That the Governance and Audit Committee gave due consideration to the Annual Internal Audit Report for the Financial Year 2021-22 including the Head of Internal Audit’s Annual Opinion on the adequacy and effectiveness of the Council’s framework of governance, risk management and internal control.

The Head of the Regional Internal Audit Service reported on his Annual Opinion on the Council’s control environment in relation to governance, risk management and internal control and to inform the Governance and Audit Committee of the work and performance of Internal Audit for the Financial Year 2021-22.

He reported that he was responsible for developing a risk-based annual audit plan which takes into account the Council's risk management framework.  There was a requirement for the Head of Internal Audit to review and adjust the plan, as necessary, in response to changes in the Council's business, risks, operations, programmes, systems, controls and resources.  He must also ensure that Internal Audit resources are appropriate, sufficient, and effectively deployed to achieve the approved plan.  He informed the Committee that the approved audit plan was flexible to respond to changing circumstances and events that may occur during the year due to the pandemic and remote ways of working.  He had been able to give an assurance gained from the audit work undertaken during the year in providing an overall annual opinion.  He stated that audit work had been carried out remotely during the year with staff predominantly working from home.  Audits had been conducted using various digital solutions and whilst there was a steep learning curve both for audit staff and auditees all had adjusted well to this way of working.

He summarised the reviews undertaken during 2021-22, the recommendations made and control issues identified, 27 reviews were completed with an audit opinion and 119 recommendations made.  He stated that based on the testing of the effectiveness of the internal control environment an audit opinion of substantial assurance was given to 4 reviews (15%) and an opinion of reasonable assurance to 22 reviews (81%).  The remaining one audit (4%) was given an audit opinion of limited, where only limited assurance can be placed on the current systems of internal control.  He stated that recommendations had been made for improvements and a follow up audit would be undertaken to ensure controls had been improved to mitigate the risks identified.

He informed the Committee that staff had been matched to posts within the new agreed structure and recruitment to vacant posts had commenced and will continue until all posts are filled. 

A member of the Committee asked whether lessons had been learnt by the Council in respect of the Arbed scheme and how much of an assurance could be given that there would be no repetition on other schemes.  The Head of the Regional Internal Audit Service explained that he considered this to be a one-off situation and there had been no similar issues.  He stated that it was valid to look at a follow-up of recommendations arising from the audit of the Arbed scheme, which could be looked at by the Committee.      

A member of the Committee asked for an update on progress on the 119 recommendations made by Internal Audit.  The Head of the Regional Internal Audit Service stated that all 119 recommendations had been accepted by management and they will be closed off as they are implemented.  Details in progressing the recommendations will be forthcoming in future reports. 

A member of the Committee asked whether any further reviews were required to be undertaken on Creditor - Supplier Data, where limited assurance had been given, where changes to creditor details could be made after authorisation.  The Deputy Head of the Regional Internal Audit Service informed the Committee that the problem was one that was embedded in the system and was something which had been picked by a system administrator.  Data analytics had been undertaken and further testing would be undertaken after the Department had been given an opportunity to put improvements in place.  Creditors – Supplier Data would be listed among the follow ups included in the progress report to the next Committee.    

A member of the Committee asked what happens to recommendations not implemented by the due dates and expressed concern at 72% completion of audits.  The Head of the Regional Internal Audit Service stated that the completion rate is comparable to other Internal Audit Teams and that Covid had impacted on completing audits.  Audits in Social Services had been deferred due to Covid to enable officers in that Directorate to concentrate on delivering front-line services in the pandemic.  The Chairperson expressed concern that a third of audits had not been undertaken in the last year and asked whether this was down to a lack of staffing.  The Head of the Regional Internal Audit Service stated that this was attributable to staff vacancies, unplanned work and requests for audits to be deferred where systems were being changed.  SWAP Internal Audit Services had been brought in to assist, and 70% of audits had been completed on time, which he was comfortable with, but improvements to that figure would be made.     

The Chairperson referred to the 52% response rate to questionnaires who have been audited and asked would the Corporate Management Board ensure the form is returned to have open, honest, and transparent feedback in order to improve the service.  The Chief Officer, Finance, Performance and Change stated that she would pick this up and escalate it accordingly.  The Chairperson also stated that where officers do not take cognisance of recommendations or where recommendations are outstanding, they would need to be held to account by this Committee.  The Head of the Regional Internal Audit Service informed the Committee that this had been the practice in this authority and in other authorities.

RESOLVED:           That the Governance and Audit Committee gave due consideration to the Annual Internal Audit Report for the Financial Year 2021-22 including the Head of Internal Audit’s Annual Opinion on the adequacy and effectiveness of the Council’s framework of governance, risk management and internal control.