5.1 In his Internal Audit annual report for 2020/21, presented to the Chief Executive and CMT in May 2021 and the Audit and Scrutiny Panel in June 2021, the Audit and Risk Manager provided an overview of the activities of the Internal Audit section for the year 2020/21. This included highlights of a number of the more significant issues which arose from the work undertaken by Internal Audit during the year. More specifically the Audit and Risk Manager commented on the following:
- A small number of audit assignments reported during 2020/21 which offered only limited assurance. In all cases, management committed to a range of relevant improvement actions, some of which have already been completed. In this respect Internal Audit will continue to monitor progress on these issues during 2021/22 to provide senior management and the Audit and Scrutiny Panel with further assurance that relevant key controls are operating effectively.
- The results from detailed Internal Audit work examining the Council’s corporate governance arrangements which suggest that compliance with the requirements of the corporate governance framework adopted by the Council continued to be positive with no significant weaknesses or areas of concern highlighted.
- Internal Audit work which suggests that despite significant and increasing challenges, key financial controls and financial management arrangements continued to operate to a generally high standard within the Council.
- With the exception of a fraud in relation to payroll, details of which were reported to the Audit and Scrutiny Panel in June 2021, there were no other weaknesses, material frauds, or irregularities identified by Internal Audit in 2020/21 that require to be reported.
5.2 In terms of the fraud in payroll, findings from the internal audit reported that while the correct procedure had not been followed and had led to the by-passing and failure of the expected control to operate, the audit work (as noted in the Audit and Scrutiny Panel report in June 2021) provided reasonable assurance that no other similar fraudulent activity had previously occurred. This report concluded that although detective controls in place identified the issue at a relatively early stage and the value of the fraud was relatively low, the Audit and Risk Manager issued a report to management on the conclusion of the audit work highlighting improvements required in the control framework which would reduce the scope for such an issue to be able to arise in future. Management have subsequently changed the control environment surrounding this aspect by reducing the number of staff who can access and process such changes and reiterated the need for approved documentation and second officer checks. This matter was dealt with in line with the council’s corporate Anti-Fraud Policy.
5.3 In his Internal Audit annual report for 2020/21, the Audit and Risk Manager commented that during the year the council had to respond to unprecedented challenges arising from the public health emergency with the need to transition very quickly to significantly different ways of operating with consequential impacts on governance, internal control, and risk management arrangements. The Audit and Risk Manager also reported that internal audit were involved in the council’s strategic response to the pandemic, working closely with senior management to provide advice and commentary on proposals relating to new working arrangements and changes to internal controls and governance arrangements.
5.4 During the year Internal Audit also carried out specific unplanned work in key risk areas such as payroll, creditors payments, and COVID business support grants to provide specific assurance on the implementation of new and/or revised financial processes. As a result the Audit and Risk Manager noted in his annual report that during the year some amendments were made to the annual audit plan to enable the function to respond flexibly to changing circumstances since the plan was developed and approved - most notably changes arising from the impact of, and response to, the public health pandemic (these changes were noted in the Internal Audit annual report for 2020/21).
5.5 Despite the challenges presented by the pandemic and notwithstanding the results of some specific individual audit assignments, overall the Audit and Risk Manager reported that he was satisfied that the Council’s internal control and governance arrangements remained reasonably robust throughout 2020/21.
6. Current year issues arising from external audit activity during 2020/21
6.1 As part of their annual audit process, Audit Scotland identified some financial control weaknesses which were outlined in June 2021 in their interim management report for 2020/21. In this respect, the external auditor will carry out additional work prior to publication of their final annual audit report and management have committed to addressing the improvements identified.
7. Previous year issues - 2019/20
The table below details issues identified during the Internal Audit programme of work for the previous year, 2019/20 and an update providing details of the actions taken to address each issue has also been included.
1. Performance Management