To consider the report of the Director of Resources, (copy enclosed).
The Committee considered the report of the Director of Resources covering three reports from BDO LLP, the Council’s internal audit services provider. The reports were titled:- Internal Audit Progress Report June 2020 at appendix 1; Follow-up of Recommendations Report June 2020 at appendix 2; and Network Security Audit March 2020 at appendix 3.
The Chairman introduced the Internal Audit reports and deferred to the BDO Audit Manager, to present and suggested that questions be taken following review of all three reports.
Addressing the Progress Report the Audit Manager advised that since the last meeting one audit had been finalised and was on today’s agenda namely Network Security and that the Community Safety Audit had been issued in draft and would be considered at the next Committee meeting on 30 July 2020.
In terms of the 2020/21 Audit Plan she reported that there had been delays due to staff capacity as a result of the pandemic. She had reviewed the content with officers to ensure it was still relevant and agreed the fieldwork schedule. A detailed plan was now in place to be brought to the next committee for approval. In the meantime, the internal auditors would commence the quarter 2 audits that had been scheduled.
In respect of the Follow-up of Recommendations report good progress had been made in that a number of recommendations had been implemented in relation to IT Disaster Recovery and Procurement and Contract Management audits. The Disaster Recovery Plan itself had been updated and tested, therefore, a number of recommendations were now closed.
Those overdue included the Fraud Risk Assessment however this was now at a stage to progress over the summer, looking at dates for training of key staff on counter fraud. Further detail on timings around the counter fraud work would be provided at the next committee. The other overdue area was around Risk Management which was still overdue as Officers had requested a deferral to July for completion, due to staff capacity issues.
The Network Security Audit review resulted in a moderate level of assurance with appropriate procedures and controls in place to mitigate the key risks reviewed. A lot of good practice was identified, and internal audit made three recommendations, 1) training on IT password policy and data security via an E learning package, 2) Cyber risk assessments to be undertaken on a regular basis and documented and 3) implement an internal vulnerability scanning tool. Since the time of completion all recommendations had been implemented.
In response to questions Officers reported the following;-
Ø That for clarification of audit scope the Terms of reference for the Community
Safety Audit be circulated to Committee Members.
Ø That in respect of the Flood Risk Management audit the fieldwork was
completed however internal audit were awaiting information as key staff did not have the capacity to deliver due to work on COVID. It was hoped to issue a draft report within the next two weeks.
Ø That a detailed timetable and audit plan would be considered at the next Committee in July.
Ø That the Director of Resources was working on the Fraud Risk Action Plan as a priority and would report back to Committee on progress.
Ø That the Council had balanced the speed with which it responded to the Covid-19 Business Grants with the appropriate checks to counter fraud. Part of the follow-up work included taking part in a national initiative to drive down fraudulent activity.
Ø That the Director of Resources would ensure the new Member Expenses form together with the policy was available to all Members.
Ø That fuel receipts were no longer a requirement and the new postcode system denoting the start and end to journeys. This was also a matter of efficiencies as the cost of administering the receipts outweighed the benefits.
Ø That the Director of Resources would follow up on the findings around credit cards raised in a previous audit and update Members outside of the meeting.
Ø That the high priority recommendation reported in the Network Security Audit around IT training and budget had now been implemented using an E learning platform.
The Chairman, noting there were no further questions, moved the recommendations in the report and these were duly seconded by Councillor Durham. The Chairman then put the recommendations to the Committee and they were agreed by assent.
RESOLVED that the Committee considered, commented and approved the
(i) Internal Audit Progress Report June 2020 at appendix 1;
(ii) Follow-up of recommendations Report June 2020 at appendix 2; and
(iii) Network Security Audit March 2020 at appendix 3.