Secretariat Audit and Risk Committee Report to the Assembly Commission Year Ending 31 March 2018

CHAIRPERSON’S FOREWORD

I would like to begin by recording my appreciation and thanks to Derek Martin, as Independent Member, and Jim Wells MLA, as Commission Member, for their valued input to the work of SARC throughout this reporting period.

It is important that I acknowledge, in writing this Annual Report, that the Northern Ireland Assembly (“the Assembly”) has continued to experience a period of political uncertainty, with no Assembly sittings having taken place, throughout the reporting year.  These circumstances have resulted in a significant number of Secretariat staff being temporarily redeployed to work elsewhere in the Public sector or other legislatures.

In the context of the continuing negotiations between the United Kingdom Government and the European Commission, and the introduction of the EU (Withdrawal) Bill, I also acknowledge the potential future impact of the United Kingdom’s withdrawal from the European Union on the work of the Assembly and the Assembly Commission.

I am pleased to present the Annual Report for 2017-2018 on behalf of SARC.  This Report describes how SARC fulfilled its role of providing support and advice to the Assembly Commission and the Clerk/Chief Executive in order to ensure sound financial and governance arrangements.  In line with its policy of openness and accessibility, SARC Annual Reports and the minutes of SARC meetings are placed on the Assembly website.

During the reporting year, SARC provided support to the Secretariat in relation to managing risk and contributed to the completion process for the 2016-17 Accounts.  In particular, SARC concentrated on assurances in relation to Members’ expenses, procurement activity and the implementation of outstanding audit recommendations. 

SARC members considered a revised Risk Management Strategy which included a more detailed analysis of risk appetite.  SARC members also considered completed assessments in relation to the Northern Ireland Audit Office’s Managing Fraud Risk Self-assessment Checklist; the British Standards Institution’s Anti-bribery Self-assessment Questionnaire; the Northern Ireland Audit Office’s “Managing the Risk of Bribery and Corruption: A Good Practice Guide for the Northern Ireland Public Sector”; and the National Audit Office’s good practice guide “Cyber Security and Information Risk Guidance for Audit Committees”.

The Corporate Risk Register was reviewed each quarter by SARC.  Directors’ Stewardship Statements were reviewed in May 2017 and January 2018.  The Secretariat’s revised Organisational structure, effective from 1 October 2017, was noted. 

SARC members completed a self-assessment template, based on the National Audit Office’s checklist for Audit Committees, on 16 May 2018.  An element of external review has been added to the assessment by requesting comments on SARC’s effectiveness from the NI Audit Office’s representative.  The findings confirm that SARC is fully compliant with best practice.

The draft Internal Audit Plan for 2017-18 was considered and agreed by SARC at its meeting on 17 May 2017. In the light of temporary redeployments across the Assembly Secretariat, a revised plan was considered and agreed by SARC on 18 October 2017.  The revised plan has been successfully completed, with reports drafted or finalised.

SARC has this year continued to see significant progress maintained in the timely implementation of audit recommendations and has continued to monitor the implementation of all audit recommendations to clear timetables and targets.

I am pleased to report that the Secretariat has developed and maintained a strong culture of accountability throughout the organisation and wisely continues to use the Internal Audit function as a business improvement tool. I am also pleased to report that SARC achieved all of its targets within the allocated budget.

I am grateful to the Assembly Commission for its support and for allowing the SARC Chairperson, or the Independent member, to attend its meetings and to contribute to its discussions throughout the year. This is very helpful in providing a broader perspective for the work of SARC.  I look forward to continuing the practice of the SARC Chairperson meeting annually in private with the Assembly Commission to discuss matters pertaining to SARC, as I know that this has proved to be particularly helpful in the past.

Finally, my thanks go to the Clerk/Chief Executive and the staff of the Assembly Secretariat for their commitment and diligence in providing SARC with the information necessary to achieve its objectives as well as very valuable secretarial services. 

JIM BROOKS
CHAIRPERSON

 

CONTENTS

Introduction

The Secretariat Audit and Risk Committee (SARC)

  • Meetings
  • Membership
  • Training
  • Management Information Systems and Controls

Progress of SARC 2017-2018

  • Performance against key objectives

Internal Audit Activity 2017-18

NI Assembly Accounts 2016-2017

Evaluation of SARC 2017-18

Internal Audit Plan

Conclusion

Annex A:  Definition of Audit Ratings

 

SECRETARIAT AUDIT AND RISK COMMITTEE

REPORT TO THE ASSEMBLY COMMISSION

FOR YEAR ENDING 31 MARCH 2018

1. INTRODUCTION

This Report provides the Assembly Commission with an account of the       activity and achievements of the Secretariat Audit and Risk Committee    (SARC) in 2017-2018 in relation to its objectives for that year. 

2. SECRETARIAT AUDIT AND RISK COMMITTEE (SARC)

SARC plays an important role in the overall system of corporate governance in the Northern Ireland Assembly Secretariat.  SARC is independent of the Secretariat and aims to support the Clerk/Chief Executive in her role as Accounting Officer.  It also provides independent support to the Assembly Commission in monitoring its responsibilities for issues of risk, control and governance and by reviewing the comprehensiveness of assurances. 

2.1 Membership 2017-18

Jim Brooks

Independent Chairperson

Derek Martin

Independent Member

Jim Wells MLA

Assembly Commission Member


2.2 Meetings

SARC meets at least four times a year, although the Chairperson may convene additional meetings should he feel that this is necessary.  During 2017-18, SARC met four times.  Attendance was as follows:

Member

Meetings attended

Jim Brooks

4/4

Derek Martin

4/4

Jim Wells MLA

3/4

SARC meetings are normally attended by the Accounting Officer, all Directors, the Head of Internal Audit, the Head of Finance and a representative from the Northern Ireland Audit Office.  Secretarial support is provided by the Legal, Governance & Research Services Directorate.

The Chairperson of SARC attends meetings of the Assembly Commission as an observer. Jim Brooks attended meetings of the Commission on 22 November 2017 and 31 January 2018.  Derek Martin attended the Commission meetings on 25 September 2017 and 5 March 2018.

2.3 Training

The Chairperson and Independent member have continued to become more familiar with business areas throughout the Assembly Secretariat and to meet key staff.  Given the comprehensive induction on appointment and existing knowledge and experience, no formal training was deemed necessary throughout the year.

2.4 Management Information Systems and Controls

At each meeting, SARC is provided with a number of analyses and reports including: 

  • A log of all outstanding Audit Recommendations together with a statement of the status of each and a target date for completion. This is used at each meeting to monitor progress and ensure that recommendations are implemented in a timely manner.
  • Changes to the Corporate Risk Register and any areas of concern. SARC monitors the actions taken by the Secretariat Management Group to manage the Corporate Risks to ensure they remain relevant and that appropriate mitigating actions are taken. Copies of the Assurance Statements completed by Directors are submitted to SARC for information every six months.
  • A progress report from the Head of Internal Audit summarising:
    • Work performed and a comparison with work planned;
    • Key issues emerging from Internal Audit work;
    • Management responses to audit recommendations;
    • Changes to the Internal Audit Plan; and
    • Any resource issues affecting the delivery of Internal Audit objectives.
  • A progress report from the NI Audit Office representative summarising work done and emerging findings.

As and when appropriate, or when requested, SARC will also be provided with:

  • The Internal Audit Charter;
  • The Internal Audit Strategy;
  • Head of Internal Audit’s Annual Opinion and Report;
  • Quality Assurance reports on the Internal Audit function;
  • The draft accounts of the Assembly Commission;
  • The draft Governance Statement;
  • A report on any changes to accounting policies;
  • The NIAO’s Report to Those Charged with Governance;
  • A report on any proposals to tender for audit functions;
  • A report on co-operation between Internal and External Audit;
  • The NIAO audit strategy;
  • The Assembly Secretariat’s Risk Management Strategy; and
  • Stewardship Statements.

SARC is satisfied with the comprehensiveness, reliability and integrity of assurances, the quality of audit, financial reporting and the management of risk.  SARC members considered the contents of a draft Governance Statement at the SARC meetings on 17 May and 20 June 2017.

3. PROGRESS OF SARC IN 2017-18

3.1 Performance against key objectives

KEY OBJECTIVE

PERFORMANCE

To ensure the effective implementation of audit recommendations, including External and Internal Quality Assurance recommendations

Continued success in the rapid implementation of outstanding audit recommendations.  Of the 33 recommendations made during the year, 23 have already been implemented.

To oversee the handling of key risk areas by the Secretariat to ensure that risk is being appropriately managed and value for money secured.

Corporate Risk Register reviewed at SARC meetings.  The economical, effective and efficient use of resources is considered as part of the ongoing audit programme.

To keep under review any risks arising from organisational change programmes, where appropriate, and any issues arising out of the work of the Independent Financial Review Panel.

Corporate Risk Register reviewed at SARC meetings. Directorate Risk Registers are reviewed annually.

Independent Financial Review Panel currently not established.

To oversee the timely sign-off of the Annual Report and Accounts.

Following the SARC meeting on 20 June 2017, SARC members recommended that the Accounting Officer sign the 2016/17 Annual Accounts.

To promote best practice where possible in the operation of SARC.

The operations and Terms of Reference for SARC were reviewed by SARC on 18 October 2017 and are based on the requirements of the HM Treasury Audit and Risk Assurance Committee guidance of March 2016 / Audit and Risk Assurance Committee Handbook NI.

SARC members bring experience from other Boards and Committees, undertake training as necessary and keep abreast of updates and guidance.

4. INTERNAL AUDIT ACTIVITY 2017-18

4.1 Internal Audit Programme 2017-18

Details of progress in relation to the Internal Audit Programme for 2017-18 are outlined below.  Risk Rating Definitions are attached at Annex A.

ASSIGNMENT

AUDIT RATING

REPORT DATE

Review of VES Admin

Satisfactory

May 2017

Review of Provision of Hardware and Software

Satisfactory

May 2017

Review of Winding Up Expenditure

Satisfactory

May 2017

Review of Risk Management

Substantial

May 2017

Review of the Committee for Communities

Substantial

May 2017

Review of Cyber-Security (scoping review)

Not applicable

October 2017

Review of Members Expenses

Satisfactory

October 2017

Review of RaISe

Satisfactory

November 2017

Review of Usher Services

Satisfactory

March 2018

Review of Roof Project

Satisfactory

March 2018

Follow-up audits have been carried out as follows:

FOLLOW-UP AUDITS

AUDIT RATING

REPORT DATE

Review of Winding Up Expenditure

Substantial

January 2018

Review of Politics Plus

Substantial

February 2018

Review of Risk Management

Substantial

February 2018

Review of Voluntary Early Severance Administration

Substantial

February 2018

Review of iTrent (HR)

Satisfactory

April 2018

Work ongoing:

ASSIGNMENT

AUDIT RATING

REPORT DATE

Review of Secretariat Travel

To be determined

In progress

Review of PECOS

To be determined

In progress

Review of Members Expenses

To be determined

In progress

Follow-up Review of iTrent (Payroll)

To be determined

In progress

4.2 Key Issues

Recommendations were made in respect of each of the assignments completed by Internal Audit in order to enhance control / manage risk. The rate of acceptance and implementation of recommendations remains high and has helped to maintain the overall level of assurance at satisfactory.

The results of the audits carried out in the 2017-18 year were either satisfactory (7) or substantial (2); the scoping review of cyber-security arrangements was not an assurance review therefore an overall assurance rating was not provided.  Follow-up audit results were either substantial (4) or satisfactory (1). 

As a result of the continuing political situation affecting the work of the Assembly Secretariat, and the consequent temporary redeployment of a significant number of Assembly Commission staff (which includes the temporary redeployment of a member of Internal Audit staff), the audit plan was reduced in-year, with the approval of SARC.  The work completed in 2017-18, however, is sufficient to allow a meaningful level of annual assurance to be given.

5. NI ASSEMBLY ACCOUNTS 2016-2017

Based on an examination of the Accounts and the Report to Those Charged with Governance, SARC members, following the SARC meeting on 20 June 2017, recommended that the Clerk/ Chief Executive sign the 2016-17 accounts.  SARC members appreciate the work of the Secretariat and NIAO staff involved in delivering the accounts to timetable.

6. EVALUATION OF SARC 2017-18

On 16 May 2018, SARC members completed a self-assessment checklist for 2017-2018; SARC was fully compliant in all areas.

7. INTERNAL AUDIT PLAN 2018-19

A draft Internal Audit plan was considered by SARC on 31 January and 16 May 2018.  SARC members approved the Audit Plan and Strategy on 16 May 2018.

8. CONCLUSION

SARC is satisfied that it has discharged its duties as guided by its Terms of Reference.  Given this, and taking into account the work of Internal Audit and the NI Audit Office, and assurances provided to the Committee, SARC is satisfied that it provides sufficient assurance to the Assembly Commission and to the Accounting Officer in the discharge of accountability obligations. SARC is pleased to note the overall Satisfactory level of assurance from Internal Audit for the period 1 April 2017 to 31 March 2018.  In addition, SARC’s conscious decision in October 2016 to retain the Substantial assurance rating, rather than adopt only the ratings outlined in DAO (DoF) 07/16, has proven to be useful, with two Final Audit Reports and four Follow-up Reports receiving Substantial assurance ratings. It is most pleasing to SARC that there were no Audit Reports in 2017-18 resulting in Limited or Unacceptable assurance ratings.

 

ANNEX A

ASSURANCE DEFINITIONS

SUBSTANTIAL  

There is a robust system of risk management, control and governance which should ensure that objectives are fully achieved.

SATISFACTORY 

There is some risk that objectives may not be fully achieved. Some improvements are required to enhance the adequacy and / or effectiveness of risk management, control and governance.

LIMITED 

There is considerable risk that the system will fail to meet its objectives. Prompt action is required to improve the adequacy and / or effectiveness of risk management, control and governance.

UNACCEPTABLE 

The system has failed or there is a real and substantial risk that the system will fail to meet its objectives. Urgent action is required to improve the adequacy and / or effectiveness of risk management, control and governance.