Agenda item

(Chief Internal Auditor) To consider the attached report (AGC-008-2018/19).

The Committee considered the internal audit monitoring report for the period from August to September 2018, which updated members on work undertaken by the Internal Audit Shared Service and the Corporate Fraud Team since the previous meeting.

The Chief Internal Auditor reminded the Committee that it received details of all overdue recommendations and high-priority recommendations arising from audit activity, as part of its regular review of the Internal Audit Recommendation Tracker. Members were advised that there were currently four issues included in the tracker, the majority of which required the development of long-term solutions.

The Committee raised concern with regard to a medium-priority item contained in the Internal Audit Recommendation Tracker (Management of Council Housing Voids; Report No. 09.16/17 (June 2017)), for which the recommended action appeared to have been left unaddressed for over a year and which would not now be completed until April 2019. The Chief Internal Auditor advised members that the recommended action in this case had now been carried out, but that the Service Director (Housing property) was to further review the process for transferring keys for void properties once the Housing Repairs Depot had relocated to Oakwood Hill in Loughton and that this was the reason for the revised implementation date.

The Committee also expressed concern with regard to a further medium-priority item contained in the Internal Audit Recommendation Tracker (Leisure Management Contract; Report No. 18.17/18 (May 2018)), where financial monitoring and contract payment processes in relation to the Council’s leisure management contract were not documented to ensure business continuity and that the documentation of such processes appeared to have been delegated to an administrative assistant. Members considered that this approach was unacceptable, given the significant value and complexity of the leisure management contract. The Chief Internal Auditor assured the Committee that the audit process had established that appropriate financial and contract payment monitoring was taking place in regard to the contract, and that it was considered important that relevant monitoring processes and procedures were fully documented to support the contract manager, who was currently working on his own, particularly in terms of ensuring continuity. 

Members drew attention to the discussion at a previous meeting of the Committee, about the Council’s corporate approach to contract management, which was currently delivered within each relevant service area. The Committee was concerned that the delivery of effective contract management by a Contact Manager working on their own did not provide good internal control arrangements. The Chief Internal Auditor emphasised that the audit had received substantial assurance and had indicated that contract management processes for the leisure management contract were operating effectively, and that the Contact Manager was now undertaking formal training to support the recommendations of the audit. The Chief Internal Auditor confirmed that, as a result of the findings of the audit, the Corporate Governance Group would be considering the Council’s requirements for effective contract management across all relevant contract areas, particularly in view of  the overall issue of capacity in organisations such as the Council and the need for the appropriate transfer of skills and succession planning.

The Chief Internal Auditor updated the Committee on the work of Corporate Fraud Team, which had prevented the completion of five fraudulent Right to Buy applications since the previous meeting, that had saved the Council approximately £393,000 in potential discounts.

Members were advised that the report of the Debtors Audit had been issued since the previous meeting of the Committee, which had provided substantial assurance that relevant processes were well managed across the Council. The Chief Internal Auditor was requested to clarify and amend as necessary the period for the completion of the recommendations of the proposed Payroll Audit, which members assumed was actually to commence in November 2018. 

The Chief Internal Auditor advised the Committee that compliance with the General Data Protection Regulation (GDPR) was integrated into all Internal Audit activity and that compliance with the GDPR was monitored by the Corporate Governance Group. Members noted that it was intended to establish an officer-level Information Governance Group to oversee continued compliance with the GDPR framework. The Chief Internal Auditor confirmed that the Council had appointed a Data Protection Officer as required by the GDPR and that Internal Audit had worked with the Data Protection Officer to organise a successful data ‘de-clutter’ day to support the GDPR, which it was intended be held on a regular basis.

The Chief Internal Auditor advised the Committee that some slippage had occurred in the delivery of the Internal Audit Plan for 2018/19 over the recent summer holiday period and that that the delivery of the Plan was behind schedule at the end of the second quarter of the year. The Chief Internal Auditor reported that, whilst she was concerned at the current stage of progress with the achievement of the Internal Audit Plan, it was still hoped to complete the agreed programme of audit work by the end of the year. Members were advised that external resources had been commissioned to support the delivery of the Audit Plan and that, as a result, it was hoped that there would not be a need for the Committee to consider the deferral of audit work. The Chief Internal Auditor advised the Committee that criteria for the deferral of audit activity would be developed on a risk-based basis, but that no such criteria had yet been established to prioritise proposed audits. Members considered that any criteria for the proposed deferral of audit activity should be developed for consideration by the Committee.

Notwithstanding the arrangements implemented by the Chief Internal Auditor, the Committee was concerned that it would not be possible for the Council to complete the planned programme of audit work by the end of the year, whether due to over-programming of audit activity or under-resourcing of the Internal Audit Unit. Members emphasised that they had previously expressed a wish to avoid the deferral of audit work in the current year and stressed the hope that the internal audit resources available, together with the external support commissioned by the Chief Internal Auditor, would be sufficient to secure the delivery of the ambitious Audit Plan for the year, whilst accommodating the current level of slippage in the delivery of the Plan. The Committee considered that it would be helpful for the Chief Internal Auditor to undertake an assessment of the elements of the Internal Audit Plan that could now be realistically delivered in the current year, in order to avoid members being requested to agree the deferral or re-prioritisation of specific audit activity late in the year and that this exercise should include the reprioritisation of planned audit activity where necessary.

Members questioned whether the activities of the new Community Police Hub, where these complemented the work of the Corporate Fraud Team, should be included within future reports to the Committee. The Chief Internal Auditor was requested to consider this issue and to report further to the Committee at a future meeting.

RESOLVED:

(1)        That progress against the Internal Audit Plan for 2018/19 for August to September 2018 and the work of the Corporate Fraud Team, be noted;

(2)        That the concerns of the Committee with regard to the successful delivery of the adopted Internal Audit Plan for 2018/19 and the resources available to the Chief Internal Auditor in this regard, be noted;

(3)        That the Chief Internal Auditor undertake an assessment of the elements of the Internal Audit Plan for 2018/19 that could realistically be delivered by the end of the year, for consideration by the Committee at its next meeting;

(4)        That the Chief Internal Auditor develop appropriate criteria for the deferral of audit activity from the Internal Audit Plan for 2018/19, for consideration at the next meeting of the Committee; and

(5)        That, subject to (4) above, the Chief Internal Auditor develop a reprioritised Internal Audit Plan for 2018/19, for consideration by the Committee at its next meeting.