Agenda item

The Committee received the 2023/24 Draft Business Assurance Strategy which included the proposed internal audit plan. The Internal Audit plan was produced with reference to the Strategic and Directorate Risk Registers and had been prepared using a risk-based methodology that enabled the provision of an independent opinion on the adequacy and effectiveness of the systems of internal control (comprising of risk management, corporate governance, financial and operational controls). Whilst there was a plan in place, the need to have a fluid approach to enable an effective response to emerging risks and the needs of the organisation was recognised, as such a risk-based planning model had been used to assess and identify the key audit engagements that ‘must’ be delivered this year. The remaining audits in the plan that were RAG rated ‘medium’ or ‘low’ would be carried out based on availability of resource and other urgent requests.

A number of contingency days had been included to allow time to react to ad-hoc and unplanned requests for assurance or fraud work. Any proposed changes to the plan would be reported to the Audit Board and Audit and Governance Committee for approval. Quarterly updates were presented to each of the directorates, and the planned audit and assurance activity was reviewed for appropriateness each time. Views of the directorates were also sought on the work of the Business Assurance Team to enable continuous improvement and ensure that the needs of the organisation were being met as best possible.

An update on delivery of the Business Assurance Strategy and a summary of the internal audit output would be presented as a standing agenda item at Audit and Governance Committee meetings.

Points raised during discussion included:

·       There was an intent to reduce audit deferrals as much as possible, and where there was a need to defer an audit for a justifiable reason this would be reported to the Committee.

·       The audits had been RAG rated to ensure that all the red rated audits were delivered, with the medium and lower priority reviews to be completed where capacity allowed.

·       Available resources were highlighted in the strategy, this included the internal resource as well as the access to the London Audit Framework who could be approached should additional resource be required or auditors who specialised in certain areas.  The Committee was informed that an officer was currently acting up as the Audit Lead, and this could become permanent with a senior auditor then being recruited. The Assurance Lead role had been unsuccessful in getting appropriately skilled applicants, an issue impacted by higher salaries offered elsewhere in the market.

·       A Member advised that at 2.1 of the report, three lines of defence were referred to, although only two were detailed. It was suggested that the third line of defence which was internal audit and assurance be added.

·       In section 4.2, it was noted that there was a typo and that ‘SOLCACE’ should read ‘SOLACE’.

RESOLVED:

That the 2023/24 Business Assurance Strategy and Internal Audit Plan be approved subject to the above amendments in respect of sections 2.1 and 4.2.