Consideration was given to the report of the Audit Manager on the Internal Audit Plan for 2024/25 (IAP).  The Public Sector Internal Audit Standards required that the Audit Manager communicated the IAP and resource requirements, including significant interim changes, to senior management and the Audit and Standards Committee (A&SC) for review and approval.

Attached at Appendix A to the report was the assurance map which provided a visual representation of the various sources of assurance received by an organisation on its management of strategic risks.  The assurance map was last reported to the A&SC in March 2023 and updated for the current position. The assessment methodology was set out in Appendix B to the report.

This year, both Capital Projects and the Housing Company were highlighted as high risk areas. The Capital Projects assessment was primarily due to two audits in this area (i.e. the Capital Programme and Blackfriars Spine Road Project) having received limited or minimal assurance ratings in the period from January 2022 to December 2023. Another capital project would therefore be reviewed as part of the 2024/25 Audit Plan. The Housing Company assessment was a result of the minimal assurance rating received at a recent audit of the Council’s governance arrangements, and the Senior Leadership Team’s wish for greater assurance in this area. However, no further audit work was planned on the Housing Company in 2024/45, as the recommendations made at the latest review were still being followed up by the Audit Manager.

In addition, six areas were identified as medium risk, namely Contract Compliance, Environmental Services, Estates, Financial Services, Procurement and Revenues and Benefits. Audits were planned in all these areas in 2024/25.

A risk assessment exercise was carried out by the Audit Manager in February 2024 and included all new and emerging risks identified in service plans produced by officers in the Corporate Management Team (CMT) or through discussions with these officers. Those activities assessed to be high risk were usually included in the new Audit Plan except where they had only recently been reviewed and the issues found would be covered or followed up elsewhere. Medium risk activities were generally reviewed every two to three years, but low risk activities were ignored to make the best use of audit resources.

The Audit Plan for 2024/25 was attached at Appendix C to the report. Other high and medium risk areas that were considered when compiling the new plan, but not included in the final version, were listed in Appendix D to the report for information.  Members suggested that the Corporate Programme Management audit listed in Appendix D be pushed as a major risk when next reviewed in 2025/26.

The IAP had been compiled by the Audit Manager in accordance with the Internal Audit Charter 2022 and was supported by the CMT.  The IAP allowed for 493 days of audit work on 21 separate audit reviews / consultancy activities, plus provisions for counter fraud work.  A significant portion of the Plan was devoted to Governance Audit work, owing to the importance of the assurance these audits provided. Members noted that there would be no ICT Governance in 2024/25 because many of the checks that would normally be carried out during that review would be covered by a Cyber Security audit instead.

The plan also contained a full programme of high/medium risk activities, including two areas that had not been audited before, namely Climate Emergency and the De La Warr Pavilion and Heart of Sidley - Levelling Up Fund Governance. A review of the Academy End of Year (EOY) Processes would also be undertaken, which was normally incorporated into the Governance audits, but would be reviewed earlier as a separate audit, as the end of year process would be handled by an external contractor on this occasion.

Owing to issues found in the recent past, an annual Procurement audit would also now be carried out, focusing on a different service area each year, the first being Neighbourhood Services.

The resources of the IAP (2024/25) were shown in Appendix E to the report, which demonstrated that it would be possible to meet the total resource requirement of the plan with existing staff resources.

Progress against the IAP would be monitored by the Audit Manager and reported to the A&SC once a quarter.  The content of the IAP would also be kept under review by the Audit Manager in liaison with the CMT and adjusted if required, to ensure that it continued to reflect the Council’s needs and priorities.

The IAP needed to provide sufficient coverage to meet the Council’s statutory duty.

Members were pleased to approve the IAP and thanked the Audit Manager for his work.

RESOLVED: That the Internal Audit Plan 2024/25 be approved.