Click here to view a recording of this item on You Tube
The Internal Audit Manager presented the report which provided the proposed Strategic Audit Plan for 2022/23 to 2025/26, the Annual Internal Plan for 2022/23 and the revised Internal Audit Charter. The plan would provide the basis for the Annual Audit Opinion on the overall adequacy and effectiveness of the Council’s framework of governance risk management.
The Committee’s attention was drawn to the following key sections of the report/plan:
· 1.4 - Public Sector Internal Audit Standards (PSIAS) – process of drafting the plan.
· 2 - Internal Audit Charter.
· 3 – Strategic Internal Audit Plan.
· 4 – Annual Internal Audit Plan – 2022/23 total 227 audit days and w0 internal audit reviews would be completed, three of which covered IT processes. Further detail set out in Appendix 3.
· 4.3 – Risk Maturity.
· 4.6 – IT Audit Resource.
· Appendix 1 – Internal Audit Charter
· Appendix 2 – Strategic Internal Audit Plan which set out the four year programme.
· Appendix 3 – Annual Internal Audit Plan 2022/23.
In response to questions from Councillor Jones on the number of days allocated for IT network and infrastructure and security (10 days 2022/23) and no further dates scheduled to deal with any evolving issues, the Internal Audit Manager explained that for 2022/2023 10 days had been allocated and for 2023/2024 and the following year days had been allocated for cyber security due to the medium risk raised, 2024/2025 and 2025/2026 had been left blank at this stage to carry out a risk assessment on annual basis to understand significant risks faced as that time. Internal Audit was aware that the team needed to be flexible in their approach and the Committee should see targeted coverage planned yearly rather than the 4 year programme.
Following further questions from Councillor Jones of training an employee in the Internal Audit in-house team rather than placing reliance on a co-sourcing arrangement, the Internal Audit Manager explained that this was being discussed and a report would be presented to the Council’s Management Team for a decision.
In response to questions from Councillor Morley on the 2021/2022 Internal Audit Plan and the audit trail in relation, the Internal Audit Manager explained that an update was not included within this agenda but the year-end option with the full internal audit plan would be delivered and a summary setting out the assurance gradings, etc. would be presented to the next meeting of the Audit Committee.
The Internal Audit Manager provided clarification on COBIT relating to IT audits.
Councillor Morley asked when the progress on the 9 recommendations the Committee endorsed in November 2021 would be reported. In response, the Internal Audit Manager explained that the risk maturity assessment had been completed , the results of which had been included in the paper and a full report with recommendations would need be worked on and be presented at the next meeting. The Committee was informed that an update on the November 2021 PSIAA paper was scheduled for August 2021 meeting.
The Chair thanked the Internal Audit Manager for presenting the Strategic and Annual Internal Audit Plans.
RESOLVED: 1) The Audit Committee approved the Audit Charter.
2) The Audit Committee considered each audit area for the year ahead and approved the plan of work for 2022/2023, subject to the Internal Audit Manager’s response to the questions raised in an email from Councillor Morley.