Local authority audit: helping hand in handling your lot

10 Jul 18

While they can’t magic away risk or conjure up resources, effective audit committees are essential for local authority success, says CIPFA governance adviser Diana Melville.


It is recognised good practice to have an audit committee to support an organisation’s audit arrangements, strong public financial management and good governance. But there is more to it than ticking boxes.

With serious financial pressures on all parts of the public sector, there have been several years of budget reductions, restructures and changes to service delivery models across many authorities. Those working in finance, internal audit, risk and governance roles have played an essential role in supporting and guiding their organisations through those changes, but at the same time they have seen their own resources reduced. While the majority of authorities are performing effectively, the risks remain high, and there are some red and amber flags emerging.

Consider these quotes from external and internal auditors in their published reports:

2016/17 Annual audit letters for principal authorities

[Following allegations of impropriety in wholly owned subsidiary companies] “We have concluded that, as the review identified that the principles and values of sound governance were not always in place for some decisions taken during 2016/17, a modification to our value for money opinion was required.”

“We concluded that there remain weaknesses in proper arrangements for understanding and using appropriate and reliable financial and performance information to support informed decision-making and performance management, and for planning, organising and developing the workforce effectively to deliver strategic priorities.”

2016/17 Internal audits

“The council’s internal control environment remains marginal, which means there are high risks requiring prompt action and that only limited assurance can be given.”

“Owing to the absence of a comprehensive risk management process, we were only able to provide partial assurance on the effectiveness of risk management.”

“Limited audit work has been undertaken regarding the organisation’s IT control framework, and no evidence of third-party assurances could be provided. As a result, the opinion does not extend to the council’s IT control framework.”

None of these organisations are classified as ‘failing’, yet they have risks and challenges that need attention and support. This is where the audit committee should be playing its part. It provides a forum to focus on risks and internal controls. It can discuss the findings from internal audit reports, and it can consider the strengths and weaknesses of the organisation’s governance.

An effective audit committee can provide constructive challenge and ensure more rounded decision-making, asking key questions such as: ‘Are we satisfied that risks are fully understood?’; ‘Are we monitoring the impacts of the changes we have made, and are there any warning signs we need to pick up on?’; ‘Are plans realistic and achievable, and what support do you need?’.

It doesn’t matter whether these questions are asked in response to a review of the strategic risk register or to an internal audit report or when reviewing the annual governance statement. What is important is that they are being asked. The audit committee can’t magic risks away or conjure up resources, but it can help the organisation handle its lot more successfully. So what difference does the 2018 edition of the CIPFA position statement – Audit committees, practical guidance for local authorities and police – make? It provides support for the role of the audit committee and sets out how it can have influence and add value via an effective structure; knowledgeable, objective members; focused agendas; and recognition of its work. The publication advises on how to best achieve these conditions, and CIPFA now recommends including an independent co-opted member on the audit committee. This has become increasingly common – local authorities in Wales and combined authorities in England are required to include a co-opted member; police audit committees are made up solely of independents, and other sectors use non-executives. Whichever route is taken, independent knowledge and expertise can prove invaluable.

Did you enjoy this article?