Accessibility settings

In order to remember your preferences as you navigate through the site, a cookie will be set.

Color preference

Text size

Agenda item

Internal Audit Monitoring Report

To consider the internal audit work undertaken and the assurance given on the adequacy of internal controls operating in the systems audited.  

Minutes:

13.1          The report of the Head of Corporate Services, circulated at Pages No. 157-172, was the final monitoring report of the financial year and summarised the work undertaken by the Internal Audit team since the last Committee.  Members were asked to consider the audit work completed and the assurance given on the adequacy of the internal controls operating in the systems audited.

13.2          The Head of Corporate Services advised that the full details of the work undertaken were attached at Appendix 1 to the report and gave the opinion in relation to audits on the project management framework and Ubico health and safety.  A list of audit recommendations that were due to be followed-up could be found at Appendix 2 to the report; of the 10 recommendations followed-up during the period, seven had been implemented, two partially implemented and one was yet to be implemented.  Appendix 3 to the report gave an overview of the status of the Internal Audit Plan 2018/19.

13.3          With regard to the audit of the project management framework, Members were advised that this had been in place for four years and incorporated a range of documents and guidance on how key corporate projects should be managed, for example, refurbishment of the Public Services Centre, the new leisure centre etc.  It was recommended that the guidance be reviewed to ensure it was up-to-date and reflected the latest risk management strategy and General Data Protection Regulation (GDPR) privacy and retention guidelines.  All project documentation was stored on Sharepoint and could be accessed by all relevant Officers.  A limited audit opinion had been issued in terms of the operation of the framework e.g. training, ensuring completeness of documents etc.  This was overseen by the Corporate Services Officer but testing had shown that, whilst the key documentation was in place, underlying supporting documentation, such as privacy impact assessments, was not consistently available.  With regard to the Sharepoint system, assurance was obtained that this was being maintained but risk registers had not been completed for every project which was not compliant with the Council’s corporate risk management strategy.  Although the vast majority of corporate projects were identified through the framework, it was recommended that the Corporate Services team go through all service plans to ensure all potential projects were identified so that delivery could be overseen.  It was noted that the framework set out clear criteria for defining a project and the Programme Board was well-established and was providing adequate challenge.  It was recommended that projects where the overall status was ‘green’ should also be reviewed by the Board to ensure that status was accurate.  A Member noted that a limited opinion had been issued and he presumed that would be addressed going forward.  In response, the Head of Corporate Services confirmed that the recommendations arising from the audit were set out in the final column of the table at Appendix 1 to the report and a report would be taken to Programme Board by the end of October to set the benchmark.  He provided assurance that his team was already working on updated guidance documents for projects and, as with all audits, this would be followed-up in due course to give assurance that all recommendations had been implemented.  A Member questioned whether sufficient attention was being paid to risk and the Head of Corporate Services advised that external project management had been brought in for some of the high profile, more complex projects so he was satisfied it was being adequately considered in those instances; it was the less significant projects that needed to be sharpened up.  In response to a query as to whether Officers understood what they needed to do, Members were informed that it was intended to hold a training session for all Operational Managers as they tended to lead projects in their teams.  He provided assurance that the Programme Board would be making sure that risk registers were included as and when projects came forward.

13.4          Members were advised that a satisfactory level of control had been found to be operating in the audit of Ubico health and safety monitoring.  The Head of Corporate Services explained that there was a raft of governance around Ubico including the Environmental Services Partnership Board (ESPB), quarterly Management Team updates, monthly management reports, biannual reports to the Overview and Scrutiny Committee and an annual health and safety report to the Audit and Governance Committee.  A restructure of the company in 2018 had resulted in the creation of a Head of Compliance post to help foster a health and safety environment and ensure the relevant risk assessments were in place.  Following this, Ubico had achieved the International Standard for Health and Safety which gave good assurance health and safety was being adequately addressed.  It was noted that Ubico worked with the Head of Community Services, the Grounds Maintenance Project Officer and the Joint Waste Team Officer to review operational activities on a regular basis e.g. crew checks etc. and they also had a relationship with the Council’s Health and Safety Officer.  There were recommendations in respect of risk assessment and safe systems of working to further improve monitoring, and for Ubico to undertake regular health and safety checks on bring sites that were open to the public which would then give a full picture and ensure that all assessments that should be in place were in place.  A Member queried whether risk assessments were specific, as he was aware that a lot of companies tended to use generic assessments, and was advised that they were generally robust but there was a need to ensure that everyone used the same systems.  With regard to a query in respect of a recent accident, Members were informed that accidents should be reported within 24 hours and a detailed report would follow which should be received by the Client Monitoring Officer.  The Head of Corporate Services indicated that it was probably too early to know the outcome but he provided assurance that a report would be taken to the ESPB setting out the risks and controls in place along with any recommendations.

13.5           Attention was drawn to Appendix 2 to the report and Members were advised that all recommendations due to be followed-up had been followed-up.  One recommendation in respect of commercial waste had not been implemented and the Chief Executive had now requested a meeting of key officers to resolve the issues which had meant that some people continued to receive a service despite no longer paying for it.  There were two amber recommendations which had been partially implemented: a review of the trade waste services was currently underway and a report would be presented to the Overview and Scrutiny Committee in January 2020 on the long term sustainability of the service; and a draft corporate retention schedule had been produced and was due to be presented to the GDPR Information Group next month for sign-off.

13.6           Having considered the information provided, it was

RESOLVED          That the Internal Audit Plan Monitoring Report be NOTED.

Supporting documents: