activity report.

 

Overview:

 

The Interim Chief Internal Auditor presented the report, highlighting the following key points:

 

a.     In terms of the Audit Plan, 27% of planned reviews had commenced, with 12% at draft or final report stage.

 

b.     The Audit team’s pro-active fraud work continued to identify a good level of recoverable savings and a number of successes in relation to council tenancies.

 

c.      11 grants/certifications with a total value of £10m had been certified to date.

 

d.     For the 9 concluded follow-up audits in this period, 83% of recommendations were either fully or partially implemented.

 

e.     Internal Audit resources (see later section of this minute).

 

Completed summaries:

The Interim Chief Internal Auditor then updated the committee in relation to the summaries of 8 completed audits (reference numbers quoted below relate to those used in the report):

 

A – CORPORATE

 

A1 – Executive officer decision making:

After completion of fieldwork, a limited assurance audit opinion was assigned.  6 recommendations for improvement had been agreed for implementation, including clarification of where responsibility lay for the publication of decisions.

 

A2 – Corporate and IT business continuity planning - follow-up:

The follow-up review had identified that of 8 recommendations from the original review, 4 key areas had not been implemented.  Timescales for the implementation of outstanding recommendations were now agreed, including critical systems checks.

 

A3 – Contract waivers to procurement regulations – follow up:

The follow-up review had identified that whilst most recommendations from the original review had been implemented, there were still some practice issues to be addressed and the number of contract waivers was still too high.  Timescales for the implementation of outstanding recommendations were now agreed and would be subject to a further follow-up review in the last quarter of 2018-19.

 

In discussion, an update was given on the work taking place to register all contracts, including mapping the timescales for contract renewal.  It was recognised that despite an improved position, there was a need to instigate a more fundamental “culture change” across the Council in relation to procurement, so that properly planned processes were routinely in place and then followed.

 

B – ADULTS, CHILDREN AND EDUCATION

 

B1 – Foster care payments – follow up:

The follow-up review had identified that none of the recommendations from the original review had been fully implemented.  Timescales for the implementation of the recommendations were now agreed and would be subject to a further follow-up review in the last quarter of 2018-19.

 

Whilst noting that the scope of / issues raised by this review were specifically around the payment process, Cllr Negus suggested that the authority needed to be very mindful of the need to recruit more foster parents, not only because this was in the best interests of vulnerable children but because this was also the best option for the Council in terms of cost effectiveness.  Cllr Negus questioned why the report did not refer to this.  The Interim Chief Internal Auditor commented that audit subject areas must have parameters to their scope and this review relating to foster care concentrated on the payment process rather than recruitment of foster carers.

 

C - COMMUNITIES

 

C1 – Planned maintenance:

After completion of fieldwork, a reasonable assurance audit opinion was assigned, identifying a number of areas of compliance/good practice as well as 12 recommendations for improvement.  These recommendations had been agreed for implementation within appropriate timescales.

 

D – GROWTH AND REGENERATION

 

D1 – Car parking income:

After completion of fieldwork, a reasonable assurance audit opinion was assigned.  Particular issues identified had been “out of date” tariffs resulting in income loss, failure to investigate income variances and vault tickets not always being available.   11 recommendations had been agreed for implementation within appropriate timescales.

 

In discussion, members noted the ongoing need to ensure rigorous internal control arrangements around cash collection from pay stations.

 

D2 – Sale and disposal of assets – follow up:

This follow-up review had identified that of 13 recommendations from the original review, 8 had been fully implemented, with 5 further actions in progress. Timescales for the implementation of these recommendations were now agreed and would be subject to a further follow-up review in the last quarter of 2018-19.

 

E – RESOURCES

 

E1 Mobile devices – follow up

The follow-up review had been completed at a time when the ICT Future State Assessment had been undertaken; 6 of the original recommendations had been superseded by the ICT improvement plans.  Timescales for the implementation of remaining recommendations were now agreed and would be subject to a further follow-up review in the last quarter of 2018-19.

 

In discussion, Cllr Radford advised that recently, a newly elected councillor had evidently received no training / guidance on the use of CounciI IT and around information security / GDPR and had only become aware of this through discussion with other councillors.  It was noted that this matter would be drawn to the attention of the Council’s Senior Information Risk Officer / statutory data protection officer.

 

Internal Audit resources:

As identified in the report, the Interim Chief Internal Auditor drew the committee’s attention to the current resource position in relation to the Internal Audit team, relating to short and medium term factors, highlighting the following:

 

a.     The service continued to carry vacancies, and was currently holding vacancies for the equivalent of 4 posts.  Over the last year, the service had had to utilise temporary appointments to try to bridge this gap.

 

b.     Current market conditions are challenging for the recruitment of suitably qualified and experienced audit staff (an issue faced also by neighbouring local authorities).

 

c.      A proposed skills review of the Internal Audit and Counter Fraud service was dependent on wider Council resource considerations.  Consequently, assurance could not be given, with the current level of resource, that the service would have sufficient skill sets or the capacity to deliver the required added value on the very wide range of assurance, governance and counter-fraud matters it is engaged with and to meet the expectations of the service’s stakeholders moving forwards.

 

d.     It was very important to note the context whereby (in comparison with the cost of the Internal Audit and Counter Fraud service), Counter Fraud activity alone had achieved £4.3m of notional and recoverable savings for the authority in 2017-18.

In discussion, members noted the Internal Audit resource position with concern, noting that the allocation of any further resource to the team was a corporate issue for the Council. 

 

It was noted also that measures were being put in place, as part of the finance team restructure, to develop improved training and support packages for individual employees who demonstrated the potential to develop their skill sets, as part of the process of ensuring that all services had the right and appropriate level of officer capability and skills, to encourage the retention of well trained staff and to reduce spend on recruiting temporary external staff.  This “right sizing” approach was fundamental to the current review.

 

In discussion, members suggested that consideration be given to launching a further Internal Audit recruitment campaign this autumn; consideration could perhaps also be given to recruiting graduate trainees, including suitable graduate candidates from the local universities.  It was noted that Simon Cookson would share (with the Interim Chief Internal Auditor) details of the recruitment initiatives taken by the NHS Wales audit service.

 

It was queried whether, given the resource position, there was any risk to the internal audit service being able to provide an overall opinion, at year end, on the overall adequacy and effectiveness of the organisation’s governance, risk and control framework.  It was noted that this potential risk would be assessed and an update on the assurance level able to be offered by the Internal Audit team in light of the resource situation would be submitted to the next meeting.

 

Noting and taking the above into account, it was

 

RESOLVED:

1. That the report and the above information be noted.

 

2. That an update on the assurance level able to be offered by the Internal Audit team in light of the resource situation be submitted to the next meeting, including an assessment of any potential risk to the team’s ability to provide an overall opinion at year end on the overall adequacy and effectiveness of the organisation’s governance, risk and control framework.

 

Supporting documents: