Agenda item
Internal Audit Half Year Report 2021/22
Minutes:
The Audit Manager presented the Internal Audit Half Year Report 2021/22 and advised that the aim of the report was to provide Members with a position statement on the audit work carried out since April 2021 and gave an outline of the review scheduled for quarters three and four. It was highlighted that the mid-year assurance opinion was of reasonable assurance. Particular focus in the introduction to Members focused upon:
· |
generally the Council had sound systems of governance and risk in place and the midyear statement went towards the end of year audit report which fed into the Annual Governance Statement;
|
· |
high level pieces of work focused around cyber security; officers assessed the day to day controls that Delt Services (the Council’s IT provider) had in place and drafted a report with recommendations which was submitted to the appropriate director, detailing how the governance arrangements could be enhanced;
|
· |
each year officers would coordinate a response to the national fraud initiative and would provide reports to the Cabinet Office;
|
· |
one report was investigated under the Whistleblowing Policy; this was known to management and they had taken appropriate steps to help the situation. The policy worked however very few referrals were made;
|
· |
the Council had had its external review of public sector internal standards and had been advised by inspectors that officers continued to conform to the necessary standards. |
Key areas of questioning from Members related to:
· |
were there timescales for appointing an information security group, considering the increase in breaches of information affecting Council’s due to cyber-attacks? It was responded that the Council had an Information Governance Officer who was well renowned at a national level; there were processes and boards already in place focusing upon cyber security however the report drafted by officers would involve high level discussions between Delt Services and the Chief Executive – progress could be brought back to committee as to what was put in place;
|
|
· |
in appendix 1 of the report there were three areas rated amber and limited assurance was given – was this because work was not yet completed? In response it was highlighted that:
|
|
|
· |
there was limited assurance related to the DBS checks on recruitment as some governance levels and frameworks could be strengthened despite all checks being in place; the aim was to have a stronger structure and framework around that;
|
|
· |
there was limited assurance with regards to declarations of interest for Council Officers as the aim was to have a strong process that was embedded across the council as a whole to all officers across all levels knew what a declarations of interest was – this was forming a larger piece of work for HR;
|
|
· |
there was limited assurance around the Childrens additional spend (which was not material) as there were areas that could be strengthened and improvements could be made;
|
· |
was there a single central record for DBS checks at the Council? In response it was highlighted that there was an online system where the Council held their DBS checks; a significant amount of testing had taken place for officers and volunteers and there wasn’t a single instance whereby a DBS wasn’t in place however a stronger standard framework was being aimed for. |
The Audit and Governance Committee agreed to:
1. |
review and note the findings within the report;
|
2. |
review and note the Head of Audit mid-year assurance opinion;
|
3. |
review and approve the in-year changes to the audit plan. |
(Under this item Councillor Bingley declared a personal interest as a Director for a Cyber Company)
Supporting documents:
- IA Half Year Report Report 2021-22, item 40. PDF 165 KB
- DAP - Internal Audit Half Year Report 2021-22, item 40. PDF 862 KB