Agenda item

The committee considered the annual report of the Interim Chief Internal Auditor.  The committee was asked to receive and note the report as a source of assurance regarding the risk, control and governance across the Council.

Main points raised/clarified/noted in discussion:

1.      Significant issues in the report were:

-          Section 2 - The Head of Internal Audit’s opinion on the control, risk and governance environment.

-          Section 3 & Appendix A – The work completed by the Internal Audit team from which the above opinion had been derived, and identified areas of risk exposure.

-          Section 4 – The Internal Audit team’s performance and compliance with their professional standards.

2.      It was noted that limited assurance only could be given that the framework of control was adequate.  Overall, 63% of reviews undertaken concluded that reasonable assurance could be provided that controls were in place and operating effectively.  The trend in relation to this suggested that the position was not improving compared to previous years.

3.      In terms of corporate governance, it was recognised that the committee had considered and recommended an updated Code of Corporate Governance which had now been approved by the Full Council.

4.      It was noted that the Audit Committee will continue to have a key role in providing independent assurance of the risk management framework and the associated control environment.

5.      In relation to GDPR project governance, significant issues had been identified in September 2017 requiring a rapid escalation of the project management and governance of the Council’s GDPR preparations.  These issues had been addressed effectively and the Audit Committee had kept oversight of the progress achieved.

6.      In relation to the implementation of recommendations from internal audit reviews, Internal Audit had worked throughout 2017-18 with departmental management teams to highlight issues and escalate any areas of concern.  This had seen the level of recommendations implemented rise from 31% in 2016-17 to 57% in 2017-18.

In discussion, it was suggested that the committee may wish to identify particular areas of concern and then pro-actively hold to account those responsible for implementing recommendations by questioning them in detail at Audit Committee meetings.  Such areas of concern may need to be prioritised.

7.      The importance of member scrutiny of risk was highlighted.  In relation to directorate risk registers, it was noted that following the most recent review of the scrutiny function, the newly established scrutiny commissions (i.e. as established at the Annual Council meeting) would review these as part of their 2018-19 work programmes.  It was noted also that a new risk management policy had been approved by the Cabinet in January.  Work was now taking place to provide direction on ensuring that risk management was more effective going forwards.

8.      In discussion, members noted the importance of ensuring that the Internal Audit team was staffed fully and appropriately, noting that some temporary staff were in place currently.  It was noted that a review was being undertaken to ensure that the team was properly resourced.

9.      In relation to procurement and commissioning, several reviews in this area had concluded that only limited assurance could be assigned, for example in relation to contract management, where standards around this had been found to be inconsistent across the Council.  Also, the number of contract waivers from procurement regulations continued to be high and the waivers process itself had not been consistently applied.  In discussion, officers confirmed that contract management was an area where significant improvement was required.  It was agreed that there should be a particular focus on improving the situation with regard to contract waivers and that progress should be reported to the Audit Committee in September.

Noting and taking the above points into account, it was

RESOLVED –

That the Internal Audit annual report 2017-18 be received and noted as a source of assurance regarding the risk, control and governance environment across the Council, and the significant issues raised in the report be noted (noting that these will inform the committee’s 2018-19 work programme).