Agenda item
INTERNAL AUDIT - SIX MONTHLY PROGRESS REPORT
The Assistant Head of Devon Audit Partnership will submit the Internal Audit – Six Monthly Progress Report.
Minutes:
The Assistant Head of Devon Audit Partnership submitted the six-monthly progress report which –
· reviewed audit work which had been carried out since April, 2010
· commented on current commitments and performance
· outlined proposed audit coverage for the remainder of the financial year
Members were advised that performance and progress with the 2010/11 plan had been very good and particular attention was drawn to examples of where Internal Audit had provided value for money, and delivered tangible benefits, to the Council.
Overall, based on the work performed in the first six months, Internal Audit was able to provide reasonable assurance on the Authority’s internal control environment. However, the review of the Corporate Information Management System had identified a number of ‘fundamental weaknesses’ in the Council’s current information governance arrangements. In attendance to provide further information on the audit review and its findings was the auditor responsible for undertaking the review along with the Assistant Director for IT to respond to Members’ questions.
Members were advised that –
|
(a) |
|
the review had been split into two parts –
|
|
(b) |
|
the review had established that information governance was not recorded consistently as a risk across the Authority and the current weaknesses could result in poorly informed decisions at any level of the organisation and have an adverse effect on the –
|
|
(c) |
|
the Council recognised the significant importance of Corporate Information Management at a corporate level and to this end Adam Broom had been identified as the Senior Information Risk Officer. However, this had not extended down to department level as no Information Risk Officers had yet been identified;
|
|
(d) |
|
it was recognised that a cultural shift was required and that this would take some time. In order to help achieve this, it was suggested that information governance be incorporated into the risk management process and be included as a separate element in staff appraisals. The Operational Risk Management Group would be looking at more detailed guidance at its next meeting in December. |
Members raised concern that the Internal Audit Six-Monthly Report had identified that progress in achieving productivity improvements within the Devon Audit Partnership (DAP) had not matched initial expectations. Members were advised that this was due to the continued inability of DAP’s IT service provider to provide acceptable service provision. Whilst there had been some recent improvement, the impact on delivery of the audit plan had been significant due to the amount of time lost. The Head of DAP would be meeting with the Head of IT the following week to try and resolve the situation.
The Committee noted the report and agreed –
|
(1) |
|
the adjustments to the 2010/11 Audit Plan;
|
|
(2) |
|
that minutes of the meetings of the Management of Information Security Forum be incorporated as a standing item on the Audit Committee agenda;
|
|
(3) |
|
that the Senior Information Risk Officer, or appropriate representative, be invited to attend the next meeting to update the Committee on how the information management principles were being embedded throughout the organisation. |
Recommended that –
|
(4) |
|
the Overview and Scrutiny Management Board (or appropriate panel) considers the problems highlighted within the Devon Audit Partnership relating to IT service provision to ensure that the issues were resolved. |
Supporting documents:
PDF 2 MB