Officers presented the Internal Audit Update Report which contained details of the work undertaken since the last Governance & Audit Committee meeting; this was a quarterly report which informed Members of the current position and what had been completed since the last meeting, including details of the audits that had been undertaken and their assurance ratings.
One of the main points highlighted was in relation to staffing issues; since the last Committee, the Team had been impacted again by a very high level of sickness, with two staff on long term sickness. However, it was mentioned that the sickness was being managed in line with the Council’s policies and procedures.
Another staffing matter raised was the long standing issue with regards to Assistant Auditor posts. It was noted that these posts were traditionally very difficult to recruit to, even when someone was recruited, they invariably left after a year or so to work in accounts or elsewhere within the Council; this was part of a wider issue across recruitment in Audit Teams in various Councils. Due to this issue, Officers explained that they undertook a review of the staffing structure; it was agreed to delete the Assistant Auditor post and replace it with an Auditor Post. It was confirmed that this had been completed, and the vacancy was currently being advertised on the Councils vacancy bulletin, with the closing date of 6th of October 2022.
Members were informed one member of staff had recently completed parts one and two of their professional qualification, and another member of staff had completed part one and was due to sit part 2 of the examination in early October.
The Committee passed on their thanks to the two members of staff for undertaking their professional qualification examinations.
A discussion took place in relation to the impact on resource due to staff illness, particularly in terms of the delivery of the Internal Audit Plan. Officers explained that focus was on completing the high risk areas, and the high risk areas that weren’t undertaken were brought forward into the current year; conversations then took place with the Senior Management Teams to determine if the areas that weren’t covered, still needed to be covered, or if the Team needed to be directing their resource to other areas.
Officers stated that Appendix One of the circulated report provided details of the published reports, and the assurance ratings applied at the end of the audit. It was noted that the assurance rating was received by way of a calculation; taking into account the number of recommendations made within the report, the likelihood that a failure to action the recommendations within six months could lead to a significant system failure, and the impact of a significant system failure. It was confirmed that this information was then entered into a spreadsheet, a formula would be applied, and one of the following categories would be applied to the report:
<![if !supportLists]>· <![endif]>Category One, Substantial Assurance - testing found good controls to be operating and generally required only minor recommendations.
<![if !supportLists]>· <![endif]>Category Two, Reasonable Assurance - testing found some control which needed enhancing, and which would be achieved by implementing the agreed recommendations.
<![if !supportLists]>· <![endif]>Category Three, Limited Assurance - testing revealed a number of areas where the enhancement was required, and in those cases the Head of Service for that area would be required to provide a written response advising of what actions had been taken to address the issues raised.
<![if !supportLists]>· <![endif]>Category Four, no assurance can be given - testing revealed areas of significant concern, and the Head of Service and/or Accountable Manager will attend the next meeting of the Committee to provide Members with an update on actions taken, and also to answer any questions that Members may have.
The following questions were raised in line with Appendix One of the circulated report:
<![if !supportLists]>· <![endif]>R40 - Crynallt Primary School – The circulated report stated that it was found that a DBS disclosure was not in place for two current governors at the school; Members asked why the DBS were not in place. It was explained that the governors were new, and the DBS process had been started, however not yet completed at the time of the audit.
<![if !supportLists]>· <![endif]>R1 - Bryncoch Church in Wales Primary School – The circulated report stated that a minor enhancement was required in relation to Unofficial Funds; Members raised that there had been issues in the past with monitoring the Unofficial Funds, and asked for further information on this. Officers confirmed that they would find out the details of the issue and provide an explanation via email to the Committee as to what the issue was.
<![endif]>R2 - Coedffranc Primary School –
The circulated report stated that good controls were found to be in place in
relation to all areas tested, other than Purchasing/Procurement Card; Members
asked for the reasoning behind this. Officers
confirmed that they would find out the details of the issue and provide an
explanation via email to the Committee as to what the issue was.
Officers made reference to Appendix Three of the circulated report, which consisted of a response letter from the Chief Digital Officer, and another from the Head of Planning and Public Protection; both of whom were responsible for the areas which received limited assurance. It was noted that the letters provided Members with information relating to what they had done since receiving their audit report. It was clarified that for all audits that were undertaken, a follow up post audit review was completed anywhere between one month and six months after the audit, in order to check for compliance with the agreed recommendations.
That the report be noted.