To submit the report of the Audit Manager.
Minutes:
Submitted - the Audit Manager's report
detailing the proposed arrangements of providing audit assurance levels to
reflect the Authority's method of assessing and measuring its risks. She
explained that the risk score provided would be based on the Auditor's opinion
in consultation with the relevant Audit Leader and the Audit Manager, and would
fall into one of four categories/risk levels, namely - Very High (20-25), High
(12-16), Medium (6-10) and Low (1-5).
She noted that historically audits had been
given opinion categories ranging from 'A' to 'Ch'.
She explained that under the proposed procedure each audit would be allocated
an assurance level. She elaborated that the assurance level awarded would be
based on an evaluation of the internal management environment and the number of
risks identified along with their risk score. She noted that the general
assurance levels of audits would fall into one of four categories:
HIGH |
Certainty of propriety can be stated as internal controls can be
relied upon to achieve objectives. |
SATISFACTORY |
Controls are in place to achieve their objectives but there are
aspects of the arrangements that need tightening to further mitigate the
risks. |
LIMITED |
Although controls are in place, compliance with the controls needs to
be improved and / or introduces new controls to reduce the risks to which the
service is exposed. |
NO ASSURANCE |
Controls in place are considered to be inadequate, with objectives failing
to be achieved. |
During the ensuing discussion, the following main observations
were noted by members:
·
The proposed arrangements would provide members
with more information and it was a valuable step forward;
·
Was there a figure attached to what was noted in
the definition of impact as 'on many residents'?
·
Of the opinion that it was a positive step forward.
Would the Committee receive a summary in terms of what had been done?
·
Would the audit risk scores be discussed with the
relevant officers at the Departments before the report was submitted to
Committee?
·
Would the timeline in terms of historical
information and milestones be noted in the reports?
·
A culture was needed that meant that auditors did
not have to defend the score given to an audit. It was hoped that officers
could view an audit as something positive and not negative;
·
How much notice did services receive in terms of
conducting an audit?
·
What was the situation regarding leisure centre
audits in light of establishing the new leisure company?
In response to the
observations, the officers noted:
·
That it was approximately estimated
that between thousands and tens of thousands of residents would be considered
to be 'many residents'. Nevertheless, it was emphasised that a risk which was
awarded a '5- Catastrophic' impact would be defined as having a catastrophic impact
on any resident;
·
The Committee would receive a summary
of the audit reports and the audit's level of assurance would be noted. It was
felt that the risk score, as opposed to an opinion category, would be more
useful for officers;
·
The relevant officers within the
Departments were given an opportunity to respond to the draft audit report.
Should the officers not agree with the internal audit officers, the auditor
would have to be firm and defend the score awarded to the audit;
·
That the Internal Audit Plan was
different every year therefore it was not possible to make a year on year
comparison. Follow up work was undertaken on every action rather than the
historical procedure of only following up on 'C' opinion category reports;
·
It was a matter for the Department to
determine whether specific risk scores were acceptable to them or whether they
needed to act to reduce the risk;
·
Audits had been identified in the
Internal Audit Plan for the year. In some cases a discussion was needed prior
to the audit with relevant officers to receive information on the background to
prepare a briefing note. The only exception in terms of unplanned audits was
leisure centre audits, and that was at the request of the Economy and Community
Department.
·
It was noted in the contract for establishing the
new leisure company 'Byw'n Iach
Cyf' that it was expected for the company to award
contracts for providing specific support to the Council but that the company
also had the right to outsource contracts. There would be a Service Level
Agreement between the Internal Audit Service and Byw'n
Iach Cyf.
RESOLVED to accept the report.
Supporting documents: