Report to:			Audit and Governance Committee
Date:			9 March 2023
Title:			Proposed Internal Audit Plan for 2023-24
Portfolio Area:			Cllr J Pearce – Leader of the Council
Wards Affected:			All
Urgent Decision:		N		Approval and clearance obtained:			Y

Author:	Paul Middlemass				Role:	Audit Manager
Contact:	Paul.Middlemass@devon.gov.uk 07736 155687 Tony.Rose@devon.gov.uk 01392 383000

RECOMMENDATIONS:

It is RECOMMENDED that the proposed Internal Audit Plan for 2023-24 at Appendix A be approved.

1. Executive summary

1.1 The purpose of this report is to provide Members with the opportunity to review and comment upon the proposed internal audit plan for 2023/24.

1.2 The 2023/24 audit plan sets out the proposed audit resource allocated to each audit area, although the plan needs to remain flexible to be able to respond to any changing risks and priorities of the Authority given the significant changes across the public sector and the country.

2. Background

2.1 All principal Local Authorities, including South Hams District Council, are subject to the Accounts and Audit (England) Regulations 2015, which state:

“A relevant authority must undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account public sector internal auditing standards or guidance”.

2.2 The Public Sector Internal Audit Standards require that the Head of Internal Audit must “establish risk-based plans to determine the priorities of the internal audit activity, consistent with the organisation’s goals”. When completing these plans, the Head of Internal Audit should take account of the organisation’s risk management framework. The plan should be adjusted and reviewed, as necessary, in response to changes in the organisation’s business, risk, operations, programs, systems and controls. The plan must take account of the requirement to produce an internal audit opinion and assurance framework.

2.3 This audit plan has been drawn up, therefore, to enable an opinion to be provided at the end of the 2023/24 year in accordance with the above requirements.

2.4 Whilst South Hams District Council and West Devon Borough Council operate as two unique councils, services are delivered by one integrated organisation. To reflect that shared services working arrangement, the 2023/24 audit plan is presented as one combined plan. Where there are risks or issues that relate specifically to one council and not the other, the audit plan will be varied to include those areas of work as appropriate.

3. Outcomes/outputs

3.1 We have created a four-year plan to ensure all core council areas are periodically audited which we have discussed with management. More significant or important areas are audited more frequently in their period. The focus of the paper in this meeting is on the plan for 2023-24. Member input to the plan is useful to ensure that the audit plan will covering the areas of most concern. That said, the plan will be reviewed and amended in year as required to reflect emerging issues.

4. Options available and consideration of risk

4.1 No alternative operation has been considered as the failure to develop a risk-based plan to determine the priorities of internal audit activity which is consistent with the priorities of the organisation would be contravene the Public Sector Internal Audit Standards and the Accounts and Audit Regulations 2015.

5. Proposed Way Forward

5.1 On agreement to the plan, we will undertake our audits while agreeing audit timing to ensure our work is delivered at the most appropriate time for the council.

6. Implications

Implications	Relevant to proposals Y/N	Details and proposed measures to address
Legal/Governance	Y	The Accounts and Audit Regulations 2015 issued by the Secretary of State require every local authority to undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account public sector internal auditing standards. The work of the internal audit service assists the Council in maintaining high standards of public accountability and probity in the use of public funds. The service has a role in promoting robust service planning, performance monitoring and review throughout the organisation, together with ensuring compliance with the Council’s statutory obligations.
Financial	Y	There are no additional or new financial implications arising from this report. The cost of the internal audit team is in line with budget expectations.
Risk	Y	The work of the internal audit service is an intrinsic element of the Council’s overall corporate governance, risk management and internal control framework.
Supporting Corporate Strategy	Y	This plan and the work of Internal; Audit supports all of the Council’s corporate strategy themes.
Climate Change – Carbon / Biodiversity Impact	Y	None directly arising from this report. The Internal Audit function, managed by Devon Audit Partnership is mindful of the need to minimise travel in completing the internal audit plan. Where possible, desk-top review of documents, and the use of electronic records, is used to support the audit process, although it is inevitable that on-site verification may be required at times. The team use an audit management system (Mki) which enables managerial review to take place remotely, thus also saving the need for travel.
Comprehensive Impact Assessment Implications
Equality and Diversity	N	There are no specific equality and diversity issues arising from this report.
Safeguarding	N	There are no specific safeguarding issues arising from this report.
Community Safety, Crime and Disorder	N	There are no specific community safety, crime and disorder issues arising from this report.
Health, Safety and Wellbeing	N	There are no specific health, safety and wellbeing issues arising from this report.
Other implications	N	There are no other specific implications arising from this report.

Supporting Information

Appendices: Appendix A – Draft Internal Audit Plan for 2023-24

Background Papers: None

Introduction Internal auditing is defined by the Public Sector Internal Audit Standards (PSIAS) which set out the requirements of a ‘Board’ and of ‘senior management’. For the purposes of the internal audit activity within the Council the role of the Board within the Standards is taken by the Council’s Audit and Governance Committee and senior management is the Council’s Leadership Team. This Council’s Internal Audit Charter formally describes the purpose, authority, and principal responsibilities of the Council’s Internal Audit Service, which is provided by the Devon Audit Partnership (DAP) as represented in the audit framework at appendix 1, and the scope of Internal Audit work. The PSIAS refer to the role of “Chief Audit Executive”. For the Council this role is fulfilled by the Head of Devon Audit Partnership. The Audit and Governance Committee, under its Terms of Reference contained in the Council’s Constitution, is required to review the Internal Audit Plan to provide assurance on the governance framework (see appendix 2). The Chief Audit Executive is responsible for developing a risk-based plan which considers the organisation’s risk management framework, including using risk appetite levels set by management for the different activities or parts of the organisation as represented in appendix 3. The audit plan represents the proposed internal audit activity for the year and an outline scope of coverage. At the start of each audit the scope is discussed and agreed with management with the view to providing Senior Management and members with assurance on the control framework to manage the risks identified. The plan will remain flexible, and any changes will be agreed formally with management and reported to Audit and Governance Committee. Expectations of the Audit and Governance Committee for this annual plan Members are requested to consider: · the annual governance framework requirements. · the basis of assessment of the audit work in the proposed plan. · the resources allocated to meet the plan. · proposed areas of internal audit coverage in 2023-24. Following consideration of the above, the Audit and Governance Committee are required to approve the proposed audit plan. Tony Rose Head of Audit Partnership	Contents
	Introduction
	Development of the Plan
	Audit Plan Summary
	Fraud and IA Governance
	Audit Plan


	Appendices
	1 – Audit Framework
	2 – Annual Governance Framework
	3 – Audit Needs Assessment
	4 – Audit delivery Cycle
	5 – Sector Risk Model

Development of the Audit Plan

This year’s audit plan has been developed through discussions with Senior Management, and consideration of the Council’s risk register and plan. It is also informed by previous audit findings, and our awareness of current themes in Devon and elsewhere, such as Climate Change and Homelessness.

Within the plan, we have provided good coverage of Council Corporate risks, and current public sector risks (see appendix 5). Audit coverage for the year is in the region of 436 days compared to 430 planned for 2022/23. To help identify future resource requirements and ensure good coverage of risk areas over the period we maintain an indicative four-year plan, but our focus for this meeting is to agree the audit days for 2023/24. The plan is a combined plan for South Hams and West Devon, but it indicates those audits relevant to each council only.

We have provided coverage of all Corporate Risks and include Follow Up audits for any Limited Assurance opinion audits we provided in 2022/23. We also include audits for areas recently taken back into Council control such as Waste and Recycling.

Audit Plan Summary

Our audit plan is grouped into the different management areas as shown in this chart. Further detail of the audits in each management area are provided in the table

Within the management areas, we identify the following different types of audits:

Key Financial Systems audits focused on the process and systems dealing with most of the Council’s income and expenditure and which have a significant impact on the reliability and accuracy of the annual accounts. These include Payroll, Creditors, Main Accounting System, Council Tax, Housing Benefit. This work will provide assurance that core controls continue to be effective despite the changing environment.

Risk based audits, particularly those relating to:

· Strategic Riskwhich has a significant impact on the council.

· Operational Risk which may impact on individual service areas.

We have provided indicative days for each audit to show the expected time to complete the audit. However, actual time to deliver may vary depending on the findings, but also other factors such as ease of audit access.

In accordance with the PSIAS, the plan is flexible, to reflect and respond to the changing risks and priorities of the Authority. As a result, it will be regularly reviewed and updated to ensure it remains valid and appropriate. As a minimum, the plan will be reviewed in six months’ time to ensure it continues to reflect the key risks and priorities.

Detailed terms of reference will be drawn up and agreed with management prior to the start of each assignment – in this way we can ensure that the key risks to the operation or function are considered during our review.

Other Essential Activity

This includes areas such as Audit Management, support to the National Fraud Initiative and Grant work. Compared to the last two years, we have not put in provision to support Covid-19 grant work, or LAG / LEAF grant work. During 2022/23, auditor resource continued to support this work above what was included in the plan resulting in the requirement to carry over work into 2023/24. We have estimated 20 days for this work.

We also include Audit Management in this area. This is work supporting effective and efficient audit services to the Council and ensuring the internal audit function continues to meet statutory responsibilities. In some instances, this work will result in a direct output (i.e., an audit report) but in other circumstances the output may simply be advice or guidance. It includes:

· Preparing the internal audit plan and monitoring implementation.

· Preparing and presenting monitoring reports to Leadership and the Audit and Governance Committee.

· Assistance with the Annual Governance Statement.

· Liaison with other inspection bodies such as External Audit.

· Financial Regulations Exemptions, and waivers.

· Corporate Governance - Internal Audit has become increasingly involved in corporate governance and strategic issues; this involvement is anticipated to continue.

Fraud Prevention and Detection and Internal Audit Governance

Fraud is a recognised risk area for the public sector and effective counter fraud activity assists in the protection of public funds and accountability. Our Counter Fraud Service continues to support work by the council to identify its fraud risks and consider effectiveness of its controls. To support this the authority is encouraged to agree a separate plan of counter fraud work. Our Counter Fraud service also oversees investigations, instances of suspected fraud and irregularities referred to it by managers and can also carry out testing of systems considered most at risk to fraud. Our services will liaise with the Council to focus resource on identifying and preventing fraud before it happens. This work is informed by the Fraud Strategy for Local Government “Fighting Fraud Locally”, and the publication “Protecting the English Public Purse”. Additional guidance recently introduced by CIPFA, in their ‘Code of practice on managing the risk of fraud and corruption’, and the Home Office ‘UK Anti-Corruption Plan’, are also relevant.

Partnership working with other auditors

We continue to work to develop effective partnership working arrangements between ourselves and other audit agencies where appropriate and beneficial. We participate in a range of internal audit networks, both locally and nationally, which provide for a beneficial exchange of information and practices. This often improves the effectiveness and efficiency of the audit process, through avoidance of instances of “re-inventing the wheel” in new areas of work which have been covered in other authorities.

The most significant partnership working arrangement that we currently have with other auditors continues to be that with the Council’s external auditors (Grant Thornton), One West, and Audit Southwest (Internal Audit for NHS).

SHWD Proposed Plan for 2023-24

Customer Services & Delivery
Council	Audit Area	AUDIT	Last Audited	Description	Audit Interval	Indicative Days
S.Hams & W.Devon	Key Financial Systems	Council Tax	2022/23	CORPORATE RISK: COST OF LIVING IMPACT ON SERVICES	Annual	10
S.Hams & W.Devon	Key Financial Systems	Housing Benefits	2022/23	Undertake late summer along with other Revenues reviews.	Annual	10
S.Hams & W.Devon	Key Financial Systems	Business Rates (NDR)	2022/23		Annual	10
S.Hams & W.Devon	Operational Risk	Building Maintenance & Works Commissioning	2021/22 (Limited Assurance); 2022/23 (Limited Assurance)	Further Follow Up audit of Limited Assurance report	2 yearly	10
S.Hams & W.Devon	IT Audit	ICT / Cyber Security Audit	2020/21 Health check; Access Management; 2021/22 Incident and Problem Management; Change Management; Business Continuity and Disaster Recovery: 2022/23 Cyber Security Malware and Ransomware (Reasonable Assurance)	Information asset owners & the processes for identifying/ managing systems users for: Northgate R&Bs, Civica Financials, HR & Payroll, W2, APP. Ascertain which ICT people have access to these systems, including remote access to core infrastructure. Consider back-up & resilience. Are back-up cycles same / different, are they appropriate and resilience – how easy to recover, bring systems back up.	Annual	25
S.Hams & W.Devon	Strategic Risk	Comments & Complaints	2019/20	Corporate system for recognising, recording & responding to comments & complaints.	3 yearly	10
S.Hams Only	Operational Risk	Waste - Household Waste & Recycling Collection	SH 15/16 - Improvement Required SH 17/18 F/U - Good	CORPORATE RISK: DELIVERY OF WASTE & RECYCLING Service brought back in house for SHAMS Oct 2022.	3 yearly	10
West Devon	Operational Risk	Contract Management - Waste & Recycling West Devon	SH 15/16 - Imp Required SH 17/18 F/U - Good	Contract management of this Service.	4 yearly	10
S.Hams Only	Operational Risk	Depots & Stores Control	2019/20 (Improvements Required)	Control of Vehicle, Plant, Fuel, Fuel Cards and Fuel Containers, New software to capture assets - review assets/vehicle/store controls	3 yearly	10
S.Hams & W.Devon	Operational Risk	Grounds Maintenance	2019/20 (Good Standard)	In 16/17 some issues with "ownership" for responsibilities identified - follow-up to check if issues now resolved.GM (incl Cemeteries & Churchyards) Community Parks & Open Spaces	3 yearly	15
S.Hams & W.Devon	Operational Risk	Car Parking	2019/20 (Good Standard)	Including income collection and enforcement	3 yearly	10
				CS&D TOTAL DAYS		130
Strategy and Governance
Council	Audit Area	AUDIT	Last Audited	Description	Audit Interval	Indicative Days
S.Hams & W.Devon	Strategic Risk	Corporate Governance	2016/17	Assess compliance with CIPFA Corporate Governance code	3 yearly	15
S.Hams & W.Devon	Strategic Risk	Culture & Ethics	16/17 (Good Assurance)	16/17 review looked to see if the "building blocks" were in place, future reviews likely to need a different slant. Perhaps concentrate on Staff Surveys, development of the organisation, risk appetite, compliance with rules (Constitution).	3 yearly	10
S.Hams & W.Devon	Strategic Risk	Counter Fraud arrangements	2022/23 - Annual Assurance	Annual report on Fraud arrangements	Annual	3
S.Hams & W.Devon	Procurement	Procurement	2022/23 (Limited Assurance)	Follow up of Limited Assurance report. Can include any aspect of procurement including the Sustainability of Significant Suppliers (financial resilience)	3 yearly	10
S.Hams & W.Devon	Operational Risk	Elections / Electoral Registration	Not Known	Arrangements to manage elections	3 yearly	5
S.Hams & W.Devon	Operational Risk	Members - allowances	2018/19	Administration of Members expenses.	3 yearly	6
S.Hams & W.Devon	Strategic Risk	Performance Management inc KIP's & Data Quality	2021/22 (Limited Assurance)	Follow up of Limited Assurance audit. Inc key performance indicators and the quality of source data (data quality). PI's - meaningful, add value, reported accurately, guidance notes.	3 yearly	5
S.Hams & W.Devon	Strategic Risk	Safeguarding	2020/21 (Reasonable Assurance)		2 yearly	10
S.Hams & W.Devon	IT Audit	Social Networking, Communications & Media	2019/20 (Good Standard)	High reputational risk, and important communication tool. Controls on posting on social media.	3 yearly	7
S.Hams & W.Devon	Operational Risk	Travel and Subsistence	2017/18 (Improvements Required)	Compliance with internal policies & HMRC requirements to retain receipts for VAT purposes.	2 yearly	10
S.Hams & W.Devon	Strategic Risk	Recruitment	Not Known	CORPORATE RISK: INADEQUATE STAFFING RESOURCES Includes right to work, DBS checks, checking of professional qualifications.	2 yearly	10
S.Hams & W.Devon	Operational Risk	Health and Safety	2020/21 (Reasonable Assurance)	Safety of staff and public impacted by council work	2 yearly	10
S.Hams & W.Devon	Operational Risk	Planning - Development Management	16/17 (Improvements Required)	Review of the planning process (meeting timescales) and new system (planed for end 23/24 or later).	4 yearly	10
S.Hams & W.Devon	Operational Risk	Insurance Service	2020/21 (Limited Assurance)		4 yearly	7
				S&G TOTAL DAYS		118
Finance
Council	Audit Area	AUDIT	Last Audited	Description	Audit Interval	Indicative Days
S.Hams & W.Devon	Key Financial Systems	Creditors	2022/23		Annual	15
S.Hams & W.Devon	Key Financial Systems	Debtors	2022/23		Annual	15
S.Hams & W.Devon	Key Financial Systems	Main Accounting System (inc budgetary control)	2022/23	CORPORATE RISK: ADHERENCE TO MEDIUM TERM FINANCIAL STRATEGY	Annual	15
S.Hams & W.Devon	Key Financial Systems	UK Shared Prosperity Fund	2022/23	Review & sign off of grants paid out from the Shared Prosperity Fund.	Annual	5
West Devon	Key Financial Systems	Okehampton Railway Station Levelling Up Fund	Not applicable	Arrangements of DCC & WD to deliver the work commissioned via the Grant etc.	NA	5
S.Hams & W.Devon	Key Financial Systems	Treasury Management	2022/23 (Substantial Assurance)		Annual	5
				FINANCE TOTAL DAYS		60
Place and Enterprise
Council	Audit Area	AUDIT	Last Audited	Description	Audit Interval	Indicative Days
S.Hams & W.Devon	Operational Risk	Environmental Services (Health & Safety)	Not Known	Fly tipping, abandoned vehicles, Air quality	2 yearly	8
S.Hams & W.Devon	Operational Risk	Food Safety	2018/19 (Good Standard)		3 yearly	10
S.Hams & W.Devon	Operational Risk	Commercial Properties and Rent	2019/20 (Limited Assurance); 2021/22 (Limited Assurance)	Follow up to Limited Assurance 2021/22 audit	2 yearly	10
S.Hams & W.Devon	Operational Risk	Housing	2020/21 (Limited Assurance) related to Housing Programme	CORPORATE RISK: COST OF LIVING IMPACT ON SERVICES Includes: Housing Strategy & RSL's & Housing Standards	3 yearly	10
S.Hams & W.Devon	Operational Risk	Homelessness	2018/19 (Good Standard)	CORPORATE RISK: HOMES FOR UKRAINE PLACEMENT BREAKDOWNS Includes Homes for Ukraine	3 yearly	10
				PLACE & ENTERPRISE TOTAL DAYS		48

Other Essential Activities
Task		Days
Completion of Previous Year Plan		20
Audit Management		30
Annual Internal Audit Report		2
Exemptions from Financial Regulations		3
Grants - LEAF and LAG		0
National Fraud Initiative		5
Contingency, Advice & Emerging Risks		20
TOTAL DAYS		80

	Overall Total Days	436

December	March	June	September	December

Date	Activity
Dec - Feb	Meetings with management to discuss the plan
Mar	Internal Audit Plan presented to Governance Committee
Mar	Internal Audit Governance Arrangements reviewed by Governance Committee
Mar-Apr	Year-end field work completed
April	Annual Performance reports written
May / June	Annual Internal Audit Report presented to Governance Committee
Apr to Mar	Progress Reports presented to each Governance Committee
Dec	Internal Audit Plan preparation commences

Fraud Prevention and Detection and Internal Audit Governance

The most significant partnership working arrangement that we currently have with other auditors continues to be that with the Council’s external auditors (Grant Thornton), One West, and Audit Southwest (Internal Audit for NHS).

Appendix 1 - Audit Framework

Appendix 2 - Annual Governance Framework Assurance

Appendix 3 - Audit Needs Assessment

Appendix 4 - Our Audit Team and the Audit Delivery Cycle

Internal Audit Plan 2023-24


South Hams
Audit & Governance Committee

9 March 2023



		$Devon Audit Partnership - shared working across authorities - in accordance with our internal audit charter ,C:\Users\tony.rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\SH logo_horizontal.png,C:\Users\tony.rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\WD logo_horizontal.png$