Internal Audit Annual Report 2019/20
Purpose of Report
Under the terms of the Accounts and Audit (Wales) Regulations 2014 Part 3 5. (2), the North Wales Fire and Rescue Authority (the Authority) is required annually to conduct a review of the effectiveness of its system of Internal Control. Internal Audit is an integral part of that system, and is a significant contributor to the preparation of the Annual Governance Statement.
CIPFA’s Public Sector Internal Audit Standards 2017 require the Head of Internal Audit to provide the Audit Committee with assurance on the whole system of internal control, including the adequacy of risk management and corporate governance arrangements.
The report analyses the work of the Internal Audit Service for 2019/20 and contains the assurance statement based on the work of Internal Audit during the year ended March 2020.
Executive Summary
The Head of Internal Audit is able to provide assurance to the Audit Committee, based on the internal audit work undertaken, together with our maintained knowledge of the organisation and its procedures, that the Authority has effective corporate governance, risk management and internal control arrangements to manage the achievement of the Authority’s objectives.
The report identifies that 50 days of Internal Audit work was performed during 2019/20, in accordance with the planned allocation.
The audit reviews provide a positive level of assurance upon the adequacy of the systems of internal control in place, although 12 recommendations have been made in the year to address some weaknesses. A formal follow up process is in place to ensure that the recommendations are implemented within agreed timescales.
The work of Internal Audit has not identified any weaknesses that would qualify this opinion and there are no significant issues that are relevant to the preparation of the Annual Governance Statement.
The report also provides assurance that the Internal Audit Service operates in compliance with the UK Public Sector Internal Audit Standards to enable the Authority to take assurance from this opinion.
Recommendations
It is recommended that Members note the content of the Head of Audit and Procurement’s Annual Report and the overall ‘opinion’ upon the adequacy and effectiveness of the Authority’s framework of governance, risk management and control.
Background
The Role of Internal Audit
Under the terms of The Accounts and Audit (Wales) Regulations 2014, Fire Authorities have a statutory responsibility to maintain “an adequate and effective system of internal audit.”
The role of Internal Audit Services is to provide management with an objective assessment of whether systems and controls are working properly. It is a key part of the organisation’s internal control system because it measures and evaluates the adequacy and effectiveness of other controls so that:
- The Audit Committee and senior management are aware of the extent to which they can rely on the whole system; and
- Individual managers are aware of how reliable are the systems and controls for which they are responsible.
The internal control system comprises the whole network of systems and controls established to manage the Authority, to ensure that its objectives are met. It includes financial and other controls and also arrangements for ensuring that the Authority is achieving value for money from its activities.
In accordance with the Public Sector Internal Audit Standards the Head of Audit is required to deliver an annual internal audit opinion and report that can be used by the Authority to inform its governance statement.
Information
Internal Audit Opinion 2019/20
I am satisfied that internal audit work undertaken, together with our maintained knowledge of the organisation and its procedures allow me to draw a reasonable conclusion as to the adequacy and effectiveness of the Authority’s risk management, control and governance processes.
It is my opinion that the Authority has adequate and effective control processes to manage its achievement of the Authority’s objectives for the 12 month period to 31st March 2020.
In giving an audit opinion, it should be noted that assurance can never be absolute. The most that the Internal Audit Service can provide to the Audit Committee is a reasonable assurance based upon the work undertaken in that year, that there are no major weaknesses other than those identified.
In addition, in arriving at our opinion, we have taken into account:
- The results of all audits undertaken during the year ended 31st March 2020;
- The results of follow-up action taken in respect of audits from previous years;
- Whether any High or Medium category of recommendations have not been accepted by management and the consequent risks;
- The effects of any material changes in the Authority’s objectives or activities;
- Matters arising from previous reports to the Executive Panel or Audit Committee; and
- The resource constraints placed upon Internal Audit that have impinged on the Service’s ability to meet the full internal audit needs of the Authority.
The overall audit opinion may be used in the preparation of the Annual Governance Statement.
Summary of Work Supporting the Audit Opinion 2019/20
A schedule giving an audit opinion of the adequacy and effectiveness of internal control processes and a summary of the key messages in respect of all the audit assignments undertaken during 2019/20 is attached at Appendix A.
The schedule summarises the audit opinions and number of recommendations made in respect of each area reviewed, which form the basis of the assurance given to Audit Committee of the overall adequacy and effectiveness of the Authority’s governance, risk management and internal control frameworks for 2019/20.
Where relevant, internal audit reports are categorised to give an audit opinion of the internal control environment for that particular system or establishment. The audit opinions on the assignments are categorised as follows:
- High Assurance
- Satisfactory Assurance
- Limited Assurance
- No Assurance
In support of the audit opinions, the recommendations made during the year have been categorised as Critical, Major, Moderate and Minor, in accordance with the way in which the Authority assesses and measures risk.
22 Two audit reports and consultancy work was completed during the year covering:
- Fleet Management – A review was undertaken to ensure procedures are in place with regard to the registration, licensing and insurance of vehicles, fleet inventory records, stock control, ordering of works, goods and services, planned maintenance and MOTs, vehicle disposals and acquisitions and driver license checks. The audit made 12 recommendations and provided a Satisfactory level of assurance.
- National Fraud Initiative – NFl is a comprehensive and thorough ‘data matching’ exercise organised by the Cabinet Office in partnership with Audit Wales. The exercise identified 465 data matches, 132 of which were investigated on a judgemental sampling basis. There were no significant issues arising from the investigations, which provides a High level of assurance that the systems of internal control are working well and that frauds and irregularities are being minimized. The exercise also assists to strengthen anti-fraud and corruption arrangements and instil an anti-fraud culture.
- Payroll – ITrent Implementation – Internal Audit has been involved on a consultancy basis in the implementation of a new ITrent Payroll System; the work is still ongoing at the year end with a number of issues still to be resolved.
The outcome of each audit and the evaluation of the adequacy of the internal control environment is based on the number of recommendations and their risk rating. All audits undertaken during the year were assessed as providing positive levels of assurance.
To address the weaknesses identified during the Fleet audit review, 12 recommendations have been made. Action plans were agreed to address the recommendations made.
To comply with CIPFA’s Public Sector Internal Audit Standards a formal follow up process is in operation within the Section to confirm that the recommendations made in Internal Audit reports have been implemented by management within agreed timescales. A follow up audit will normally take place six months after the issue of the final report.
A schedule of the follow up audits conducted during 2019/20 is attached at Appendix B. It demonstrates the number of recommendations accepted and subsequently implemented by management in each area and reveals changes that impact on the original audit opinion. It is evident that there was a significant improvement in the levels of internal control in relation to the Creditors (P2P) and Income and Debtors audits completed in 2018/19. The Purchase Cards follow up was in progress at the time of the COVID19 lockdown and will be completed in 2020/21.
During 2019/120 50 audit days were provided, in accordance with the planned allocation of 50 days as indicated in the annual audit plan. A summary of audit activity is attached at Appendix C and shows the planned allocation of audit resources in terms of man days over departments and services and compares actual work done for 2019/20 with the plan.
In accordance with the Public Sector Internal Audit Standards, the plan needs to be flexible to be able to reflect and respond to the changing risks and priorities of the Authority. The plan was reviewed during the year and updated as necessary. The Grant Income 2018/19 audit was delayed at the request of the Head of Finance; the way that grant income is recorded in the ledger has changed as a result of comments previously made by Wales Audit and 2019/20 was a period of transition in the method of reporting.
Compliance with Public Sector Internal Audit Standards
Internal Audit employ a risk-based approach to determining the audit needs of the Authority at the start of the year and use a risk based methodology in planning and conducting our audit assignments. The work of Internal Audit Services has been performed in compliance with the UK Public Sector Internal Audit Standards 2013.
The Internal Audit Service has developed a Quality Assurance and Improvement Programme (QAIP), which covers all aspects of internal audit activity and enables conformance with all aspects of the PSIAS to be evaluated.
The Public Sector Internal Audit Standards (PSIAS) became effective from 1st April 2013 and introduced a requirement for an external assessment of all internal audit services, which must be conducted at least once every five years by a qualified, independent reviewer from outside of the organisation. Wrexham County Borough Council’s (WCBC) Service Manager – Audit and Technical performed the assessment in November 2016. The Institute of Internal Auditor’s suggest a scale of three ratings, ‘Generally Conforms,’ ‘Partially Conforms’, and ‘Does Not Conform.’ The external assessors’ overall opinion is that the Internal Audit Service generally conforms with the PSIAS and Code of Ethics in all significant areas and that it operates independently and objectively.
IMPLICATIONS
Wellbeing Objectives - This report links to the Authority’s long-term well-being objective which is “To facilitate high quality, responsive and better integrated fire and rescue services so that prevention activity and emergency response can continue to be available when and where required, affordably, equitably and on the basis of risk.”
Budget - Internal Audit Services is provided as part of an SLA and within budget constraints.
Legal - N/A
Staffing - N/A
Equalities/Human Rights/Welsh Language - N/A
Risks - The Statement of Assurance is submitted in compliance with the Accounts and Audit Regulations and the Public Sector Internal Audit Standards. Without such assurance from the Head of Internal Audit Services, Members would be unaware of the adequacy and effectiveness of the corporate governance, risk management and internal control arrangements and the Authority’s associated ability to achieve its objectives. Any significant issues or weaknesses identified by Internal Audit would not be considered in the preparation of the Annual Governance Statement.