Agenda item

Details of the Draft Internal Audit Strategy and Risk Based Plan for the period 1st April 2022 to 31st March 2023 and the current Internal Charter, were presented to the Committee.

Officers highlighted that the Draft Internal Audit Strategy, contained within Appendix One of the circulated report, provided details of the following:

·        A definition and purpose of internal audit

·        The current staffing structure

·        The legal requirements

·        How the Plan was developed

·        Details of the available resources

·        How the Plan will be delivered

The Draft Internal Audit Plan, contained within Appendix Two of the circulated report, was discussed. It was stated that the Committee would usually be asked to consider approving the Plan earlier on in the financial year; however, due to the recent Local Government Election and the changes within the Authority, this was the first meeting of the Committee. It was noted that whilst the plan was presented to the Committee in draft form and required approval, Officers have had to make a start on the some of the items contained within it.

Reference was made to the risk rating column contained within the Plan; the risk rating was produced by a formula, taking the following variables in account:

·        The size of the activity being audited based on the annual income, expenditure or the size of the budget, the number of employees involved, the potential impact on the Authority of something going wrong within that service, the frequency of transactions, or interactions with service users

·        The controls within that service operating, including the impact of management and staff, third party sensitivity (if there was a failure within that service, will it impact elsewhere within the Authority or externally), the standards of internal control and the likelihood of something going wrong

·        The detection of any issues including constraints of the effectiveness of the audit, the duration of the audit work and the last time an audit was undertaken, and the effectiveness of any other assurance providers or previous orders

It was noted that the relevant information was entered into a spreadsheet; the formula would then produce a figure based on the information received. The figures and their risk ratings were stated as follows:

·        High risk – 50+

·        Medium risk – 21 to 49

·        Low risk – up to 20

Officers highlighted the range of risk ratings detailed in the current Plan; which included adequate coverage across all of the Council’s business areas. Members were informed that the Plan was put together with reference to the Council’s risk register, discussions with each of the Corporate Senior Management Teams, the experience from Officers who work within the Audit Teams, and anything that came through on any other regulatory reports.

The Committee was provided with a brief overview of the Internal Audit Charter, contained within Appendix Three of the circulated report. It was stated that the purpose of the Charter was to inform what internal audit is, what internal audit does and what clients can expect from internal audit; it was a requirement of the public sector internal audit standards to have a Charter, to review that Charter and for it to be agreed by Members.