Agenda item

Report attached.

Each year the Internal Audit & Corporate Risk Manager prepares for the Committee’s approval a summary of the results of work completed by the Internal Audit team during the preceding year, as well as an opinion on the system of internal control.

In 2012/13 two key issues were identified. The first related to Organisational Change. As in 2011/12 many of the control weaknesses identified could be attributed to the pace of organisational change. The pace of change had been fast in some areas and although this had brought benefits to the organisation the changes had impacted on the system of internal control. Significant savings had been achieved in ‘back office’ or Corporate teams where control activity historically occurred.

While more reliance was being put on Managers to ensure controls were adequate and compliance was being adhered to there was a reasonable expectation that managers could, in turn, rely on a solid infrastructure of information to guide them in the right direction.  However due to the pace of change in the organisation this had often meant that this infrastructure was out of date and / or difficult to navigate.  A number of audit recommendations had been raised in this regard in 2012/13.

For example;   

Ø    The Intranet was not always as up to date or the information required could be difficult to locate;

Ø    Policies, procedures and guidance in some areas were out of date and reference to processes that were no longer relevant;

Ø    Corporate expectations were not always clear, outlined or enforced and consequences for non-compliance were not made explicit or acted upon;

Ø    Where there were corporate expectations these were not always supported by enforcing mandatory training;

Ø    Lack of clarity surrounding roles and responsibilities; and

Ø    The move to self-service and the reduction in resources as a result of restructures/savings had led to quality checks being removed that were previously considered key controls.

The second key issue was Oracle. Various recommendations pertinent to Oracle had been made during 2012/13; some of which had been implemented during the year. However a number of these recommendations had not been implemented due to the One Oracle programme.  As One Oracle covered a number of the key financial systems, which were material to the Statement of Accounts, management were advised that there were risks within the current control environment and management had accepted these risks. 

Efficiency of the control environment had been a focus for 2012/13 for the team as reduced capacity meant that efficiency would be key to maintaining a robust system of internal control.  The One Oracle programme had provided some opportunities to develop system controls within modules as well as via a new module called Governance Risk Control Compliance.  Although the implementation of new systems in 2013/14 would impact the systems of internal control in the short term this should be outweighed by longer term benefits.

The issues detailed above had been considered as part of the process to produce the 2012/13 Annual Governance Statement.  These issues had been considered during the Annual Audit Planning Process and would also be picked up within individual audits as applicable during 2013/14.

The Committee noted the report.