Agenda item

The purpose of this report is to present the Internal Audit Strategy and Annual Internal Audit Plan for 2024/25 to the Committee.

Under-pinning the work of the Orbis Internal Audit Service in delivering the Annual Internal Audit Plan are the key principles and objectives as set out in the Internal Audit Strategy and Charter. These are presented alongside the Annual Internal Audit Plan for 2024/25 as good practice dictates that these should be updated and reviewed on an annual basis.

Witnesses:

David John, Audit Manager

Russell Banks, Chief Internal Auditor

Simon White, Audit Manager - Counter Fraud

Key points raised in the discussion:

1.    The Chairman highlighted that the Committee had a training session on the plan.

2.    The Audit Manager explained that the content of the plan was drawn from consultation with management and Members and takes a risk-based approach, sought the Committee’s endorsement that the approach and the content seem reasonable and fit for purpose. Noted that due to the implementation of Unit4/MySurrey this year some of the key financial systems would be assured next year as a priority. Reiterated that Internal Audit undertakes follow-up audits given Minimal or Partial Assurance, to check management has actioned what they agreed to and that the controls have improved. Highlighted that the plan adapts to emerging issues whereby there were 400 days of contingency time, and any audits not completed in the year would be rolled over. Noted that the number of audit days increased back to the 2022/23 amount, that includes 225 dedicated days of schools audit time equating to 30 to 35 schools audits.

3.    A Committee member noted the discussion last March about staffing and the difficulties in recruiting to fill vacancies, sought an update on the current situation. The Chief Internal Auditor noted that there were some vacancies within the service, recruitment was ongoing and some successful appointments had been made. Due to the national challenges of recruiting experienced qualified auditors, the approach taken was to hire entry level people and invest heavily in their professional development. The gap at senior principal auditor level was being filled through external contractor resource, the ambition was to not have to use that external resource going forward. Noted confidence in having the resources to deliver the plan, hence the increased number of audit days.

4.    The Chairman asked whether there had been many identified cases from the National Fraud Initiative (NFI). The Audit Manager - Counter Fraud noted that the Pensions Administration team had updated all the mortality matches, the savings in concessionary travel were lower compared to the previous exercise which cleared off many cases, it would be a biennial exercise going forward. Results using the new Unit4/MySurrey system were uncertain regarding creditors and preventing duplicate payments, and some payroll matches were being looked at.

5.    The Audit Manager - Counter Fraud responded to the Chairman noting that Blue Badge fraud was still being looked at, that was administered by a national body and the Council received matches, referrals concerning misuse were infrequent.

6.    The Audit Manager - Counter Fraud responded to the Chairman noting that 150 days were set aside for counter fraud, if needed more days could be allocated if other areas in the plan are reprioritised. Hinchley Wood Primary School fraud case had exceeded that allocation over the past few years, however large scale cases were not frequent, investigations were usually 10 or 15 days. Every two years there was a peak when collating and submitting the NFI data. The Chief Internal Auditor clarified that counter fraud was not a function of Internal Audit and some local authorities keep it separate, the Council maintained a close relationship between the two as in most fraud cases there is found to be an internal control management role implication that needs to be strengthened. The level of counter fraud resource was proportionate to the fraud risk and the size of the organisation.

RESOLVED:

Members considered the contents of the report and appendices, and approved: 

(i)            The Internal Audit Strategy (Annex A);

(ii)           The Internal Audit and Corporate Fraud Plan (Appendix A);

(iii)          The Internal Audit Charter (Appendix B).

Actions/further information to be provided:

None.