Agenda item

These reports outlined the internal audit and corporate counter fraud work (including whistleblowing) carried out for the year ended 31 March 2018.

The internal audit annual report contained the Head of Internal Audit’s Opinion based on the work undertaken in the year. This was “generally satisfactory with some improvements required”. These reports are timed to inform the Annual Governance Statement. 

Section 4 of the report showed the work conducted by internal audit during the year for and was broken down into the following sections:

·  Head of Internal Audit Opinion

·  The 2017/18 internal audit service

·  2017/18 Internal Audit work conducted

·  Progress against audit plan

·  Results of the Internal audit work

·  Internal Audit performance

There was one case where ‘no assurance’ was given in relation to the Disabled Adaptation Grants Scheme but actions for improvement were being addressed and progressed by management.

Members asked what was meant by the term “validation”. The Head of Audit stated that the internal audit process was risk-based and logged/tracked by the team. Any issues that were considered as being critical or high risk, the Internal Audit team ask for validation and evidence that the internal audit recommendations have been implemented by management in those service areas.

Members asked how the Audit Plan was created. The Head of Audit stated that it was based on levels of risk and that they meet with various senior officers in the Council to discuss the overall council-wide risks and if independent assurance in each case was needed. She also advised that she attended the Council’s Assurance Board which met on a monthly basis and is chaired by the Chief Executive.

Members asked about specific timescales on improvements in each service area audited. The Head of Audit stated that timescales depended on the recommendations and the areas of improvement required and so could vary from a period of weeks to months. Internal Audit effectively ‘closed out’ the audit and agreed an action plan with the service areas affected. The internal audit team also asked management in those areas for effective internal controls and it is an on-going continuous tracking process with updates on recommendations to management and quarterly reports to the Committee, the next one being submitted on 25 July 2018.

Members asked about the internal audit service. The Head of Audit advised that the team work hard to reach timescales and deadlines for audits and follow through any necessary recommendations and actions with management and this included monthly meetings with them and submission to the Assurance Board if necessary. It is a small team and the council uses two companies to undertake much of the audit work. The internal audit service sought continuing improvement and satisfaction surveys with clients helped with this process.

Members asked about the audit for waste collection deferred to 2018/19 and enquired why it had related to commercial waste and not all waste. The Head of Audit stated that commercial waste was a high-risk area and that as the overall plan is risk based and this would be the area to audit but the full service could be audited if needed. They also asked what counted as commercial waste and was meat from butchers categorised in this way. An explanation from the service would be sought.

Members asked about the audit conducted on the IT Security Framework, which had limited assurance. They sought assurance and were concerned what would happen if there was a disaster as the audit identified a lack of a Disaster Recovery Plan (DRP) since the migration of the Council’s service to the Cloud.  The Head of Audit stated that the lack of a DRP has been reported to the Assurance Board and management and processes were in place to address this. In addition, the move to the Cloud mitigated the risk when compared to where the data servers were previously located. Members also asked for a timeline of these matters and they agreed to an update at their September meeting.

Members asked about the 2017/18 audit of disabled adaptations grant scheme which was recorded as ‘no assurance’. They were concerned about the potential risk of irregularity being high and they asked what was being done to deal with this on an interim and long-term basis. The Head of Audit confirmed that this matter had been escalated to the Assurance Board and management of the service would need to address the risks. In 2018/19 there will be a requirement for full risk assurance and for management to make necessary changes as recommended.

Members asked about the street lighting and highways asset management audit and enquired as to what was regarded as “reasonable” or “substantial”. Also they were concerned to ensure that street lighting was adequate and complied with LED energy levels. It was advised that street lighting was managed by contractors and that the audit was about how the Council managed street lighting not the adequacy of the number of lights.  The Head of Audit confirmed the scope of the audit and offered to provide the Committee with the full report if they wished.

In terms of the Security of Corporate Buildings internal audit, the Head of Audit advised that an update would be made at the Q2 report to the Committee later in the municipal year.

Members were concerned about the Planning Enforcement limited assurance with no operational procedures in place. The Head of Audit stated that planning enforcement was a very small team and at the time of the audit there was no documented practices or procedures in place. It was clarified that the team worked to ensure that planning applications granted and refused were dealt with and adhered to in line with legislation and that staff were familiar with legislation Members asked why this was not viewed as no assurance. The Head of Audit stated that Planning has a wide legislative framework with national guidance so although it was seen as high risk it was not viewed as critical. An update would be provided on this at the Quarter 1 report for the July Committee. (Management have confirmed that plans to address both high risk rated findings by the end of June 2018.) An update would also be provided on the Licensing Audit at that time.

Members asked for number of convictions in terms of the Housing Investigations audit and noted that this had reduced when compared to last year, but that could be owing to a number of factors The COO would discuss this matter with the Corporate Investigation Manager as to whether the comparative decline could be explained.

Members asked for a report at their meeting in September 2018 relating to cases identified by internal audit as no assurance.

The Committee noted:

·  The Internal Audit Annual Report 2017/18 and

·  The Corporate Counter Fraud Annual Report 2017/18