Meeting to be held on 29 November 2022
External Audit – Audit Findings Report
(Appendix 1 refers)
Contact for further information:
Keith Mattinson – Director of Corporate Services – telephone 01772 866804
Executive Summary
The external auditor is required to produce an Audit Findings Report summarising the conclusions from their work undertaken as part of the year-end audit of accounts.
As highlighted in the report, work is on-going in a number of areas but at the time of the draft report there were no significant issues identified and only one recommendation.
Recommendation
The Committee is asked to:-
|
Information
Under the statutory Code of Audit Practice for Local Government bodies our external auditors Grant Thornton are required to issue a report to those charged with governance summarising the conclusions from their audit work. This draft report, known as the Audit Findings Report, is attached as Appendix 1, and will be presented by the Audit Manager.
At the time of writing the report the auditors work was substantially complete and there were no matters of which they were aware that would require modification of the audit opinion or material change to the financial statements, subject to the outstanding matter listed below:-
· responses from the pension fund auditor to gain assurance on underpinning controls and supporting data for the pension fund net liability;
· receipt of management representation letter;
· review of the final set of financial statements; and
· final quality procedures.
There were two recommendations:-
1. Oracle password configuration as set out on page 20 of the report:-
“We identified a weakness in Oracle password configuration. The password length is set to 6 characters and does not include a minimum password length of 8 character as per leading practices.”
This relates to the existing finance system which is currently being replaced in December, as such we do not propose to amend this in the existing system.
2. Self-authorisation of journals as set out on page 20 of the report (this has been raised numerous times previously):-
“Our risk assessment of journal controls noted that there are no automated controls on the finance system to prevent members of finance staff approving their own journals. Whilst our audit work on journals so far has not identified any significant issues as a result of this weakness in internal controls, we recommend that the authority establishes an authorisation control to reduce the risk of financial reporting fraud and/or error in future.”
Our response to this is consistent with previous responses “We have considered the recommendation. We believe our financial monitoring processes are sufficient to identify if such an instance occurred. Neither ourselves, nor internal and external audit, have discovered any instances of error or reporting fraud that the implementation of this would have prevented. Hence, given the size of our finance team, we don’t feel that introducing further controls is practical or proportionate to the risk.”
There were several disclosures and misclassification changes required, as set out on page 22, and three adjusted misstatements, as set out on page 23, the majority of which were identified by the Authority during the audit process.
There was one unadjusted misstatement, as set out on page 23, which relates to the treatment of potential future costs of claims relating to pensionable allowances, and specifically treating this as a creditor as opposed to a provision. Given it is below our materiality threshold, the Treasurer has not amended the accounts to reflect this.
Financial Implications
An audit fee of £40.8k was agreed as part of the Audit Plan. The final fee will be confirmed once the audit is complete.
Human Resource Risk Implications
None
Equality and Diversity Implications
None
Environmental Impact
None
Business Risk Implications
The report does not identify any new risk issues that the Authority needs to address.
Local Government (Access to Information) Act 1985
List of background papers
Paper:
Date:
Contact:
Reason for inclusion in Part 2 if appropriate: N/A