Minutes of Proceedings
Date: 10 April 2014
Venue: Room 21, Parliament Buildings
1.1 Apologies were received from Hugh Widdis and Paula McClintock.
2. DECLARATION OF INTERESTS
2.1 There were no declarations of interests.
3. MINUTES OF THE PREVIOUS MEETING
3.1 The minutes of the SARC meeting held on 5 December 2013 were approved without amendment.
4. MATTERS ARISING
4.1 Paragraph 4.1
It was noted that a review of the use of Business Cases was to be considered at the Secretariat Management Group meeting on 11 April 2014. SARC members also noted that a sample of eight existing Business Cases over £250k had been reviewed, providing reassurance to the Accounting Officer on estimated/actual costs. The importance of realistic estimating will be built into Business Case guidance.
4.2 It was noted that all other actions arising from the SARC minutes of 5 December 2013 were now complete.
5. INTERNAL AUDIT ACTIVITY / ASSURANCE
5.1 Brian Moreland advised that 10 Internal Audit reports have been issued in draft or final form during the period 1 April 2013 to 31 March 2014. Of the nine final reports, four received a substantial assurance rating, four were assessed as being satisfactory and one was limited.
Review of Members Expenses – Satisfactory
Review of Legal Services – Substantial
Review of Risk Management – Satisfactory
Review of Public Accounts Committee – Substantial
Review of Building Services – Limited
Review of IFRP – Substantial
Review of DG’s (now Chief Executive’s) Office – Substantial
Review of Education Service – Satisfactory
Review of Secretariat Pensions – Satisfactory
5.2 In addition, a draft report in respect of the audit of the Procurement Office was issued on 21 February 2014 with a satisfactory level of assurance. Draft reports on the audits of Financial Planning and Usher Services are expected to issue shortly. The final reports will be issued following receipt of management’s responses to the recommendations made.
5.3 Brian Moreland advised that follow-up audits have been completed and reports issued in respect of the Commission & Corporate Support Unit (satisfactory), Office Resources (raised to satisfactory from limited), Vacancy Management Group (raised to substantial from satisfactory), Gifts & Hospitality (satisfactory), Environment Committee (substantial), Research Services (raised to substantial from satisfactory), Assembly Members’ Pension Scheme (raised to substantial from satisfactory), Business Continuity Management (raised to satisfactory from limited), Examiner of Statutory Rules (substantial), Legal Services (substantial),
Mobile Phones (limited), Information Security (satisfactory) and Independent Financial Review Panel (substantial).
5.4 In relation to the audit of Building Services, as was noted at the December meeting, Building Services had received a file from Central Procurement Directorate (CPD) in respect of the maintenance contract. It was agreed that the file contained sufficient detail to address the relevant recommendation and management have been in contact with CPD to obtain the equivalent for the remaining contracts noted in the report. SARC members stressed the importance of putting further pressure on CPD to provide the necessary documentation, and of having appropriate processes in place for any new CPD contracts.
5.5 The final report on the Education Service was issued on 23 December 2013, with a total of 14 recommendations. Of these, three were risk rating 2 and the remaining 11 were rated 3. Internal Audit arrived at a satisfactory level of assurance, with recommendations made in respect of finalisation of a memorandum of understanding with CCEA, approval and publication of the outreach strategy and compliance with the gifts and hospitality policy.
5.6 The final report on Secretariat Pensions was issued on 23 December 2013, with 11 recommendations. Of these, two were given a risk rating of 2 and the remaining nine were rated 3. Recommendations were made regarding management checks on actions performed by system administrators, retention of paper files and completion of the monthly return to DFP. The overall level of assurance was satisfactory.
5.7 A draft report in respect of the Procurement Office was issued on 21 February 2014, with a satisfactory level of assurance. A total of five recommendations have been made; one at risk rating 1, three at risk rating 2 and one rated at 3. The final report will issue following receipt of management responses. Recommendations have been made in respect of the use of framework agreements, training records and the retention of records of advice given to contract managers.
5.8 Internal Audits are currently in progress in respect of Financial Planning and, Usher Services.
5.9 SARC members expressed disappointment that the Mobile Phones follow-up audit had resulted in a limited assurance but were informed that the Clerk/Chief Executive has taken action to require compliance by all relevant staff. It was noted that a short further follow-up audit will take place in May 2014.
5.10 Brian Moreland reported that, pending completion of draft reports, the Internal Audit plan for secretariat business areas 2013-14 has been completed. The audit of the Northern Ireland Assembly Legislative Strengthening Trust (NIALST) did not proceed and instead the time was used to complete a number of follow up audits. There is currently no provision for the NIALST in the draft plan for 2014-15. SARC members were informed that NIALST is currently dormant and any future activity would be dependent on funding being made available in June 2014. The situation will be kept under review.
5.11 Eddie Kelly has completed a series of meetings with Directors to refresh the risk assessment originally performed in 2012 and identify changes in structures that may impact on the coverage required and timings.
5.12 The draft Internal Audit plan for 2014-15 was presented to SARC members. It includes a number of assignments that were originally planned for the 2013-14 year but were re-scheduled primarily to permit the establishment of new HR and Finance systems. Members noted that, as agreed, the audit of Members’ expenses is scheduled for May 2014. This is designed to permit testing of a full year’s expenditure and therefore facilitate a more comprehensive opinion. SARC members considered and agreed the plan.
5.13 Revised versions of the Internal Audit Charter and Audit Strategy documents were also considered by SARC members and approved. These incorporate the changes recommended in the External Quality Assurance review.
5.14 Brian Moreland reported that the overall level of assurance for the period 1 April 2013 to 31 March 2014 remains satisfactory. As for previous years, this assessment is based on the levels of assurance arising from the individual Internal Audit assignments, the action taken by management to implement recommendations and the results of follow-up audits. SARC members noted the increase in the number of assignments for which the assurance level was assessed as substantial, and that it is currently anticipated that the two remaining assignments that are nearing completion (Financial Planning and Usher Services) are expected to receive satisfactory ratings. Some 89% of the audits completed resulted in either substantial or satisfactory assurance, with the remaining 11% being limited.
5.15 The overall rate of acceptance of Internal Audit recommendations remains high. All recommendations at risk rating 1 have been accepted, with 95% of those at risk rating 2 and 97% at rating 3 accepted.
5.16 Brian Moreland advised that, in relation to impacts on the Secretariat, the approach taken during each assignment has been designed to fully encompass the Public Sector Internal Audit Standards (PSIAS). This entails assuring management that the purpose of the service is to add benefit and not to be unnecessarily critical, while providing the Accounting Officer with an objective assessment at the conclusion of each audit. The impact of this approach has been generally favourable, with the large majority of recommendations made by Internal Audit being accepted and implemented.
5.17 For the 2013-14 year, the primary impacts from Internal Audit have been in the areas of risk management and contract management. Following an audit of risk management, it was agreed that, to further imbed the work that has already been completed, management would enhance the risk framework and include an assessment of risk appetite. In respect of contract management, it was agreed that future use of framework contracts would include a requirement for greater transparency and assurances relating to the value for money afforded by such arrangements.
5.18 In addition to the core Internal Audit work, the unit contributed to the completion of the Business Efficiency Project. This involved the Audit Manager acting as team leader for the project and the Head of Internal Audit sitting on the Project Board. The project has now been successfully completed and the results will be used to inform management decisions regarding staffing levels etc.
5.19 It was also noted during the Internal Quality Assurance review that the Accounting Officer is of the opinion that Internal Audit has contributed to improvements in organisational delivery. Also, in respect of this review a feedback questionnaire has been issued to SARC members and attendees.
5.20 At the SARC meeting on 5 December 2013, SARC members suggested that there would be merit in drawing attention to lessons learned from substantial and satisfactory audits. Having considered the nature and range of internal audit findings and recommendations over the course of 2013-14, the Head of Internal Audit suggested that a suitable approach would be a written submission to the Secretariat Management Group (SMG) outlining common factors that have resulted in positive levels of assurance, and common themes emerging from recommendations made. Directors would then be asked to cascade these issues to their staff. It is proposed that this approach be adopted at the end of each audit year, with the understanding that any sufficiently significant issues that encompass multiple business areas may warrant a full briefing session.
5.21 A high-level review of the audit opinions contained in the reports has highlighted common themes that promote positive assurance ratings: full compliance with NIA general policies and procedures such as Freedom of Information, procurement and financial management procedures; fully documented operational procedures, and evidence of full compliance with the procedures; regular review and reiteration, when necessary, of relevant policies, procedures and guidance; completeness and accuracy of records held; availability of all documentation, records and evidence requested during the course of the review; clear audit trails of proactivity in resolving operational issues as they arise; fully auditable and transparent contract management arrangements; and clear evidence of adequate supervisory checks on relevant documents.
5.22 A detailed review of recommendations was also carried out. Although many recommendations tend to be specific to the operational area in question, several themes have been identified: all relevant contract documentation should be held by the business area and used to ensure that the contract is effectively managed; appropriate training should be provided to ensure that policies and procedures are effectively promulgated; continuity and contingency arrangements should be implemented, particularly regarding singleton posts; and, in general, operational recommendations often address gaps in compliance with operational procedures and lack of compliance with corporate guidance.
5.23 SARC members considered the proposed approach and suggested that a proportionate, well presented session with Heads of Business would be beneficial, drawing attention to real life examples from across the Public Sector. The Clerk/Chief Executive outlined the variety of approaches adopted in recent years and undertook to consider how best to promulgate the lessons learned this time around.
ACTION: TREVOR REANEY
5.24 Brian Moreland reported that the next meeting of the Inter-Parliamentary Head of Internal Audit Group is due to be held in Wales in June 2014. An agenda has yet to be agreed and SARC will be notified of details in due course.
5.25 Brian Moreland advised that the competition to identify an investigative services provider is now complete, and the contract has been awarded to PWC. There is no retention fee for this service and cost will be incurred on a case by case basis.
5.26 Mr Moreland informed SARC members that no whistleblowing cases have been reported to Internal Audit during the year.
5.27 All members of the Internal Audit unit have identified relevant generic and specialist training for the year ahead.
6 DATA MANAGEMENT BREACH
6.1 SARC members noted the report into a data breach that occurred on Thursday 23 January 2014. They also noted the Information Commissioner’s Office’s view that, given that minimal detriment appears to have been caused to the affected data subjects and the incident does not appear to involve sensitive personal data, the case does not meet the criteria set out in its Data Protection Regulatory Action Policy necessitating further action by the ICO. SARC members complimented the Accounting Officer and those involved on the prompt and thorough response to the incident.
7 “IN PROGRESS” AUDIT RECOMMENDATIONS SCHEDULE
7.1 SARC members noted the continuing high level of implementation of accepted Internal Audit recommendations, with only 14 recommendations currently “in progress”.
8 RTTCWG 2013 AUDIT RECOMMENDATIONS SCHEDULE
8.1 SARC members noted the encouraging level of implementation to date of recommendations contained in the Report to those charged with Governance 2013, with all but five of the 17 recommendations fully implemented.
9 OUTSTANDING AUDIT RECOMMENDATIONS SCHEDULE
9.1 SARC members noted the nil return.
10 BUSINESS IMPROVEMENT PLAN SCHEDULE
10.1 The recommendations from Internal Audit Internal Quality Assurance, External Quality Assurance and the Business Efficiency Programme have been collated into a Business Improvement Plan schedule. SARC members were impressed with the plan and noted implementation progress to date. Brian Moreland advised that initial discussions have been held with Michael Watson, Craigavon Borough Council, to schedule an External Quality Assurance follow-up review in the 2014-15 year.
11 NIAO Update on Audit of 2013-14 Financial
11.1 Louise Mason gave SARC members an overview of the draft interim Report to those charged with Governance in relation to the audit of the 2013-14 NI Assembly Financial Statements. The interim audit focused on testing controls, audit risks, programme income and expenditure, non-current asset verifications, additions and disposals. There were no issues identified which are likely to impact on the Comptroller and Auditor General’s opinion. Management responses are awaited.
12 DIRECTORATE RISK REGISTERS
12.1 SARC members reviewed and noted the contents of the Directorate Risk registers. They stressed the need for Directors to genuinely evaluate and update the registers, ensuring that where appropriate the Risk response is reflected in a reduced residual risk assessment.
ACTION: ALL DIRECTORS
13 CORPORATE RISK REGISTER
13.1 SARC members noted the minor changes made to the contents of the Corporate Risk Register since the December 2013 SARC meeting.
14 MANAGEMENT ACCOUNTS
14.1 SARC members noted the Management Accounts to end February 2014. Richard Stewart gave a verbal update on the emerging year-end position, including likely underspends in Secretariat General Administrative Expenditure and Office Costs Expenditure.
15 SARC ANNUAL REPORT AND SELF ASSESSMENT
15.1 SARC members were content with the draft Annual Report 2013-14 and, subject to one minor amendment, the completion of the self-assessment checklist. The SARC Chair confirmed that no reference to the Report to those charged with Governance was required in the document: as is normal practice, he informs the Assembly Commission of any significant issues contained in the Report to those charged with Governance as they arise, and there are currently no such issues.
The SARC report will be finalised for submission to the Assembly Commission in June 2014.
ACTION: DAVID JOHNSTON
16.1 Trevor Reaney advised SARC that staffing pressures in the Finance Office may have an impact on the production of the Annual Accounts. However, at present, the Accounts preparation was on schedule.
16.2 SARC members requested that an analysis of the Audit and Risk Assurance Committee Handbook (NI), issued on 18 March 2014, be carried out to ascertain SARC’s level of compliance.
ACTION: DAVID JOHNSTON / HUGH WIDDIS
17 DATE OF NEXT MEETING
17.1 SARC will next meet on Tuesday 20 May 2014 at 4.00pm in Room 106, Parliament Buildings to consider the draft Annual Accounts 2013-14.