The Head of Internal Audit & Counter Fraud Shared Services (Chief Audit Executive)presented for approval the Internal Audit Plan (Q1-Q2) 2022-23 for Gravesham.

The council is required to prepare an audit plan outlining how internal audit resources will be used throughout the year. 

While a draft plan has been prepared for the full 12 months, Appendix 2 of the report outlines the plan for the first six months of the year. The purpose of this change in approach is to ensure that audit resources are being directed to the council’s highest areas of risk throughout the year.

The risk assessment was completed in January which is three months before the commencement of work and there is a high possibility that the risk landscape could change.

In July, the Audit Risk Assessment will be refreshed and used to update the current second half of the year plan based on any changes to risk landscape or legislative requirements.  The plan for the second half of the year will be presented to this Committee alongside the first update in September.

This is to enable the service to be more responsive to changes, manage resources in a more efficient manner and ensure we continue to focus audit resources in the highest risk areas.

The Risk Assessment or Audit Needs Assessment was completed after consultation with Directors and senior Managers to consider their views on the risks for each service in the coming year and the draft plan was also shared to identify any timing issues as early as possible. That has partly determined what has been selected for the first part of the year.

Members will note that there are some changes to the layout of the plan, the day allocation for individual reviews are no longer included. As part of the planning process, each review has been allocated an indicative figure of 15 days but the Internal Audit Manager will have the freedom to reduce or increase that allocation to ensure the review provides the right level of assurance.

The update reports presented to the Committee will continue to specify the number of days that have eventually been allocated to each review and will report the number of days taken to actually complete the review.

There are specific links to the corporate risk register in the plan which were highlighted from the last external quality assessment to focus on the council’s risk areas. 

Following questions and comments from Members, the Head of Internal Audit & Counter Fraud Shared Services (Chief Audit Executive)explained that:

• There is no upper limit to the 15 workings days to complete a review, but they are unlikely to exceed more than 20 days. The Head of Internal Audit & Counter Fraud Shared Services (Chief Audit Executive) was not aware of other council’s setting upper limits.
• The Chair was glad to see the link to the Corporate Risk Register and asked about the weighting scores. The HIACF explained that the assessment covers a full list of auditable areas of all council services based on the objectives in the council plan. There are six different areas with weighting scores and a range score of 1-5 to produce an overall assessment score. The highest scoring areas are selected for review, while also considering when it was last reviewed. 

Resolved that Members approved the Internal Audit Plan (Q1-Q2) 2022-23 for

Gravesham presented at Appendix 2.