Local Authority Internal Audit Virtual Forum

28 October  


Please note:

  • All Institute responses are boxed and highlighted blue
  • Where the CEO comments in that capacity, the box is blank but outlined
  • Where the Chair comments in that capacity, the box is highlighted in yellow
  • For confidentiality, the identities of all delegates/attendees are anonymised 

 

CEO welcome

Thank you for joining today to hear about the recently published Risk In Focus 2021 report, produced by the Institute in association with other European chapters of the profession.

I am joined today by Liz Sandwith, the Institute's Chief Professional Practices Advisor in the UK and Ireland; Derek Jamieson, Regional Director in the UK and Ireland; and chair Piyush Fatania, Internal Audit Manager for St. Albans City & District Council and a member of the Institute's Council.

 

Chair's comments

Without question, 2020 will be defined by the global coronavirus pandemic. This caught most countries and businesses off guard, despite the fact the World Economic Forum and others had already been sounding the alarm on global health security and the probability of a pandemic event.

Internal audit has a unique 360-degree view of the business and a risk-control mindset that can help organisations identify their blind spots and also opportunities to improve their operations.

Looking ahead to 2021, internal audit’s enterprise-wide perspective has never been more necessary. Boards and senior managers will depend on this independent top-down viewpoint for insights during what will continue to be a significantly challenging period.

Key takeaways

  • Risk in Focus 2021 is an essential point of reference for all auditors in all sectors.
  • It is not a book to read from start to finish but something to dip into as and when relevant.
  • There are questions/considerations for internal auditors to ask of their organisation and perhaps also of their team for each of the ten risks. These are particularly useful for discussions with your governance leaders.
  • The statistics quoted are a great source of data for your audit reports. Sharing the methodology for the report is designed to give you the confidence to use the output.
  • Year on year comparisons of the top risks naturally reflect the impact of COVID-19.
  • One of the most important elements is the relationship between the top risks and where internal audit is planning to spend its time. It raises the question for all internal auditors about the relevance of the audit plan to the risks that the organisation is facing. How relevant is your audit activity?
  • Many of the risks have been exacerbated by the pandemic, unsurprisingly the only new addition concerns disaster preparedness and crisis management. How effective was crisis decision-making within your local authority?
  • Cyber continues to be the top risk, heightened by remote working and staff susceptibility to social engineering. How alert are your staff to the threats that e-mails and remote working pose?
  • Financial stability is highly relevant for local authorities. You may recall, the audit committee chair at an earlier forum said how internal audit could do more to find opportunities - reining in costs, identifying efficiency savings and exploiting revenue streams. Are you proactive in this space?
  • The consequences of social tensions and rising nationalism will have varying impacts across different geographies e.g. migrants, homelessness, racism, security etc. Where does it feature on your risk register and how is it being managed?
  • Climate change has the potential to be an existential threat if action is not taken. Internal audit must be looking at how to provide meaningful assurance in 2021. The Institute will be publishing its latest report on this very topic next week. Check out the website on 5 November.
  • Please use Risk in Focus 2021 to be forward-looking and proactive to be relevant to the risks and needs of your authority in the years ahead.
  • Now is the time for internal audit to prove its worth

Click here to access the presentation slides from the forum.


Chair's closing comments

Risk in Focus 2021 is a thought-provoking report.

It seems to me that the top priority risks are very much about keeping the organisation going whereas the longer-term considerations such as mergers and acquisitions and climate change seem to be lower priority.

There is a tension in raising blind spots to management and this report, in terms of risk management, is the best vehicle to use to say these are the risks you are likely to face and here is how internal audit can help you manage them.

 

Institute's comments

The Risk in Focus 2021 report can be accessed here and the shorter board briefing here.

Digitalisation is as much an opportunity for internal audit as it is a risk. Data analytics can help with efficiency and effectiveness to support stakeholders through these challenging times. Inefficient working practices are a risk that HIA's should always have a focus on. A small self-help group for HIA's has opened itself up nationally to help teams of all sizes upskill. Please contact Derek Jamieson for more information (derek.jamieson@iia.org.uk).

Our next forum, 25 November, will focus on agile auditing, Mark Williams a very experience agile trainer/coach has agreed to attend and share his wisdom with us.

Thank you for attending.

As always if you have any ideas or suggestions for what we might include in future agendas please contact Liz Sandwith (liz.sandwith@iia.org.uk)

 


Poll Results 

Which topics should we prioritise for future meetings?

Topic Votes
Agile Auditing 25
Data Analytics 20
Climate Change 18
HIA/Audit Committee Chair Relationship 11
Independence & Objectivity 9

Chat box comments

Q. Given the importance of cyber security highlighted in the report, does the Institute feel that there will be an increased reliance on specialised I.T. consultants to aid in I.T. audits?

A. Shaping the future of internal audit is a key project for the Institute in 2021. Part of this includes identifying and recognising the skillsets that will be needed. Knowledge and understanding of IT is important for all auditors. Data analytics is no longer optional, internal audit needs to be across it to deliver what our organisations need.

  • A number of very useful risks within the document - from a local authority perspective I would also be highlighting Adult Social Care (funding / future demand – including the impact of COVID), pace of transformation, regeneration and social inequality as other key risk areas
  • It may not seem an obvious one, but lots of LA's are acquiring companies to generate income streams. There are examples where this has been poorly managed and it’s definitely a key risk for us moving forward to ensure there is robust governance and financial management. Failure has significant risks for LAs.
  • How are CAEs coping with the challenge of IA adding value while also dealing with the volatility and interrelationships of the risks that the report has highlighted?
  • Probably a more minor risk but immediate is Brexit and changes from 1st Jan. How much will LAs be impacted?