Decision status: Recommendations Approved
Is Key decision?: No
Is subject to call in?: No
The Internal Audit Manager introduced the Internal Audit Progress Report 2019/20. Appendix 1 of the report provided a summary of the progress against the Internal Audit Annual Plan as at September 2020. He explained that, in terms of internal audit delivery, the work for 2019/20 had largely been completed by the end of March 2020, including following up on outstanding recommendations. One review, that of Non-Domestic Rates, had not been carried out due to it having been scheduled to commence just at the time that the country had gone into lockdown. It had not been necessary to carry out the ERDF Grant review as the amount of grant claimed had not been significant at the time the review had been due to commence.
In response to a query regarding progress against the Annual Plan for 2019/20 and concern at the large amount of reasonable assurances provided as opposed to substantial, the Internal Audit Manager explained that this was not unusual and that reasonable assurance was a good level of assurance indicating only that some improvements could be made. The assessments were based on the number of recommendations and the priority of the recommendations made. These were always followed up to ensure that they had been implemented and, this being the case, it could be taken from this that the systems had improved and, arguably, could be then considered as having moved to substantial assurance. He added, however, that when the reviews were repeated in two to three years’ time, things may have changed and that other issues which needed addressing could become apparent.
The Internal Audit Manager presented executive summaries relating to seven audit reports which had been completed in the period, as set out in Appendix 2 to the report and as follows:-
Data Protection Compliance had received an assessment of reasonable assurance, with the conclusion being that the Council had a robust framework to facilitate ongoing compliance with the current Data Protection legislation, including appropriate policies, procedures and guidance. Four important and one routine action points had been identified, details of which were provided.
ICT Network Security and Cybercrime had received an assessment of reasonable assurance with the conclusion being that appropriate operational cyber security arrangements were in place at South Lakeland District Council, however, that the framework within which the cyber security controls function could be strengthened. Five important, three routine and three operational action points had been identified, details of which were provided. The Internal Audit Manager stressed that this was a critical area and referred to recent targeted attacks carried out on the education sector in order to compromise systems. The Director of Strategy, Innovation and Resources referred to recent events in Northumbria and Newcastle Universities and informed the Committee that the details had been immediately reported by the relevant Lead Specialist, resulting in the instigation of refresher cyber security awareness training for all staff. The Finance Lead Specialist (Section 151 Officer) added that colleagues in Copeland who had experienced a cyber-attack a couple of years previously had shared lessons learnt from the experience which had provided officers with ideas on recovery from this type of event which could have huge implications on a local authority. Members acknowledged the need to be wise in this regard.
Contract Management had received an assessment of limited assurance, with the conclusion being that the basic elements were in place for procurement, however, with a number of recommendations being made to improve the process, particularly with contract management. Two urgent, nine important, five routine and one operational action points had been identified, details of which were provided. In response to a query on training, the Finance Lead Specialist (Section 151 Officer) reported that there had been one to one development work with staff who had moved into this area of work following major changes in staffing around contracts, as well as a new Procurement Specialist recently having taken up post. She explained how Customer Connect had led to changes in staffing roles and in those leading on contracts, resulting in the need for a large amount of additional training in procurement regulations, at the same time as the onset of Covid-19. In addition, there had been a lot of additional work around contracts regarding negotiations and some fairly intense procurement exercises which had had to be re-run due to limited response during the pandemic. Work had yet to be caught up on and officers were looking into how best training could be rolled out and the potential for online sessions. The Finance Lead Specialist (Section 151 Officer) also drew attention to the Contract Management Board which was mainly made up of officers from the Legal Services, Finance and Procurement Teams. She informed Members that the Board, the establishment of which the Legal, Governance and Democracy Lead Specialist (Monitoring Officer) had helped to push forward, was working hard to identify and address issues. The Legal, Governance and Democracy Lead Specialist (Monitoring Officer) provided details of the work being carried out by the Contract Management Board which was reviewing contracts impacted on by Covid-19 as well as carrying out checks across the Council’s services. In terms of the Contracts Management Register, she pointed out that the table within the report suggested that the Procurement Specialist was the lead in this regard, however, explained that this was, in fact, her responsibility as the Monitoring Officer. She added that the Deputy Monitoring Officer was working hard to ensure that the Register was complete and up to date to ensure that the Team was more aware regarding the renewal of contracts. The Legal, Governance and Democracy Lead Specialist (Monitoring Officer) looked forward to providing the Committee with updates on the progress.
Customer Connect had received an assessment of reasonable assurance, with the conclusion noting that the Council was now into the fourth year of its ambitious transformational Customer Connect Programme based on a blueprint provided by its implementation partner, Ignite. One important action point had been identified regarding the digital innovation aspect of the Programme, which was behind schedule, over budget and under delivering when compared against the original business case. The Director of Strategy, Innovation and Resources explained that there were a couple of business cases associated with the Customer Connect Project, the first one to which the recommendations and comments primarily related to being about the digital side of the project and the original business case in 2016. The Council had then come forward in 2018 with a full Customer Connect business case, which was more associated with the people side of the Programme. He informed the Committee that officers were keen through this finding to ensure that the original digital business case was updated and incorporated into the new business case, which was currently on track. The need to be able to demonstrate delivery of the benefits of the project and to actually show how they had been developed at its conclusion was wholly accepted.
Main Accounting Systems had received an assessment of reasonable assurance, with the conclusion being that testing of the system had shown that there were robust processes that were predominantly being adhered to, but which could be further enhanced. Two important and one routine action points had been identified, details of which were provided.
Leisure Services had received an assessment of reasonable assurance, with the conclusion being that there were arrangements in place for the management of the leisure partnership contract, however a number of recommendations had been made to improve the process. One important and three routine action points had been identified, details of which were provided. The Director of Strategy, Innovation and Resources responded to a concern raised around Covid-19 and as to whether the potential for the reintroduction of lockdown and the possibility of Kendal Leisure Centre being reinstalled as an emergency hospital had been taken into account within risk assessments. He agreed that this would certainly pose a risk towards the operation of the Leisure Centre. The Council maintained dialogue with the Hospital Trust and was connected with the Strategic Co-ordination Group and would become aware if there was a growing need. The current view regarding a recovery centre was that it had not been required last time and that there was no sign of the Leisure Centre being used in the future. The Director of Strategy, Innovation and Resources also referred to the action point identified regarding the need to establish what KPIs had been agreed between the Council and Greenwich Leisure Limited (GLL) as part of the contract agreement. He informed Members that an update had been provided by the Operational Lead Delivery and Commercial Services. KPI arrangements were now in place with GLL and suitably documented. The Director of Strategy, Innovation and Resources recalled the existence of KPIs and regular reports in previous years and suspected that the lack of recent records was down to changes in staff.
Emergency Planning had received an assessment of substantial assurance, with the conclusion being that the Council had robust Emergency Planning arrangements in place to maintain a capability to plan for, and respond to, incidents or emergencies that could impact on its communities. One routine action point had been identified, details of which were provided. In response to a suggestion, the Chief Executive undertook, in consultation with the Chairman, to arrange for a letter of thanks to be sent to the lead officer on behalf of the Committee.
Internal Audit had also assessed the extent to which previous internal audit recommendations had been implemented. The report showed that 20 recommendations were yet to be implemented. Two were on target and there were 18 in progress where the original target dates had not been met. Eleven recommendations had been implemented and were now considered closed. The Director of Strategy, Innovation and Resources, in response to a query, explained that he had previously undertaken to provide a detailed update to the Committee on outstanding actions and undertook now to gather the relevant information, including additional narrative, and provide an update at the next meeting. The Chairman, although cognisant of the Covid-19 situation, stressed the need for implementation of the recommendations. The Finance Lead Specialist (Section 151 Officer), within whose remit this issue sat, informed Members that additional resources were being sought through the Operational Lead Support Services and his Team to ensure that the recommendations were being turned around.
With the exception of Councillor Kevin Holmes who abstained having been disconnected from the meeting for part of the item and no other Member having raised concern when asked by the Chairman, it was
RESOLVED – That the following be noted:-
(1) the progress achieved in 2019/20 in delivering the Audit Plan and the outcomes of completed audit reviews, as set out in Appendix 1 to the report;
(2) the audit reports, as set out in Appendix 2 to the report; and
(3) the progress achieved in implementing recommendations from previous internal audit reports, as set out in Appendix 3 to the report.
Publication date: 15/10/2020
Date of decision: 17/09/2020
Decided at meeting: 17/09/2020 - Audit Committee