Contact your Parish Council






Internal Audit & Assurance Plan 2023/24




Maidstone Borough Council







1.         This risk-based internal Audit Plan for 2023/24 provides adequate coverage to enable an annual Head of Audit Opinion to be made at the end of the financial year.


2.         It is important that this Audit Plan has the flexibility to adapt and adopt to the changes and business priorities as they develop during the forthcoming financial year.

Risk Assessments


3.         The Public Sector Internal Audit Standards direct that audit planning is built upon a

risk assessment. This assessment must consider internal and external risks, including

those relevant to the sector or global risk issues. This Plan for 2023/24 represents the current views now, but it will be necessary to continue to reflect and consider the audit response as risks and priorities change across the year. A specific update report will be provided to Members midway through the year.


Global and Sector Risks

4.         In considering global and sector risks the risk assessment draws on various sources

such as the IIA and CIPFA.

5.         This year will continue to be another challenging year for Local Government in terms

of funding, managing additional recruitment and technological advancement, which in turn may impact on the adequacy and effectiveness of the governance, risk and

control framework of the Council. A number of key areas which require consideration when planning the internal audit coverage are set out below. These areas cut across many of the activities carried out by the Council. These areas are not a full listing, nor are they in any priority order. Indeed many are not mutually exclusive of each other.

“Multi-channel” customer engagement: Partly as a result of COVID-19 but also as

process changes through improved technology, councils will need to embrace cutting

edge technology. Adopting a multi-channel approach to customer engagement will

enable council services to be more readily available, more accessible and more


Commercialisation: Councils are being driven towards being more self-sufficient and

cost effective, with pressure to close funding gaps and rebalance budgets. Councils

will already be operating in different financial and more commercial environments

which have been tested by the business disruption associated with the COVID


Cyber Security: As more services move on-line, risks and vulnerabilities are likely to

increase. Cyber security is as much about awareness and behaviours as it is about

network security. Resilience needs to be regularly and stringently stress tested

across the organisation to ensure it is operating effectively.

Financial Viability: With Council’s emerging from the pandemic and Brexit, Councils have been faced with the reality of unbalanced medium financial plans without including significant potential savings. This has been further exaggerated as the country faces a cost-of-living crisis and is on the fringes of recession. The challenge to ensure a balanced budget is becoming more difficult for all councils.

Staff Wellbeing: Since the COVID-19 pandemic and a move to more agile working, mental health has been on the decline as a result of increased work demands and feelings of loneliness due to remote working. Staff turnover is at an all-time high. Managing the wellbeing and associated risks is crucial to ensure a stable workforce.

Climate Change: Councils are taking action to reduce their own carbon emissions

and working with partners and local communities to tackle the impact of climate

change on their local area.

Inflation: The forecast rises in inflation after a long period of stability has had an

impact upon term contracts as well as budget management.

Council specific Audit Risk Review

6.         This risk review incorporates two elements. The first element is the service’s relative

materiality to the Council’s overall objectives and controls. The assessment includes

consideration of:

Finance Risk: The value of funds flowing through the service. 

Priority Risk: The strategic importance of the service in delivering Council priorities. 

Support Service Risk: The extent interdependencies between Council departments.

7.         The second element considers the reputational aspects of a failure of the effective

operation of the internal control arrangements. The assessment includes

consideration of:

Oversight Risk: Considering where other agencies regulate or inspect the service.

Change Risk: Considering the extent of change the service faces or has recently experienced. 

Audit Knowledge: What do we know about the service?  This considers not just our last formal review, but any other information we have gathered from, for example, following up agreed actions.  We also consider the currency of our knowledge, with an aim to conduct a full review in each service at least every five years if possible.


Fraud Risk: The susceptibility of the service to fraud loss. 

Audit Risk Prioritisation

8.         The results of these various risk assessments provide a provisional Audit Plan. The

provisional Plan is consulted on with the Managers, Heads of Service and Corporate

Leadership Team to get their perspective on the audit assessment and from this the

Risk Based Audit Plan for the financial year is produced.

Resourcing the Audit Plan

9.         MKA is currently going through a period of significant staffing change. There are several vacant posts within the team The Head of Mid Kent Audit is currently reviewing the structure. It is likely to be July 2023 at the earliest before all the substantive posts are filled.

10.       MKA also have access to sources of specialist expertise through framework

agreements with audit firms, which includes access to subject matter experts.

11.       The overall resource level is therefore based on the current audit team establishment and the chargeability for each grade. This calculation produces an available number of days across the four Councils to which MKA provides the internal audit service of 1,589 days.

12.       Each Council receives a share in keeping with their contribution to the overall

partnership budget. The Collaboration Agreement is to be subject to a

comprehensive review during 2023/24. The Maidstone Audit Plan for 2023/24 is broadly based on the current Collaboration Agreement, but taking into account the level of work required to deliver an annual Audit Opinion for each authority.  This approach has identified 436 days to assign for the 2023/24 audit plan.


13.       We hold a variety of qualifications that help to ensure that we provide a high-quality service. These include CIPFA, Certified and Chartered Internal Auditors, a Chartered Accountant, a Certified Risk Manager and Accredited Counter Fraud Technicians. We are also supporting an apprentice through level 7 audit qualification. This breadth of skills and experience, along with any new staff we will recruit as part of the review of the team will enable delivery of the audit plan.


14.       MKA has the skills and expertise to deliver the 2023/24 Audit Plan and it is confirmed

that planned audit work will enable a Head of Audit opinion for 2023/24 to be

delivered in Spring 2024.

15.       The actual number of days allocated are set out below:

Audit Projects

270 days

Members Support

20 days


29 days

Risk & Governance

53 days


22 days

Counter Fraud

18 days

Audit Planning

24 days




Risk Based Audit: 270 Days

16.       The primary part of Audit Plan is delivering risk based audit engagements. The list

below is in alphabetical and do not imply any ranking within the group or intended

delivery order. The timings for the individual reviews will be agreed with a suitable

officer sponsor once the Plan has been approved.

17.       The Audit Plan has been prepared in the knowledge that there is ongoing work throughout 2023/24 on reviewing the staffing and procedural efficiencies and Collaboration Agreements for Mid Kent Audit Partnership. Any proposed

changes to the Audit Plan and the rationale for such changes, will be communicated to Senior Management Teams and Audit Committee Members.

18.       Below we set out our audit engagements for the year ahead. We will agree the detailed objectives with the service as part of planning each review:

            Maidstone Borough Council Audit Plan 2023/24

Project Title

Previous Audit

Previous Results

Contract Management



Social Media






Safety Partnerships – Animal Welfare



Elections Management



Conservation and Heritage


Planning Enforcement



General Ledger






Grounds Maintenance



Complaint Handing



Public Health



Economic Development - Development Capital Projects


Repair and Maintenance


Garden Waste


Shared MBC/SBC

HR Policy Compliance



Learning & Development




Land Charges



Cyber Security



IT Disaster Recovery



Compliance with Computer use policy




Council Tax Reduction Scheme



Business Rates






Follow-up of Agreed Actions: 22 days

19.       Time has been allocated to following up the actions arising from internal audit

recommendations made and reporting the results to Senior Officers and Members.

Consultancy & Member Support: 49 days

20.       A consultancy allocation provides general and specific extra advice or training to the

Council. This allocation also provides support to Members, through attendance at and reporting to Committees.

21.       This fund also provides a contingency to avoid having to cut short engagements and

allow full exploration of significant findings.

Risk Management: 53 days

22.       At Maidstone MKA’s responsibility encompasses tasks such as leading the risk management framework, keeping and updating strategic and operational risk registers. The responsibility for managing the identified risks remains with the relevant risk owners. MKA also compiles risk reporting to Senior Officers and Members, including an annual report to this Committee.

23.       The plans for developing risk management in 2023/24 are set out in the Annual Risk Management Report.

Planning: 24 days

24.       This time is allocated to complete the major part of the annual planning exercise, including updating risk assessments and consultation across the Council. The time is also used for identification of risks and issues across the Council, the wider public sector and the audit profession. This ensures the Audit Plan can remain dynamic and responsive to risk through the year.

Counter Fraud Support: 18 days

25.       At Maidstone MKA’S responsibilities include writing and updating Counter Fraud and Whistleblowing policies, providing a channel for officers to raise concerns under the Public Interest Disclosure Act. MKA also acts as lead contact for the National Fraud Initiative, a data matching exercise co-ordinated by the Cabinet Office.

26.       For 2023/24 it is intended to compile more detailed procedures for investigations, drawing on Cabinet Office Standards. We also aim to draw up training to support compliance with the Bribery Act and make clear where people should report any matters of concern.

26.       The counter fraud support also includes conducting investigations on matters of concern. Additional time may be required for such work, and this will be drawn from the consultancy budget above.