Agenda item

The Head of Audit and Assurance presented the report and reminded Members that the Internal Audit Plan had been presented to the Committee on 15^th March 2023.  The purpose of the report is to inform on the completed planned work, provide information on any audits reviews which had resulted in a limited or weak assurance rating being assigned, and to inform Members of proposed changes to the Audit Plan based on staff resources available and unplanned work being carried out. 

Appendix 1 records the position at 30^th September 2023 on the 35 planned audit reviews.  Six reviews were at final or draft report stage and eleven were work in progress.  All audit reports issued relating to the 2023/24 Audit Plan were assigned assurance level 3 or 4 (reasonable or substantial assurance).  Within the first half of the year audit reports related to reviews associated with the audit plan for 2022-2023 had been finalised.

Tariq Rahman (Head of Audit and Assurance – IT) who manages IT audit reviews reported there were 2 IT related audit reports where the auditor provided a limited assurance opinion. 

Software Asset Management (SAM) there was a lack of documented software policy which is necessary to provide a framework of internal control.  There was no complete central register maintained by Council IT Services.  6 weaknesses were reported in the Action Plan and management had agreed to implement all the recommendations. Implementation of recommended actions would be followed up.

For the IT user, education and awareness audit report, this related to cyber security risk, 5 areas of identified weakness had been assessed as high risk.  Senior leaders were not promoting cyber security training and there was no process to ensure e-learning was updated.  All findings / weaknesses had been accepted and related recommendations agreed by management.

Following the detailed update on audit reports with a limited assurance level, The Head of Audit and Assurance (Andy Cox) explained about other work carried out by the Internal Audit Team including significant work on grant certification where funding had been received by the Council.  29 certification letters had been issued.  There was also work on anti-fraud and corruption, specifically the co-ordination on carrying out the National Fraud Initiative which is a data matching exercise organised by the Government’s Cabinet Office.

7 audit reports had been ‘followed-up’ as recorded in appendix 2 of the report to Committee.  Only 1 recorded an amber assessment, the audit review of ‘In-year budget management’, as 5 of the 6 audit recommendations were still to be fully implemented. Assurances were received by management in terms of implementation and the auditor was of the opinion it was reasonable to close down any further monitoring of action implementation by Internal Audit.

In respect of the Audit Plan 2023/24, based on changes in the resources available the number of audits would be reduced.  4 audit reviews will be carried forward to 2024/25.  Another would merge 2 proposals.  Further adjustment to the planned audit work might be necessary.

RESOLVED to note the progress in delivery of the 2023/24 Annual Audit Assurance Plan and approves the proposed amendment to the Audit Plan 2023/24.