Agenda item

To present the report of the Head of Audit and Risk.

The report of the Head of Audit and Risk on the status and detail of the outstanding risks that the Internal Audit Service has raised was presented for the Committee’s consideration.

These were detailed in Appendix A to the report and contained also a progress update from the Managers responsible for addressing the issues/risks documented.

The Principal Auditor reported as follows –

•           That there are no High or Red Issues/Risks currently outstanding, and performance in addressing Amber rated issues/risks has improved since the previous update in July with the overall implementation percentage for High/Red/Amber issues/risks at 92%.

•           That there has also been a small improvement in performance for the Medium/Yellow risks with an overall reduction in the number of outstanding actions by 5, spread across services.

•           As at 11 August, 2019 the implementation rate was 100% for High/Red issues/risks; 83% for Amber issues/risks; 97% for Medium issues/risk; 80% for Yellow risks/issues.

•           That 2 Follow-up review – Sundry Debtors and Schools Income Collection are currently underway and these two reviews account for 6 out of the 9 outstanding Medium Issues/Risks.

•           That confirmation has been received that the required action under item 9 in Appendix A – PCI DSS Compliance relating to the Transformation Service has now been completed.

•           That implementation of the new upgraded corporate action tracking system provides an opportunity to review the Internal Audit Service’s’ reporting framework to ensure that the information provided to senior management and the Audit and Governance Committee is in line with the new audit approach and is useful, concise, relevant and timely. As it will be easier to configure the new system’s reporting parameters from the outset rather than make changes once operational, it was considered prudent to consult with the Committee about its reporting requirements prior to the upgrade so that these can be built into the system. It is anticipated that the new system can be configured to more easily report on areas as listed in paragraph 14 of the report - that currently require significant manual intervention.

The Committee in considering the report and the type of information it would like to be provided with under the new action tracking system indicated that whilst incorporating all the elements in paragraph 14 would be useful, the separation of red and amber risks would be particularly helpful.

It was resolved that the Audit and Governance Committee –

•           Notes the Council’s progress in addressing the outstanding Internal Audit recommendations and risks, and

•           Supports the inclusion of the elements noted in paragraph 14 of the report as part of future reporting to the Committee under the new 4action actions tracking system.

NO ADDITIONAL ACTION WAS PROPOSED