Minutes:
The Chair, County Councillor Shedwick introduced Andrew Dalecki, Head of Internal Audit and Laura Rix, Senior Auditor. Mr Dalecki advised that Mrs Judith Taylor would be stepping away from managing this contract to support resilience in the team. On behalf of the Committee, the Chair expressed thanks to Mrs Taylor for her work over the years.
The report was presented by Mr Dalecki. The Internal Audit Annual Report summarised the work that the Internal Audit Service had undertaken during 2021/22 and the key themes arising from it. It provided an opinion on the overall adequacy and effectiveness of the systems of governance, risk management and internal control.
On the basis of programme of work for the year, the Head of Internal Audit provided substantial assurance over the adequacy of design and effectiveness in operation of the organisation’s frameworks of governance, risk management and control.
The opinion was based on the work the Internal Audit Service performed
during 2021/22 and 2022/23 in relation to the 2021/22 audit plan,
as approved by the Audit Committee in March 2021.
Summary of findings and assurance
Overall governance, risk management and control arrangements
A high-level review was completed in April 2022 and no areas of concern were noted.
Training, learning and development
The audit report was finalised in August 2021 and four medium, and three low residual risk actions had been agreed to enhance the internal review and reporting arrangements in relation to compliance with mandatory training timescales and the recording of training needs, and the formal approval and distribution of the current training plan and policy documents.
Management of on-call provision
The report was finalised in April 2022. One high and three medium risk actions had been agreed in relation to: i) Monitoring and management of compliance with the Working Time Directive; ii) Analysis of exit interviews; iii) Undertaking regular reviews of the hours worked by On-Call firefighters versus contracted hours; and iv) Identification of responsible officers and implementation dates for actions raised in the Service On-Call Key Performance Indicator report prepared for reporting to the Performance Committee.
Accounts payable, Accounts receivable and General ledger
Audit work across each of these three key financial systems was completed in November 2021. No areas for improvement were identified.
HR and Payroll
The review was completed in January 2022. Two low risk actions were agreed relating to the need to ensure all electronic documents were saved on electronic personal folders, and HR to remind managers of the need to submit payroll amendments in advance of the date of change to avoid under or overpayments of salary arising.
Pension fund assurance
Assurance on pension arrangements was derived from the auditors’ own audit activity, in relation to pension overpayments, admission of employers to the fund, accounting through the council's general ledger and employers' contributions (follow up) and was additionally informed by information made available to them from other external assurance providers.
Treasury Management
The review was completed in October 2021. No areas for improvement were identified.
Follow up audit activity
Safeguarding
Follow up work was completed during January 2022. The previous audit provided substantial assurance over the adequacy and effectiveness of the controls in place to support the safeguarding referral process and the working arrangements with partner agencies to help prevent abuse and neglect and to provide a consistent approach when responding to safeguarding concerns. Three low risk actions were agreed with management to address areas identified for improvement. Two of the actions had been implemented with 1 still ongoing relating to the delivery of Safeguarding Awareness talks, which were to be delivered to staff.
General data protection regulations (GDPR)
Follow up work was completed during February 2022. The previous audit provided an opinion of moderate assurance. Overall, a good framework of control was in place to support compliance with GDPR, and whilst the auditors did not identify any significant gaps or weaknesses in the adequacy of the design of the overall control framework, it was noted that as the production of the Record of Processing Activity was incomplete this created a risk that additional information assets would be identified and further work would be needed to put in place all necessary documentation required to demonstrate compliance with GDPR.
Of the eleven actions agreed with management to address areas for improvement, only three (all low risk/ priority) had been completed to date. Progress had been hampered due to key staff posts being vacated in the time since the review was completed, although it was noted that recruitment activity was being progressed. In response to a question from County Councillor Singleton regarding progress against the outstanding actions, the Director of Corporate Services confirmed that progress had not been achieved as it continued to be difficult to recruit.
Other components of the audit plan
National Fraud Initiative
All matches from the current exercise had now been investigated. One error was identified, with no financial impact.
Management Activity
Work in the period has included:
• Production of the 2020/21 Annual Report of the Head of Internal Audit.
• Preparation of the Audit Committee monitoring reports.
• Reissue of the Internal Audit Charter.
• Preparation of the 2022/23 Internal Audit Plan.
• General management and quality assurance procedures.
The delivery of the audit plan was 74 days against the 70 days plan.
Action plans had been agreed where appropriate in respect of all final audit report. These indicated that positive action had been or would be taken to address any areas for improvement identified. Implementation of these plans would be followed up as part of the 2022/23 audit plan.
The work of the Internal Auditor was one of the key control measures in place within the Authority. As such, the annual report provided an assurance to Members that risks were being managed and controlled and fed the Authority’s overall assessment of the internal controls that operated within the Service.
RESOLVED: - That the Audit Committee noted and endorsed the report.
Supporting documents: