Minutes of Proceedings
Date: 09 October 2012
Venue: Room 106
1.1 No apologies were received. The Chairperson welcomed the new SARC independent member, Bernard Mitchell, to the meeting.
2. DECLARATION OF INTERESTS
2.1 There were no declarations of interests.
3. MINUTES OF THE PREVIOUS MEETINGS
3.1 The minutes of the SARC meeting held on 22 May 2012 were approved with one minor amendment, and the minutes of 25 June 2012 were approved without amendment.
4 . MATTERS ARISING
4.1 Paragraph 5.15
In relation to the apparent theft from a safe used by a contractor, the Head of Internal Audit reported that the PSNI were not taking further action and that revised procedures had been put in place.
5. INTERNAL AUDIT ACTIVITY / ASSURANCE
5.1 Brian Moreland informed SARC that eight Internal Audit reports were issued in draft or final form during the period 1 April to 30 September 2012. Of the seven final reports, one received a substantial assurance rating, four were assessed as being satisfactory and two limited:
Review of Members’ Expenses – Satisfactory
Review of Systems Under Development – Satisfactory
Review of Examiner of Statutory Rules – Substantial
Review of Office Resources – Limited
Review of Commission & Corporate Support Unit – Satisfactory
Review of Business Continuity Planning – Limited
Review of Research - Satisfactory
A draft report in respect of the audit of Information Security was issued on 20 September 2012, with a satisfactory level of assurance. The final report will be issued following receipt of management’s responses to the 16 recommendations made.
A follow-up report was issued in respect of the audit of Freedom of Information. As a result of the actions taken by management, the assurance rating has improved to substantial. Follow – up audits are currently under way in respect of the Bill Office and Events.
5.2 Brian Moreland advised SARC of the main issues arising from the final and draft reports issued since June SARC meeting.
5.3 The final report on the Commission and Corporate Support Unit was issued on 6 August 2012, with a total of 16 recommendations. Of these, two were risk rating 1, five were risk rating 2 and the remaining nine were rated 3. The main issues arising from this audit related to the revision of the Commission Handbook and completion of Equality Impact Assessments. Recommendations were also made with regard to revised Guidance and templates for Corporate Submissions, the completion of a branch-level risk register, and resource management.
The overall level of assurance from the audit was satisfactory.
5.4 As previously discussed at SARC, the report on Business Continuity Management was completed by PWC following a procurement exercise in the last financial year. The final report issued on 14 September 2012, with 16 recommendations, of which 14 were given a risk rating of 1, with the remaining two rated 2. Recommendations have been made regarding the finalisation of the Business Continuity Plan (BCP), formal allocation of responsibilities associated with the BCP, scenario planning and the prioritisation of operations.
The assurance level for the audit was limited. It should be noted, however, that management have already taken steps to action the recommendations in the report and will be able to take advantage of the considerable amount of work that has already been undertaken.
The Director of Facilities advised SARC members of planned progress and the revised focus in relation to BCP. SARC members advised that it would be helpful to have indicative costings as soon as possible to allow for budgetary planning for 2013/14. It was agreed that SARC members would be sent copies of Project Management Plan monthly progress reports.
ACTION: STEPHEN WELCH
5.5 The final report for the audit of Research Services issued on 18 September 2012. A total of 14 recommendations were made; one was risk rating 1, six were rated 2, and the remaining seven were rated 3. Recommendations have been made to improve the functionality of the Management Information System currently used by Research Services, including the need to record the reasons for missed deadlines and to build in percentage management checks.
In addition, recommendations have been made in relation to the commissioning of external research expertise, a training action plan for research staff and staffing issues. The assurance rating for this audit was satisfactory.
5.6 The draft report in respect of the audit of Information Security issued on 20 September 2012. A total of 16 recommendations have been made for management’s consideration, of which 10 are risk rating 2, and the remaining six were rated 3. Recommendations were made in respect of the achievement of ISO 27001 accreditation, the finalisation of the information security policy document, and the siting of the server rooms. The assurance rating for the audit was satisfactory, and the final report containing management responses will be issued in due course.
5.7 Mr Moreland informed SARC members of audits in progress: fieldwork in respect of the Gifts & Hospitality assignment is at an advanced stage and the draft report is expected shortly. The initial assessment for the audit is likely to be satisfactory. Fieldwork on the audit of mobile phones is progressing well and is expected to be completed shortly.
5.8 In relation to the Print Contract, contract variations have been signed by both parties (the NI Assembly and TSO Ireland Ltd). SARC agreed that Internal Audit should carry out a review of the level of assurance in late 2012. SARC members are to be given copies of the contract variations.
ACTION: BRIAN MORELAND / JOHN STEWART
5.9 In relation to the annual Audit plan, Brian Moreland advised that, at present, work is progressing well against the audits identified in the plan. The improved staffing level in the unit has undoubtedly contributed to this position. As a result, no variation to the plan is suggested at this point. SARC members will be provided with updates of progress against the annual programme at future SARC meetings.
ACTION: BRIAN MORELAND
5.10 An external quality assurance review is due to be completed in the 2013/14 year. In preparation for this, and in accordance with best practice, an internal quality assurance review will be performed during the last quarter of the 2012/13 year. This exercise was originally to be completed by the Audit Manager, who is currently leading the Business Efficiency Team. It will now be allocated to the successful applicant in the temporary AG5 Audit Manager competition.
5.11 Brian Moreland advised SARC members that the overall level of assurance for the period 1 April to 30 September 2012 is satisfactory. This assessment is based on the levels of assurance arising from individual Internal Audit assignments, the action taken by management to implement recommendations and the results of follow-up audits. Although a number of audits have resulted in limited assurance, management have taken a positive approach to resolving the matters identified on the relevant reports. The majority of the audits completed to date this year have resulted in at least a satisfactory assurance rating and therefore, on balance, the overall rating of satisfactory remains appropriate.
5.12 Mr Moreland reported that the overall rate of acceptance of Internal Audit recommendations remains high. All recommendations at risk ratings 1 and 2 have been accepted, with 87% of those at risk rating 3 accepted. It was agreed that should the situation ever arise where a recommendation with risk rating 1 was not accepted by management, this would be drawn to the attention of SARC.
5.13 As discussed at previous meetings, because of the Audit Manager’s continued participation on the Business Efficiency Project and increased length of time before his return to Internal Audit, it was agreed to approach the Vacancy Management Group for approval to fill that post on a temporary basis. Following approval of the business case to do so, a trawl was issued and two applications were received. Following interview, Glenda Grant was the successful candidate. SARC members congratulated Glenda on her success. It was agreed that Internal Audit staffing would be kept under review.
5.14 Brian Moreland informed SARC that the next meeting of the Inter-Parliamentary Head of Internal Audit Group is due to be held in November 2012. The Heads of Internal Audit for the Houses of Commons and Lords have offered to host this meeting. An agenda will be prepared in due course.
5.15 Following discussions at SARC regarding the Assembly’s fraud response plan and the conduct of investigations in cases where fraud has been detected or is suspected, the Head of Internal Audit informed SARC members that he has been identifying options for future investigations.
The head of the investigation unit for the Department of Agriculture and Rural Development provided a copy of the template used for Service Level Agreements currently in place with other public sector bodies. This has been re-drafted as a Memorandum of Understanding and passed to Legal Services for consideration of the relevant legal risks associated with using this option. Although the contacts provided by the NIAO were pursued, none was in the position to offer an investigation service to the Assembly. The Head of Internal Audit undertook to also explore additional options.
ACTION: BRIAN MORELAND
5.16 Internal Audit performed an on-site visit to a constituency office following an allegation regarding expenditure in relation to the heating system. As a result of the visit, Internal Audit was satisfied that the expenditure was justified.
5.17 Following the loss of petty cash from the Finance Office, a report was issued with a number of recommendations for improving control. Internal Audit noted that management had already acted to reduce the likelihood of recurrence.
6. OUTSTANDING AUDIT RECOMMENDATIONS
6.1 SARC members noted with approval the nil return but sought and received confirmation from the Clerk/Director General that implementation of the four remaining 2010/11 recommendations should be completed by the scheduled dates.
7. NIAO REPORT TO THOSE CHARGED WITH GOVERNANCE
7.1 Louise Mason gave a brief overview of the contents of the Report to those charged with Governance, and reported that the NI Assembly Accounts 2011/12 had been signed, certified and laid prior to the Summer recess. The Director of Facilities updated SARC members on the position relating to Ormiston House. SARC members noted the new requirement in the Report to those charged with Governance for the Audit Committee to have adequate arrangements for tracking all recommendations in the report, and they requested that suitable arrangements be put in place.
ACTION: DAVID JOHNSTON
8. CORPORATE RISK REGISTER
8.1 SARC members noted the new format Corporate Risk Register and discussed the risk ratings. It was agreed that changes from the previous version of the register considered by SARC would in future be notated for the benefit of members.
ACTION: DAVID JOHNSTON
9. SARC TERMS OF REFERENCE
9.1 SARC members noted that the Terms of Reference have been updated to reflect the change in secretariat provision from the former Corporate Policy Unit to the Directorate of Legal and Governance Services and also take account of the change from “Statement on Internal Control” to “Governance Statement”. SARC members were content that no other changes are required at present.
10. DRAFT SARC SELF-ASSESSMENT TEMPLATE
10.1 SARC members considered the contents of the draft new SARC self-assessment checklist, which is based on The National Audit Office’s “The Audit Committee self-assessment checklist”, issued in January 2012, and agreed to its completion as part of SARC’s 2012-13 Annual Report. Any suggested amendments to the list are to be forwarded to the Secretary of SARC by 23 October 2012.
ACTION: SARC MEMBERS
11. MANAGEMENT ACCOUNTS
11.1 SARC members considered the Management Accounts to end August 2012 and noted in particular the underspend in Secretariat Admin costs, which is largely attributed to good business management and the impact of the Business Efficiency Programme.
12.1 It was agreed that the Chairperson of SARC would write to Douglas Bain to thank him for his contribution to the work of SARC.
ACTION: DAVID JOHNSTON / COLM McKENNA
13. DATE OF NEXT MEETING & DATES FOR MEETINGS IN 2013
13.1 SARC members agreed that the next meeting of SARC would take place on Tuesday 4 December 2012 at 2.00 pm.
A further meeting was scheduled for Tuesday 5 March 2013 at 2.00 pm.