Agenda item

Report by the Chief Internal Auditor (AG5).

This report presents the Internal Audit progress report for 2015/16 and the Internal Audit Strategy for 2016/17 including the first quarter's plan.

The Committee is RECOMMENDED to:

(a)          note the progress with the 15/16 Audit Plan, 15/16 Compliance Plan, 15/16 Counter Fraud Plan and the outcome of the completed audits;

(b)         approve the interim Internal Audit Strategy for 2016/17 and the Q1 Plan; and

(c)          agree the 2016/17 performance indicators.

The Committee had before them a report (AG5) which presented the Internal Audit progress report for 2015/16 and the Internal Audit Strategy for 2016/17 including the first quarter's plan.

In introducing the report, Mr Dyson explained that during 2015/16 Internal Audit was restructured and three distinctive teams were created with the aim of: protecting the role and independence of an Internal Audit Service; to provide a clear strategy and resource for the management of Counter-Fraud; and, to create capacity to manage the corporate responsibility for Risk Management and a new a Business Assurance function. All three functions came under the management of the Chief Internal Auditor.

The key outcome of the change was to provide a structure that could contribute to and report on the Council's combined assurance that ensured the effectiveness of the governance, risk management and the system of internal control.

During 15/16 the Chief Internal Auditor post was shared under collaboration with Buckinghamshire County Council; however this arrangement would be ceasing in quarter 1 of 2016/17. The Council was facing a huge change agenda over the foreseeable future and as a result the Head of Paid Service and the Chief Finance Officer decided to end the collaboration for sharing the Chief Internal Auditor post, and therefore with effect from 1 June 2016, he would be returning full time. The collaboration had been very successful, and the decision was not made lightly, however it was necessary to have the extra capacity to support the change agenda.

From April 2016, the Chief Finance Officer had changed the roles and responsibilities within her Senior Management Team, including those of Ian Dyson, who held the role of Chief Internal Auditor. A new post of Assistant Chief Finance Officer (Assurance) had been created and was being undertaken by Ian Dyson. This role retained senior manager responsibility for Internal Audit, Counter Fraud and Risk Management, but also covered responsibility for operational finance functions, and corporate responsibility for the system of financial control including the procure to pay and order to cash systems. In this new role, Ian Dyson would also be the nominated deputy to the Chief Finance Officer, with the exception of the legal role of S151 Officer, where Sarah Fogden would have the responsibility of interim Deputy S151 Officer. It was expected this change would coincide with the cessation of the collaboration with Buckinghamshire County Council; however it was not possible to extend the contract of the Interim Deputy Chief Finance Officer beyond 31 March 2016, so the change was made effective from April 2016.

The wider remit of the Assistant Chief Finance Officer role clearly conflicted with the “independence” requirement of a Chief Internal Auditor, so whilst Ian Dyson would retain line management responsibility for the Internal Audit Service, he had relinquished the role of Chief Internal Auditor effective from 1 April 2016. As the change occurred earlier than expected interim arrangements had been agreed for the role of Chief Internal Auditor. That responsibility and the authority afforded to that post holder as set out in the Chief Internal Auditor Protocol had been assigned to Sarah Cox, Audit Manager, until options for a permanent arrangement had been considered. In relation to the Audit Plan, Mr Dyson reported that since the last report there had been five further amendments to the plan. The first was an additional piece of work, which was requested by Adult Social Care, to undertake a full review of a specific Service User's case following identification of issues with the Direct Payment. The second was to extend the counter-fraud review of a sample of procurement cards to also a full audit of the design and operation of the controls following the transfer of the procurement card administration to Hampshire IBC. There had been a further three audits removed from the Audit Plan.

In the last report, it was explained that the underspend within Internal Audit's budget that was to be used during Q4 to buy external resource to support the delivery of the audit plan was not going to be utilised in light of the Council's current financial position. This had resulted in reducing the number of audits in the plan for 2015/16. Prioritisation during quarter 4 has been given to the material financial systems and processes, following the move to Hampshire IBC and also the implementation of the new Adult Social Care IT system. Due to the complexity and level of testing the planned activity has continued into Q1 of 2016/17.

The assurance mapping for key services across all three Directorates was in progress, and the first draft of output for CEF and SCS Directorates was due to be validated by the Directorate Leadership Teams by the end of April 2016. The assurance mapping process had been developed throughout the exercise.

In addition to the work completed on counter-fraud within the Internal Audit Team, Oxford City continued to provide counter-fraud support, both reactive and proactive fraud work. There had also been 7 audits concluded since the last update and these had been summarised in Appendix 4 to the report. The completed audits were as follows:

EE (ICT) Commissioning of ICT Services  - Status Green

EE Highways Contract - Payments - Status Amber

OFRS Gartan Payroll (On call Fire Service System) Status Green

CEF - Thriving Families Winter Claim - N/A

CEF - Social Care Payments – status Amber

Corporate - Procurement Cards (combined audit and counter fraud review

Status Red

CEF - Children’s Social Care Management Controls - Missing Children Processes- Status Amber

Corporate      Key Financial Processes (Design of Controls):

-          Accounts Receivable - Red                                              

-          Banking and Cash Receipting - Red

-          Petty Cash - Amber

-          Procure to Pay - Red

-          Payroll - Amber

-          Main Accounting - Amber

Business Data Upload Application - Red           

Members of the Committee raised concerns over paragraph 19 of the report and questioned how it could have happened.  Mr Dyson explained that ‘how’ it happened was currently being further investigated by the Police, but that additional controls had been put it place the moment the issue had been discovered.

In relation to contracts, Members sought assurance that adequate resource had been given to Environment & Economy contract payments.  In response Mr Dyson reported that a project (waterfall) would be implemented in June/July, although an issue remained around the ability for staff to see what had been paid.

In relation to the overall Audits, members pointed out that only 2 out of the 7 audits had been green and queried whether enough resource was being allocated within this area.  Ms Cox assured members that adequate resourcing was being given to the Audits and that the team could assure the Committee that robust systems would be in place.

RESOLVED:  to:

(a)          note the progress with the 15/16 Audit Plan, 15/16 Compliance Plan, 15/16 Counter Fraud Plan and the outcome of the completed audits;

(b)          approve the interim Internal Audit Strategy for 2016/17 and the Q1 Plan; and

(c)          agree the 2016/17 performance indicators.