Appendix 1
INTERNAL AUDIT
ANNUAL REPORT & OPINION
2024/2025
1. Internal Control and the Role of Internal Audit
1.1 All local authorities must make proper provision for internal audit in line with the 1972 Local Government Act (S151) and the Accounts and Audit Regulations 2015. The full role and scope of the Council’s Internal Audit Service is set out within our Internal Audit Charter.
1.2 It is a management responsibility to establish and maintain internal control systems and to ensure that resources are properly applied, risks appropriately managed and outcomes achieved.
1.3 Annually the Chief Internal Auditor is required to provide an overall opinion on the Council’s internal control environment, risk management arrangements and governance framework to support the Annual Governance Statement.
2. Delivery of the Internal Audit Plan
2.1 The Council’s Internal Audit Strategy and Plan is updated each year based on a combination of management’s assessment of risk (including that set out within the departmental and strategic risk registers) and our own risk assessment of the Council’s major systems and other auditable areas. The process of producing the plan involves extensive consultation with a range of stakeholders to ensure that their views on risks and current issues, within individual departments and corporately, are identified and considered.
2.2 In accordance with the audit plan for 2024/25, a programme of audits was carried out covering all Council departments and, in accordance with best practice, this programme was reviewed during the year and revised to reflect changes in risk and priority. All adjustments to the audit plan were agreed with the relevant departments and reported throughout the year to the Corporate Leadership Team and the Audit, Standards and General Purposes Committee as part of our periodic internal audit progress reports. Full details of the adjustments to the plan can be found in Appendix D.
2.3 It should be noted that whilst there were some audit reports in progress or at draft report stage at year-end, outcomes from this work have been taken into account in forming our annual opinion. Full details of these audits will be reported to the Corporate Leadership Team and the Audit, Standards and General Purposes Committee once each of the reports have been finalised with management.
3. Audit Opinion
3.1 No assurance can ever be absolute; however, based on the internal audit work completed, the Chief Internal Auditor can provide partial ([1]) assurance that the Council has in place an adequate and effective framework of governance, risk management and internal control for the period 1 April 2024 to 31 March 2025.
3.2 Further information on the basis of this opinion is provided below. Although the majority of audit opinions issued in the year were generally positive, there was an increase in the number of partial assurance reports overall and internal audit activities have identified a number of key areas where the operation of internal controls has not been fully effective. A number of these relate to key financial or corporate systems and/or link to risks identified in the Council’s strategic risk register.
3.3 For some of the areas of review, which resulted in partial assurance opinions, the audits were delivered at the request of management in order to obtain assurance over areas where there were known issues and a potential need for improvement. This demonstrates a positive organisational culture which utilises Internal Audit to help support service improvement.
3.4 Given the issues identified, it is essential that management continue to recognise the need to take prompt and robust action in response to the findings arising from internal audit activities, in order to ensure an adequate control environment remains in place and that there is no future deterioration in the level of assurance.
3.5 Where improvements in controls are identified during our audit work, we have agreed appropriate remedial action with management.
4. Basis of Opinion
4.1 The opinion and the level of assurance takes into account:
· All audit work completed during 2024/25, planned and unplanned;
· Follow up of actions from previous audits;
· Management’s response to the findings and;
· Ongoing advice and liaison with management, including regular attendance by the Chief Internal Auditor and Audit Managers at organisational meetings relating to risk, governance, and internal control matters;
· Effects of significant changes to the Council’s systems;
· The extent of resources available to deliver the audit plan; and
· Quality of the Internal Audit service’s performance.
4.2 No limitations have been placed on the scope of Internal Audit during 2024/25.
5. Key Internal Audit Issues for 2024/25
5.1 The overall audit opinion should be read in conjunction with the key issues set out in the following paragraphs. These issues, and the overall opinion, have been taken into account when preparing and approving the Council’s Annual Governance Statement.
5.2 The internal audit plan is delivered each year through a combination of formal reviews with standard audit opinions, direct support for projects and new system initiatives, investigations, grant audits and ad hoc advice. The following graph provides a summary of the outcomes from all audits finalised over the past four years:
Comparisons of Opinions 2021/22 through 2024/25
5.3 A full listing of all 2024/25 completed audits and opinions for the year is included at Appendix B, along with an explanation of each of the assurance levels. The status of all planned audits in progress but not completed to final report by year-end is shown in Appendix C.
5.4 Eleven audits that were completed to follow up on previous partial opinion audits showed improvement and resulted in an opinion of reasonable or substantial assurance.
5.5 We are pleased to report that no minimal assurance audit opinions were issued during the year, however, thirteen audits received partial assurance during 2024/25 (all of which have been reported on in our quarterly progress reports) as follows:
· Accounts Receivable;
· Payroll;
· Direct Payments;
· Housing Major and Planned Works Programme;
· Fleet Management;
· Contract Management Compliance- Facilities and Building Services;
· Corporate Governance Policy Framework and Associated Guidance;
· Off Payroll Payments;
· Prepayment Vouchers - Huggg;
· Housing Property Asset Collection Controls;
· Hove Park;
· Central Hub; and
· Brunswick School.
5.6 In considering the above, it should be noted that follow up reviews of the Corporate Governance Policy Framework and Associated Guidance and Brunswick School were completed within the year and sufficient progress had been made in implementing actions to enable us to issue updated opinions of reasonable assurance.
5.7 However in addition to the above, as at March 2025 year-end, there were a further three draft reports, not yet finalised, with likely partial assurance opinions:
· Attendance Management;
· Home Purchase Scheme; and
· Temporary Accommodation – Block Booked and Spot Purchase Payments.
5.8 We would also like to highlight that during the course of our work, capacity challenges and service resilience have been raised with us in several areas by management. Whilst this was also raised in previous annual internal audit reports, it is noticeable that this is the second year we have seen the impact of this reflected in audit opinions. We understand that some of these issues have been further compounded by demand on services and ongoing financial pressures resulting in recruitment and expenditure controls.
5.9 Actions arising from all reviews, resulting in partial assurance, will be followed up by Internal Audit, either through specific reviews or via established action tracking arrangements, all of which will be reported to the Corporate Leadership Team and Audit, Standards and General Purposes Committee throughout the year ahead.
5.10 Internal Audit track implementation of all high priority agreed actions and request confirmation from responsible officers that they are implemented by the due date. It is noticeable that during 2024/25 there has been an increase in actions not implemented by their due date, although the position was recovered at year end. These are reported within the quarterly progress reports to the Audit, Standards and General Purposes Committee and key performance indicators. Whilst most actions are implemented within a reasonable time period, any delay in implementation results in an increased period of risk exposure for the organisation.
5.11 Given the substantial values involved, each year a significant proportion of our time is spent reviewing the Council’s key financial systems, both corporate and departmental. Of those completed during 2024/25, two of these, Payroll and Accounts Receivable have resulted in only partial assurance being provided over the control environment. This is an area of concern and therefore something that management should be taking prompt action to resolve.
5.12 In the case of payroll, this was the second consecutive audit resulting in partial assurance. Whilst we have seen evidence that activity has taken place to progress some of the agreed actions, it is of concern that implementation of new system solutions, key to addressing many of the issues identified, has taken longer than anticipated and has impacted the outcome of this audit.
5.13 A full audit of Accounts Receivable was in progress at year end and will be reported on during 2025/26.
5.14 All key financial systems that were preceded with a previous partial assurance opinion had a full audit review during 2024/25. We have noted improvement in controls within some key financial systems with the following reviews resulting in reasonable assurance:
· Council Tax;
· Housing Benefit and Council Tax Reduction, and;
· Housing Rents (draft report).
Key Corporate Systems
5.15 It is pleasing to note that although corporate governance policy framework and associated guidance received a partial opinion early in the year, a follow up audit in the last quarter has found that agreed actions have been implemented and concluded a new opinion of reasonable assurance.
5:16 Although the follow up review of corporate health and safety processes resulted in an improved opinion of reasonable assurance, external reviews have highlighted health and safety deficiencies in both social housing and commercial properties. Internal Audit work completed relating to planned and major works in housing resulted in partial assurance, along with two further non-opinion (lessons learnt) reports for Housing Building Safety and New England House, which also identified significant issues in this area. This remains a key risk for the Council and an area that requires clear improvement.
5.17 With regard to Direct Payments, it is important to highlight that this audit had been preceded by a succession of partial opinion reports without sufficient improvement in controls. Whilst we can see that there are now renewed efforts to implement actions aimed at addressing the issues raised, it is of concern that insufficient activity had taken place in response to previously highlighted weaknesses in this area.
5.18 Whilst specific findings have been reported as part of each individual review, we have also identified certain themes across the areas receiving lower assurance levels, in particular, procurement and contract management and project management. These have been highlighted within senior management for consideration as part of wider organisational improvement and development activities.
Other Internal Audit Activity
5.19 During 2024/25, Internal Audit has continued to provide advice, support, and independent challenge to the organisation on risk, governance, and internal control matters across a range of areas. These include:
· Adult Social Care Debt Management Recovery;
· Commissioning of Supported Accommodation;
· Housing Health and Safety Regulations;
· Digital Cityclean Programme; and
· New England House.
And attendance at, and support to:
· Orbis Customer Board/Finance & Resources Lead Business Partners Meetings;
· Governance Assurance Meetings;
· Whistleblowing Co-ordination Meetings; and
· Leadership Network.
5.20 As well as actively contributing to, and advising these groups, we utilise the intelligence gained from the discussions to inform our own current and future work programmes to help ensure our work continues to focus on the most important risk areas.
Anti-Fraud and Corruption
5.21 During the year, the Internal Audit Counter Fraud Team continued to deliver both reactive and proactive fraud services across the organisation. Details of all counter fraud and investigatory activity, both proactive and reactive, have been summarised within a separate Counter Fraud Annual Report due to be presented alongside this Internal Audit Annual Report. Where relevant, the outcomes from this work have also been used to inform our annual internal audit opinion and future audit plans.
Amendments to the Audit Plan
5.22 In accordance with professional practice, the Internal Audit plan for the year was kept under regular review to ensure that the service continued to focus its resources in the highest priority areas based on an assessment of risk. All audits added to and removed from the plan are provided in Appendix D.
6. Internal Audit Performance
6.1 Public Sector Internal Audit Standards (PSIAS), replaced on 1 April 2025 by new Global Internal Audit Standards (GIAS), required the Internal Audit service to be reviewed annually against the Standards, supplemented with a full and independent external assessment at least every five years. The following paragraphs provide a summary of our performance during 2024/25, including the results of our latest independent PSIAS assessment, an update on our Quality Assurance and Improvement Programme and the year end results against our agreed targets.
6.2 Over the course of the year we have continued to receive positive feedback on a range of completed audit assignments from management within services. The following ‘word cloud’ identifies some of the key, positive phrases used to describe our service and that contributed to a 98% satisfaction rate being recorded in year:
PSIAS
6.3 The Standards cover the following aspects of internal audit, all of which were independently assessed during 2022 by the Institute of Internal Auditors (IIA):
· Purpose, authority, and responsibility;
· Independence and objectivity;
· Proficiency and due professional care;
· Quality assurance and improvement programme;
· Managing the internal audit activity;
· Nature of work;
· Engagement planning;
· Performing the engagement;
· Communicating results;
· Monitoring progress;
· Communicating the acceptance of risks.
6.4 As reported to Audit Committee in January 2023, Orbis Internal Audit has been assessed as achieving the highest level of conformance available against professional standards, with no areas of non-compliance identified. Our most recent self-assessment against the standards in 2023 found that this continued, with only minor areas for improvement identified. Work is currently underway to complete an updated self-assessment against the new global standards which will be reported to the committee during 2025/26.
Key Service Targets
6.5 Performance against our previously agreed service targets is set out in Appendix A. Overall, client satisfaction levels remain high, demonstrated through the results of our post audit questionnaires, discussions with key stakeholders throughout the year and annual consultation meetings with senior management.
6.6 Internal Audit will continue to liaise with the Council’s external auditors (Grant Thornton) to ensure that the Council obtains maximum value from the combined audit resources available.
6.7 In addition to this annual summary, the Corporate Leadership Team and the Audit, Standards and General Purposes Committee will continue to receive performance information on Internal Audit throughout the year as part of our quarterly progress reports and corporate performance monitoring arrangements.
Appendix A
Internal Audit Performance Indicators 2024/25
|
Aspect of Service |
Orbis IA Performance Indicator |
Target |
RAG Score |
Actual Performance |
|
Quality
|
Annual Audit Plan agreed by Audit Committee (2024/25) |
By end April |
G |
2024/25 Internal Audit Strategy and Annual Audit Plan formally approved by Audit and Standards Committee 16th April 2024. |
|
Annual Audit Report and Opinion (2023/24)
|
By end July |
G |
2023/24 Annual Report and Opinion presented to Audit, Standards & General Purposes Committee 25th June 2024 |
|
|
Customer Satisfaction Levels |
90% satisfied.
|
G |
98% |
|
|
Productivity and Process Efficiency |
Audit Plan – completion to draft report stage |
90% |
G |
93.5% |
|
Percentage of audit plan days delivered |
90% |
|
103.5% |
|
|
Compliance with Professional Standards |
Public Sector Internal Audit Standards |
Conforms |
G
|
Dec 2022 - External Quality Assurance completed by the Institute of Internal Auditors (IIA). Orbis Internal Audit assessed as achieving the highest level of conformance available against professional standards with no areas of non-compliance identified, and therefore no formal recommendations for improvement arising.
November 2023 - Updated self-assessment against the Public Sector Internal Audit Standards completed, the service was found to be fully complying with 319 of the standards and partially complying with 2 of the standards, in both cases proportionate arrangements remain in place.
November 2023 - Quality Review exercise completed; no major areas of non-conformance identified. The need to ensure consistency in the quality of the evidence contained within a small number of audit working papers was identified, this will be addressed at the auditor development days during 2024/25. |
|
|
Relevant legislation such as the Police and Criminal Evidence Act, Criminal Procedures, and Investigations Act |
Conforms |
G
|
No evidence of non-compliance identified |
|
Outcome and degree of influence |
Implementation of management actions agreed in response to audit findings |
95% for high priority agreed actions |
G |
97.1% |
|
Our staff |
Professionally Qualified/Accredited
|
80% |
G |
90%[2] |
Appendix B
Summary of Opinions for Internal Audit Reports Issued During 2024/25
Substantial Assurance:
(Explanation of assurance levels provided at the bottom of this document)
|
Audit Title |
|
Adult Social Care Service Agreements (Residential & Non-residential) - Follow Up |
|
Treasury Management |
|
Microsoft Teams Governance - draft |
Reasonable Assurance:
|
Audit Title |
|
Adult Social Care Financial Assessments - Follow Up |
|
Council Tax – Follow Up |
|
Health & Safety – Follow Up |
|
Parking Enforcement |
|
Information Governance (Subject Access Request & Freedom of Information Reporting Arrangements) |
|
System Change Control & Release Management (Patch Management) |
|
Cyber Security – Response and Resilience |
|
Early Help Services |
|
Apprenticeship Programme |
|
Accounts Payable |
|
Capital Programme – Budgetary Control |
|
Employment Checks – Right to Work |
|
Budget Management Effectiveness of Savings Targets – Follow Up |
|
CareLink – Follow Up |
|
Business Continuity Planning – Follow Up |
|
General Ledger |
|
Risk Management |
|
Payment Card Industry - Data Security Standards Governance Arrangements– Follow Up |
|
Housing Benefit and Council Tax Reduction |
|
Corporate Governance Policy Framework & Associated Guidance – Follow Up |
|
Housing Rents |
|
Mobile Phone Application Management - draft |
|
Balfour Primary School |
|
Queens Park Primary School – Follow Up |
|
Brunswick Primary School – Follow Up |
Partial Assurance:
|
Audit Title |
|
Accounts Receivable (Debtors) |
|
Corporate Governance Policy Framework & Associated Guidance |
|
Off Payroll Working (IR35) |
|
Fleet Management |
|
Direct Payments |
|
Housing Planned & Major Works |
|
Prepayment Vouchers - Huggg |
|
Housing - Property Asset Collection Controls |
|
Contract Management Compliance – Facilities & Buildings Services |
|
HR/ Payroll |
|
Home Purchase Scheme - draft |
|
Temporary Accommodation – Block Booked & Spot Purchase Payments- draft |
|
Attendance Management - draft |
|
Hove Park School |
|
Brunswick School |
|
Central Hub |
Minimal Assurance:
|
Audit Title |
|
None |
Non-Opinion:
|
Adult Social Care Debt Management & Recovery |
|
Commissioning of Supported Accommodation |
|
Housing Health & Safety Regulations |
|
Digital Cityclean Programme |
|
New England House |
Grant Certification:
|
Grant Title |
|
Library On Grant |
|
Supporting Families Programme Grant (4 Quarterly Reviews Q4 2023-24 to Q3 2024-25) |
|
Bus Subsidy |
|
Local Transport Capital Block Funding |
|
Traffic Signals Obsolescence Grant |
Audit Opinions and Definitions
|
Opinion |
Definition |
|
Substantial Assurance |
Controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
|
Reasonable Assurance |
Most controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
|
Partial Assurance |
There are weaknesses in the system of control and/or the level of non-compliance is such as to put the achievement of the system or service objectives at risk. |
|
Minimal Assurance |
Controls are generally weak or non-existent, leaving the system open to the risk of significant error or fraud. There is a high risk to the ability of the system/service to meet its objectives. |
Appendix C
2024/25 Audit Plan – Audits in Progress at Year-End
|
Audit Title |
Status |
|
Transition Of Local Enterprise Partnership |
Fieldwork in progress |
|
Inclusion Support Service |
Fieldwork in progress |
|
Public Health Contract Management |
Fieldwork in progress |
|
Home Care Contract Management |
Fieldwork in progress |
|
Accounts Receivable |
Fieldwork in progress |
|
Brighton Centre - Cultural Compliance |
Fieldwork in progress |
|
IT &D Project Management |
Fieldwork in progress |
|
Supply Chain Cyber Security |
Fieldwork in progress |
|
Hove Park School – Follow up |
Fieldwork in progress |
|
St Andrews School |
Fieldwork in progress |
|
Home Purchase Scheme |
Draft report |
|
Attendance Management |
Draft report |
|
Temporary Accommodation Block Booked and Spot Purchase Payments |
Draft report |
|
Mobile Phone Application Management |
Draft report |
|
Microsoft Teams Governance |
Draft report |
Appendix D
Audits added to and removed from the plan during 2024/25.
Audits Added:
|
Rationale for Addition |
|
|
General Ledger |
The audit was deferred from 2023/24 and was included to provide assurance before the development and implementation of updates to back-office systems. |
|
Building Health & Safety Regulations Housing |
Provided advice work around new building regulations and progress towards compliance. |
|
Property Asset Collection Controls in Housing |
Included to provide assurance that appropriate controls are in place following an incident where cash was found during clearance of a Council owned property. |
|
Payment Card Industry Data Security Standards follow up |
Follow up audit was required following partial assurance audit opinion in 2023/24 |
|
Transition of Local Enterprise Partnership |
To provide assurance that the transition of the Local Enterprise Partnership has robust governance arrangements in place during and following the transfer of responsibilities and assets to Local Authorities. |
|
New England House |
Request from the Chief Executive to provide a lessons learnt review following the decision to temporarily close New England House, a Council owned property hosting business tenants, due to concerns regarding fire safety. |
|
Temporary Accommodation Block Booked and Spot Purchase Payments |
Following a whistleblowing allegation the objective of this focussed review was to provide assurance that the controls for payments, reconciliations and overpayments for suppliers of interim accommodation are in place and are operating as expected. |
|
Accounts Receivable (Debtors) |
To review the processes and key controls relating to the accounts receivable system. This audit was added to the plan following the earlier partial assurance opinion. |
Audits Removed/Deferred:
|
Audit Title |
Rationale for Removal |
|
Property Maintenance Budget |
Replaced by contract management compliance audit (already in the 2024/25 audit plan) for property services. |
|
Complex Care Placements for Children, Health, SEN & Disabilities |
Removed from the plan for 2024/25. Will be considered as part of a wider review of commissioning for future audit plans. |
|
This audit has been deferred to the 2025/26 audit plan to allow time for a review of posts held in the human resources system (PIER) which require this check. |
|
|
With the deferral of implementation of new contract standing order regulations this review will be included in the 2025/26 audit plan. |
|
|
Adult Social Care Joint Funding Arrangements |
Removed from the plan for 2024/25 due to resource constraints delaying its progress and agreement that this was not a key risk area. This area of review will be considered for future audit plans. |
|
Artificial Intelligence |
This audit has been deferred to the 2025/26 audit plan to allow the authority to introduce new policy, procedures and governance arrangements relating to the use of Artificial Intelligence. |
|
IT Asset Records Management |
Removed from the plan as it was superseded by higher priority audits. This area of review will be considered for future audit plans. |