|
Report to: |
Audit Committee |
|||||||
|
Date: |
10 March 2022 |
|||||||
|
Title: |
2022/23 Internal Audit Plan |
|||||||
|
Portfolio Area: |
Cllr J Pearce – Leader of Council |
|||||||
|
Wards Affected: |
All |
|||||||
|
Urgent Decision: |
N |
Approval and clearance obtained: |
Y |
|||||
|
Date next steps can be taken: |
|
|||||||
|
|
|
|||||||
|
Author: |
Dominic Measures Robert Hutchins |
Role: |
Audit Manager Head of Partnership |
|||||
|
Contact: |
Dominic.measures@swdevon.gov.uk 01392 380493 Robert.hutchins@swdevon.gov.uk 01392 383000 |
|||||||
|
|
|
|||||||
|
RECOMMENDATIONS:
It is RECOMMENDED that: 1. The report be approved, and
2. The proposed Internal Audit Plan for 2022/23 at Appendix A be approved. |
1. Executive summary
1.1 The purpose of this report is to provide Members with the opportunity to review and comment upon the proposed internal audit plan for 2022/23.
1.2 Whilst South Hams District Council and West Devon Borough Council operate as two unique councils, services are delivered by one integrated organisation; to reflect that shared services working arrangement, the 2022/23 audit plan is now presented as one combined plan. Where there are risks or issues that relate specifically to one council and not the other, the audit plan will be varied to include those areas of work as appropriate.
1.3 The report provides information on the legislative requirement for local authorities to provide an Internal Audit (IA) service in accordance with the Accounts and Audit Regulations and Public Sector Internal Audit Standards; the need for an annual risk-based IA plan to be prepared; and the methodology of identifying the audit needs for the Authority.
1.4 The 2022/23 audit plan sets out the proposed audit resource allocated to each audit area, although the plan needs to remain flexible to be able to respond to any changing risks and priorities of the Authority given the significant changes across the public sector and the country as a whole.
2. Background
2.1 All principal Local Authorities, including South Hams District Council, are subject to the Accounts and Audit (England) Regulations 2015, which state:
“A relevant authority must undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account public sector internal auditing standards or guidance”.
2.2 The Public Sector Internal Audit Standards require that the Head of Internal Audit must “establish risk-based plans to determine the priorities of the internal audit activity, consistent with the organisation’s goals”. When completing these plans, the Head of Internal Audit should take account of the organisation’s risk management framework. The plan should be adjusted and reviewed, as necessary, in response to changes in the organisation’s business, risk, operations, programs, systems and controls. The plan must take account of the requirement to produce an internal audit opinion and assurance framework.
2.3 This audit plan has been drawn up, therefore, to enable an opinion to be provided at the end of the year in accordance with the above requirements.
3. Outcomes/outputs
3.1 We employ a risk-based priority audit planning tool to identify those areas where audit resources can be most usefully targeted. This involves scoring a range of systems, services and functions across both South Hams District Council and West Devon Borough Council, known as the “Audit Universe” using a number of factors/criteria. The final score, or risk factor, for each area determines an initial schedule of priorities for audit attention.
The audit plan for 2022/23 has been created by:
3.2 The overall percentage of internal audit coverage proposed for each area of the audit plan is represented in the chart at figure 1 below. The combined planned audit coverage for 2022/23 totals 430 days, the same as in previous years, see Appendix A for the proposed detailed plan. It should be borne in mind that, in accordance with the Public Sector Internal Audit Standards, the plan needs to remain flexible to be able to respond to the changing risks and priorities of the Authority with any changes reported back to this Committee. To provide for some flexibility, the Internal Audit Plan includes a small contingency to allow for unplanned work, or emerging risks.
3.3 The COVID-19 pandemic impacted on Internal Audit’s work during the last two years, with Internal Audit resources used to assist officers in the payment of various grants to businesses, in particular the evaluation/reviewing of applications. As a result, several audits due to undertaken in 2021/22 have been delayed and now appear in the proposed plan for 2022/23. In addition, the impact of COVID on services and functions has meant that audits in those areas have been deferred. The proposed plan continues to recognise the need for increased assurance that controls are effective following the Covid-19 emergency.
3.4 The overall percentage of internal audit coverage proposed for each area of the audit plan is represented in the chart at figure 1 below.
Figure 1
3.5 Devon Audit Partnership continue to work to develop effective partnership working arrangements between ourselves and other audit agencies where appropriate and beneficial. We participate in a range of internal audit networks, both locally and nationally, which provide for a beneficial exchange of information and practices. This often improves the effectiveness and efficiency of the audit process, through avoidance of instances of “re-inventing the wheel” in new areas of work which have been covered in other authorities.
3.6 Colleagues at Mazars undertake an annual review of emerging risks that could be considered when preparing Local Government Internal Audit Plans.
Public-Social-Sector/Transforming-your-organisation/Horizon-Scanning
Whilst not all of the risks will be applicable to South Hams & West Devon, and other local authorities will be in “different places” in how they respond to risk, the document provides a useful reference source for Auditors, Senior Management and Audit Committee Members as they consider items for inclusion in the Annual Internal Audit plan.
4. Options available and consideration of risk
4.1 No alternative approach has been considered as the failure to develop a risk-based plan to determine the priorities of internal audit activity which is consistent with the priorities of the organisation would be in contravention of the Public Sector Internal Audit Standards and the Accounts and Audit Regulations 2015.
5. Proposed Way Forward
5.1 We will be flexible in our approach to ensure that the audit plan continues to reflect the changing risks and corporate priorities of the Council with the timetabling of audits agreed with management to ensure our work is delivered at the most effective time for the organisation.
6. Implications
|
Implications |
Relevant |
Details and proposed measures to address |
|
Legal/Governance |
Y |
The Accounts and Audit Regulations 2015 issued by the Secretary of State require every local authority to undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account public sector internal auditing standards.
The work of the internal audit service assists the Council in maintaining high standards of public accountability and probity in the use of public funds. The service has a role in promoting robust service planning, performance monitoring and review throughout the organisation, together with ensuring compliance with the Council’s statutory obligations. |
|
Financial |
Y |
There are no additional or new financial implications arising from this report. The cost of the internal audit team is in line with budget expectations. |
|
Risk |
Y |
The work of the internal audit service is an intrinsic element of the Council’s overall corporate governance, risk management and internal control framework. |
|
Supporting Corporate Strategy |
||
|
Climate Change – Carbon / Biodiversity Impact |
Y |
None directly arising from this report. However, the Internal Audit function, managed by Devon Audit Partnership is very mindful of the need to minimise travel in completing the internal audit plan. Where possible, desk-top review of documents, and the use of electronic records, is used to obtain evidence to support the audit process, although it is inevitable that on-site verification may be required at times. The team use an audit management system (Mki) which enables managerial review to take place remotely, thus also saving on the need for travel.
|
|
Comprehensive Impact Assessment Implications |
||
|
Equality and Diversity
|
N |
There are no specific equality and diversity issues arising from this report. |
|
Safeguarding
|
N |
There are no specific safeguarding issues arising from this report.
|
|
Community Safety, Crime and Disorder |
N |
There are no specific community safety, crime and disorder issues arising from this report. |
|
Health, Safety and Wellbeing |
N |
There are no specific health, safety and wellbeing issues arising from this report. |
|
Other implications |
N |
There are no other specific implications arising from this report. |
Supporting Information
Appendices:
There are no separate appendices to this report.
Background Papers:
None.
|
|
Appendix A |
||
|
|
Proposed 2022/23 Combined Audit Plan for South Hams District Council and West Devon Borough Council |
||
|
KEY FINANCIAL SYSTEMS |
Priority / Risk |
Days |
|
|
Main Accounting System (inc budgetary control) |
H |
15 |
|
|
Payroll |
H |
20 |
|
|
Creditor (Payments) |
M |
15 |
|
|
Debtors (Income Collection) |
M |
15 |
|
|
Business Rates |
M |
10 |
|
|
Council Tax |
M |
10 |
|
|
Housing Benefits |
M |
10 |
|
|
Treasury Management |
L |
5 |
|
|
KEY FINANCIAL SYSTEMS |
|
100 |
|
|
|
|
||
|
PLACE & ENTERPRISE |
Priority / Risk |
Days |
|
|
Capital Expenditure |
H |
15 |
|
|
Regeneration & Investment Strategy |
H |
10 |
|
|
Salcombe Harbour (S.Hams) |
M |
10 |
|
|
Dartmouth Lower Ferry (S.Hams) |
M |
5 |
|
|
COVID-19 – Business Grants – Post Scheme Assurance |
H |
10 |
|
|
PLACE & ENTERPRISE |
|
50 |
|
|
|
|||
|
CUSTOMER SERVICE & DELIVERY |
Priority/Risk |
Days |
|
|
ICT Audit (Cyber Security, Business Continuity) |
H |
25 |
|
|
Locality Officers – Management, roles & scheduling (Review implementation of new service) |
H |
15 |
|
|
Development Control – Section 106 arrangements |
H |
10 |
|
|
Partnership Funding Arrangements |
M |
5 |
|
|
Building Maintenance – Works Scheduling – Follow-Up |
H |
3 |
|
|
Health & Wellbeing – Staff Welfare post COVID-19 |
H |
10 |
|
|
CUSTOMER SERVICE & DELIVERY |
|
68 |
|
|
GOVERNANCE & ASSURANCE |
Priority/Risk |
Days |
|
Project Management – Governance and Process |
H |
15 |
|
Leisure Management - Contract Management |
H |
15 |
|
Procurement – Compliance with Financial Procedures & Tender Limits |
H |
10 |
|
Risk Management Review |
M |
10 |
|
Corporate Strategy & Performance Management |
M |
15 |
|
Future IT Project – Contract Award & Benefit Realisation |
H |
15 |
|
Corporate Information Management – FOI and Data Protection |
H |
10 |
|
Climate Change |
H |
10 |
|
VAT Arrangements |
M |
10 |
|
Business Continuity (in connection with ICT Business Continuity) |
H |
5 |
|
GOVERNANCE & ASSURANCE |
|
115 |
|
|
||
|
OTHER ESSENTIAL ITEMS |
Priority/Risk |
Days |
|
Completion of 2021-22 Audit Plan |
|
20 |
|
Audit Management including:- - Audit planning, - Monitoring & reporting, - Audit Committee |
|
30 |
|
Annual Governance Statement |
|
2 |
|
Exemptions from Financial Regulations |
|
3 |
|
Grants – LEAF and LAG – extension to 30 Nov 2022 |
|
17 |
|
National Fraud Initiative (NFI) |
|
5 |
|
Contingency, Advice & Emerging Risks |
|
20 |
|
OTHER ESSENTIAL ITEMS |
|
97 |
|
|
||
|
TOTAL AUDIT PLAN |
|
430 |