To consider progress achieved in delivering the Internal Audit Plan to date in 2018/19, including seven final Internal Audit reports and an update on progress achieved in implementing recommendations from previous internal audit reviews.
Peter Harrison, Internal Audit, introduced the Internal Audit Progress Report 2018/19. Appendix 1 of the report provided a summary of the progress against the Internal Audit Annual Plan as at 25 March 2019.
The Internal Audit Manager presented executive summaries relating to seven audit reports which had been completed in the period, as set out in Appendix 2 to the report. All seven of the audit reports had resulted in reasonable assurance assessments and there had been no urgent action points identified within any of the reviews.
Three important action points had been identified in the Review of Use of Agency, Interim and Casual Workers. The need for the Director of Strategy, Innovation and Resources to focus on this area moving forward with the Customer Connect Programme was raised.
One important and one operational action points had been identified in the Review of Health and Safety – Property Risks. It had been identified that the Council did not have current contracts in place for some of its property routine service work. A review of contract management would, therefore, be carried out as a specific piece of work to ensure that contracts were in place moving forward.
Six important, two routine and three operational action points had been identified in the Review of Cyber Security. The important action points related to the contract framework and to policies and procedures in relation to this area. It was further pointed out that a recent Local Government Association cyber security stocktake had also raised a number of recommendations. Concern was raised with regard to the implementation dates for the recommendations which were felt to be somewhat far ahead. Bearing in mind the importance of the issue, it was felt that progress could be made sooner in some areas and the Chairman, therefore, asked for a further report on Cyber Security to be brought to the next meeting of the Committee in July 2019.
Reasonable assurance had been provided regarding the Review of Customer Connect as, despite there being no recommendations in regard to the current approach, there had been some slippage regarding timescales and budgets. Given the flexible nature of the project methodology, an opinion regarding the operation of the project management control framework during future phases of the Programme could not be offered.
Two important and one routine action point had been identified in the Review of Homelessness due to the Homelessness Strategy being out of date and the need to ensure that the working relationship with Cumbria County Council relating to service provision was documented and agreed or clear evidence that protocols were being advanced was provided.
Three important, nine routine and one operational action points had been identified in the Review of Information Governance. In response to a query, Members were advised that the General Data Protection Regulation had been applicable from 25 May 2018. On the whole, other authorities had progressed similarly to South Lakeland, although some were way behind, not having appreciated the importance of meeting the Regulation or the amount of work required. The Chairman asked for a further report to be brought to the next meeting of the Committee in July 2019 in order to ensure that the recommendation implementation timetable was met.
One important, two routine and one operational action points had been identified in the Review of Housing Benefit. The Finance Lead Specialist (Section 151 Officer) provided clarification with regard to the important action point, which was that amounts to be written off individual debtor accounts that were in excess of £20,000, regardless of the reason, be approved in line with the requirements of the Financial Procedure Rules. She explained that the incident referred to where the write-off of an amount in excess of £20,000 had been approved by the Chief Finance Officer, had been as a result of a misunderstanding. This had been picked up and designated as a DWP Official Error and she informed the Committee that officers would ensure that write-offs would be treated correctly moving forward. In response to a query with regard to the action implementation deadline of 31 December 2019, the Finance Lead Specialist (Section 151 Officer) explained that the consequential changes to the Council’s Constitution would be brought to the Audit Committee in December 2019. In the meantime, work would be carried out in accordance with the rules of the current Constitution.
Internal Audit had also assessed the extent to which previous internal audit recommendations had been implemented. The report showed that 14 recommendations were yet to be implemented. Three were on target and there were 11 in progress where the original target dates had not been met. Five recommendations had been implemented and were now considered closed. Concern was raised with regard to the outstanding recommendations relating to Bereavement Services. The Director of Policy and Resources (Monitoring Officer) advised that some of the issues would be addressed within the new Parks and Open Spaces Strategy, the draft of which was due to be considered by the Overview and Scrutiny Committee on 26 April 2019. In addition, the Director of Strategy, Innovation and Resources informed Members that Bereavement Services, as a fully customer focussing service, would be dealt with as part of Phase 2 of the Customer Connect Programme and that the appropriate experience and knowledge would be in place in order to deliver the service. The Director of Policy and Resources (Monitoring Officer) having further indicated that the Parks and Open Spaces Strategy would be considered by Cabinet in June 2019, the Chairman suggested that the revised due date for implementation of the recommendations relating to Bereavement Services should be altered to 30 June 2019.
RESOLVED – That the following be noted:-
(1) the progress achieved in 2018/19 in delivering the Audit Plan and the outcomes of completed audit reviews, as set out in Appendix 1 to the report;
(2) the audit reports, as set out in Appendix 2 to the report; and
(3) the progress achieved in implementing recommendations from previous internal audit reports, as set out in Appendix 3 to the report.