Agenda item
Internal Audit - Progress Report
Minutes:
The Head of the Worcestershire Internal Audit Shared Service presented the Internal Audit Progress Report to Members, which provided commentary on Internal Audit’s performance for the period 1st April to 31st December 2021, against the performance indicators agreed for the service and further information on other aspects of the service delivery.
The final full audit, as detailed at Appendix 3 to the report, were provided for the following reviews:
· Strategic Acquisitions
· General Data Protection Regulations (GDPR)
· Treasury Management
· Worcester Regulatory Services
· Benefits
Reviews that had commenced and at planning or testing stages included:
· Procurement
· Grants
· NNDR
· Council Tax
Members were informed that due to the implementation of the new financial system and an extended delay in providing audit with a ‘read only’ access profile the rolling testing programme that should have continued during Quarters 1 and 2 for Debtors and Creditors had been delayed.
One high priority audit area had been identified within the GDPR – Document Retention 2021/22, final audit report, as detailed on page 89 of the main agenda report. Officers were working closely to resolve this, and ICT resources had been targeted to deal with this issue. A further update to be provided at the next meeting of the Committee.
All recommendations before Members, have a clear management plan and implementation dates. Several implantation dates had not been reached; however, auditors would be going back to the relevant service areas to follow up on these actions. A further update would be provided at the next meeting of the Committee.
It was noted that whilst Worcestershire Regulatory Services (WRS) was hosted by Bromsgrove District Council, the final internal audit report had been shared with all WRS partner authorities.
Follow up reviews were an integral part of the audit process. There was a rolling programme of review that was undertaken to ensure that there was progress with the implementation of the agreed action plan.
Some Members raised concerns with regard to Safeguarding and the number of ‘follow up’ reviews that were taking place. It was emphasised that Safeguarding was important to everyone. It was highlighted that, as detailed on page 116 of the main agenda report, that there was a 3rd follow up report, with actions not being implemented and that a further follow up report was scheduled six months later. However, Members felt that this follow up report should be made a priority.
The Head of the Worcestershire Internal Audit Shared Service commented that Safeguarding was a sensitive area, an area of risk and a risk-based approach was taken. A further full audit would consider all areas within the District Audit Plan 2022/23, when compiling the plan, with actions or in actions being considered. The District Audit Plan 2022/23 would be presented to the Committee for scrutiny.
Safeguarding was revisited on a number of occasions in order to satisfy auditors, who when revisiting an area, would check that all implementation dates had been addressed. Where there was a transition period, this could cause a delay and management would consider this as part of the role out of any new systems.
The Head of Worcestershire Internal Audit Shared Service further stated that he would revisit this, to ensure that the requirement to reduce risk was undertaken and he would continue to review until satisfied and would endeavour to report back to Committee Members. The report before Members was a fully transparent report.
The Executive Director of Resources reassured Members that this was a very important issue and, he would remind the relevant Head of Service (HOS). We needed to ensure that at the next follow up review, if all of the actions had not been completed, Members could invite the HOS to the next meeting of the Committee.
The Chairman reiterated the concerns raised by some Members and queried whether the Council took these issues seriously and that the Corporate Management Team (CMT) should prioritise safeguarding, and that an organisation could not be run safely with these issues not being addressed. It appeared that there was somewhat of a disconnect between Internal Audit and the CMT and for such an important issue, CMT needed to work hand in hand with Internal Audit.
The Executive Director of Resources highlighted that he had noted the concerns raised and would feed these back to the CMT.
The Head of Worcestershire Internal Audit Shared Service further explained that Internal Audit were concerned as they liked to see implementation dates adhered to. Having to revisit service areas was not a good use of their resources.
Members were informed that follow up reviews were an integral part of the audit process. The outcomes of the follow up reviews were reported in full so that the risk exposure could be considered by the Committee. An escalation process involving CMT, and the Senior Management Team (SMT) was in place to ensure more effective use of resource regarding follow up visits to reduce the number of revisits necessary to confirm the recommendations had been satisfied.
In response to further questions with regard to the implementation of the new financial system and an extended delay to provide audit with a ‘read only’ access profile. Light touch audits were undertaken with auditors using their local knowledge. Auditors usually used a ‘read only’ profile, however this was not made available until December, so auditors experienced difficulty accessing information. However, they were able to use those particular local knowledge skills to run the audit.
Members were further informed that there was no additional cost to the Council for the additional resources needed.
RESOLVED that the Internal Audit Progress Report be noted.
Supporting documents:
PDF 1 MB