Joint Audit and Governance Committee

Vale of White Horse District small

Report of Internal Audit and Risk Manager

Author: Victoria Dorman-Smith

Telephone: 01235 422430


South cabinet member responsible: Councillor Pieter-Paul Barker

Tel: 01844 212438


Vale cabinet member responsible: Councillor Andy Crawford

Telephone: 01235 772134



To: Joint Audit and Governance Committee

DATE: 28 March 2023




Internal audit activity report quarter four 2022/23




(a)  That members note the content of the report



Purpose of report


1.            The purpose of this report is to summarise the outcomes of recent internal audit activity at both councils for the committee to consider.  The committee is asked to review the report and the main issues arising and seek assurance that action will be/has been taken where necessary.

2.            The contact officer for this report is Victoria Dorman-Smith, Internal Audit and Risk Manager for South Oxfordshire District Council (South) and Vale of White Horse District Council (Vale), email

Strategic objectives


3.            Delivery of an effective internal audit function will support the councils in meeting their strategic objectives.




4.            Internal audit is an independent assurance function that primarily provides an objective opinion on the degree to which the internal control environment supports and promotes the achievements of the council’s objectives.  It assists the councils by evaluating the adequacy of governance, risk management, controls and use of resources through its planned audit work and recommending improvements where necessary.  After each audit assignment, internal audit has a duty to report to management its findings on the control environment and risk exposure and recommend changes for improvements where applicable.  Managers are responsible for considering audit reports and taking the appropriate action to address control weaknesses.


5.            Assurance ratings given by internal audit indicate the following:

Full assurance: There is a good system of internal control designed to meet the system objectives and the controls are being consistently applied.


Substantial assurance: There is a sound system of internal control designed to meet the system objectives and the controls are being applied.


Satisfactory assurance: There is basically a sound system of internal control although there are some minor weaknesses and/or there is evidence that the level of non-compliance may put some minor system objectives at risk.


Limited assurance: There are some weaknesses in the adequacy of the internal control system which put the system objectives at risk and/or the level of non-compliance puts some of the system objectives at risk.


Nil assurance: Control is weak leaving the system open to significant error or abuse and/or there is significant non-compliance with basic controls.


6.            Each recommendation is given one of the following risk ratings:

High Risk: Fundamental control weakness for senior management action

Medium Risk: Other control weakness for local management action

Low Risk: Recommended best practice to improve overall control



Completed audit reports


7.            As of 16 March 2023, since the last joint audit and governance committee meeting the following audits and follow up reviews have been completed:


Audit Area

Assurance Rating

Total Recs

High Risk

No. Agreed

Medium Risk

No. Agreed

Low Risk

No. Agreed

1.    Joint NNDR 22/23









2.    Joint Leases 22/23










8.            Members of the committee are asked to seek assurance from the internal audit reports and/or respective managers that the agreed actions have been or will be undertaken where necessary. 


9.            A copy of each report has been sent to the appropriate service manager, the section 151 officer, and the relevant member portfolio holder.  In addition, reports are now published on the councils’ intranet and limited assurance reports are reviewed by the strategic management team.

10.         Internal audit carries out quarterly follow ups of key financial and operational audits to establish the implementation status of recommended actions.


Climate and ecological impact implications


11.         There are no direct climate or ecological implications arising from this report.


Financial implications


12.         There are no financial implications attached to this report.


Legal implications


13.         None.




14.         Identification of risk is an integral part of all audits.