Purpose of Report
1. The Public
Sector Internal Audit Standards (PSIAS) require the chief audit
executive to provide an annual internal audit opinion and report
that can be used by the organisation to inform its governance
statement. This report provides that opinion for South Oxfordshire
District Council (South) and Vale of White Horse District Council
(Vale).
2. The
contact officer is Victoria Dorman-Smith, Internal Audit and Risk
Manager for South and Vale, email victoria.dorman-smith@southandvale.gov.uk.
Strategic Objectives
3. Delivery
of an effective internal audit function will support the councils
in meeting their strategic objectives.
Why an Overall Opinion is Required
4. The Public
Sector Internal Audit Standards (PSIAS) (Standard 2450) states:
Extracted from ‘Public Sector
Internal Audit Standards Updated March 2017 – 2450 Overall
Opinions’.
5. Standard
2450 also states that the overall opinion must be supported by
sufficient, reliable, relevant, and useful information, and will
include:
·
the scope including the period to which the opinion pertains,
·
scope limitations,
·
consideration of all related projects including the reliance
on other assurance providers,
·
a summary of the information that supports the opinion,
·
the risk or control framework or other criteria used as a
basis for the overall opinion,
·
the overall opinion, judgment or conclusion reached,
·
the reasons for an unfavourable overall opinion must be stated.
How an Overall Opinion is Formed
6. Internal
audit's risk-based plan must consider the requirement to produce an
annual internal audit opinion. Accordingly, the internal audit plan
must incorporate sufficient work to enable the internal audit and
risk manager to give an opinion on the overall adequacy and
effectiveness of South and Vale’s framework of governance,
risk management and control. Internal audit must therefore have
sufficient resources to deliver the plan.
Quality Assurance and Improvement Programme
7. A quality
assurance and improvement programme is designed to enable an
evaluation of the internal audit activity’s conformance with
the Definition of Internal Auditing and the Standards and an
evaluation of whether internal auditors apply the Code of Ethics.
The programme also assesses the efficiency and effectiveness of the
internal audit activity and identifies opportunities for
improvement. PSIAS states:
Extracted from ‘Public Sector Internal
Audit Standards Updated March 2017 - 1320 Reporting on the Quality
Assurance and Improvement Programme’.
Overall Opinion 2023/24
8. Based on
the work undertaken during the year, the internal audit and risk
manager has reached the overall opinion that there is a
satisfactory system of governance, risk, internal control. Findings
indicate that overall, arrangements are satisfactory, although some
enhancements have been recommended. In forming this opinion, the
internal audit and risk manager has considered the following:
·
The level of coverage provided by internal audit work was
considered adequate to support the opinion,
·
The 2023/24 internal audit plan, approved by Joint Audit and
Governance Committee (JAGC), was informed by internal audit's own
assessment of risk in addition to consultation with the senior
management team, to ensure it aligned to key risks and objectives
of South and Vale,
·
The changing risk environment within the councils has been
considered during the year,
·
There have been changes to statutory officer roles during the year;
however monthly meetings have still taken place throughout the
year,
·
Work has been planned and performed to obtain sufficient
information and explanation to give reasonable assurance that South
and Vale control environments are operating effectively,
·
Internal audit independence and objectivity has not been subject to
any impairment in fact or appearance; nor has the scope of our work
been restricted in any way,
·
A risk management framework exists that informs the internal audit
plan,
·
Insight gained from internal audit interactions with the senior
management team and JAGC,
·
The number of audits that have resulted in assurance ratings of
either “limited” or “nil” assurance. One
audit received limited assurance (report lifecycle process). To
reach the overall opinion, the findings of audits at draft report
stage have also been considered,
·
The degree to which recommended actions have been implemented to
address concerns over risk and control weaknesses within the
councils,
·
Although some audits were not deemed as “assurance
audits” (i.e., advisory work) this work is included in the
assessment of the governance, risk, and control framework.
9. The South
and Vale internal audit plan is a 12-month plan, with a formal
mid-year reassessment, although in practice the plan remains
responsive to the changing risks and priorities of the councils
throughout the year. The annual opinion is based on internal audit
work completed in the 12 months from 1 April 2023 to 31 March 2024.
The outcomes of this work start on page 4 of this report.
10.The opinion is provided on the understanding that:
·
The opinion does not imply that internal audit has reviewed all
risks, controls, and governance arrangements at South and Vale. The
opinion is substantially derived from risk-based internal audit
work and as such, it is only one component that is considered when
producing the South and Vale annual governance statements.
·
No system of control can provide absolute assurance against
material misstatement or loss, nor can internal audit give absolute
assurance.
·
Implementation of agreed actions is essential if the benefits of
the control improvements detailed in each individual audit report
are to be realised.
11. Overall, management
is making sufficient progress with the implementation of actions to
address the risks and weaknesses that internal audit has identified
during 2023/24. In total 100 joint management actions to improve
controls and procedures within the councils were made in 2023/24.
Of the 100, 2 (2%) were priority 1, 53 (53%) were priority 2, and
45 (45%) were priority 3. As of 21st June 2024, there
are 210 open actions, of which 150 are past due. 136 actions remain
open from prior years (9 2019/20, 11 2021/22 and 116 2022/23);
however, through quarterly monitoring we are assured that progress
against these actions is being made. We also have a formal
escalation process, which we can enforce should this be
required.
Information to Support the Overall Opinion
Audit Coverage and Performance Against Plan
12. Table 1 below summarises the assurances provided from the
internal audit coverage in 2023/24. These assurance ratings inform
the annual opinion.
13. The control environment within the key financial systems has
improved since 2021/22. In 2023/24, all key financial audits
received either a substantial or reasonable assurance rating. No
limited ratings were issued in either the current or previous
years. Analysis of the key financial assurance ratings since
2021/22 is summarised in table 2:
14. Table 3 summarises the 2023/24 internal audit plan and
outcomes, including audits in progress (either fieldwork or draft
report stage) and progress of recommendations raised:
*Fieldwork
complete/draft report issued. Where overall assurance ratings are
quoted, they are subject to change.
Value Added Work
15. In addition to the planned internal
audit work, the team have provided support in several other areas
including review and/or signoff of government returns (Biodiversity
Net Gain, UKSPF), review of grounds maintenance recharging
schedules and handling FOI requests in relation to internal and
external reviews of the audit committee. The internal audit team
sits on the housing response, waste depot, and transformation
programme boards. We also work closely with our risk management
and health and safety teams, and the internal audit and risk
manager attends monthly meetings of statutory officers. Internally,
we have refreshed the scope and frequency of the key financial
audits, and we are supporting the risk management team in
developing a South and Vale assurance map and maintaining the
annual governance statement.
Performance Measures
16. The performance of internal audit is measured against several
indicators. The outturn for 2023/24 is as follows:
|
Performance
Targets
|
2023/24 performance
|
|
PT1 To issue 90% of final audit reports within 5
working days of receipt of management comments.
|
95% of audits met this
target
|
|
PT2 To complete the audit fieldwork and issue draft
reports on 100% of key financial audits.
|
100% of audits met this
target
|
|
PT3 To complete the audit fieldwork and issue draft
reports on 80% of operational audits.
|
80% of audits met this
target
|
17. Performance targets: as of 21st June 2024,
there are three operational audits which have been issued in draft,
awaiting management responses. In addition, three operational
audits are at the fieldwork stage. The internal audit team have
successfully met all three performance targets, which is an
improvement on the prior year.
18. Feedback: to assist in monitoring and improving the
quality and value of service provided, feedback forms are sent to
auditees on all engagements. The feedback form contains 12
questions regarding the internal audit service provided and asks
auditees to score each on a scale of 1 to 5 (1=very poor, 2=poor,
3=satisfactory, 4=good, 5=very good). Of the eight completed
feedback forms returned, the overall average score is 57 out of 60.
Feedback received in 2023/24 is summarised in appendix 1. Feedback
received by the internal audit and risk manager is discussed with
the team, and where necessary, process improvements are
implemented.
19. Quality assurance: there is ongoing monitoring of
performance and quality of internal audit work, and all work
undergoes our internal review process.
Quality Assurance and Improvement Programme
20. External assessments: the PSIAS state that external
assessments must be conducted at least once every five years by a
qualified, independent assessor or assessment team from outside the
organisation. The internal audit and risk manager will investigate
independent assessor options in 2024/25.
21. Internal assessments: per the PSIAS internal assessments
must include ongoing monitoring of the performance of the internal
audit activity. In recent year, the internal audit function has
seen positive development in some key areas, including more
efficient auditing of key financial systems, working closely with
the head of legal and democratic services and the risk management
function (second line of assurance). There are several improvement
areas which are underway, namely: assurance map, recommendations
database, reporting templates, and internal audit team training and
development.
22. Conformance with PSIAS: the internal audit function
conforms to the Public Sector Internal Audit Standards (2017).
There is no non-conformance to the PSIAS Code of Ethics and
Standards to be highlighted for inclusion in the annual governance
statement for 2023/24.
Financial Implications
23. The internal plan 2023/24 was
delivered from within the approved 2023/24 budget, therefore there
are no financial implications attached to this report.
Legal Implications
24. There are no legal implications from
this report.
25. This report is for information only
and therefore there are no climate and ecological implications.
Equalities implications
26. This report is for information only
and therefore there are no equalities implications.
Risks
27. Identification of risk is an
integral part of all our internal audit work.
Conclusion
28. This report provides the internal
audit and risk manager’s annual opinion on the
organisation.
Attached
·
Appendix 1 – feedback received in 2023/24
