Joint Audit and Governance Committee |
|
|
|
|
|
Report of Internal Audit and Risk Manager Author: Victoria Dorman-Smith |
|
|
South cabinet member responsible: Councillor Pieter-Paul Barker Tel: 01844 212438 E-mail: pieter-paul.barker@southoxon.gov.uk To: Joint Audit and Governance Committee DATE: 9th July 2024 |
Vale cabinet member responsible: Councillor Andy Crawford Telephone: 01235 772134 E-mail: andy.crawford@whitehorsedc.gov.uk To: Joint Audit and Governance Committee DATE: 9th July 2024 |
|
Recommendation(s)(a) That members review the results of recent internal audit work and monitor progress of management actions. |
Implications (further detail within the report) |
Financial |
Legal |
Climate and Ecological |
Equality and diversity |
No |
No |
No |
No |
|
Signing off officer |
N/A |
N/A |
N/A |
N/A |
1. The purpose of this report is to summarise the outcomes of recent internal audit activity at both councils for the committee to review.
2. The committee is asked to monitor progress of management actions to ensure actions are completed correctly in the timescales originally offered by management, and that controls are managing risk more effectively.
3. The contact officer for this report is Victoria Dorman-Smith, Internal Audit and Risk Manager for South Oxfordshire District Council (South) and Vale of White Horse District Council (Vale), email victoria.dorman-smith@southandvale.gov.uk.
4. Delivery of an effective internal audit function will support the councils in meeting their strategic objectives.
5. Internal audit is an independent assurance function that primarily provides an objective opinion on the degree to which the internal control environment supports and promotes the achievements of council objectives. It assists the councils by evaluating the adequacy of governance, risk management, and controls. After each audit, internal audit has a duty to report to management its findings on the control environment and risk exposure and recommend changes for improvements where applicable. Managers are responsible for considering audit reports and taking the appropriate action to address control weaknesses.
6. The Public Sector Internal Audit Standards (PSIAS) state that the head of internal audit should prepare a risk-based audit plan, which should outline the assignments to be carried out and the resource requirements to deliver the plan, for audit committee approval. The Joint Audit and Governance Committee (JAGC) approved the 2024/25 internal audit plan on 26 March 2024. The PSIAS also states that the head of internal audit must periodically report on performance relative to the plan.
7. Overall assurance given by internal audit indicate the following:
Substantial |
A sound system of governance, risk management and control exists, with internal controls operating effectively and being consistently applied to support the achievement of objectives in the area audited. |
Reasonable |
There is a generally sound system of governance, risk management and control in place. Some issues, non-compliance or scope for improvement were identified which may put at risk the achievement of objectives in the area audited. |
Limited |
Significant gaps, weaknesses or non-compliance were identified. Improvement is required to the system of governance, risk management and control to effectively manage risks to the achievement of objectives in the area audited. |
No Assurance |
Immediate action is required to address fundamental gaps, weaknesses or non-compliance identified. The system of governance, risk management and control is inadequate to effectively manage risks to the achievement of objectives in the area audited. |
Priority 1 |
Findings that are fundamental to the integrity of the service’s business processes and require the immediate attention of management. |
Priority 2 |
Important findings that need to be resolved by management. |
Priority 3 |
Finding that requires attention. |
10.Completed audits*: the following 11 audits were completed in quarter one:
*See appendix 3 for completed audit reports
a. Government returns: no government returns were due for review in quarter one.
b. Advisory work: we sit on the South and Vale housing response, waste depot and transformation programme boards, and in quarter one have provided advisory support to the project teams.
12. In line with the PSIAS, the chief audit executive (in these councils the internal audit and risk manager) must establish a follow-up process to monitor and ensure that management actions have been effectively implemented or that senior management has accepted the risk of not taking action. Responsibility to resolve issues and manage agreed actions lies with management.
13.Overall, we received a 100 per cent response rate from action owners, which is our highest response rate to date. We raised 73 new actions from the 11 audits completed in the quarter. 47 actions were implemented, and 210 actions are open. A total of 150 actions are past due, with 20 high risk actions in relation to the grounds and parks maintenance, mobile home parks, and health and safety audits (all from 2022/23).
14.Analysis of quarter one 2024/25 follow up activity is summarised below:
15.Analysis of open actions by year and status is summarised below:
*See appendix 4 for details of the 56 medium/high and 33 priority 1/priority 2 actions that are not implemented and past due.
16.Analysis of open actions by service and status is summarised below:
18.There are no legal implications from this report.
19. This report is for information only and therefore there are no climate and ecological implications.
20.This report is for information only and therefore there are no equalities implications.
21.Identification of risk is an integral part of all our internal audit work.
22.This report provides a summary of outcomes of recent internal audit work.
Appendix 1 – Progress against the internal audit plan 2023/24
Appendix 2 – Progress against the internal audit plan 2024/25
Appendix 3 – Completed audit reports quarter one 2024/25
Appendix 4 – Open management actions (past due, high or medium, and priority 1 or 2)