Issue - meetings

CORPORATE RISK REGISTER

Meeting: 05/03/2020 - Audit and Risk Management Committee (Item 554)

554 Draft Internal Audit Plan 20/21 & Internal Audit Charter - 10 Minutes pdf icon PDF 653 KB

To receive a report from the Director of Law & Governance presenting the Draft Internal Audit Plan 20/21 and the Internal Audit Charter.

 

Minutes:

RECEIVED a report from the Director of Law and Governance, presenting the 2020/21 Draft Internal Audit Plan and Internal Audit Charter.

 

NOTED

 

1.    Gemma Young (Head of Internal Audit & Risk Management) presented the report.

2.    The report sets out the audit plan for the year. A risk based plan is required under the PSIA standards and the approach to the plan  is to look at the assurance  operational objectives, the reliability and integrity of financial and operational audit information, the effectiveness and efficiency of operational  programmes, safeguarding  assets and compliance with all laws, policies, regulations, procedures and contracts.

3.    As detailed at page 109 (point 2) of the report, details the draft Internal Audit Plan for 2020/21.

4.    The section looks at the auditable areas and the team then assigns a number of audit days and proposed scope, linking that back to the objectives of the Local Authority as well as a corporate risk register. This gives the team the audit plan for the year taking on board the views of Directors, the Assurance Board and Members.

5.    The following questions, statements and queries raised in response to the report:

a.    The committee agreed that this was a very comprehensive list of audit objectives and questioned if it was too large for the year? The Treasury Management auditable area, detailed on page 112 of the plan, was this concerning debt level controls and funding? Was the Digitalisation auditable area about software ad systems that the council operates? Gemma Young clarified that the plan is too large but that the team always overfills the plan because some drop out throughout the year. This may be due to key staff that are not available, restructures and policy or law changes that may be happening. Under the Audit and Accounts Regulations, the section has to have a well-resourced/adequate audit function and the plan did have an adequate amount of auditable areas. In terms of Treasury Management, debt levels would not be looked at as this was generally a political decision. They would be looking at the Council’s investments in line with policy. In terms of Digitalisation, the team would be looking at the health of systems.

b.    Gemma Young clarified the audit days for the committee.

c.    Gemma Youngs team included 3 audit executives, an audit manager and a senior risk officer.

d.    Gemma Young clarified that all risk assessments are taken into account of when the last time each area had been audited. There is an assurance map that sits behind the plan that looks at the past and what to do in the future.

e.    Due to the PSIAS, the section has to include the Internal Audit Charter with the draft internal audit plan, as detailed at page 118 of the report.

 

AGREED to note the 2020/21 Draft Internal Audit Plan and Internal Audit Charter.

 

 


Meeting: 16/01/2020 - Audit and Risk Management Committee (Item 450)

450 CORPORATE RISK REGISTER - 10 Minutes pdf icon PDF 392 KB

To receive a report from the Director of Law and Governance providing a Corporate Risk Registers update.

(Report No.183)

 

Minutes:

RECEIVED a report from the Director of Law and Governance, presenting the Corporate Risk Register.

 

NOTED

 

1.    Gemma Young (Head of Internal Audit & Risk Management) presented the report.

2.    As detailed at Point 1 (page 17) of the Executive Summary. The added update to the CR16 – Financial Management is detailed at page 28 of the report at Appendix A.

3.    The following questions, statements and queries raised in response to the report:

a.    In reply to the uptake of Fraud Corruption Training for staff (CR 03 – pages 21-22 of the report), Gemma Young clarified that her team had recently carried out a large programme of training as part of International Fraud Awareness Week (IFAW). Including targeted training i.e. housing officers, exchequer colleagues due to the increase in phishing, fake bank accounts, etc. There was a wide programme of training at present.

b.    Councillor Barry referred to a statement in the Audit Plan regarding alleged or suspected incidents of fraud and that members had not been made aware of these. David Eagles confirmed that information was used in the Audit plan because it is a plan and these is a lot of data involved. BDO focus on and understand that benefits are subject to fraud but BDO look at things that would provide a material issue for the financial statements audit and only major issues give BDO a material concern. Those are not major issues. The level of materiality is £20.2m. Housing is the biggest value audit but even that was a notional value.

c.    Councillor Gunawardena asked for clarification to the description of CR11 – Housing, as detailed at page 25 of the report. Gemma Young clarified that that would be for colleagues in Housing to answer in more detail. The Committee could call housing colleagues to attend the committee to obtain further details.

Councillor Gunawardena asked if the committee can see the Key Performance Indicators (KPI) to CR11 – Housing risk to further understand this risk. Fay Hammond clarified that Joanne Drew (Director of Housing & Regeneration) could be asked to attend the committee to talk about the risks in her service area. It was a committee decision whether this is a financial risk or a delivery risk to the council and is significant enough to bring to committee.

It may be better to wait to hear the Housing strategy as work on homelessness was only beginning with workstreams only just being agreed to deliver that. But there was no reason why the Director of Housing & Regeneration could not be invited.

ACTION: Fay Hammond (Acting Executive Director Resources).

 

AGREED to note the risks recorded in the Corporate Risk Register and to note the addition of risk CR16.