ANNUAL HEAD OF INTERNAL AUDIT REPORT ,19 July 2023,ANNEX 1,cyc logo
A building with a tower  Description automatically generated


 


CONTENTS

Background,Briefcase icon blue,4 Internal audit work carried out,Handshake icon blue,4
Follow up of agreed actions,5 Professional standards,5
Opinion of the Head of Internal Audit,Lightbulb icon blue,6
Appendix A
 2022/23 internal audit work
 ,7
Appendix B
 Summary of key issues from audits finalised since the last report to the committee
10
Appendix C
 Audit opinions and priorities for actions
15
Appendix D
 Follow up of agreed audit actions
16
Appendix E
 Internal audit – quality assurance and improvement programme
17
 

 


 

 

 



Appendix F
 Exit Payments
25
A picture containing human face, person, clothing, portrait  Description automatically generated
Circulation list: Members of the Audit and Governance Committee

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 



  BACKGROUND

1          The work of internal audit is governed by the Public Sector Internal Audit Standards (PSIAS) and the council’s audit charter. These require the Head of Internal Audit to bring an annual report to the Audit and Governance Committee. The report must include an opinion on the adequacy and effectiveness of the council’s framework of governance, risk management and control. The report should also include:

(a)        any qualifications to the opinion, together with the reasons for those qualifications (including any impairment to independence or objectivity)

(b)        any particular control weakness judged to be relevant to the preparation of the annual governance statement

(c)        a summary of work undertaken to support the opinion,including any reliance placed on the work of other assurance bodies

(d)        an overall summary of internal audit performance and the results of the internal audit service’s quality assurance and improvement programme, including a statement on conformance with the PSIAS.

 

   INTERNAL AUDIT WORK CARRIED OUT IN 2022/23

2          Throughout 2022/23 audit work has continued to be prioritised based on risk and the need to provide coverage of the council’s framework of governance, risk management and control. This has seen audits drop out of the work programme and others added as risks and priorities have changed and as our understanding of key systems of internal control has developed.

3          We have also continued to promote good governance, provide advice and support, and make recommendations to management to help improve controls. We have met with the Chief Finance Officer, Monitoring Officer, directorate senior management teams and other officers on a regular basis to help identify and address governance issues and concerns, and to ensure audit work has remained targeted towards key areas.

4          The results of completed audit work have been reported to service managers and relevant chief officers during the course of the year. In addition, summaries of all finalised audit reports have been presented to this committee as part of regular progress reports.

5          A summary of internal audit work undertaken during the year and relevant to the opinion is contained in appendix A. This appendix also shows other work undertaken by the internal audit team to support the council during 2022/23.

6          At the time of writing, five audits have been finalised since the previous report to this committee. A further nine audit reports have been issued to the responsible officers but remain in draft. We expect these audits to be finalised over the next 3-4 weeks. Seven other audits which started in 2022/23 are ongoing due to some slippage in delivery of the work programme. We anticipate that the outcome of these audits will be reported to the next meeting of this committee.

7          Appendix B provides details of the key findings arising from internal audit assignments completed, that we have not previously reported to the committee. Final reports listed in appendix B are included as exempt annexes to this report.

8          Appendix C provides an explanation of our assurance levels and priorities for management action

 

   FOLLOW UP OF AGREED ACTIONS

9          All actions agreed with services as a result of internal audit work are followed up to ensure that issues are addressed. As a result of this work we are generally satisfied that sufficient progress is being made to address the control weaknesses identified in previous audits. A summary of the current status of follow up activity is included at appendix D.

 

      PROFESSIONAL STANDARDS

10       In order to comply with Public Sector Internal Audit Standards (PSIAS) the Head of Internal Audit is required to develop and maintain an ongoing quality assurance and improvement programme (QAIP). The objective of the QAIP is to ensure that working practices continue to conform to professional standards. The results of the QAIP are reported to the committee each year as part of the annual report. The QAIP consists of various elements, including:

 

·         maintenance of a detailed audit procedures manual and standard operating practices

·         ongoing performance monitoring of internal audit activity

·         regular customer feedback

·         training plans and associated training and development activities

·         periodic self-assessments of internal audit working practices (to evaluate conformance to the standards)

 

11       External assessments must be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the organisation. The most recent external assessment of Veritau internal audit working practices was undertaken in November 2018[1]. This concluded that Veritau internal audit activity generally conforms to the PSIAS[2].

 

12       Another external assessment is due. Veritau has commissioned the Chartered Institute of Internal Auditors to carry out an assessment in summer 2023. The work will be undertaken in July and August. The results of the assessment will be reported to the Audit and Governance Committee when completed.

 

13       The outcome of the recently completed self-assessment demonstrates that the service continues to generally conform to the PSIAS, including the Code of Ethics and the Standards. Further details of the QAIP are given in appendix E.

 

14       The Internal Audit Charter sets out how internal audit at the council will be provided in accordance with the PSIAS. The Charter is reviewed on an annual basis and any proposed changes are brought to the Audit and Governance Committee. No changes are proposed at this time.

 

Lightbulb icon blue      OPINION OF THE HEAD OF INTERNAL AUDIT

15       The overall opinion of the Head of Internal Audit on the framework of governance, risk management and control operating at the council is that it provides Reasonable Assurance.

 

16       The opinion given is based on work that has been undertaken directly by internal audit, and on the cumulative knowledge gained through our ongoing liaison and planning with officers. No reliance was placed on the work of other assurance providers in reaching this opinion, and there are no significant control weaknesses which, in the opinion of the Head of Internal Audit, need to be considered for inclusion in the Annual Governance Statement.

 

 

Audit progress report footer banner 


 


APPENDIX A: INTERNAL AUDIT WORK IN 2022/23

Final reports issued

Audit

Reported to Committee

Opinion

Commercial procurement and compliance

July 2023

Substantial Assurance

Sundry debtors

July 2023

Substantial Assurance

Savings plans

July 2023

Reasonable Assurance

Ordering and creditor payments

July 2023

Substantial Assurance

Main accounting system

July 2023

Substantial Assurance

Physical information security (satellite sites)

March 2023

Reasonable Assurance

Physical information security (West Offices and Hazel Court)

March 2023

Reasonable Assurance

Payroll (schools)

March 2023

Substantial Assurance

Absence management (schools)

March 2023

Reasonable Assurance

ICT asset management

March 2023

Reasonable Assurance

Complaints, concerns, comments and compliments

March 2023

Reasonable Assurance

Commercial waste (follow-up)

March 2023

No Opinion Given

100-hour short breaks

March 2023

No Opinion Given

Council tax support and housing benefit

November 2022

Substantial Assurance

Poppleton Road Primary School

November 2022

Reasonable Assurance

Contract management – GLL Community Stadium & Leisure

November 2022

Reasonable Assurance

Safety Advisory Group (SAG) governance

June 2022

Reasonable Assurance

Fishergate Primary School

June 2022

Reasonable Assurance

Highways CDM (construction, design and management) regulations

June 2022

Reasonable Assurance

 

Audits in progress

Audit

Status

Jewson managed stores contract

Draft

Council tax and NNDR

Draft

Insurance arrangements

Draft

Public Health – procurement and contract management

Draft

Risk management

Draft

Health and safety (premises risk assessments)

Draft

Housing rents (inc. data quality)

Draft

York Climate Change Strategy: governance

Draft

CCTV: Surveillance Camera Code of Practice

Draft

Schools themed audit: SFVS

In progress

Teckal company governance: Make it York

In progress

ICT remote access

In progress

Parking

In progress

Data security incident management

In progress

Schools themed audit: SEN funding

In progress

Foster carer payments

In progress

 

Other work completed in 2022/23

Internal audit work has been undertaken in a range of other areas during the year, including those listed below.

·         Follow up of agreed actions

·         Grant certification work:

    • Scambusters
    • West Yorkshire Plus Transport Fund and Transforming Cities Fund
    • Contain Outbreak Management Fund
    • Test and Trace Support Payment Scheme
    • Supporting Families Programme (September 2022, December 2022, March 2023 returns)
    • Green Homes Grant LAD 1B
    • Green Homes Grant LAD 2
    • UK Community Renewal Fund
    • Local Authority Test and Trace Support Payment Scheme
    • Public Health England Adult Weight Management Services Grant
    • Provision of initial support and advice on the design of the UK Shared Prosperity Fund assurance framework, and consultation on future assurance requirements
    • Section 31 Biodiversity Net Gain
  • Assurance review of the ESFA subcontracting standards for post-16 providers

·         Support and advice on health and safety related issues to CMT

·         Completion of council-wide records management health check (via survey)

·         Completion of analytics-led review of payroll system data integrity

·         Completion of special severance payment review against the City of York Council Exit Guidance (more detail in appendix F)

·         Fact-finding review relating to the administration of the council’s food and fuel voucher scheme

·         Completion of spot checks on additional payments to care workers, and reporting to the Adult Social Care & Integration DMT

·         Review of the council’s PDR policy framework and related guidance, training uptake, and appraisal completion rates

·         Completion of spot-checking exercise relating to the administration of adults’ direct payments

·         Completion of consultation work on the system for booking of hire cars and the monitoring of their use

·         Provision of support and advice:

o   Payroll deviance checking process

o   Processing of Yorwaste invoices

o   Responding to internal requests to amend supplier details

 


APPENDIX B: SUMMARY OF KEY ISSUES FROM AUDITS FINALISED SINCE THE LAST REPORT TO THE COMMITTEE

System/area

Opinion

Area reviewed

Date issued

Comments

Management actions agreed

Main accounting system

Substantial Assurance

This audit focused on the arrangements for the overall governance of the Civica Financials system and controls and risks relating to the general ledger.

March 2023

Adequate controls are in place to maintain the accuracy and integrity of Civica Financials and audit testing found these to be operating effectively.

Some improvements could be made to the process for documenting approvals for transfers of budget between budget headings.

At the time of the audit there was an unreconciled balance of £1.6m on the contractors building services control account. This was due to known issues with the interface between the new housing management system (Open Housing) and Civica Financials. Officers were aware of this issue and actively seeking a resolution.

A log will be developed that to record approvals given for all budget transfers.

Investigations into the cause of the discrepancies between Open Housing and Civica Financials will be completed and the balance of the control account BB801 will be cleared.

Creditors

Substantial Assurance

This audit involved reviewing the design and effectiveness of controls relating to the payment run process, file interfaces, user access management, and the purchase-to-pay cycle. It also included a review of mandate fraud prevention controls and involved follow-up of actions agreed in the 2021/22 audit.

March 2023

A robust process is in place for conducting payment runs, with suitable checks, authorisations and supporting documentation available. However, there is no documented list of officers authorised to grant access to the payment system. File interfaces were found to be accurate, complete and had received appropriate authorisation.

There is a comprehensive procedure in place for making changes to creditor details that was put in place in April 2022 and updated again in October 2022. Sample testing of amendments to supplier accounts found this procedure to have been followed in all cases.

Purchase orders, invoices and non-standard payments were found to have received suitable approval. However, an issue was identified with how Civica Purchasing authorisation audit trail information is presented on system reports.

A significant proportion of purchase orders were found to have been raised after the invoice date, indicating that orders are placed with suppliers prior to purchase orders being raised.

A number of actions were agreed with management to address the control weaknesses identified relating to retrospective purchase ordering. These included reviewing the current purchase-to-pay policy, providing training and guidance to staff in purchasing roles, and reviewing business support’s role in raising requisitions.

The authority to approve access to the payment system will be documented and published on the intranet.

The issue with inaccurate reporting of approving officer will be raised with Civica.

Savings plans

Reasonable Assurance

The purpose of this audit was to provide assurance on processes involved in the development, monitoring and reporting of savings plans. Detailed testing was undertaken on four savings proposals from the Adult Social Care & Integration directorate and four from the Place directorate.

June 2023

At the start of the 2022/23 financial year there were no detailed plans in place to deliver any of the four savings proposals in the Adult Social Care & Integration directorate. Plans were developed during the year for three of the four proposals we reviewed. However, the delay in developing and implementing the plans meant that none would be delivered in full during 2022/23. At the time of the audit, there was still no clear plan in place to deliver the savings in Residential and Nursing Care. Monthly highlight reports are presented to Council Management Team which update senior management on progress in delivering savings plans within the directorate.

No significant issues were noted with the Place directorate savings plans. All four were expected to achieve the savings target by the end of 2022/23. Savings plans are discussed as part of quarterly cost control meetings held with the Directorate Management Team.

From 2023/24, savings within Adult Social Care & Integration will be allocated to responsible officers. These officers will be expected to complete detailed ‘Plans on a Page’ to describe how the saving will be made and monitored.

Plans to be reviewed regularly at the Finance & Performance Group, and progress reported to DMT and CMT. Mitigations will be considered if saving plans are not met.

Project Manager – Social Care & Integration will oversee the directorate’s programme of savings.

Sundry debtors

Substantial Assurance

This audit involved reviewing controls in place to ensure that invoices are raised promptly and accurately, that income is correctly credited to customer accounts, that outstanding debt is subject to appropriate recovery action, and that debts are only written off once recovery efforts have been exhausted.

June 2023

All key processes in the management of sundry debt accounts were found to be working effectively. Invoices are raised promptly and the vast majority are accurate. However, some information was found to be missing from periodic invoice request forms. Appropriate procedures are in place to control the application of credits to debtor accounts.

An automated process is in place for the allocation of payments to the correct debtor invoice. Daily checks are undertaken to identify unallocated payments, and match these to the correct debtor account.

Bad debt and aged debt monitoring reports are being produced and reviewed regularly. Testing of outstanding debts found that appropriate recovery routes were being followed. All write-offs reviewed were appropriate and had received the correct level of approval.

Extra training will be provided to staff working in the Sundry Debtors team to avoid the Periodic Invoice Master errors identified during testing.

Commercial procurement and compliance

Substantial Assurance

This audit reviewed the arrangements in place within the commercial procurement service to oversee the procurement forward planning process. It also included a review of processes in place to approve waivers and to identify and respond to breaches of the Contract Procedure Rules (CPRs).

In addition, the audit reviewed the council’s preparedness for the changes to be introduced by the Procurement Bill.

June 2023

Three separate category plans are in place and maintained by the category managers. The plans help prioritise, resource and schedule procurement activity according to their function. Differences in format and use were noted between plans which made it difficult to verify whether they were all complete and up to date.

A clear and documented process is in place for submitting and approving waivers. The process was correctly followed for waivers reviewed during the audit. The commercial procurement service proactively monitors spend each month to identify and challenge possible breaches of the CPRs.

Work has started to prepare for the upcoming changes that will be brought about by the Procurement Bill but its expected implementation has slipped meaning that some preparations will need to wait until there is further clarity on the Bill’s content.

All category plans will be reviewed to ensure that they are consistent and contain all relevant information needed to prioritise, resource and schedule procurement activity across the council.


 

APPENDIX C: AUDIT OPINIONS AND PRIORITIES FOR ACTION

Audit opinions

Audit work is based on sampling transactions to test the operation of systems. It cannot guarantee the elimination of fraud or error. Our opinion is based on the risks we identify at the time of the audit.
Our overall audit opinion is based on 4 grades of opinion, as set out below.

Opinion

Assessment of internal control

Substantial assurance
Overall, good management of risk with few weaknesses identified. An effective control environment is in operation but there is scope for further improvement in the areas identified.
Reasonable assurance
Overall, satisfactory management of risk with a number of weaknesses identified. An acceptable control environment is in operation but there are a number of improvements that could be made.
Limited assurance
Overall, poor management of risk with significant control weaknesses in key areas and major improvements required before an effective control environment will be in operation.
No assurance
Overall, there is a fundamental failure in control and risks are not being effectively managed. A number of key areas require substantial improvement to protect the system from error and abuse.

Priorities for actions

Priority 1
A fundamental system weakness, which presents unacceptable risk to the system objectives and requires urgent attention by management
Priority 2
A significant system weakness, whose impact or frequency presents risks to the system objectives, which needs to be addressed by management.
Priority 3
The system objectives are not exposed to significant risk, but the issue merits attention by management.

 


 

APPENDIX D: FOLLOW UP OF AGREED AUDIT ACTIONS

Where weaknesses in systems are found by internal audit, the auditors agree actions with the responsible manager to address the issues. Agreed actions include target dates and internal audit carry out follow up work to check that the issue has been resolved once these target dates are reached. Follow up work is carried out through a combination of questionnaires completed by responsible managers, risk assessment, and by further detailed review by the auditors where necessary. Where managers have not taken the action they agreed to, issues are escalated to more senior managers, and ultimately may be referred to the Audit and Governance Committee. 

A total of 86 actions have been followed up. A summary of the priority of these actions and the directorate they relate to is included below.

Actions followed up

 

Actions followed up by directorate

Priority of actions

Number of actions followed up

 

Other (Customers, Governance, Finance, HR)

Place Directorate

 

Adult Social Care and Integration

Children and Education

1

1

 

0

1

0

0

2

44

 

26

14

1

3

3

41

 

18

8

3

12

Total

86

 

44

23

4

15

 

Of the 86 agreed actions, 54 (63%) had been satisfactorily implemented and 20 (23%) had been superseded. The number of actions marked as superseded is higher than normal because a review of outstanding actions, dating back to the period of the Covid pandemic was undertaken. This review found that in some cases circumstances had changed significantly and the previous actions were no longer appropriate. In many cases control weaknesses were re-examined and new actions raised to address any issues that remained. These new actions will be followed up and reported in the usual way. In 12 cases (14%) the action had not been implemented by the target date and a revised date was agreed. This is done where the delay in addressing an issue will not lead to unacceptable exposure to risk and where, for example, the delays are unavoidable.


 


APPENDIX E: INTERNAL AUDIT – QUALITY ASSURANCE AND IMPROVEMENT PROGRAMME

1.0  Background

 

Ongoing quality assurance arrangements

 

Veritau maintains appropriate ongoing quality assurance arrangements designed to ensure that internal audit work is undertaken in accordance with relevant professional standards (specifically the Public Sector Internal Audit Standards).  These arrangements include:

p  the maintenance of a detailed audit procedures manual

p  the requirement for all audit staff to conform to the Code of Ethics and Standards of Conduct Policy

p  the requirement for all audit staff to complete annual declarations of interest

p  detailed job descriptions and competency profiles for each internal audit post

p  regular performance meetings

p  regular 1:2:1 meetings to monitor progress with audit engagements

p  induction programmes, training plans and associated training activities

p  attendance on relevant courses and access to e-learning material

p  the maintenance of training records and training evaluation procedures

p  membership of professional networks

p  agreement of the objectives, scope and expected timescales for each audit engagement with the client before detailed work commences (audit specification)

p  the results of all audit testing and other associated work documented using the company’s automated working paper system (Sword Audit Manager)

p  file review by senior auditors and audit managers and sign-off at each stage of the audit process

p  the ongoing investment in tools to support the effective performance of internal audit work (for example data interrogation software)

p  post audit questionnaires (customer satisfaction surveys) issued following each audit engagement

p  regular client liaison meetings to discuss progress, share information and evaluate performance

 

On an ongoing basis, completed audit work is subject to internal peer review by a Quality Assurance group. The review process is designed to ensure audit work is completed consistently and to the required quality standards. The work of the Quality Assurance group is overseen by an Assistant Director. Any key learning points are shared with the relevant internal auditors and audit managers. The Head of Internal Audit will also be informed of any general areas requiring improvement. Appropriate mitigating action will be taken where required (for example, increased supervision of individual internal auditors or further training).  

 

Annual self-assessment

 

On an annual basis, the Head of Internal Audit will seek feedback from each client on the quality of the overall internal audit service. The Head of Internal Audit will also update the PSIAS self-assessment checklist and obtain evidence to demonstrate conformance with the Code of Ethics and the Standards. As part of ongoing performance management arrangements, each internal auditor is also required to assess their current skills and knowledge against the competency profile relevant for their role. Where necessary, further training or support will be provided to address any development needs.

 

The Head of Internal Audit is also a member of various professional networks and obtains information on operating arrangements and relevant best practice from other similar audit providers for comparison purposes.  

 

The results of the annual client survey, PSIAS self-assessment, professional networking, and ongoing quality assurance and performance management arrangements are used to identify any areas requiring further development and/or improvement. Any specific changes or improvements are included in the annual Improvement Action Plan. Specific actions may also be included in the Veritau business plan, internal audit strategy action plan, and/or individual personal development action plans. The outcomes from this exercise, including details of the Improvement Action Plan are also reported to each client. The results will also be used to evaluate overall conformance with the PSIAS, the results of which are reported to senior management and the board[3] as part of the annual report of the Head of Internal Audit.

 

External assessment

 

At least once every five years, arrangements must be made to subject internal audit working practices to external assessment to ensure the continued application of professional standards. The assessment should be conducted by an independent and suitably qualified person or organisation and the results reported to the Head of Internal Audit. The outcome of the external assessment also forms part of the overall reporting process to each client (as set out above).  Any specific areas identified as requiring further development and/or improvement will be included in the annual Improvement Action Plan for that year. 

 

2.0  Customer Satisfaction Survey 2023

 

In March 2023 we asked clients for feedback on the overall quality of the internal audit service provided by Veritau. Where relevant, the survey also asked questions about counter fraud and information governance services. A total of 176 surveys (2022 – 154) were issued to senior managers in client organisations. A total of 19 responses were received representing a response rate of 10.8% (2022 – 12%). Respondents were asked to rate the different elements of the audit process as either excellent, good, satisfactory or poor.

 

Respondents were also asked to provide an overall rating for the service.  The results of the survey are set out in the charts below. These are presented as percentages, for consistency with previous years. However, it is recognised that the low number of respondents means that the percentage for each category is sensitive to small changes in actual responses (1 respondent represents about 5%).

 

A pie chart with text overlay  Description automatically generated with low confidence

 

A picture containing text, screenshot, font, logo  Description automatically generated

 

 

 

A picture containing text, screenshot, font, logo  Description automatically generated

 

A picture containing text, screenshot, font, diagram  Description automatically generated

 

 

 

 

 

 

A picture containing text, screenshot, font, circle  Description automatically generated

 

A picture containing text, screenshot, font, diagram  Description automatically generated

 

 

 

A pie chart with text  Description automatically generated with low confidence

 

A picture containing text, screenshot, font, logo  Description automatically generated

 

 

 

A pie chart with text  Description automatically generated with low confidence

 

A pie chart with text overlay  Description automatically generated with low confidence

 

 

 

A picture containing text, screenshot, font, logo  Description automatically generated

 

 

 

 

 

The overall ratings in 2023 were:

 

2023

2022

Excellent

13

68%

9

47%

Good

5

26%

9

47%

Satisfactory

1

5%

1

5%

Poor

0

0%

0

0%

 

The feedback shows that the majority of respondents continue to value the service being delivered.     

 

3.0  Self-Assessment Checklist 2023

 

CIPFA has prepared a detailed checklist to enable conformance with the PSIAS and the Local Government Application Note to be assessed. The checklist was originally completed in March 2014 and has since been reviewed and updated annually. Documentary evidence is provided where current working practices are considered to fully or partially conform to the standards. A comprehensive update of the checklist was undertaken in 2020, following revisions by CIPFA.  

 

Current working practices are considered to be at standard. However, as in previous years there are a few areas of non-conformance. These areas are mostly as a result of Veritau being a shared service delivering internal audit to a number of clients as well as providing other related governance services. None of the issues identified are considered to be significant. Existing arrangements are considered appropriate for the circumstances and require no further action. 

 

The following table shows areas of non-compliance. These remain largely unchanged from last year although one area has been added. This relates to performance monitoring. Monitoring of performance is undertaken on an ongoing basis. For example, monitoring of the quality, efficiency and effectiveness of audit delivery is a routine consideration as part of audit supervision and management arrangements. However, it is difficult to identify and define tangible indicators of performance that provide meaningful information to internal audit clients. Historic targets focussed on data that could be quantified (for example numbers of audits complete or numbers of recommendations made). However these do not provide any information about the value of audit work delivered. This issue is not unique to Veritau and is an area of ongoing discussion as part of internal audit professional networks. Development of new tools for measuring performance has been identified as a priority as part of the internal audit strategy (see below).

 

Conformance with Standard

Current Position

Where there have been significant additional consulting services agreed during the year that were not already included in the audit plan, was approval sought from the audit committee before the engagement was accepted?

Consultancy services are usually commissioned by the relevant client officer (generally the s151 officer).  The scope (and charging arrangements) for any specific engagement will be agreed by the Head of Internal Audit and the relevant client officer. Engagements will not be accepted if there is any actual or perceived conflict of interest, or which might otherwise be detrimental to the reputation of Veritau.

 

Are consulting engagements that have been accepted included in the risk-based plan?

 

Consulting engagements are commissioned and agreed separately.

Does the risk-based plan include the approach to using other sources of assurance and any work that may be required to place reliance upon those sources?

 

An approach to using other sources of assurance (assurance mapping) has been developed as part of the internal audit strategy (see below). However, this will only be used where we are able to secure client engagement in the assurance mapping process.

 

Does ongoing performance monitoring contribute to quality improvement through the effective use of performance targets?

Historic targets used as performance measures do not provide meaningful information about the value of audit work delivered. Development of new measurement tools is a priority as part of the internal audit strategy (see below).

 

 

4.0  External Assessment

 

As noted above, the PSIAS require the Head of Internal Audit to arrange for an external assessment to be conducted at least once every five years to ensure the continued application of professional standards. The assessment is intended to provide an independent and objective opinion on the quality of internal audit practices.

 

An external assessment of Veritau internal audit working practices was last undertaken in November 2018 by the South West Audit Partnership (SWAP). SWAP is a not for profit public services company operating primarily in the South West of England. As a large shared service internal audit provider it has the relevant knowledge and expertise to undertake external inspections of other shared services and is independent of Veritau.

 

The assessment consisted of a review of documentary evidence, including the self-assessment, and face to face interviews with a number of senior client officers and Veritau auditors. The assessors also interviewed audit committee chairs.

 

A copy the external assessment report was reported to this committee on 06/02/2019.

 

The report concluded that Veritau internal audit activity generally conforms to the PSIAS[4] and, overall, the findings were very positive. The feedback included comments that the internal audit service was highly valued by its member councils and other clients, and that services had continued to improve since the last external assessment in 2014.

 

Another external assessment is due. Veritau has commissioned the Chartered Institute of Internal Auditors to carry out an assessment in summer 2023. The work will be undertaken in July and August. The results of the assessment will be reported to the Audit and Governance Committee when completed.

 

5.0  Improvement Action Plan

 

Overall, internal audit services provided by Veritau continue to meet the requirements of the Public Sector Internal Audit Standards. However, we recognise that the pace of change in local government and the wider public sector mean that we need to update aspects of the service to ensure it stays up to date and continues to deliver good value.

 

Between autumn 2020 and autumn 2021, Veritau undertook a fundamental review of internal audit practices. This resulted in the development of a new three-year strategy which details how we will improve the internal audit service for our clients. The strategy sets out the actions we are taking to modernise our practices. The five key areas for development identified in the strategy are:

p  increasing engagement across all clients; to improve communication and ensure we understand what represents good value and where internal audit work should be focussed

p  further development of strategic planning frameworks; focussing on further development of assurance mapping arrangements and other activities that help us ensure we provide assurance in the right areas at the right time

p  redesign and modernisation of audit processes; to ensure we can respond quickly as priorities change, reduce time to deliver findings and manage resources efficiently

p  increasing investment in high value data analytics work; shifting the focus of work towards a data driven model that provides wider assurance in real time

p  introducing better measures of outcomes from audit work, to enable us to direct resources to areas of most value to our clients.

 

A full review of the strategy is currently underway. A refreshed three-year strategy will be adopted in autumn 2023. This will incorporate any areas for development highlighted by the upcoming external quality assessment being undertaken by the IIA. Establishing new tools to measure the value provided by audit work will remain a priority. Based on current thinking and development work, this is likely to encompass a balanced scorecard type approach.

 

Due to other service delivery priorities, no new quality assurance reviews have been undertaken by the Quality Assurance Group in 2022/23. This does not impact directly on compliance with internal audit standards (there is no requirement for this additional layer of quality assurance). However, we feel the work of the group represents good practice. The re-establishment of additional quality assurance reviews will be a priority for 2023/24. 

 

6.0    Overall Conformance with PSIAS

(Opinion of the Head of Internal Audit)

 

Based on the results of the quality assurance process I consider that the service generally conforms to the Public Sector Internal Audit Standards, including the Code of Ethics and the Standards.

 

The guidance suggests a scale of three ratings, ‘generally conforms, ‘partially conforms’ and ‘does not conform’.  ‘Generally conforms’ is the top rating and means that the internal audit service has a charter, policies and processes that are judged to be in conformance to the Standards. 


 

APPENDIX F: EXIT PAYMENTS

In April 2021, the council’s external auditor issued a Report in the Public Interest. This related to exit payments made to a former employee. The report, and actions to address concerns about processes that were raised, were considered by the Council on 4 May 2021.

 

Following the report, a new system for agreeing settlement agreements was approved by the Staffing Matters and Urgency Committee in October 2021.

 

It was agreed that internal audit would review packages finalised under the new system, to assess whether the council has complied with the process, and that it would report the outcome of any reviews in the annual Head of Internal Audit report.

 

In the period to the end of June 2023, one settlement agreement has been reached. Internal audit undertook a review of this agreement over the period December 2022 – January 2023, raising a small number of findings relating to the quality and completeness of the severance business case. These findings were shared with the Head of HR, the responsible chief officer, the Monitoring Officer and the Chief Finance Officer.

 

We also noted that the council’s exit guidance had been due its first annual review in October 2022 but that this had not been completed. We then followed up with HR representatives in May 2023 to establish whether the exit guidance had been reviewed. We were advised that the review had not been undertaken but that it was on the service area’s forward plan. We will continue to liaise with HR to ensure that the guidance is reviewed.

 



[1] Reported to the Audit and Governance committee in February 2019.

[2] PSIAS guidance suggests a scale of three ratings, ‘generally conforms, ‘partially conforms’ and ‘does not conform’.  ‘Generally conforms’ is the top rating.

[3] As defined by the relevant audit charter.

[4] PSIAS guidance suggests a scale of three ratings, ‘generally conforms’, ‘partially conforms’ and ‘does not conform’.  ‘Generally conforms’ is the top rating.