To consider the report of the Interim Section 151 Officer, (copy enclosed).
The Committee considered the report of the Interim Section 151 Officer providing a progress update on work completed and any deviances to, or slippage, on the Internal Audit Plan 2019/20 and implementation of recommendations raised by Internal Audit. In all there were five reports to consider, two within the Progress Report together with three reports presented in full.
The Head of Internal Audit, Greg Rubins, presented this item and reported the following:-
Appendix 1 Progress Report - GDPR Compliance report
The GDPR Compliance report was very positive with substantial assurance on design of processes and moderate assurance on effectiveness. The controls, policies and procedures in place were all robust with appropriate action being taken as required, underpinned by a sound training plan. Going forward the focus should be placed on continuing robust compliance both within the organisation and externally, with third party contractors etc.
Appendix 1 Progress Report - Local development Plan (LDP) report
The Local Development Plan report was also positive with moderate assurance for both design and effectiveness. The good practice of having a clear risk register around the achievement of the LDP was noted. Going forward the focus should include a formal process on how to monitor what the Council planned to achieve through the LDP, together with clear deadlines for actions on planning matters. Overall, the response rate from Officers was good and incorporated a clear action plan.
In response to a query on the LDP report around S106 the Auditor advised that this was outside the scope of this report. However, should Members be concerned going forward, they would audit the area of Section 106 separately.
Appendix 2 - Building Control Audit report
This report was limited on the design of controls and moderate in effectiveness. It was noted that the team was going through change with vacancies etc. but despite that were progressing well. Going forward, the focus should be putting in place policies and procedures. There was now a clear action plan which the auditors would follow-up on and the new system being put in place would address issues of concern around lack of documentation.
Appendix 3 - Risk Management report
This report was before the Committee as an advisory benchmarking exercise only, which the Audit Committee had an interest in. It was noted that the Council scored slightly below average compared to other like authorities. The new systems being put in place should raise/balance that performance. Going forward the focus within service areas should be on action plans, key performance indicators and linking risks to corporate objectives. It was noted that Officers were considering all these areas and looking at risk processes and new systems. These areas would be reviewed toward the end of the year to monitor outcomes from the impact of new processes and systems.
In response to a query on the Risk Management report regarding risk assessments, the Director of Strategy, Performance and Governance informed the Committee that the Council was looking to move from a 4x4 risk matrix to a 5x5 matrix. This would provide more granularity, resulting in a better understanding when assessing the risks and how to address them.
The Interim Section 151 Officer added that he would be taking forward the brief regarding support in the area of fraud risk management. It was noted that this resource would provide more resilience around all areas of risk during this time of transformation within the Council.
Appendix 4 – Follow-up of Recommendations report
The Follow-up of Recommendations report contained three new recommendations, one had been completed and two were in progress. It was noted that any delays on Officer response were due to changes in personnel and were being addressed.
The Chairman put the recommendations to the committee and they were agreed.
(i) that the progress against the 2019/20 Internal Audit Plan (appendix 1) was reviewed and commented on;
(ii) that the final Building Control report – July 2019 (appendix 2) was reviewed and commented on;
(iii) that the final Risk Management report – July 2019 (appendix 3) was reviewed
and commented on.;
(iv) that the Internal Audit – Follow-Up of Recommendations report (appendix 4)
was reviewed and commented on.