To consider the report attached as Appendix E coloured pink.
Contact Officer: Evelyn Kaluza (01296) 585549
The Business Assurance Services Manager was required to provide a written annual report to those charged with governance timed to support the Annual Governance Statement (AGS), which should be presented to Members and considered separately from the AGS and the formal Accounts.
The Committee received a report detailing the Business Assurance Services Manager’s opinion on risk management, control and governance and their effectiveness in achieving the Council’s agreed objectives for 2014-15. Based on this work, Business Assurance Services (BAS) had reached the overall opinion that satisfactory assurance could be provided on the adequacy and effectiveness of the control environment. There were no specific governance, risk management and internal control issues of which the Manager had been made aware of during the year which caused any qualification of the above opinion.
In forming this opinion the Business Assurance Services Manager had confirmed that internal audit activity throughout 2014-15 had been independent from the rest of the organisation and had not been subject to interference in the level or scope of the audit work completed.
A total of 9 assurance reviews had been completed in 2014-2015 of which 4 had been given a “Substantial” assurance, 5 a “Reasonable” assurance and one a “Limited” assurance. In addition there had been one project review with an “amber/green” delivery confidence rating.
There were still a number of outstanding recommendations from 13/14 which related to the financial systems controls which could not be addressed by the existing finance system APTOS. However it was expected that the replacement finance system would address all of these weaknesses when it was implemented for 2015/16.
All agreed actions arising from audit reports were kept under review by Business Assurance Services and regular reports on overdue actions were provided to the Audit Committee.
Advisory work had also been completed from the Assurance Strategy and Plan on data transparency, the new finance system, project management maturity and on the Information Governance Group’s Risk Register.
Business Assurance officers had attended the three levels of governance of major projects (i.e. Project Board meetings, Major Projects Project Managers Group and the Major Projects Sponsors Group) to provide advice on risk and control. As a result, advisory areas of work which were not on the plan had been initiated on areas of risk including the banking contract and on confidential shredding.
The audit of the Financial System and Budgetary control from 2012-13 had been followed up. There were a number of outstanding recommendations regarding internal controls which would be remedied when the new Finance System was in place. As such, it had been agreed with the Director with the responsibility for Finance that it was not economical to incur additional costs for the APTOS system at that time.
Other sources of assurance through the three lines of defence model, as detailed in the strategy, had been used to validate the overall opinion. The annual service risk assurance process had been completed in March 2015. This process sought to identify from service managers which of their policy / service areas were higher risk by the nature of their activities and to identify what assurances there were in terms of responsibilities, training and monitoring. Overall compared to 2013/14, there were fewer areas where service managers considered there to be particular areas of weakness.
The Audit Committee was provided with regular progress reports on the work of the Business Assurance Service covering completed assurance work, advisory work completed, progress with current work, any other significant work, and outstanding audit recommendations that were over 6 months old. There were no significant issues to report regarding the follow up on audit recommendations.
Members were informed that the Council had revised the approach for identifying and assessing strategic risks during 2014/15. The Strategic Risk Register provided evidence of a risk aware and risk managed organisation. It reflected the risks that were on the current radar for Corporate Board and were not dissimilar to those faced across other local authorities. The difference was how the risks were assessed and how they were being managed. The Risk Register was reviewed at six monthly intervals.
Business Assurance Services continued to be the Council’s key point of contact for the National Fraud Initiative (NFI) which ran every 2 years, and was co-ordinated by the Audit Commission. During 2014-15 the new Whistle Blowing policy which replaced the Confidential Reporting Policy had been published. The new policy now included reference to the key legislation contained in the Public Interest Disclosure Act.
Business Assurance had been increasing the awareness of this through a series of face to face training and information through the intranet for officers. Business Assurance had attended Managers Group twice since March to update them on the new policy and the Bribery Act 2010 and how this related to the receipt of gifts and hospitality.
The Accounts and Audit Regulations 2006 (updated subsequently) required a review of the effectiveness of internal audit to be conducted annually. A self-assessment in 2013 against the requirements of the Public Sector Internal Auditing Standards (PSIAS) and a gap analysis exercise showed that the Council’s audit service operated in accordance with best practice guidelines and fully complied with the PSIA Standards. The Action Plan had been updated to reflect the current position and was detailed at Appendix B to the Committee report.
In accordance with best practice, a rigorous internal review had also been undertaken of all work undertaken by Assurance Officers, further informed by the results of the staff appraisal process. The report also detailed the other professional training and development that had been undertaken over the last 12 months.
During 2014/15 there had been two full time assurance officers (Internal Auditors) to focus on delivering the Business Assurance Plan along with the Business Assurance Manager. On 31 March 2015 one of the assurance officers had left to take up a new senior audit role and the resource implications for the 2015/16 plan were reported to the meeting. One officer was also asked to be part of the core group that managed the May Parliamentary Elections which taken approximately 10 days in total. Whilst this had had an minor impact on overall productivity, it had not impacted on the completion of the Assurance Plan.
The Fraud Investigation Officers who were part of the Revenue and Benefits Service had transferred to the DWP as part of the Single Fraud Investigation Service on 1 February 2015. The full impact of this transfer would be reported to the Committee in September 2015.
Members commented on several specific issues, including the following:-
· It was felt that there might be merit in the introduction of performance ranges for some of the quality performance standards and the Business Assurance Services Manager would consider this.
· Members commented on the possibility of some benchmarking being undertaken, but it was noted that it was not the Council’s practice to embark upon this often time consuming work unless it could be demonstrated that there would be considerable advantage to the Council.
· Members asked for further information on the plans to fill the auditor vacancy and an assurance that the budget would not be subject to cuts in light of other financial pressures. It was confirmed by the Section 151 Officer that it was his responsibility to ensure that there was an effective internal audit function that was adequately resourced.
That the content of the Business Assurance Services Manager’s annual report for 2014-15 be noted.