Agenda item

Internal Audit Strategy & Risk Based Plan 2023-24


The Deputy Head of the Regional Internal Audit Service (RIAS) introduced the report and stated that its purpose was to provide Members of the Committee with the Annual Internal Audit Strategy and Risk Based Plan for 2023-24 for approval.


A Lay Member asked if the Chief Officer – Finance, Performance and Change was happy with the plan. She responded by pointing out that the two representatives from RIAS had attended two meetings of the Corporate Management Board (CMB) when they were putting the plan together and they had been again recently to check that the areas that are planned for the current financial year are the key risk areas. As such, the CMB is content with the plan as it stands. There will be further regular meetings and if the plan needs to change then work will be redirected to those risk areas which are a priority.


Another Lay Member drew attention to the thirty-four audits with an opinion and asked if that included the carryover from last year. The Deputy Head of RIAS confirmed they were included in the thirty-four.


He added that, although he understood the need to be flexible, it would be useful to see a more detailed plan, highlighting such issues as when work will be done and how many days of the team’s resources are allocated to certain line items.


In response to this, the Head of RIAS highlighted that the next stage of the plan’s development, once approved by the Committee, would be to engage with Directorates about the requirements for each piece of work. Once that stage was completed it would be possible to provide Members with a much clearer indication of the issues highlighted by the Lay Member.


The Head of RIAS added that the Committee would receive updates on a regular basis in terms of the progress against the audit plan. That will happen on a quarterly basis and there will be a progress update on each line of each ordered job. In terms of days allocated per audit, he saw that as an operational matter and the key issue was ensuring that objectives were covered and making sure that the key controls are covered in that particular area of review. Those matters would be discussed with the relevant manager in more detail when the the scope of a particular audit job is determined.


The Chairperson concluded this item by commending the team on producing a realistic work plan for the year. He noted, referring to parts of the next report, that there had been a commitment to conduct sixty-one audits last year and eleven didn’t get done. This year, there would be thirty-four audits with an opinion and thirteen with none. He noted that he was pleased with that because he was concerned previously there was a tendency to over-commit and under-deliver, and for a team that could be soul-destroying. He thought the report now reflected quite clearly the capacity of the team and gave some flexibility if anything new came in.


He added, building on the observations of a Lay Member, it would be helpful to add a column to the table on when audits are likely to be done.




The Committee considered and approved the draft Internal Audit Strategy (Appendix A) and draft Annual Risk Based Audit Plan for 2023-24 (Appendix B).

Supporting documents: