2 minute read
Internal audit
• completion of the risk-based Audit Plan 2018-2021 • endorsement of a comprehensive and risk-based
Internal Audit Program for 2020/21 • monitored and reviewed Council’s response to
COVID-19 and the associated Economic and Social
Recovery Plan • monitored and reviewed the Mayor and General
Manager delegations and decisions register during the COVID-19 period • recommended Council address Long-Term Financial
Plan sustainability concerns • reviewed and updated combustible cladding compliance and Council’s Fire Safety Protocol • reviewed and updated Council’s cybersecurity regime and controls • reviewed the top two risks per Division • reviewed major projects and determined whether the project risks are being appropriately managed • oversaw implementation of the External Audit
Management Letter recommendations • continued oversight of the development of Risk
Management, Compliance and Governance frameworks within the merged council arrangement • reviewed draft financial statements for the year ended 30 June 2020 in September 2020 and subsequently reviewed the finalised Financial
Statements on 16 October 2020 • recruited two new committee members in March 2021.
Chief Audit Executive
We have a full-time qualified Chief Audit Executive reporting administratively to the General Manager and functionally to the ARIC. The Chief Audit Executive is a member of the IIA and, by being so, is required to comply with the International Standards for the Professional Practice of Internal Auditing.
This position supports the ARIC and performs other internal audit functions including developing and implementing the three-year risk-based Audit Plan, carrying out/coordinating internal audits, providing consultancy advice and conducting investigations. The Chief Audit Executive has the capacity to engage experienced contractors to undertake selected reviews and internal audits.
Internal Audit Plan
During 2020/21, the three-year 2018-2021 Audit Plan was completed, and included the following audits:
• information management and technology – Wi-Fi penetration testing and vulnerability • information management and technology – email phishing testing and vulnerability • information security framework policy review • NSW Audit Office – governance and internal controls for local infrastructure contributions • payroll • tree management • swimming pool compliance • Transport for NSW Driver and Vehicle Information
System (RMS Drives) Terms of Access Agreement The Audit Program was developed using a riskbased approach. Recommendations resulting from the audits were designed to tighten the internal control environment and improve processes. The recommendations have been implemented or are in progress.
Audits by NSW Audit Office
In addition to the 2020/21 Audit Program, Council was directly or indirectly subject to the following audit reports from the NSW Audit Office:
• governance and internal controls – local infrastructure contributions • procurement management in local government • credit card management in local government • NSW Audit Office Report on Local Government 2020. Findings and recommendations applied to the whole local government sector, including our Council.
Overall, the ARIC and the internal audit function ambitiously completed 2020/21 with robust and comprehensive coverage over many aspects of the organisation’s operations.
