Agenda item

The committee considered the latest Internal Audit activity report.

 

The Chair reminded the committee that in relation to the section of the report setting out summaries of completed audits, an exempt appendix had been prepared by officers in relation to some of these summaries.  At the appropriate point in the meeting, the committee would be asked to agree the required resolution to exclude the press and public from the meeting whilst those particular matters were discussed.

 

The Interim Chief Internal Auditor then presented the report, highlighting the following key messages:

a.      For quarter 1, planned work was below target as resources had been used predominantly to finalise assignments from the 2017-18 plan and certify grant claims.  Some progress had, however, been made on assignments in 2018-19 plans.

b.      The Annual Governance Statement had been drafted, consulted on and finalised and (as per the discussion earlier at this meeting) would be brought to the committee for final approval once the committee had approved the finalised 2017-18 accounts and received BDO’s ISA 260 report for 2017-18.

c.       Proactive counter-fraud work continued to identify a good level of recoverable savings and had resulted in a number of recovered council tenancies.

d.      The recommendation implementation rate was currently 84% implemented or partially implemented.

Main points then raised/noted/clarified in relation to the summaries of completed audits (reference numbers quoted below relate to those used in the report):

 

A - Corporate / Adults, Children and Education

 

A1 - Contract management:

7 Internal Audit recommendations for improvement had been agreed, including recommendations to address the following areas /findings:

* There was no corporate framework for managing contracts.

* There was no formal training or establishment of baseline competencies for contract managers.

* There was little evidence of contract risks being formally mapped in a standard and structured manner; also, the Corporate Risk Register and Directorate Risk Registers did not include risks associated with contract management.

A significant amount of improvement action was being taken in relation to contracts and procurement.  Further to the discussion at the 31 May meeting of the committee, a specific report on action being taken to improve the situation with regard to contract waivers would be submitted to the 20 September meeting of the committee.

 

A2 - Adult Care Provider Failure:

The outcomes of this review, as highlighted, were noted.  The Internal Audit recommendations had been agreed for implementation.

 

A3 - Adult Social Care (ASC) Commissioning:

The outcomes of this review, as highlighted, were noted.  The Internal Audit recommendations had been agreed for implementation.

 

A4 - Changes to Payment Terms:

The outcomes of this review, as highlighted, were noted.  The Internal Audit recommendations had been agreed for implementation.  New procurement regulations were in place as part of the constitutional changes approved at the 22 May Annual Council meeting.

 

A5 - Voluntary Sector Commissioning:

The outcomes of this review, as highlighted, were noted.  The Internal Audit recommendations had been agreed for implementation.

 

C - Corporate

 

C1 - Partnership Governance:

The outcomes of this review, as highlighted, were noted. It was also noted that, based on the completion of the fieldwork, a Limited Assurance audit opinion had been assigned.  The Internal Audit recommendations had been agreed for implementation.

 

D – Adults, Children and Education

 

D1 - Schools Financial Governance:

Audit reviews were undertaken at 5 BCC schools / nurseries to provide assurance that controls relating to financial administration and governance were effective.  An overarching report was also prepared, collating the themes and giving oversight of school financial governance, for example in relation to financial support provided to schools.  This review resulted in a Limited Assurance audit opinion being assigned. 

 

The Internal Audit recommendations had been agreed for implementation.

 

In discussion, members asked for confirmation to be provided as to whether the governing bodies of all maintained schools have BCC councillor representation.

 

D2 - SS Peter and Paul Catholic Primary School:

The outcomes of this review, as highlighted, were noted.  The Internal Audit recommendations had been agreed for implementation.

 

D3 - Schools Financial Value Standard Return:

The outcomes of this review, as highlighted, were noted.  The Internal Audit recommendations had been agreed for implementation.

 

E – Growth and Regeneration

 

E1 - Major Projects Delivery

The outcomes of this review, as highlighted, were noted.  The Internal Audit recommendation around clarifying the Growth and Regeneration Board’s role, remit / terms of reference, governance and reporting arrangements had been agreed for implementation.

 

E2 - Investment Property Portfolio

The outcomes of this review, as highlighted, were noted.  The Internal Audit recommendations had been agreed for implementation.

 

In discussion the committee noted with concern the finding identified in the review that there was little evidence of progress in developing an overarching corporate property investment policy as had been stated in the presentation made to the Place Scrutiny Commission in December 2016.

 

F – Resources:

 

F1 - Payroll System Controls and Right to Work:

The outcomes of this review, as highlighted, were noted.  The Internal Audit recommendations had been agreed for implementation.

 

F2 - Web Page Control

The outcomes of this review, as highlighted, were noted.  The Internal Audit recommendations had been agreed for implementation.

 

 

B – Corporate Resources / Communities

 

B1 - Future State Assessment of ICT

Internal Audit had worked alongside the ICT review team examining their methodology, findings and recommendations (i.e. a “critical friend” approach).

 

The work had concluded that:

* The assessment delivered was comprehensive, sufficiently detailed, reflected the

current state of the Council ICT and recommended a future state that was modern,

flexible and stable.

* The methodology used by the review team had been appropriate, comprehensive and had been executed by experienced and appropriately skilled staff.

* The transition plan appropriately prioritised projects required to deliver the future

state and phased their delivery across a five year period.

 

Internal Audit recommendations had been agreed for implementation.

 

On a related subject, it was noted that work was being progressed on a number of ICT issues raised by councillors (e.g. data control issues faced by councillors).  A written update would be sent to committee members.

 

EXCLUSION OF PRESS AND PUBLIC:

At this point in the meeting, the committee noted that it would need to move into exempt session in order to consider an exempt appendix. 

 

The committee accordingly

 

RESOLVED:

That under section 100A(4) of the Local Government Act 1972, the public be excluded from the meeting in respect of the committee’s consideration of this exempt appendix on the grounds that it involves the likely disclosure of exempt information as defined in paragraph 3 of part 1 of schedule 12A to the Act.

 

The committee then received updates on the following summaries of completed audits

 

B2 - Digital Strategy:

The outcomes of this review, as highlighted, were noted.  The Internal Audit recommendations had been agreed for implementation.  It was noted the recommendations were based around digital vision, the governance of digital transformation, digital leadership capacity and organisational capacity to support digital transformation.

 

B3 - Third Party Assurance:

The outcomes of this review, as highlighted, were noted.  The Internal Audit recommendations had been agreed for implementation.

 

It was noted that the purpose of the review had been to ensure that robust mechanisms were in place to ensure that the commissioning of IT hosted services had considered availability, security, and resilience to protect the Council’s data.

The action plan identified from the review was being progressed.

 

B4 - Financial Systems Security and Resilience:

The outcomes of this review, as highlighted, were noted.  The Internal Audit recommendations had been agreed for implementation.

 

B5 - Operations Centre - On Premise Security and Environmental Controls:

The outcomes of this review, as highlighted, were noted.  The Internal Audit recommendations had been agreed for implementation.

 

RESOLVED:

That the report and the above information be noted.