INTERNAL AUDIT PLAN 2019-20

 

6th March 2019

 

Report Author                         Head of the Audit Partnership: Christine Parker

 

Portfolio Holder                       Cllr John Townend; Cabinet Member for Financial Services & Estates

 

Status                                      For Approval

 

Classification:                          Unrestricted.

 

Key Decision                           No

 

Executive Summary:

This report presents the proposed Internal Audit Plan for 2019/20 detailing a breakdown of audits and an analysis of available days.

 

Recommendation(s):

That the 2018/19 Internal Audit Plan be approved by Members.

 

 

CORPORATE IMPLICATIONS

Financial and Value for Money

There are no financial implications arising directly from this report.  The costs of the audit work are being met from the Financial Services 2019/20 budgets.

Legal

The Council is required by statute (under the Accounts and Audit Regulations and section 151 of the Local Government Act 1972) to have an adequate and effective internal audit function.

Corporate

Under the Local Code of Corporate Governance the Council is committed to comply with requirements for the independent review of the financial and operational reporting processes, through the external audit and inspection processes, and satisfactory arrangements for internal audit.

Equalities Act 2010 & Public Sector Equality Duty

Members are reminded of the requirement, under the Public Sector Equality Duty (section 149 of the Equality Act 2010) to have due regard to the aims of the Duty at the time the decision is taken.  The aims of the Duty are: (i) eliminate unlawful discrimination, harassment, victimisation and other conduct prohibited by the Act, (ii) advance equality of opportunity between people who share a protected characteristic and people who do not share it, and (iii) foster good relations  between people who share a protected characteristic and people who do not share it.

 

Protected characteristics: age, gender, disability, race, sexual orientation, gender reassignment, religion or belief and pregnancy & maternity.  Only aim (i) of the Duty applies to Marriage & civil partnership.

 

Please indicate which aim is relevant to the report.

Eliminate unlawful discrimination, harassment, victimisation and other conduct prohibited by the Act,

 

Advance equality of opportunity between people who share a protected characteristic and people who do not share it

 

Foster good relations between people who share a protected characteristic and people who do not share it.

 

 

There are no equity or equalities issues arising from this report.

 

 

CORPORATE PRIORITIES (tick those relevant)ü

 

 

CORPORATE VALUES (tick those relevant)ü

 

A clean and welcoming Environment 

 

 

Delivering value for money

X

Promoting inward investment and job creation

 

 

Supporting the Workforce

 

Supporting neighbourhoods

 

 

Promoting open communications

X

 

1.0       Introduction and Background

 

1.1       The purpose of the Council’s Governance and Audit Committee is to provide independent assurance of the adequacy of the risk management framework and the associated control environment, independent review of the Authority’s financial and non-financial performance to the extent that it affects the Authority’s exposure to risk and weakens the control environment, and to oversee the financial reporting process.

 

1.2       In accordance with current best practice, the Governance and Audit Committee should “review and assess the annual internal audit work plan”. The purpose of this report is help the Committee assess whether the East Kent Audit Partnership has the necessary resources and access to information to enable it to fulfil its mandate, and is equipped to perform in accordance with the professional standards for Internal Auditors.

 

2.0       2019-20 Risk Based Internal Audit Plan

 

2.1       The Audit Plan for the year 2019 to 2020 is attached as Annex A and has the main components to support the Audit Charter. The Audit Charter was presented to the March 2017 meeting of this Committee at which time it was agreed for a three year period and will therefore be represented in March 2020. The plan is produced in accordance with professional guidance, including the Public Sector Internal Audit Standards (PSIAS) 2013. A draft risk based plan is produced from an audit software database (APACE) maintained by the EKAP which records our risk assessments on each service area based upon previous audit experience, criticality, financial risk, risk of fraud and corruption etc. Then amendments have been made following discussions with senior management, taking account of any changes within the Council over the last 12 months, and foreseen changes over the next.

 

2.2       The plan has then been further modified to reflect emerging risks and opportunities identified by the Chief Executive, Directors, and the link to the Council’s Corporate Plan and Corporate Risk Register. This methodology ensures that audit resources are targeted to the areas where the work of Internal Audit will be most effective in improving internal controls, the efficiency of service delivery and to facilitate the effective management of identified risks.

 

2.3       Furthermore, wider risks are considered, by keeping abreast of national issues and advice from the auditing profession / firms.  Over the last year, incidents of money laundering, sexual misconduct at the workplace, fraud, cyberattacks, and data privacy scandals grabbed news headlines, and provided a reminder of why effective governance, risk management, and compliance are so important. For this year we have considered the inclusion of the top ten Institute of Internal Audit identified risks;

 

1     GDPR – the data protection regulations that come in to being in May 2018 affect information governance, and audits have been built into the plan to provide assurance on these risks.

2     Cyber Security – we have a number of ICT reviews built into the EKS audit plan to support the network and digital environment; where possible we will buy in specialist contractors to undertake technical ICT reviews.

3     Brexit – we have considered this risk and determined that it is too early for us to include anything specific relating to Brexit in the 19-20 audit plan, but will re-consider it next year.

4     Vendor Risk & Third Party Assurance – the non-performance of contractors and suppliers is always a risk to the Council, events such as the collapse of Carillion focus the mind indeed. We are consequently proposing reviews of Contract Management in the plan.

5     Culture – this risk is an emerging area for assurance, only 30% of bodies have audited this despite honesty and personal conduct being behind several big headlines in 2018. Reviews that we have typically carried out in this area include Gifts and Hospitality, Anti fraud, whistleblowing, Ethics and compliance with Codes of Conduct. We will keep a watching brief on developments for future consideration

6     Internal Audit Profession Evolving- this risk is regarding our service keeping up with the new professional standards and changes in technology. It is not built into the 19/20 plan as a separate issue; it is however addressed by keeping up to date with the profession, colleagues in Kent Audit Group, and through Continued Professional Development.

7     Pace of Innovation – the Council is undertaking various development and digital projects, we have specifically considered this risk, it has been agreed that provision for EKAP to become involved at key stages of projects will be agreed on a case by case basis. Key areas to keep abreast of are ‘big data’, data mining and cloud computing.

8     Workforce Planning – this has been considered and a review is not proposed for 19/20 as significant work has been undertaken recently by the Council with the help of EKHR and needs time to embed, therefore this will be revisited for next year.

9     Regulatory – this is a constant risk as the external environment throws new laws at a council and it has to respond. New legislation is something we consider for each area within the audit plan, and thus a separate ‘cross cutting’ review has not been proposed for 19/20.

10   Fraud – is an ongoing risk assessed in every area of activity that the Council undertakes. Typically we have assessed the Counter Fraud Framework within which the Council operates. This year a provision for 2 days has been set aside undertake some targeted testing.

 

2.4       There are insufficient audit resources to review all areas of activity each year. Consequently, the plan is based upon a formal risk assessment that seeks to ensure that all areas of the Council’s operations are reviewed within a strategic cycle of audits. In order to provide Members with assurance that internal audit resources are sufficient to give effective coverage across all areas of the Authority's operations, a strategic plan has been included.

           

2.5       To comply with the best practice, the agreed audit plan should cover a fixed period of no more than 1 year. Members are therefore being asked to approve the 2019/20 plan at the present time, and the future years are shown as an indicative plans only, to provide Members with assurance that internal audit resources are sufficient to provide effective coverage across all areas of the Authority's operations within a rolling cycle.

 

2.6       The plan has been prepared in consultation with the Directors and the Council’s statutory s.151 Officer. The plan is also designed to meet the requirements expected by the External Auditors for ensuring key controls are in place for its fundamental systems.  This Committee is also part of the consultation process, and its views on the plan of work for 2019/20 are sought to ensure that the Council has an effective internal audit of its activities and Members receive the level of assurance they require to be able to place assurance on the annual governance statement.

 

2.7       The risk assessment and consultation to date has resulted in;

 

75%  Core Assurance Projects - the main Audit Programme

4%    Fraud Work – fraud awareness, reactive work and investigating potential irregularities

4%    Corporate Risk – testing the robustness of corporate risk mitigating action

17%  Other Productive Work – Corporate meetings, follow up, general advice, liaison

 

Total number of audits 24.

 

For 2019/20 the days available for carrying out audit is 285 days. When compared to the resources available and working on the basis that the highest risk areas should be reviewed as a priority, the EKAP has sufficient resources to review all of the high risk areas and all of the medium risk areas this equates to 24 audits.

 

 

3.0       Benchmarking the level of Internal Audit Provision.

 

3.1       Members should have regard to how audit resources within the Council compare to other similar organisations when considering the adequacy and effectiveness of the internal audit plan. The results of benchmarking show that the average number of internal audit days provided by district councils within Kent is circa 400 days annum. The audit plan of Thanet District Council of 285 days plus their share or the EKS and East Kent Housing audit plans totals 380. The Thanet plan is therefore 5% less than the Kent average.

 

4.0       Head of Internal Audit Opinion of the 2019/20 Internal Audit Plan.

 

4.1       This report is presented to Members by the Council’s Deputy Chief Executive whose s.151 responsibility it is to maintain an effective internal audit plan. In the interests of openness and transparency and in order to enable Members to make an informed decision on the internal audit plan presented for their approval consideration should also be given to the opinion of the Head of Internal Audit on the effectiveness of the plan.

 

4.2       It is the professional opinion of the Head of the East Kent Audit Partnership that the draft 2019/20 internal plan presented for Members consideration will allow for an opinion to be given on the Council’s key risk areas and systems. This should be sufficient coverage to inform the Annual Governance Statement.  The Head of the East Kent Audit Partnership recommends that Members approve the 2019/20 internal audit plan as drafted.

 

5.0       Options

 

6.1       That Members approve the 2019/20 Internal Audit Plan as drafted.

 

6.2       That Members make suggested amendments to and approve the 2019/20 Internal Audit Plan.

 

Contact Officer:

Christine Parker, Head of the Audit Partnership, Ext. 7190

Simon Webb, Deputy Head of Audit, Ext 7189

Reporting to:

Tim Willis,  Deputy Chief Executive & s151 Officer, Ext. 7617

 

Annex List

 

Annex A

Internal Audit Plan 2019/20

 

 

 

Background Papers

 

Title

Details of where to access copy

Audit Charter 2017

Previously presented to and approved at the 8th March 2017 Governance and Audit Committee meeting.

Internal Audit Annual Plan 2018/19

 

Previously presented to and approved at the 6th March 2018 Governance and Audit Committee meeting.

 

Corporate Consultation

 

Finance

Tim Willis,  Deputy Chief Executive & s151 Officer

Legal

Tim Howes, Director of Corporate Governance