To present the report of the Head of Audit and Risk.
Minutes:
The report of the Head of Audit and Risk incorporating an update on outstanding issues and risks as at 31 August, 2021 was presented for the Committee’s consideration.
The Principal Auditor highlighted the main points as follows –
· That prior to the upgrade of the 4action tracking system, a report on outstanding issues and risks was presented to the Committee twice a year. The first detailed report outlining performance in addressing audit actions since the implementation of the new 4action system was presented to the Committee on 20 April, 2021. At the time the Committee confirmed that it would like a report of this nature to be presented to it bi-annually. As such this report is the second, mid-year update.
· That no Red issues/risks were raised during the year and there are no Red issues/risks currently outstanding.
· As at 31 August, 2021 there are 56 outstanding actions being tracked in 4action. Of these 19 are rated major (amber) and 37 moderate (yellow) in risk priority. (Graph 1 refers).
· That there are currently no actions that have reached their target date for completion and become overdue.
· That Graph 3 in the report shows the status of all actions irrespective of the date management agreed to address them. It shows that management has now addressed 49% of them with Internal Audit having verified completion of 47% of these. The remaining 2% related to actions from an audit of Payments Supplier Maintenance which Internal Audit will be following up formally in January, 2022.
· That around 20% of the actions shown as not started on 4action relate to two audits – Payments Supplier Maintenance and Corporate Parenting Panel which were finalised towards the end of the 2020/21 financial year and where the issues/risks identified have not yet reached the dates by which management has agreed for their completion.
· That Graph 4 within the report shows the status of all actions that have reached their target date. It shows that where due, 100% have been addressed. Of these Internal Audit has verified almost all apart from those relating to the Payments Supplier Maintenance audit which is scheduled for follow-up in the New Year. Occasionally and only where there is a legitimate reason for doing so, target dates may be extended. Due to the Covid 19 emergency, several target deadlines have been extended for services whose priority over the last 18 months has been focused on responding to the pandemic.
· That the 56 outstanding actions are spread between 2016/17 and 2020/21. A single “old” action dating back to 2016/17 is yet to be fully addressed by management. This is rated as moderate or yellow in risk priority and relates to the requirement for services to provide assurance that their procurement activity is effective in the annual service challenge process. Work to address it is nearly complete with management assuring that it will be resolved in time for the next service challenge exercise in November, 2021.
· That there are no major or amber rated issues/risks dating back further than 2019/20 (graph 6 refers) which demonstrates that management is prioritising addressing risks of higher risk priority.
· That a detailed status update of all outstanding major or amber rated issues/risks currently being tracked in 4action is provided at Appendix 1 to the report. Internal Audit will endeavour to pursue all outstanding actions to ensure their completion.
It was resolved –
· To note the Council’s progress in addressing the outstanding Internal Audit issues/risks.
· To confirm that the level of detail included in the report meets the Committee’s assurance needs in this area.
Supporting documents: