Appendix 1
INTERNAL AUDIT
ANNUAL REPORT & OPINION
2023/2024
1. Internal Control and the Role of Internal Audit
1.1 All local authorities must make proper provision for internal audit in line with the 1972 Local Government Act (S151) and the Accounts and Audit Regulations 2015. The full role and scope of the Council’s Internal Audit Service is set out within our Internal Audit Charter.
1.2 It is a management responsibility to establish and maintain internal control systems and to ensure that resources are properly applied, risks appropriately managed and outcomes achieved.
1.3 Annually the Chief Internal Auditor is required to provide an overall opinion on the Council’s internal control environment, risk management arrangements and governance framework to support the Annual Governance Statement.
2. Delivery of the Internal Audit Plan
2.1 The Council’s Internal Audit Strategy and Plan is updated each year based on a combination of management’s assessment of risk (including that set out within the departmental and strategic risk registers) and our own risk assessment of the Council’s major systems and other auditable areas. The process of producing the plan involves extensive consultation with a range of stakeholders to ensure that their views on risks and current issues, within individual departments and corporately, are identified and considered.
2.2 In accordance with the audit plan for 2023/24, a programme of audits was carried out covering all Council departments and, in accordance with best practice, this programme was reviewed during the year and revised to reflect changes in risk and priority. All adjustments to the audit plan were agreed with the relevant departments and reported throughout the year to the Executive Leadership Team (ELT) and the Audit and Standards Committee as part of our periodic internal audit progress reports. Full details of the adjustments to the plan can be found in Appendix D.
2.3 It should be noted that whilst there were some audit reports in progress or at draft report stage at year-end, outcomes from this work have been taken into account in forming our annual opinion. Full details of these audits will be reported to the Corporate Leadership Team (CLT) and the Audit, Standards and General Purposes Committee once each of the reports have been finalised with management.
3. Audit Opinion
3.1 No assurance can ever be absolute; however, based on the internal audit work completed, the Chief Internal Auditor can provide partial ([1]) assurance that the Council has in place an adequate and effective framework of governance, risk management and internal control for the period 1 April 2023 to 31 March 2024.
3.2 Further information on the basis of this opinion is provided below. Although the majority of audit opinions issued in the year were generally positive, there was an increase in the number of partial assurance reports and internal audit activities have identified a number of key areas where the operation of internal controls has not been fully effective. A number of these relate to key financial or corporate systems and link to risks identified in the Council’s strategic risk register. It should also be noted that in some of these cases the audits were delivered at the request of management in order to obtain assurance over areas where it felt there was the potential need for improvement. This demonstrates a positive organisational culture which utilises Internal Audit to help support service improvement.
3.3 Given these issues, it is essential that management continue to recognise the need to take prompt and robust action in response to the findings arising from internal audit activities, in order to ensure an adequate control environment remains in place and that there is no future deterioration in the level of assurance. Regular liaison has taken place with management during the year with regard to these issues as they have emerged, and it is pleasing to report these have been taken extremely seriously, with a clear commitment being demonstrated by senior officers to strengthening the control environment.
3.4 Where improvements in controls are required as a result of any of our work, we have agreed appropriate remedial action with management.
4. Basis of Opinion
4.1 The opinion and the level of assurance given takes into account:
· All audit work completed during 2023/24, planned and unplanned;
· Follow up of actions from previous audits;
· Management’s response to the findings and recommendations;
· Ongoing advice and liaison with management, including regular attendance by the Chief Internal Auditor and Audit Managers at organisational meetings relating to risk, governance, and internal control matters;
· Effects of significant changes in the Council’s systems;
· The extent of resources available to deliver the audit plan; and
· Quality of the Internal Audit service’s performance.
4.2 No limitations have been placed on the scope of Internal Audit during 2023/24.
5. Key Internal Audit Issues for 2023/24
5.1 The overall audit opinion should be read in conjunction with the key issues set out in the following paragraphs. These issues, and the overall opinion, have been taken into account when preparing and approving the Council’s Annual Governance Statement.
5.2 The internal audit plan is delivered each year through a combination of formal reviews with standard audit opinions, direct support for projects and new system initiatives, investigations, grant audits and ad hoc advice. The following graph provides a summary of the outcomes from all audits finalised over the past three years:
Comparisons of Opinions 2021/22 through 2023/24
5.3 A full listing of all 2023/24 completed audits and opinions for the year is included at Appendix B, along with an explanation of each of the assurance levels. The status of all planned audits in progress but not completed to final report by year-end is shown in Appendix C.
5.4 We are pleased to report that no minimal assurance audit opinions were issued, however, ten audits received partial assurance (all of which have been reported on in our quarterly progress reports) as follows:
· Payroll;
· Housing Benefit and Council Tax Reduction;
· Budget Management – Effectiveness of Savings Targets;
· Payment Card Industry, Data Security Standards Governance Arrangements;
· Business Continuity Planning;
· Service Agreements (Residential and non-residential);
· Carelink;
· Housing Rents follow up;
· Contract Management; and
· Council Tax.
5.5 In addition to the above, as at March 2024 year-end, there were a further three draft reports, not yet finalised, with likely partial assurance opinions:
· Accounts Receivable;
· Corporate Governance Policy Framework and Associated Guidance; and
· Off Payroll Payments.
5.6 Actions arising from all of these reviews will be followed up by Internal Audit, either through specific reviews or via established action tracking arrangements, all of which will be reported to CLT and Audit & Standards Committee throughout the year ahead.
5.7 As a demonstration of its commitment to improve internal control, management were able to bring forward implementation of some actions and subsequently requested early follow up reviews of both the Council Tax and Contract Management audits, which both resulted in reasonable assurance opinions. An early follow up review of Service Agreements (residential and non-residential) was still in progress at year end but has subsequently resulted in an opinion of substantial assurance, as all actions have been implemented.
5.8 We would also like to highlight that during the course of our work, capacity challenges have been raised with us in several areas by management. Whilst this was also raised in the previous 2022/23 annual internal audit report, it is noticeable that during 2023/24 we saw the impact of this reflected in audit opinions. We understand that some of these issues have been further compounded by increased demand on services and by ongoing financial pressures. Finally, in some areas under review, it has, at times, been difficult to determine roles and responsibilities, which has presented further challenges in agreeing and implementing actions to mitigate the risks identified.
5.9 Given the substantial values involved, each year a significant proportion of our time is spent reviewing the Council’s key financial systems, both corporate and departmental. Of those completed during 2023/24, five of these have resulted in partial assurance being provided over the control environment, in some cases for the reasons referenced above.
5.10 We have noted a deterioration in controls within Payroll, Housing Benefit and Council Tax Reduction, Housing Rents and Accounts Receivable, all of which has impacted on the overall audit opinion.
5.11 With regard to Housing Rents, it is important to highlight that this review was a follow up of a previous partial opinion report, where we have therefore seen an inadequate improvement in controls. This has therefore been included in the 2024/25 audit plan as a full audit. It is of concern that insufficient activity has taken place in response to previously highlighted weaknesses in this area and something therefore that the organisation should closely monitor.
Key Corporate Systems
5.12 As referenced above, partial assurance audit opinions were also issued in the year relating to some key corporate systems, including Business Continuity Planning and Budget Management - Effectiveness of Savings Targets, all of which are key areas underpinning the corporate control environment.
5.13 An audit on Contract Management in 2023/24, resulting in partial assurance, found that whilst a robust contract management framework had been developed, contract managers were not always using it and often appeared to be unaware of it. However, it is pleasing to report that an early follow up review in this area concluded reasonable assurance, with actions implemented to improve communication with contract managers and provide signposting and training on the framework. This follow up audit did not, however, test compliance with the framework across directorates and so additional audit work will be undertaken in 2024/25 to provide further assurance in this area.
Other Internal Audit Activity
5.14 During 2023/24, Internal Audit has continued to provide advice, support, and independent challenge to the organisation on risk, governance, and internal control matters across a range of areas. These include:
· Modernisation of Data and Information Systems (Modis), formerly the Enterprise Resource Planning (ERP) Programme;
· Housing, Repairs Works Management System Replacement Programme.
And attendance at, and support to:
· Orbis Customer Board/Finance & Resources Lead Business Partners Meetings;
· Governance Assurance Meetings;
· Whistleblowing Co-ordination Meetings; and
· Leadership Network.
5.15 As well as actively contributing to, and advising these groups, we utilise the intelligence gained from the discussions to inform our own current and future work programmes to help ensure our work continues to focus on the most important risk areas.
Anti-Fraud and Corruption
5.16 During 2023/24, the Internal Audit Counter Fraud Team continued to deliver both reactive and proactive fraud services across the organisation. Details of all counter fraud and investigatory activity for the year, both proactive and reactive, have been summarised within a separate Counter Fraud Annual Report due to be presented alongside this Internal Audit Annual Report. Where relevant, the outcomes from this work have also been used to inform our annual internal audit opinion and future audit plans.
Amendments to the Audit Plan
5.17 In accordance with professional practice, the Internal Audit plan for the year was kept under regular review to ensure that the service continued to focus its resources in the highest priority areas based on an assessment of risk. All audits added to and removed from the plan during the year are provided in Appendix D.
6. Internal Audit Performance
6.1 Public Sector Internal Audit Standards (PSIAS) require the Internal Audit service to be reviewed annually against the Standards, supplemented with a full and independent external assessment at least every five years. The following paragraphs provide a summary of our performance during 2023/24, including the results of our latest independent PSIAS assessment, an update on our Quality Assurance and Improvement Programme and the year end results against our agreed targets.
6.2 Over the course of the year we have received positive feedback on a range of completed audit assignments from management within services. The following ‘word cloud’ identifies some of the key, positive phrases used to describe our service and that contributed to a 100% satisfaction rate being recorded in year:
PSIAS
6.3 The Standards cover the following aspects of internal audit, all of which were independently assessed during 2022 by the Institute of Internal Auditors (IIA):
· Purpose, authority, and responsibility;
· Independence and objectivity;
· Proficiency and due professional care;
· Quality assurance and improvement programme;
· Managing the internal audit activity;
· Nature of work;
· Engagement planning;
· Performing the engagement;
· Communicating results;
· Monitoring progress;
· Communicating the acceptance of risks.
6.4 As reported to Audit Committee in January 2023, Orbis Internal Audit has been assessed as achieving the highest level of conformance available against professional standards, with no areas of non-compliance identified. Our most recent self-assessment against the standards in 2023 found that this continued, with only minor areas for improvement identified.
Key Service Targets
6.5 Performance against our previously agreed service targets is set out in Appendix A. Overall, client satisfaction levels remain high, demonstrated through the results of our post audit questionnaires, discussions with key stakeholders throughout the year and annual consultation meetings with Chief Officers.
6.6 Internal Audit will continue to liaise with the Council’s external auditors (Grant Thornton) to ensure that the Council obtains maximum value from the combined audit resources available.
6.7 In addition to this annual summary, the Corporate Leadership Team and the Audit and Standards Committee will continue to receive performance information on Internal Audit throughout the year as part of our quarterly progress reports and corporate performance monitoring arrangements.
Appendix A
Internal Audit Performance Indicators 2023/24
|
Aspect of Service |
Orbis IA Performance Indicator |
Target |
RAG Score |
Actual Performance |
|
Quality
|
Annual Audit Plan agreed by Audit Committee (2023/24) |
By end April |
G |
2023/24 Internal Audit Strategy and Plan formally approved by Audit and Standards Committee 18th April 2023.
|
|
Annual Audit Report and Opinion (2022/23)
|
By end July |
G |
2022/23 Annual Report and Opinion presented to Audit and Standards Committee 27th June 2023
|
|
|
Customer Satisfaction Levels |
90% satisfied.
|
G |
100% |
|
|
Productivity and Process Efficiency |
Audit Plan – completion to draft report stage |
90% |
G |
91.4% |
|
Compliance with Professional Standards |
Public Sector Internal Audit Standards |
Conforms |
G
|
Dec
2022 - External Quality Assurance completed by the Institute of
Internal Auditors (IIA). Orbis Internal Audit assessed as achieving
the highest level of conformance available against professional
standards with no areas of non-compliance identified, and therefore
no formal recommendations for improvement arising. In summary the
service was assessed as:
|
|
|
Relevant legislation such as the Police and Criminal Evidence Act, Criminal Procedures, and Investigations Act |
Conforms |
G
|
No evidence of non-compliance identified. |
|
Outcome and degree of influence |
Implementation of management actions agreed in response to audit findings |
95% for high priority agreed actions |
G |
100% |
|
Our staff |
Professionally Qualified/Accredited
|
80% |
G |
94%[2] |
Appendix B
Summary of Opinions for Internal Audit Reports Issued During 2023/24
Substantial Assurance:
(Explanation of assurance levels provided at the bottom of this document)
|
Audit Title |
Department |
|
Risk Management Actions – Implementation & Progress Reporting |
GPR |
|
Declaration of Interests, Gifts and Hospitality- Officers (follow up) |
GPR |
Reasonable Assurance:
|
Audit Title |
Department |
|
Accounts Payable |
GPR |
|
Procurement of IT Systems |
GPR |
|
Children’s Data Handling |
FCL |
|
Business Rates |
GPR |
|
Carbon Reduction Programme |
EEC |
|
Housing Temporary Accommodation (follow up) |
HNC |
|
Housing Repairs Service (follow up) |
HNC |
|
Working Time Directive (follow up) |
GPR |
|
Cardinal Newman School |
FCL |
|
Carden Nursery & Primary School |
FCL |
|
Organisational Capacity Workforce Management |
GPR |
|
Homes for Ukraine |
EEC |
|
Hertford Junior School |
FCL |
|
Complex Care Placements for Children - Safeguarding |
FCL |
|
Adult Services Data Handling |
HASC |
|
School Meals (follow up) |
FCL |
|
Hill Park School |
FCL |
|
Robotic Process Automation |
GPR |
|
Unaccompanied Asylum Seekers - Children |
FCL |
|
Performance Development Plan’s and 121’s (follow up) |
GPR |
|
Eclipse Application Control |
HASC |
|
Parking Income |
EEC |
|
Life Events Income |
HASC |
|
Operational Accommodation Strategy and Workstyle Programme |
GPR |
|
Varndean Secondary School |
FCL |
|
Housing Allocations |
HNC |
|
Surveillance cameras (follow up) |
EEC |
|
Contract Management (follow up) |
GPR |
|
Council Tax (follow up) |
GPR |
|
Health and Safety (follow up) - draft report |
GPR |
|
Parking Enforcement - draft report |
GPR |
Partial Assurance:
|
Audit Title |
Department |
|
Payment Card Industry -Data Security Standards |
GPR |
|
Housing Benefits & Council Tax Reduction |
GPR |
|
Contract Management |
GPR |
|
Budget Management- Effectiveness of Savings Targets |
GPR |
|
Service Agreements (Residential & Non-residential) |
HASC |
|
Business Continuity Planning |
HNC |
|
Housing Rents (follow up) |
HNC |
|
Carelink |
HASC |
|
Payroll |
GPR |
|
Council Tax |
GPR |
|
Off Payroll Payments – draft report |
GPR |
|
Debtors/ Accounts Receivable – draft report |
GPR |
|
Corporate Governance Policy Framework and Associated Guidance – draft report |
GPR |
Minimal Assurance:
|
Audit Title |
Department |
|
None |
|
Non-Opinion:
|
Department |
|
|
EU- Blueprint for a Circular Economy (claim 6) Grant Certification |
EEC |
|
EU- Blueprint for a Circular Economy (claim 7) Grant Certification |
EEC |
|
Bus Subsidy Revenue Grant Certification |
EEC |
|
Transport Capital Grant Certification |
EEC |
|
Supporting Families Grant Certification |
FCL |
|
Housing Repairs Works Management System Replacement Programme – advisory role on programme board |
HNC |
|
Modernisation of Data and Information Systems (Modis) formerly the Enterprise Resource Planning Programme – advisory role on programme board |
GPR |
|
CIPFA Financial Management Code 2022-23- advice and review of self-assessment |
GPR |
|
DLUHC Shared Prosperity Fund – advice on processes and documentation |
EEC |
|
Complex Care Placements for Children -SEN & Disability – Position Statement |
FCL |
Audit Opinions and Definitions
|
Opinion |
Definition |
|
Substantial Assurance |
Controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
|
Reasonable Assurance |
Most controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
|
Partial Assurance |
There are weaknesses in the system of control and/or the level of non-compliance is such as to put the achievement of the system or service objectives at risk. |
|
Minimal Assurance |
Controls are generally weak or non-existent, leaving the system open to the risk of significant error or fraud. There is a high risk to the ability of the system/service to meet its objectives. |
Appendix C
2023/24 Audit Plan – Audits in Progress at Year-End
|
Audit Title |
Department |
Status |
|
Off Payroll Payments |
GPR – Now Corporate Services |
Draft Report |
|
Health and Safety follow up |
GPR – Now Corporate Services |
Draft Report |
|
Accounts Receivable (Debtors) |
GPR – Now Corporate Services |
Draft Report |
|
Corporate Governance Framework |
GPR – Now Corporate Services |
Draft Report |
|
Parking Enforcement |
EEC – Now City Services |
Draft Report |
|
HASC Debt Management & Recovery |
HASC – Now Housing Care and Wellbeing |
Fieldwork |
|
Recovery & Resilience (including Cyber security Arrangements |
GPR – Now Corporate Services |
Fieldwork |
|
System Change Control & Release Management (Patch Management |
GPR – Now Corporate Services |
Fieldwork |
|
Information Governance SAR & FOI |
GPR – Now Corporate Services |
Fieldwork |
|
ASC Financial Assessments follow up |
HASC – Now Housing Care and Wellbeing |
Fieldwork |
|
Commissioning of Supported Accommodation |
HASC – Now Housing Care and Wellbeing |
Fieldwork |
|
Direct Payments |
HASC – Now Housing Care and Wellbeing |
Fieldwork |
|
Service Agreements (Residential & Non-residential) follow up |
HASC – Now Housing Care and Wellbeing |
Fieldwork |
|
Brunswick School |
Families Children & Learning |
Fieldwork |
|
Digital City Clean Programme |
EEC – Now City Services |
Fieldwork |
Appendix D
Audits added to and removed from the plan during 2023/24
Audits Added:
|
Direct Payments |
|
Parking Income |
|
Supporting Families Grant |
|
General Ledger |
|
Shared Prosperity Fund |
|
Council Tax Follow Up |
|
Contract Management Follow Up |
|
Service Agreements (Residential & Non-residential) Follow Up |
|
Digital City Clean Project |
Audits Removed/Deferred:
|
Audit Title |
|
|
Seaside Homes Follow Up |
The service has been reviewing future options and has been unable to progress agreed actions from the previous report due to current contractual arrangements. |
|
Warmer Homes Programme |
Cancelled following a review and cancellation of the programme. |
|
Audit certification is not required for this grant as the scheme is administered through Portsmouth City Council. |
|
|
An additional audit was scheduled anticipating that further review would be required in this area. However, we were able to adequately cover the controls and mitigation of risk in the main Business Rates audit. |
|
|
Transition from Children to Adults |
Work is ongoing to make improvements in this area and some responsibilities have transferred between Directorates. At the request of the service, we have agreed to defer the audit review to 2025/26. |
|
Housing Major and Planned Works |
Supply chain issues and delays in procurement have delayed this programme. At the request of the service, we have agreed to defer the audit review to 2024/25 |
|
Procurement Contract Standing Orders |
The new regulations are expected to come into force from October 2024, in accordance with the 2023 Procurement Act. We have agreed to defer the audit review to 2024/25 |
|
Revenue Budget Management |
This audit looks at the framework for the budget management process and would be better timed after a follow up review of the Budget Management Effectiveness of Savings Targets Audit. |
|
General Ledger |
At the request of management this audit was deferred from Q4 2023/24 to Q1 2024/25 |
|
Early Help Services |
At the request of management this audit was deferred from Q4 2023/24 to Q1 2024/25 |