Report to:			Audit and Governance Committee
Date:			27 July 2023
Title:			Annual Internal Audit Report for 2022-23
Portfolio Area:			Cllr Julian Brazil – Leader of the Council
Wards Affected:			All
Urgent Decision:		N		Approval and clearance obtained:			Y
Author:	Paul Middlemass				Role:	Audit Manager
Contact:	Paul.Middlemass@devon.gov.uk    07736 155687 Tony.d.Rose@devon.gov.uk   01392 383000

 

 

RECOMMENDATION:   That Members note the Internal Audit Report for 2022-23 and consider it when reviewing the Annual Governance Statement.

 

1. Executive summary

 

The purpose of this report is to provide members with the annual report summarising  internal audit assurances provided during 2022-23 to inform the Annual Governance Statement.   

 

2. Background

 

The Audit and Governance Committee, under its Terms of Reference contained in South Hams District Council’s Constitution, is required to monitor, and review the internal audit programme and findings, and the associated progress and performance of Internal Audit.

 

The Accounts and Audit (Amendment) (England) Regulations 2015 require that all Authorities need to carry out an annual review of the effectiveness of their internal audit system and need to incorporate the results of that review into their Annual Governance Statement (AGS), published with the annual Statement of Accounts.

 

The purpose and role of Internal Audit, and of the related Council responsibilities is also contained in the Internal Audit Charter and Strategy.

 

 

 

3. Outcomes/outputs

Members will note the assurances provided by Internal Audit and consider them when reviewing the  Annual Governance Statement.      

 

4. Options available and consideration of risk

No alternative operation has been considered as the function of internal audit is a requirement of Corporate Governance.

 

5.  Proposed Way Forward

That Audit Committee notes the Annual Report of Internal Audit (Appendix A).

 

6. Implications

 

Implications	Relevant to proposals Y/N	Details and proposed measures to address
Legal/Governance	Y	The Accounts and Audit Regulations 2015 issued by the Secretary of State require every local authority to undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account public sector internal auditing standards. The work of the internal audit service assists the Council in maintaining high standards of public accountability and probity in the use of public funds. The service has a role in promoting robust service planning, performance monitoring and review throughout the organisation, together with ensuring compliance with the Council’s statutory obligations.
Financial	Y	There are no additional or new financial implications arising from this report. The cost of the internal audit team is in line with budget expectations.
Risk	Y	The work of the internal audit service is an intrinsic element of the Council’s overall corporate governance, risk management and internal control framework.
Supporting Corporate Strategy	Y	This Progress Report and the work of Internal; Audit supports all of the Council’s corporate strategy themes.
Climate Change – Carbon / Biodiversity Impact	Y	None directly arising from this report.  The Internal Audit function, managed by Devon Audit Partnership is mindful of the need to minimise travel in completing the internal audit plan.  Where possible, desk-top review of documents, and the use of electronic records, is used to support the audit process, although it is inevitable that on-site verification may be required at times. The team use an audit management system (Mki) which enables managerial review to take place remotely, thus also saving on the need for travel.
Comprehensive Impact Assessment Implications
Equality and Diversity	N	There are no specific equality and diversity issues arising from this report.
Safeguarding	N	There are no specific safeguarding issues arising from this report.
Community Safety, Crime and Disorder	N	There are no specific community safety, crime and disorder issues arising from this report.
Health, Safety and Wellbeing	N	There are no specific health, safety and wellbeing issues arising from this report.
Other implications	N	There are no other specific implications arising from this report.

 

Supporting Information

 

Appendices:

Appendix A – Internal Audit Annual Report for 2022-23

 

Background Papers:

Internal Audit Plan 2022/23 as approved by Audit and Governance Committee.

 

 

 

 

 

 

 

 

 

 

 

 

Annual Internal Audit Report 2022-23
South Hams
Audit & Governance Committee
27 July 2023

Introduction

Contents	Page
Introduction	1
Opinion Statement	2
Summary Assurance Opinions	3
Audit Coverage and Performance   against the Plan	4
Appendices
1   Remaining Audit Reports &          Findings	7
2. Professional Standards and         Customer Service	13
3   Audit Authority	14
4   AGS Annual Governance Assurance Framework	15
6   Customer Service Excellence	16
6   Basis for Opinion	17

The Audit and Governance Committee, under its Terms of Reference contained in the Council’s Constitution, is required to consider the Chief Internal Auditor’s annual report, to review and approve the Internal Audit programme, and to monitor the progress and performance of Internal Audit.

The Accounts and Audit (Amendment) (England) Regulations 2015 introduced the requirement that all Authorities carry out an annual review of the effectiveness of their internal audit system, and to incorporate the results of that review into their Annual Governance Statement (AGS), published with the annual Statement of Accounts.

The Internal Audit plan for 2022-23 was presented and approved by the Audit and Governance Committee in March 2022. The following report and appendices set out the background to audit service provision, a review of work undertaken during the year and provides an opinion on the overall adequacy and effectiveness of the Authority’s internal control environment.

The Public Sector Internal Audit Standards require the Head of Internal Audit to provide an annual report providing an opinion that can be used by the organisation to inform its governance statement. This report provides that opinion.

Expectations of the Audit and Governance Committee from this annual report

Audit and Governance Committee members are requested to consider:

·         the assurance statement within this report.

·         the basis of our opinion and the completion of audit work against the plan.

·         the scope and ability of audit to complete the audit work.

·         audit coverage and findings provided.

·         the overall performance and customer satisfaction on audit delivery.

 

In review of the above the Audit and Governance Committee are required to consider the assurance provided alongside that of the Executive, Corporate Risk Management and external assurance including that of the External Auditor as part of the Governance Framework (see appendix 5) and satisfy themselves from this assurance to support signing the Annual Governance Statement.

 

Opinion Statement

This opinion statement will provide Members with an indication of the direction of travel for their consideration for the Annual Governance Statement see appendix 4.

The Authority’s internal audit plan for the year includes specific assurance, risk, governance and value-added reviews which, with prior years audit work, provide a framework and background within which we assess the Authority’s control environment. The Head of Internal Audit’s Opinion is informed by the assurance conclusions obtained in the audits undertaken in 2022-23. Significant weaknesses identified should be considered by the Authority in preparing its Annual Governance Statement for 2022-23.

In undertaking our audits, Internal Audit assesses whether controls are operating satisfactorily and provide an overall opinion on the adequacy of controls to management within the audit report. Audit reports include an action plan with responsible officers and target dates to address control issues. While implementation of action plans rests with management, high priority and other recommendations are reviewed during subsequent audits or as part of specific follow-ups. 

Underpinning our overall Reasonable Assurance Opinion are the twelve Substantial, twelve Reasonable, and three Limited Assurance Opinions provided. The summary Assurance Opinions chart provides a “Themed” overview.  

Internal Control Framework  The control environment comprises the policies, procedures and operational systems including processes to establish and monitor the achievement of the Council’s objectives; facilitate policy and decision making; ensure economical, effective, and efficient use of resources, compliance with established policy, procedure, law and regulation; and safeguard the Council’s assets and interests from losses of all kinds. The Council’s overall internal control framework is considered to have operated effectively during the year. This is supported by the high proportion of Substantial Assurances we have provided. Core financial and administrative systems were reviewed by us and found to be largely effective. Where we have highlighted some weaknesses in compliance to key controls, none are considered to have had a material impact on the Authority’s operations. A concern relates to monitoring the implementation of management actions agreed in audit reports. Work is now underway to review management actions to ascertain if they have been completed.
Risk Management Risks were discussed in appropriate forums including members, and there is a Risk Management Group although notes of these meetings should be kept. The formal Risk Management Strategy needs review and refreshing, and risk management embedded in all business areas.	Governance Arrangements Corporate Strategies have recently been updated and there was good linkage to performance management arrangements. Good partnership arrangements are held with several organisations. There was a good framework of policies, activities, and training supported staff health and wellbeing.	Performance Management A hierarchy of strategies and delivery plans support reporting to senior management and members. Most service areas had performance measures, but work is needed to ensure coverage in all areas.

Substantial Assurance	A sound system of governance, risk management and control exists, with internal controls operating effectively and being consistently applied to support the achievement of objectives in the area audited.	Limited Assurance	Significant gaps, weaknesses or non-compliance were identified. Improvement is required to the system of governance, risk management and control to effectively manage risks to the achievement of objectives in the area audited.
Reasonable Assurance	There is a generally sound system of governance, risk management and control in place. Some issues, non-compliance or scope for improvement were identified which may put at risk the achievement of objectives in the area audited.	No Assurance	Immediate action is required to address fundamental gaps, weaknesses or non-compliance identified. The system of governance, risk management and control is inadequate to effectively manage risks to the achievement of objectives in the area audited.

Summary of Assurance Opinions by Service area

We have grouped our audit assurance opinions during 2022-23 under the responsible Service area in the diagram below. The ratings are relevant at the time of the audit review and assurance may have improved since that time.

 

Audit Coverage and performance against plan

We completed 92% of the plan agreed for 2022/23 (to draft /final report stage) by May 2023. This was despite re-allocation of the internal audit team resource to support grant checking (85 days on C-19 Business Grants) and other work during the year. DAP provided audit resource and delivered several audits to compensate for these days. Some audits were cancelled or deferred at management request. There is allocation of days in the 2023-24 audit plan to complete the audits carried forward into 2023/24.

The Chart opposite shows the mix of assurance opinions provided over the year.

Our assurances include three Limited Assurance opinions, which relate to the following reviews:

Building Maintenance - Follow Up: Significant weaknesses remain as previously reported, including the absence of a strategy to guide asset maintenance and a large part of the work undertaken is reactive, rather than planned. We are confident management has prioritised actions to address these weaknesses.  

Procurement: Work is needed to take forward the actions in the procurement strategy and create a comprehensive contract register. The limited procurement expertise limits the amount of value-added activity that can be undertaken.

Markets (South Hams only): Existing procedures need improvement to improve current controls and protect the officers managing them and market users.

We also reviewed progress to implement improvements on Council Tax, and Business Rates. Our annual report for 2021-22 reported the Limited Assurance opinions for these audits. We undertook follow up reviews in April 2023 and confirm that work is being progressed to implement the agreed recommendations. Further reviews will be undertaken in 2023-24 to assess if the assurance level has improved.

This year’s mix of opinions compare to the six Substantial, seven Reasonable, and five Limited Assurance audit opinions provided for 2021/22.

Implementation of Internal Audit Recommendations: In our audits we assess if management actions from previous reviews have been implemented. During the year we identified audits where these had not been implemented, meaning that the control weakness and risk remains. The council has now reviewed previous management actions.  Of the 219 High / Medium management actions with target dates to the end of 2022, 68 are complete, 12 are superseded (for instance relate to systems no longer in use), 55 are in progress but overdue, and 12 are overdue and not started. Management is continuing to progress the remaining management actions.

 

.           

 

At Appendix 1 we include a summary of the audits delivered since the Audit and Governance Committee of March 2023. Summaries of the other audits delivered prior to that meeting were included in reports to the Committee during the year.

Value Added

We know that it is important that the internal audit service seeks to "add value" whenever it can and we believe internal audit activity has added value to the organisation and its stakeholders by:

·      Providing objective and relevant assurance.

·      Contributing to the effectiveness and efficiency of the governance, risk management and internal control processes.

This current year, we have sought to add value by increasing the number of similar audits undertaken in different partners to support compare and contrast activity, and to identify best practice. We also actively worked with management to progress actions to reduce their risk in areas such as Building Maintenance and Procurement and focused on high-risk areas such as Cyber Security.

We also issued relevant information bulletins on:

·         Good practice and reflections on District Councils’ progress to meet Climate Change objectives.

·         Comparison of agenda items presented to Devon District Audit and Governance Committee.

Finally, we have provided advice and guidance on good practice related to Governance, Risk Management and Fraud. Appendix 5 provides details of the specific feedback for the council and all our clients.

Fraud Prevention and Detection

Overall, the risk of fraud at the Council is considered low.  We continue work with managers to discuss their fraud risks and assess whether controls are sufficient / effective. We have recently helped the council to update the following counter fraud documents:

·         Anti-Fraud Bribery and Corruption Policy.

·         Anti-Fraud Bribery and Corruption Strategy and Response Plan.

·         Whistleblowing Policy.

·         Fraud risk register – we produced an initial draft setting out what we consider were the most significant risks.

These policies will be presented to the September Audit and Governance Committee meeting.

As part of the review, we competed an assessment of the council’s arrangements against the CIPFA best practice framework. Our benchmarking review concluded that the result of the councils “benchmarking against best practice is encouraging and supports the opinion that the Council is committed to reducing fraud losses to the minimum level possible”. We provide a summary of the report in Appendix 1.

All our internal audit assignments include considering the potential for fraud and how the council prevents such fraud occurring.  Our audits on the key financial systems (Payroll, Creditors, Council Tax etc) consider the suitability and robustness of the control framework to prevent, detect and address fraud. The national data matching exercise (National Fraud Initiative - NFI) is supported by the Council. There were no significant investigations required during the year.

For 2023-24, we are continuing our support to a review by a contractor of Single Person Discounts for Council Tax which is funded by the County Council.

Grant Assurance Work

At management request we undertook extensive work to confirm that controls over grants were effective: 

·         Covid Business Grant: we provided evidence to Business Energy and Industrial Strategy that grants awarded were in line with scheme requirements, identified a minimal number of instances where grants were incorrectly issued and supported their recovery, and ensured grant records were retained. We provided a Substantial Assurance opinion that payments were accurately made, and scheme administration conformed with the guidance.

·         South Devon Local Action Group / Greater Dartmoor Local Enterprise Action Fund (LAG / LEAF): we completed work to confirm the reasonableness of work undertaken by Diverse Regeneration Company, and the accuracy of their management and administration costs. Grant claims were compiled on behalf of SHDC and evidence collated for submitted to the RDPE in accordance with strict rules. The Programme concluded in 2023 with submission of the final claim for management and administration costs.

 

 

 

 

 

 

 

Appendix 1 – Summary of remaining 2022-23 audit reports delivered since March 2023

	Audit / Assurance Opinion Summary, risk exposure and management actions Regeneration and Investment   Substantial Assurance The Councils have a clear Regeneration and Investment Strategy on which to base investment decisions. They each have a Regeneration and Investment Strategy (R&IS) which supports the statutory annual Capital Strategy and Investment Strategy. The R&IS define the framework for determining non-financial investments but also provide delegated powers to allow expedient decision-making if time bound investment opportunities are identified. Adherence to the objectives and desired outcomes within the R&IS, as well as the stated risk management, due diligence and governance arrangements, gives officers and members assurance that a sound and logical decision has been made. There is regular monitoring and review of the performance of the investment properties, with reports taken to senior managers and members. Exit strategies are developed for each property, covering the period to the next significant lease event, when they are refreshed. If a property is under-performing or no longer meeting the objectives of the R&IS, all options are reviewed. When appraising any acquisition officers consider debt proportionality (the amount borrowed to date against the net service expenditure ratio) on a case-by-case basis as part of the decision-making process. They also undertake sensitivity analysis of the interest repayments on their borrowing requirements as a percentage of available reserves to ensure there is sufficient coverage if rental income is below that forecast. Ten percent of rental income is put into a Maintenance, Management and Risk Mitigation (MMRM) Reserve as part of contingency arrangements. At 31 March 2023 the aggregate value of Council investment properties were: ·                SHDC properties were valued at £16.89m (compared to £18.61m at 31 March 2022). The two properties currently generate a net annual income of £652k, allowing for borrowing costs and a contribution to a Maintenance Management and Risk Mitigation Reserve. ·                WDBC properties were valued at £16.63m (compared to £19.12m at 31 March 2022). In 2022/23 the net revenue income totalled £300k and is predicted to rise to £350k in 2023/24 in line with rent reviews. Since the four WDBC investment properties were purchased in 2018/19, they have generated an aggregate net revenue income of £1.35m. Property values have fallen due to the increasing cost of finance, rising interest rates and wider economic factors. High inflation and the Bank of England’s response to raise interest rates has meant further pressure on the cost of debt which is factored into pricing for property assets. Changes in the 2023 fair value valuations have partly been driven by a softening of the yield. The cost of debt has risen and its availability has reduced, which together with the outward movement in gilt yields from historically low levels has had an adverse impact on property values. Yields in property have risen, which has reduced property values, which are derived from rent and yield. As the Councils do not intend to sell the properties as they are held as long term strategic assets, the more important factor is whether they are generating the expected rental income, which at the current time they are achieving. The reduction in the fair value valuation has no impact on the Councils’ “bottom-line” of the Income and Expenditure Account, as it is reversed out through the Capital Adjustment Account. The Code confirms that movements in fair value are debited to the provision of services and are not proper charges to the General Fund (as explained in Note 13, Investment Properties, in the Statement of Accounts). Since the PWLB restricted the use of their loans to within a Council's own area, it is very unlikely either authority will make further non-financial investments or require use of the Regeneration and Investment Strategy. However, officers continue to monitor opportunities and feel it is appropriate to retain the Strategies in case of need as they provide a scheme of delegation which allows expedient, auditable decision making. There were no Management Actions. Corporate Information Management   Substantial Assurance     A good programme of staff training and guidance is in operation, with comprehensive coverage of content and materials on data protection and information governance. In line with this, there are timely review and monitoring schedules in operation to ensure maximal take-up of induction & mandatory staff training alongside appropriate refresher training. The Information Governance staff training programme addresses the issue of potential cyber-security threats through dedicated cyber security training provided by the online security awareness training platform, KnowBe4. Internal Audit were informed that this training covers the following areas related to cyber security: Review of latest Information Security Policy, password tips, social engineering red flags, and staff roles in internet security. Additionally, specific coverage of Malware, Ransomware and Phishing is provided as part of this training. Staff are subjected to quizzes to test their learning and understanding. Completion rates for this training have been reported by SHWD as ‘high’, which supports the Council’s cyber security posture. We agreed one Medium Management Action. VAT Arrangements   Reasonable Assurance There were good arrangements to manage most of the Councils’ VAT affairs. A new Senior Accountant was appointed in late 2022 who has good VAT knowledge, creating capacity to proactively manage the Councils' VAT affairs and ensure this is being done as effectively as possible. There is also additional capacity to manage and develop the Finance Business Support team who are responsible for processing the majority of the Councils' creditor and debtor transactions and so are key in performing initial checks of invoices with respect to VAT. There is reliance on the understanding of staff across the organisation and unavoidable manual processes when dealing with VAT. This emphasises the need for constant vigilance and mitigating checks and balances wherever possible. Provision of training for specific areas would be beneficial. The VAT guidance was publicised to staff during March 2023. We noted a small number of minor errors because of some manual processes. Two examples of non-VAT invoices being treated as valid VAT invoices were identified, an issue which we raised in last year's Creditors audit report. Some officers regularly fail to obtain a valid VAT invoice or receipt for purchases paid for by corporate credit card, meaning VAT cannot be reclaimed on these transactions. We have repeated some observations made in the previous audit report, as despite these being implemented there remains scope for additional improvement or for officers in other business areas to be further reminded of their responsibilities. We agreed six Medium and three Low Management Actions. Business Continuity   Reasonable Assurance Senior management understand the importance of business continuity management and how it supports a more resilient organisation. The Councils satisfy most of the business continuity requirements outlined in the CCA 2004. The organisational Business Continuity Strategy and Plan were recently refreshed and outline the Councils’ approach to business continuity management and how they will respond to an incident. A Business Continuity Management Team (BCMT) is in place to manage the response to a significant incident or emergency. Business continuity reporting to senior managers has recently been strengthened and the Audit and Governance Committees receive periodic updates as part of the periodic Strategic Risk Updates. Resilience has improved from management of incidents such as the Covid pandemic, and loss of internet service to the Councils. Lessons from the Councils’ response to the Covid pandemic have been, or are being, addressed. However, whilst these live incidents have helped validate some business continuity arrangements, there are no routine exercises to test all aspects of BCPs and to identify weaknesses. There is also no Council-wide process to ensure all business area BCPs are periodically reviewed. For instance, some service BCPs are updated only when prompted by incidents or a co-ordinating officer. A training plan is being delivered to all officers with business continuity responsibilities to ensure they understand  their role. We agreed one High Recommendation on the need for routine and planned testing and exercising of the Business Continuity Plans. Debtors   Reasonable Assurance The Councils have a good focus on the collection of debt in most areas. There are good processes to monitor and manage debt collection, staff resources appear sufficient to support this. While debt write offs are occurring, overall, these have reduced significantly over the last five years. There are services plans to improve debt management and recovery activities across departments and to review processes and customer documentation. We noted in our Revenues and Benefits audit reports that more focus was required on the use and management of debt collection agencies; this should be considered for other Council debts. That said, the use of the unsupported Debtors software increases the risk of cyber-attack and loss of data. The data held on all systems needs urgent review to cleanse old data to improve efficiency and conform to data protection requirements. A project has been set up within the finance team to address this. Comparison of the overall debt at year end from 31 Mar 2019 and 31 March 2023 shows an increase in debt from £1.5m to £2.5m for South Hams, and from £600k to £900k for West Devon. However, most of the debt, approx. 83% is less than a year old improving the likelihood of collection. We noted the following in respect of specific debt areas: Sundry Debts: Total sundry debt at year end 2023 was £1,744,664 for South Hams, and £843,811 for West Devon, with a high proportion of the debt less than a year old. Over the last four years there have been steady increases in that debt, which on 31 March 2019 stood at £685,600 and £434,555 respectively. It should be noted that over half of the sundry debt level for South Hams relates to four individual debtors. Some of the debts were raised close to the year end (31.3.23), for example for a Section 106. Since then, these debts have either been cleared or the debtor is paying the debt in line with an agreed payment plan. Equally for West Devon, 2/3rds of the debt relates to a small number of individual debtors who are paying in accordance with an agreed payment schedule.   Housing Benefit with Entitlement: Discounting a large overpayment recently created for South Hams, the overall value of debt has shown a regular decline over the last 5 years, to £121,701 for South Hams, and £52,926 for West Devon at 31 March 2022.   Car Parking: The level of debt related to Car Park Notices is lower than that held in 2018/19. While parking income has increased since the pandemic, these are still below pre Covid-19 levels for West Devon. We agreed two High, two Medium, and ten Low Priority Management Actions. Partnership Management   Reasonable Assurance The Councils have formal partnerships with many disparate organisations, but work is needed to improve clarity on the important ones they choose to support. Whilst there is a draft Key Partnerships Framework reviewed by the SLT in September 2022, work is required to develop and approve it. This includes defining what agreements would be included as a Partnership, for instance as opposed to grants to voluntary organisations.  Officers demonstrated a good understanding of the benefits and risks associated with working in partnership with other organisations but there is limited guidance for those less experienced. Each of the partnerships we reviewed considered whether they were continuing to deliver agreed objectives, with subsequent reporting to a management board. The provision of checklists may better assist officers in assessing a proposed partnership, as well evidencing review of their continued relevance. Whilst partnership agreements were in place, copies were not always held by the Councils’ Lead Officer for the partnership. This is of concern given these are quasi-legal documents. Some were quite aged whilst others are regularly reviewed and updated. For recipients of grant-funding, the completed application form acts as the agreement between themselves and the Council. Arrangements are in place to allow the Councils to monitor and review the work and performance of those partnerships of which they are members. Both true partnerships and grant recipients provide elected members with updates. For the former, a report is taken to members usually annually. Grant recipients are required to report to members with a frequency determined by the value of their grant. Those in receipt of £10k per annum or more must provide at least an annual report whilst those receiving less may only be required to report once in the multi-year funding period. Best practice recommends partnerships undertake internal reviews to ensure they remain fit for purpose and identify any changes which may be beneficial for governance and other arrangements. There was evidence the formal partnerships we reviewed, monitored and reported on their own performance, whilst some, but not all, made more in-depth reviews of their governance arrangements. We agreed five Medium and three Low Management Actions. Markets (South Hams only)   Limited Assurance   The Council has operated a successful market at Totnes for years and has a thriving attendance by traders and customers. We confirmed that although procedures are in place regarding the market operation, income collection, trader compliance and market trader allocations, controls and procedures do not adequately mitigate the risks identified. Existing procedures need improvement to ensure they control these weaknesses. Management has already highlighted that the current regulations and procedures need review to ensure that they are still compliant and protecting both the Council and the market traders. Recommendations have been agreed to further improve the controls and protect the officers managing them and market users as follows: ·         Update and issue of policies and procedures to market traders, to be regularly signed by each trader, including casuals and actions taken on any contraventions. ·         All trader’s insurance and other compliance requirements are shown to have been checked accurately, this should be completed promptly and include casual traders. This should be supported by a centralised database of trader records managed under the required Data Protection and related policies. ·         An audit trail should be available to confirm that all income is received, and to protect the integrity of the officers responsible for collecting rents. Reconciliations should be completed and retained between the expected rents, the number of traders attending each market, the daily income, refunds recorded on the Square system and ultimately to the banking received. ·         Undertaking independent reviews and documented spot checks of the markets, traders, and income received. ·         An audit trail to support rent discounts to agreed tariffs, management approval and refund records. ·         There should be sufficient separation of duties to protect the role of the Market Inspectors in the charging of rents and allocation of pitches. Comprehensive records to support pitch allocation, such as a scoring system, should be held to support the allocation of permanent and casual pitches for each market and that these are completed in agreement with the approved allocation policies. ·         That new and existing improvements to the management of the market are outlined in the required policies and procedures and officers confirm that they will abide with these procedures. Regular independent checks should be held to confirm compliance. ·         That there is a coordinated approach to the management of the market and where required, data and resources are actively shared and co-ordinated. We agreed two High, eight Medium and six Low priority Management Actions

 

 

Appendix 2 - Professional Standards and Customer Service

Conformance with Public Sector Internal Audit Standards (PSIAS)

Devon Audit Partnership conforms to the requirements of the PSIAS for its internal audit activity. The purpose, authority and responsibility of the internal audit activity is defined in our internal audit charter, consistent with the Definition of Internal Auditing, the Code of Ethics and the Standards. Our internal audit charter was approved by senior management and the Audit and Governance Committee in 2022. This is supported through DAP self-assessment of conformance with Public Sector Internal Audit Standards & Local Government Application note.

Quality Assessment –The Head of Devon Audit Partnership maintains a quality assessment process which includes review by audit managers of all audit work. The quality assessment process and improvement is supported by a development programme. 

External Assessment - The PSIAS states that a quality assurance and improvement programme must be developed; the programme should be informed by both internal and external assessments.

 

An external assessment must be conducted at least once every five years by a suitably qualified, independent assessor. For DAP this was recently conducted at the end of 2021 by the Head of Southwest London Audit Partnership, and the Chief Internal Auditor of Orbis (a partnership organisation covering Brighton and Hove, East Sussex, and Surrey County Council). 

The assessment result was that “Based on the work carried out, it is our overall opinion that DAP generally conforms* with the Standards and the Code of Ethics”. The report noted that “As a result of our work, a small number of areas where partial conformance was identified. These were minor observations, none of which were significant enough to affect the overall opinion”. DAP is actively addressing these improvement areas.

*Generally Conforms – This is the top rating and means that the internal audit service has a charter, policies and processes that are judged to be in conformance to the Standards

Improvement Programme –DAP maintains a rolling development plan of improvements to the service and customers. All recommendations of the external assessment of PSIAS and quality assurance were included in this development plan and have been completed. This will be further embedded with revision of our internal quality process through peer review. Our development plan is regularly updated, and a status report reported to the DAP Management Board. 

Customer Service Excellence

DAP was successful in re-accreditation by G4S Assessment Services of the CSE standard during January 2023. This accreditation is a UK-wide quality mark which recognises organisations the prioritise customer service and are committed to continuous improvement.

 

During the year we have issued client survey forms for some of our reports, and the results of the surveys returned were very good / positive. The overall result is very pleasing, with near 97% being "satisfied” or better across our services (see Appendix 4).  It is very pleasing to report that our clients continue to rate the overall usefulness of the audit and the helpfulness of our auditors highly.

 

 

 

 

 

Appendix 4 - Annual Governance Framework Assurance

 

The conclusions of this report provide the internal audit assurance on the internal control framework necessary for the Committee to consider when reviewing the Annual Governance Statement.

The Annual Governance Statement provides assurance that

o  the Authority’s policies have been complied with in practice.

o  high quality services are delivered efficiently and effectively.

o  ethical standards are met.

o  laws and regulations are complied with.

o  processes are adhered to.

o  performance statements are accurate.

The statement relates to the governance system as it is applied during the year for the accounts that it accompanies. It should:

·    be prepared by senior management and signed by the Chief Executive and Chair of the Audit and Governance Committee.

·    highlight significant events or developments in the year.

·    acknowledge the responsibility on management to ensure good governance.

·    indicate the level of assurance that systems and processes can provide.

·    provide a narrative on the process that has been followed to ensure that the governance arrangements remain effective. This will include comment upon;

o  The Authority.

o  Audit and Governance Committee.

o  Risk Management.

o  Internal Audit.

o  Other reviews / assurance.

Provide confirmation that the Authority complies with CIPFA / SOLACE Framework Delivering Good Governance in Local Government. If not, a statement is required stating how other arrangements provide the same level of assurance

Appendix 5 - Customer Service Excellence

For each audit we issue a customer feedback form.  The results we receive help us shape our service; it helps to identify possible training needs for staff and helps us understand the areas of our process that are more challenging for the auditee. The diagram below shows the feedback results for the whole of DAP.

Appendix 6 - Basis for Opinion

The Chief Internal Auditor is required to provide the Council with an opinion on the adequacy and effectiveness of its accounting records and its system of internal control in the Council. In giving our opinion, it should be noted that this assurance can never be absolute. The most that the internal audit service can do is to provide reasonable assurance, formed from risk-based reviews and sample testing, of the framework of governance, risk management and control.

 

This report compares the work carried out with the work that was planned through risk assessment; presents a summary of the audit work undertaken; includes an opinion on the adequacy and effectiveness of the Authority’s internal control environment; and summarises the performance of the Internal Audit function against its performance measures and other criteria. The report outlines the level of assurance that we are able to provide, based on the internal audit work completed during the year. It gives:

·         a statement on the effectiveness of the system of internal control in meeting the Council’s objectives:

·         a comparison of internal audit activity during the year with that planned;

·         a summary of the results of audit activity and;

·         a summary of significant fraud and irregularity investigations carried out during the year and anti-fraud arrangements.

 

 

The Devon Audit Partnership has been formed under a joint committee arrangement.  We aim to be recognised as a high quality internal audit service in the public sector.  We work with our partners by providing a professional internal audit service that will assist them in meeting their challenges, managing their risks and achieving their goals.  In carrying out our work we are required to comply with the Public Sector Internal Audit Standards along with other best practice and professional standards.

The Partnership is committed to providing high quality, professional customer services to all; if you have any comments or suggestions on our service, processes or standards, the Head of Partnership would be pleased to receive them at Tony.D.Rose@Devon.gov.uk.

 

 

This report is protectively marked in accordance with the National Protective Marking Scheme. It is accepted that issues raised may well need to be discussed with other officers within the Council, the report itself should only be copied/circulated/disclosed to anyone outside of the organisation in line with the organisation’s disclosure policies.

This report is prepared for the organisation’s use.  We can take no responsibility to any third party for any reliance they might place upon it.