Assembly Commission Audit and Risk Committee: Annual Report to the Northern Ireland Assembly Commission for the year ended 31 March 2024
Download this report as a PDF (11 pages, 206KB)
CONTENTS
2. Assembly Commission Audit and Risk Committee
4. Annual Report and Accounts for the Year Ended 31 March 2023
Annex A: Assurance Definitions
ACTING CHAIRPERSON'S FOREWORD
As the position of Chairperson of the Assembly Commission Audit and Risk Committee (ACARC) is currently vacant, in accordance with the ACARC Terms of Reference, I am presiding over ACARC pending the recruitment of a new Chairperson.
I am therefore pleased to present the Annual Report for the year ended 31 March 2024 on behalf of ACARC.
This Report describes how ACARC fulfilled its role of providing support and advice to the Northern Ireland Assembly Commission (the Assembly Commission), the Clerk/Chief Executive and the Senior Management Team (SMT) in order to promote sound governance, internal control, and risk management arrangements. In line with the Assembly Commission's policy of openness and accessibility, ACARC Annual Reports and the minutes of ACARC meetings are placed on the Assembly Commission website.
During this reporting year, ACARC met on three occasions rather than the usual four occasions, as the meeting scheduled for 25 October 2023 was postponed at the request of the Assembly Commission. Papers were, however, issued for the October meeting in the usual manner and all outstanding matters from this meeting were comprehensively addressed at the February 2024 meeting.
This year has been challenging for the Assembly Commission due to political uncertainty followed by the resumption of normal Assembly business on 3 February 2024, after a two-year hiatus. Once again, the staff of the Assembly Commission demonstrated their effectiveness and resilience, implementing plans at short notice to support the successful return of normal business.
Since that time, there have been many significant challenges to deal with, including filling a large number of vacant staff posts, securing an appropriate budget for the Assembly Commission and the implementation of the new Windsor Framework Democratic Scrutiny Committee. I therefore wish to take this opportunity to acknowledge the dedication of staff during the year.
The Assembly Commission conducts biennial self-assessments. A new Risk Management Self-Assessment and Action Plan was presented to ACARC in February 2024. The Fraud and Bribery and Cyber Security Self Assessments have been paused for a short time pending the revision of the Fraud Prevention and Anti-Bribery Policy and the finalisation of the Independent Technical Review of Cyber Security.
At each meeting, ACARC is presented with a report outlining audit recommendations made, implemented, and outstanding. This enables it to form a clear view of the effort that management invests in continually developing the governance, control and risk arrangements in the organisation, and adds considerable value to ACARC.
As part of the consideration of the Annual Report and Accounts for the Year Ended 31 March 2023, ACARC received a comprehensive overview of the financial statements, including a comparison with the prior year and current year's budgets; considered the clarity and completeness of the information, taking in to account key accounting policies, assurances about the financial systems, and the quality of the control arrangements over the preparation of the accounts; and received a full briefing on the external audit prior to recommending their approval by the Accounting Officer.
As Internal Auditors, EY is required to provide an Annual Assurance Report on the system of internal control in the Assembly Commission. In its 2023-24 Annual Assurance Report, EY's opinion is that the Assembly Commission has a framework of controls in place that provides Satisfactory Assurance over the effective and efficient achievement of the Assembly Commission's objectives and management of key risks.
As part of ACARC's ongoing consideration of risk management procedures, the Corporate Risk Register was reviewed at each meeting and the annual review of Directorate Risk Registers took place in May 2023. Directorate Stewardship Statements were reviewed in May 2023 and February 2024. ACARC also reviewed an updated Risk Management Strategy in February 2024. All of this information indicates that a constructive and practical approach to risk management is embedded within the organisation and, again, contributes to the assurance that can be provided.
ACARC has completed a self-assessment exercise for the year ended 31 March 2024, which includes comments on ACARC's effectiveness from the Northern Ireland Audit Office's representative. The assessment template is based on the National Audit Office's checklist for Audit Committees. The findings confirm that ACARC is fully compliant with best practice. I am also pleased to report that ACARC achieved all of its targets.
I am grateful to the Assembly Commission for its support and for inviting the Chairperson or Independent Member to attend its meetings and to contribute to its discussions. I also wish to acknowledge the importance of the Assembly Commission Member on ACARC as this helps to ensure that there is effective communication between the Assembly Commission and ACARC. This is very helpful in providing a broader perspective for the work of ACARC.
Finally, my thanks go to the Clerk/Chief Executive, the SMT and the Assembly Commission staff for their ongoing support to ACARC in the achievement of its objectives.
Dr Maurice Keady
Acting Chairperson
1. Introduction
This Report provides an account of the activity and achievements of ACARC for the year ended 31 March 2024, along with performance against its key objectives for the year.
2. Assembly Commission Audit and Risk Committee
ACARC plays an important role in the overall system of corporate governance in the Assembly Commission. ACARC is independent of the Assembly Commission and aims to support the Clerk/Chief Executive in her role as Accounting Officer. It also provides independent support to the Assembly Commission in monitoring its responsibilities for issues of risk, control and governance and by reviewing the comprehensiveness of assurances.
2.1 Membership
| Member | Position |
|---|---|
|
Edward Lord OBE |
Independent Chairperson to 22 January 2024 |
|
Dr Maurice Keady |
Independent Member / Acting Chairperson |
|
Trevor Clarke MLA |
Assembly Commission Member to 19 March 2024 |
|
Robbie Butler MLA |
Assembly Commission Member from 19 March 2024 |
2.2 Meetings
ACARC met three times this year. During the year attendance was as follows:
| Member | Meetings invited to and attended |
|---|---|
|
Edward Lord OBE |
100% (2/2) |
|
Dr Maurice Keady |
100% (3/3) |
|
Trevor Clarke MLA |
100% (3/3) |
|
Robbie Butler MLA |
N/A |
ACARC meetings are normally attended by the Accounting Officer, all Directors, the Head of Finance, Internal Audit and the Northern Ireland Audit Office (NIAO). Administrative support is provided by the Legal, Governance and Research Services Directorate.
The Chairperson or the Independent Member of ACARC are generally invited to attend meetings of the Assembly Commission as an observer. Edward Lord OBE attended one meeting of the Assembly Commission on 21 June 2023. Dr Maurice Keady attended on 19 March 2024.
2.3 Training
Given the comprehensive induction training provided on appointment and existing knowledge and experience, no formal training was deemed necessary during the year.
2.4 Management Information Systems and Controls
At its meetings, ACARC is provided with a number of analyses and reports including:
- An Audit Recommendations Action Log and various self-assessment action plans, together with a statement of the status of each action and a target date for completion.
- Changes to the Corporate Risk Register and progress against planned mitigating actions.
- Copies of Directorate Risk Registers annually for information.
- Copies of Directorate Stewardship Statements every six months for information.
- A progress report from Internal Audit summarising:
- Work performed and a comparison with work planned;
- Key issues emerging from Internal Audit work;
- Management responses to audit recommendations;
- Changes to the Internal Audit Plan;
- An opinion on the overall level of assurance pertaining to the financial year; and
- Any resource issues affecting the delivery of Internal Audit objectives.
- The Annual Report and Accounts.
- Progress reports from the NIAO representative summarising work done and emerging findings.
- The NIAO's Report to Those Charged with Governance.
- The Financial Assistance for Political Parties Scheme audit report.
- Cyber Security and Information Risk Self-Assessment Checklist and Action Plan Monitoring.
- Risk Management Self-Assessment Checklist and Action Plan Monitoring.
- National Fraud Initiative exercise findings.
ACARC is satisfied with the comprehensiveness, reliability and integrity of assurances, the quality of audit, financial reporting and the management of risk.
2.5 Progress Against Key Objectives
| KEY OBJECTIVE | PERFORMANCE |
|---|---|
|
To ensure the effective implementation of audit recommendations, including External and Internal Quality Assurance recommendations. |
The timely implementation of audit recommendations is monitored at each meeting. |
|
To oversee the handling of key risk areas by the Assembly Commission to ensure that risk is being appropriately managed and value for money secured. |
Corporate Risk Register is reviewed quarterly and Directorate Risk Registers are reviewed annually. The economical, effective and efficient use of resources is considered as part of the ongoing audit programme. |
|
To oversee the timely sign-off of the Annual Report and Accounts. |
The Annual Report and Accounts were signed in line with the timetable agreed with the NIAO. |
|
To promote best practice where possible in the operation of ACARC. |
ACARC last reviewed its Terms of Reference on 16 February 2023 against the requirements of the HM Treasury Audit and Risk Assurance Committee Guidance and the Audit and Risk Assurance Committee Handbook (NI). The annual review has been paused pending the outcome of an Internal Audit of Corporate Governance Arrangements. This is to enable any findings or recommendations from this audit to be considered.
ACARC completed its self-assessment exercise for the year ended 31 March 2024 against the National Audit Office's checklist for Audit Committees.
ACARC members bring experience from other Boards and Committees, undertake training as necessary and keep abreast of updates and guidance. |
2.6 ACARC Self-Evaluation
On 16 May 2024, ACARC completed its self-assessment checklist for the year ended 31 March 2024 and was fully compliant in all areas.
3. Internal Audit
Internal Audit provides the Accounting Officer and the Assembly Commission, through ACARC, with independent and objective evaluation of risk management, control and governance processes within the Assembly Commission.
Internal Audit examines the adequacy, efficiency and effectiveness of systems, people, and processes to identify potential risks and areas for improvement. Internal Audit will also review and challenge the risk management framework and assess the operation of the framework.
Internal Audit provides findings and recommendations for each engagement, including benchmarking controls and performance against appropriate leading practices with the aim of improving processes and practices within the Assembly Commission.
3.1 Internal Audit Plan
The Internal Audit Strategy and Value Charter June 2023 was noted by ACARC at its meeting on 27 June 2023. This report included the one-year Internal Audit Plan 2023/24 in addition to the Proposed three-year Internal Audit Plan 2023/24 to 2025/26.
3.2 Internal Audit Activity
Details of Internal Audit reports issued in respect of the Internal Audit Plan 2023-24 are presented below. In summary, six reviews were undertaken, of which five resulted in a Satisfactory assurance and one resulted in a Limited assurance.
The Limited assurance related to a review of Contract Management which contained a Priority One recommendation relating primarily to the need to urgently review and update Contract Management Guidance. This work has been completed and new Guidance has been implemented. Definitions of the assurance levels provided by Internal Audit are included at Annex A.
| Report Title | Assurance Rating | Issue Date |
|---|---|---|
|
Security Management Arrangements |
Satisfactory |
October 2023 |
|
Speaker, Assembly Commission and Member Sponsored Events |
Satisfactory |
February 2024 |
|
Review of Budgeting and Key Financial Reporting |
Satisfactory |
February 2024 |
|
Review of Legal Services Office |
Satisfactory |
April 2024 |
|
Review of Child Protection Arrangements |
Satisfactory |
April 2024 |
|
Review of Contract Management |
Limited |
April 2024 |
The findings and recommendations of each review were discussed at ACARC meetings and no significant issues have arisen. The rate of acceptance and implementation of recommendations remains high.
3.3 Annual Assurance
Internal Audit is required to provide assurance on the system of internal control. It should be noted that assurance can never be absolute. Internal Audit can provide only reasonable assurance that there are no significant weaknesses in the system of internal control.
In assessing the level of assurance to be given, Internal Audit takes the following matters into account:
- Audits undertaken as part of the 2023-24 Internal Audit Plan;
- Any follow-up action taken in respect of audits from previous periods; and
- The proportion of the Internal Audit Plan covered to date.
Internal Audit considers that the Assembly Commission has a framework of controls in place that provides Satisfactory Assurance over the effective and efficient achievement of the Assembly Commission's objectives and the management of key risks.
Internal Audit is also required to indicate any control issues which it considers to be of significant concern. These control issues may be based on Internal Audit activities for the year, together with Internal Audit's wider knowledge of the Assembly Commission.
4. Annual Report and Accounts for the Year Ended 31 March 2023
Following an examination of the Annual Report and Accounts and the draft Report to Those Charged with Governance, at its meeting on 27 June 2023, ACARC recommended that, as Accounting Officer, the Clerk/Chief Executive sign the Annual Report and Accounts for the Year Ended 31 March 2023.
The Comptroller and Auditor General (C&AG) is responsible for the audit, certification and reporting on the Assembly Commission's annual financial statements. The C&AG certified the Assembly Commission's financial statements with an unqualified audit opinion without modification, on 29 June 2023.
The Assembly Commission's Annual Report and Accounts for the Year Ended 31 March 2023 were then laid in Westminster on 20 July 2023.
ACARC members appreciated the work of the Assembly Commission and NIAO staff involved in delivering the audit and accounts to the agreed timetable.
5. Conclusion
ACARC is satisfied that it has discharged its duties as guided by its Terms of Reference. Given this, and considering the work of Internal Audit and the NIAO, and the assurances provided to it, ACARC is satisfied that it provides sufficient assurance to the Assembly Commission and to the Accounting Officer, in the discharge of its accountability obligations. ACARC is pleased to note the overall Satisfactory Assurance for the year ended 31 March 2024.
Annex A: Assurance Definitions
EY Internal Audit Assurance Ratings
In line with best practice and to ensure consistency with other public sector organisations, EY utilise the three tier assurance ratings set out in DAO 07/16. This was agreed by ACARC at its meeting on 18 May 2023. The three levels of evaluation now adopted are as follows:
SATISFACTORY
Overall there is a satisfactory system of governance, risk management and control. While there may be some residual risk identified, this should not significantly impact on the achievement of system objectives.
LIMITED
There are significant weaknesses within the governance, risk management and control framework which, if not addressed, could lead to the system objectives not being achieved.
UNACCEPTABLE
The system of governance, risk management and control has failed or there is a real and substantial risk that the system will fail to meet its objectives.
