To update members on the progress of internal audit work and to bring to their attention any key internal control issues arising from work recently completed.  To enable the committee to monitor performance of the internal audit team against the approved plan. To assure the committee that action is being taken on risk related issues identified by internal audit.

The Assistant Director for South West Audit Partnership (SWAP) presented the report on internal audit activity for quarter 2 2022, the principal points included:

i.             15 audits were complete and 12 were ongoing, with 3 in draft report stage and 9 in progress.  It was reported that the coverage and delivery of internal audit work was on track to deliver an annual opinion.

ii.            Attention was drawn to the ‘2022/23 Activity Report by Job’ section (agenda page 37) which identified the following assurance opinions: 10 reasonable; 1 limited; and 4 special / advisory.  Based on the work undertaken in quarter 2, it was reported that there was a satisfactory control environment and no corporate risks were identified.

iii.          Attention was drawn to the ‘Pipeline Audits’ section (agenda page 43) which had been informed by discussions with senior officers.  The Assistant Director had also met with the Chairperson and Vice-Chairperson of the committee to look at possible areas of future work.

iv.          Quarters 3 and 4 would include more control environment work and there were plans to introduce a risk based approach to grant certification.

v.           The limited assurance opinion related to Homelessness Prevention Grant which had highlighted concerns about failing to meet deadlines for multiple submissions, and some transactions were unsupported and misallocated.  It was noted that mitigating factors included the limited notification of the grant funding and short time available to spend the grant.  There would be an audit of the ‘Housing Solutions Team Financial Processes’ to support the department and to ensure that the underlying processes were working effectively.

vi.          In conclusion for quarter 2, there was reasonable assurance around risk management, control environment and the governance arrangements.

The committee discussed the report, the principal points included:

1.           A committee member re-iterated a concern expressed at previous meetings about the amount of grant work compared to other internal audit activity.  The Assistant Director commented on grant requirements but the need for more focus on other areas was recognised, hence the suggested risk based approach to grant certification; this would be presented to the committee for consideration.

2.           A committee member noted that process failures had resulted in the repayment of grant and it was questioned whether this was systemic across other areas.  The Assistant Director advised that the audit would be a focused piece of work on Housing Solutions.

3.           A typographical error was identified in relation to risk CRR.63 ‘Hereford City Centre Transport Package’ (agenda page 31) ‘If this further education expense was too significant then it may not be possible to meet the objectives of the business case without further capital funding’.

4.           In response to a question from the Vice-Chairperson, the Assistant Director confirmed that the pipeline was not ranked and the list was under constant review.  The Vice-Chairperson suggested that adding the date of inclusion could be helpful.  The Chairperson invited committee members to contact him about any existing or new items that they considered should be given priority, for subsequent discussion with the Assistant Director and the Director of Resources and Assurance.

5.           In response to questions, the Director of Resources and Assurance commented on: organisational changes to cope with the way that money was flowing from the government to the council through grants; the challenges presented by short timescales; and the project management skills and experience being co-ordinated through the Programme Management Office. 

The Assistant Director said that an indication of Herefordshire’s position relative to other authorities in terms of the effective management of grants could be provided in a future report.

6.           In response to a question from a committee member, the Assistant Director confirmed that the ‘Public Health’ audit (agenda page 39) was aligned to new risk CRR.73 ‘Removal of ring-fence around Public Health budget’ in the Corporate Risk Register (agenda page 72) but could not comment further at this meeting, as the report was still in draft.

7.           A committee member commented on concerns about deficiencies in Key Performance Indicators and questioned whether this might be included in the ‘ICT Governance Framework Review’.  The Assistant Director said that the review related to technical rather than data considerations, and agreed to circulate the scope of the review to committee members.  It was reported that a new process was being implemented to look at data quality during audit work which would build a picture of data maturity in the council.

8.           In response to a question from a committee member, the Director of Resources and Assurance confirmed that the ‘Audit or review of teams using corporate service planning tool’ referenced in ‘Principle F: Continuous improvement’ in the Annual Governance Statement (supplement page 15) was being undertaken internally by officers.

The recommendations in the report were accepted and the following actions agreed.

RESOLVED: That

a)           The internal audit plan and pipeline of future work to ensure there is sufficient coverage and delivery to give an annual opinion be noted;

b)          The areas of activity and concern have been reviewed and the committee is satisfied that necessary improvements are outlined and delivered; and

c)           The assurances provided and the recommendations which the report makes have been considered and the committee has commented on its content.

Action(s):

178   The next progress report on internal audit activity include an update on the risk based approach for the audit work on grants and provide an indication of Herefordshire’s position relative to other authorities in terms of the effective management of grants.

179   The scope of the ICT Governance Framework Review be provided to committee members.