The Council was required to ensure that it had reliable and effective internal control systems in place. The adequacy of these systems was tested by both Internal and External Audit.

In the year up to 31 March 2022, Internal Audit had operated in accordance with the Public Sector Internal Audit Standards (hereafter referred to as ‘the Standards’). It was a requirement of the Standards that Internal Audit reported to the Audit and Standards Committee on audit matters and any emerging issues, not only in relation to audit but risk management and corporate governance. In line with the Standards, the Audit Manager was expected to present an annual report on the performance of the Internal Audit Service and to provide an overall opinion on the Council’s control environment.

Eight audit reviews were completed in the final quarter of 2021/22. Five provided good assurance on the overall governance arrangements, however, three audits (Creditors, BACS/BACSTEL-IP Computer System and Debtors) received a limited assurance rating meaning that improvements in controls or in the application of controls were required.  The reasons for the assessments were outlined in the report, but explained in more detail in Appendix A to the report. 

Appendix B  to the report provided a summary of all audit reports completed in 2021/22, the level of compliance and assurance rating for each review, and the overall performance of the Internal Audit Team against the plan.

The summary showed 91.3% of the 2021/22 Audit Plan was completed and only two planned audits (ICT Governance and Payroll) were still outstanding at the end of the financial year. Both of these audits had since been completed and good/substantial assurance were obtained in each case.  Internal Audit’s overall performance in 2021/22 was therefore comparable to that achieved in the previous financial year.

Appendix C to the report showed a summary of the current position with the progress made on implementing the audit recommendations reported at previous meetings.  The situation regarding the Old Years Recommendations had not changed since the last quarter, with three recommendations still outstanding. Progress was being made in all of these cases, but the issues highlighted by the recommendations were yet to be fully resolved. Good progress continued to be made on the 2021/22 recommendations, with almost two-thirds already completed and work having commenced in all remaining cases.

In addition to compliance work, Internal Audit also allocated time each year to undertake counter fraud duties. On the council tax side, three unbanded dwellings had been identified and on the business rates side, two businesses where small business rate relief was being wrongly applied and two unrated business premises. All cases were followed up with the help of colleagues in the Revenues and Benefits Team and an additional £30,147 of revenue income was being collected as a result. 

Counter Fraud work was also carried out on the Community Infrastructure Levy (CIL) to identify any cases where the development had commenced without notifying the Council, or exemptions that were no longer appropriate. A number of cases had already been found and passed to the new Principal CIL Officer for investigation, however no additional income had so far been collected as a result.

The Audit Manager also coordinated the annual National Fraud Initiative  data matching exercises which had not resulted in any financial savings in 2020/21.

Routine audit work often highlighted financial errors which could result in savings (or increased income) once corrected. Savings totalling £41,104 were identified in 2021/22 comprising of temporary accommodation charges not being covered by the customer’s benefit claim due to a system glitch, four cases of business rate liability being incorrectly incurred and two duplicate invoice payments which had since been recovered.

The Audit Manager’s latest self-assessment of his Team’s compliance with the Standards (Review of Internal Audit 2021/22) was approved by Members on 21 March 2022. The review only identified one new issue and concluded that there was a high level of effectiveness overall. As more than five years had elapsed since the last external quality assessment  a further review was now due, and the Audit Manager was in the process of obtaining competitive quotes to carry out another review during the current financial year. In parallel to this, the Audit Manager was also in discussion with the Internal Audit departments in neighbouring authorities to explore the possibility of carrying out the work on a reciprocal basis.

Quality assurance questionnaires were used to capture client feedback and recipients were invited to rate the service provided as either ‘good’, ‘fair’ or ‘poor’ and encouraged to comment where improvement was required.  All of the feedback received was very positive indicating a high level of satisfaction with the quality of the Internal Audit Service.

Performance Measures set for the Audit Team demonstrated that all but one of the targets for 2021/22 was met or exceeded.  The governance audit target was not met on this occasion because the ICT Governance and Payroll audits were still in progress at year end as a result of overruns on earlier audits. However, both had since been completed and the results would be reported to this Committee at the next meeting.

The work carried out by Internal Audit in 2021/22 did highlight some concerns regarding the internal control environment, but only one audit (BACS/BACSTEL-IP Computer System) resulted in a high risk recommendation being made. There was no need to include this point in the Annual Governance Statement as the issue that resulted in this recommendation had since been addressed. Two other areas (Creditors and Debtors) were also considered for inclusion in the Annual Governance Statement because of their limited assurance rating. However, neither were currently considered significant.

Taking all of the factors highlighted in this and the quarterly reports into account, the Audit Manager’s overall opinion on the Council’s framework of governance, risk management and control in 2021/22 was therefore that it was adequate and effective.

An update on the Whistleblowing Policy activity in 2021/22 was provided in Appendix D to the report.  In summary, a total of 26 whistleblowing cases were reported to the Audit Manager in 2021/22. The vast majority of these focused on either Benefit/Council Tax Fraud or Housing Issue/Tenancy Fraud. All cases were initially reviewed by the Audit Manager and then either referred to the relevant Council officer for further investigation or reported to the appropriate authority.  The Audit Manager was not able to report on outcomes of any cases as these were not fed back to him.

The Audit Manager’s role in the Council’s risk management was as facilitator only.  The ownership of risk management lay with the Corporate Management Team and a workshop for Members to look at risk appetite would be held in the coming weeks.  The Risk Management Update report coming to the Committee in September would include a named officer against each risk.

RESOLVED: That:

1)         Internal Audit’s activity and performance in 2021/22 be noted; and

2)         the Audit Manager’s opinion on the control environment (paragraph 37) be approved.