Minutes of Proceedings
Session: Session currently unavailable
Date: 31 January 2018
Jim Brooks, Chairperson
Jim Wells MLA
Lesley Hogg, NIA
Rodney Allen, NIAO
Christine Burns, NIAO
Tara Caul, NIA
Richard Stewart, NIA
Dr Gareth McGrath, NIA
Paula McClintock, NIA
Eddie Kelly, NIA
David Johnston, NIA, Secretary
The meeting commenced at 2.07pm. The Chairperson welcomed Rodney Allen and Christine Burns from the NI Audit Office to the meeting.
Apologies were received from Brian Moreland, Head of Internal Audit. SARC members sent their best wishes to Brian.
2. Declarations of Interest
There were no declarations of interest.
3. Minutes of Previous Meeting
Minutes of the previous meeting held on 18 October 2017 were approved without amendment.
4. Matters arising
It was noted that the Internal Audit Resource Plan was on the agenda.
5. Internal Audit Activity / Assurance
Eddie Kelly informed SARC that, since the SARC meeting in October 2017, the final report on the RaISe review had been issued on 19 January 2018, with a Satisfactory level of assurance. Four Risk Rating 2 recommendations have been made in relation to knowledge sharing; research requests; acquisition of publications; and the agreement of a formal Memorandum of Understanding between the Assembly Commission and its partners in relation to the annual Knowledge Exchange Seminar Series.
A follow-up review of Winding-Up Expenditure was carried out and the report issued on 19 January 2018. On the basis of full implementation of the recommendations, the assurance level was raised to Substantial.
Draft reports have been issued in respect of the Internal Audits of the Roof Project and Usher Services. Management responses have been received and these are currently being considered.
Fieldwork on the Secretariat Travel audit is now complete and a draft report has been submitted for Internal Audit management review.
Follow-up reviews are currently in progress relating to the audits of the Voluntary Early Severance Scheme Administration; Assembly Commission support to Politics Plus; iTrent HR; and Risk Management.
Preliminary meetings in respect of the review of PECOS have been held. This review will be taken forward in early 2018.
SARC members noted that the overall level of assurance for the period 1 April 2017 to 31 December 2017 is Satisfactory.
The Internal Audit plan for 2017-18 was reviewed and noted by SARC members. SARC had agreed changes to the plan at the October 2017 SARC meeting following on from the temporary voluntary redeployment of approximately 50% of the Internal Audit staff resource, and staff absence has had a further impact on available resources. In light of the reduced resources, a fuller discussion of planned activity for the final quarter of 2017-18 was tabled for the next agenda item.
One member of the Internal Audit team was redeployed to NICS Internal Audit on 8 January 2018. This has initially been scheduled to last for between three to six months. The Head of Internal Audit and Audit Manager have been providing support to the Houses of the Oireachtas on separate projects. As a result of current resource pressures, NI Assembly demands have taken priority.
The range of audits in the plan for 2017/18 has reduced as a consequence of the ongoing situation across the organisation of staff temporary redeployment. Internal Audit will continue to base the level of assurance for the year on the outcomes of the assignments that can be completed, but the annual opinion from the Head of Internal Audit may be drawn from a narrower view.
Internal Audit continue to be prepared to work with management in order to identify innovative solutions to emerging risk management issues that may manifest themselves as a consequence of reduced staffing levels arising as a result of temporary redeployment.
No whistleblowing cases have been reported to Internal Audit to date this year, and no new cases of fraud have been identified by, or reported to, Internal Audit since the October 2017 SARC meeting.
The next meeting of the Fraud Investigator Practitioner Forum is due to take place in spring 2018.
The inter-parliamentary Heads of Internal Audit group met in Dublin on 26 January 2018. The Assembly was not represented on this occasion but information has been provided by the attendees. In particular, the National Assembly for Wales has made available its GDPR training for Members, and Internal Audit has already shared this with the Information Standards Officer.
The Head of Internal Audit attended the HM Treasury Internal Audit Conference in November 2017, and the Head of Internal Audit and the Audit Manager plan to attend the Chartered Institute of Internal Auditors Leaders Conference 2018 in March.
6. Internal Audit Resource Plan / Draft Internal Audit Plan 2018-19
Eddie Kelly tabled the Internal Audit Resource Plan / Draft Internal Audit Plan, covering the period to end March 2018 and then the first quarter of 2018-19. It was noted that the plans would be kept under review. The planned full year programme for 2018-19 is still in development and will be presented to the May SARC meeting. The SARC Chair welcomed the assessment as a step forward towards identifying total resources available to Internal Audit and the extent of risk-based Internal Audits. This helps to assess productivity and also protects from diversion of audit resources to less direct activities. It was noted that the early focus in 2018-19 will be on Members’ Expenses in advance of the Annual Accounts.
Action: Eddie Kelly to develop planned full year audit programme for
2018-19 to be presented to the May SARC meeting.
7. Audit Recommendations Schedule
SARC members considered the updates and noted the continuing high level of implementation of accepted Audit recommendations, with only seven recommendations currently “in progress”. SARC members continue to view implementation as very important and were pleased with the good progress that had been made and maintained in this area.
8. NIAO Audit Strategy 2017-18
Rodney Allen informed SARC of the recent restructuring at the NI Audit Office. The new team had already met with the Clerk/Chief Executive and the Head of Finance and were familiarising themselves with the work of the Assembly.
Rodney gave SARC members an overview of the Audit Strategy for 2017-18, including materiality and the notional audit fee. No significant risks of material misstatement had been identified. One “other risk factor” - payments to Members, including the potential lack of clarity over certain areas of the Independent Financial Review Panel’s 2016 Determination, given that the Panel is not in place - had been identified. All present at SARC noted the Audit timetable. SARC members complimented the NI Audit Office on the very readable format of the Strategy.
9. SARC Objectives 2018-19
SARC members discussed minor changes to the current SARC objectives and acknowledged that the full range of responsibilities was set out in the SARC Terms of Reference.
Agreed: SARC agreed that the third objective would be amended to read:
“To keep under review any risks arising from organisational change / the political situation, where appropriate, and any issues arising out of the work of the Independent Financial Review Panel or the Reaney Review”.
Action: David Johnston to amend wording accordingly.
10. Corporate Risk Register
SARC members noted the changes made to the contents of the Corporate Risk Register since the October 2017 SARC meeting and welcomed the regular review of the Risk Register. The SARC Chair raised the possible risk of the Assembly Secretariat not being able to meet Member expectations in relation to a short-notice return to fully operational mode but was reassured by the Clerk/Chief Executive that appropriate contingency arrangements are in place.
11. Stewardship Statements (at 30 September 2017)
SARC members noted the contents of the Stewardship Statements as at 30 September 2017 and the fact that, in the absence of a Director of Facilities towards the end the reporting period, Heads of Business within the then Facilities Directorate had completed individual Stewardship Statements. SARC members found the statements to be a valuable discipline in strengthening accountability.
12. Key Guidance from Department of Finance
SARC members noted the two DAO letters and two FD letters that had been issued by the Department of Finance since the October 2017 SARC meeting.
13. National Audit Office: Cyber Security & Information Risk Checklist
The Governance Officer informed SARC that the National Audit Office’s good practice guide “Cyber Security and Information Risk Guidance for Audit Committees” had been published in September 2017. A checklist, together with narrative detailing compliance, has been completed with input from the Head of the Information Systems Office and the Information Standards Officer. The assessment has confirmed a high level of compliance and an action plan has been put in place to improve and strengthen a small number of areas where potential weaknesses were identified.
SARC members were reassured by the document; evidence that the Assembly Commission is taking the issue of Cyber Security and Information Risk seriously, with appropriate defences in place.
14. NI Audit Office: Bribery & Corruption Checklist
The Governance Officer advised SARC members that the Northern Ireland Audit Office’s “Managing the Risk of Bribery and Corruption: A Good Practice Guide for the Northern Ireland Public Sector” had been published in November 2017 and circulated under DAO (DoF) 04/17. The organisation checklist, together with narrative detailing compliance, has been completed with input from the Head of Internal Audit, the Head of Procurement and the Head of Finance. The assessment has confirmed a very high level of compliance. A short Action Log to further enhance compliance has also been compiled. The NIAO document also provides an individual checklist to help individual public officials determine whether they are familiar with, and adhere to, all relevant policies and procedures.
SARC members commended the Assembly staff on the completion of the document and noted the assurance that it provided.
The NI Audit Office welcomed the fact that both the Cyber Security and Information Risk checklist and the Bribery and Corruption checklist had been completed so promptly after the relevant guidance had been published and the reassurance that they brought to SARC.
The Clerk/Chief Executive thanked the Governance Officer and the relevant Heads of Business for completing both checklists to a very high standard.
Rodney Allen informed SARC that Lucia Wilson, Clerk to the Public Accounts Committee, is being temporarily redeployed to the NI Audit Office with effect from 1 February 2018.
SARC members enquired as to whether robust preparations were being made for the implementation of the General Data Protection Regulation in May 2018. SARC was assured that extensive work was underway – a Project Board, Project Team and project plan are in place; an audit of personal data has been completed; staff awareness training has taken place; and privacy notices, terms and conditions of contracts, and internal processes are under consideration. Awareness training will also be made available to MLAs.
SARC members thanked officials for the update.
16. Date of Next Meeting
The date of the next meeting is Wednesday, 16 May 2018.
The meeting ended at 3.15pm.