Agenda item

To present the report of the Head of Audit and Risk.

The report of the Head of Internal Audit and Risk which provided an update on Internal Audit’s latest progress with regard to service delivery, assurance provision, and reviews completed was presented for the Committee’s consideration.

The Head of Audit and Risk reported as follows –

•           That three Internal Audit reports were finalised during the period two of which resulted in a Substantial Assurance rating – these were Grant Certification Audits in relation to Rent Smart Wales and the Pupil Development Grant. The third review relating to Corporate Safeguarding produced a Reasonable Assurance rating and identified 4 major issues/risks that need to be addressed. The issues/risk were designated major because of their potential impact in this area. However, overall the review concluded that the Council has implemented a number of effective controls to manage the risk of serious safeguarding error causing or contributing to harm to those who it has a responsibility to protect and consequently, Internal Audit was able to provide reasonable assurance of the governance, risk management and control in this area.

•           That three reports with a Limited Assurance rating are scheduled for a follow-up review as detailed in paragraph 15 of the report. Two Follow-up reviews are currently in progress – Primary Schools Income Collection (first Follow-Up) and Sundry Debtors (second Follow-Up) .The Follow-Up to the Logical Access and Segregation of Duties review has been postponed pending the completion of the Payroll/Payments function restructure.

•           That the Council’s IT Service has confirmed that the “4 action” corporate action tracking system upgrade to which Internal Audit’s quarterly reports have referred to in recent months has now been configured and is being tested. This process has identified some issues which are currently with the supplier for resolution. These have been chased up and it is hoped they can now be progressed.

•           That there has been little change with regard to the Operational Plan for 2019/20 in the six weeks since the last Committee update. Although progress has been hampered by the holiday season, a number of draft reports have been issued which are awaiting management response and work has continued on several audits as detailed in paragraph 19 of the report as well as a consultation piece on staff car loans.

In considering the report the Committee queried whether in view of the potential impact of the 4 issues/risks identified in an area as sensitive as safeguarding, the review should have resulted in a Limited Assurance thereby ensuring it would be formally followed up and the outcome reported to this Committee.

The Head of Audit and Risk clarified that Internal Audit had worked very closely with Senior Management with responsibility for safeguarding as well as with the Education Service and schools and that the actual picture is more positive than the corporate monitoring position reflects. In practice, DBS checks and renewals are being undertaken and the issues identified pertain to routine housekeeping around DBS e.g. lack of formal meeting minutes for the strategic safeguarding board, and the absence of an integrated system to record and monitor DBS compliance and renewals with reliance being placed instead on service based manual processes which were seen to be causing some issues particularly for school staff.  Work was ongoing during the audit and the issues highlighted have been taken on board with the Head of Profession (HR) and Transformation advising that the Council will shortly be procuring the DBS e-bulk system for this purpose. The Head of Audit and Risk confirmed that although the review will not be followed up in the same way as for a Limited Assurance review, Officers will be required to update the corporate tracking system on their progress in managing the risks identified and these will not be closed down until Internal Audit is satisfied that they have been fully mitigated or addressed. Should any of the Issues/Risks remain unaddressed, then as major or amber rated risks they will come to the Committee’s attention as part of the biannual reporting of outstanding Internal Audit Issues/Risks. Corporate Safeguarding is also reviewed annually as an element of the Corporate Risk Register.

It was resolved to accept and to note the latest progress by Internal Audit in terms of service delivery, assurance provision, reviews completed and its performance and effectiveness in driving improvement.

NO ADDITIONAL ACTION WAS PROPOSED