Internal Audit & Assurance Plan 2024/25
Maidstone Borough Council
Introduction
1. This risk-based internal Audit Plan for 2024/25 provides adequate coverage to enable an annual Head of Audit Opinion to be made at the end of the financial year.
2. It is important that this Audit Plan has the flexibility to adapt and adopt to the changes and business priorities as they develop during the forthcoming financial year.
Risk Assessments
3. The Public Sector Internal Audit Standards direct that audit planning is built upon a risk assessment. This assessment must consider internal and external risks, including those relevant to the sector or global risk issues. This Plan for 2024/25 represents the current views now, but it will be necessary to continue to reflect and consider the audit response as risks and priorities change across the year. A specific update report will be provided to Members midway through the year.
Global and Sector Risks
4. In considering global and sector risks the risk assessment draws on various sources such as the IIA and CIPFA.
5. This year will continue to be another challenging year for Local Government in terms of funding, managing additional recruitment and technological advancement, which in turn may impact on the adequacy and effectiveness of the governance, risk and control framework of the Council.
Some of the external factors that we consider when planning the internal audit coverage are (in no particular order):
· Multi-channel customer engagement
· Commercialisation
· Cyber Security and Digital disruption
· Financial Viability
· Human Capital
· Climate Change, Biodiversity and environmental sustainability
· Macroeconomics - Inflation and Interest Rates
· Geopolitical uncertainty
Council specific Audit Risk Review
6. This risk review incorporates two elements. The first element is the service’s relative materiality to the Council’s overall objectives and controls. The assessment includes consideration of:
· Finance Risk: The value of funds flowing through the service.
· Priority Risk: The strategic importance of the service in delivering Council priorities.
· Support Service Risk: The extent interdependencies between Council departments.
· Complexity: The complexity of the systems / activities in terms of their operation and auditability
7. The second element considers the reputational aspects of a failure of the effective operation of the internal control arrangements. The assessment includes consideration of:
· Oversight Risk: Considering where other agencies regulate or inspect the service.
· Change Risk: Considering the extent of change the service faces or has recently experienced.
· Staff Turnover: The turnover of staff, especially with key skill
· Audit Knowledge: What do we know about the service? This considers not just our last formal review, but any other information we have gathered from, for example, following up agreed actions. We also consider the currency of our knowledge, with an aim to conduct a full review in each service at least every five years if possible.
· Fraud Risk: The susceptibility of the service to fraud loss.
Audit Risk Prioritisation
8. The results of these various risk assessments provide a provisional Audit Plan. The provisional Plan is consulted on with the Managers, Heads of Service and Management Board to get their perspective on the audit assessment and from this the Risk Based Audit Plan for the year is produced.
Resourcing the Audit Plan
9. MKA has been through a period of significant staffing change. There are still several vacant posts within the team following an unsuccessful recruitment campaign. A further recruitment campaign will commence shortly, and we will continue to work with contractors to bridge the short-term resource gap.
10. MKA also have access to sources of specialist expertise through framework
agreements with audit firms, which includes access to subject matter experts.
11. The overall resource level is therefore based on the current audit team establishment and the chargeability for each grade. This calculation produces an available number of days across the four Councils to which MKA provides the internal audit service of 1,471 days.
12. In 2024/25 each council will contribute to the partnership based on the actual service delivered to each authority as described in the collaboration agreement. The Audit Plan for 2024/25 is based on the level of work required to deliver an annual Audit Opinion for each Authority. This approach has identified 361 days to assign for Maidstone Borough Council for the 2024/25 audit plan.
13. We hold a variety of qualifications that help to ensure that we provide a high-quality service. These include CIPFA, Certified and Chartered Internal Auditors, Accounting technicians and Accredited Counter Fraud Specialist. We are also supporting an apprentice through level 7 audit qualification. This breadth of skills and experience, along with any new staff we will recruit as part of the review of the team will enable delivery of the audit plan.
14. MKA has the skills and expertise to deliver the 2024/25 Audit Plan and it is confirmed that planned audit work will enable a Head of Audit opinion for 2024/25 to be delivered in Spring 2025.
15. The actual number of days allocated are set out below:
|
Audit Projects |
240 days |
Members Support |
20 days |
|
29 days |
Counter Fraud |
18 days |
|
|
Follow-up |
22 days |
Risk Management |
8 days |
|
Audit Planning |
24 days |
|
|
Risk Based Audit: 240 Days
16. The primary part of the Audit Plan is delivering risk-based audit engagements to support delivery of the annual Audit Opinion. The annual Audit Opinion is required to provide a view on the effectiveness of internal controls, risk managements procedures and governance processes across the authority. To achieve this the audit plan needs to cover specific assurance themes to demonstrate a balanced view of the organisation while supporting the strategic direction of the Council. The five assurance themes considered are:
· Financial
· Governance
· Infrastructure
· Operational
· People
17. The volume of work contained within the audit plan is sufficient to confidently provide the annual Audit Opinion. The annual Audit Opinion is derived from the work contained within the audit plan, additional sources of assurance obtained from external providers, the risk management process and observations of governance arrangements throughout the leadership direction of the authority.
18. We have selected these audits from our ‘5 year rolling plan’, which contains the audits we intend to deliver over the next five years. This rolling plan is a ‘live’ document that is constantly evolving based on organisational priority, service capacity and resource and timing constraints.
19. The timings for the individual reviews will be agreed with a suitable officer sponsor once the plan has been approved.
20. Below we set out our audit engagements for the year ahead. We will agree the detailed objectives with the service as part of planning each review:
Maidstone Borough Council Audit Plan 2024/25
|
Project Title |
Previous Audit |
Previous Results |
|
Financial Audits |
||
|
Budgetary Control |
2018/19 |
Sound |
|
Accounts Payable (Creditors) |
2018/19 |
Sound |
|
Insurance |
2017/18 |
Sound |
|
Parking Income |
2017/18 |
Sound |
|
Governance Audits |
||
|
Elections Management |
2016/17 |
Sound |
|
Legal Services (Shared Service) |
2017/18 |
Sound |
|
Safeguarding |
2015/16 |
Weak |
|
Emergency Planning (Shared Service) |
2017/18 |
Sound |
|
Health & Safety |
2019/20 |
Weak |
|
Infrastructure Audits |
||
|
Residential Property Management |
||
|
ICT - Technical Support (Shared Service) |
2019/20 |
None |
|
ICT – Network Controls and Security (Shared Service) |
2015/16 |
Strong |
|
Operational Services Audits |
||
|
Building Control |
2018/19 |
Sound |
|
Planning Discharge Conditions |
2019/20 |
None |
|
Commercial Property Management |
||
|
Economic Development |
||
|
Disabled Facilities Grants |
2017/18 |
Sound |
|
Revenues & Benefits – Debt Recovery Service (Shared Service) |
2017/18 |
Strong |
|
Revenues and Benefits – Fraud Compliance (Shared Service) |
2018/19 |
Sound |
|
Leisure Services Contract |
2014/15 |
Sound |
|
Licensing (Shared Service) |
2015/16 |
Sound |
|
People Policy Audits |
||
|
Human Resources – Payroll and Expenses (Shared Service) |
2017/18 |
Sound |
Follow-up of Agreed Actions: 22 days
21. Time has been allocated to following up the actions arising from internal audit
recommendations made and reporting the results to Senior Officers and Members.
Consultancy & Member Support: 49 days
22. A consultancy allocation provides general and specific extra advice or training to the Council. This allocation also provides support to Members, through attendance at and reporting to Committees.
23. This fund also provides a contingency to avoid having to cut short engagements and allow full exploration of significant findings.
Planning: 24 days
24. This time is allocated to complete the major part of the annual planning exercise, including updating risk assessments and consultation across the Council. The time is also used for identification of risks and issues across the Council, the wider public sector and the audit profession. This ensures the Audit Plan can remain dynamic and responsive to risk through the year.
Counter Fraud Support: 18 days
25. At Maidstone MKA’S responsibilities include writing and updating Counter Fraud and Whistleblowing policies, conducting investigations on matters of concern and providing a channel for officers to raise concerns under the Public Interest Disclosure Act.
26. For 2024/25 it is intended to compile more detailed procedures for investigations, drawing on Industry Standards. We also aim to draw up training to support compliance and awareness with the Counter Fraud policies and make clear when and where people should report any matters of concern.
Risk Management: 8 days
22. At Maidstone MKA’s responsibility encompasses tasks such as developing and maintaining the risk management software and providing support to the risk management function of the council.