NORTH YORKSHIRE COUNCIL

 

AUDIT COMMITTEE

 

23 OCTOBER 2023

 

INTERNAL AUDIT AND COUNTER FRAUD PROGRESS REPORT

 

 

1.0      PURPOSE OF THE REPORT

 

1.1         To inform Members of the progress made to date in delivering the 2023/24 internal audit programme of work, and the other related services provided to the Council by Veritau (information governance and counter fraud).  The report also highlights any issues likely to impact on the programme of work throughout the remainder of the year.

 

 

2.0      BACKGROUND

 

2.1      The work of internal audit is governed by the Accounts and Audit Regulations 2015 and the Public Sector Internal Audit Standards (PSIAS). The council has formalised its arrangements for internal audit within an Audit Charter, which was approved by the Audit Committee in March 2023. In accordance with these standards and the Audit Charter, the Head of Internal Audit is required to report to the Council on the programme of internal audit work and to highlight any emerging significant risks and/or control issues.

 

3.0      PROGRESS

 

Internal Audit          

 

3.1      The 2023/24 internal audit work programme was approved by this Committee at its meeting on 26 June 2023. Work is planned to ensure there is sufficient coverage of the framework of governance, risk management and internal control. We have defined the following as areas where assurance is required in order to provide an evidence based opinion. The requirement for providing assurance across all of these areas is taken into account when prioritising work.

 

·         Strategic planning

·         Organisational governance

·         Financial governance

·         Risk management

·         Information governance

·         Performance management and data quality

·         Procurement and contract management

·         People management

·         Asset management

·         Programme and project management

·         ICT governance

 

3.2      Annex 1 to this report provides an update on the progress made to complete the work programme. This annex includes a summary of current work in progress and the internal audit priorities for the remainder of the year.

 

3.3      To comply with the Public Sector Internal Audit Standards, an external quality assessment (EQA) of our internal audit working practices is required at least every 5 years. The last assessment was completed by the South West Audit Partnership (SWAP) in 2018. The Chartered Institute of Internal Auditors was therefore commissioned to undertake a further review this summer.  The outcome of the review was very positive, and the overall opinion was that our internal audit function ‘generally conforms’ to the PSIAS and IIA standards.  A copy of the report is attached as annex 2.

 

Counter Fraud

 

3.4      Veritau’s Corporate Fraud Team (CFT) investigates cases of suspected fraud or malpractice. Such assignments are carried out in response to issues raised by staff or members of the public via the whistleblower hotline, or as a result of management raising concerns.  Since the start of the current financial year, 163 cases of suspected fraud or malpractice have been referred to Veritau for investigation.  Investigative work has resulted in savings of £60.7k to date.

 

3.5      Details of the work completed to date are provided in annex 3.  This includes activity to promote awareness of the risks of fraud, work with external agencies, and information on the level of fraud reported to date.

 

Information Governance

 

3.6      Veritau’s Information Governance Team (IGT) continues to handle a significant number of information requests received in accordance with the Freedom of Information Act 2000 (FOI) and Data Protection Act 2018 (DPA).  The number of FOI requests received between 1 April 2023 and 30 September 2023 was 1,075 compared with 564 requests received by the former County Council during the corresponding period in 2022/23.  The number of requests received in 2023/24 and answered within 20 working days is currently 66% (2022/23 – 83%). The IGT also coordinates the Council’s subject access requests (SARs) and has received 201 such requests between 1 April 2023 and 30 September 2023 compared to 168 requests received by the former County Council during the corresponding period in 2022/23. 

 

3.7      Veritau acts as the Council’s Data Protection Officer and provides advice and support to the Council on all aspect of data protection.  The IGT also reviews compliance with the legislation and liaises with the regulator, the Information Commissioner’s Office (ICO).  Other work includes reviewing data protection impact assessments, preparing data sharing agreements, recording data security incidents and investigating serious data security incidents.  Further details about the work of the IGT will be included in the annual information governance report, which will be presented to the June meeting of this committee.

                                                                       

 

 

4.0      RECOMMENDATIONS

 

4.1      Members are asked to note the progress made in delivering the 2023/24 Internal Audit programme of work and the other assurance related services provided by Veritau.

 

 

MAX THOMAS

Head of Internal Audit

 

Report prepared and presented by Max Thomas, Head of Internal Audit

 

Veritau - Assurance Services for the Public Sector

County Hall

Northallerton 

 

11 October 2023