To provide an update on the delivery of the 2020/21 internal audit plan as of the end of Q4 2020/21.
Natalie Jerams, Deputy Head of Southern Internal Audit Partnership (SIAP), explained that the fundamental purpose of the report was to demonstrate key delivery of the 2020/21 Audit Plan.
Performance to date showed that 86% of audits were complete, 14% were in progress, this meant that two were at draft report stage, while one remained at field work stage.
The Committee was apprised that there had been four new final reports and one draft report published concluding “limited” or “no” assurance since SIAP’s last progress report. The report showed a line by line breakdown of audits undertaken this year; it also listed adjustments due to reprioritisation as a result of the risks around COVID-19.
Following a question by a Member regarding cyber security it was stated that in respect of section 4 of the report, that work had concluded with a “reasonable” assurance and in terms of section 8, it had been considered that cyber security should be incorporated into the 2021/22 plan. The rational for this audit related to staff working from home and any potential vulnerabilities to the network.
Concern was raised regarding procurement via credit card and there were questions regarding the management actions. In response, it was stated that there had been 19 management actions, of which 12 had been assessed as complete at the time of preparing the report. SIAP had been asked by the Interim Head of Finance to audit the use of credit cards as they were used more frequently during the emergency response to COVID-19. This area had been due for a review as this had not been undertaken for some time. Following the audit, new processes had been put in place and these were explained.
In response to a question relating to fleet management, it was noted that 16 management actions had been completed and 5 remained outstanding. Assurance was given that these would be followed through to completion as with all audits.
Members were referred back to Audit Guidance Statements and in terms of processes put in place, there was a whole framework that ensured processes, checks and controls were monitored on an ongoing basis. Measures were in place that ensured they remained relevant as business evolved.
RESOLVED that the Audit Committee notes the internal audit progress report contained in the annexes to the report.