Issue - meetings

The purpose of this report is to set out the underlying principles applied in the Internal Audit planning process and seek the Governance and Audit Committee’s approval of the Internal Audit Plan for 2013/14.

The Committee considered a report that set out the underlying principles applied in the Internal Audit planning process and sought the Committee’s approval of the Internal Audit Plan for 2013/14.

It was reported that:

• A rigorous approach was taken to risk assessing processes each year, a key element of this included consulting with senior officers across the Council on a one to one basis as well as consulting with IT. Provisional plans would then be set out and submitted to departmental management teams before being submitted to the Corporate Management Team.
• It was key that limited resources were directed to the areas of greatest risk.
• It was reported that new internal audit public sector standards applied as of the end of April 2013. CIPFA had produced a checklist which would help the Council ensure that they were compliant.

In response to members’ queries, the following points were made:

·         In relation to car parks as detailed on page 38 of the agenda papers, the Committee asked if further attention could be given to recent fraudulent activity around false parking tickets being used to fraudulently collect money. Officers agreed to look into this further and investigate all areas of potential fraud where the Council collected money.

·         In relation to the Council wide absence management audit, it was reported that this could be time consuming work as it required sample checking across the Council, this would include staff flexi cards and checking annual leave. Whilst Payroll could provide a range of information, they did not hold absence information.

·         Members commented that there was not sufficient explanation of the process by which risks were being chosen to be audited, a strategy was necessary. In addition, it was not clear whether new risks were being identified, there was a reliance on the information in the risk register. Members also commented that risks needed to be related to strategic objectives and that the Council wide audits and the IT audit did not appear to relate to strategic objectives.

·         It was reported that risk management processes were reviewed on a regular basis; a review had not been carried out this year as this had been done in previous years. In terms of identifying new risks this was considered throughout the Audit Plan at both an operational and strategic level.

·         Members commented that there was no visibility of the process or rationale used to compile the Audit Plan and that this needed to be clearer. In addition, whilst Appendix B of the agenda papers detailed strategic risks, it was silent on any other risks.

·         It was reported that the Committee had been presented with the ‘end product’ and that more detail of the process could be included.

·         It was noted that the Community Infrastructure Levy needed to be included in the scope of the risk register, it was agreed that this would be added to the ‘forward look’.