Secretariat Audit and Risk Committee Report to the Assembly Commission Year Ending 31 March 2021
SARC Annual Report 2020 - 2021doc.pdf (230.28 kb)
CHAIRPERSON’S FOREWORD
I am pleased to present the Annual Report for the year ended 31 March 2021 on behalf of the Secretariat Audit and Risk Committee (SARC). This Report describes how SARC fulfilled its role of providing support and advice to the Northern Ireland Assembly Commission (the Assembly Commission) and the Clerk/Chief Executive in order to promote sound governance, internal control, and risk management arrangements. In line with the Assembly Commission’s policy of openness and accessibility, SARC Annual Reports and the minutes of SARC meetings are placed on the Assembly Commission website.
I would like to express my appreciation and thanks to Keith Buchanan MLA, Assembly Commission Member, for his valued work during this reporting period up until 16 February 2021 and welcome John O’Dowd MLA who joined SARC on 17 February 2021 as Assembly Commission Member. I look forward to working with John over the remainder of my appointment. I would also like to express my appreciation and thanks to Derek Martin for his continued support and professionalism as the SARC Independent Member.
SARC’s work this year was conducted virtually due to the ongoing COVID-19 pandemic. This reporting year SARC met on three occasions, instead of the usual four occasions, due to restrictions incurred by the COVID-19 pandemic and the associated delays in compiling the Annual Report and Accounts and completing the external audit. SARC agreed at its meeting held in October 2020 that given the circumstances, SARC was content that one further meeting would be sufficient to complete the full extent of its annual business for this reporting year.
I would like to take this opportunity to acknowledge that the COVID-19 pandemic, which followed shortly after the resumption of normal Assembly business, created new and very challenging circumstances for the Assembly Commission, and commend the work of the Assembly Commission Secretariat (the Secretariat) for an impressive performance in successfully facilitating the work of the Assembly and its Committees during this very difficult time.
Over the course of the year, SARC has also been impressed by the diligence of the Secretariat in conducting regular self-assessment exercises in the areas of fraud and anti-bribery which includes whistleblowing, cyber security, and risk management. SARC has noted the action plans that have arisen from these exercises and the clear progress illustrated by way of regular monitoring and reporting of progress against the action plans. In addition, SARC noted the regular review of the Fraud Prevention and Anti-Bribery Policy and Response Plan, the Risk Management Strategy and the Corporate Governance Framework.
At each meeting, SARC is presented with a report outlining audit recommendations made, implemented, and outstanding. This enables it to form a clear view of the effort that management invests in continually developing the governance, control and risk arrangements in the organisation and adds considerable value to SARC.
As part of the consideration of the Annual Report and Accounts for the Year Ended 31 March 2020, SARC received a comprehensive overview of the financial statements, including a comparison with the prior year and current year’s budgets; considered the clarity and completeness of the information, taking in to account key accounting policies, assurances about the financial systems, and the quality of the control arrangements over the preparation of the accounts; and received a full briefing on the external audit prior to recommending their approval by the Accounting Officer.
Monitoring of the budget during the year was sound and effective, and whilst the preparation of final accounts was undertaken during difficult conditions imposed by the COVID-19 pandemic, the work was carried out in a professional manner. There were no significant variations in the outturn and no unexpected surprises. This is further evidence of a sound internal control environment, compliance with accounting standards and good corporate governance.
SARC was pleased to note the development and approval of the Internal Audit Strategy 2020/21 – 22/23 which has further improved the basis of its assurance provision. Over the course of the year, we received regular updates from the (Acting) Head of Internal Audit regarding output and progress against the 2020-21 Internal Audit Plan and SARC is pleased to see the continued improvement in Internal Audit planning and delivery. Delivery of the 2020-21 Internal Audit Plan is reviewed and monitored by SARC and has provided a robust level of assurance. SARC noted that the plan was again successfully achieved, with all fieldwork completed by the end of March 2021.
An External Quality Assurance (EQA) Review of the Internal Audit Unit was carried out in 2020 and we look forward to receiving the final report.
I am pleased to report that the Secretariat has developed and maintained a strong culture of accountability throughout the organisation and wisely continues to use the Internal Audit function as a business improvement tool.
As part of our ongoing consideration of risk management procedures, the Corporate Risk Register was reviewed at each meeting and SARC’s annual review of Directorate Risk Registers took place in May 2020. Stewardship Statements were reviewed for each Directorate in July 2020 and October 2020. All of this information indicates that a constructive and practical approach to risk management is embedded within the organisation and, again, contributes to the assurance that can be provided.
SARC has completed a self-assessment exercise for the year ended 31 March 2020. The assessment template is based on the National Audit Office’s checklist for Audit Committees. We also include comments on SARC’s effectiveness from the Northern Ireland Audit Office’s representative. The findings confirm that SARC is fully compliant with best practice. I am also pleased to report that SARC achieved all of its targets.
The Secretariat has had to deal with the unprecedented challenges presented as a result of the worldwide COVID-19 pandemic. I have noted that in order to protect the health and safety of Members, the Secretariat and other users of Parliament Buildings and ensure that Public Health Agency and Government Guidance and Regulations were strictly adhered to, the multidisciplinary COVID-19 Response Group continued to meet throughout the year and provided regular advice and updates.
I would like to thank the Secretariat for their professionalism, courage and resilience and I extend my best wishes to them, their families and friends as we all begin to emerge from this difficult time.
I am grateful to the Assembly Commission for its support and for allowing the SARC Chairperson, or the Independent Member, to attend its meetings and to contribute to its discussions throughout the year. This is very helpful in providing a broader perspective for the work of SARC.
Finally, my thanks go to the Clerk/Chief Executive and the Secretariat for their ongoing support to SARC in the achievement of its objectives.
JIM BROOKS
CHAIRPERSON
CONTENTS
Introduction
The Secretariat Audit and Risk Committee (SARC)
- Meetings
- Membership
- Training
- Management Information Systems and Controls
SARC Progress Against Key Objectives
Internal Audit Activity
Annual Report and Accounts for the Year Ended 31 March 2020
SARC Self-Evaluation
Internal Audit Plan
Conclusion
Annex A: Definition of Audit Ratings
SECRETARIAT AUDIT AND RISK COMMITTEE
REPORT TO THE ASSEMBLY COMMISSION
FOR THE YEAR ENDED 31 MARCH 2021
1 INTRODUCTION
This Report provides the Northern Ireland Assembly Commission (the Assembly Commission) with an account of the activity and achievements of the Secretariat Audit and Risk Committee (SARC) in 2020-2021 in relation to its objectives for that year.
2 SECRETARIAT AUDIT AND RISK COMMITTEE
SARC plays an important role in the overall system of corporate governance in the Assembly Commission. SARC is independent of the Assembly Commission Secretariat (the Secretariat) and aims to support the Clerk/Chief Executive in her role as Accounting Officer. It also provides independent support to the Assembly Commission in monitoring its responsibilities for issues of risk, control and governance and by reviewing the comprehensiveness of assurances.
2.1 Membership
|
Jim Brooks |
Independent Chairperson |
|
Derek Martin |
Independent Member |
|
Keith Buchanan MLA |
Assembly Commission Member to 16 February 2020 |
|
John O’Dowd MLA |
Assembly Commission Member from 17 February 2020 |
2.2 Meetings
SARC normally meets four times a year, although the Chairperson may convene additional meetings should he feel that this is necessary. During 2020-21, SARC met three times due to COVID-19 and the delay in compiling the Annual Report and Accounts and completing the external audit. Given the circumstances, SARC is content that the full extent of its annual business had been covered in the three meetings held during 2020-21. Attendance was as follows:
|
Member |
Meetings attended |
|
Jim Brooks |
3/3 |
|
Derek Martin |
3/3 |
|
Keith Buchanan MLA |
2/3 |
SARC meetings are normally attended by the Accounting Officer, all Directors, the acting Head of Internal Audit, the Head of Finance and one or more representatives from the Northern Ireland Audit Office. Secretarial support is provided by the Legal, Governance and Research Services Directorate.
The Chairperson or the Independent Member of SARC attends meetings of the Assembly Commission as observers. Jim Brooks attended meetings of the Assembly Commission on 12 May 2020 and 29 July 2020 and Derek Martin attended on 30 September 2020, 1 November 2020, 9 December 2020 and 16 February 2020.
2.3 Training
The Chairperson and Independent Member have continued to become more familiar with business areas throughout the Assembly Secretariat. Given the comprehensive induction training provided on appointment and existing knowledge and experience, no formal training was deemed necessary during the year.
2.4 Management Information Systems and Controls
At its meetings, SARC is provided with a number of analyses and reports including:
- An Audit Recommendations Action Log and various self-assessment action plans, together with a statement of the status of each action and a target date for completion. This is used to monitor progress and ensure that recommendations are implemented in a timely manner.
- Changes to the Corporate Risk Register and any areas of concern. SARC monitors the actions taken by the Secretariat Management Group to manage the corporate risks to ensure they remain relevant and that appropriate mitigating actions are taken.
- Copies of Directorate Risk Registers annually for information.
- Copies of Directorate Stewardship Statements every six months for information.
- A progress report from the acting Head of Internal Audit summarising:
- Work performed and a comparison with work planned;
- Key issues emerging from Internal Audit work;
- Management responses to audit recommendations;
- Changes to the Internal Audit Plan;
- An opinion on the overall level of assurance pertaining to the financial year; and
- Any resource issues affecting the delivery of Internal Audit objectives.
- Progress reports from the Northern Ireland Audit Office (NIAO) representative summarising work done and emerging findings.
- Update on Internal Audit’s Continuous Improvement Plan (July 2020).
- Quality Assurance reports on the Internal Audit function (July 2020).
- The Annual Report and Accounts (July/October 2020)
- The NIAO’s Report to Those Charged with Governance (July/October 2020)
- The NIAO Audit Strategy 2021-22 (February 2021)
- The Assembly Commission’s Risk Management Strategy (July 2020)
- Fraud Prevention and Anti-Bribery Policy and Response Plan (February 2021)
SARC is satisfied with the comprehensiveness, reliability and integrity of assurances, the quality of audit, financial reporting and the management of risk.
2.5 PROGRESS AGAINST KEY OBJECTIVES
|
KEY OBJECTIVE
|
PERFORMANCE |
|
To ensure the effective implementation of audit recommendations, including External and Internal Quality Assurance recommendations
|
Continued success in the timely implementation of audit recommendations. Of the 22 recommendations made during the year, 15 have already been implemented. |
|
To oversee the handling of key risk areas by the Secretariat to ensure that risk is being appropriately managed and value for money secured.
|
Corporate Risk Register reviewed at SARC meetings. The economical, effective and efficient use of resources is considered as part of the ongoing audit programme.
Corporate Risk Register reviewed at SARC meetings. Directorate Risk Registers are reviewed annually.
|
|
To keep under review any risks arising out of the potential reform of the system for Financial Support for Members and any governance issues, or recommendations, arising from the Renewable Heat Incentive Inquiry Report. |
At its meeting on 14 October 2020 SARC were pleased to note that the Independent Audit for 2019-20 had resulted in no new or additional recommendations and that certificates had been received for all parties who received payments under the FAPP Scheme during 2019-20.
|
|
To oversee the timely sign-off of the Annual Report and Accounts.
|
Following the SARC meeting on 14 October 2020, SARC members recommended that the Accounting Officer sign the 2019-20 Annual Report and Accounts.
|
|
To promote best practice where possible in the operation of SARC.
|
The Terms of Reference for SARC were reviewed by SARC on 14 October 2020 and are based on the requirements of the HM Treasury Audit and Risk Assurance Committee guidance of March 2016 and the Audit and Risk Assurance Committee Handbook NI.
SARC has completed a self-assessment exercise for the year ended 31 March 2021. The assessment template is based on the National Audit Office’s checklist for Audit Committees.
SARC members bring experience from other Boards and Committees, undertake training as necessary and keep abreast of updates and guidance.
|
2.6 SARC SELF-EVALUATION
On 19 May 2021, SARC members completed a self-assessment checklist for the year ended 31 March 20. SARC was fully compliant in all areas.
3 INTERNAL AUDIT ACTIVITY
3.1 Details of final reports issued between 1st April 2020 and 31st March 2021 are presented below. Definitions of the assurance levels provided by Internal Audit are included at Annex A.
|
ASSIGNMENT |
AUDIT RATING |
REPORT DATE |
|
Review of Payroll |
30/04/20 |
Substantial |
|
Follow-up Review of Legal Services |
03/06/20 |
Substantial |
|
Follow-up Review of Assembly Members Pension Scheme |
03/06/20 |
Substantial |
|
Review of Members Expenses 2019/20 (Interim Testing) |
18/06/20 |
Satisfactory |
|
Review of Broadcasting Infrastructure |
25/06/20 |
Limited |
|
Follow-up Review of Support Services |
17/08/20 |
Substantial |
|
Review of Members Expenses 2019/20 (Final Testing) |
Satisfactory |
24/08/20 |
|
Follow-up Scoping Review of Cybersecurity |
N/A |
15/09/20 |
|
Review of the Administration of Members Expenses |
Substantial |
29/09/20 |
|
Review of Equality and Good Relations |
Substantial |
02/12/20 |
|
Review of IS Infrastructure (Cybersecurity) |
Substantial |
19/01/21 |
|
Review of Office of the Speaker |
Substantial |
27/01/21 |
|
Review of the Administration of the Office of Official Report |
Substantial |
28/01/21 |
|
Follow-up Review of the Committee for Communities |
Substantial |
07/01/21 |
|
Review of Corporate Procurement Cards |
Satisfactory |
25/11/20 |
|
Review of Secretariat Pensions |
Satisfactory |
11/02/21 |
|
Review of Mobile Phones |
Satisfactory |
11/02/21 |
3.2 KEY ISSUES
Recommendations were made in respect of each of the assignments completed by Internal Audit in order to enhance control, governance and risk management arrangements. The findings and recommendations of each review were discussed at SARC meetings and no significant issues have arisen. The rate of acceptance and implementation of recommendations remains high and this has helped to maintain the overall level of assurance at satisfactory.
Between 1 April 2020 and 31st March 2021, 12 final reports were issued. Six reviews resulted in substantial assurance, five provided satisfactory assurance, and one resulted in the provision of limited assurance. The review that resulted in limited assurance was discussed in last year’s SARC Annual Report and the details have therefore not been repeated in the 20/21 SARC Annual Report.
Of the five follow-up reviews carried out, four have resulted in the provision of substantial assurance; the remaining follow-up review concerned recommendations made as part of a scoping review and was not assurance based, however controls were successfully implemented by management to address the three issues raised as part of the scoping review.
3.3 INTERNAL AUDIT PLAN
The Internal Audit Plan and associated Resource Plan for 2020-21 was approved by SMG in April 2020 and noted by SARC on 8 July 2020.
4 ANNUAL REPORT AND ACCOUNTS FOR THE YEAR ENDED 31 MARCH 2020
Based on an examination of the Annual Report and Accounts, and the Report to Those Charged with Governance, SARC members, following the SARC meeting on 14 October 2020, recommended that the Clerk/ Chief Executive sign the 2019-20 accounts. SARC members appreciated the work of the Assembly Secretariat and NIAO staff involved in delivering the accounts during the difficult conditions imposed by the COVID-19 pandemic.
5 CONCLUSION
SARC is satisfied that it has discharged its duties as guided by its Terms of Reference. Given this, and taking into account the work of Internal Audit, the Northern Ireland Audit Office, and assurances provided to it, SARC is satisfied that it provides sufficient assurance to the Assembly Commission and to the Accounting Officer, in the discharge of accountability obligations. SARC is pleased to note the overall Satisfactory level of assurance from the acting Head of Internal Audit for the year ended 31 March 2021.
ANNEX A
ASSURANCE DEFINITIONS
SUBSTANTIAL
There is a robust system of risk management, control and governance which should ensure that objectives are fully achieved.
SATISFACTORY
There is some risk that objectives may not be fully achieved. Some improvements are required to enhance the adequacy and / or effectiveness of risk management, control and governance.
LIMITED
There is considerable risk that the system will fail to meet its objectives. Prompt action is required to improve the adequacy and / or effectiveness of risk management, control and governance.
UNACCEPTABLE
The system has failed or there is a real and substantial risk that the system will fail to meet its objectives. Urgent action is required to improve the adequacy and / or effectiveness of risk management, control and governance.
