Agenda item

Andy Cox presented the report, reporting on the year end position and summary of audit performance and giving the Chief Auditor Executive’s opinion on the internal control framework.  He explained, as had been agreed previously, that the number of planned audit reviews had been reduced due to unplanned work and there was likely to be further unplanned work this year.  He went on to explain the performance dashboard highlighting the impact of working from home on audit work.

It was reported that two audit reviews carried out during the year had be assigned a ‘Weak’ - Limited Assurance Level, one was a contract management review of the IDOX IT application and the second was Property Compliance (management of key property risks such as water, electric and gas systems, fire safety and asbestos).  This area was last audited in 2015 and that resulted in a ‘Poor’ assessment and Property Management subsequently attended the March 2016 Audit Committee meeting to explain action taken and planned.  As the 2020/21 Audit Review identified similar weaknesses in the management of Property Compliance this was highlighted early to the Council’s Chief Operating Officer (Mandy Bishop) who was taking a lead role in a broader Property Services Review. Mandy Bishop commented on the findings of the audit review and actions being taken to correct the governance/system weakness.  She stated that following the 2015 audit there had already been work on compliance (asbestos, legionella, fire, gas safety) and a significant amount of work to establish frameworks for maintenance and construction.  Following the 20/21 Audit, terms of reference for the Health, Safety and Well-being Committee had been redrafted, compliance duties were being reviewed, building surveys are planned and work to address data input weaknesses and systems had commenced.  She stated Alan McCarthy (Interim Head of Property Transformation) had been appointed to assist with implementing the action plan and would be working closely with the Council’s Section 151 Officer, Audit Team and Corporate Health and Safety Manager.  She commented on the high-risk areas (governance, scrutiny of Property Compliance) and the medium risk areas (construction maintenance and estate structures and recruitment of a Fire Officer).  Governance structures would be formalised following the Council AGM on 4^th May 2021.  There was further work to be completed on data requirements, the risk register, KPIs and condition surveys.  The outcomes of this work would feed into the medium-term financial strategy for 2021-22.

A follow-up audit was planned for 2021-22 and the advice and guidance provided by Internal Audit was welcomed.  She thanked the team for their support in supporting service improvement.  She concluded that she would be happy to report to this Committee at a future date.

The following issues were raised:

In terms of Property Compliance Audit Review –

·  It would be an 18-month work programme moving forward;

·  radon gas in properties was not picked up in this audit;

·  the Chief Operating Officer would report back on the implementation of agreed actions;

·  hi-risk weaknesses focussed on governance and scrutiny and allocation of roles which would be implemented within a shorter timescale than the 18-month period for all actions to be implemented.

In terms of the Internal Audit Performance Report –

·  the substantial amount of unplanned work would continue as a result of officer secondment and being actively involved in Covid19 grants as government released further funding and the pandemic continued;

·  cyber security was as a result of national security directives from government due to a number of local authorities and multi-academy trusts who were subject to cyber attacks, this resulted in questions to all Councils including BANES re. their readiness to manage such attacks;

·  help had been commissioned from SOCITM, a leading IT advisory service, and internal audit resources have been used to work on this review which would continue into 2021-22.

When preparing an annual report on Internal Audit the Chief Audit Executive (Head of Audit) must give an opinion on the risk framework, referred to in the report (section 3.11).  This year due to Covid-19, audit work had been done remotely and at the November 2020 Corporate Audit Committee the limitation and assurance officers had given was discussed, as certain things could not physically be seen.  The key aspects in paragraph 3 of 3.11.2 indicated remote working through the year along with the high level of unplanned work, therefore changes to the scheduled plan were made.  As the Committee had agreed to the change of plan in November 2020 there was no need for a limited opinion.  All the work outlined in this report, plus assurances from the internal control framework lead to the opinion that the systems to manage risk were reasonable.

RESOLVED to note the Internal Audit Annual Report 2020/21 and formal opinion on the internal control framework.