Agenda item

To examine the progress made between 5 January 2022 to 8 March 2022 in relation to the completion of the Internal Audit Plan for 2021/22 (report of the Head of Internal Audit enclosed).

Consideration was given to the report of the Head of Internal Audit which examined progress made between 5 January 2022 to 8 March 2022 in relation to the completion of the Internal Audit Plan for 2021/22.

The Head of Internal Audit introduced the report and highlighted the following points within the Progress Report and its appendices:

·         Section 2.1 highlighted that three audits (Legal Services; Budget Sustainability Savings; and Digital Strategy) had been postponed at the request of management, the reasons predominantly being as a result of the impact of partnership working

·         Section 3.1 highlighted that 63% of the Plan had been completed.  A few audits had been rescheduled, but good progress was being made and all was on track to provide an opinion at the July meeting.

·         Section 4.4 confirmed that three reports had been finalised and issued – Cyber Security (Reasonable Assurance); Licensing (Substantial Assurance) and Payroll (Audit Lincolnshire) (Reasonable Assurance). 

·         Section 4.6 advised that work on Corporate Fuel Cards had been concluded.  The policy and process had been considered and no significant concerns had been raised.  However, it had been requested that business intelligence be undertaken over the use of fuel and bearer cards.

·         Appendix 1 provided a visual representation of progress in the completion of the agreed audit work

·         Appendix 2 provided an executive summary and details on finalised reports.

·         The maturity assessment of Cyber Security was in a different format to what the Committee usually received.  This was a very bespoke piece of work undertaken by TIAA and a lot of insight into the review was provided.  The outside line (blue) of the spider diagram at item 10 within the Summary at Appendix 2 indicated the aspirations of the Authority and PSPS around cyber security.  Evidence of the current situation was shown by the green line. Further information regarding the current position against aspiration was provided in the accompanying table.

The following points were raised:

·         Members raised concerns that requests for deferment due to the impact of partnership working (at section 2.1) should not become a default reason for delays.

·         The Chairman commented that the spider diagram referred to was useful.

·         With regard to cyber security, it would be interesting to know how PSPS’s  level of cyber control compared to other contractors.  In addition, why was the supply chain element not tighter than it was?

·         At Appendix 2 under Issues to be Addressed (previous audit recommendations), it was stated that ‘the audit reviewed the previous internal audit recommendations, of which two remained outstanding relating to updating of the Hackney Carriage and Private Hire Licensing Policy……’.  How long ago had the previous audit been, and why had these not been dealt with by Licensing?

·         At Appendix 2 under Issues to be Addressed (Complaints, Appeals and Revocation of licenses) members commented that it was good that complainants would be notified of the outcome of their complaints in a timely manner – this was required to encourage the public to engage with the Authority where necessary.

·         At Appendix 2 under Issues to be Addressed (other issues noted), members asked why the statement ‘Digital licence applications are now received by the Licencing Team via email and processed in the same way as hard copy applications’ was included.

·         The Chairman did not like the layout used for the Payroll audit, and did not feel that it was very user friendly and the difference in the various ways of reporting made comparison difficult.

·         With regard to the Payroll Audit (Key Messages), it was stated that there was a snag list of actions to be implemented – what was the timescale for this?

·         Members commented that with regard to the Payroll audit, there was a medium risk stated relating to fraudulent or incorrect payments – was the medium risk as a result of fraud or process.

·         At Appendix 2 under Issues to be Addressed (Positive Findings), it was stated the Council had an up-to-date Gambling Act 2002 policy dated January 2022, which adhered to guidance issued by the Gambling Commission.  In light of the issue raised earlier in the meeting regarding the Community Lottery, members requested that it be confirmed that this adhered to the Council’s Gambling Policy?

AGREED:

That the information detailed within the report be noted.