Agenda item

To consider the attached report.

The Committee considered the internal audit monitoring report for December 2018 to January 2019. The report updated members on the work completed by the Internal Audit Shared Service and the Corporate Fraud Team since November 2018 and contained details of audit activity to be undertaken in the current year.  Members were advised that the annual Internal Audit report would be made to the Committee in June 2019 and that Internal Audit was using a contractor to deliver much of the outstanding work, although some audits were being undertaken in-house.

Also included at the request of the Committee, was a copy of the risk register that had been considered by the Finance and Performance Management Cabinet Committee.  An assurance map completed by Internal Audit was also presented to the Committee, which the Chief Internal Auditor said had been a very useful exercise, as it demonstrated the three tiers of defence for managing risk. The first tier was operational control including line manager oversight; the second was to have more independent assurance mechanisms happening within the Council; and lastly the third tier was having a totally independent system of assurance such as internal auditors, external auditors and use of consultants.

As for the internal audit reports issued since the last meeting, it was noted that the following had been issued: 1) Systems access and mobile working – substantial assurance; 2) Council Tax and Business Rates – substantial assurance, there were a few minor inconsistencies but these had been picked up already; and 3) Staff Code of Conduct and Gifts & Hospitality (Staff and Members) – Moderate Assurance, which included a high level overview of the Code. It was noted that the area of gifts and hospitality needed to be strengthened and also that there would be a move to electronic registration as unfortunately, one of the paper copies for one directorate had been misplaced.

Ms Nanayakkara noted that, in relation to mobile working, the report indicated that the accommodation review should not delay the implementation of this programme. The Chief Internal Auditor replied that, at the time of the audit taking place, the Council was going through the first phase of the management restructure and, as a result, progress had stalled slightly. The Committee was advised that the mobile working initiative was now moving forward.

Ms Nanayakkara addressed the gifts and hospitality report noting that the Council would like to have an electronic registration system. It was considered worrying that such a basic requirement had not been fulfilled because a paper registration had been lost and she endorsed the introduction of an electronic register as quickly as possible. She then suggested that the committee might want to consider an annual review of gifts and hospitality policy as she had seen it included in audit committee agendas elsewhere as a rolling check. The Chief Internal Auditor said that this was something that should be considered.

Councillor Knapman said that there was the feeling that the Committee should support the suggested electronic register but there was nothing in the report to say that the Committee would endorse any recommendations made. The Senior Auditor said that the report recommended the electronic register and that was in the process of being added to the tracker. In response to concerns about the retention and maintenance of the previous register, the Senior Auditor replied that the register used to be kept by the executive assistants to the four directorates, but as those posts had been deleted from the establishment and offices were moved around the organisation, the missing register had been mislaid.

Councillor Jennings noted that both staff and members had to fill in an interest register, but noted that members’ interest once filled in did not usually change over a four-year term of office. It was suggested that members should be encouraged to update this on a regular (yearly) basis.

Councillor Lion asked how Internal Audit reports were distributed to the relevant Portfolio Holder and to the relevant Select Committees as it would be useful for Portfolio Holders to know how these reports were being dealt with and what actions they needed to take. The Chief Internal Auditor said that she would talk to the Corporate Governance Group and the Democratic Services Manager about this and get back to him.

The Senior Auditor said that the current tracker was shown at Appendix 4 and contains a total of 9 overdue recommendations; it was worth noting that none of these were high priority and that a number of the recommendations that were overdue had now been completed. The current tracker also included more narrative on how the risks were being managed.

Councillor Jennings noted table 1 on page 16 of the agenda, which looked as though Internal Audit and the Council were focusing on low priority areas instead of medium priorities. The Senior Auditor said that this table just gave the total number of medium, low and high priorities at a particular point in time. So although the low priorities may have gone down it may be that some of the mediums have been completed as well but some new ones have come on board since the last meeting.

Councillor Mohindra noted that in terms of the totals, the trend direction indicated that there might be an issue. The Chief Internal Auditor replied that they had spoken about this at their last meeting when the Committee expressed concerns to lack of progress with recommendations possibly due to lack of resources. Overall this was not the feeling she was getting from officers when she questioned them about this. Internal Audit was now looking to get more detail from recommendation owners as to why things were slipping. There was some slippage but when she compared this to other councils it was quite low.

Councillor Knapman said that he would like the Committee to be able to call a relevant officer or Portfolio Holder and question the time they were taking to implement recommendations arising from internal audit reports, as the Committee still did not have a full grasp of the dates involved. It seemed to him that they were getting to a point that if a project was to be, say, three months over its target date, then an officer would need to turn up to explain why this was. He had now come to the point where a three month deadline should be set. Everyone had resource problems but when they were setting their dates they should take this into consideration. The Chief Internal Auditor suggested that the Leadership Team should be asked to have a look at this and she would speak directly to the Chief Executive to express the concerns raised. Councillor Knapman agreed but noted that this was not just a recent problem, this had been happening for some years. Ms Nanayakkara added that she supported this and the Committee had been very tolerant of increased slippages over the last few months, but it was important that this message went to the new service directors to either be realistic with the deadlines or be prepared to come and explain what was going on.

Also, building on this suggestion, Ms Nanayakkara suggested for the work programme for next year that it contained ‘deep dives’ into particular parts of the business for in-depth review by the Committee, particularly in relation to key risks and resourcing issues. The Committee considered that this approach would present an opportunity for officers to give the Committee their view of the risks they were facing.

The Chief Internal Auditor continued with the report at hand, noting that it went on to talk about the corporate fraud team that continued to do good work for the Council. The team was also working with the Police Hub within Safer Communities. In response to a question Councillor Mohindra was told that the Council could prosecute cases or bring in the Police, and was done on a case by case basis. Councillor Mohindra then asked when was the last time we had reported a case to the Police. He was told that she would have to check and get back to him. The Chief Internal Auditor said that at the next meeting in March the Corporate Fraud Manager would be coming along and she would ask him to speak to this.

The Chief Internal Auditor reported the Internal Audit Charter was a key document and gave Internal Audit’s position in the Council to enable her to provide an independent and objective assurance function. This was reviewed on an annual basis and came to the Committee for approval. The main change from the previous version being in the reporting structure. Internal Audit used to report to the Director of Governance, but now reported to the Acting Chief Executive.

The Committee was reminded that Code of Corporate Governance was also reviewed on an annual basis, and fed into the annual governance statement that would come to the Committee for approval later in the year. Only minor changes have had to be made to it. For noting was the Whistleblowing policy that had also been updated and would be communicated to staff through a poster campaign, in the staff newsletter (District Lines) and would be placed on the intranet.

Ms Nanayakkara was happy to see the change in reporting lines, which put the Council in line with other organisations and gave Internal Audit support where needed. However, in future, where the Committee was being asked to endorse or approve changes, members requested that such changes to be highlighted in the document.

Councillor Mohindra asked if the Chief Internal Auditor was confident the Whistleblowing policy was fit for purpose. The Chief Internal Auditor said that it had definitely been used, as Internal Audit had investigated three cases in the current year that had been reported through the whistleblowing arrangements.

RESOLVED:

(1)       That the progress made against the 2018/19 Internal Audit plan and the summary of the work of Internal Audit and the Corporate Fraud Team for the period from December 2018 to January 2019, be noted;

(2)       That the revised Internal Audit Charter be approved;

(3)       That the revised Code of Corporate Governance be approved;

(4)       That the revised Whistleblowing Policy and procedure be noted;

(5)       That the introduction of an electronic gifts and hospitality register be endorsed;

(6)       That the Chief Internal Auditor be requested to consult with Leadership Team on overdue target dates for the implementation of management action arsing from audit reports and the possibility of reporting to the Committee if the implementation of such management action is over three months behind target; and

(7)       That Members be encouraged to update their register of interest on a regular (yearly) basis.