Secretariat Audit and Risk Committee Report to the Assembly Commission Year Ending 31 March 2019
CHAIRPERSON’S FOREWORD
I am pleased to present the Annual Report for 2018-19 on behalf of the Secretariat Audit and Risk Committee (SARC). This Report describes how SARC fulfilled its role of providing support and advice to the Northern Ireland Assembly Commission (the Assembly Commission) and the Clerk/Chief Executive in order to promote sound governance and risk management arrangements. I would like to express my appreciation and thanks to Derek Martin, as Independent Member, and Jim Wells MLA, as Commission Member, for their valued work during this reporting period. In line with the Assembly Commission’s policy of openness and accessibility, SARC Annual Reports and the minutes of SARC meetings are placed on the Assembly Commission website.
SARC’s work has, for a second full reporting period, been set in the context of ongoing political uncertainty for the Northern Ireland Assembly (the Assembly), with no Assembly sittings having taken place. These circumstances have resulted in the continued voluntary temporary redeployment of a significant number of Assembly Commission Secretariat (Assembly Secretariat) staff to work elsewhere in the public sector and in other legislatures. It is also important to acknowledge the potential future impact of the United Kingdom’s withdrawal from the European Union on the work of the Assembly and the Assembly Commission.
During the reporting year, SARC provided support to the Assembly Secretariat in relation to managing risk and contributed to the completion process of the 2017-18 Accounts.
SARC has had particular regard to assurances in relation to Members’ expenses which helps maintain the integrity and credibility of the political institution at a time when the credibility and integrity are under public scrutiny.
Other areas of particular focus for SARC were the risk areas of: fraud and bribery; cyber security; and the implementation of audit recommendations within the organisation.
SARC members noted revisions to the Risk Management Strategy and the Fraud Prevention and Anti-Bribery Policy and Response Plan. We welcomed the organisation’s completion of self-assessments in the risk areas of fraud and bribery and cyber security along with the implementation of their associated action plans. A report of procurement activity was provided to SARC in June 2018.
The Corporate Risk Register was reviewed at each meeting and SARC’s annual review of Directorate Risk Registers took place in May 2018. Stewardship Statements were reviewed for each Directorate in May 2018 and October 2018 and will be reviewed again in May 2019.
SARC has been conscious that audit resources have reduced, as part of the temporary redeployments which the Assembly Secretariat has undertaken. SARC has kept a close watch on the scope and coverage of the audit plan to ensure that the necessary assurance can be maintained.
SARC is of the opinion that the delivery of the 2018-19 Internal Audit plan, reviewed and monitored by SARC, has provided for a robust level of assurance, limited only by the lack of procedural parliamentary business and associated audit coverage. The plan has been successfully completed, with reports drafted or finalised. SARC has this year continued to welcome the acceptance and timely implementation of audit recommendations within the organisation.
I am pleased to report that the Assembly Secretariat has developed and maintained a strong culture of accountability throughout the organisation and wisely continues to use the Internal Audit function as a business improvement tool.
SARC has completed a self-assessment exercise for the year ending 31 March 2019. The assessment template is based on the National Audit Office’s checklist for Audit Committees. We also include comments on SARC’s effectiveness from the Northern Ireland Audit Office’s representative. The findings confirm that SARC is fully compliant with best practice. I am also pleased to report that SARC achieved all of its targets within the allocated budget.
I am grateful to the Assembly Commission for its support and for allowing the SARC Chairperson, or the Independent member, to attend its meetings and to contribute to its discussions throughout the year. This is very helpful in providing a broader perspective for the work of SARC. I look forward to continuing the practice of the SARC Chairperson meeting annually, in private, with the Assembly Commission to discuss matters pertaining to SARC.
Finally, my thanks go to the Clerk/Chief Executive and the staff of the Assembly Secretariat for their ongoing support to SARC in the achievement of its objectives. The need to maintain a state of readiness to enable the Assembly to return quickly to normal business imposes a strain on the organisation. Management has however been successful in redeploying staff to other legislatures and publically funded bodies to maintain their skills, morale and motivation and to avoid wasted resources. This balance is difficult to achieve and becomes more difficult the longer the period of political uncertainty continues. SARC is aware of this continuing management challenge.
JIM BROOKS
CHAIRPERSON
1. INTRODUCTION
This Report provides the Northern Ireland Assembly Commission (the Assembly Commission) with an account of the activity and achievements of the Secretariat Audit and Risk Committee (SARC) in 2018-2019 in relation to its objectives for that year.
2. SECRETARIAT AUDIT AND RISK COMMITTEE (SARC)
SARC plays an important role in the overall system of corporate governance in the Assembly Commission. SARC is independent of the Assembly Commission Secretariat (the Assembly Secretariat) and aims to support the Clerk/Chief Executive in her role as Accounting Officer. It also provides independent support to the Assembly Commission in monitoring its responsibilities for issues of risk, control and governance and by reviewing the comprehensiveness of assurances.
2.1 Membership 2018-19
Jim Brooks |
Independent Chairperson |
Derek Martin |
Independent Member |
Jim Wells MLA |
Assembly Commission Member |
2.2 Meetings
SARC meets at least four times a year, although the Chairperson may convene additional meetings should he feel that this is necessary. During 2018-19, SARC met four times. Attendance was as follows:
Member |
Meetings attended |
Jim Brooks |
4/4 |
Derek Martin |
4/4 |
Jim Wells MLA |
2/4 |
SARC meetings are normally attended by the Accounting Officer, all Directors, the acting Head of Internal Audit, the Head of Finance and one or more representatives from the Northern Ireland Audit Office. Secretarial support is provided by the Legal, Governance and Research Services Directorate.
The Chairperson of SARC attends meetings of the Assembly Commission as an observer. Jim Brooks attended meetings of the Commission on 30 May 2018, 11 October 2018, 19 December 2018 and 5 February 2019. Derek Martin attended the Commission meeting on 5 July 2018.
2.3 Training
The Chairperson and Independent Member have continued to become more familiar with business areas throughout the Assembly Secretariat. Given the comprehensive induction training provided on appointment and existing knowledge and experience, no formal training was deemed necessary throughout the year.
2.4 Management Information Systems and Controls
At its meetings, SARC is provided with a number of analyses and reports including:
- A log of all outstanding Audit Recommendations together with a statement of the status of each and a target date for completion. This is used to monitor progress and ensure that recommendations are implemented in a timely manner.
- Changes to the Corporate Risk Register and any areas of concern. SARC monitors the actions taken by the Secretariat Management Group to manage the Corporate Risks to ensure they remain relevant and that appropriate mitigating actions are taken.
- Copies of Stewardship Statements, completed for each Directorate, are submitted to SARC for information every six months.
- A progress report from the Head of Internal Audit summarising:
- Work performed and a comparison with work planned;
- Key issues emerging from Internal Audit work;
- Management responses to audit recommendations;
- Changes to the Internal Audit Plan;
- An opinion on the overall level of assurance pertaining to the financial year; and
- Any resource issues affecting the delivery of Internal Audit objectives.
- Progress reports from the Northern Ireland Audit Office (NIAO) representative summarising work done and emerging findings.
- The Internal Audit Charter.
- The Internal Audit Strategy.
- Head of Internal Audit’s Annual Opinion and Report.
- Quality Assurance reports on the Internal Audit function.
- The draft accounts of the Assembly Commission.
- The draft Governance Statement.
- A report on any changes to accounting policies.
- The NIAO’s Report to Those Charged with Governance.
- The NIAO audit strategy.
- The Assembly Commission’s Risk Management Strategy.
- Stewardship Statements.
- Fraud Prevention and Anti-Bribery Policy and Response Plan.
- Whistleblowing Policy.
- Organisational risk management self-assessments.
SARC is satisfied with the comprehensiveness, reliability and integrity of assurances, the quality of audit, financial reporting and the management of risk. SARC members considered the contents of a draft Governance Statement at the SARC meetings on 16 May and 20 June 2018.
3. PROGRESS OF SARC IN 2018-19
3.1 Performance against key objectives
KEY OBJECTIVE |
PERFORMANCE |
To ensure the effective implementation of audit recommendations, including External and Internal Quality Assurance recommendations |
Continued success in the timely implementation of audit recommendations. Of the 18 recommendations made during the year, 14 have already been implemented. |
To oversee the handling of key risk areas by the Secretariat to ensure that risk is being appropriately managed and value for money secured. To keep under review any risks arising from organisational change / the political situation, where appropriate, and any issues arising out of the work of the Independent Financial Review Panel or the Reaney Review.
|
Corporate Risk Register reviewed at SARC meetings. The economical, effective and efficient use of resources is considered as part of the ongoing audit programme. Corporate Risk Register reviewed at SARC meetings. Directorate Risk Registers are reviewed annually. Independent Financial Review Panel currently not established. Given the Secretary of State’s determinations in relation to the Reaney Review, the Review will not form part of SARC’s objectives for 2019/20. |
To oversee the timely sign-off of the Annual Report and Accounts. |
Following the SARC meeting on 20 June 2018, SARC members recommended that the Accounting Officer sign the 2017-18 Annual Accounts. |
To promote best practice where possible in the operation of SARC. |
The Terms of Reference for SARC were reviewed by SARC on 17 October 2018 and are based on the requirements of the HM Treasury Audit and Risk Assurance Committee Guidance of March 2016 / Audit and Risk Assurance Committee Handbook NI. SARC has completed a self-assessment exercise for the year ending 31 March 2019. The assessment template is based on the National Audit Office’s checklist for Audit Committees. SARC members bring experience from other Boards and Committees, undertake training as necessary and keep abreast of updates and guidance. |
4. INTERNAL AUDIT ACTIVITY 2018-19
4.1 Internal Audit Programme 2018-19
Details of progress in relation to the Internal Audit Programme for 2018-19 are outlined below. Risk Rating Definitions are attached at Annex A.
ASSIGNMENT |
AUDIT RATING |
REPORT DATE |
Review of Members' Expenses 2017-18 |
Satisfactory |
July 2018 |
Review of PECOS |
Satisfactory |
July 2018 |
Review of Secretariat Travel |
Satisfactory |
August 2018 |
Review of the Public Engagement Unit |
Satisfactory |
December 2018 |
Review of the Assembly Members Pension Scheme |
Satisfactory |
March 2019 |
Follow-up audits have been carried out as follows:
FOLLOW-UP AUDITS |
AUDIT RATING |
REPORT DATE |
Follow-up Review of HR (iTrent) |
Satisfactory |
April 2018 |
Follow-up Review of iTrent (Payroll) |
Substantial |
June 2018 |
Follow-up Review of |
Satisfactory |
August 2018 |
Work ongoing:
ASSIGNMENT |
AUDIT RATING |
REPORT DATE |
Review of Members Expenses (interim audit of 2018-19 expenditure) |
To be confirmed (TBC) |
Draft report under consideration |
Review of GDPR |
TBC |
Draft report under consideration |
Review of Support Services |
TBC |
Draft report under consideration |
Follow-up Review of Roof Project |
TBC |
Draft report under consideration |
4.2 Key Issues
Recommendations were made in respect of each of the assignments completed by Internal Audit in order to enhance control, governance and risk management arrangements. The rate of acceptance and implementation of recommendations remains high and has helped to maintain the overall level of assurance at satisfactory.
On the basis of 2018-19 final reports issued to date, the results of the audits carried out in the 2018-19 year were all satisfactory (5). Follow-up audit results were either substantial (1) or satisfactory (2). Although the assurance levels in respect of draft reports have yet to be confirmed formally, the results of those audits will contribute to the Head of Internal Audit’s opinion on the overall level of assurance for 2018-19.
The political situation continued to affect the work of the Assembly Commission in 2018-19. A significant number of staff continued to be temporarily redeployed. This included the temporary redeployment of a member of Internal Audit staff.
At the SARC meeting on 20 June 2018, the SARC Chairperson noted that the provision of assurance by the Head of Internal Audit (HIA) is an integral part of SARC’s work and asked the acting HIA to confirm that he was content to continue to provide assurance in light of reduced staffing resources.
Consequently, the audit plan and resources were reviewed by the acting HIA and Director of Legal, Governance and Research Services and the findings presented to the Secretariat Management Group in August 2018. The review included the scope of the planned assignments and resource days required. SMG endorsed the recommendations arising from the review and this resulted in the deferral of two audits and a reduction in resource allocation to one audit.
The Acting HIA was of the opinion that the resulting plan included sufficient coverage to provide a meaningful level of assurance to the Clerk/Chief Executive on the framework of internal control, governance and risk management for 2018-19.
5. NI ASSEMBLY ACCOUNTS 2017-18
Based on an examination of the Annual Report and Accounts, and the Report to Those Charged with Governance, SARC members, following the SARC meeting on 20 June 2018, recommended that the Clerk/Chief Executive sign the 2017-18 accounts. SARC members appreciated the work of the Assembly Secretariat and NIAO staff involved in delivering the accounts to timetable.
6. EVALUATION OF SARC 2018-19
On 15 May 2019, SARC members completed a self-assessment checklist for 2018-19; SARC was fully compliant in all areas.
7. INTERNAL AUDIT PLAN 2019-20
A draft Internal Audit plan and associated resource plan was considered and approved by SARC on 15 May 2019.
8. CONCLUSION
SARC is satisfied that it has discharged its duties as guided by its Terms of Reference. Given this, and taking into account the work of Internal Audit, the Northern Ireland Audit Office, and assurances provided to it, SARC is satisfied that it provides sufficient assurance to the Assembly Commission and to the Accounting Officer, in the discharge of accountability obligations. SARC is pleased to note the overall Satisfactory level of assurance from Internal Audit for the period 1 April 2018 to 31 March 2019. It is pleasing that there were no Audit Reports in 2018-19 resulting in Limited or Unacceptable assurance ratings.
ANNEX A - ASSURANCE DEFINITIONS
SUBSTANTIAL
There is a robust system of risk management, control and governance which should ensure that objectives are fully achieved.
SATISFACTORY
There is some risk that objectives may not be fully achieved. Some improvements are required to enhance the adequacy and / or effectiveness of risk management, control and governance.
LIMITED
There is considerable risk that the system will fail to meet its objectives. Prompt action is required to improve the adequacy and / or effectiveness of risk management, control and governance.
UNACCEPTABLE
The system has failed or there is a real and substantial risk that the system will fail to meet its objectives. Urgent action is required to improve the adequacy and / or effectiveness of risk management, control and governance.