Agenda item

Officers presented the internal audit annual report for 2023-24. The report was brought forward from the August meeting to assist in drafting the annual governance statement.

A total of 47 pieces of internal audit work were fully delivered as part of the 2023-24 internal audit plan. Field work for all planned work was completed by the year-end, despite initial vacancies and a new team. The work included 33 assurance reviews, 7 consultancy, and 7 grant claims. Six planned audit reports were in draft form at year-end.

Of the 33 assurance reviews, 21% were substantial, 42% reasonable, and 36% limited. The opinion for 2023-24 was limited assurance. This was based on the assurance reviews completed throughout the year and considered the scope of each review. A lot of work had been done looking at high risk areas and looking at the action plans.It also took into consideration any significant findings from the draft reports.

Several areas of the limited assurance reviews were in key areas of governance such as the risk management, workforce planning and facilities management.

Common themes included inconsistent governance arrangements due to ongoing transformation work. Poor data quality was identified due to reliance on manual records and outdated systems. The Council was addressing data quality issues in 2024-25. The report also covered follow-ups on recommendations and performance against key indicators.

The internal audit team had achieved significant progress despite starting from scratch and facing vacancies. The limited assurance opinion reflected the current context of ongoing transformation and governance adjustments.

Members asked what would be done to improve the opinion going forward. There was a lot of work already underway in terms of data quality and governance arrangements. A lot of the reviews in the plan for next year were to look into the details of those areas. This included early reviews to address these areas and embed recommendations.

The Cabinet Member for Finance congratulated the audit team on a total rebuild given that previously the Council had relied on outsourcing of internal audit. It was noted that there was some inevitability around governance arrangements taking time to settle down following transformation.36% limited assurance was a subject for concern but in the current context it was not particularly surprising.

Members noted previous discussion around the new data system and asked how this was working out. Officers noted better responses on more recent reports due to quicker follow-ups. Previously there had been a backlog with a lot of change happening, and when people left their roles, sometimes recommendations were not handed over.

Officers put on record their thanks to the internal audit team for their swift takeover of audit matters.

On the face of it, limited assurance was not a good place to be. However, it was recognised that the audit service was identifying areas for improvement and also moving into areas that they may previously not have been involved in, adding their skills set to, for example, the transformation programme and the Oracle project.

It was noted that the Council had committed £10m in terms of the digital programme.

The Chair summarised that it had been a good year considering where the audit service had started in terms of resourcing. They had delivered more work than in previous years and more rigorous internal audit work. When digging into higher risk areas, there was an inevitability of some limited assurance. The Chair further noted that it would have been good to have a table with the end of year KPI positions.

RESOLVED: That the Audit Committee noted the IA Annual Report for 2023-24