Agenda item

Report of the Chief Operating Officer (Section 151 Officer)

The Audit and Procurement Committee considered a report of the Chief Operating Officer (Section 151 Officer), which provided an update on the internal audit activity for the period April to September 2022, against the Internal Audit Plan for 2022-23.  The report was the first monitoring report for 2022-23 and was presented in order for the Audit and Procurement Committee to discharge its responsibility 'to consider summaries of specific internal audit reports as requested' and 'to consider reports dealing with the management and performance of internal audit'.

The key target facing the Internal Audit Service was to complete 90% of its work plan by the 31st March 2023.  As at the end of September 2022, the Service had completed 44% of the Audit Plan against a benchmark of 50% (which reflected delivery of 100% of the Plan) and was on track to meet its key target by the end of 2022-23.  This also represented an improvement in performance from 2021-22. 

It was noted that whilst the Annual Audit Plan was agreed at the start of the financial year, this may be subject to change as a result of emerging risks, requests from service areas to reschedule work, and any exceptions such as unplanned absence within the Service.  It was important that the Internal Audit Service retained a flexible approach in order to ensure it could respond to issues on a timely basis and add value.  The Committee were advised that it would be necessary to make some revisions to the audit plan for quarters 3 and 4 and that these would be detailed in a report to the next meeting, scheduled for 20^th March 2023.

Appendix 1 of the report provided a list of the audits finalised between April and September 2022, along with the level of assurance provided.  As at 30th September 2022, the following audits were in progress:

·  Software Asset Management

·  CareDirector 21-22

·  Templars Primary School

·  Formal follow up Asset Management a d Patching

·  Climate Change risk assessment

·  ICT Physical Security Controls

·  Pre-employment Checks

·  Formal follow up Information Governance risk management

·  Pot Hole Pro Health Check

·  Motion helpdesk

·  CWRT Loan Book Health Check

Details of a selection of key reviews completed in this period were provided at Appendix Two. In all cases, the relevant managers had agreed to address the issues raised in line with the timescales stated.  These reviews would be followed up in due course and the outcomes reported to the Committee.

The Committee noted that the Business Rates Team had continued to re-purpose its activities throughout 2021/2022 in order to administer Covid-19 grants to businesses.  As a result, there had again been a significant impact on the Service’s ability to maintain normal systems of control.  Whilst this was not due to management failings, it did affect the level of assurance provided in relation to the objective.  It was now imperative that systems of control were robustly re-set and consistently complied with in 2022-23.  The assurance level also reflected that the review had highlighted errors in the application of specific discounts / reliefs.  Whilst these did not have a significant financial impact, it did indicate the need to strengthen arrangements around testing of parameters prior to implementation.

In relation to Equality, Diversity and Inclusion in Recruitment, the review had highlighted that there were some elements of the recruitment process which clearly supported EDI aims, including training, use of anonymised applications and targeted routes to attract candidates from diverse backgrounds / under-represented groups.  However, given the importance of equality and diversity within the Council, a more proactive approach was required in some areas if sustained, tangible improvements were to be achieved.

The report also indicated that, the formal follow up of IT Disaster and Business Continuity had identified that whilst a number of actions were continuing to be progressed, there was a clear desire to continue to develop arrangements to the benefit of both parties, including refining the business continuity plans to reflect a co-ordinated, organisation-wide approach to, for example, recovery prioritisation, and the development and collation of the key recovery data required into a single document. It was also acknowledged that there had been noticeable improvements in the relationship between ICT and the Resilience Team with more collaborative and closer working. 

RESOLVED that, the Audit and Procurement Committee:

1.  Note the performance at quarter two against the Internal Audit Plan for 2022-23.

2.  Considered and note the summary findings of the key audit reviews attached as Appendix two to the report submitted.