Issue - meetings

Internal Audit Progress Report

Meeting: 24/11/2022 - Governance Scrutiny Group (Item 21)

21 Internal Audit Progress Report pdf icon PDF 222 KB

Report of the Director - Finance and Corporate Services

Additional documents:

Minutes:

Ms Thomas from BDO, the Council’s internal auditors, presented the Internal Audit Progress Report which highlighted the completion and issuance of two reports from the 2022/23 Internal Audit Annual Plan.

 

She confirmed that the Council was making good progress in completing the 2021/22 recommendations, with nearly all being completed apart from two related to planning and S106, and which were due to be completed in January 2023.

 

In relation to the Internal Audit findings, Ms Thomas said that IT Asset Management audit had received a moderate rating for Design and a substantial rating for Effectiveness. She explained that the review had looked at the Council’s physical IT assets and software licensing arrangements, including assessing the controls in place for disposal and management of the lifecycle of hardware.

 

She explained that a medium rating had been found in relation to the Council not having documented procedures in place for the management of IT assets and that policies scheduled for review in March 2022 had not been reviewed at the time of the audit. She noted however that the Council did have many associated policies in place regarding hardware and encryption but that it was recommended that all information be incorporated into one document.

 

Members of the Group referred to the Council’s process for reviewing software licences and the lack of IT process documentation. Ms Thomas confirmed that the Council did have a system in place to alert if more or fewer licences were required, but that internal audit had recommended that a more proactive approach be taken. The Service Manager for Finance confirmed that the Council did have IT policies in place which worked well and that the finding was that they be brought together into one place.

 

In relation to the Asset Refresh Policy, Ms Thomas said that the Council had processes in place monitoring the lifecycle of equipment but that inclusion of more detail, including in relation to oversight of the process, had been recommended.

 

In relation to the Health and Wellbeing audit, a moderate rating for both Design and Effectiveness had been made and three medium and three low level findings were raised.

 

Ms Thomas explained that one of the medium ratings related to the Council not having a detailed, overarching, strategy to outline responsibilities and its approach towards managing employee health & well-being, including information about the activities and work that the Council provided in relation to health and well-being. She noted that Management did not concur with this moderate rating.

 

Ms Thomas explained that the second medium rating related to health and well-being KPIs for sickness absence monitoring being limited to the number of days lost to sickness, that although the Council recorded causes of sickness absence this information was not currently included in the KPIs. The Council having a broader suite of KPIs was recommended. She noted that Management did not concur with this moderate rating.

 

Ms Thomas said that the third medium rating related to the Workplace Health intranet not being updated  ...  view the full minutes text for item 21