City of York Council (Logo)

Meeting:

Audit and Governance Committee

Meeting date:

14/05/2025

Report of:

Head of Internal Audit (Veritau)

Portfolio of:

Cllr Lomas

Executive Member for Finance, Performance, Major Projects, Human Rights, Equality and Inclusion


Audit and Governance Committee Report: Annual Report of the Head of Internal Audit


Subject of Report

 

1.           This report includes the Head of Internal Audit annual report (annex 1), which summarises internal audit work undertaken in 2024/25 and provides an opinion on the overall adequacy and effectiveness of the council’s framework of governance, risk management and control.

 

2.           It also includes an updated internal audit charter, for the committee to approve. The charter has been updated to ensure that it reflects the requirements of the Global Internal Audit Standards in the UK Public Sector which came into effect on 1 April 2025.

 

Policy Basis

 

3.           The work of internal audit is governed by the Accounts and Audit Regulations 2015 and relevant professional standards. Up until the end of 2024/25, these standards included the Public Sector Internal Audit Standards (PSIAS), CIPFA guidance on the application of those standards in Local Government, and the CIPFA Statement on the role of the Head of Internal Audit.

 

4.           These standards require the Head of Internal Audit to bring an annual report to the Audit and Governance Committee. The report must include an opinion on the adequacy and effectiveness of the council’s framework of governance, risk management, and control. Internal audit work undertaken during 2024/25 is the main subject of this report, and the PSIAS apply to this work.

 

5.           With effect from 1 April 2025, the standards set out in paragraph 4 were replaced by what is known as the Global Internal Audit Standards in the UK Public Sector. This new regime is made up of the Institute of Internal Auditors’ Global Internal Audit Standards (GIAS), including Topical Requirements, and the Application Note: Global Internal Audit Standards in the UK Public Sector (‘the Application Note’).

 

6.           The purpose of the Application Note is to set out interpretations and requirements which need to be applied to the GIAS so that they form a suitable basis for internal audit practice in the UK public sector. The ‘relevant internal audit standard setter’ for UK local government is the Chartered Institute of Public Finance and Accountancy (CIPFA).

 

7.           CIPFA has also produced a ‘Code of Practice for the Governance of Internal Audit in UK Local Government’ (‘the Code’). The purpose of the Code is to ensure that the essential conditions for the governance of internal audit can be met in a local government context. The Code is intended for local authorities, being designed to support them in establishing effective internal audit arrangements and in providing oversight and support for internal audit.

 

8.           The internal audit charter is a key document governing the council’s internal audit service. In drafting the updated charter, the requirements and expectations of the GIAS, Application Note, and the Code have been considered and applied.

 

Recommendation and Reasons

 

9.           The Audit and Governance Committee is asked to:

 

-      Note the results of internal audit work undertaken, and the opinion of the Head of Internal Audit on the adequacy and effectiveness of the council’s framework of governance, risk management and internal control.

 

Reason

 

To enable members to consider the implications of internal audit findings.

 

-      Note the outcome of Veritau’s quality assurance and development arrangements, including the confirmation that the internal audit service conformed to the Public Sector Internal Audit Standards during 2024/25 and that it conforms to the new Global Internal Audit Standards in the UK Public Sector.

 

Reason

 

To enable members to consider the opinion of the Head of Internal Audit.

 

-      Note that no significant control weaknesses have been identified by internal audit during the year which are considered relevant to the preparation of the Annual Governance Statement.

 

Reason

 

To enable the Annual Governance Statement to be prepared.

 

-      Approve the draft internal audit charter.

 

Reason

 

To enable the committee to fulfil its responsibility to approve the purpose, authority, and responsibility of the council’s internal audit service.

 

Background

 

Head of Internal Audit annual report 2024/25

10.        To conform with professional standards and the council’s internal audit charter, the Head of Internal Audit must provide an opinion on the strength of the council’s framework of governance, risk management, and control. The annual opinion is a key source of independent assurance for the preparation of the council’s Annual Governance Statement.

 

11.        The basis for the annual opinion is the body of internal audit work performed during 2024/25. A summary of internal audit work undertaken during the year, and relevant to the opinion, is contained in annex 1.

 

12.        In addition to providing an opinion, the Head of Internal Audit is also required to report on the outcomes of the internal audit service’s quality assurance and development arrangements. This is to provide the committee with reassurance that work continues to be conform to professional standards. Annex 1 provides details on Veritau’s arrangements, confirming its conformance to the PSIAS during 2024/25 and to the new Global Internal Audit Standards in the UK Public Sector.

 

Draft internal audit charter

13.        Professional standards for internal audit require that the Head of Internal Audit develops and maintains an internal audit charter.

 

14.        An internal audit charter addresses the purpose, scope, positioning, and authority of internal audit, the support it can expect to receive from senior management, its interactions with the committee, its commitment to adhering to professional standards, and the arrangements for managing resources and quality.

 

15.        The changes to the standards regime covered in paragraphs 5 to 7 have required Veritau to update the council’s internal audit charter.

 

16.        The council already has a well-established internal audit service and so very little change has been made to its charter. References to PSIAS have been removed and replaced with the Global Internal Audit Standards in the UK Public Sector. Some minor structural and formatting changes have also been made.

 

17.        The updates made to the charter will result in no change to how the internal audit service is delivered to the council. The draft internal audit charter is contained in annex 2.

 

18.        The committee should also be aware that Veritau is currently supporting senior management in assessing its conformance with the Code of Practice for the Governance of Internal Audit in UK Local Government. This is being done to ensure that the council is sufficiently prepared to confirm its conformance when preparing its 2025/26 Annual Governance Statement.

 

Consultation Analysis

 

19.        Internal audit has provided input to the council’s Annual Governance Statement based on internal audit work completed during 2024/25. However, no consultation was required in the preparation of this report. Annex 1 details the outcomes of work delivered independently by Veritau during 2024/25 in support of the council’s framework of governance, risk management, and control.

 

20.        Internal audit has sought the views and input of the council’s Director of Finance and Director of Governance and Monitoring Officer in drafting the updated internal audit charter. The draft charter contained in annex 2 is being presented to the committee for its views and input before it is approved.

 

Risks and Mitigations

 

21.        The council will not comply with proper practice for internal audit if the results of internal audit work are not reported to senior management and the Audit and Governance Committee. This could result in external scrutiny and challenge. 

 

22.        The council will not comply with proper practice for internal audit if it does not have an approved internal audit charter. This could result in difficulties in delivering services to the council and could result in external scrutiny and challenge.

 

Contact details

 

For further information please contact the authors of this Report.

 

Author

 

Name:

Max Thomas

Job Title:

Head of Internal Audit (Veritau)

Service Area:

Veritau Limited

Telephone:

01904 552940

Report approved:

Yes

Date:

05/05/2025



 

 

Background papers

 

None


Annexes

 

·        Annex 1: Head of Internal Audit annual report 2024/25

·        Annex 2: Draft internal audit charter

·        Exempt annex 3: Safety Valve (implementation review) final audit report

·        Exempt annex 4: Housing Benefits final audit report

·        Exempt annex 5: NHS Data Security and Protection Toolkit final memorandum