Agenda item

Internal Audit Reports - Progress, IT Disaster Recovery and Key Financial Systems

To consider the report of the Interim Section 151 Officer, (copy enclosed)

 

 

 

 

Minutes:

The Committee considered the report of the Interim Section 151 Officer covering three reports from BDO LLP, the Council’s internal audit service provider. The reports were titled:- Internal Audit Progress Report February 2020 at appendix 1; IT Disaster Recovery – Final Report at appendix 2; and Main Financial Systems (Accounts Payable, Accounts Receivable, Expenses) – Final Report at appendix 3.

 

The Chairman introduced the Internal Audit reports and deferred to the BDO Partner, Mr Greg Rubins, to present the first report, namely the Progress Report.

 

He advised that the report covered the progress against the audit plan 2019/20 and explained the four assurance levels used by internal audit on each of the audits. He said that there were two other reports currently in draft covering Workforce Management and Network Security scheduled for the next committee and that the two reports under this agenda item today would be presented by the Internal Audit Manager, Ms Emma Donnelly.

 

In response to a query regarding items in the plan being deferred to 2020 he advised that these were in response to requests for deferment by officers who felt that reporting them in 2020 would be more useful.

 

The Internal Audit Manager then took the Committee through the IT Disaster Recovery report. She advised that it was part limited on assurance at the time of the audit which  was a direct result of not having a testing schedule in place. Members were reassured  that the Business Impact Assessment and the Business Continuity Plan were now fully documented. In addition, the outstanding testing schedule at the time of the audit had now been set up with a test scheduled for 29 February 2020. The recommendations were all on track due for implementation by the end of March 2020.

 

Concerns were raised around areas colour coded red and whether appropriate risk assessments had taken place prior to adoption of the transformation programme. The Director of Strategy, Performance and Governance, noting that the testing schedule was key to IT disaster recovery, advised that once this had been flagged by internal audit the speed with which staff were able to respond and put a schedule in place demonstrated that a lot of work had already been undertaken and that staff took the issue very seriously. In terms of risk assessment, he informed the Committee that the Ignite Blueprint for Transformation, available to all Members on the I:\ Drive, included a risk assessment. It was agreed that the risk assessment would be circulated to all Members following the meeting.

 

In summary it was noted that the new server should mitigate these issues going forward, that the Council took IT issues very seriously, it was accepted that some areas required improvement and others work completed. The Chairman asked when this issue would  be reported back to the Committee and the Audit Manager advised that it would be covered at the next Performance, Governance and Audit Committee (PGA) under the Follow-up of Recommendations report.

 

The Audit Manager then took the Committee through the Main Financial Systems report looking at accounts payable, accounts receivable, expenses, including Members’ expenses. Within the aforementioned areas she highlighted good practice together with areas where there were weaknesses in terms of reporting controls and policies. 

 

The Interim Section 151 Officer and the Audit Manager, addressing areas of concern raised in the report and from Members, advised the following:-

 

-           That the Sundry Debtor Policy and Procedure had been revised, this was an

operational document underpinning the Corporate Debt Strategy approved by Council in November 2019. It had been circulated to the Tier 2 Manager responsible for the accounts receivable function as an accounting instruction from the Interim Section 151 Officer. The revised policy did not need committee approval as it operated via an instruction from the Section 151 Officer and had already been actioned.

 

-           That delivery of debt recovery actions and staff training on the system were 

adversely impacted by the transition from the old structure to the new. Debt recovery actions have now commenced, based on information from the Debt Recovery Agency.

 

-           That the council decided not to pursue receipts for fuel as this was not cost

effective to administer, however, all staff and Members were required to complete a mileage form.

 

-           That all write-offs were undertaken in accordance with the Council’s Financial

regulations, procedure rules and scheme of delegation in accordance with the Constitution. Anything above £20,000 was referred to the Strategy and Resources Committee for approval, nothing was written off by officers. Debt recovery action was now in hand and would form part of the handover to the Interim Director of Resources to address in accordance with the Council’s constitution.

 

-           That it was not the role of internal audit to undertake risk assessments on the

part of the Council. However, it was important to note that in previous years all areas were generally very well controlled. This was the first year with significant issues reported and in terms of senior management this was a moving picture throughout the year, impacted by a resignation.

 

-           That the budget underspend had already been reported to the Finance and

Corporate Services Committee on 24 September 2019 (now Strategy and resources Committee) in an outturn report. This was the result of a host of issues, principally the budget for 2018/19 was set under the old structure and the impact of transformation changes resulted in the large underspend. It was suggested that Members revisit the outturn report which can be found under this link:- 10 Financial Outturn 2018-19.docx

 

-           That all outstanding items would be reported back to Committee as

appropriate through the Follow-up of Recommendations report.

 

-           That urgent action had already been taken to put in place an operational

procedure around supplier issues. From now all changes to suppliers’ bank accounts, address details, names or new suppliers were followed up through independent checks by the Financial Resources section via email or direct contact, in order to confirm suppliers were bona-fide.

 

With reference to the Members Expenses’ claim form both Councillor Fluker and Councillor Mrs Channer suggested that a form, similar to that at Essex County Council be adopted, using a start and finish postcode to calculate journeys. This to be introduced by April 2020, accompanied by clear guidance on completion. It was felt that this would mitigate the issues raised in the report.

 

In addition, Councillor Fluker, addressing the issue of  write-offs proposed that the Director of Strategy, Performance and Governance bring a report to the Strategy and Resources Committee on ‘Aged Debtors’. This was agreed. 

 

There being no further queries the Chairman then put the recommendations to the Committee and they were agreed

 

 

RESOLVED that the Committee considered, commented and approved the following:

 

(i)        Internal Audit Progress Report February 2020 at appendix 1;

 

(ii)       IT Disaster Recovery – Final Report at appendix 2;

 

(iii)      Key Financial Systems (Accounts Payable, Accounts Receivable, Expenses) –

Final Report at appendix 3.

 

Supporting documents: