Purpose of Report
1. The
purpose of this report is to summarise the outcomes of recent
internal audit activity at both councils for the committee to
review.
2. The
committee is asked to monitor progress of management actions to
ensure actions are completed correctly in the timescales originally
offered by management, and that controls are managing risk more
effectively.
3. The
contact officer for this report is Victoria Dorman-Smith, Internal
Audit and Risk Manager for South Oxfordshire District Council
(South) and Vale of White Horse District Council (Vale), email
victoria.dorman-smith@southandvale.gov.uk.
Strategic Objectives
4. Delivery
of an effective internal audit function will support the councils
in meeting their strategic objectives.
Background
5. Internal
audit is an independent assurance function that primarily provides
an objective opinion on the degree to which the internal control
environment supports and promotes the achievements of council
objectives. It assists the councils by evaluating the
adequacy of governance, risk management, and controls. After
each audit, internal audit has a duty to report to management its
findings on the control environment and risk exposure and recommend
changes for improvements where applicable. Managers are
responsible for considering audit reports and taking the
appropriate action to address control weaknesses.
6. The Public
Sector Internal Audit Standards (PSIAS) state that the head of
internal audit should prepare a risk-based audit plan, which should
outline the assignments to be carried out and the resource
requirements to deliver the plan, for audit committee approval. The
Joint Audit and Governance Committee (JAGC) approved the 2024/25
internal audit plan on 26 March 2024. The PSIAS also states
that the head of internal audit must periodically report on
performance relative to the plan.
7. Overall
assurance given by internal audit indicate the following:
|
Overall
assurance definitions
|
|
Substantial
|
A sound system of governance, risk
management and control exists, with internal controls operating
effectively and being consistently applied to support the
achievement of objectives in the area audited.
|
|
Reasonable
|
There is a generally sound system of
governance, risk management and control in place. Some issues,
non-compliance or scope for improvement were identified which may
put at risk the achievement of objectives in the area
audited.
|
|
Limited
|
Significant gaps, weaknesses or
non-compliance were identified. Improvement is required to the
system of governance, risk management and control to effectively
manage risks to the achievement of objectives in the area
audited.
|
|
No Assurance
|
Immediate action is required to
address fundamental gaps, weaknesses or non-compliance identified.
The system of governance, risk management and control is inadequate
to effectively manage risks to the achievement of objectives in the
area audited.
|
8. In
addition to providing overall assurance, it is important that
management know how important the required action is to their
service. Each action has been given a priority rating at service
level with the following definitions:
|
Categorisation of actions
|
|
Priority 1
|
Findings that are fundamental to the
integrity of the service’s business processes and require the
immediate attention of management.
|
|
Priority 2
|
Important findings that need to be
resolved by management.
|
|
Priority 3
|
Finding that requires
attention.
|
Progress against the internal audit plan
9.
Overview: Progress against the 2023/24 and 2024/25 internal
audit plans is summarised in appendix 1 and appendix 2
respectively. From the 2023/24 plan, 11 audits have been completed,
three audits issued in draft, and three audits in progress.
10.Completed audits*: the following 11 audits were completed
in quarter one:
*See appendix 3 for
completed audit reports
Other audit work
11. In addition to the planned internal
audit work, the team have provided support in several other
areas:
a.
Government returns: no government returns were due for
review in quarter one.
b.
Advisory work: we sit on the South and Vale housing
response, waste depot and transformation programme boards, and in
quarter one have provided advisory support to the project
teams.
12. In line with the PSIAS, the chief
audit executive (in these councils the internal audit and risk
manager) must establish a follow-up process to monitor and ensure
that management actions have been effectively implemented or that
senior management has accepted the risk of not taking action.
Responsibility to resolve issues and manage agreed actions lies
with management.
13.Overall, we received a 100 per cent response rate from action
owners, which is our highest response rate to date. We raised 73
new actions from the 11 audits completed in the quarter. 47 actions
were implemented, and 210 actions are open. A total of 150 actions
are past due, with 20 high risk actions in relation to the grounds
and parks maintenance, mobile home parks, and health and safety
audits (all from 2022/23).
14.Analysis of quarter one 2024/25 follow up activity is summarised
below:
15.Analysis of open actions by year and status is summarised
below:
*See appendix 4 for details of the 56 medium/high
and 33 priority 1/priority 2 actions that are not implemented and
past due.
16.Analysis of open actions by service and status is summarised
below:
Financial Implications
17.The internal
audit plan can be delivered from within the approved 2024/25
budget, therefore there are no financial implications attached to
this report.
Legal Implications
18.There are no
legal implications from this report.
Climate and ecological impact implications
19. This report is for information only
and therefore there are no climate and ecological implications.
Equalities implications
20.This report
is for information only and therefore there are no equalities
implications.
Risks
21.Identification of risk is an integral part of
all our internal audit work.
Conclusion
22.This report
provides a summary of outcomes of recent internal audit
work.
Attached
Appendix 1 – Progress against the
internal audit plan 2023/24
Appendix 2 – Progress against the
internal audit plan 2024/25
Appendix 3 – Completed audit
reports quarter one 2024/25
Appendix 4 – Open management
actions (past due, high or medium, and priority 1 or 2)
