Agenda item

To report progress against the Internal Audit Plan 2024/25 for the first and second quarters (1 April to 30 September 2024) and the resulting level of assurance from the planned work undertaken.

To provide an update to members on the resourcing situation within the Internal Audit team. 

Deborah Moss, Head of Internal Audit, presented the report to members.

Members asked questions, made comments and received responses as follows:

·         Councillor Booth referred to the review which has been postponed due to the fact that the contract has only just commenced, and he does have concerns with regards to this as he has requested that a review takes place over a number of previous years and whilst he understands the reasoning behind the delay he asked that the review is undertaken as soon as possible in the new financial year. He made the point that a six-month time period is enough time to audit how a contract is operating, and it can be used as a benchmarking exercise to ensure it is embedded sufficiently.

·         Councillor Booth referred to the actions in the report and highlighted that there appears to be a theme around training not being undertaken across a couple of the reviews including phishing and data protection, with one of the outstanding actions was regarding safeguarding and whilst he is aware that there is a new Human Resources platform, in his view, it raises a question as to how training is monitored, completed and tracked at an individual level. He suggested that the committee asks HR to clarify whether the new system has a tracking facility in place so that assurances can be given that training is completed at the appropriate time which will save having to undertake reviews on it in the future.

·         Councillor Booth expressed the opinion that with regards to follow ups it would be good to look at high risk areas and sample the medium areas whilst leaving the low areas as they stand. He added that now the new Audit Team is in place he has always been an advocate of having more contingency in place in order that there can be ad hoc reports undertaken as and when issues arise and are identified. 

·         Councillor Booth expressed the view that with regards to the report format, it has been an evolving report format, and he has been an advocate of the committee receiving executive summaries as he is not confident that there is enough level of detail of what the issues actually are, and he feels that an executive summary would be very useful. Peter Catchpole expressed the view the report has evolved significantly following input from Councillor Booth and he explained that efforts are now being made to strike a balance so that the committee do not need to be appraised with regards to every operational risk that is picked up on and rather give the committee details with regards to the medium and high-risk matters. 

·         Peter Catchpole added that he welcomes the point that Councillor Booth has suggested with regards to sampling medium follow ups and he made the point that all of the high follow ups need to be implemented almost instantly unless there are reasons when that cannot happen. He explained that his focus when the previous Internal Audit Manager was in post was that he did not want to see any outstanding actions from previous years and he agrees that some things are not always in the Council’s control, such as the procurement legislation and safeguarding. Peter Catchpole added that Deborah Moss only joined the authority in May and has joined from a neighbouring authority, she has her own ideas on how she wants to manage expectations and is already challenging him, which in his opinion is very healthy, and she is contributing at management team level and not just at Internal Audit. He made the point that the aim is to raise the profile of Internal Audit, and he thinks this is being achieved internally and the input that Councillor Booth provides is helpful and there will be a planned session on how Internal Audit is conducted and the findings in order to evolve and develop.

·         Deborah Moss stated that with regards to the follow ups she is used to a software programme to assist with the monitoring and currently she is using a spreadsheet to try and streamline her work. She explained that with regards to the training it is something that she will take forward to the Corporate Governance Group to discuss further.

·         Councillor Booth questioned whether the specification for the new training platform has been agreed and he would hope that there is a tracking functionality built into the system and if that is not the case then it is something that needs to be included. He added that he is used to working with a system where there are built in reminders for training to be undertaken.

·         Councillor Christy stated that the format is good and very easy to follow and welcomes the fact that he can see that the mandatory training is being completed. He questioned whether the next iteration should identify some key performance indicators for the committee in order that a heat map type approach can be worked towards.

·         Councillor Christy referred to the aspect of ICT cyber security where is states on page 211 that the cyber security plan did not contain enough detail and, therefore, one is being developed and asked whether there is any information with regards to the deadline for that especially when it appears that issue is becoming far more prevalent? Peter Catchpole stated that there is the intention of undertaking a training session with the committee on the subject of cyber security, with the profile of cyber issues having increased and there is a mandatory training session for all staff. He added that training could be risk rated as well, and any new members of staff cannot commence their role without first undertaking some basic tasks including cyber and security training. Peter Catchpole added that there is the intention to bring a training session to the next committee which will focus on cyber security. Stephen Beacher reiterated the point that before the next committee there will a session held on cyber security.

·         Councillor Mrs French disagreed with the point made by Councillor Booth with regards to street lighting and as she is the Portfolio Holder responsible for street lighting she suggested that a year would be a better indicator in order to monitor the performance rather than 6 months.

·         Councillor Mrs French referred to the point made by Deborah Moss, and asked Peter Catchpole whether there was the possibility of investing in some software to assist officers? Peter Catchpole explained that as part of the Transformation Programme, automation forms a large part of the project and to date he not seen a business case formally requesting a piece of software, however, if it is felt that it is something that adds real value then it is something he would agree to look at.

·         Councillor Mrs French explained that she had attended an Anglian Revenues Partnership meeting the previous day where the focus was centred on training. She added that training is so important for staff, and she congratulated officers for the work that they are undertaking on training.

·         Councillor Booth made the point that ICT is being raised at Overview and Scrutiny meetings because of possible implications and it may require a joint approach going forward. He added that with regards to software, many years ago he was responsible for setting up some assurance software and at the time there were only a couple of providers in the market, with at that time the product being quite expensive and there was a great deal of work required in order to set it up for the parameters specific to an organisation and he explained that Excel appeared to be the default option for many assurance functions in his experience. Deborah Moss agreed that she cannot see it will be financially viable due to the cost implication which is significant.

Members agreed to note the activity and performance of the Internal Audit function.