Agenda item

Perminder Sethi, Engagement Senior Manager presented the External Auditors Audit Plan 2022/23, which informed the Committee on key matters arising from the audit of the Councils financial statements for the year ending 31st March 2023, including arrangements for the preparation of the 2022/23 Accounts.

The Engagement Senior Manager provided an overview of the key matters in the report:-

• national context and relevant matters affecting the Council.
• The Council’s financial position
• Doncaster Children’s Services Trust being transferred back to the Council
• Doncaster Sheffield Airport closure, options to acquire the facility and CPO
• Doncaster City Status
• Audit Reporting Delays
• External Auditors response to matters as outlined above

He highlighted that the External Auditor remained committed to proving quality and would continue to monitor the Council’s financial position with management and continue its work regarding Value for Money, governance, economy, efficiencies and effectiveness arrangements.  He outlined some of the areas that the External Auditor were to focus on, in particular, in relation to the transition of DCST transferring back into the Council. It was noted that DCST had regular dialogue with the finance team regarding bringing accounts back to the Council and payments to charges. The Engagement Senior Manager also referred to the ongoing work following the Ofsted Inspection taken place last year.

The following significant risks had been identified which were outlined in detail in the Plan:-

·         Management over-ride of controls

·         Valuation of land and buildings

·         Valuations of the net pension fund

·         Accounting for the transition of Doncaster Children’s Trust back in to the Council on 1st  September 2022

The External Auditors further outlined that a risk assessment regarding the Council’s arrangements to secure Value for Money had not identified any risks of significant weaknesses, but would continue to update its risk assessment until the Auditors Annual report.

In relation to materiality, it was noted that this had been set at £10,648m for the group and £10,433k for the Council, with £532k being identified for trivial matters for the group.  With regard to audit logistics, interim planning works had been completed and interim work takes place in July and from July onwards final accounts work commences.  It was anticipated that the accounts audit work to be completed by end of October and a report be presented to the Audit Committee in November.  Work on the Council’s Value for Money arrangements was expected to be completed at the end of the year.

The Chair on behalf of the Committee, thanked the Engagement Senior Manager for his report. Further to a question from the Chair regarding the Council’s progress made against prior year External Audit recommendations, the Assistant Director of Finance confirmed that the outstanding action to address the strengthening of the password settings for Northgate database administrators following the External Auditors 2020-21 assessment of the Council’s risks have now been completed. The Chair welcomed that all of External Auditors 2020-21 recommendations were now complete.

In response to questions from the Vice-Chair, the Engagement Senior Manager, Grant Thornton advised that the External Auditor’s IT Audit Strategy reviewed the key systems used by the Council to ensure integrity of the information produced on the systems. With regard to the Council’s approach to IT general controls, External Audit when carrying out the audit assessed the adequacy and standards of the controls to confirm whether the controls were fit for purpose. An assessment of privileged access in respect of Council IT systems was carried out and the External Auditor assessed the Council’s arrangements in terms of the security of data held by the Council. In terms of the Council’s IT general controls regarding the Cloud environment, it was reported that Grant Thornton have a team of highly specialised technical experts who have extensive experience of IT risk management and control processes and have an understanding of the IT environment nationally across all their client base, working with the Public Sector, NHS and commercial bodies.

The Director of Corporate Resources further provided assurances that the Council have a duty in the first instance to ensure that new IT systems being introduced into the Council were checked for efficacy and the Internal Audit team have arrangements in place to review those systems.

The Vice-Chair highlighted the potential security risks to the Council in terms of IT systems being out of date, which could potentially lead to a material misstatement in the accounts.  He requested that an assessment to be carried out with regard the potential risks of the Council’s IT systems, in particular, in relation to the risk environment of the Cloud system in terms of third party risks. It was reported that the Council did not have the level of expertise to undertake an assessment, however, Salford Council’s Internal Audit Services provided a variety of specialist skills in terms of auditing IT systems and were currently scheduled to  undertake a review of the Council’s third party suppliers, and could possibly carry out a review of the Cloud. This issue would be added to Internal Audit’s assessment of risk. The Engagement Senior Manager, Grant Thornton pointed out that any potential weaknesses identified in the Council’s IT systems would be updated as part of the software updates, which would ensure the safeguarding of data and provided the ability for people to access the systems. 

RESOLVED that Grant Thornton’s Audit Plan for the 2022/23 financial year and Arrangements for the preparation of the 2022/23 Account, be noted.