Issue - meetings

The report outlines the progress of the Council’s Internal Audit service against the approved Internal Audit Plan for 2023/24 from 1 April 2023.

[15 minutes]

Upon the invitation of the Chair, the Senior Audit and Counter Fraud Manager presented the report to the Committee. The report outlined the progress of the Council’s Internal Audit service against the approved Internal Audit Plan for 2023/24 from 1 April 2023. Very good progress was being made and they were on track to deliver all audit work as scheduled, which would be incorporated into the 2023/24 Audit Opinion. This strong position reflected the work of staff and managers across the Council. Section 4 of the report showed the analysis of live audit reports, where there were outstanding management actions. The Senior Audit and Counter Fraud Manager was satisfied progress was being made on these outstanding actions. There were 2 audits effecting the medium priority actions overdue, which were the decision making audit and the fraud framework audit. This was due to capacity and resourcing within the 2 teams of the Council dealing with those management actions. Section 5 showed there were no audit reports concluded with a ‘limited’ or ‘no assurance’ since the last progress report in November. All quarter 4 work had now been scoped and all work scheduled throughout the year that remained outstanding was underway, which was very positive. Page 79 showed no further adjustments had been made to the plan since last reported to Committee. A full summary of audit work would be presented to the Committee as part of the Annual Opinion report for the June/July meeting. Page 80 onwards contained a summary of overdue high priority management actions, and a tally of overdue low and high priority actions. One overdue high priority action had been added for Information Governance since the last report, however 2 high priority actions for Business Continuity had been cleared.

          The Chair invited questions and debate from Members. One Member had submitted two questions in advance, the first being around Information Governance and ‘Reasonable Assurance’ (page 80). He was concerned about the lack of focus on Councillors GDPR Data Management. Councillors were Data Controllers, however there was no plan to map and audit Councillors' data practices and holdings. Until the delayed Data Protection training has been conducted, he felt Councillors may be breaching legislation. He asked whether a grading of ‘Reasonable’ was appropriate or whether this should be ‘Limited’. The Group Head of Law and Governance explained the Data Protection training was something he was seeking to deliver as soon as possible. Training would be provided to enable Councillors to consider their obligations under the act. He confirmed that mapping would be for Councillors to carry out themselves, however this could be included in the training.

Another question was around Business Continuity on page 82 regarding ‘Limited Assurance’. It was felt training was a recurring issue possibly made worse by staffing gaps, reliance on agencies, working from home and staff over-stretch.  It was feared this would worsen following the announcement of recent staff reduction measures. The Group Head of Finance and Section 151 Officer updated that CMT had recently  ...  view the full minutes text for item 648