To receive the annual report and opinion of the Internal Audit and Risk Manager.
Contact:D Harwood 388115
Minutes:
As required by the Public Sector Internal Audit Standards (PSIAS) the Committee was provided with an Annual report and opinion (a copy of which is appended in the Minute Book) by the Internal Audit and Risk Manager on the work undertaken by Internal Audit during the period 1st April 2015 to 31st March 2016 to support the opinion statement that the Council’s internal control environment and systems of internal control as at 31st March 2015 provide, with the exception of IT systems (as no work had been completed during 2015/16), adequate assurance over key business processes and financial systems.
It was explained to the Committee that whilst the lack of IT audit was a concern some of the risks associated with the lack of IT audit reviews had been mitigated by the Cabinet Office renewing the Council’s Public Services Network (PSN) compliance certificate in November 2015 for twelve months. The certification indicated that the Council had demonstrated that its infrastructure was sufficiently secure that its connection to the PSN did not present an unacceptable risk to the security of the network.
No specialist IT audit work had been undertaken in 2015/16 and in December 2015 the Corporate Governance Panel had been informed of these reasons being the uncertainty over the employing authority for the IT shared service and the possible alternative service delivery model for internal audit.
It was noted that the financial system controls in place were working effectively with the exception of those within accounts receivable. The failings within the accounts receivable system had been reported to the Committee for the third successive year. Over that time little improvement had been made to the implementation of the systems and processes in place due to the difficulties in recruiting and retaining staff. The Committee were requested to consider including the need to improve debt management as an issue in the Annual Governance Statement.
Regarding implementation of agreed audit actions, Corporate Management Team (CMT) had set a target that 100% of agreed actions be implemented on time, based on a rolling 12 month timeframe. As at the 31st May 2016 71% of actions had been implemented on time. The Corporate Governance Panel had previously agreed with regular monitoring being undertaken by Corporate Management Team and that Members would receive this information via email from the Internal Audit and Risk Manager. Audit actions were now being monitored with 4action software rather than on the Council’s Sharepoint system.
The Internal Audit and Risk Manager had maintained a quality assessment and improvement programme (QAIP) throughout the year in accordance with the PSIAS and undertook a self-assessment in May 2016 to evaluate Internal Audit’s conformance with the PSIAS. The self-assessment did not identify any new areas of non-conformance, over and above the eight minor issues that were identified in 2015.
A review of the Internal Audit Charter had also been conducted. Changes were made to the PSIAS in April 2016 by the introduction of a Mission of Internal Audit and the Core Principles for the Professional Practice of Internal Auditing. The Audit Charter has been updated to reflect the ethos of the Mission of Internal Auditing. However, no changes had been made to the Audit Charter to reflect the Core Principles as the Internal Audit and Risk Manager considered that these were already sufficiently addressed.
In response to questions regarding the outstanding audit actions it was explained that as of 31st May 2016 18 audit actions remained outstanding. The new 4action software automatically generated reminders and those responsible could update the system. Once users were fully conversant with the system the information on audit actions should be current.
The Committee expressed concern at the number of agreed audit actions that were either not introduced or partially introduced and the debt management system. The Committee were assured that debt was being raised and recorded. However, it was the recovery of debt that was an issue. The reasons for this were discussed and it was explained that a new Financial Management System (FMS) was being procured and implemented in partnership with the Councils strategic partners, Cambridge City Council (CCC) and South Cambridgeshire District Council (SCDC).
The Councils current FMS had been in operation for a number of years with little improvement or modifications to the system. Although the system continued to meet basic accounting requirements a new system would provide better financial reporting, improved financial management and support the sharing of financial resources. By September 2016 the new system should be operational.
The Corporate Governance Panel had previously expressed concern at the declining service delivery target for ‘complete audit fieldwork by date stated on the audit brief’. It was explained that due to the variable hour contracts that the Internal Audit Team worked, it was difficult to reschedule meetings cancelled at short notice which was impacting upon the target. Subsequently the Head of Resources had contacted Senior Management Team to remind them of the importance of keeping to pre-agreed meeting dates and the number of cancelled meetings had reduced markedly.
Having thoroughly considered and discussed the report the Committee,
RESOLVED
i. that having taken account of the Internal Audit and Risk Manager’s opinion when considering the Annual Governance Statement for 2015/2016 that the need to improve debt management should be an issue included in the Annual Governance Statement; and
ii. the Committee approves the Internal Audit Charter.
Supporting documents: