Agenda item

To present the Internal Audit progress report.

The report of the Internal Audit Manager on the work of the Internal Audit Service during the period from 1 April to 31 August, 2015 relative to the 2015/16 Audit Plan was presented for the Committee’s consideration.

The Internal Audit Manager highlighted the following main points –

•  That a schedule of performance targets for the period ending 31 August 2015 was attached at Appendix A and indicates that the Service is broadly on target.

•  That the vacancy within the Internal Audit Team has now been filled and an appointment made.

•  A summary of all audit assignments completed during the year to date including work in progress from 2014/15 is set out in the schedule at Appendix D which summarises the audit opinion and recommendations in respect of each area reviewed and will form the basis of the opinion

contained in the Annual Statement of Assurance of the overall adequacy and effectiveness of the Authority’s governance, risk management and internal control framework for 2015/16.

•  Since 1 April, 2015 ten final reports have been issued from the 2014/15 Internal Audit Operational Plan and three from the 2015/16 Operational Plan.

•  Two of the planned audits completed during the year to date are assessed as not providing positive levels of assurance. During the period 1 April 2015 to 31 August 2015 the ICT Disaster Recovery Audit resulted in a Minimal Assurance rating and the Business Continuity Management Audit was assessed as providing Limited Assurance.

•  Audit recommendations are rated high, medium or low according to the perceived risk. The percentage implementation rate at 4 September, 2015 was 66% of high and medium recommendations having been recorded as implemented.

•  A report by the previous Interim Audit Manager to the Committee in July 2015 identified that work is required to improve the monitoring and reporting of progress in implementing agreed recommendations. It is intended to review the follow up process within the Internal Audit Service

so as to provide assurance to the Committee that the recommendations made in Internal Audit reviews are implemented by Management within agreed timescales. A report to that end will be presented to the Committee in due course.

The Committee considered the report and noted that some of the reviews listed at Appendix D were recorded as providing Limited or Minimal Assurance e.g. ICT Disaster Recovery and it sought clarification of the issues involved. The Interim Head of Resources and Section 151 Officer said that Business Continuity management of which ICT Disaster Recovery forms a part has been an area of longstanding concern for the Council and has been identified as an issue by previous audit reports. A new ICT Manager is now in post and steps are being taken to provide him with the funding necessary to improve the robustness of ICT disaster recovery arrangements. It is anticipated that a significant improvement will have been made by the time of the next audit review.

It was resolved to accept the report and to note its contents.

NO FURTHER ACTION ENSUING