Agenda and minutes

Apologies for absence were received from Councilors MacIntyre and Tedder.

To confirm and sign the non-exempt minutes of the meeting held on 17 April 2023.

The minutes of the previous meeting held on 17 April 2023 were agreed as a correct record.

There were no declarations of interest recorded.

The Committee were briefed on the Internal Audit Annual Report, which served as a summary of the work of Internal Audit for 2022/23.

Key points of the report included:

1.          Summary of Audit work from April 2022 to March 2023, which covered 16 audits from the Plan, which were audits agreed by the Committee. A summary of additional works were included, including a review of BIDs, contract standing orders and the National Fraud Initiative exercise.

2.   The scheduled audit programme is risk-based and work areas considered as being of high risk potential are audited more frequently than those of low risk.The report covered a number of annual audits including, treasury, debtors, creditors, payroll and main accounting. These audits were considered fundamental to the Council and as a result, were reviewed more frequently.

3.    The Report also provided the Committee with an overall opinion on the work of Internal Audit which is given by the Section 151 Officer.

4.    Four levels of assurance were provided to individual audits and these were full, substantial, limited and nil assurance. It was rare that full assurance were granted to audited items.

5.    As part of the auditing exercise, if any risks or concerns were discovered, Internal Audit were required to provide a category against each audit recommendation to provide guidance to the audited service and highlight the importance to the Council. There were 60 recommendations in 2022/23, and the vast majority fell under the categories of essential and desirable.

The Internal Audit team consisted of 2 staff members who report to the Head of Legal  as the Head of Service. Internal Auditors subscribed to a set of professional standards which include maintaining  independence, having rights of access to information and Internal Auditwere required to demonstrate its compliance with these standards.

Following discussion with Members, the key matters arising were:

1.    The Internal Audit team had delivered a consistent number of audits across the previous 3 years.

2.    It was agreed that there was area for improvement in the categorisation of audits as the existing categories were limited in scope. The categorisation of the audit recommendations had an element of subjectivity and required the internal audit team to judge the risk to the Council.

3.    It was noted that audit work held sensitive information regarding the financial details of the Council and were therefore kept restricted and in limited circulation within the Management Team.

4.    The creation of a new categorisation system for audit reporting categories was created through identifying the best elements of other Internal Audit teams categorisation systems at other Local Authorities as a bench-marking exercise.

5.    A review of the External Audit approach had been completed in the previous year, and a report was brought to the Corporate Management Team. Consideration should be given to reviewing the current methodology of the auditing of the Council’s Financial Statements.

RESOLVED to note the Internal Annual Audit report.

The Committee received the Annual Review of the Effectiveness of the Internal Audit System, which was a self-assessment of the effectiveness of the Internal Audit function. The report was completed on an annual basis and brought to the audit and Standards Committee at the Summer meeting.

The Chartered Institute of Internal Auditors identified 9 key elements that help define a proficient internal audit function and were as follows:

·         Organisational independence

·         Adoption of a formal mandate

·         Rights of access

·         Sufficient funding

·         Competent leadership and culture

·         Objective staff

·         Competent staff

·         Stakeholder support

·         Conformance to professional audit standards

The Report summarised each key element, and found examples of best practice from within the Council to assess how the Internal Audit team has delivered the audits. Improvements and challenges that were faced by the Internal Audit team were also detailed in the report, ranging from technical issues relating to IT and remote working to heavily legislated areas like planning and housing.

A Quality Management Assessment was planned to take place in Summer 2023 between Surrey Heath, Elmbridge and Spelthorne as a peer review between the three Local Authorities, and a report of the main findings will be brought back to a future committee

Challenges for 2023/24 were considered in the report and the areas facing potential challenges were identified.

Members were informed that an external IT consultant had been brought in by the Council’s IT team to review its processes. The audit team also reviewed processes for disaster recovery and business continuation with the assistance of Applied Resilience the Council’s business partner in this area.

The Internal Audit function required a clear right to access information. Right of access to information with contracted partners should be built into the contract at the outset and considered at the renewal of contracts.

It was noted that a variety of elements were considered when deciding the annual Internal Audit work programme and during March each year, the areas intended for review would be presented to the Management Team and Members. The annual plan was aligned with the 3 year audit plan.

RESOLVED to note and approve the report on the Review of Effectiveness of Internal Audit for the reporting period 2022/23.

The Internal Audit Medium Term Plan covered the reporting period between April 2023 to March 2026. The report identified the required resources to deliver an effective internal audit function for the next 3 years.

Members discussed the importance of including cyber security audits on an annual basis, including working towards ISO 9001, ISO 27001 and other certifications. Members asked for such audits to be undertaken annually.

It was noted the number of annual reports in each year of the 3 year plan were chosen on the basis of audit history and audit days required to complete the audits. A corporate health and safety audit had been completed in the last 12 months focusing on the protection of staff. Consideration of what areas of facilities management and historic buildings required to be audited going forward was discussed with service managers.

Corporate Fraud was audited through an industry best practice checklist, and during an audit of a service, fraud was always considered to ensure robust processes were in place. The Council completes National Fraud Initiative work to keep in line with national standards. Members were informed that main accounting was audited on an annual basis as it was considered a finance fundamental audit as opposed to fraud that was not explicitly flagged by external auditors historically as an area that required an annual audit.

RESOLVED to review and approve the Annual Internal Audit Plan 2023/26.

To note the timeline prepared by Councillor Rodney Bates as referred to at minute 20/AS, 17 April 2023.

Members were informed that the Council and BDO proposed to have the final draft of 2019 accounts by the end of July 2023. This included the reconciliation of accounts. Following this, BDO planned to work in person with the Council to complete the final accounts and the final accounts were to be brought to the October Audit and Standards Committee or at a special meeting of the Committee to sign the accounts.

It was noted that BDO planned to work on the revised financial statements at the Council offices from 4 September 2023 with 8 weeks set aside to complete the accounts.

The Council’s finance team and BDO extracted a number of outstanding questions from the Inflo System. There were 5 outstanding questions remaining; the bad debt provision, adjustment to the collection fund, cash flow statement, final audited version of accounts and the reconciliation of the first and final set of accounts. All of these questions were planned to be resolved by the end of July 2023. Additional resources were being used on the statement of accounts to meet the window provided by BDO in September 2023.

Additional amendments by the Council were to be tested by BDO dependant on the size of the amendments.

Members of the Committee were updated as targets were met in completing the 19/20 accounts. BDO had also met with the Council to discuss working arrangements in September.

Members noted the report.