East Sussex
Local Government Pension Scheme
Internal Audit Strategy and Plan
2024/25
1. Introduction
1.1. The Scheme provides retirement benefits for employees of the County Council and 140 other employer organisations, including Brighton & Hove City Council, district and borough councils and academic institutions.
1.2. We (the Orbis Internal Audit & Counter Fraud Team) provide internal audit services to the East Sussex Pension Fund.
2. Objective
2.1. The objective of this Pension Scheme Audit Strategy and Plan (The Strategy), which is formally reviewed on an annual basis, is to provide the Scheme with a consistent, risk-based approach to determining an internal audit programme for the Pension Fund.
2.2. The ESPF pools funds with another 10 funds as part of the ACCESS Pool, a collaboration of central, eastern and southern shires. The 11 members of the ACCESS pool hold total assets of £59.5bn, of which £35.3bn is pooled. The ESPF has assets of £4.5bn of which £2.3bn is pooled. Where possible, we shall seek additional sources of assurance over controls operating over the ACCESS Pool, e.g., audit reports on the ACCESS Support Unit.
2.3. The Fund receives professional advice from ISIO. The Fund’s actuary is Barnett Waddingham LLP, and the most recent actuarial valuation of the Fund was carried out in 2022. The valuation found that the funding level had improved from 107% in 2019 to 123% in 2022.
2.4. In 2024/25, the responsibility for running the Fund’s pension helpdesk and pension payroll systems will be transferred from Surrey County Council to the Fund itself. Where appropriate, testing will include the impact of these on controls.
2.5. The Strategy seeks to provide assurance on the following aspects of pension fund activities:
· Financial controls;
· Investments and accounting;
· Regulatory compliance; and
· The administration of benefit payments.
3. Approach
3.1. The Strategy uses risk assessment as its foundation. On a periodic basis, risks are reviewed in consultation with the Chairs of the Pension Committee and Board and with management to identify any new risks. The risk assessment considers the materiality and significance of the processes involved, any negative factors such as problems or significant changes, and any positive factors, which provide comfort or assurance. It should be borne in mind that the Pension Fund is a material and fundamental financial system in its own right and, as such, should be subject to a level of coverage that complements the work of the Scheme’s external auditors.
3.2. The outcome of the risk assessment is an objective view of those areas of the Fund where the organisation requires assurance that risks are being managed effectively.
3.3. Throughout the year, there will be routine liaison between Internal Audit and officers representing the Fund to identify emerging risks and ensure that this Strategy continues to reflect the needs of, and risks to, the Fund.
3.4. Where appropriate, audit coverage will be varied from year to year. In areas where no significant findings were made in the previous year, the scope may be widened to other areas to maximise the breadth of coverage. For instance, where new policies have been introduced, we may review compliance with these.
3.5. We plan to deliver 75 audit days for the year 2024/25. This level of coverage will be kept under review to ensure that it remains appropriate to the needs of the Fund. Audits covered in previous years are presented in Appendix 2.
4. Professional Standards
4.1. Audits of the Pension Fund will be carried out in accordance with the professional standards set out in the Public Sector Internal Audit Standards. In our most recent assessment, undertaken by the Chartered Institute of Internal Auditors during Autumn 2022, we were assessed as achieving the highest level of conformance available against the professional standards, with no areas of non-compliance identified.
5. Reporting Arrangements
5.1. Internal Audit work will be reported in the following manner:
· Terms of Reference for each review will be drafted and agreed with management.
· Following our fieldwork, an initial draft report will be issued to management for its comments on factual accuracy and response to the issues and risks identified.
· A final report that includes agreed actions and implementation dates will be published to management.
· The results of audit work on the Scheme will be reported:
o in full, to the Pension Board and Pension Committee; and
o in summary form, to the Audit Committee as part of our routine quarterly progress reports.
5.2. Audit work for 2024/25 will be reported in four separate reports (in addition to any specific follow-up audits), covering the risks detailed below:
· Financial Controls
o Errors in transactions result in financial loss to the Fund.
o Accounting of the Pension Fund is inaccurate, resulting in misstatement of the Fund’s annual accounts.
· Investments and Accounting
o Ineffective stewardship results in the loss of assets or breaches of regulatory requirements.
o Poor performance of the Fund’s investments results in financial loss, the potential for liabilities not to be met and reputational damage.
o Investment returns are not received in full and in a timely manner.
· Regulatory Compliance
o Scheme governance arrangements, including clear separation between the Council’s and the Fund’s responsibilities, do not meet regulatory requirements, leading to regulatory sanction and/or reputational damage to the Council.
o Employers who do not fulfil their responsibilities impact the Fund’s ability to comply with regulatory requirements.
· The Administration of Benefit Payments
o Poor data quality leads to inaccuracies in transactions, or a failure to meet statutory requirements, resulting in financial loss, and/or regulatory sanction.
o Inaccuracies or delays to pension benefit payments, may cause financial loss to the Scheme or financial hardship to members and reputational damage to the Council.
o Poor or inadequate delivery of the pension administration service, including as a result of inadequate procedure notes, failure to access current information (e.g. deaths register) or system access controls, may result in financial loss, regulatory breach, or reputational damage to the Council and/or complaints by members.
Appendix A
Previous Audits
In previous years, our work on the Pension Fund has included the following audits:
Name |
Last Audit |
Information Governance |
2020/21 |
Altair - Application Controls |
2021/22 |
The implementation of Altair |
2021/22 |
Compliance with Regulatory Requirements |
2021/22 (2023/24) |
Pension Fund Governance |
2022/23 |
I-Connect – Application Controls |
2022/23 |
Cyber Security |
2022/23 |
Investments and External Control Assurance |
Current year (2023/24) |
The Administration of Pension Benefits[1] |
Current Year (2023/24) |
Collection of Contributions |
Current year (2023/24) |
Cash Management |
Current year (2023/24) |
The most significant risks covered by audits that are not in next year’s plan, will be incorporated into the audits for 2024/25.
Exceptions are the ICT related audits, which have been delivered due to the introduction of new systems as well as covering areas of continuing high risk. In the case of the latter, it is to be expected that they will be revisited in future years.