The Audit and Assurance Manager presented a report to update Members on the main findings arising from internal audit work carried out since the progress report to Members on 29 September 2016. In addition, the report briefed Members on the performance of the Council's internal audit service, Tees Valley Audit and Assurance Service (TVAAS).
The total number of planned audit days for 2016/2017 was 855. At the time of this report, 34% of the Plan had been completed with a number of other audit assignments ongoing and close to the draft stage. This position was in line with that reported in December last year (31%). The level of completion of the audit plan was continuously monitored and resources re-allocated as appropriate.
The main points to note from the internal audit work during this period were as follows:
No internal audit reports with an overall assurance level of Cause for Concern or Significant Concern had been issued as a final during the period.
No new Priority 1 recommendations had been made during the period.
One Priority 1 action was still outstanding from previous periods and action was underway to address this recommendation via the Council's Improvement Plan.
During the period, two Priority 1 actions for the project management audit, that were outstanding in September 2016, had been classed as implemented.
Five Priority 2 and one Priority 3 actions, which should have been implemented by 31 October 2016 (or before) were currently outstanding. Progress was underway to implement the outstanding actions. This represented a considerably improved position when compared with the same time last year, when a total of 109 actions were reported as being outstanding.
Many of the outstanding actions were also included on the Council's Improvement Plan and the auditors acknowledged the considerable work ongoing to implement the Plan. Internal Audit considered that the main priorities for implementation related to the property disposal framework and IT governance.
In addition to the final audit reports issued, detailed in Appendix 1 to the submitted report, TVAAS staff had been involved in a number of other areas of work that did not result in the issue of a formal report. This work included detailed housing benefit count testing, co-ordinating the Council's involvement in the national fraud initiative (NFI) and following up on the implementation of previous audit recommendations.
Appendix 2 to the submitted report detailed TVAAS current performance against the service level agreement performance measures. The Service's opinion methodology was detailed in Appendix 3 to the submitted report.
A Member highlighted that the assurance opinion in relation to the Agresso system was Moderate and outlined a specific incident that had been raised with her by a resident. The Head of Financial Governance and Revenues undertook to investigate the issue raised and highlighted that the problem might not necessarily be related to Agresso. In relation to a query relating to stock controls, it was clarified that the stock system could not be compromised by Agresso. The Auditor confirmed that the audit had focussed on access controls and ownership of the system at the time, since there had been a reliance on previous project managers knowledge.
A Member asked for clarification as to the areas covered in the audit of Project Governance and Property Disposals (2015/2016). The Internal Auditor explained that a number of different areas were covered including several asset disposals as well as Section 106 agreements. One of the main issues was the need to have a consistent and effective project management framework to ensure that all transactions were managed effectively and there was a clear audit trail showing how decisions were reached. All of the audit recommendations had been included in the Council Improvement Plan with target dates for implementation. A new asset disposal process had been drafted and was due to be considered by the Leadership and Departmental Management Teams by the end of December 2016.
It was noted that although a recent service review of TVAAS had resulted in the deletion of three auditor posts at one level, a higher level post had been created which would be filled by an appropriately qualified and experienced auditor. The review had been undertaken due to the need for cost savings. The Audit and Assurance Manager confirmed that this would not affect the number of planned audit days.
In relation to the Project Management (2014/2015) audit, and the new governance structure a Member asked how this would be monitored. The Audit and Assurance Manager explained that controls were built into the framework. Compliance with the controls would ensure robust monitoring by the Council would take place through the Project Lead and Programme Management Office (PMO). The Internal Auditor would also provide an independent periodic check to ensure the controls and framework were being adhered to. The Audit and Assurance Manager was confident that the new framework that had been put in place was robust and the actions implemented had addressed those concerns raised by both internal and external audit.
1. the information provided was received and noted.
2. the Internal Auditor would circulate a copy of the audit report in relation to the Agresso system.