Agenda item

Report attached.

Officers advised the Committee that the Accounts and Audit Regulations required the Council to undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account the Public Sector Internal Auditing Standards (PSIAS) or guidance.

Internal audit was a key component of corporate governance within the Council.  The three lines of defence model, as detailed below, provided a simple framework for understanding the role of internal audit in the overall risk management and internal control processes of an organisation:

•           First line – operational management controls

•           Second line – monitoring controls, e.g. the system’s owner

•          Third line – independent assurance (Internal audit forms the Council’s third line of defence)

An independent internal audit function would, through its risk-based approach to work, provide assurance to each Council’s Audit Committee and senior management on the riskier and more complex areas of the Council’s business, allowing management to focus on providing coverage of routine operations.

The work of internal audit was critical to the evaluation of the Council’s overall assessment of its governance, risk management and internal control systems, and formed the basis of the annual opinion provided by the Head of Assurance which contributed to the Annual Governance Statement.  It could also perform a consultancy role to assist in identifying improvements to the organisation’s practices.

Officers of the Assurance Service had been involved in work with the Section 151 Officer and with senior management to update the Corporate Risk Register.  Horizon scanning work had already taken place with Heads of Audit, and through the Croydon Framework to identify common risk and audit themes.  These, along with manager requests and audit cumulative knowledge and experience, had formed the basis of the plan. Combined plans had been compiled for the three oneSource member councils.  These identified target resources and some common audit themes.  These allowed for some efficiency to be driven by utilising acquired skills across boroughs where there were common risks. However, each borough had its own unique objectives and approach to achieving these and these would be audited individually.  

The plan was exclusive of Counter Fraud investigations but there was provision for Internal Audit staff to support Counter Fraud work across the 3 authorities on system related work.  This a statement of intent and could be revised or amended at any time should higher priority risks or issues be identified, and there was provision to address emerging risk.

The work of the oneSource Internal Audit Team was underpinned by the Audit Charter and Strategy. This had been revised and updated and is attached as an Appendix to these minutes.

The Committee raised questions around the number of hours allocated to each of the three councils and OneSource. Officers explained that the allocation was based on the historical numbers of hours each Council had allocated prior to the creation of oneSource. The intention was that after the first two years the allocation would be reviewed to ensure an equitable allocation. The oneSource Management team had reviewed the number of hours required for oneSource work, across shared services and were satisfied with the allocation.

The Committee approved the Audit Plan, Charter and Strategy.