Agenda item

2.15 pm

Annual Report by Chief Internal Auditor

The report summarises the outcome of the Internal Audit work in 2021/22 and provides an opinion on the Council's System of Internal Control. The opinion is one of the sources of assurance for the Annual Governance Statement.

The Audit and Governance Committee is RECOMMENDED to consider and endorse the annual report.

The Audit & Governance Committee considered a report by the Chief Internal Auditor summarising the outcome of the Internal Audit work carried out in 2021/22 and providing an opinion on the Council's System of Internal Control. The opinion was one of the sources of assurance for the Annual Governance Statement.

It was recommended that the Audit and Governance Committee consider and endorse the annual report.

Tessa Clayton, Audit Manager, Oxfordshire County Council, presented the report.

In the subsequent discussion, the following points were raised.

(a)  Referring to the overall opinion of “satisfactory assurance” regarding Oxfordshire County Council’s control environment and the arrangements for governance, risk management and control, it was proposed that there were some items which were not satisfactory, as indicated by their RAG (Red Amber Green) rating, including –

(i)    Well-Being and Sickness Management

(ii)  Facilities Management: cleaning asset management (and the short-term measures being adopted to address areas of concern – page 35 of the report)

(iii) Internal Audit Performance (Pages 35 & 36 of the report):

·       Actual performance for 2021/22 compared with performance targets;

·       Issuing of draft and final reports;

·       Below target performance for agreed management actions implemented within the agreed timescales;

·       Customer Satisfaction Questionnaires: the scoring system for levels of satisfaction was not clear; and

·       Director satisfaction with internal audit work: 2021 review to be completed in 2022/23.

(iv)Appendix 1: Overall Conclusion and Management Action Implementation Status of 2021/22 Audits

·       Differences in RAG ratings, for example: Payment Card Industry Data Security Standard (PCI-DSS): Green RAG rating; compared with –

§  IT “business as usual” Change Management: Amber RAG rating; and

§  Pensions Administration: Green RAG rating notwithstanding Reported Implementation Status as of 25 April 2022; and

·       Section 106 – Spend: Amber RAG rating – should this be Green?

The Chair noted that RAG ratings were determined according to priority and implementation.

Lorna Baxter, Director of Finance, noted that the RAG rating in the column in the table headed “Conclusion” was the rating for the status of the Audit.

(b)  Under the section headed “Opinion on Systems of Internal Control: basis of the audit opinion” on page 30 of the report, it was noted that the absence of a Senior Auditor who was on a long-term leave of absence appeared to have a disproportionate effect on the effectiveness of the service.

(c)   In Paragraph 41 of the report under the heading “Internal Audit Performance Caps”, officers clarified what was meant when it was stated that –

“The performance for the issue of draft reports has stayed the same as the previous year, however for the issue of finals this had reduced. We have reported in year to the committee that this was due to a positive reason whereby Corporate Directors, Senior Manager are now fully engaged in the audit report process and there is additional time needed now to fully engage with everyone and ensure a robust and quality management action plan is developed.”

(d)  The Chair proposed that the references to Section 106 Spend 2021/22 in Appendix 3: Summary of Completed 2021/22 Audits since the last reported to the Audit and Governance Committee – January 2022, be referred to the Audit Working Group.

(e)  Regarding the Red RAG rating for the Facilities Management – Cleaning Asset Management, Members were informed that, last year, the Council’s Property Team was in the throes of a transformation programme which ended in January 2022, and which included a new Management Team.

The new Management Team were concerned about key aspects of the service and commissioned two audits of the service. In response to the audits which identified issues of concern, both short-term and long-term measures were put in place to address these concerns, including asset and stock control. In addition, a new security contract had been issued and new cameras and monitoring systems had been installed.

(f)    Regarding IT security referred to on Pages 49 & 50 of the report under the subheading “IT Data Centre 2021/22” and, specifically, the ultimate paragraph on page 50 where it stated –

“The contract states that the supplier should maintain a business continuity plan which should be tested at least annually. We found that evidence of this has not been confirmed to provide assurance that the supplier has effective arrangements to recover services in the event of a major incident at their site.”

Officers stated that the audit of the IT Data Centre was carried out by IT auditors and it would be necessary to refer any questions about assurances regarding arrangements to recover services in the event of a major incident back to the auditor.

ACTION: SC & TC to seek clarification from the IT auditors regarding assurances in respect of arrangements to recover services in the event of a major incident.

(g)  Regarding the Section 106 Monies referred to on Page 44 of the report under the subheadings “Reconciliation of Expenditure” and “Monitoring of Long Stops”, officers stated that, regarding –

(i)    The reference to the Council having incurred costs without obtaining funds, officers would have to check whether the funds had been obtained before being able to confirm the accuracy of the statement; and

(ii)  Officers were not aware of any loss of section 106 monies in recent years because of longstop clauses,

ACTION: GC to confirm the status of section 106 monies received and section 106 monies lost because it was not spent and/or allocated accordingly.

(h)  Regarding the Garton Payroll & HR Processes 2021/22 referred to on Page 45 of the report, it was noted that this was the system used by the Fire Brigade and that it was unique to them.

(i)    Responding to a Member’s question regarding Procurement on Page 60 of the report, under the subheading “Cleaning Services Asset Management 2021/22”, the Chair noted there would be a report to the Committee on procurement matters and that this was a matter that might be referred to the Audit Working Group.

(j)    Regarding the operation of the assurance processes as a Member of the Hampshire Partnership, as set out in Paragraph 49 of the report, Dr Jones, Chair of the Audit Working Group, clarified how this worked in practice.

At this stage, the Chair drew the discussion to a close and proposed that the Committee moved to the recommendation set out at the start of the report.

RESOLVED: That the Committee endorse the annual report.