To consider the attached report.
Contact Officer: Kate Mulhearn (01296) 585724
The Head of Internal Audit (Corporate Governance Manager) was required to provide a written annual report to those charged with governance timed to support the Annual Governance Statement (AGS), and which should be presented to Members and considered separately from the AGS and the formal accounts.
The Committee received a report detailing the Corporate Governance Manager’s opinion on risk management, control and governance and their effectiveness in achieving the Council’s agreed objectives for 2016-17. The report also incorporated a summary of the work undertaken to support the opinion and a statement on conformance with the Public Sector Internal Audit Standards. Based on this work, the Corporate Governance Manager had provided the following opinion:-
“Generally satisfactory with some improvements required to specific systems and processes.
Governance, risk management and control in relation to business critical areas was generally satisfactory. However, there were some weaknesses in the framework of governance, risk management and control which potentially put the achievement of the Council’s objectives at risk.
Improvements were required in those areas to enhance the adequacy and effectiveness of governance, risk management and control.”
In forming this opinion the Corporate Governance Manager had confirmed that internal audit activity throughout 2016-17 had been independent from the rest of the organisation and had not been subject to interference in the level or scope of the audit work completed.
Thekeyfactorsthat contributedto the opinion weresummarisedas follows:-
· Overall the weaknessesincontrol designand operatingeffectivenessidentifiedwere mediumorlowrisk. Improvementshad beenmadeduring theyear in somekey financial systems(AccountsPayable, General Ledger, Budget Management) to strengthentheoverall control environment.
· Improvements werestill requiredina numberofareas. Highrisk reportshad beenissued for Accounts Receivableand HousingBenefits.
· A numberofinternal auditreports had highlightedinadequacies in the level of managementinformation,bothata corporateand servicelevel to enableeffective monitoringand oversight of bothfinancial andnon-financial performance.
A total of 13 assurance reviews had been completed in 2016/17 of which 2 had been classified as having a “high” risk, 6 a “medium” risk and 5 a “low” risk classification. This had resulted in the identification of 6 high, 21 medium and 25 low risk findings relating to weaknesses in the design and operating effectiveness of controls. This compared to 9 assurance reviews (6 high, 22 medium and 9 low priority recommendations) in 2015/16, although a direct comparison could not be made.
A summary of the reviews undertaken and the opinion given was detailed at Section 3 of the Corporate Governance Manager’s report.
A number of weaknesses had been identified that needed to be reported in the Annual Governance Statement, and which related to the “high risk” reports issued for Accounts Receivable and Housing Benefits and a general theme about lack of management information. A summary of these high risks was also detailed in Section 3 of the Corporate Governance Manager’s report.
Other internal audit work undertaken during the year had included regularly reviewing and reporting of the corporate risk register to the Commercial Board, Audit Committee and to Cabinet.
All agreed actions arising from audit reports were kept under review by Internal Audit and regular reports on overdue actions were provided to the Audit Committee. There were no significant issues to report regarding the follow up of any audit recommendations.
The Council’s internal audit function has been restructured during 2016/17 as part of the Commercial AVDC transformation programme. Since September 2016, the Head of Internal Audit role has been fulfilled by the Corporate Governance Manager and work has been performed by an external service provider under a co-source arrangement.
A self-assessment against the requirements of the Public Sector Internal Auditing Standards (PSIAS) had been conducted in 2013 and the gap analysis and action plan had been last updated in July 2015. During 2016, the requirements of PSIAS had been considered and there are no areas of concern to indicate that the current arrangements were not fullycompliant with the Standards. During 2017/18 a new co-source contract would be procured and compliance with PSIAS would be considered as part of the service specification.
Members requested further information and were informed that the Report risk rating at the Summary of Internal Audit Activity for 2016/17 was based on the risk rating findings relating to the individual reviews. A definition of the risk classifications (critical, high, medium and low) was detailed at Appendix 2 to the Committee report.
Members expressed their thanks to Officers for the good quality of the audit work undertaken during 2016/17.
That the content of the Corporate Governance Manager’s annual report for 2016-17 be noted.