Secretariat Audit And Risk Committee
Report To The Northern Ireland Assembly Commission for The Year Ended 31 March 2022
SARC Annual Report 2021 - 2022.pdf (205.27 kb)
CONTENTS
- Introduction
- Assembly Commission Audit and Risk Committee
- Internal Audit Activity
- Annual Report and Accounts for the Year Ended 31 March 2021
- Conclusion
- Assurance Definitions
CHAIRPERSON’S FOREWORD
I am pleased to present the Annual Report for the year ended 31 March 2022 on behalf of the Secretariat Audit and Risk Committee (SARC). This Report describes how SARC fulfilled its role of providing support and advice to the Northern Ireland Assembly Commission (the Assembly Commission) and the Clerk/Chief Executive in order to promote sound governance, internal control, and risk management arrangements. In line with the Assembly Commission’s policy of openness and accessibility, SARC Annual Reports and the minutes of SARC meetings are placed on the Assembly Commission website.
I would like to begin by thanking Jim Brooks and Derek Martin, who served as Chairperson and Independent Member respectively of the Secretariat Audit and Risk Committee (SARC) from 1 December 2016 until 30 November 2021. I am also grateful to John O’Dowd MLA, who has served as the Commission Member on SARC throughout the year.
During this reporting year, SARC met on four occasions. This year has been particularly challenging for the Assembly Commission, due to the ongoing COVID-19 pandemic and the exceptionally high volume of work and legislation during the last year of the 2017-2022 Assembly mandate. I therefore wish to take this opportunity to acknowledge the resilience and dedication of staff in very successfully facilitating all of the work of the Assembly and its Committees during the year.
Once again, SARC has been impressed by the diligence of the Assembly Commission in conducting regular self-assessment exercises in the areas of fraud and bribery which includes whistleblowing, cyber security, and risk management. SARC has noted the action plans that have arisen from these exercises and the clear progress, illustrated by way of regular monitoring and reporting, against the action plans.
At each meeting, SARC is presented with a report outlining audit recommendations made, implemented, and outstanding. This enables it to form a clear view of the effort that management invests in continually developing the governance, control and risk arrangements in the organisation and adds considerable value to SARC.
As part of the consideration of the Annual Report and Accounts for the Year Ended 31 March 2022, SARC received a comprehensive overview of the financial statements, including a comparison with the prior year and current year’s budgets; considered the clarity and completeness of the information, taking in to account key accounting policies, assurances about the financial systems, and the quality of the control arrangements over the preparation of the accounts; and received a full briefing on the external audit prior to recommending their approval by the Accounting Officer.
Over the course of the year, SARC received regular updates from the (Acting) Head of Internal Audit regarding output and progress against the 2021-22 Internal Audit Plan and SARC again noted the continued improvement in Internal Audit planning and delivery. Delivery of the 2021-22 Internal Audit Plan was reviewed and monitored by SARC and has provided a robust level of assurance. SARC noted that the plan was again successfully achieved
The External Quality Assessment (EQA) Report on the Internal Audit Unit was received in June 2021 and SARC noted its conclusion that the Internal Audit Unit operates in general conformance with the Public Sector Internal Audit Standards. This is an important source of assurance as to the standing of Internal Audit and the professionalism of the service provided.
I am pleased to report that the Assembly Commission continues to maintain its strong culture of accountability throughout the organisation and its use of the Internal Audit function as a business improvement tool.
As part of SARC’s ongoing consideration of risk management procedures, the Corporate Risk Register was reviewed at each meeting and the annual review of Directorate Risk Registers took place in May 2021. Directorate Stewardship Statements were also reviewed in May 2021 and October 2021. All of this information indicates that a constructive and practical approach to risk management is embedded within the organisation and, again, contributes to the assurance that can be provided.
SARC has completed a self-assessment exercise for the year ended 31 March 2022. The assessment template is based on the National Audit Office’s checklist for Audit Committees. We also include comments on SARC’s effectiveness from the Northern Ireland Audit Office’s representative. The findings confirm that SARC is fully compliant with best practice. I am also pleased to report that SARC achieved all of its targets.
I am grateful to the Assembly Commission for its support and for allowing the SARC Chairperson, or the Independent Member, to attend its meetings and to contribute to its discussions throughout the year. This is very helpful in providing a broader perspective for the work of SARC.
Finally, my thanks go to the Clerk/Chief Executive and the Assembly Commission staff for their ongoing support to SARC in the achievement of its objectives.
Edward Lord, Chairperson
Secretariat Audit and Risk Committee Report to the Northern Ireland Assembly Commission for the Year Ended 31 March 2022
1. Introduction
This Report provides with an account of the activity and achievements of SARC for the year ended 31 March 2022 along with performance against its key objectives for the year.
2. Assembly Commission Audit and Risk Committee
SARC plays an important role in the overall system of corporate governance in the Assembly Commission. SARC is independent of the Assembly Commission and aims to support the Clerk/Chief Executive in her role as Accounting Officer. It also provides independent support to the Assembly Commission in monitoring its responsibilities for issues of risk, control and governance and by reviewing the comprehensiveness of assurances.
2.1 Membership
| Member | Position |
|---|---|
|
Edward Lord |
Independent Chairperson from 10 December 2021 |
|
TBC |
Independent Member |
|
Jim Brooks |
Independent Chairperson to 30 November 2021 |
|
Derek Martin |
Independent Member to 30 November 2021 |
|
John O’Dowd MLA |
Assembly Commission Member |
2.2 Meetings
SARC normally meets four times a year, although the Chairperson may convene additional meetings should this be necessary. During the year attendance was as follows:
| Member | Meetings invited to and attended |
|---|---|
|
Edward Lord |
100% (1/1) |
|
Jim Brooks |
100% (3/3) |
|
Derek Martin |
100% (3/3) |
|
John O’Dowd MLA |
100% (4/4) |
SARC meetings are normally attended by the Accounting Officer, all Directors, the acting Head of Internal Audit, the Head of Finance and one or more representatives from the Northern Ireland Audit Office. Administrative support is provided by the Legal, Governance and Research Services Directorate.
The Chairperson or the Independent Member of SARC attends meetings of the Assembly Commission as an observer. Jim Brooks attended meetings of the Assembly Commission on 8 July 2021, 9 September 2021, 20 October 2021 and 24 November 2021. Edward Lord attended on 9 February 2022.
2.3 Training
Given the comprehensive induction training provided on appointment and existing knowledge and experience, no formal training was deemed necessary during the year.
2.4 Management Information Systems and Controls
At its meetings, SARC is provided with a number of analyses and reports including:
- An Audit Recommendations Action Log and various self-assessment action plans, together with a statement of the status of each action and a target date for completion.
- Changes to the Corporate Risk Register and progress against planned mitigating actions.
- Copies of Directorate Risk Registers annually for information.
- Copies of Directorate Stewardship Statements every six months for information.
- A progress report from the acting Head of Internal Audit summarising:
- Work performed and a comparison with work planned;
- Key issues emerging from Internal Audit work;
- Management responses to audit recommendations;
- Changes to the Internal Audit Plan;
- An opinion on the overall level of assurance pertaining to the financial year; and
- Any resource issues affecting the delivery of Internal Audit objectives.
- Progress reports from the Northern Ireland Audit Office (NIAO) representative summarising work done and emerging findings.
- The Annual Report and Accounts.
- The NIAO’s Report to Those Charged with Governance.
- The Financial Assistance for Political Parties Scheme audit report.
- An update on Internal Audit’s Continuous Improvement Plan.
- Quality Assurance reports on the Internal Audit function.
- Cyber Security and Information Risk Self-Assessment Checklist and Action Plan Monitoring.
- Risk Management Self-Assessment Checklist and Action Plan Monitoring
- The NIAO Audit Strategy.
- National Fraud Initiative exercise findings.
SARC is satisfied with the comprehensiveness, reliability and integrity of assurances, the quality of audit, financial reporting and the management of risk.
2.5 Progress Against Key Objectives
| KEY OBJECTIVE | PERFORMANCE |
|---|---|
|
To ensure the effective implementation of audit recommendations, including External and Internal Quality Assurance recommendations. |
The timely implementation of audit recommendations is monitored at each meeting. |
|
To oversee the handling of key risk areas by the Secretariat to ensure that risk is being appropriately managed and value for money secured. |
Corporate Risk Register is reviewed quarterly and Directorate Risk Registers are reviewed annually. The economical, effective and efficient use of resources is considered as part of the ongoing audit programme. |
|
To oversee the timely sign-off of the Annual Report and Accounts. |
The Annual Report and Accounts were signed in line with the timetable agreed with the NIAO. |
|
To promote best practice where possible in the operation of SARC. |
SARC reviewed its Terms of Reference on 9 February 2022 against the requirements of the HM Treasury Audit and Risk Assurance Committee Guidance and the Audit and Risk Assurance Committee Handbook (NI).
SARC completed its self-assessment exercise for the year ended 31 March 2022 against the National Audit Office’s checklist for Audit Committees.
SARC members bring experience from other Boards and Committees, undertake training as necessary and keep abreast of updates and guidance. |
2.6 SARC Self-Evaluation
On 18 May 2022, SARC completed its self-assessment checklist for the year ended 31 March 2022 and was fully compliant in all areas.
3. Internal Audit Activity
3.1 Details of Internal Audit reports issued between 1 April 2021 and 31 March 2022 are presented below. Definitions of the assurance levels provided by Internal Audit are included at Annex A.
| Report Title | Assurance Rating | Issue Date |
|---|---|---|
|
Review of Members Expenses (Interim Testing) 2020/21 |
Substantial |
23/04/21 |
|
Review of Accounts Payable |
Substantial |
4/05/21 |
|
Review of Overtime Payments |
Satisfactory |
13/05/21 |
|
Review of Procurement |
Satisfactory |
1/06/21 |
|
Review of Members’ Expenses (Final Testing) 2020/21 |
Substantial |
10/06/21 |
|
Review of the Commission and Clerk/Chief Executive’s Office |
Substantial |
11/06/21 |
|
Review of the Office of the Examiner of Statutory Rules |
Substantial |
6/07/21 |
|
Review of Risk Management |
Substantial |
27/08/21 |
|
Review of Assembly Standing Committees |
Substantial |
28/10/21 |
|
Review of Delegated Procurement |
Satisfactory |
10/1/22 |
|
Review of Recruitment and Selection |
Satisfactory |
3/03/21 |
|
Review of the Youth Assembly |
Satisfactory |
16/02/22 |
|
Review of Members Expenses (Interim Testing) 2021/22 |
Substantial |
31/03/22 |
|
Follow-up Review of the Equality and Good Relations Unit |
Remains Substantial |
30/04/21 |
|
Follow-up Review of IS Infrastructure (Cybersecurity) |
Remains Substantial |
2/06/21 |
|
Follow-up Review of the Bill Office |
Raised to Substantial |
29/07/21 |
|
Follow-up Review of Secretariat Pensions |
Raised to Substantial |
9/06/21 |
|
Follow-up Review of Hansard |
Remains Substantial |
11/08/21 |
|
Follow-up Review of Corporate Procurement Cards |
Remains Satisfactory |
9/09/21 |
|
Follow-up Review of Mobile Phones |
Remains Satisfactory |
1/11/21 |
|
Follow-up Review of Overtime Payments |
Raised to Substantial |
10/11/21 |
3.2 Key Issues
Recommendations were made in respect of the reviews completed by Internal Audit in order to enhance control, governance and risk management arrangements. The findings and recommendations of each review were discussed at SARC meetings and no significant issues have arisen. The rate of acceptance and implementation of recommendations remains high and this has helped to maintain the overall level of assurance at satisfactory.
Between 1 April 2021 and 31 March 2022, 13 final reports were issued. Eight reviews resulted in Substantial assurance and five provided Satisfactory assurance. Of the eight follow-up reviews carried out, six resulted in the provision of Substantial assurance and two provided Satisfactory assurance.
3.3 Internal Audit Plan
The Internal Audit Plan and associated Resource Plan for 2020-21 was approved by SMG in March 2021 and noted by SARC at its meeting in May 2021.
4. Annual Report and Accounts for the Year Ended 31 March 2021
Following an examination of the Annual Report and Accounts and the draft Report to Those Charged with Governance, at its meeting on 24 June 2021, SARC recommended that as Accounting Officer the Clerk/Chief Executive sign the Annual Report and Accounts for the Year Ended 31 March 2021. SARC members appreciated the work of the Assembly Commission and NIAO staff involved in delivering the accounts to the agreed timetable.
5. Conclusion
SARC is satisfied that it has discharged its duties as guided by its Terms of Reference. Given this, and taking into account the work of Internal Audit and the NIAO, and the assurances provided to it, SARC is satisfied that it provides sufficient assurance to the Assembly Commission and to the Accounting Officer, in the discharge of its accountability obligations. SARC is pleased to note the overall Satisfactory level of assurance from the acting Head of Internal Audit for the year ended 31 March 2022.
6. Assurance Definitions
SUBSTANTIAL
There is a robust system of risk management, control and governance which should ensure that objectives are fully achieved.
SATISFACTORY
There is some risk that objectives may not be fully achieved. Some improvements are required to enhance the adequacy and / or effectiveness of risk management, control and governance.
LIMITED
There is considerable risk that the system will fail to meet its objectives. Prompt action is required to improve the adequacy and / or effectiveness of risk management, control and governance.
UNACCEPTABLE
The system has failed or there is a real and substantial risk that the system will fail to meet its objectives. Urgent action is required to improve the adequacy and / or effectiveness of risk management, control and governance.
