Internal Audit Report
Minutes:
The Committee considered the report of the Interim Chief Finance Officer and associated Internal Audit reports from BDO LLP, attached on the agenda from 9a to 9g, Progress Report; Follow-up of Recommendations; Cyber Security Audit; Equality, Diversity and Inclusion; Management of S106 Funds Audit; Sickness and Absence Management Audit and Licensing Audit.
The Chairperson introduced the reports, reminded Members that a response from Chelmsford City Council on the Licensing audit at Agenda Item g) had been circulated prior to the meeting and then deferred to BDO to present the detail. The first report on the agenda was the Progress Report which summarised the 2022/23 audit plan and evidenced solid progress on the 2023/24 internal audit programme, overall a good management response with four audits on this agenda and a number of audits already in fieldwork and draft report stage prior to Christmas. These will be submitted to the March meeting of the Committee and the annual audit opinion was on track for summer 2024. All recommendations for 2019/20 in the Follow-up-of Recommendations Report were completed, one remained overdue for 2020/21 but this was on track to meet the revised implementation date of 31/03/2024 and two recommendations overdue for 2021/22 were also on track to meet their revised implementation date of January 2024.
The Cyber Security Audit attained an opinion of substantial on design and moderate on operational effectiveness. The Council had a number of preventative controls and effective policies in place to monitor this area. Human input had improved with a lot of work undertaken to ensure all staff were trained. This was a positive opinion particularly given the subject area. In response to questions the Assistant Director Resources advised that both Staff and Members’ online cyber security training was being monitored through a Key Performance Indicator (KPI) and completion rates were high. This was imperative as the Council, like other organisations, was under constant threat from cyber-attack. She said she would issue a reminder to Members to address those who had not yet completed the suite of training modules.
The Equality, Diversity and Inclusion (EDI) report did not generate an audit opinion as it was advisory in nature, assessing the Council’s maturity of policies, plans and actions and advising on longer term ambitions. It was noted that due to the advisory nature of the recommendations they would not form part of the standard follow-up programme and that EDI was of great interest to staff therefore conducive to staff retention. The Assistant Director Resources informed the Committee that the Council had requested this report to provide a framework for future evolution in this area and that the Council’s structure would be amended in the report to ‘Committee’ as opposed to ‘Cabinet.
The Management of S106 Funds Audit attained an audit opinion of moderate in both design and operational effectiveness. It was noted that the scope of the audit was to review and assess the effectiveness of the management of Section 106 funds, this included the collection of payments against the ... view the full minutes text for item 322