Agenda item

To receive an update on the work of the Internal Audit Service since the last meeting.

Mr D Harris, Partner, RSM, was in attendance for consideration of this item.

A report by the Corporate Director (Finance and Resources) was submitted (a copy of which is appended in the Minute Book) providing an update on the work of the Internal Audit Service since the last meeting.

The Corporate Director (Finance and Resources) reported that at the beginning of this month, she had engaged with RSM UK to provide the Council with immediate support to the Internal Audit function. Mr D Harris, Partner, RSM UK had stepped in and was acting as the Head of Internal Audit in an interim capacity.

Mr D Harris then presented his report as detailed in Appendix 1 and advised that he would be assisting with the production of a 2025/26 internal audit plan, the provision of management, support and oversight of the internal audit team and to prepare the annual report for 2024/25. The Committee were advised that he had met with the Corporate Director (Finance and Resources) as Section 151 Officer, Chair and Executive Councillor for Governance and Democratic Services to understand the latest position with the 2024/25 internal audit plan.

Members were advised that four reviews had been finalised with a further four reviews currently at draft report stage. Attention was then drawn to Appendix A which outlined progress against the Internal Audit Plan 2024/25. 7 audits had not yet commenced, 5 of which were IT related and would require to be delivered by an external IT specialist audit provider. Two additional audits, not included in the original plan would be undertaken this year relating to IT Key Control and Cyber Essentials and Follow up of previous actions/recommendations. It was reported that the Council presently demonstrated a lack of compliance with Public Sector Internal Audit Standards which would place some limitations on the findings of the Annual Report 2024/25. In light of this, a risk-based approach to planning for the 2025/26 Internal Audit Plan would be undertaken and presented to the Committee at its March 2025 meeting.

Following questions raised by Councillor P J Hodgson-Jones, it was confirmed that of the 23 audits originally planned for 2024/25 only 12 would be completed by the end of the financial year. This was attributable to vacancies at both Head of Internal Audit and Internal Auditor level at various points in the year. In response to subsequent questions, assurances were delivered by the Corporate Director (Finance and Resources) that a realistic Internal Audit Plan for 2025/26 would be presented to the Committee at its next meeting. 

Councillor J A Gray queried what impact the issues highlighted at tonight’s meeting would have upon the 2024/25 final accounts. Ms C Mellons responded that audit standards did not allow the auditors to rely on the work of the Internal Audit Team but that consideration would be given to the overall control environment as well as value for money conclusions.

In response to a question raised by Councillor N Wells, Mr D Harris reported that as no IT related audits had yet been undertaken, it was deemed appropriate to undertake the Cyber Essentials audit which could be undertaken with minimum impact upon the Internal Audit Team. Furthermore, it was acknowledged that as the 3C ICT Shared Services hosting authority, it would be right and proper to complete this audit by the end of 2024/25.

Other matters that were discussed and responded to at the meeting included the DFG Grant Verification audit and how RAG ratings were used to identify the status of audits.

Having acknowledged that work was yet to be undertaken to prioritise the outstanding audits that would not be delivered in 2024/25 which would feed into the proposed Internal Audit Plan for 2025/26, the Committee

RESOLVED

  to note the update on work undertaken by Internal Audit in December 2024 / January 2025.