Agenda item

To consider an update from Internal Audit.

The Internal Auditors, RSM provided a general update on the progress of the internal audit, explaining that the Council were on track to deliver the plan by the end of March 2024. The purchasers and creditors and payroll reports had been issued in draft. A meeting was held on 12 March 2024 to move forward and close work on the Section 106 reports. The follow up field work was also complete and would shortly be going through management review.

Questions on progress were invited, and it was clarified in response that the draft responsive repairs report was to be finalised. A meeting had taken place recently with the management team to discuss this, and further feedback would be given at the next meeting of Governance and Audit Committee.

The reports were presented to the Committee in turn:

-          Food Safety Management. The Council conducted inspections of food outlets to assess compliance and safety arrangements. Overall substantial assurance was provided, with three management actions, focusing on updating procedures, ensuring that supporting notes were included on the system where businesses have closed, and the timing of inspections.

-          Governance. The internal auditor looked at five committees, with a focus on the terms of reference and how the committees discharged their duties in relation to this. They also considered reports, agendas and minutes to ensure that the terms of reference were being complied with. Substantial assurance was provided, with one low area to ensure that all committees undertook a full self-evaluation at the end of each year. The internal auditors looked at minutes of committee meetings and commented that it was evident there was challenge during these meetings. The auditors commented that they could only base their answer on the information recorded in minutes. It was confirmed that there was a reference in the Constitution to an annual Scrutiny Report for each Overview and Scrutiny Committee. This hadn’t been completed in the last municipal year but was due to visit Full Council later in 2024 to ensure this included a full year of Council business.

-          Recruitment and Retention. This report looked at how this process was being managed by the HR team and individual teams when undertaking recruitment exercises. The report was positive with substantial assurance and three low management actions were agreed relating to maintaining evidence of training being conducted, and retention of documentation including requisition and shortlisting and scoring. It was remarked that interview forms should always be retained unless there was a reason not to; in 5 out of 20 instances the forms had not been retained.

-          Cyber Treatment Plan. In 2022 the Department for Levelling Up, Housing and Communities (DLUHC) performed a review around grant funding. 32 actions were identified during this review. DLUHC has now signed off these actions, with 1 of 32 ongoing. This was a good report with substantial assurance and one low. Two actions had been marked as complete and signed off by DLUHC, however the internal auditors felt that while these actions had been completed, further enhancements could be made to reduce risk. It was confirmed that one action around installing core switches within the IT network would be completed imminently.

-          Risk Management Review. Risk was a key area of the Head of Internal Audit Opinion. This was undertaken as an advisory review, completed from a perspective of the evolving and changing risk which had also been discussed at the previous Governance and Audit Committee meeting. There were nine recommendations from this report to take this work to the next level, ensure that actions are followed though, and look at good practice. It was agreed that minutes would be taken for the Risk Management Group meetings. Internal auditors also explained that there were no particular red flags raised, and that it was important to note the Council were taking steps to improve risk management. It was noted that the report recommended resuming the use of risk management software, and in response the Governance and Risk Officer confirmed that the use of this had been paused following a software upgrade, but following approval of the new Strategic Risk Register usage will be resumed.

In noting it, Councillors shared praise for the report and the progress made by the internal auditors.