The internal audit plan for 2021/22 was approved by the Governance and Audit Committee at the 18 March 2021 meeting. This report provides an update on progress against that plan and summarises the results of our work.
A report was presented to the Committee by the Internal Auditor to provide the progress against the plan and feedback any findings from finalised audits since the last meeting.
The Auditor confirmed that all reviews had been completed and finalised in alignment with the audit plan for the year. Since the previous meeting, the final two reports had been completed. It was reported that there had been one change in the plan since the previous meeting due to timings.
The Auditor reported that Continuous Assurance 4 had tested ten key controls. As part of this, three areas of non-compliance were raised against the ten controls resulting in three low management actions:
· Planning Applications – Management would ensure all extensions, where decisions were to exceed their initial determination time, were documented on email and attached to the document management system.
· Housing Repairs Management would formally document repair timeframes via internal documentation such as a Repairs Policy.
· IT Access Controls – Management would ensure that access to systems was actively disabled within 30 days of an employee leaving the Council.
The following points were raised during discussion:
• A Member raised concern on the low figure of representative samples of ten and how the samples were selected, whether it was randomly generated or chosen.
· Concern was expressed in relation to the ten samples and how many the total number of samples were out of and whether it was representative.
The Auditor confirmed that ten samples were agreed with management at the start of each assurance review for each of the controls. The samples were selected by internal audit independently, a full report was provided from the system of all completed repairs within the period, sample tests were then carried out via the system.
One Member raised a query regarding the number of housing jobs currently available.
Further clarification was sought relating to IT access controls and whether the Council leaver had access to the software in the first instance or if the Council was unable to disable the access following them leaving.
The Auditor confirmed that in an instance, the individual never had access to the active directory. It was also noted that the number of housing jobs was not available at the time of the meeting.
The following further queries relating to the report were raised:
· How many planning applications were dealt with in the statutory period and how many were not determined within the statutory period.
· Whether the failure in housing repairs had been brought up by internal audit or through a different source.
· Why the implementation date of 31 May 2022 and the risk of housing actions being low.
· Further concern of a Council leaver still having access to a finance system after leaving the authority
The Auditor reported that the information could be provided on how many applications were within the statutory period, however, the sample testing would still be ten.
It was confirmed that a housing compliance audit was conducted at the beginning of the year and had been brought to the Committee at a previous meeting. Partial assurance was provided to the Committee at that previous meeting, as part of the plan. The target date provided had been agreed with management at the time of the audit. The action rated ‘low’ had been based on documenting a repairs policy.
The Head of Finance & ICT reported that the individual would have had access to the financial management system until their IT equipment had been returned to the authority. It was confirmed that a new process had been implemented where Payroll would provide a list of leavers to IT to ensure all access was removed when staff left the employment of the authority.
That the Governance and Audit Committee noted the Internal Audit Progress Report.