Agenda item

Report of Internal Audit Manager

The Committee received the report of the Internal Audit Manager to inform of the extent and outcome of Internal Audit work during the 2013/14 financial year and to present an annual Statement of Assurance regarding the Council’s framework of governance, risk management and control.

It was reported that the 2013/14 Internal Annual Audit Plan had been approved by the Audit Committee at its meeting on 24^th April 2013 and subsequent adjustments had been made.  The annual outturn position against the 2013/14 Annual Plan was summarised in the report.  Overall, 19 more days than originally planned had been delivered on the core programme assurance audit work.

Members were advised that a new area of work had been added to the Plan during the year, which related to work on ‘Corporate Service Reviews’, reflecting the increasing financial pressures on the Council.  The number of days actually delivered in this area of work (37) had been less than envisaged.

It was reported that the Internal Audit Team had provided the Lake District National Park Authority (LDNPA) with part of its internal audit service for 2013/14, amounting to 26 days of work.  It was also noted that there had been little call for formal investigative work elsewhere in the Plan and no other major variances in the workload.  The general contingency of 40 days had been sufficient to cover any changes.

Compliance with Professional Standards

It was reported that internal audit in local government was required to operate in accordance with ‘proper practices’ as set out in the Public Sector Internal Audit Standards (PSIAS) and the Local Government Application Note (LGAN).  The PSIASrequired the Internal Audit Manager to maintain a Quality Assurance and Improvement Programme (QAIP) including periodical internal and external assessments of compliance with the Standards.  Standard 1322 of the PSIAS required the Council to consider disclosing any significant deviations in its Annual Governance Statement. 

Members had approved a revised Internal Audit Charter at Committee on 22^nd January 2014, which considered the results of the internal assessment, and had noted the resulting action plan.  It was reported that, based on this most recent assessment, full compliance with the PSIAS and LGAN had not yet been achieved.  It was, however, the Internal Audit Manager’s view that none of the points of non-compliance or partial compliance represented a deviation of such significance as to warrant disclosure in the Annual Governance Statement.

External Assessments

With regard to external assessments, it was reported that CIPFA had advised that the first external assessments, which were required every five years by the PSIAS, should be undertaken by 1^st April 2016.  External assessments must be carried out by a competent assessor or assessment team, but it was a matter for the Internal Audit Manager to discuss and agree with Audit Committee.  This requirement was being considered collectively by the heads of Internal Audit of the 15 Lancashire local authorities comprising the Lancashire Chief Auditors Group. 

Two main options had been identified, which were engaging a professional third party accountancy/audit provider; or setting up a programme of peer reviews within the Lancashire districts.  Each head of Internal Audit had agreed to seek the initial views of their authority’s chief financial officer and the Audit Committee (or equivalent).  Members were asked to provide views on the two options, in order that they could be fed into the deliberations of the Lancashire Chief Auditors Group.

Members asked a number of questions relating to the two options identified in the report and expressed a variety of views on their relative merits.  No overall consensus was reached regarding a preferred option and it was concluded that further information, including resource implications, indicative costs and the views of the other Lancashire Authorities should be reported back to the Committee.

Internal Audit

It was reported that the Accounts and Audit (England) Regulations 2011 required the Council to conduct an annual review of the effectiveness of internal audit and for a committee of the Council to consider the findings.  A report of the review would be included within the report on the Annual Review of Governance to be considered at the next meeting of the Committee in September 2014.

Assurance Work

Members were advised that all cases of completed assurance audits had resulted in the production of a report and action plan, agreed by managers and submitted for consideration by the Audit Committee, using four levels of opinion – Maximum, Substantial, Limited, Minimal.  Appendix A to the report set out the results of individual Internal Audit assignments and the results of follow-up reviews into previously completed audits, showing nine audits listed as ‘limited’, which the Committee would receive updates on.

It was reported that the assurance opinion on an audit of Information Security and Use of Emails from the 2012/13 audit programme had not yet been raised from its original level of Minimal.  A formal review of this audit had been on hold pending completion of the work by the ICT service to meet organisational and technical requirements relating to the Government’s Public Services Network (PSN).  Having achieved the necessary accreditation in May 2014, there remained a body of work to be picked up regarding wider corporate information governance arrangements.  A formal review of the original audit findings would be undertaken in the coming months and the results reported to the Audit Committee.

It was the Internal Audit Manager’s opinion that the procedures for reporting and following up audits and reporting progress to Audit Committee continued to operate effectively.

Financial Systems Audits

Members were advised that this related to the sixteen financial system audits, including six audits relating to the Council’s various income streams and the associated fees and charges.  It was noted that assurance levels on the Council’s core financial systems remained consistently high. 

A maximum assurance opinion had been issued in relation to the Council’s arrangement surrounding Housing Benefit and Welfare Reforms.  Three audits had resulted in a limited assurance opinion.  Two of these were being reviewed under projects within the Council’s programme of service reviews.  Internal Audit was playing an active role in one of the projects and keeping a watching brief on the other.  A formal follow-up audit would be undertaken on the third, scheduled for January 2015.

It was the Internal Audit Manager’s opinion that, given the work undertaken, effective internal controls existed to ensure the accuracy and integrity of the key financial systems, and that no significant unmanaged risks or ongoing control weaknesses had been identified.

Governance Arrangements

With regard to Governance Arrangements, an updated assurance opinion of substantial had been issued during the year following a second follow-up of a 2012/13 audit of the Council’s complaints policy and procedures, which had originally been assessed as minimal. An audit of arrangements relating to officer gifts, hospitality and interests had resulted in an opinion of limited. There remained a number of outstanding considerations from earlier audit work relating to the Council’s information governance arrangements.

It was the Internal Audit Manager’s opinion that the remaining issues surrounding information governance arrangements and recognition of the Council’s achievements in achieving PSN compliance, warranted specific mention in the Annual Governance Statement.

Other Audits

It was reported that these comprised ten audits, five of which had resulted in a limited assurance opinion.  Three of these were under consideration in service reviews and arrangements had been made to feed the results of audit work into those pieces of work.

In the Internal Audit Manager’s opinion, no unmanaged risks or control weaknesses had been identified, which were so significant as to warrant disclosure in the Council’s Annual Governance Statement.  Where weaknesses had been identified, remedial action had been agreed and arrangements were in place to monitor the implementation of those actions and the level of assurance provided.

Annual Internal Audit Opinion

The Internal Audit Manager advised Members that, in his opinion, subject to the individual matters highlighted, the Council had a reliable and effective framework of governance, risk management and control.

Resolved unanimously:

(1)        That the report be noted.

(2)        That the Internal Audit Manager’s Assurance Statement and Annual Internal Audit Opinion in relation to the Annual Governance Review and Annual Governance Statement be accepted.

(3)        That a further report be submitted to the Committee on the requirement for an external assessment of Internal Audit’s compliance with proper practice standards, the report to include information on resource implications, indicative costs and the views of other Lancashire Local Authorities.