Agenda item

This report:

1) provides an update on progress in completing the Internal Audit Plan 2024/25 audit reviews (following the Update Report presented to Committee on 25^th September 2024).

2) informs the Audit Committee on the methodology to be used to compile and maintain the Internal Audit Plan 2025/26.

3) asks for Committee Member input on Council activities, areas or themes they would like to be considered for inclusion in the Internal Audit Plan 2025/26.

The Head of Audit & Assurance introduced the report to the Committee and highlighted the following points.

·  The report provides an update on progress in completing the Internal Audit Plan 2024/25 audit reviews.

·  Appendix 1 records progress on completing the Internal Audit Plan 2024/25 core audit reviews.

o  8 Final ‘Assurance’ Reports or ‘Briefing’ Reports Issued

o  4 Draft Reports Issued

o  9 Audits Work-In-Progress / Audit Brief Agreed

o  5 Audits to start – linked to the agreed operation of a ‘flexible’ Audit Plan, the Head of Audit & Assurance has liaised with the Director of Children’s Services & Education to replace the Brokerage audit with a review of Adult Care Adaptations as concerns have been highlighted in terms of delays in provision of necessary adaptations (reliant on effective co-ordination between Council Occupational Therapy and Housing Teams and also property landlords e.g. Curo).

o  The planning process is based on the fundamental requirement that the Audit Plan proposed will deliver sufficient work to enable the Chief Internal Auditor to independently assess the internal control framework of the Council and provide a ‘reasonable assurance’ opinion at the end of each year. The model we have adopted, and use is the ‘Reasonable Assurance Model’.

o  The Audit Committee is a key stakeholder and has responsibility for approving the Internal Audit Plan. The purpose of this report is to obtain Committee Member views and feedback on areas / themes which should be considered during the planning process for potential inclusion in the Internal Audit Plan. The Plan is to be submitted to the Committee at its next meeting on 30th April 2025.

o  From the planning work carried out to date, the following ‘themes’ are emerging which need to be considered further to scope Internal Audit core audit reviews:

o  Children’s Services - Special Educational Needs / Designated Schools Grant – Safety Valve Delivery Plan; provision of services in compliance with statutory responsibilities.

o  Adult Services – Safeguarding, fulfilling statutory responsibilities and responding to CQC findings and recommendations.

o  External funding and delivery of projects

o  Debt Management – effective management of Council income / debt.

o  IT – Cyber Security and Artificial Intelligence

o  Contract Management

The Chair said that he welcomed the guidance that had been given and that it was his view that the Liveable Neighbourhoods Programme should be considered, depending on the outcome of the officer’s report following the public statement that had been made earlier in the meeting.

John Barker proposed whether the new Procurement Act could be added to the scope for potential reviews.

The Director of Financial Services, Assurance & Pensions replied that this was a new piece of legislation and that the Council itself was still awaiting ministerial guidance on it. He added that there would need to be sufficient samples within this work area to be able to audit.

Councillor Malcolm Treby suggested the following two topics for review:

·  Ransomware Attacks – Preparedness

·  Effectiveness of Policy Development & Scrutiny (PDS) Panels

The Head of Audit & Assurance replied that Cyber Security was 25% of the core Audit Plan and that they would work with colleagues within IT Services on any areas of specific focus. He added that they could consider adding PDS Panels to their long list and reminded members that there is an assessment process to give a focus on the areas of the most risk.

Councillor Toby Simon questioned whether any lessons could be learned from a review of the Libraries system. He referred to the IT Services Recovery Management Audit Review which was listed as Draft with an Assurance Level of 2 and asked when this would be shared with the Committee.

The Head of Audit & Assurance replied that he was in conversation with partners in the South West about the potential for a Libraries review. He added that when the IT Services Recovery Management Audit Review report had been finalised, if the Assurance Level remains at 2, it would be shared with the Committee.

The Chair said that he agreed with the comments made by Councillor Treby that information into the PDS Panels had been lacking in recent months. He added that he wished for all concerned to remain on top of the Climate & Ecological Emergency Response - Performance Monitoring / Reporting.

Councillor Sam Ross suggested that a review of Section 106 spending and funding not spent be considered.

The Head of Audit & Assurance replied that there were already plans to bring a presentation to the Committee meeting in April regarding Section 106 and CIL (Community Infrastructure Levy).

The Committee RESOLVED to:

i)  Note the progress in delivery of the ‘core’ audit reviews in 2024/25 Annual Audit Assurance Plan.

ii)  Note any activity areas or themes that members of the Committee would like to be considered for inclusion in the list of audit reviews which will form the core work of the Internal Audit function for the financial year 2025/26.