The Chief Internal Auditor introduced the
report and stated that updates had been made to internal audit
legislation in 2014 and 2015, and therefore the Chief Internal
Auditor now had to present regularly to the Standards and Audit
Committee and provide Members with his professional opinion. He
stated that although he could give reasonable assurances on the
financial state of the Council, these could never be absolute
guarantees. He added that regular progress reports on the work of
the internal audit team would also be brought back before the
Committee throughout the year. He explained that this year had been
a difficult year due to COVID and this had been taken into account
throughout the report. He added that the internal audit team had
also struggled as some team members had left. The Chief Internal
Auditor then highlighted point 3.1 on page 86 of the agenda and
explained that the team had produced 11 assurance reports
throughout the year, which had all received a green or amber-green
rating, and 4 advisory reports, as well as looking into a variety
of other complaints. He stated that the team had also been busy as
they had needed to sign off numerous government COVID grants.
The Chief Internal Auditor moved on and highlighted point 3.2 on page 86 of the agenda which explained that specialist consultants had also been hired in March and April to review two major projects and improve related governance. He stated that the Committee would receive regular updates on these projects throughout the year, and a new project management process had now been implemented. He summarised and stated that his overall opinion was currently amber, which had not changed since 2019/20, but his risk management opinion was currently green. He stated that 3.4 of the report highlighted recommendations to managers to improve the amber rating. He added that page 97 of the report showed there had been good progress made in previous recommendations, and no conflicts of interest had been found within the team.
Ms. Laybourn queried page 95 of the agenda and asked what the difference between risk enabled and risk managed was in terms of the risk register. She felt that there had been some ‘red’ risks last year that had not been able to be mitigated. The Chief Internal Auditor responded that the risk maturity model ranged from naïve to aware to managed to enabled. He clarified risk enabled meant that on both a strategic and operational level risk management had been embedded in decisions. He added that risk managed meant that on a strategic level risk management had been embedded, but not on an operational level.
Councillor Collins thanked officers for their hard work throughout the year, particularly when dealing with staff shortages. He highlighted the last paragraph on page 98 of the agenda and asked if any there had been any problems with COVID specific funding. The Chief Internal Auditor responded that although no additional challenges had presented themselves due to COVID, the workload had increased dramatically due to the number of government grants being submitted. He explained that government grants ranged from thousands to millions of pounds, and ranged from areas such as COVID enforcement, to education, to one-way high street signage. The Corporate Director of Resources and Place Delivery added that each government grant received a different risk rating, for example some grants were directly linked to business rates and could be paid directly to the Council, but others were grants being given to businesses based on their type and rateable value. He stated that Thurrock had received approximately £14.8m in general grants from the government to support itself, plus grants to cover lost fees and charges. He stated that government grants had also been received to manage the test and trace system, food parcel delivery, town centre management, and transport. He stated that these grants would be pulled together and presented to the Committee as part of the finance accounts.
The Chair questioned if the internal audit team had sufficient staff and resources to carry out their role. The Chief Internal Auditor responded that as well as himself there was currently 1 senior auditor and 2 internal auditors, with one of these set to become a senior auditor shortly. He stated that he would be putting together a business case for two additional auditors, as workloads continued to increase for example the increased use of digital signatures which needed assurances. The Chair then questioned if the team would give recommendations on how to improve the risk enabled and risk managed statuses. The Chief Internal Auditor answered that work had started on this in 2018 with the risk management officer, but this would require additional resources and therefore increase costs. The Chair stated that two amber rating areas were the fostering service and DBS checks, and queried if this could potentially include risk related to vulnerable residents. The Chief Internal Auditor responded that the team had only audited payments of foster carers to ensure payments were following the correct processes and foster carers were getting paid the correct amount. He stated that the DBS audit also focussed on processes and checks to ensure people were not starting work before their DBS clearances or right to work in the UK documents had arrived. He stated that this did not relate to vulnerable families or individuals.
1. That the Standards and Audit Committee considered and commented on the Chief Internal Auditor’s Annual Report – Year ended 31 March 2021.