|
|
|
|
|
|
|
|
|
Audit and Governance Committee |
17 February 2021 |
Report of the Head of Internal Audit
|
|
Internal Audit Plan Consultation |
Summary
1 The purpose of the report is to seek members’ views on the priorities for internal audit for 2021/22, to inform the preparation of the annual programme of work.
Background
2 Internal audit provides independent and objective assurance and advice on the council’s control processes. It helps the organisation to achieve objectives by bringing a systematic, disciplined approach to the evaluation and improvement of the effectiveness of risk management, control and governance processes.
3 Internal audit standards and the council’s audit charter require internal audit to draw up an indicative audit plan at the start of each financial year. The plan must be based on an assessment of risk. In coming to a view on the risks facing the council, the opinions of the Audit and Governance Committee and senior council officers are taken into account. The plan is also informed by the council’s risk registers, information shared through local government audit networks and the results of recent audit work. The council’s external auditors are also consulted to avoid possible duplication of work programmes and to maximise the overall benefit of audit activity.
2021/22 Audit Plan
4 Internal audit plans cover a range of risk areas to ensure that the work undertaken enables internal audit to provide an overall opinion on the governance, risk management and control framework. However work is targeted to higher risk areas, including: areas with high volume and value of transactions; areas where the impact of risks materialising is high; areas of known concern; and areas of significant change.
5 Internal audit resources are limited and the audit plan is intended to ensure the available resources are prioritised towards those systems which are considered to be the most risky and/or which contribute the most to the achievement of the council’s priorities and objectives. The plan for 2021/22 will also need to address risks arising from the external environment which are particularly high profile. For example the coronavirus pandemic has had a significant and sustained impact on the operations of the council, and its effects will certainly continue into 2021/22 and beyond.
6 Figure 1 includes some initial ideas on areas for consideration for audit in 2021/22. These are included to prompt discussion and are not intended to be a definitive or complete list of areas that could be reviewed. The list includes those areas which reflect risks arising from current external factors – for example the increase in remote working as a result of Covid 19 and the need to mitigate risks arising from managing remote teams and data security.
7 Members views are sought about areas they consider a priority for audit in 2021/222. This may include particular areas listed in figure 1 that they think should be a high priority (or that may be less important) or any other areas which should be considered for audit.
8 It is also important to emphasise that the audits included in the draft plan when it is presented to this committee in April 2021 are not fixed. Instead, the plan is flexible and will be kept under review to ensure that audit resources continue to be deployed to the areas of greatest risk and importance to the Council.
Figure 1 – Risk areas to consider for Audit in 2021/22
Area
|
Possible Work |
Strategic risks / corporate & cross-cutting |
· Areas of the council’s corporate governance framework (e.g. schemes of delegation, registers of interest, complaints process) · Medium term financial planning and budgeting, budget management, savings plans, commercialisation and investments, use of assets. · Strategic planning (policies and procedures, corporate and service plans, Covid-19 recovery, LGR preparedness) · Risk management · Performance management and data quality · Partnership working · Business continuity and disaster recovery · Health and safety (risk assessments, accident and incident reporting) · Procurement and contract management (including, supply chain resilience, due diligence, Modern Slavery Act compliance) · HR and workforce planning (homeworking arrangements, management of remote teams, staff wellbeing). · Information governance and data protection (eg data security, data quality / integrity of information assets, data breach management, data sharing agreements) · Environment and waste – air pollution, carbon footprint, energy reduction, recycling
|
Technical / project risks |
· Cyber security (e.g. policies and procedures, networks, physical and logical access, electronic communications security, firewalls and anti-malware) · ICT Change management · ICT procurement / contract management · Digitalisation / automation · Overall corporate project management arrangements and project risk management · Support and review of specific key projects
|
Main Financial systems |
· Main accounting system (general ledger), debtors (including debt recovery and enforcement practice), income collection, ordering and creditors · Council Tax / NNDR and benefits (inc. Covid-19 related grants and funds) · Payroll · Treasury management · Capital accounting and assets
|
Service related areas |
· Social care budget management (including: commissioning, high cost placements, market management, internal provision) · Special Educational Needs and Disability (SEND), Education, Health & Care (EHC) plans/processes · Direct Payments · Contract management / client arrangements (e.g. Explore, YMT, leisure facilities) · Public health · Building services / Housing repairs · York Central
|
9 This report is part of the ongoing consultation with stakeholders on priorities for internal audit work in 2021/22.
Options
10 Not relevant for the purpose of the report.
Analysis
11 Not relevant for the purpose of the report.
Council Plan
12 The work of internal audit supports overall aims and priorities by promoting probity, integrity and honesty and by helping to make the council a more effective organisation.
Implications
13 There are no implications to this report in relation to:
· Finance
· Human Resources (HR)
· Equalities
· Legal
· Crime and Disorder
· Information Technology (IT)
· Property
Risk Management Assessment
14 The council will fail to comply with proper practice if appropriate officers and members are not consulted on the content of risk based audit plans.
Recommendations
15 Members are asked to;
- Comment on the priorities for internal audit work for 2021/22.
Reason
To ensure that scarce audit resources are used effectively.
Contact Details
Author: |
Chief Officer Responsible for the report: |
|||||
Max Thomas Head of Internal Audit Veritau Limited Telephone: 01904 552940
|
Janie Berry Director of Governance Telephone: 01904 555385
|
|||||
Report Approved |
ü |
Date |
5/2/2021 |
|||
Specialist Implications Officers
Not applicable
|
||||||
Wards Affected: Not applicable |
All |
ü |
||||
|
||||||
For further information please contact the author of the report |
||||||
Background Papers
None
Annexes
None