Internal Audit & Assurance Plan 2019/20
- Meeting of Audit, Governance and Standards Committee, Monday 18th March, 2019 6.30 pm (Item 95.)
- View the background to item 95.
Mr Rich Clarke, Head of Audit Partnership, introduced his report setting out the proposed Plan for Mid-Kent Audit’s work at Maidstone Borough Council during 2019/20, including the proposed audit and assurance project work and assurance non-project work. The report also set out the principles which would guide the External Quality Assessment of the Internal Audit Service, due before the end of 2019/20.
It was noted that:
· The Public Sector Internal Audit Standards (the Standards) required an Audit Service to produce and publish a risk based Plan at least annually for approval by Members. It was necessary to consider input from senior management and Members.
· Although the Plan had been the subject of broad consultation with management, it had been compiled independently and without being subject to inappropriate influence.
· The Internal Audit Team had just concluded the consultation phase of a planned restructure. The aim was to have the new structure in place by 1 April 2019. Currently there was a degree of doubt on the precise extent and arrangement of the Team, but it was likely that there would be 1,865 days available across the Partnership for 2019/20. The total number of days was divided between the Partner authorities in the proportions set out in the collaboration agreement, which meant that 540 days were available for Maidstone. The Head of Audit Partnership was of the view that the Partnership currently had sufficient resources to deliver the Plan and a robust Head of Audit Opinion.
In response to questions, Mr Clarke explained that:
· In terms of risk and the impact of potential disruption due to Brexit and IT failure for various reasons on business continuity for the Internal Audit Team in particular, the Team was not as reliant on printed material as might be expected. The Team’s main software was cloud based and members of the Team were used to travelling between the Partner authorities or working from home, but ultimately the Team was reliant on the information provided to it to deliver the work. With regard to IT network security, cyber security had been a high priority risk for many years so IT Network Security was a high priority audit project in 2019/20 and would remain so. In addition, Business Continuity was a medium priority project in the Audit and Assurance Plan.
· It was the intention to seek one External Quality Assessment across the whole Partnership rather than individual assessments for each authority. It was considered that one assessment would provide reasonable conclusions for all four Partner authorities.
· The results of the consultation and details of the new staff structure for Mid-Kent Audit would be reported to the Committee in July 2019 as part of the annual reporting.
During the discussion:
· A Member drew attention to the risk that, notwithstanding the move to electronic payments, it might be necessary to continue to take cash payments due to concerns about the use of CCTV for staff safety and security reasons and the possibility of people’s personal details on payment cards being captured in some way by the cameras. The Head of Audit Partnership said that he would raise this issue with the member(s) of the Internal Audit Team who would carry out the planned review of Customer Services.
· A Member referred to the Audit Universe (a running record of all services at the Council that the Internal Audit Team might examine) and its current arrangement, and asked that the planned Business Continuity, Contract Management, IT Backup and Recovery and Procurement audit projects be undertaken during 2019/20. The Head of Audit Partnership said that the Internal Audit Team would be following up recommendations from earlier reviews and a mid-year update would be submitted to the Committee in November 2019. However, a brief update report could be submitted to each meeting of the Committee on the work undertaken recently to provide an opportunity for Members to comment on changes in priorities, including the prioritisation of the four service areas mentioned above.
· It was suggested that new entries to the Audit Universe or changed risks should be identified in some way in future. The Head of Audit Partnership undertook to do this by way of asterisks.
1. The Internal Audit and Assurance Plan for 2019/20 be approved subject to an update report being submitted to each meeting of the Committee on the audit work undertaken recently to provide an opportunity for Members to comment on changes in priorities.
2. The Head of Audit Partnership’s view that the Partnership currently has sufficient resources to deliver the Plan and a robust Head of Audit Opinion be noted.
3. The Head of Audit Partnership’s assurance that the Plan is compiled independently and without inappropriate influence from management be noted.
4. The proposed criteria for commissioning an External Quality Assessment of the Internal Audit Service be noted.
- Internal Audit & Assurance Plan 2019/20, item 95. PDF 60 KB View as HTML (95./1) 48 KB
- Appendix 1, item 95. PDF 6 KB View as HTML (95./2) 1 KB
- Enc. 1 for Internal Audit & Assurance Plan 2019/20, item 95. PDF 1 MB View as HTML (95./3) 223 KB