Reports of the Internal Auditors
Appendix A: Internal Audit Report 2018-19
Appendix B: Internal Audit Follow Up Report
Internal Audit Annual Report 2018-19
The Senior Manager from RSM, the Council’s internal auditor presented the Internal Audit Annual Report 2018-19. In presenting the report he explained that RSM met with the Council’s management team on an annual basis to draw up an audit plan for that year and put together a 3-year strategy. Once agreed with the senior management team, the plan would be brought to committee for approval. During the year the committee would receive reports on each of the audits that had been completed, the recommendations that had been raised and the level of assurance given. At the end of each year the findings of those audits were brought together and an opinion provided on the Council’s governance, risk management and internal control framework.
Members were advised that for 2018/19 internal audit had found that the organisation had an adequate and effective framework for risk management, governance and internal control, which was a positive opinion. Of the 14 audits that were undertaken, eight were given a substantial opinion, five were given reasonable assurance and one audit received partial assurance. Given the number of recommendations that had been raised and the number of positive opinions, members expressed disappointment that the level of assurance was not more positive. The committee was reassured that it was highly unlikely for any client to receive an absolute positive level of assurance. The recommendations that had been raised indicated that there are improvements that could be made. It was also noted that in drawing up the annual audit plan, officers directed audit to those areas where they considered improvement was needed, which increased the likelihood of recommendations being raised.
The Senior Manager also advised members about the other aspect of internal audit’s work, which was following up on the implementation of the recommendations that had been made.
One member asked whether internal audit had been involved in the change to the council’s risk strategy as it moved from being risk averse to risk aware. In response, the Senior Manager explained that internal audit carried out an audit of risk and governance in alternate years and 2018/19 had seen a review of the council’s governance arrangements. Audit would review risk as part of the 2019/20 audit plan. The scope of the audit would include reviewing the council’s risk registers, its risk strategy and an assessment of other key work. Separate work was also undertaken by RSM’s consulting team to support the council with its risk management framework and risk register.
Internal Audit Follow-up Report
The RSM Senior Manager referred to the Internal Audit follow-up report, which explained that 8 audit reports had been followed-up. Of the 34 actions across those audits, 17 recommendations were medium risk and the remaining 17 were low risk. The audit opinion was positive, finding that reasonable progress had been made in implementing audit’s recommendations. 21 recommendations had been implemented and 6 were in the process of being implemented while implementation of the final 7 recommendations had yet to begin. Those actions that had not been implemented were re-raised with new target completion dates. Progress would be reviewed as part of future follow-up reports. If recommendations had not been implemented at the time they were next reviewed, they would be highlighted for the committee’s attention.
Questions were asked about the audit of recruitment and retention. Members were advised that the audit involved a sample of vacancies, which were cross-checked with the staff requisition and what was advertised. The audit checked that the council was following its procedures, making sure appropriate budget was available; it did not specify the mechanism for recruitment. Any members who had concerns about whether the Recruitment Policy was being followed they should be raised through the Chief Executive as Head of Paid Service. A question was also asked about IR35 checks, with members being advised that the authority was statutorily required to check the IR35 position of any contractor it temporarily employed. If there were concerns about a past employee then these could be looked into separately but the intention of the audit was to reassure members that there was a proper checking process in place and that the contractors that were being used were brought in for a specific purposes.
In response to questions, Members were advised that the level of assurance was determined by progress made against the number of recommendations that had been implemented or were in the process of being implemented. The percentage of recommendations that had been implemented determined the opinion, which was set out in a matrix. It was noted that no high risk recommendations were raised, and that many of the recommendations were low risk, house-keeping exercises.
Members were interested in progress against the recommendations that arose from the fire safety audit as this was the only audit in 2018/19 that was not given a positive opinion. Of the 7 actions raised during the audit, 3 recommendations had been implemented in full, 2 that were in the progress of being implemented and 2 where implementation had yet to begin. Members asked specific questions about the recommendation relating to staff training, which had not been implemented; originally highlighted as a low risk recommendation, during the follow-up, it was re-categorised as a medium risk. Some concern was also expressed about the ‘stay put’ policy. Surveys were being undertaken at the Council’s sheltered housing schemes, and the policy was in the process of being reviewed. Management had committed to reviewing the policy once the review work had been completed.
It was proposed, seconded and AGREED:
1. The Governance and Audit Committee approved the Internal Audit Annual Report 2018-19 prepared by the internal auditors RSM