To note the report that summarises the internal audit activity during the period April to December 2018.
Sally Hendrick, Head of Audit and Risk Management attended the Committee and provided the internal audit activity report that summarises the internal audit activity during the period April to December 2018.
Sally Hendrick, Head of Audit and Risk Management advised the Committee that:
· This was the latest interim report, that last report was provided to the Committee in October 2018 and covered the period April to September 2018.
· This report covered the period April to December 2018.
· Section 3.2 set out the summary of the outcome of all of the audits to date.
· There was a high number of limited assurance reports compared to last year. There were a number of further audit reports currently received in for client side for review with limited assurance
· There were a number of repeated limited assurance reports that needed flagging at this time where issues had not been addressed.
· Appendix B showed the follow up position on previous limited assurance areas where major issues had been identified.
· Section 3.4 identified the major control issues that had a limited assurance opinion.
· Detail on limited assurances already reported in the October 2018 report had not been repeated.
In response to questions from Members, Sally Hendrick, Head of Audit and Risk Management advised the Committee that:
· There were a number of ‘repeat offenders’ with limited assurances. This was possibly down to a number of new officers and their level of understanding of opinion levels not being as great as it might be. There were a variety of different influencing factors. Further action needed to be taken to make sure limited assurance reports were reviewed closely at DMT level to make sure that agreed actions were implemented and actually done. This would reduce the level of repeated limited assurance reports.
· Within the follow up of areas previously audited with major control issues, there were 8 cases that had been revisited and re-audited. In 7 cases priority 1 recommendations were raised again.
· Some areas had not yet been revisited for a follow up audit but were due to be.
· If, during the follow up audit, areas received a limited assurance again, they would be revisited for a third time to address the situation.
· Home to School Transport was one of the areas that had been re-audited and recommendations were raised and reported to the Committee in October 2018. It was asserted that the issues on DBS checks were to a large extent because DBS checks were not controlled by the transport team, the team were working on taking mitigating actions and required assistance from other council areas, to address the issues they faced.
· Pressures in ICT with staff working on transformation projects and staff turnover may have contributed to issues on the cyber security audit not being addressed.
· ICT had asset management issues going back to 2015 and had issues with controls over IT equipment and stock. These were revisited this year (2018) and the audit showed similar issues that weren’t expected.
· Accounting system blips had contributed to the ongoing risk associated with Council wide officer expenses. Finance had been working with the supplier to identify the causes of the problems such as where in the audit trail the workflow ‘disappeared’. A systems upgrade was ongoing. It was hoped the supplier could identify the reasons for the issues and address the weaknesses. The finance team had tried to replicate the errors but this had proven difficult.
· The system had been tested in order to try to replicate the error but, because the system needed an upgrade, the supplier was not prepared to support it.
· The system was updated with new releases every 18 months or so and it was costly to continue to upgrade with each new release in terms of finances, testing and training. The supplier (Unit4) would support one or two versions for a couple of years, but once the release was out of the maintenance period, support was a paid for cost and the Council did not have the expertise to be able to support the product internally.
The Committee discussed the merits of the Governance and Audit Committee requiring areas with ongoing and repeated failures in major control issues to advise the Committee and explain the reasons why there had been no improvement by providing a report to be submitted to the Governance and Audit Committee meeting.
Members of the Committee expressed their disappointment in the number of re-audits that have continued to not address the initial problems identified.
Justine Thorpe, Manager: Ernst & Young noted the weakening in audit control and supported the idea of more accountability at CMT level to make the internal audit more effective.
Sally Hendrick, Head of Audit and Risk Management further highlighted for the Committee that:
· Data matching had been undertaken to identify mis-claiming of Council Tax Single Person Discount. 111 cases of mis-claiming had been indentified, increasing collectible income by £44,000. Another 270 cases were being investigated. This was a good outcome for this exercise.
· Counter fraud training had taken place for the Senior Management team in the People Directorate and further training was to be provided for teams in areas of higher fraud risk.
1. The report that summarises the internal audit activity during the period April to December 2018 be noted.
2. On this occasion and in future, those areas that have failed a repeated audit, produce a report for the Governance and Audit Committee and attend if requested.