Agenda item

To receive the internal audit annual opinion from SWAP.

Becky Brook, Principal Auditor at SWAP, presented the internal audit annual opinion from SWAP, which was reasonable. Significant risks highlighted over the year were being followed up and SWAP would report back to the Committee when these were adequately mitigated.

Various pages of the report were highlighted, including the key highlights at page 16 of the agenda; audit coverage by strategic risk at page 17; and follow up audit actions at page 18. 

58% of SWAP’s work had given reasonable opinions. Value added work was detailed at pages  20 - 21. Wiltshire Council, via SWAP, were a partner of CiFAS (Credit Industry Fraud Avoidance System). Pages 24 – 29 included details of all work undertaken over the last year.

Members queried that the report seemed to be focused on SWAP’s performance, rather than Wiltshire Council’s performance. Sally White, Assistant Director, SWAP, explained that this was an annual overview, so was a summary and did point more to SWAP’s performance. The quarterly internal audit updates brought to the Committee would have more details regarding Wiltshire Council performance, such as any limited or no assurance audit opinions.

Lizzie Watkin (Director of Finance & Procurement (S151 Officer)) stated that when limited or no assurance audits were received, the service area involved would be invited to the Committee so that the situation and actions to be taken to mitigate any risks could be drilled into in more detail.

Members queried the lack of audit coverage by strategic risk. Ms White explained that there was limited data available at present, as SWAP had changed to a new system approximately 16 months ago, so that affected coverage shown in the report.

Members requested assurance regarding cyber resilience, as the ICT network boundary defences audit had received a limited assurance opinion. Following this the service area had attended the Committee to give further details. The SWAP representative stated that SWAP was currently exploring with ICT how far they had progressed in terms of mitigating cyber risks around ICT network boundary defences. The Committee would be updated when appropriate.

Members then had a discussion regarding whether progress against targets set more generally were audited. Examples given were targets for self-build houses, the 5 year housing land supply (now 4 years) and the Gypsy and Traveller policy. Members were particularly concerned about the council’s statutory obligations and where it was recorded whether the Council was meeting those.

Ms White stated that they did look at Key Performance Indicators (KPI’s) sometimes, however it depended on the scope of their work.

Members further discussed various issues that had occurred a planning committees.

Cllr Nick Botterill, Cabinet Member for Finance, Development Management and Strategic Planning, highlighted that a Gypsy and Traveller Plan was being developed in line with regulations and there was a published development scheme.

Some Members felt that these sorts of issues were beyond the remit of the Audit and Governance Committee.

Lizzie Watkin stated she understood the Members concerns and there was an onus on officers in terms of transparency of reporting.  The officer felt like this would be something that would fall under one of the Scrutiny Select Committees. The officer would take this away and follow it up with the Monitoring Officer, to ensure the structures were in place. However, there was a complexity around the Committee’s role in terms of governance. Performance and Outcomes Boards and Groups did look at this type of issue, and they did not want to duplicate that, but did want robust debate.

Members again stated that they wanted to know where performance against things the council had said it would do was measured and shown, and that this should be audited. Members also highlighted that they had been arguing for a Finance Select Committee.

The officer explained that internal audit activity was focused in terms of risk and mitigation, and risk of not meeting statutory duties should be covered by internal audit. In terms of the Business Plan, quarterly performance reports went to Cabinet. This was why she had suggested a Select Committee to be the correct route as they look at Cabinet’s role. They needed the right reporting in the right place. The officer re-iterated that she would discuss this with the monitoring officer.

The Chairman proposed a motion to note the Internal Audit Opinion provided by SWAP, this was seconded by Cllr Stuart Wheeler.

Members debated further with points raised including concerns regarding coverage of audits and whether identified actions were being followed up.

SWAP stated that any risks with no coverage were in the plan to be covered and Members could look at the Audit Board for the latest information regarding audits and to access the rolling internal audit plan. This approach had been adopted so that the plan was dynamic and responsive. It was highlighted that strategic risks were not the only factor considered by SWAP when planning their internal audit work.

Lizzie Watkin suggested that the Committee may need more information on the risk management approach, so requested that this be added to the Forward Work Plan.

At the conclusion of the debate, it was,

Resolved:

To note the Internal Audit Annual Opinion provided by SWAP.