Secretariat Audit and Risk Committee Report to the Assembly Commission Year Ending 31 March 2018
CHAIRPERSON’S FOREWORD
I would like to begin by recording my appreciation and thanks to Derek Martin, as Independent Member, and Jim Wells MLA, as Commission Member, for their valued input to the work of SARC throughout this reporting period.
It is important that I acknowledge, in writing this Annual Report, that the Northern Ireland Assembly (“the Assembly”) has continued to experience a period of political uncertainty, with no Assembly sittings having taken place, throughout the reporting year. These circumstances have resulted in a significant number of Secretariat staff being temporarily redeployed to work elsewhere in the Public sector or other legislatures.
In the context of the continuing negotiations between the United Kingdom Government and the European Commission, and the introduction of the EU (Withdrawal) Bill, I also acknowledge the potential future impact of the United Kingdom’s withdrawal from the European Union on the work of the Assembly and the Assembly Commission.
I am pleased to present the Annual Report for 2017-2018 on behalf of SARC. This Report describes how SARC fulfilled its role of providing support and advice to the Assembly Commission and the Clerk/Chief Executive in order to ensure sound financial and governance arrangements. In line with its policy of openness and accessibility, SARC Annual Reports and the minutes of SARC meetings are placed on the Assembly website.
During the reporting year, SARC provided support to the Secretariat in relation to managing risk and contributed to the completion process for the 2016-17 Accounts. In particular, SARC concentrated on assurances in relation to Members’ expenses, procurement activity and the implementation of outstanding audit recommendations.
SARC members considered a revised Risk Management Strategy which included a more detailed analysis of risk appetite. SARC members also considered completed assessments in relation to the Northern Ireland Audit Office’s Managing Fraud Risk Self-assessment Checklist; the British Standards Institution’s Anti-bribery Self-assessment Questionnaire; the Northern Ireland Audit Office’s “Managing the Risk of Bribery and Corruption: A Good Practice Guide for the Northern Ireland Public Sector”; and the National Audit Office’s good practice guide “Cyber Security and Information Risk Guidance for Audit Committees”.
The Corporate Risk Register was reviewed each quarter by SARC. Directors’ Stewardship Statements were reviewed in May 2017 and January 2018. The Secretariat’s revised Organisational structure, effective from 1 October 2017, was noted.
SARC members completed a self-assessment template, based on the National Audit Office’s checklist for Audit Committees, on 16 May 2018. An element of external review has been added to the assessment by requesting comments on SARC’s effectiveness from the NI Audit Office’s representative. The findings confirm that SARC is fully compliant with best practice.
The draft Internal Audit Plan for 2017-18 was considered and agreed by SARC at its meeting on 17 May 2017. In the light of temporary redeployments across the Assembly Secretariat, a revised plan was considered and agreed by SARC on 18 October 2017. The revised plan has been successfully completed, with reports drafted or finalised.
SARC has this year continued to see significant progress maintained in the timely implementation of audit recommendations and has continued to monitor the implementation of all audit recommendations to clear timetables and targets.
I am pleased to report that the Secretariat has developed and maintained a strong culture of accountability throughout the organisation and wisely continues to use the Internal Audit function as a business improvement tool. I am also pleased to report that SARC achieved all of its targets within the allocated budget.
I am grateful to the Assembly Commission for its support and for allowing the SARC Chairperson, or the Independent member, to attend its meetings and to contribute to its discussions throughout the year. This is very helpful in providing a broader perspective for the work of SARC. I look forward to continuing the practice of the SARC Chairperson meeting annually in private with the Assembly Commission to discuss matters pertaining to SARC, as I know that this has proved to be particularly helpful in the past.
Finally, my thanks go to the Clerk/Chief Executive and the staff of the Assembly Secretariat for their commitment and diligence in providing SARC with the information necessary to achieve its objectives as well as very valuable secretarial services.
JIM BROOKS
CHAIRPERSON
CONTENTS
Introduction
The Secretariat Audit and Risk Committee (SARC)
- Meetings
- Membership
- Training
- Management Information Systems and Controls
Progress of SARC 2017-2018
- Performance against key objectives
Internal Audit Activity 2017-18
NI Assembly Accounts 2016-2017
Evaluation of SARC 2017-18
Internal Audit Plan
Conclusion
Annex A: Definition of Audit Ratings
SECRETARIAT AUDIT AND RISK COMMITTEE
REPORT TO THE ASSEMBLY COMMISSION
FOR YEAR ENDING 31 MARCH 2018
1. INTRODUCTION
This Report provides the Assembly Commission with an account of the activity and achievements of the Secretariat Audit and Risk Committee (SARC) in 2017-2018 in relation to its objectives for that year.
2. SECRETARIAT AUDIT AND RISK COMMITTEE (SARC)
SARC plays an important role in the overall system of corporate governance in the Northern Ireland Assembly Secretariat. SARC is independent of the Secretariat and aims to support the Clerk/Chief Executive in her role as Accounting Officer. It also provides independent support to the Assembly Commission in monitoring its responsibilities for issues of risk, control and governance and by reviewing the comprehensiveness of assurances.
2.1 Membership 2017-18
|
Jim Brooks |
Independent Chairperson |
|
Derek Martin |
Independent Member |
|
Jim Wells MLA |
Assembly Commission Member |
2.2 Meetings
SARC meets at least four times a year, although the Chairperson may convene additional meetings should he feel that this is necessary. During 2017-18, SARC met four times. Attendance was as follows:
|
Member |
Meetings attended |
|
Jim Brooks |
4/4 |
|
Derek Martin |
4/4 |
|
Jim Wells MLA |
3/4 |
SARC meetings are normally attended by the Accounting Officer, all Directors, the Head of Internal Audit, the Head of Finance and a representative from the Northern Ireland Audit Office. Secretarial support is provided by the Legal, Governance & Research Services Directorate.
The Chairperson of SARC attends meetings of the Assembly Commission as an observer. Jim Brooks attended meetings of the Commission on 22 November 2017 and 31 January 2018. Derek Martin attended the Commission meetings on 25 September 2017 and 5 March 2018.
2.3 Training
The Chairperson and Independent member have continued to become more familiar with business areas throughout the Assembly Secretariat and to meet key staff. Given the comprehensive induction on appointment and existing knowledge and experience, no formal training was deemed necessary throughout the year.
2.4 Management Information Systems and Controls
At each meeting, SARC is provided with a number of analyses and reports including:
- A log of all outstanding Audit Recommendations together with a statement of the status of each and a target date for completion. This is used at each meeting to monitor progress and ensure that recommendations are implemented in a timely manner.
- Changes to the Corporate Risk Register and any areas of concern. SARC monitors the actions taken by the Secretariat Management Group to manage the Corporate Risks to ensure they remain relevant and that appropriate mitigating actions are taken. Copies of the Assurance Statements completed by Directors are submitted to SARC for information every six months.
- A progress report from the Head of Internal Audit summarising:
-
- Work performed and a comparison with work planned;
- Key issues emerging from Internal Audit work;
- Management responses to audit recommendations;
- Changes to the Internal Audit Plan; and
- Any resource issues affecting the delivery of Internal Audit objectives.
- A progress report from the NI Audit Office representative summarising work done and emerging findings.
As and when appropriate, or when requested, SARC will also be provided with:
- The Internal Audit Charter;
- The Internal Audit Strategy;
- Head of Internal Audit’s Annual Opinion and Report;
- Quality Assurance reports on the Internal Audit function;
- The draft accounts of the Assembly Commission;
- The draft Governance Statement;
- A report on any changes to accounting policies;
- The NIAO’s Report to Those Charged with Governance;
- A report on any proposals to tender for audit functions;
- A report on co-operation between Internal and External Audit;
- The NIAO audit strategy;
- The Assembly Secretariat’s Risk Management Strategy; and
- Stewardship Statements.
SARC is satisfied with the comprehensiveness, reliability and integrity of assurances, the quality of audit, financial reporting and the management of risk. SARC members considered the contents of a draft Governance Statement at the SARC meetings on 17 May and 20 June 2017.
3. PROGRESS OF SARC IN 2017-18
3.1 Performance against key objectives
|
KEY OBJECTIVE |
PERFORMANCE |
|
To ensure the effective implementation of audit recommendations, including External and Internal Quality Assurance recommendations |
Continued success in the rapid implementation of outstanding audit recommendations. Of the 33 recommendations made during the year, 23 have already been implemented. |
|
To oversee the handling of key risk areas by the Secretariat to ensure that risk is being appropriately managed and value for money secured. |
Corporate Risk Register reviewed at SARC meetings. The economical, effective and efficient use of resources is considered as part of the ongoing audit programme. |
|
To keep under review any risks arising from organisational change programmes, where appropriate, and any issues arising out of the work of the Independent Financial Review Panel. |
Corporate Risk Register reviewed at SARC meetings. Directorate Risk Registers are reviewed annually.
Independent Financial Review Panel currently not established. |
|
To oversee the timely sign-off of the Annual Report and Accounts. |
Following the SARC meeting on 20 June 2017, SARC members recommended that the Accounting Officer sign the 2016/17 Annual Accounts. |
|
To promote best practice where possible in the operation of SARC. |
The operations and Terms of Reference for SARC were reviewed by SARC on 18 October 2017 and are based on the requirements of the HM Treasury Audit and Risk Assurance Committee guidance of March 2016 / Audit and Risk Assurance Committee Handbook NI. SARC members bring experience from other Boards and Committees, undertake training as necessary and keep abreast of updates and guidance. |
4. INTERNAL AUDIT ACTIVITY 2017-18
4.1 Internal Audit Programme 2017-18
Details of progress in relation to the Internal Audit Programme for 2017-18 are outlined below. Risk Rating Definitions are attached at Annex A.
|
ASSIGNMENT |
AUDIT RATING |
REPORT DATE |
|
Review of VES Admin |
Satisfactory |
May 2017 |
|
Review of Provision of Hardware and Software |
Satisfactory |
May 2017 |
|
Review of Winding Up Expenditure |
Satisfactory |
May 2017 |
|
Review of Risk Management |
Substantial |
May 2017 |
|
Review of the Committee for Communities |
Substantial |
May 2017 |
|
Review of Cyber-Security (scoping review) |
Not applicable |
October 2017 |
|
Review of Members Expenses |
Satisfactory |
October 2017 |
|
Review of RaISe |
Satisfactory |
November 2017 |
|
Review of Usher Services |
Satisfactory |
March 2018 |
|
Review of Roof Project |
Satisfactory |
March 2018 |
Follow-up audits have been carried out as follows:
|
FOLLOW-UP AUDITS |
AUDIT RATING |
REPORT DATE |
|
Review of Winding Up Expenditure |
Substantial |
January 2018 |
|
Review of Politics Plus |
Substantial |
February 2018 |
|
Review of Risk Management |
Substantial |
February 2018 |
|
Review of Voluntary Early Severance Administration |
Substantial |
February 2018 |
|
Review of iTrent (HR) |
Satisfactory |
April 2018 |
Work ongoing:
|
ASSIGNMENT |
AUDIT RATING |
REPORT DATE |
|
Review of Secretariat Travel |
To be determined |
In progress |
|
Review of PECOS |
To be determined |
In progress |
|
Review of Members Expenses |
To be determined |
In progress |
|
Follow-up Review of iTrent (Payroll) |
To be determined |
In progress |
4.2 Key Issues
Recommendations were made in respect of each of the assignments completed by Internal Audit in order to enhance control / manage risk. The rate of acceptance and implementation of recommendations remains high and has helped to maintain the overall level of assurance at satisfactory.
The results of the audits carried out in the 2017-18 year were either satisfactory (7) or substantial (2); the scoping review of cyber-security arrangements was not an assurance review therefore an overall assurance rating was not provided. Follow-up audit results were either substantial (4) or satisfactory (1).
As a result of the continuing political situation affecting the work of the Assembly Secretariat, and the consequent temporary redeployment of a significant number of Assembly Commission staff (which includes the temporary redeployment of a member of Internal Audit staff), the audit plan was reduced in-year, with the approval of SARC. The work completed in 2017-18, however, is sufficient to allow a meaningful level of annual assurance to be given.
5. NI ASSEMBLY ACCOUNTS 2016-2017
Based on an examination of the Accounts and the Report to Those Charged with Governance, SARC members, following the SARC meeting on 20 June 2017, recommended that the Clerk/ Chief Executive sign the 2016-17 accounts. SARC members appreciate the work of the Secretariat and NIAO staff involved in delivering the accounts to timetable.
6. EVALUATION OF SARC 2017-18
On 16 May 2018, SARC members completed a self-assessment checklist for 2017-2018; SARC was fully compliant in all areas.
7. INTERNAL AUDIT PLAN 2018-19
A draft Internal Audit plan was considered by SARC on 31 January and 16 May 2018. SARC members approved the Audit Plan and Strategy on 16 May 2018.
8. CONCLUSION
SARC is satisfied that it has discharged its duties as guided by its Terms of Reference. Given this, and taking into account the work of Internal Audit and the NI Audit Office, and assurances provided to the Committee, SARC is satisfied that it provides sufficient assurance to the Assembly Commission and to the Accounting Officer in the discharge of accountability obligations. SARC is pleased to note the overall Satisfactory level of assurance from Internal Audit for the period 1 April 2017 to 31 March 2018. In addition, SARC’s conscious decision in October 2016 to retain the Substantial assurance rating, rather than adopt only the ratings outlined in DAO (DoF) 07/16, has proven to be useful, with two Final Audit Reports and four Follow-up Reports receiving Substantial assurance ratings. It is most pleasing to SARC that there were no Audit Reports in 2017-18 resulting in Limited or Unacceptable assurance ratings.
ANNEX A
ASSURANCE DEFINITIONS
SUBSTANTIAL
There is a robust system of risk management, control and governance which should ensure that objectives are fully achieved.
SATISFACTORY
There is some risk that objectives may not be fully achieved. Some improvements are required to enhance the adequacy and / or effectiveness of risk management, control and governance.
LIMITED
There is considerable risk that the system will fail to meet its objectives. Prompt action is required to improve the adequacy and / or effectiveness of risk management, control and governance.
UNACCEPTABLE
The system has failed or there is a real and substantial risk that the system will fail to meet its objectives. Urgent action is required to improve the adequacy and / or effectiveness of risk management, control and governance.
