Internal Audit Annual Report 2020/21
PURPOSE OF REPORT
1 Under the terms of the Accounts and Audit (Wales) Regulations 2014 Part 3 5. (2), the North Wales Fire and Rescue Authority (the Authority) is required annually to conduct a review of the effectiveness of its system of Internal Control. Internal Audit is an integral part of that system, and is a significant contributor to the preparation of the Annual Governance Statement.
2 CIPFA’s Public Sector Internal Audit Standards 2017 require the Head of Internal Audit to provide the Audit Committee with assurance on the whole system of internal control, including the adequacy of risk management and corporate governance arrangements.
3 The report analyses the work of the Internal Audit Service for 2020/21 and contains the assurance statement based on the work of Internal Audit during the year ended March 2021.
EXECUTIVE SUMMARY
4 The Head of Internal Audit is able to provide assurance to the Audit Committee, based on the internal audit work undertaken, together with our maintained knowledge of the organisation and its procedures, that the Authority has effective corporate governance, risk management and internal control arrangements to manage the achievement of the Authority’s objectives.
5 There was a planned allocation of 50 days and the report identifies that 48 days of Internal Audit work was performed during 2020/21. As a result 2 days will be carried forward into 2021/22, increasing the allocation to 52 days.
6 The audit reviews provide a positive level of assurance upon the adequacy of the systems of internal control in place, although 14 recommendations have been made in the year to address some weaknesses. A formal follow up process is in place to ensure that the recommendations are implemented within agreed timescales.
7 The work of Internal Audit has not identified any weaknesses that would qualify this opinion and there are no significant issues that are relevant to the preparation of the Annual Governance Statement.
8 The report also provides assurance that the Internal Audit Service operates in compliance with the UK Public Sector Internal Audit Standards to enable the Authority to take assurance from this opinion.
RECOMMENDATIONS
9 The Committee should note the content of Head of Audit and Procurement’s Annual Report and the overall ‘opinion’ upon the adequacy and effectiveness of the Authority’s framework of governance, risk management and control.
BACKGROUND
The Role of Internal Audit
10 Under the terms of The Accounts and Audit (Wales) Regulations 2014, Fire Authorities have a statutory responsibility to maintain “an adequate and effective system of internal audit.”
11 The role of Internal Audit Services is to provide management with an objective assessment of whether systems and controls are working properly. It is a key part of the organisation’s internal control system because it measures and evaluates the adequacy and effectiveness of other controls so that:
• The Audit Committee and senior management are aware of the extent to which they can rely on the whole system; and
• Individual managers are aware of how reliable are the systems and controls for which they are responsible.
12 The internal control system comprises the whole network of systems and controls established to manage the Authority, to ensure that its objectives are met. It includes financial and other controls and also arrangements for ensuring that the Authority is achieving value for money from its activities.
13 In accordance with the Public Sector Internal Audit Standards the Head of Audit is required to deliver an annual internal audit opinion and report that can be used by the Authority to inform its governance statement.
INFORMATION
Internal Audit Opinion 2020/21
14 I am satisfied that internal audit work undertaken, together with our maintained knowledge of the organisation and its procedures allow me to draw a reasonable conclusion as to the adequacy and effectiveness of the Authority’s risk management, control and governance processes.
15 It is my opinion that the Authority has adequate and effective control processes to manage its achievement of the Authority’s objectives for the 12 month period to 31st March 2021.
16 In giving an audit opinion, it should be noted that assurance can never be absolute. The most that the Internal Audit Service can provide to the Audit Committee is a reasonable assurance based upon the work undertaken in that year, that there are no major weaknesses other than those identified.
17 In addition, in arriving at our opinion, we have taken into account:
• The results of all audits undertaken during the year ended 31st March 2021;
• The results of follow-up action taken in respect of audits from previous years;
• Whether any Critical or Major category of recommendations have not been accepted by management and the consequent risks;
• The effects of any material changes in the Authority’s objectives or activities;
• Matters arising from previous reports to the Executive Panel or Audit Committee; and
• The resource constraints placed upon Internal Audit that have impinged on the Service’s ability to meet the full internal audit needs of the Authority.
18 The overall audit opinion may be used in the preparation of the Annual Governance Statement.
Summary of Work Supporting the Audit Opinion 2020/21
19 A schedule giving an audit opinion of the adequacy and effectiveness of internal control processes and a summary of the key messages in respect of all the audit assignments undertaken during 2020/21 is attached at Appendix A.
20 The schedule summarises the audit opinions and number of recommendations made in respect of each area reviewed, which form the basis of the assurance given to Audit Committee of the overall adequacy and effectiveness of the Authority’s governance, risk management and internal control frameworks for 2020/21.
21 Where relevant, internal audit reports are categorised to give an audit opinion of the internal control environment for that particular system or establishment. The audit opinions on the assignments are categorised as follows:
High Assurance
Satisfactory Assurance
Limited Assurance
No Assurance
In support of the audit opinions, the recommendations made during the year have been categorised as Critical, Major, Moderate and Minor, in accordance with the way in which the Authority assesses and measures risk.
22 As a result of the Covid-19 pandemic and in response to government advice and restrictions, Internal Audit ceased all on site work, staff worked from home and continued to make progress, whilst working and engaging with clients remotely. Internal Audit tried to ensure that audit work did not have a detrimental impact upon clients at a time when Services were stretched and focused on dealing with COVID-19. Two audit reports and consultancy work was completed during the year covering:
• Community Safety – Safe and Well Checks (SAWC) – A review was undertaken to ensure procedures are in place with regard to the strategic aims and performance measures, SAWC delivered by Home Safety Support Workers, referrals of ‘vulnerable households’ and the SAWC delivered by partner agencies. The audit made 11 recommendations and provided a Satisfactory level of assurance.
• HR and Payroll – Starters and Leavers - A review was undertaken to ensure that appropriate systems of internal control are operating with regard to Starters and Leavers, which focused upon the changes in procedures after the implementation of the iTrent System in November 2020. The audit made 3 recommendations and provided a High level of assurance.
23 The outcome of each audit and the evaluation of the adequacy of the internal control environment is based on the number of recommendations and their risk rating. All audits undertaken during the year were assessed as providing positive levels of assurance.
24 To address the weaknesses identified during the audit reviews 14 recommendations have been made. Action plans setting out the agreed response to the audit recommendations were issued with the audit reports and these have been returned from Fire and Rescue Authority management, completed with the action to be taken to ensure implementation of the recommendations. Management have agreed to implement all the audit recommendations with the exception of a recommendation in the Starters and Leavers audit to validate a candidate’s highest relevant qualifications through the relevant examining board or professional body, before appointments are confirmed. Management considered that to obtain this further evidence is too onerous an obligation for the Service as it may entail a significant amount of HR time and inevitably delays in waiting for this information to be verified; there may also be a charge for this service and permission required as it is processing personal data.
25 To comply with CIPFA’s Public Sector Internal Audit Standards a formal follow up process is in operation within the Section to confirm that the recommendations made in Internal Audit reports have been implemented by management within agreed timescales. A follow up audit will normally take place six months after the issue of the final report.
26 A schedule of the follow up audits conducted during 2020/21 is attached at Appendix B. It demonstrates the number of recommendations accepted and subsequently implemented by management in each area and reveals changes that impact on the original audit opinion. It is evident that there was a significant improvement in the levels of internal control with regards to the Purchase Cards and Fleet Management audits completed in 2019/20, with both receiving a revised audit opinion of High.
27 During 2020/21 48 audit days were provided, in comparison with the planned allocation of 50 days as indicated in the annual audit plan. A summary of audit activity is attached at Appendix C and shows the planned allocation of audit resources in terms of man days over departments and services and compares actual work done for 2020/21 with the plan. As a result 2 days will be carried forward into 2021/22, increasing the allocation to 52 days.
28 In accordance with the Public Sector Internal Audit Standards, the plan needs to be flexible to be able to reflect and respond to the changing risks and priorities of the Authority. The plan was reviewed during the year and updated as necessary. The Central Stores audit was delayed due to the Covid-19 pandemic and the requirement to undertake audit work remotely. The Central Stores audit has been carried forward into 2021/22.
Compliance with Public Sector Internal Audit Standards
29 Internal Audit employ a risk-based approach to determining the audit needs of the Authority at the start of the year and use a risk based methodology in planning and conducting our audit assignments. The work of Internal Audit Services has been performed in compliance with the UK Public Sector Internal Audit Standards 2013.
30 The Internal Audit Service has developed a Quality Assurance and Improvement Programme (QAIP), which covers all aspects of internal audit activity and enables conformance with all aspects of the PSIAS to be evaluated.
31 The Public Sector Internal Audit Standards (PSIAS) became effective from 1st April 2013 and introduced a requirement for an external assessment of all internal audit services, which must be conducted at least once every five years by a qualified, independent reviewer from outside of the organisation. Wrexham County Borough Council’s (WCBC) Service Manager – Audit and Technical performed the assessment in November 2016. The Institute of Internal Auditor’s suggest a scale of three ratings, ‘Generally Conforms,’ ‘Partially Conforms’, and ‘Does Not Conform.’ The external assessors’ overall opinion is that the Internal Audit Service generally conforms with the PSIAS and Code of Ethics in all significant areas and that it operates independently and objectively.
IMPLICATIONS
Wellbeing Objectives This report links to the Authority’s long-term well-being objective which is “To facilitate high quality, responsive and better integrated fire and rescue services so that prevention activity and emergency response can continue to be available when and where required, affordably, equitably and on the basis of risk.”
Budget Internal Audit Services is provided as part of an SLA and within budget constraints.
Legal N/A
Staffing N/A
Equalities/Human Rights/
Welsh Language N/A
Risks The Statement of Assurance is submitted in compliance with the Accounts and Audit Regulations and the Public Sector Internal Audit Standards. Without such assurance from the Head of Internal Audit Services, Members would be unaware of the adequacy and effectiveness of the corporate governance, risk management and internal control arrangements and its associated ability to achieve its objectives.
Any significant issues or weaknesses identified by Internal Audit would not be considered in the preparation of the Annual Governance Statement.