East Sussex
Local Government Pension Scheme
Internal Audit Strategy and Plan
2023/24
1. Introduction
1.1. The Scheme provides retirement benefits for employees of the County Council and 140 other employer organisations, including Brighton & Hove City Council, district and borough councils and academic institutions.
1.2. We (the Orbis Internal Audit & Counter Fraud Team) provide internal audit services to the East Sussex Pension Fund.
2. Objective
2.1. The objective of this Pension Scheme Audit Strategy and Plan (The Strategy), which is formally reviewed on an annual basis, is to provide the Scheme with a consistent, risk-based approach to determining an internal audit programme for the Pension Fund.
2.2. The ESPF pools funds with another 10 funds as part of the ACCESS Pool, a collaboration of central, eastern and southern shires. The 11 members of the ACCESS pool hold total assets of £60.1bn, of which 31.8bn is pooled. The ESPF has assets of £4.7bn of which £2.6bn is pooled. Where possible, we shall seek additional sources of assurance over controls operating over the ACCESS Pool, e.g., audit reports on the ACCESS Support Unit.
2.3. The Fund receives professional advice from ISIO. The Fund’s actuary is Barnett Waddingham LLP, and the most recent actuarial valuation of the Fund was carried out in 2022. The valuation found that the funding level had improved from 107% in 2019 to 123% in 2022.
2.4. The Strategy seeks to provide assurance on the following aspects of pension fund activities:
· The collection of contributions;
· Investments and accounting;
· Cash management; and
· The administration of benefit payments.
3. Approach
3.1. The Strategy uses risk assessment as its foundation. On a periodic basis, risks will be reviewed in consultation with the Chairs of the Pension Committee and Board and with management to identify any new risks. The risk assessment will consider the materiality and significance of the processes involved, any negative factors such as problems or significant changes, and any positive factors, which provide comfort or assurance. It should be borne in mind that the Pension Fund is a material and fundamental financial system in its own right and, as such, should be subject to a level of coverage that complements the work of the Scheme’s external auditors.
3.2. The outcome of the risk assessment will be an objective view of those areas of the business where the organisation requires assurance that risks are being managed effectively. Internal Audit will then use a number of potential sources to provide that assurance.
3.3. Throughout the year, there will be routine liaison between Internal Audit and officers representing the Fund to identify emerging risks and ensure that this Strategy continues to reflect the needs of, and risks to, the Fund. COVID-19 has continued to affect the way many areas of the pension administration service are being delivered, as well as having a wider impact on the Fund, in particular on the performance of its investments.
3.4. Where appropriate, audit coverage will be varied from year to year. In areas where no significant findings were made in the previous year, the scope may be widened to other areas to maximise the breadth of coverage. For instance, where new policies have been introduced, we may review compliance with these.
3.5. Where possible, direct access to source data will be obtained, including to data held in the administration system (Altair), information passed via the Pension Regulator’s on-line portal and HMRC’s event reporting portal.
3.6. We plan to deliver 75 audit days for the year 2023/24. This level of coverage will be kept under review to ensure that it remains appropriate to the needs of the Fund. Audits covered in previous years are presented in Appendix A.
4. Professional Standards
4.1. Audits of the Pension Fund will be carried out in accordance with the professional standards set out in the Public Sector Internal Audit Standards.
5. Reporting Arrangements
5.1. Internal Audit work will be reported in the following manner:
· Terms of Reference will be drafted and agreed with management.
· An initial draft report will be issued to management for its comments on factual accuracy and response to the issues and risks identified.
· A final report that includes agreed actions and implementation dates will be published to management.
· The results of audit work on the Scheme will be reported:
o in full, to the Pension Board and Pension Committee; and
o in summary form, to the Audit Committee as part of our routine quarterly progress reports.
5.2. Audit work for 2023/24 will be reported in four separate reports (in addition to any specific follow-up audits), covering the risks detailed below:
· The Collection of Contributions
o Failure to collect pension contributions in full, from all employers in the scheme, increases the risk of Pension Fund deficit.
· Investments and Accounting
o Ineffective stewardship results in the loss of assets or breaches of regulatory requirements.
o Poor performance of the Fund’s investments results in financial loss, the potential for liabilities not to be met and reputational damage.
o Investment returns are not received in full in a timely manner.
o Accounting of the Pension Fund, including the valuation of assets, is inaccurate resulting in mis-statement of the Fund’s annual accounts.
· Cash Management
o The dependency on employers for the timely provision of information, increases the risk of data inaccuracy, undermining the Fund’s ability to deliver an effective service.
o Without obtaining guarantees or bonds to underwrite new employers’ contributions, the Fund may be exposed to additional financial risk.[1]
o Unexpected spikes in benefit demands (e.g., large death benefits) or reductions in contributions received, may result in the Fund’s bank account becoming overdrawn.
· The Administration of Benefit Payments
o Poor data quality leads to inaccuracies in transactions, or a failure to meet statutory requirements, resulting in financial loss, and/or regulatory sanction.
o Inaccuracies in the calculation of pension benefit entitlements may cause financial loss to the Scheme or financial hardship to members and reputational damage for the Council.
o Poor or inadequate delivery of the pension administration service (including as a result of inadequate procedure notes or system access controls) may result in regulatory breach, leading to reputational damage for the Council and/or complaints by members.
Appendix A
Previous Audits
In previous years, our work on the Pension Fund has included the following audits:
· Pension Fund Governance
· Investments and External Control Assurance
· Compliance with Regulatory Requirements
· Pension Administration – People, Processes and Systems
· Information Governance
· Altair - Application Controls
· The implementation of Altair
· I-Connect – Application Controls
· Cyber Security
The audits we plan to carry out in 2023/24 will cover the key areas we reviewed as part of the above audits. The audits for 2023/24 have been updated to account for the changes to the governance structure in the current ESFP and to align more closely with the roles and responsibilities as they currently sit.
Exceptions are the ICT related audits, which have been delivered due to the introduction of new systems as well as covering areas of continuing high risk. In the case of the latter, it is to be expected that they will be revisited in future years.
[1] Accepting that undue delay to signing an admission agreement may result in new pensioners not receiving their pension.