Agenda item

Amanda Stanislawski, Audit Manager:

a.    presented the Annual Internal Audit Report to the Audit Committee for comments.

b.    explained that the purpose of the Annual Internal Audit Report as outlined at Appendix A was to provide a summary of Internal Audit work undertaken during 2022/23, timed to support the Annual Governance Statement by providing an opinion on the organisation’s governance, risk management and internal control environment

c.    highlighted that:

·         The three areas, Governance, Risk, Internal Control and Financial Control were working well having no concerns that significantly affected the governance framework and successful delivery of the Council priorities.

·         Internal control was assessed as performing adequately – some improvements were identified over the Council’s Governance, Risk and Control Framework. This was due to a number of factors which included there being two Limited Assurance reports this year and an increase in the number of high recommendations. There was however, a significant reduction in the number of outstanding actions from prior years.

d.    explained that there had been no restrictions on the scope of the work to be undertaken; the reduction in time due to the Auditor and Principal Auditor leaving had been covered through the employment of consultants and removal of items from the plan.

e.    advised that the performance of the Internal Audit Service remained good with 91% of the revised plan being completed and a high level of customer satisfaction. Performance had been impacted due to capacity in some areas including audit span and the ability to chase management responses.

f.     gave an update on the current staffing level within Internal Audit and explained that the post of Principal Auditor and Auditor were currently being advertised for recruitment.

g.    invited members questions and comments.

Comment: Expressed concerns about the difficulties in recruiting and retaining staff.
Response: Recruitment in Local Government was currently a national problem. Recruitment was currently taking place to try and appoint a Principal Auditor and Auditor. Back stop measures such as external resource and a casual auditor had been employed to ensure that audits would be completed.

Questions: Commented that only 14 out of 59 recommendations had been implemented following an audit, leaving a substantial amount of recommendations outstanding, and asked for more details.
Response: A lot of the Audits were completed later in the year, therefore there had not been time to implement the recommendations, they were not due for implementation yet and the deadlines had not been missed.

Question: Asked if an exit interview took place when a member of staff left the Authority and further asked if the statistics regarding the reasons why staff were leaving could be shared with Audit Committee.
Response: An exit interview was offered to staff, but these were optional. The data collected was shared with the Corporate Management Team. This information did not fall within the scope of Audit Committee and suggested that it be raised at Performance Scrutiny Committee.

Question: Referred to the Critical activities identified by Management as having a low level of assurance in relation to Combined Assurance and asked what PCIDSS stood for.
Response: Clarified that the acronym was for Payment Card Industry Data Security Standard.
Question: Further asked for details on the issues with the activities listed in the report.
Response: There were issues for a variety of reasons some included:

·         Legal – Issues with capacity

·         Elections – New regulations

·         Events and Culture – The Christmas Market

·         Tree Management – Would be circulated following the meeting

·         Leisure – Covid 19 and increased energy costs

Question: Asked if  performance monitoring and management were still taking place whilst staff worked from home.
Response: Yes, performance was being monitored and the management style had been adapted for home working.

Question: Asked if risk management training would take place in 2022/23.

Response: Risk management training had been scheduled for 16 August 2023 for all members.

Question: Asked why there were delays in obtaining responses to draft reports.

Response: The biggest problems were the staffing issues in the areas themselves who were having to prioritise their work.

Question: Referred to IT Asset Management and asked if a physical inventory list was being completed.
Response: A response would be circulated following the meeting.

RESOLVED that the contents of the report and appendices be noted