Agenda item

Internal Audit Interim Report

To receive a summary of Internal Audit activity during the period April to August 2019.


Sally Hendrick, Head of Audit & Risk Management provided a summary of Internal Audit activity during the period April to August 2019.


During this period During the period April to August 2019, two grants were certified, one memo without an opinion had been finalised, seven reports were finalised, five reports were

issued in draft awaiting management responses, one draft report was being

discussed and in sixteen cases audit work was in progress.


New definition’s for opinions and priorities were being issued with recommendations to ensure that they were more meaningful and to provide a clearer insight into the degree of severity of opinions and recommendations. These would be included in the Internal Audit Charter which would be brought back to the committee for approval.


Delivery against the planned programme was behind original schedule due to the number of audits which have been requested to be deferred to later in the year. These deferrals would give officers chance to look at areas of weakness and address before audits took place.


The main audit contractors have already raised concern about pressure to deliver the Plan as it is now end-loaded. In some areas there will be pressure on officers with multiple audits ongoing for the same service areas within the same quarter.


Major issues had been identified in the GDPR audit, where ten major recommendations had been found. Lots of work was being undertaken and would be re audited in January 2020.


In the home 2 school transport audit, a major recommendation was raised again due to weaknesses where DBS checks have not yet been received.


In the AGRESSO audit two major recommendations were raised relating to the

absence of a Data Protection Impact Assessment (DPIA) and overdue review of the support agreement. The opinion also reflects ongoing issues around the system that needed to be sorted. A consultant had been appointed to investigate the issues.


One major recommendation was raised in the disabled facilities grant audit due to procurement weaknesses with procuring stairlifts and not testing for best value.


Within a school audit, two major recommendations were raised in relation DBS

checks for governors and frequency of budget monitoring by governors.


As a result of the members questions, the following points were made:


  • The Head of Audit & Risk Management was unsure whether the GDPR audit was made against EU or UK derogations, but would check and report back to the Committee.
  • The market for procuring stairlifts under disabled facilities grants had not been tested for some time and this was now to be addressed. For other works the required number of quotes was not being sought at the time earlier in the year due to backlog in grant applications.
  • The home 2 school transport issues had been a long-standing issue, Members hoped that this would finally be resolved.
  • It was thought that the home 2 school transport team didn’t have the control over DBS checks for drivers within their team as this was undertaken by licensing for all taxi drivers.
  • Members requested that the Head of Transport attend the next Governance and Audit Committee in January to discuss the issues.
  • Safeguarding concerns were raised if taxi driver are not getting checked.
  • Concerns were raised that officers were not taking audit reports seriously.
  • The Head of Audit & Risk Management reported that the Chief Executive took audit very seriously and they met quarterly. One of the biggest issues was due to the huge turn over in staff, with new officers often not been told that audit reports had been undertaken on their areas. 





  1. the Governance and Audit Committee note the Internal Audit report.


  1. the Governance and Audit Committee note the new assurance and

recommendation priority definitions introduced which will be

incorporated into the Internal Audit Charter for Governance and Audit

Committee approval once their operational effectiveness is fully tested

and confirmed.



Supporting documents: