Agenda item

This presentation gives Audit & Governance Committee an overview of the compilation of the Internal Audit Plan and how Internal Audit coverage is determined.  

The Deputy Chief Internal Auditor (CIA) presented a report, a copy of which had been circulated to each Member and which appears as Appendix 'A' to these Minutes in the Minute Book.

The report and the accompanying presentation provided the Committee with an overview of the production of the Internal Audit Plan and how audits were selected for the annual audit plan, with specific focus on how the Chief Internal Auditor/Internal Audit team determined that the coverage on the plan was appropriate. Key areas covered in the presentation included the reasons for having an audit plan, how the plan was developed, implemented and monitored and the sources of information used. The Deputy CIA also provided a more detailed breakdown of the audit areas covered in the plan, including high level risks, key assurance functions, key financial systems, counter fraud and schools. The role of the Committee in providing comment and challenge was also highlighted.

The Deputy CIA and the Head of Audit and Management Assurance (HAMA) provided the following information in response to questions on the presentation:

• There was a need to acknowledge that Internal Audit would never have the resources to complete audits of every single unit within the Council. This was why a full assurance could never be provided. Instead, the team were required to adopt a risk-based approach to ensure resources were directed to key areas. 
• With regard to how Internal Audit identified high level risks, it was confirmed that the team undertook their own rick assessment. It was not dissimilar to the Council’s corporate risk policy, which informed Internal Audit to a certain extent but did not have the same financial thresholds.
• On whether a combined assurance approach was taken to maximise efficiency of coverage, the Committee was advised that Internal Audit did review the work of other assurance of providers, for example Ofsted and the Care Quality Commission. This enabled Internal Audit to concentrate resources on areas with less assurance.
• With reference to Internal Audit’s role in FuturePlaces, the Committee was referred to the three lines of assurance set out in the Council’s Assurance Framework. In particular, the role of the FuturePlaces Board in being expected to provide the corporate oversight of the second line of assurance, noting the level of experience and seniority of those involved.
• On how issues raised by Members fed into the Audit Plan, it was explained that these were considered on the basis of whether Internal Audit had a role or whether another line of assurance was more appropriate, for example management advice or corporate oversight. It was noted that some issues may not be progressed.

The Committee discussed this last point in more detail. Members felt that the Committee had a role in highlighting emerging risks and raising issues. This could be done when considering the forward plan report at core meetings and/or perhaps by adding issues to the action sheet and asking how/when they were being incorporated into audit planning. It was also suggested that the Committee could take a risk based approach in considering requests and act as a filter against individual fixations.

The Chair thanked the Deputy CIA for her very clear and helpful presentation.

RESOLVED that the Audit and Governance Committee notes the processes in place to produce the Internal Audit Plan and how coverage is determined

Voting: Agreed with no dissent