Audit and Governance Committee

 17 February 2021

 

Report of the Head of Internal Audit

 

Internal Audit Plan Consultation

 

Summary

1          The purpose of the report is to seek members’ views on the priorities for internal audit for 2021/22, to inform the preparation of the annual programme of work.

Background

2          Internal audit provides independent and objective assurance and advice on the council’s control processes. It helps the organisation to achieve objectives by bringing a systematic, disciplined approach to the evaluation and improvement of the effectiveness of risk management, control and governance processes.

3          Internal audit standards and the council’s audit charter require internal audit to draw up an indicative audit plan at the start of each financial year. The plan must be based on an assessment of risk. In coming to a view on the risks facing the council, the opinions of the Audit and Governance Committee and senior council officers are taken into account.  The plan is also informed by the council’s risk registers, information shared through local government audit networks and the results of recent audit work.  The council’s external auditors are also consulted to avoid possible duplication of work programmes and to maximise the overall benefit of audit activity.

2021/22 Audit Plan

 

4          Internal audit plans cover a range of risk areas to ensure that the work undertaken enables internal audit to provide an overall opinion on the governance, risk management and control framework. However work is targeted to higher risk areas, including: areas with high volume and value of transactions; areas where the impact of risks materialising is high; areas of known concern; and areas of significant change.

5          Internal audit resources are limited and the audit plan is intended to ensure the available resources are prioritised towards those systems which are considered to be the most risky and/or which contribute the most to the achievement of the council’s priorities and objectives. The plan for 2021/22 will also need to address risks arising from the external environment which are particularly high profile. For example the coronavirus pandemic has had a significant and sustained impact on the operations of the council, and its effects will certainly continue into 2021/22 and beyond.

6          Figure 1 includes some initial ideas on areas for consideration for audit in 2021/22. These are included to prompt discussion and are not intended to be a definitive or complete list of areas that could be reviewed. The list includes those areas which reflect risks arising from current external factors – for example the increase in remote working as a result of Covid 19 and the need to mitigate risks arising from managing remote teams and data security.

7          Members views are sought about areas they consider a priority for audit in 2021/222. This may include particular areas listed in figure 1 that they think should be a high priority (or that may be less important) or any other areas which should be considered for audit.

8          It is also important to emphasise that the audits included in the draft plan when it is presented to this committee in April 2021 are not fixed. Instead, the plan is flexible and will be kept under review to ensure that audit resources continue to be deployed to the areas of greatest risk and importance to the Council.

Figure 1 – Risk areas to consider for Audit in 2021/22

Area

 

Possible Work

Strategic risks / corporate & cross-cutting

·         Areas of the council’s corporate governance framework (e.g. schemes of delegation, registers of interest, complaints process)

·         Medium term financial planning and budgeting, budget management, savings plans, commercialisation and investments, use of assets.

·         Strategic planning (policies and procedures, corporate and service plans, Covid-19 recovery, LGR preparedness)

·         Risk management

·         Performance management and data quality

·         Partnership working

·         Business continuity and disaster recovery

·         Health and safety (risk assessments, accident and incident reporting)

·         Procurement and contract management (including, supply chain resilience, due diligence, Modern Slavery Act compliance)

·         HR and workforce planning (homeworking arrangements, management of remote teams, staff wellbeing).

·         Information governance and data protection (eg data security, data quality / integrity of information assets, data breach management, data sharing agreements)

·         Environment and waste – air pollution, carbon footprint, energy reduction, recycling

 

Technical / project risks

·         Cyber security (e.g. policies and procedures, networks, physical and logical access, electronic communications security, firewalls and anti-malware)

·         ICT Change management

·         ICT procurement / contract management

·         Digitalisation / automation

·         Overall corporate project management arrangements and project risk management

·         Support and review of specific key projects

 

Main Financial systems

·         Main accounting system (general ledger), debtors (including debt recovery and enforcement practice), income collection, ordering and creditors

·         Council Tax / NNDR and benefits (inc. Covid-19 related grants and funds)

·         Payroll

·         Treasury management

·         Capital accounting and assets

 

Service related areas

·         Social care budget management (including: commissioning, high cost placements, market management, internal provision)

·         Special Educational Needs and Disability (SEND), Education, Health & Care (EHC) plans/processes

·         Direct Payments

·         Contract management / client arrangements (e.g. Explore, YMT, leisure facilities)

·         Public health

·         Building services / Housing repairs

·         York Central

 

 

Consultation

 

9          This report is part of the ongoing consultation with stakeholders on priorities for internal audit work in 2021/22.

Options

10      Not relevant for the purpose of the report.

Analysis

11      Not relevant for the purpose of the report.

Council Plan

12      The work of internal audit supports overall aims and priorities by promoting probity, integrity and honesty and by helping to make the council a more effective organisation. 

Implications

13      There are no implications to this report in relation to:

·                  Finance

·                  Human Resources (HR)

·                  Equalities

·                  Legal

·                  Crime and Disorder

·                  Information Technology (IT)

·                  Property

Risk Management Assessment

14      The council will fail to comply with proper practice if appropriate officers and members are not consulted on the content of risk based audit plans.

Recommendations

15      Members are asked to;

-              Comment on the priorities for internal audit work for 2021/22. 

Reason

To ensure that scarce audit resources are used effectively.

 

 

Contact Details

Author:

Chief Officer Responsible for the report:

 

Max Thomas

Head of Internal Audit

Veritau Limited

Telephone: 01904 552940

 

 

 

Janie Berry

Director of Governance

Telephone: 01904 555385

 

 

Report Approved

ü

Date

5/2/2021

 

Specialist Implications Officers

 

Not applicable

 

Wards Affected:  Not applicable

All

ü

 

 

For further information please contact the author of the report

 

Background Papers

 

None

 

Annexes

 

None