Agenda item

To note the progress on delivery of internal audit, counter fraud and information governance work; and approve the revised audit charter.

The Audit Manager, Veritau presented the report which provided an update on progress made in delivering the internal audit work plan for 2019-20, along with an update on the counter fraud and information governance work undertaken to date in 2019-20.   

The Audit Manager, Veritau pointed out that eight 2019-20 audits were in progress with three 2018/19 audits at draft report stage and highlighted to the Committee the progress in agreed actions, and the current status and key options for the audits reported previously.   

In relation to the counter fraud aspect of the report, the Counter Fraud Manager, Veritau highlighted that 88% of investigations completed had resulted in a successful outcome, achieving £4.8k of cash savings for the Council, and avoiding a £78k ‘loss’ in respect of a Right to Buy application being cancelled.  The Committee were also informed that the Counter Fraud team, in conjunction with the Council’s Communications team, had run a cybercrime awareness week, delivering cybercrime awareness information to Council employees, which had proved very successful.

The Audit Manager, Veritau drew the Committee’s attention to appendix C of the report which provided an update on Information Governance matters, to include the General Data Protection Regulation (GDPR) action plan along with data breaches. 

The Committee were informed that Appendix D of the report was the Internal Audit Charter, in February 2019 CIPFA had published updated guidance on the application of the Public Sector Internal Audit Standards (PSIAS) in local government.  To reflect the guidance a number of minor updates to the Internal Audit Charter were proposed and shown within the document as tracked changes, for the Committee’s approval.

The Committee queried the purpose of the Information Asset Register (IAR) and Privacy notices, the Chief Finance Officer informed the Members that the IAR was required by law and documented all the information assets that the Council held, and privacy notices informed customers about what the Council did with personal data. 

In relation to a query regarding the security incident, the Chief Finance Officer was unable to confirm the specific nature of the incident, the Audit Manager, Veritau stated that he would contact the responsible officer and circulate the response to the Committee.

Discussion took place regarding how the individual audits were prioritised, and whether the Audit and Governance Committee could have an input; a request was also made that when dates were quoted within the reports they should include both start and completed dates for clarity.  The Chief Finance Officer stated that the Committee was consulted on the work programme, which was formulated based on a risk assessment, and that timing was agreed with officers to ensure that the audits were spread over the year, and where appropriate to align with the work of external audit.  It was confirmed that an audit status update could be provided with start and end dates.   

In relation to the Internal Audit Charter the Committee requested a number of amendments to include:

• page 161, number 5.3, bullet point 1, amend board and senior management to read Leadership Team
• page 162, number 7.2, bullet point 1, amend Cabinet to read Executive
• page 163, number 7.5, the Head of Internal Audit will informally meet in private with members of the Audit and Governance Committee, to read individual members, and again on page 169, number 5
• page 169, number (ix), the word ‘be’ to be inserted between will and conducted on the penultimate line.

The Committee noted the contents of the report; and approved the revised Internal Audit Charter subject to the amendments above.

RESOLVED:

i.              To note the progress on delivery of internal audit, counter fraud and information governance work.

ii.            To approve the revised Internal Audit Charter subject to the amendments above.