Agenda item

The committee considered the Internal Audit half-year activity report for the period 1 April – 31 October 2017.

The Chair reminded the committee that in relation to the section of the report setting out summaries of completed audits, two exempt appendices had been prepared by officers, and had been available for members of the committee to read in advance of this meeting under managed access arrangements.

In light of this, in relation to the committee’s consideration of these exempt appendices, it was

RESOLVED:

That under section 100A(4) of the Local Government Act 1972, the public be excluded from the meeting in respect of the committee’s consideration of these exempt appendices on the grounds that they involve the likely disclosure of exempt information as defined in paragraph 3 of part 1 of schedule 12A to the Act.

The Interim Chief Internal Auditor then presented this half-year activity report, highlighting the following key messages:

a.      Audit Plan: Reductions in planned reviews needed to take place in order to compensate for both reduced resources and also the significant level of resources diverted to ad hoc requests.  It was highlighted that the core purpose of Internal Audit was to provide the Audit Committee with an annual opinion on governance, risk management and internal control and this was at risk given the level of resources, and any significant diversion from the Audit Plan or sickness absence may limit the ability to provide this.

b.      At this half-year point, 50% of completed Internal Audit reviews showed limited or no level of assurance.

c.       The implementation rate in relation to Internal Audit recommendations was currently at 94% implemented or partially implemented.

d.      A significant degree of resource had been allocated to grant auditing and certification work (22 grants with a total value of £23.7m certified to date).

e.      The report also set out summaries of particular audits (including the summaries that were included as exempt appendices).

Main points then raised /clarified/noted in discussion:

Grant certifications / contract management:

a.      In discussion, concern was expressed about the degree to which Internal Audit resource had necessarily been directed (sometimes at very short notice) to grant certification work.  It was noted that this had a significant resource impact on Internal Audit.  It was suggested that further assurance may be needed around the capacity and ability of the authority to effectively manage grants.  Following discussion, it was noted that work was being instigated to ensure a disciplined, corporate approach to the grant administration process.   In terms of assurance, it was agreed that it would be useful for a more detailed report on the audited grant certifications to be brought back to the committee.

b.      In further discussion, concern was also expressed about the effectiveness of current contract management and renewal arrangements.  It was concerning, for example, that the renewal of the street lighting contract had resulted in an urgent report to the Cabinet seeking approval, at short notice, of the contract renewal.  On a corporate basis, there may also be a need for further assurance around the general effectiveness of contract management arrangements.  The expectation was that contract review / renewal dates should be properly diarised, with an alert system / protocol also in place to ensure review deadlines were met.  Following discussion, it was noted that the issue of assurance around contract management arrangements could be picked up as part of the scheduled Audit Committee training workshop on commissioning governance (scheduled for 25 January).

c.       It was suggested that some of the issues and gaps around contract /grant administration may have emerged as an unintended consequence of the very significant transformational change taking place across the Council; consideration could perhaps be given to dedicating an additional resource to Internal Audit as a means of helping the Mayor and the Strategic Leadership Team in identifying / plugging gaps in service that may emerge during this period of transformational change.

Completed Audit - General Data Protection Regulations - readiness review:

Although noting that the Internal Audit recommendations from this review had been agreed for implementation, including the appointment of a dedicated project manager, members were concerned that further assurance may be required about the readiness of the Council in relation to GDPR.  It was agreed that a further progress report should be requested for the next Audit Committee, with relevant officers invited to attend the meeting to respond as necessary to any questions from the committee.

Completed Audit - Data Loss Prevention System:

The outcomes of this review, as highlighted in the report, were noted.  Internal Audit recommendations from this review had been agreed for implementation.

Completed Audit - Foster Care Payments and Budgetary Control:

The outcomes of this review, as highlighted in the report, were noted.  Internal Audit recommendations from this review had been agreed for implementation.

Completed Audit - Early Years Funding:

The outcomes of this review, as highlighted in the report, were noted.  Internal Audit recommendations from this review had been agreed for implementation. It was noted that in relation to 2017-18, the DfE had made an adjustment to effectively compensate for the error made by the Council in submitting the Early Years census to the DfE in January 2016.

Completed Audit - Green Deal Community Grant Review:

The outcomes of and lessons learnt as a result of this review, as highlighted in the report, were noted. 

(Councillor Shah left the meeting at this point (3.18 p.m.)

Completed Audit - Resources - Accounts Receivable:

a.      The outcomes of this review, as highlighted in the report, were noted, including the areas for improvement in respect of which 14 recommendations had been made.

b.      It was noted that a corporate debt policy was now being brought forward through the Strategic Leadership Team and, in terms of assurance, it was agreed that this policy should be brought to the Audit Committee.

Discussion of Completed Audits as detailed in the exempt appendices to the report

The committee discussed the completed audits as referred to in the exempt appendices to the report (a separate exempt minute has been prepared in relation to this part of the meeting).

General discussion around the half-year activity on completed audits:

Further to the earlier discussion around grants and contract monitoring, and other issues identified in the report, especially from completed audits, committee members expressed the importance of ensuring an organisational culture whereby appropriately robust service controls are in place, lessons are learnt when issues and problems occur, and agreed actions are then fully implemented.  It was also important to appropriately hold relevant officers to account for the implementation of agreed actions.  As part of this, moving forwards, the Audit Committee may on occasions need to require officers to attend their meetings to review progress / provide assurance as necessary.

The Interim Chief Internal Auditor highlighted that, in 2017-18, Internal Audit had completed various significant reviews of specific governance and control issues, many of which had been specifically commissioned by senior management.

Noting and taking into account the above, the committee

RESOLVED:

That the Internal Audit half-year activity report be noted, including the deletions to the 2017-18 Internal Audit plan.

Note: The meeting was adjourned at this point (4.10 p.m.) and reconvened at 4.20 p.m.