Agenda item
Internal Audit Activity Report
- Meeting of Senedd Commission Audit and Risk Assurance Committee, Monday, 9 June 2014 11.00 (Item 3.)
- View the background to item 3.
Minutes:
3.1
Gareth
Watts provided an update in relation to the 2014-15 programme of work. 2013-14 work was detailed in his annual
report.
3.2
Since April
2014, he explained that he had continued to work with Dave Tosh and Alison
Rutherford on the Information Governance review. In response to a recent staff survey, he was
performing a Recruitment Procedures audit and aimed to produce a report before
the summer recess. TIAA were currently
scoping the Risk Management Framework audit.
3.3
He also
informed the Committee that he had completed follow up work on the Scheme of
Financial Delegation and the National Assembly for Wales shop. He would be
reporting to the Assembly Commission on 18 June following a review of their
effectiveness.
3.4
Following
a brief discussion on Business Continuity, the Committee urged officials to
accelerate this area of work and provide an update by November 2014.
3.5
Dave
Tosh explained that a mock plenary was held over the Easter recess which
specifically tested the manual voting procedures. Service areas have drafted plans, but they
were yet to be tested and refined. Work
may also be delayed over the summer recess with many of the service areas
taking their annual leave during this period.
3.6
Gareth
Watts introduced his annual report of work during the 2013-14 financial
year. The programme of work was
successfully delivered, despite the changes to internal audit in year, which included
both a new Head of Internal Audit and a new external contractor.
3.7
Committee
members questioned the definition of the opinion ‘Reasonable’. Gareth explained that this was a moderate
rating and that given the scope of the audits, was the highest achievable
score.
3.8
He
confirmed that he intended to carry out more full scope audits this year which,
potentially, could give a higher level of assurance.
3.9
Dave
Tosh mentioned the Information Governance area as an example of vast
improvement in the last 2-3 years. From
the 12 original recommendations, 4 remain outstanding in 2013-14. Tighter controls, clear policies and
structures were now in place. He was
hopeful that this improved position would be reflected in the update in
November.
3.10
Committee
members also questioned how the specific internal audit reviews were
selected. Officials confirmed that by
their very nature, internal audit chose areas of weakness in order for
improvements to be identified. Gareth’s
work would continue to focus on these areas.
3.11
The
Chair agreed that this was a constructive approach and that the Management
Board was taking the recommendations seriously and was acting in a positive way
to improve the functions within the organisation.
3.12
The
Annual report on Fraud was finalised mid-May and at the time of writing
provided a fair reflection of the position.
3.13
Lots of
positive work had taken place since this area was audited in November 2011,
especially access to policies and training by the Head of Procurement and from
the Chartered Institute of Purchasing and Supply.
3.14
Gareth
was considering Fraud Response plans across the public sector and would be
working with Nicola to update the Assembly’s approach. Both agreed that a revised plan needed to be
in place by September 2014.
3.15
The
Committee were aware of stringent procurement checks on new suppliers and
questioned if any of these checks could be applied to existing suppliers to
further improve Financial Services processes.
Nicola would discuss this with Jan Koziel, Head of Procurement.
Actions
-
Dave
Tosh to aim to accelerate the Business Continuity work and provide an update to
the Committee at the November meeting.
-
Gareth
and Nicola to produce a revised Fraud Response Plan by September 2014.
-
Nicola
to discuss processes with Procurement to explore which of the financial checks
they perform on new contracts could be used by Finance for existing suppliers.