Agenda item

Progress Report on Internal Audit Activity

To examine the progress made between 2 March 2021 and 20 July 2021 in relation to the completion of the revised Annual Internal Audit Plan for 2020/21 (report of the Head of Internal Audit enclosed).

Minutes:

Consideration was given to the report of the Head of Internal Audit, which examined the progress made between 2 March 2021 and 20 July 2021 in relation to the completion of the revised Annual Internal Audit Plan for 2020/21.

 

The Governance and Audit Committee received updates on progress made against the annual internal audit plan.  The report formed part of the overall reporting requirements to assist the Council in discharging its responsibilities in relation to the internal audit activity.

 

The Public Sector Internal Audit Standards required the Chief Audit Executive to report to the Governance and Audit Committee the performance of internal audit relative to its agreed plan, including any significant risk exposures and control issues.  The frequency of reporting at South Holland was to each meeting. 

 

To comply with the above requirements, the report identified:

 

·         Any significant changes to the approved Audit Plan;

·         Progress made in delivering the agreed audits for the year;

·         Any significant outcomes arising from those audits; and

·         Performance measures to date

 

The Committee was advised of details of progress made in delivering the agreed audit work, and the outcomes arising from the auditor’s work was detailed within the report.

 

During the period covered by the report, Internal Audit had issued two reports, one of those was in draft and was awaiting management responses – Asset Management (Draft) (Reasonable Assurance); and Remote Access (Reasonable Assurance).

 

The information within the report was considered, and the following issues were raised:

 

·         The Internal Audit Manager presented the findings raised from the remote access audit and confirmed that two important priority findings had been raised, one relating to policies and procedures and one in relation to remote access monitoring.  Members raised concerns over timeframes in relation to completion of the second monitoring recommendation due to a deadline of 2022 being given and felt that this was an important issue and should be dealt with sooner.

o   The Internal Audit Manager could not comment on the project or when this would happen.  However, the risk was being clearly articulated and needed to be considered for the Strategic Risk Register. 

·         Members responded that there were real risks and that the matter had to be dealt with more urgently.

o   The Internal Audit Manager agreed on the urgency of the issue, which had been added into a Cyber Security internal audit, currently planned for Quarter 4, but which could be brought forward.

·         The Chairman requested that the IT Manager be requested to attend the next meeting to discuss the issue.

 

·         As part of the Asset Management Arrangements audit, it was stated that a planned maintenance programme be developed for relevant assets and that this be subjected to regular review, to reduce the risk of health and safety issues and asset deterioration – members supported this action.

 

·         The Asset Management Arrangements audit stated that the asset register had been updated in accordance with the 31 March 2020 asset valuation report however, evidence of subsequent/ongoing valuations were not provided.  Members asked if there was any newer information following the 2020 report.

o   The Internal Audit Manager advised that a report was currently in a draft state, that responses were still awaited, and that there would be a further update at the next meeting.

 

AGREED:

That the information detailed within the report be noted; and

 

a)    That the IT Manager be requested to attend the next meeting to provide the Committee with an update on the Remote Access Recommendations.

Supporting documents: