Internal Audit Progress Report
By: Director, Finance & Corporate Services
To: Audit and Governance Committee – 25 November 2021
Subject: Internal Audit Progress Report
Classification: Unrestricted
For Decision
Summary
The Accounts and Audit Regulations 2015 require the Authority to maintain an adequate and effective Internal Audit process and as such this is provided by Kent County Council under a Service Level Agreement.
As part of the Public Sector Internal Audit Standards, the Head of Internal Audit is required to provide an annual opinion to Members on the adequacy and effectiveness of the Authority’s framework of governance, risk management and control. Their annual opinion is largely informed by work undertaken as part of the Internal Audit Plan for the current financial year and subsequent follow up work relating to the previous year.
Attached to this report is the KCC Internal Audit Progress Report for Members to review. This report provides a progress update of the work that KCC Internal Audit has carried out on behalf of the Authority against the 2021/22 Audit Plan since April 2021 and outstanding actions from the 2020/21 Audit Plan.
Recommendations
Members are requested to:
1. Agree the changes to the 2021/22 Audit Plan (Appendix 1 and paragraph 6 refers);
2. Consider and note the progress made in relation to the 2020/21 and 2021/22 Audit Plan (Appendix 1 and paragraphs 4 to 10 refer).
Lead/Contact Officer: Director, Finance and Corporate Services - Alison Kilpatrick
Telephone Number: 01622 692121 ext. 8262
Email: alison.kilpatrick@kent.fire-uk.org
Background Papers: None
Comments
Background
1. Section 5 of the Accounts and Audit Regulations 2015 requires the Authority to under take an adequate and effective internal audit of its risk management, control and governance processes. The Authority discharges its Internal Audit function under a Service Level Agreement to Kent County Council (KCC). Annually the Head of Audit provides an opinion on the adequacy and effectiveness of the Authority’s Framework of Governance, Risk Management and Control. The annual opinion is largely informed by work undertaken as part of the Internal Audit Plan for the current financial year and subsequent follow up work relating to the previous year.
2. The Head of Audit’s opinion is one of the key independent means of assurance available to Members in discharging their role of overseeing the internal control processes implemented by officers and ensuring that a sound system of governance of the Authority’s business is in place. The Head of Audit will be at the Audit and Governance meeting to present this report.
3. The assurance given on individual audits is at the time of issue of that report, but before full implementation of any agreed management action plan. The Authority maintains its own internal follow-up process for audits with assurance levels of “Adequate” and above which are then reviewed by Internal Audit and verified if necessary prior to being closed. Internal Audit however undertake full follow-up reviews for all ‘limited’ and ‘no’ assurance audits.
The Internal Audit Progress Report
4. The Internal Audit Progress Report is attached at Appendix 1 for Members to review and consider.
5. Progress against 2020/21 Audit Plan - Members are reminded that seven of the nine audits planned for 2020/21 were concluded and the results of those audits were reported to Members at the July 2021 Authority meeting. It was also reported at the July Authority meeting that the Collaborations Audit would be rescheduled to 2021/22financial year as well as completion of the Contract Management Audit. Planning work for the Collaboration Audit has commenced which is due to enter fieldwork in quarter 3of this year. The Contract Management Audit has now been completed and I am pleased to report that this provided an audit opinion of Substantial, with Very Good prospects for improvement (a summary of the report is provided at Appendix 1,Annex 1).
6. Progress against 2021/22 Audit Plan - Since the 2021/22 Audit Plan was agreed with Members in April 2021, it has been necessary to amend three of the audits within the plan to ensure audit coverage is reflective of the emerging risks of the Authority. Therefore, it is proposed that the Talent Management, IT Development and Ops Planning audits be replaced with Workforce Planning, IT Service Desk and Fire Standards audits. These are scheduled to take place in quarters three and four of this financial year.
7. Appendix 1, paragraph 3 provides an update on the progress to date in relation to the audits planned for 2021/22. To date one review, Treasury Management, has been completed and a number of others are in progress. The Treasury Management Audit has resulted in an adequate opinion with good prospects for improvement (a summary of the report is provided at Appendix 1, Annex 1). The field work has also been completed for the Operational Response Training Audit and the final report is due imminently whilst the Workforce Planning and Vehicle and Equipment Replacement Programme Audits are both in the fieldwork stages. Planning work is currently being carried out for the remaining audits however the Cyber Security is not due to start until Quarter 4.
8. Audit Follow Up Progress - A summary of agreed audit actions is provided to Members at Appendix 1, Table 4. The Authority is pleased to report that the actions for five of the audits listed have been completed and the audits have been closed. The outstanding actions of the remaining five audits are in progress but not yet due.
9. Key Performance Indicators - As part of the Service Level Agreement, Key Performance Indicators (KPIs) are in place to measure both the performance of Internal Audit and the timeliness of officers’ responses to audit plans and reports. The KPI’s for the two audits completed to date (Treasury Management and Contract Management) are provided to members in Appendix 1 Annex 3.
10. Counter Fraud - To continue our commitment to anti-fraud risk, fraud awareness presentations have recently been delivered to managers and station leaders at team meetings and these were well received. Additionally, a fraud awareness video is being produced for the wider Authority audience. A further three counter fraud culture workshops are due to be delivered shortly and there will also be a fraud awareness survey taking place in the coming weeks.
11. Conformance with Public Sector Internal Audit Standards - An External Quality Assessment (EQA) of Internal Audit Services was completed in early 2021 by an independent assessor (as part of the Public Sector Internal Audit standards requirements) and the outcomes from the assessment were reported to Members at the April 2021 Authority Meeting. Internal Audit plan to update members on the progress of the actions identified within the Annual Report at the meeting of this Page:46
committee in September 2022.
Impact Assessment
12. A proportion of the 2020/21 budget was reallocated to 2021/22 financial year. This was to ensure that there was appropriate provision to enable the audit work outstanding from the 2020/21 plan to be completed. The KCC Internal Audit team are currently in the process of recruiting additional resources to strengthen their team. However, despite some new appointments not being in post for a number of months, the Head of Internal Audit is expecting to be able to deliver the agreed plan by the end of the financial year.
Recommendations
13. Members are requested to:
13.1 Agree the changes to the 2021/22 Audit Plan (Appendix 1 and paragraph 6 refers);
13.2 Consider and note the progress made in relation to the 2020/21 and 2021/22 Audit Plan (Appendix 1 and paragraphs 4 to 10 refer).
Author: Frankie Smith, KMFRS Head of Internal Audit
Email of author: frankie.smith@kent.gov.uk
Telephone: 03000 419434
QA: Jonathan Idle – KCC Head of Internal Audit & Counter Fraud
Purpose of this report
1.1. This report provides an update on the work that the Kent County Council (KCC) Internal Audit service has undertaken on behalf of the Kent and Medway Fire and Rescue Authority (KMFRA) since 01 April 2021, against the 2020/21 and 2021/22 Internal Audit Plans.
1.2. The report also provides a summary of our recent follow up work.
2. Progress Against 2020/21 Audit Plan
2.1. Table 1 below provides an update on our progress against the 2020/21 Audit Plan:
2.2. All audits from the 2020/21 have now been concluded, with the exception of Collaborations, which was deferred to the 2021/22 Audit Plan.
3. Progress Against 2021/22 Audit Plan
3.1 Table 2 below provides an update on our progress against the 2021/22 audit plan:
3.2. The audit summaries for FS03-2021 Contract Management and FS02-2022 Treasury Management are provided in Annex 1.
3.3. Annex 2 details provides the definitions for the risk ratings, audit opinions and prospects for improvements.
3.4. Since the 2021/22 Audit Plan was agreed with Members in April 2021, it has been agreed with Corporate Management Board that the Talent Management, IT Development and Ops Planning audits will be replaced with audits of Workforce Planning, IT Service Desk and Fire Standards respectively. This is to ensure audit coverage is reflective of emerging risks, whilst providing optimum value to the Authority. Further details of these new audits are detailed in Table 3 below:
3.5. Progress against the audit plan is currently on track, as agreed by Members and Corporate Management Board, with all audits due to be completed by 31 March 2022.
4. Counter Fraud
4.1. Fraud awareness sessions have been delivered to managers via the Fire Futures meeting, in addition a bespoke session to station leaders on tackling fraud within the sickness reporting process.
4.2. Work is underway to review the general fraud awareness video as well as a more detailed assessment of the Counter Fraud Culture within KFRS via a culture questionnaire and workshop.
5. Implementation of Management Action Plans - Follow ups
5.1. All High and Medium priority issues raised within Internal Audit reviews are the subject of a formal follow-up process and all ‘Limited’ and ‘No Assurance’ rated audits are the subject of a full re-audit. The Head of Internal Audit (HoIA) is responsible for co-ordinating and overseeing this follow-up process, which is completed as a joint exercise between KFRS and Internal Audit.
5.2. Table 4 below provides a summary of recent follow-up activity.
5.3. Based on the follow up work completed to-date, we are satisfied that good progress has been made to implement all agreed issues and outstanding issues are being appropriately managed and mitigated.
6. External Quality Assessment
6.1. The actions arising from the External Quality Assessment (EQA), which were reported to Fire Authority in April 2021 are currently being reviewed and actioned. Progress against the EQA Action Plan will be reported to Audit and Governance Committee as part of our Annual Report in September 2022.
7.Resources
7.1. Following a team restructure, which was finalised in September 2021, our recruitment activity is now well underway. It is anticipated that all recruitment will be finalised by the end of October 2021 and new colleagues will be in post by the end of the calendar year.
8. Performance Indicators
8.1. As part of the Service Level Agreement between KCC and KFRS, Key Performance Indicators (KPIs) are in place to measure both the performance of Internal Audit and the timeliness of officers’ responses to audit plans and reports. Current performance in relation to the KPIs is given in Annex 3. Two KPIs (% completion of Annual Plan and % completion of actions due) are reported at year end only. There are no significant concerns arising from the KPIs to date.
8.2. The KPIs reported in Annex 3 are based on two audit reports issued since our last report to Fire Authority in April 2021. These are FS03-2021 Contract Management and FS02-2022 Treasury Management.
9. Conclusion
9.1. Audit plan delivery is on track to be delivered by 31 March 2022. As an indication, the overall opinion on systems of risk management, governance and control at this stage continues to be ‘Substantial’ in line with the assurance provided in the 2020/21 Annual Report. This is, however, subject to change as further audits are completed.
Annex 1 - Final Reports Issued
