Agenda item

(Chief Internal Auditor) To consider the attached report (AGC-020-2017/18).

The Chief Internal Auditor presented a report on the Internal Audit Strategy and Plan for 2018/19.

The Chief Internal Auditor stated that the draft Audit Plan for 2017/18, and the indicative Plans for the two subsequent years (2018/19 and 2019/20) had included all of the fundamental financial systems, to provide assurance to Management and Members that there were controls in place for good financial management. The annual audit of these systems had been required by the Council’s External Auditors in the past, but this was no longer the case. The Plan also included any high risk financial areas identified by the Corporate Risk Register, plus a contingency provision for investigations and other unplanned work identified during the year, as well as references to any cross-cutting or themed audits across the shared Internal Audit Service. There was also flexibility within the Plan to accommodate reviews of areas considered to be of a high risk to the achievement of the Council’s objectives. Progress against the Plan would be monitored by the Committee, and any proposed amendments would be subject to the approval of the Committee.

The Chief Internal Auditor advised the Committee that the key deliverables for the Internal Audit Service during 2018/19 would be:

·        delivery of the Plan to provide sufficient audit coverage;

·        an integrated approach to assurance;

·        commitment from management to audit recommendations;

·        to develop, improve and deliver a quality service; and

·        increased business insight to establish what matters most to the Council.

The Chief Internal Auditor highlighted that, in November 2016, the Service underwent an External Quality Assessment, which covered all three Councils in the Shared Service, and confirmed that the Service complied with the Public Sector Internal Audit Standards. An internal review at the end of 2017/18 reaffirmed this compliance. The following Service performance targets would be reported on in 2018/19:

·        achievement of the Annual Plan;

·        issue of draft and final reports;

·        management responses to audit reports and implementation of audit recommendations; and

·        continuous professional development of team members.

The Chief Internal Auditor reported that the following cross cutting themes had been identified as priority areas for Internal Audit work in 2018/19:

·        Change Management;

·        Information, Governance and Management, including the General Data Protection Regulation;

·        Risk Management;

·        Fraud;

·        Value for Money; and

·        Support for the Audit & Governance Committee.

At the operational level, the key priorities of Internal Audit work would include:

·        Transformation;

·        Analytical review of data sets such as payroll and inventories; and

·        Key financial systems.

The Chief Internal Auditor informed the Committee that 2017/18 had been the first year for the formal, shared Internal Audit Service between Harlow District, Broxbourne Borough and Epping Forest District Councils, with Broxbourne Borough Council becoming the host authority and employer of the shared Internal Audit Staff from 1 April 2017. A Shared Services Board had been established to oversee and implement the Shared Internal Audit Service, and to consider any major changes to the Service. Due to an internal promotion, one of the Auditor positions was currently vacant, and would be filled by an apprentice with a view to make the position permanent if performance was satisfactory. This would allow good use to be made of the Government’s Apprentice Levy, as well as help in developing the auditors of the future.

The Chief Internal Auditor proclaimed that the proposed Audit Plan for 2017/18 totalled 512 days, and was based on what needed to be provided for the Council through the use of a number of themes. The Plan included a contingency allocation of 15 days and an allocation of 32 days for support to the Audit and Governance Committee. The Internal Audit Three Year Plan had been attached at Appendix 1 of the report, and was explored in more detail by the Chief Internal Auditor for the benefit of the Committee.

In respect of the planned audit of the planning application process, where the Chairman explained that there a number of concerns around performance, the Chief Internal Auditor confirmed that the terms of reference for the audit would be formulated after identifying the key risks.

The independent member, N Nanayakkara, expressed some concern about the number of deferrals being requested from the Audit Plan. It was pointed out that the Audit Plan would also include 32 days of deferred audits from this year, so it was actually only 480 days not 512 days as reported. The Committee enquired as to whether there was a possible capacity issue for the shared service with the team being too lean, or was the Audit Plan being continually over programmed. The Chief Internal Auditor responded that external Audit resources had been used when required to cover gaps, but the work required for the impending implementation of the General Data Protection Regulation had exploded within all three Councils, which had required more time than originally anticipated as the Internal Audit Service was heavily involved in giving guidance and advice. The Service had also suffered from long-term sickness issues as well as one member being summoned for Jury service after the Christmas period. The Plan was not overstretched but there had been some unforeseen circumstances during 2017/18.

The independent member, N Nanayakkara, expressed further concerns about the shape of the proposed Audit Plan for 2018/19, given the perceived capacity issues and the 50% reduction in the contingency allocation from the Audit Plan for 2017/18. How would the Council avoid the need to defer further audits during 2018/19? The Chief Internal Auditor reassured the Committee that a certain allowance for sick leave was factored into the Audit Plan, but the Audit Plan was monitored closely; however, some audits would always take longer than anticipated and some would take less. The Chief Internal Auditor was confident that the proposed Audit Plan would be delivered next year, but this was why progress with the Audit Plan was reported to the Committee at each meeting.

The independent member, N Nanayakkara, suggested that the Audit Plan could be subject to a critical review after six months to identify any potential issues and possible measures required to keep the Plan on track. It was also suggested that the Committee could make more explicit the criteria for justifying a change to the Audit Plan during the municipal year, as there was a possible limit on the patience of the Council in tolerating the perceived capacity issues within the Shared Service. The Chief Internal Auditor would welcome any discussions with the Committee after six months of the Audit Plan.

Cllr J M Whitehouse understood that there was an increasing demand for internal audit involvement in project work across the Council; however, the work within the Audit Plan also needed to be fulfilled. With respect to the data analytics work being undertaken, did this indicate a return to benchmarking which was popular a few years back. The Chief Internal Auditor indicated that it did not, and the Service was using a package called Idea for data interrogation, whereby the data could be examined to ascertain how robust it was. The Service was taking small steps with this to see what its potential was, and this process was more involved than the data matching exercises previously undertaken to uncover fraud.

In response to a query from Cllr Patel, the Chief Internal Auditor clarified that the prioritisation of one project over another had not been audited; audits were selected according to risk and this was not currently considered a significant risk. Cllr Patel enquired as to whether a value for money assessment was performed when decisions were being taken concerning which project(s) to progress. The Chief Internal Auditor stated that that had been examined, although there was an audit on project management methodology planned. The Senior Internal Auditor added that an audit was currently being undertaken on the assessment of large capital projects by the Council, and one of the elements of this audit was how one project was chosen over another.

In response to further questions from the Committee, the Senior Internal Auditor confirmed that the Internal Audit Service did not usually take any consideration of the Select Committee work programmes when developing the Audit Plan, although the Work Programmes were monitored to ascertain if there were any issues that the Service should be aware of. The Neighbourhoods Select Committee had received a repot at its last meeting on the health and safety issues at Town Mead Depot, and this  issue was being closely monitored by the Select Committee.

The Chief Internal Auditor clarified that there was a section in the Plan on Performance Management. Audit work was performed each year on the corporate indicators, and the performance of individual performance indicators was taken account of when performing audits. Cllr Jennings enquired whether Internal Audit had any input on the setting of the targets for performance indicators? Cllr Jennings felt that the Council needed indicators that would stretch the performance of the different services; too many were relatively easy to comply with and seemed to remain at the same level year after year. In addition, some of the indicators did not appear to be particularly relevant anymore. The Chief Internal Auditor reassured the Committee that part of each audit was to challenge the relevant performance indicators, which could also be compared with the performance of similar indicators at the two other Councils in the shared service.

The Chief Internal Auditor confirmed that, as part of the IT Audit programme, the home working and mobile working policies would be examined as part of the Audit Plan next year. Cllr Jennings commented that digital connectivity was crucial for both home working and the wider economy, and the District needed proper broadband capability – preferably fibre not copper wire. The Assistant Director of Governance reminded the Committee that a report on the Superfast Broadband project would be considered by the Cabinet at its next meeting, although many staff did not live within the District so improving the broadband within the District would not necessarily assist them. The Portfolio Holder for Technology & Support Services informed the Committee that the Council was looking to increase the coverage of broadband throughout the District from 97% to 99.7% over the next three years via the superfast broadband project. When the project had been completed then Epping Forest would be one of the best Districts in Essex for broadband availability, and this would include the rural areas. The availability of broadband throughout the District had also been included in the draft Local Plan.

Resolved:

(1)        That the Internal Audit Strategy and Plan for 2018/19 be approved, subject to early stage warnings about any capacity issues which could adversely affect the delivery of the Audit Plan; and

(2)        That further consideration be given by the Committee to the criteria for the deferral of audits from the Audit Plan.