Appendix 1
INTERNAL AUDIT
ANNUAL REPORT & OPINION
2022/2023
1. Internal Control and the Role of Internal Audit
1.1 All local authorities must make proper provision for internal audit in line with the 1972 Local Government Act (S151) and the Accounts and Audit Regulations 2015. The full role and scope of the Council’s Internal Audit Service is set out within our Internal Audit Charter.
1.2 It is a management responsibility to establish and maintain internal control systems and to ensure that resources are properly applied, risks appropriately managed and outcomes achieved.
1.3 Annually the Chief Internal Auditor is required to provide an overall opinion on the Council’s internal control environment, risk management arrangements and governance framework to support the Annual Governance Statement.
2. Delivery of the Internal Audit Plan
2.1 The Council’s Internal Audit Strategy and Plan is updated each year based on a combination of management’s assessment of risk (including that set out within the departmental and strategic risk registers) and our own risk assessment of the Council’s major systems and other auditable areas. The process of producing the plan involves extensive consultation with a range of stakeholders to ensure that their views on risks and current issues, within individual departments and corporately, are identified and considered.
2.2 During 2022/23, we have continued to see government grants that needed to be certified by Internal Audit, some of which were specific to supporting the City Council through and following the pandemic.
2.3 All adjustments to the audit plan were agreed with the relevant departments and reported throughout the year to the Audit & Standards Committee as part of our periodic internal audit progress reports. It should be noted that whilst there were a number of audit reports still in draft at the year-end, the outcomes from this work have been taken into account in forming our annual opinion. Full details of these audits will be reported to the Audit & Standards Committee once each has been finalised with management.
3. Audit Opinion
3.1 No assurance can ever be absolute; however, based on the internal audit work completed, the Chief Internal Auditor can provide Reasonable ([1]) Assurance that Brighton & Hove City Council has in place an adequate and effective framework of governance, risk management and internal control for the period 1 April 2022 to 31 March 2023.
3.2 Further information on the basis of this opinion is provided below. Overall, whilst the majority of audit opinions issued in the year were generally positive, internal audit activities have identified a number of areas where the operation of internal controls has not been fully effective, including one instance, in the key area of Direct Payments, where the organisation has failed to ensure sufficient improvement has been made in response to previously identified areas of weakness. In addition to this, management also requested that our planned follow up review of Surveillance Cameras be deferred to 2023/24 due to the need for further time to implement the previously agreed actions.
3.3 Given these issues, it is essential that management recognise the need to take prompt and robust action in response to the findings arising from internal audit activities, in order to ensure an adequate control environment remains in place and that there is no future deterioration in the level of assurance.
3.4 Where improvements in controls are required as a result of any of our work, we have agreed appropriate remedial action with management.
3.5 In addition to specific audit reviews, we undertake regular liaison activity with all directorates to understand emerging pressures and risk areas and amend our plan of work accordingly. This process provides additional assurance that the audit plan remains current and focused on the highest areas of risk.
4. Basis of Opinion
4.1 The opinion and the level of assurance given takes into account:
· All audit work completed during 2022/23, planned and unplanned;
· Follow-up of actions from previous audits;
· Management’s response to the findings and recommendations;
· Ongoing advice and liaison with management, including regular attendance by the Chief Internal Auditor and Audit Managers at organisational meetings relating to risk, governance, and internal control matters;
· Effects of significant changes in the Council’s systems;
· The extent of resources available to deliver the audit plan;
· Quality of the Internal Audit service’s performance.
4.2 Whilst no direct limitations have been placed on the scope of Internal Audit during 2022/23, at the request of management we agreed to only complete follow up audit reviews within the Housing Service and to defer larger audits to 2023/24. This was in recognition of the fact that housing services were significantly impacted by Covid-19 pandemic and by deferring audits we have allowed time for officers to address known areas for improvement.
5. Key Internal Audit Issues for 2022/23
5.1 The overall audit opinion should be read in conjunction with the key issues set out in the following paragraphs. These issues, and the overall opinion, have been taken into account when preparing the Council’s Annual Governance Statement.
5.2 The internal audit plan is delivered each year through a combination of formal reviews with standard audit opinions, direct support for projects and new system initiatives, investigations, grant audits and ad hoc advice. The following graph provides a summary of the outcomes from all audits finalised over the past three years:
Audit Opinions 2020/21 to 2022/23
*Not applicable: Includes grant certifications and audit reports where we did not give a specific audit opinion.
5.4 Whilst it is pleasing to report that no minimal assurance opinions were issued during the year, as can be seen in the above graph, a total of eight audits received partial assurance opinions as follows:
· Housing Rents;
· Direct Payments (follow up);
· Adult Social Care Financial Assessments;
· School Meals Contract;
· Officers Declarations of Interest Gifts and Hospitality;
· Health and Safety;
· Downs View School;
· Queens Park School.
5.5 Whilst actions arising from these reviews will be followed up by Internal Audit, either through specific reviews or via established action tracking arrangements, it is important that management take prompt action to secure the necessary improvements in internal control.
5.6 With regard to Direct Payments, it is necessary to highlight that this is now the third consecutive occasion where our follow up audit work has identified an inadequate level of improvement in internal control since our original review in 2019/20 resulted in minimal assurance. As mentioned above, it is of concern that insufficient activity has taken place to achieve improvements in this area and something therefore that the organisation should closely monitor.
5.7 We would also like to highlight that during the course of our work resourcing challenges have been raised with us in several areas by management. This has had the impact of slowing down implementation of agreed actions, requests for audit reviews to be delayed or deferred and challenges in agreeing audit actions. We also understand that some of these issues have been further compounded by the pandemic, increased demand on services and by ongoing financial pressures.
5.8 In summary, although we have concluded Reasonable Assurance for 2022/23, there remains a clear need for further improvement in the control environment, especially in terms of areas identified within this report and also generally in terms of prompt implementation of actions to address known weaknesses.
5.9 Given the substantial values involved, each year a significant proportion of our time is spent reviewing the Council’s key financial systems, both corporate and departmental. Of those completed during 2022/23, all of these have resulted in reasonable assurance being provided over the control environment, with the exception of Housing Rents which received partial assurance.
5.10 Although the last audit of Payroll concluded reasonable assurance, we are aware that there are now significant issues associated with payroll that need urgent action to resolve. We understand that management are aware of these issues and are working to improve the control environment and quality of data. The payroll system will be subject to a full review as part of our agreed 2023/24 audit plan.
Housing Audits
5.11 During 2022/23, Internal Audit has carried out a number of follow up audits of housing related areas within the Housing Neighbourhoods and Communities Directorate as follows:
· Housing Management System (follow up);
· Housing Repairs Service (follow up);
· Temporary Accommodation (follow up).
5.12 We were able to complete the Housing Management System follow up to final report stage whilst both Housing Repairs and Temporary Accommodation were at the draft report stage at the end of quarter 4. It is pleasing to report that although these two follow ups await finalisation, we have been able to see improvements in the controls in all three areas which are all likely to result in reasonable assurance opinions.
Other Internal Audit Activity
5.13 During the year, Internal Audit have continued to provide advice, support, and independent challenge to the organisation on risk, governance, and internal control matters across a range of areas. These include:
· Orbis Customer Board/DMT/Finance & Resources Lead Business Partners Meetings;
· Governance Assurance Meetings;
· Whistleblowing Co-ordination Meetings;
· Information Governance Board;
· Enterprise Resource Planning Programme Board;
· Housing Repairs Works Management System Replacement Board.
5.14 As well as actively contributing to, and advising these groups, we utilise the intelligence gained from the discussions to inform our own current and future work programmes to help ensure our work continues to focus on the most important risk areas.
Anti-Fraud and Corruption
5.15 During 2022/23, the Internal Audit Counter Fraud Team continued to deliver both reactive and proactive fraud services across the organisation. Details of all counter fraud and investigatory activity for the year, both proactive and reactive, have been summarised within a separate Counter Fraud Annual Report due to be presented alongside this Internal Audit Annual Report. Where relevant, the outcomes from this work have also been used to inform our annual internal audit opinion and future audit plans.
Amendments to the Audit Plan
5.16 In accordance with proper professional practice, the Internal Audit plan for the year was kept under regular review to ensure that the service continued to focus its resources in the highest priority areas based on an assessment of risk. Through discussions with management, the following reviews were added to the original audit plan during the year:
· Highways Contract Management;
· Adult Social Care – Service Agreements in Brokerage;
· Budget Management – Savings Targets;
· CIPFA Financial Management Code;
· Test and Trace Support Payment Grant;
· SOGU Universal Drug Treatment Grant;
· Bio Diversity Net Gain Grant.
5.17 In order to allow these additional activities to take place, the following audits have been removed or deferred from the audit plan and, where appropriate, will be considered for inclusion in future audit plans as part of the overall risk assessment completed during the annual audit planning process. These changes have been made on the basis of risk prioritisation and/or as a result of developments within the service areas concerned requiring a rescheduling of audits:
· Early Help Services;
· Information Governance (Subject Access Request and Freedom of Information Reporting Arrangements;
· Surveillance Cameras;
· Kofax IT Application;
· Residential Care Procurement.
6. Internal Audit Performance
6.1 Public Sector Internal Audit Standards (PSIAS) require the Internal Audit service to be reviewed annually against the Standards, supplemented with a full and independent external assessment at least every five years. The following paragraphs provide a summary of our performance during 2022/23, including the results of our latest independent PSIAS assessment, an update on our Quality Assurance and Improvement Programme and the year end results against our agreed targets.
PSIAS
6.2 The Standards cover the following aspects of internal audit, all of which were independently assessed during 2022 by the Institute of Internal Auditors (IIA):
· Purpose, authority and responsibility;
· Independence and objectivity;
· Proficiency and due professional care;
· Quality assurance and improvement programme;
· Managing the internal audit activity;
· Nature of work;
· Engagement planning;
· Performing the engagement;
· Communicating results;
· Monitoring progress;
· Communicating the acceptance of risks.
6.3 As reported to Audit Committee in January 2023, Orbis Internal Audit has been assessed as achieving the highest level of conformance available against professional standards, with no areas of non-compliance identified.
Key Service Targets
6.4 Performance against our previously agreed service targets is set out in Appendix 2. Overall, client satisfaction levels remain high, demonstrated through the results of our post audit questionnaires, discussions with key stakeholders throughout the year and annual consultation meetings with Chief Officers.
6.5 We will continue to liaise with the Council’s external auditors (Grant Thornton) to ensure that the Council obtains maximum value from the combined audit resources available.
6.6 In addition to this annual summary, the Executive Leadership Team and the Audit & Standards Committee will continue to receive performance information on Internal Audit throughout the year as part of our quarterly progress reports and corporate performance monitoring arrangements.
[1] This opinion is based on the activities set out in the paragraphs below. It is therefore important to emphasise that it is not possible or practicable to audit all activities of the Council within a single year.