5.1 In his Internal Audit annual report for 2022/23, presented to the Chief Executive and both the Business Management Team and Corporate Management Team in June 2023, the Chief Officer (Audit and Risk) provided an overview of the activities of the Internal Audit section for the year 2022/23.
5.2 This included highlights of issues arising from Internal Audit activity during the year. In this respect, the comments from the Chief Officer (Audit and Risk) were as follows:
- A small number of audit assignments reported during 2022/23 offered only limited assurance. In all cases, management committed to a range of relevant improvement actions, some of which have already been completed. In this respect Internal Audit will continue to monitor progress on these issues during 2023/24 to provide senior management, and the Audit and Scrutiny Panel, with further assurance that relevant key controls are operating effectively.
- In the 2021/22 Internal Audit annual report, the pandemic had meant the council had needed to respond to challenges arising from the public health emergency, often at quite short notice which had created consequential impacts on governance, internal control, and risk management arrangements. In the 2022/23 report, it is noted that 2022/23 saw a more typical and stable year for council operations.
- The results from detailed Internal Audit work examining the council’s corporate governance arrangements suggest that compliance with the requirements of the corporate governance framework adopted by the council continued to be positive with no significant weaknesses or areas of concern highlighted.
- Internal Audit work also suggests that despite significant and increasing challenges, key financial controls and financial management arrangements continued to operate to a generally high standard within the council.
- Audit investigations of suspected fraud and/or irregularities are reported to the Audit and Scrutiny Panel in line with the agreed Internal Audit reporting protocol. In this respect, the Chief Officer (Audit and Risk) reported that there were no material frauds or irregularities identified in 2022/23 that required to be brought to the attention of the Audit and Scrutiny Panel.
- While there are no issues that require the Chief Officer (Audit and Risk) to qualify his annual opinion, there are a small number of areas highlighted which will continue to be the focus of future audit coverage:
- A significant proportion of the council’s budget is spent on staff costs. The council’s arrangements for paying staff reflect the varied nature of the workforce and the complexity of the council’s terms and conditions. In recent years, Internal Audit has identified a number of areas where controls are inadequate or were not operating as intended. While these are not sufficiently material to require the overall audit opinion to be qualified, the assessment of the Chief Officer (Audit and Risk) is that the risks in this area, more generally, appear higher than previously considered and this will be reflected in future audit coverage.
- Internal Audit has for a number of years been critical of the council’s performance reporting arrangements, particularly in relation to reporting on operational performance to Elected Members and other stakeholders. In 2022/23, a report was issued that provided only limited assurance and to which management provided a clear commitment to address weaknesses identified. In recent months, as part of wider revised approach to performance reporting, regular reports on performance are now being submitted to council committees. Future audit coverage will assess the adequacy and effectiveness of such reporting.
- Internal Audit has been critical of the council failing to report progress on key projects and programme of work activities in a single place which would better allow stakeholders to exercise more effective monitoring, oversight, and scrutiny and to better hold senior management to account. Originally highlighted in December 2019 and subsequently in a number of other audit reports, progress addressing this recommendation has been slow. Changes in governance associated with the recently revised Programme of Work may provide greater scope for this to be addressed and Internal Audit will continue to monitor activity and update the Audit and Scrutiny Panel as management plans to address this become clearer.
- The council recently approved a refreshed Programme of Work to 2028 and significant new internal governance structures designed to ensure the delivery, coordination, direction, and oversight of planned activities are planned. While the details of these new governance arrangements are still taking shape, Internal Audit will monitor future implementation and effectiveness of these arrangements as part of future audit work, once they are finalised and operational.
- Recent work on contract management identified a number of issues requiring to be addressed by management, including ensuring awareness by relevant staff of expected roles and responsibilities and the need to introduce more effective compliance monitoring arrangements. Given the key role effective contract and supplier management plays in ensuring that the council can deliver against its operational and strategic ambitions, Internal Audit will continue to monitor planned management actions in this area to ensure that these are implemented and deliver more consistent compliance with corporate expectations.
- In recent years, Internal Audit work has seen an increasing number of areas where they have identified inadequate management oversight and/or understanding of the extent of compliance with key management arrangements and/or the effectiveness of key controls. In a number of areas, Internal Audit reports provided management with information on failures to comply with expected controls, procedures or guidance that should reasonably have been identifiable at an earlier stage if line management’s own arrangements were more robust. Given the irregular and/or cyclical nature of Internal Audit’s coverage and consistent with the Three Lines of Defence Model, they will continue to challenge management across the range of their planned audit work about how they themselves routinely gain assurance on compliance and the effectiveness of identified key controls.
5.3 Overall, the Chief Officer (Audit and Risk) reported that he was satisfied that the council’s internal control and governance arrangements remained adequate and appropriately robust throughout 2022/23.