Meeting documents

To consider the attached report.

Contact Officer:  Kate Mulhearn (01296) 585724

The Head of Internal Audit (Corporate Governance Manager) was required to provide a written annual report to those charged with governance timed to support the Annual Governance Statement (AGS), and which should be presented to Members and considered separately from the AGS and the formal accounts.

The Committee received a report detailing the Corporate Governance Manager’s opinion on risk management, control and governance and their effectiveness in achieving the Council’s agreed objectives for 2017-18.  The report also incorporated a summary of the work undertaken to support the opinion and a statement on conformance with the Public Sector Internal Audit Standards.  Based on this work, the Corporate Governance Manager had provided the following opinion:-

"Generally satisfactory with some improvements required to specific systems and processes.

Governance, risk management and control in relation to business critical areas was generally satisfactory.  However, there were some weaknesses in the framework of governance, risk management and control which potentially put the achievement of the Council’s objectives at risk.

Improvements were required in those areas to enhance the adequacy and effectiveness of governance, risk management and control."

In forming this opinion the Corporate Governance Manager had confirmed that internal audit activity throughout 2016-17 had been independent from the rest of the organisation and had not been subject to interference in the level or scope of the audit work completed.

Thekeyfactorsthat contributedto the opinion weresummarisedas follows:-

·             The majority of weaknesses in control design and operating effectiveness identified had been mediumorlowrisk.  Improvementshad beenmadeduring theyear on implementing actions identified during internal audit reviews to strengthen the overall control environment.

·             Improvements werestill requiredina numberofareas.  Highrisk reportshad beenissued for General Ledgerand HousingBenefits.  Actions were still required to address some of the issues identified in the prior year Accounts Receivable internal audit report.

·             A numberofinternal auditreports had highlightedinadequacies in the level of managementinformation,bothata corporateand servicelevel to enableeffective monitoringand oversight of bothfinancial andnon-financial performance.

A total of 9 assurance reviews had been completed in 2017/18 of which 2 had been classified as having a "high" risk, 6 a "medium" risk and 1 a "low" risk classification.  This had resulted in the identification of 6 high, 16 medium and 20 low risk findings relating to weaknesses in the design and operating effectiveness of controls.  This compared to 12 assurance reviews (6 high, 19 medium and 24 low priority recommendations) in 2016/17, although a direct comparison could not be made.

A summary of the reviews undertaken and the opinion given was detailed at Section 3 of the Corporate Governance Manager’s report.

A number of weaknesses had been identified that needed to be reported in the Annual Governance Statement, and which related to the "high risk" reports issued for General Ledger and Housing Benefits and a general theme about lack of management information.  A summary of these high risks was also detailed in Section 3 of the Corporate Governance Manager’s report.

Other internal audit work undertaken during the year had included regularly reviewing and reporting of the corporate risk register to the Strategic Board, Audit Committee and to Cabinet.

All agreed actions arising from audit reports were kept under review by Internal Audit and regular reports on overdue actions were provided to the Audit Committee.  There were no significant issues to report regarding the follow up of any audit recommendations.

The Council’s internal audit function has been restructured during 2016/17 as part of the Commercial AVDC transformation programme.  Since September 2016, the Head of Internal Audit role has been fulfilled by the Corporate Governance Manager and audit work had been performed by an external service provider under a co-source arrangement.

A self-assessment against the requirements of the Public Sector Internal Auditing Standards (PSIAS) had been conducted in 2013 and the gap analysis and action plan had been last updated in July 2015.  The Corporate Governance Manager had further considered the requirements of PSIAS and there were no areas of concern that indicated that the current arrangements were not fully compliant with the Standards.

Members requested further information and were informed that progress had been made to improve the level of management information produced and reported.

The Report risk rating at the Summary of Internal Audit Activity for 2017/18 was based on the risk rating findings relating to the individual reviews.  A definition of the risk classifications (critical, high, medium and low) was detailed at Appendix 2 to the Committee report.

Members expressed their thanks to Officers for the good quality of the audit work undertaken during 2017/18.

RESOLVED –

That the content of the Corporate Governance Manager’s annual report for 2017-18 be noted.