Agenda item

Internal Audit & Assurance Plan 2017/18

Minutes:

The Committee considered the report of the Head of Audit Partnership setting out the Internal Audit and Assurance Plan 2017/18, including the proposed assurance projects list.

 

The Head of Audit Partnership advised the Committee that:

 

·  The Internal Audit and Assurance Plan reflected the results of the planning process which began late last year to consider the appropriate audit response to the risks and challenges facing the Council over 2017/18.  The aim of the Internal Audit Service was to work towards delivering a robust opinion on the Council’s internal controls, risk and governance arrangements.  The Plan represented the programme by which the Service intended to examine these risks, review project work in 2017/18 and provide additional governance support whilst working towards delivering that opinion and supporting the Council’s wider governance aims.

 

·  The Plan included the level of resources available to the Internal Audit Service for completing audit plans across the four Partnership authorities in 2017/18.  Based on anticipated personnel and productivity within the Service, it was expected that 1,820 days would be available.  This was an increase of 110 days (7%) on 2016/17 and reflected a settled team in 2017/18, a continued increase in productivity as trainees gained experience and the over-performance of management time against forecasts for 2016/17.

 

·  As agreed by the Shared Service Board in late 2014, the total days were allocated between the partners in line with their financial contribution to the Partnership’s costs.  The total Mid-Kent Audit Service share to Maidstone in 2017/18 was 530 days, an increase of 30 days from the 2016/17 level.

 

·  As Head of Audit Partnership, he was required to consider whether the level of resources available was adequate to allow him to complete the programme of work, and he was satisfied that it provided the appropriate level of resources.  As part of that consideration, he had looked at the number of audit days across the 42 district councils in South East England and he was satisfied that the level of resources available was not inconsistent with those Councils that shared characteristics with Maidstone.

 

·  The Plan also covered some of the broader governance tasks to be undertaken such as risk management, counter fraud, supporting Members, including the provision of Member training and briefings on areas of Committee interest, and work on audit planning.  The Service was looking at expanding its role with respect to supporting the Council’s counter fraud arrangements in 2017 driven by forthcoming changes to the CIPFA Counter Fraud Standards.

 

·  The Plan included details of the risk assessment process resulting in a working list of potential projects to consult on with Senior Officers.  That consultation had led to the production of the list of audit assurance projects included in the Plan.  For each project there was an indication of how many days of staff input it was estimated would be appropriate to complete the work.  This would be determined in more detail when the Service started to scope out the work in consultation with the Officers nearer the time that the work was scheduled to be completed.

 

·  The Council was engaged in a number of partnerships across Mid-Kent Services and reviews of shared services such as payroll would be undertaken in partnership with the appropriate authorities.

 

·  During the planning and risk assessment consideration was given to several areas where direct review was not suitable for 2017/18.  In some cases this was because the relatively low risk allowed for a longer period between reviews.  In other cases, the Service was aware of changes that would make review in 2018/19 or later more useful or it relied on a cyclical approach to scheduling reviews that happened to omit 2017/18.  The Plan also included details of areas of audit interest which were expected to feature in future years, but they were areas that were kept under review and could come forward if risks changed.

 

·  The Plan made reference to the approach to delivering audit work and to monitoring delivery of the work undertaken, including the performance indicators reported twice a year to the Committee.

 

·  The table in Appendix A to the Plan set out the recurring range of areas of potential examination by the Service together with information about when it was last looked at, the assurance rating and the timing of the next planned review.

 

In response to questions, the Head of Audit Partnership explained that:

 

·  In 2014/15, the Internal Audit Service changed its assurance ratings.  Previously, the scale ran from (greatest to least assurance) High – Substantial – Limited – No Assurance.  Although there were differences in the detailed definitions, as a broad analogy, these mapped to the current scale which ran from Strong – Sound – Weak – Poor, so a consistent colour scheme had been employed between the two scales.  In practical terms, a weak assurance rating was an acknowledgement that a service might be effective in some areas, but its effectiveness was not universal, and there were areas of the service that fell short of what the Council would expect.  Support was required to bring the service to a level where the assurance rating was sound or strong.

 

·  The increase in the Plan days allocated for counter fraud work to 50 days reflected the release by the National Fraud Initiative of more than 2,000 new matches in January 2017, around a third of which would need to be examined by Internal Audit as an extension to its previous co-ordination and administration role, and the major review and refresh to be undertaken by the Team across the breadth of counter fraud policies.

 

·  In terms of the “weak” assurance rating in respect of S106 agreements, the review had been carried in June/July 2016 and a number of recommendations had been made which the Planning Service had accepted and was working towards.  An update would be included in the Internal Audit Annual Report on how successful the Service had been in implementing the recommendations.

 

·  Internal and External Audit covered similar areas and worked closely together.  The External Auditor had visited the Council recently and Internal Audit had been asked to complete a questionnaire to convey to the External Auditor the findings from their work and the extent to which they influenced the specific reviews undertaken by the External Auditor.  Specific assurance from one to the other was less now to what it was mainly because the standards to which Internal and External Audit operated had diverged to an extent.  To rely on a piece of work undertaken by Internal Audit, the External Auditor would have to re-perform such a large part of it that it would achieve only minimal savings compared to doing it themselves.  Nevertheless, Internal Audit did have a role to play in providing assurance to the External Auditor on the overall quality of the Council’s control environment and its governance - aspects that the External Auditor took into account when looking at sample sizes, materiality etc. and scheduling its programme of work.

 

·  With regard to the 2016/17 contingency outturn to date (150 days compared to 50 Plan days), there had been two additional programmes of work which had to be pursued, these being an extensive review of health and safety and an investigation following a referral originally through a whistleblowing route.  The contingency budget represented a best guess and the outturn could be higher or lower than anticipated.

 

·  The Internal Audit reviews of health and safety and the Officer Register of Interests had found weak controls to be in place.  In terms of the risk of non-compliance, given that the next planned reviews of these areas did not fall due until 2018/19 and 2019/20 respectively, there was no specific regulatory requirement to undertake Internal Audit reviews of the arrangements in either area.  Work was now focused on assessing the implementation of the recommendations arising from the reviews.  A lot of the recommendations arising from the review of health and safety were now falling due in line with the action plan, and an update on progress in implementing the recommendations would be included in the Internal Audit Annual Report.

 

·  Whilst the arrangements for registering Members’ interests were sound, possibly strong, the arrangements for Officers to declare interests were not as robust, and the recommendations arising from the review were being addressed to raise the assurance rating.  The risk assessment was kept under review and he was satisfied that when the area was looked at again in 2019/20, the Council would not have been exposed to undue risk by it not being looked at in the meantime.  The risk assessment might change if the facts changed, and if they did change materially, then further updates would be reported back to the Committee.

 

·  A report reviewing the position with regard to S106 contribution balances would be considered at the next meeting of the Planning Committee.

 

·  Benchmarking to compare net revenue spend against the number of planned audit days for district councils in South East England showed audit provision at Maidstone to be consistent with that of its peer groups, and not so out of line as to require an explanation.  Each local authority would have its own views on the risks relevant to that authority and the level of audit provision.  It was considered that the Internal Audit Service had sufficient resources in both quality and ability to deliver the Audit Plan and a robust overall audit opinion.

 

The Committee thanked the Head of Audit Partnership for a clear and comprehensive report.

 

RESOLVED:

 

1.  That the Internal Audit and Assurance Plan for 2017/18, attached as Appendix I to the report of the Head of Audit Partnership, be noted.

 

2.  That the longer term issues recorded by Mid-Kent Audit be noted.

 

3.  That the view of the Head of Audit Partnership that the Plan sets out sufficient resource to complete a work programme leading to a Head of Audit Opinion on the Council’s internal controls, risk management and governance be endorsed.

 

4.  That the Head of Audit Partnership’s assurance that the Plan is compiled independently and without inappropriate influence from management be noted.

 

Supporting documents: