Joint Audit and Governance Committee |
|
Report of Internal Audit Manager Author: Victoria Dorman-Smith E-mail: victoria.dorman-smith@southandvale.gov.uk South cabinet member responsible: Councillor Pieter-Paul Barker Tel: 01844 212438 E-mail: pieter-paul.barker@southoxon.gov.uk Vale cabinet member responsible: Councillor Andy Crawford Telephone: 01235 772134 E-mail: andy.crawford@whitehorsedc.gov.uk
To: Joint Audit and Governance Committee DATE: 31 January 2023 |
AGENDA ITEM |
|
Internal audit recommendations follow up quarter three 2022/23
(a) That members note the content of the report
|
Purpose of report
1. The purpose of this report is to summarise the outcomes of recent follow up of open recommended actions at both councils for the committee to consider. The committee is asked to review the report and seek assurance that the agreed actions within internal audit reports have been implemented correctly in the timescales originally offered by management, and that controls are managing risk more effectively.
2. The contact officer for this report is Victoria Dorman-Smith, Internal Audit Manager for South Oxfordshire District Council (South) and Vale of White Horse District Council (Vale), email victoria.dorman-smith@southandvale.gov.uk.
Strategic objectives
3. Delivery of an effective internal audit function will support the councils in meeting their strategic objectives.
Background
4. In line with the Public Sector Internal Audit Standards (PSIAS), the chief audit executive (in these councils the Internal Audit Manager) must establish a follow-up process to monitor and ensure that management actions have been effectively implemented or that senior management has accepted the risk of not taking action. Responsibility to resolve issues and manage agreed actions lies with management.
5. Historically, internal audit has undertaken follow-up engagements for all internal audits within six calendar months of the date of issue of the final internal audit report, and annually for key financial audits. However, there is no formal monitoring and reporting of internal audit recommendations which have not been implemented following completion of the six-monthly follow-up engagement. Lack of regular monitoring of recommendations increases the likelihood that actions are not implemented on a timely basis, exposing the councils to risk.
6. In November 2022 the Joint Audit and Governance Committee approved the revised follow up process, which was subsequently launched in December 2022 (i.e., quarter three 2022/23):
Step 1: Quarterly, the internal audit manager emails the open recommendations tracker to action owners and their service managers and/or heads of service requesting an update of progress against agreed actions.
Step 2: Action owners provide their updates, along with supporting information for actions that have been fully implemented.
Step 3: The internal audit manager collates responses and updates the recommendations tracker and internal audit recommendations database, escalating non-responses to the deputy chief executives, section 151 officer, and/or monitoring officer, as appropriate.
Step 4: The status of progress against agreed management actions is reported by to the joint audit and governance committee (JAGC) for their consideration.
7. The roles and responsibilities in the follow-up process are summarised below:
Internal audit manager: track implementation of actions and report progress to the JAGC.
Action owners: implement agreed actions, manage associated risk(s) and provide quarterly status updates to the internal audit manager.
Senior management team: support the internal audit manager in tracking agreed actions and accept the risk of not taking actions.
Deputy chief executives, S151 officer, monitoring officer: support the internal audit manager in responding to non-responses and maintain oversight of open recommendations.
Joint audit and governance committee: monitor progress of agreed actions to ensure that the actions within internal audit reports have been implemented correctly in the timescales originally offered by management, and that controls are managing risk more effectively.
Audit Year |
Total Actions |
Open at 1 Dec 22 |
Q3 Follow Up Activity |
Open at 19 Jan 23 |
|||
Implemented |
Not Implemented |
No Longer Applicable |
Other* |
||||
2013/14 |
72 |
0 |
- |
- |
- |
- |
0 |
2014/15 |
113 |
0 |
- |
- |
- |
- |
0 |
2015/16 |
267 |
0 |
- |
- |
- |
- |
0 |
2016/17 |
160 |
0 |
- |
- |
- |
- |
0 |
2017/18 |
148 |
0 |
- |
- |
- |
- |
0 |
2018/19 |
160 |
19 |
8 |
11 |
0 |
0 |
8 |
2019/20 |
210 |
54 |
16 |
24 |
7 |
7 |
31 |
2020/21 |
133 |
4 |
3 |
0 |
1 |
0 |
0 |
2021/22 |
135 |
107 |
27 |
31 |
4 |
45 |
76 |
2022/23 |
60 |
58 |
25 |
33 |
0 |
0 |
33 |
Totals |
1,458 |
242 |
79 |
97 |
12 |
52 |
151 |
*Progress against these recommended actions will be followed up during 2022/23 planned audits in these areas.
|
Other |
Not Implemented* (Past Due) |
Not Implemented (Not Yet Due) |
|||||||
Audit Year |
Open at 19 Jan 23 |
High |
Medium |
Low |
Total |
High |
Medium |
Low |
Total |
|
2013/14 to 2017/18 |
0 |
No open actions |
||||||||
2018/19 |
11 |
0 |
2 |
6 |
3 |
11 |
0 |
0 |
0 |
0 |
2019/20 |
31 |
7 |
0 |
15 |
9 |
24 |
0 |
0 |
0 |
0 |
2020/21 |
0 |
No open actions |
||||||||
2021/22 |
76 |
45 |
1 |
8 |
13 |
22 |
0 |
8 |
1 |
9 |
2022/23 |
33 |
0 |
2 |
5 |
2 |
9 |
6 |
3 |
15 |
24 |
Totals |
151 |
52 |
5 |
34 |
27 |
66 |
6 |
11 |
16 |
33 |
*See appendix 1 for a full list of not implemented and past due actions.
Climate and ecological impact implications
8. There are no direct climate or ecological implications arising from this report.
Financial implications
9. There are no financial implications attached to this report.
Legal implications
10. There are no legal implications attached to this report.
Risks
11. Identification of risk is an integral part of all audits.
VICTORIA DORMAN-SMITH
INTERNAL AUDIT MANAGER
Appendix 1 – Not implemented and past due actions, analysed by audit year / audit name
No. |
Audit Year |
Audit Name |
Service Area(s) |
Rec ID |
Recommended Action |
Risk Rating |
Original / Revised Due Dates |
Action Owner Comments |
Expected Implementation Date |
1 |
2018/19 |
Petty Cash Procedures |
Development & Corporate Landlord |
889 |
a) Cornerstone should, with support from accountancy, establish an agreed upon process to regularly reconcile petty cash records against the petty cash float, ensuring any discrepancies are investigated and resolved. b) The Beacon should, with support from accountancy, establish an agreed upon process to regularly reconcile petty cash records against the petty cash float, ensuring any discrepancies are investigated and resolved. |
High |
30.6.2019 |
A review of open actions relating to Cornerstone operations is in progress. No other updates at this time. |
31.1.2023 |
2 |
890 |
Formal reminder or training, from accountancy, should be provided to ensure that Cornerstone: - purchase all stationary through the councils contracted stationary supplier, Lyreco. - Purchase all tools and materials via the accounts payable system. - Claim back all expenses, i.e. eye tests, taxi fare, train tickets and fuel, via payroll expenses on the MyView system - Only accept petty cash claims if a valid VAT receipt is submitted. |
High |
30.6.2019 |
|||||
3 |
891 |
a) A review of the stock control processes should be undertaken to identify the reason for regular petty cash spend on food/drink. b) Based on the results of a), Cornerstone should establish controls to ensure that regular petty cash is limited in the future. |
Medium |
31.7.2019 |
|||||
4 |
892 |
a) Formal reminder or training, from accountancy, should be provided to Cornerstone staff about the requirement to separate VAT on the accounts payable payment voucher and to ensure it is coded correctly, to enable the councils to reclaim the VAT. b) Formal reminder or training, from accountancy, should be provided to The Beacon staff about the requirement to separate VAT on the accounts payable payment voucher and to ensure it is coded correctly, to enable the councils to reclaim the VAT. |
Medium |
30.6.2019 |
No |
Audit Year |
Audit Name |
Service Area(s) |
Rec ID |
Recommended Action |
Risk Rating |
Original / Revised Due Dates |
Action Owner Comments |
Expected Implementation Date |
5 |
2018/19
|
Insurance |
Policy & Programmes |
925 |
Review, update and obtain approval for working procedures to ensure that they are version controlled and formally document all aspects of insurance management activities. |
Low |
30.7.2020 |
WIP these procedures have been updated and are due another review 2022/23. When resourcing allows. |
30.9.2023 |
6 |
926 |
A management reporting process should be introduced for insurance claims including reports on caseloads and status of claims for review. |
Low |
30.11.2019 / 30.6.2020 |
High risk service areas identified. Monthly review with these service teams to anticipate potential claims and agree mitigation routes. There is also a monthly H&S meeting to review incidents and claims which feeds into the meeting above and into the H&S SMT report. There is also a monthly meeting with all interested parties regarding Cyber and data security which again reviews potential risk and identifies mitigations, reported and minuted as well as feeds into the quarterly data and cyber security campaign. There is also a data breach triage forum that meets when required to avert incredulous potential claims of data breach comprising of Capita/legal/Data security and insurance and risk, procedures have been updated to ensure insurance are alerted in the first instance via Capita. |
30.9.23 |
|||
7 |
929 |
Consider creating an insurance webpage on the council websites, which includes useful information for the public. |
Low |
31.3.2020 / 30.4.2020 |
Assurance team to chase up Communications team as webpage information is not showing on the council websites. |
30.4.2023 |
|||
8 |
2018/19 |
Risk Management |
Policy & Programmes |
978 |
Incorporate mandatory risk management training into the updated corporate induction to ensure that new starters are aware of their responsibilities. |
Medium |
31.12.2019 / 30.6.2020 |
Incorporated into Leah however there has been a requirement since 2020 to review the risk framework, various methods have been shared with HofS. We now have a consultant to review the risk framework, methodology etc and therefore we await his findings before moving this action on in 2023 via the consultant. |
TBD |
9 |
981 |
Develop a risk management training plan/ schedule to be delivered to new and existing officers, service managers and senior management (i.e. identifying risks within their area, undertaking risk assessments and establishing controls making the risks manageable). |
Medium |
31.10.2020 |
Workshop written await sign off, however there has been a requirement since 2020 to review the risk framework, various methods have been shared with HofS. We now have a consultant to review the risk framework, methodology etc and therefore we await his findings before moving this action on in 2023 via the consultant. |
30.6.2023 |
|||
10 |
2018/19 |
Street Naming & Numbering |
Corporate Services |
826 |
Agree a method of receiving monthly street naming and numbering payment receipts from Capita's finance team. |
Medium |
31.1.2019 |
SNN Team receive weekly receipts list detailing payments made. Wider transformation programme will look to smarten payments to improve this process. Team are reviewing the process for applications for SNN to align with customer and digital transformation. Adjustment to the application process to request electronic payment as part of application process which reduces the potential for non-paid applications being completed. Requires development of the application eform. Wider transformation would see this become part of CRM. This would likely remove this weakness. |
31.3.2023 |
11 |
828 |
Agree a method of regularly communicating non-payment of applications to the debt recovery team for invoicing and collection. |
Medium |
31.1.2019 |
SNN team are reviewing the process for applications for SNN to align with customer and digital transformation. Adjustment to the application process to request electronic payment as part of application process which reduces the potential for non-paid applications being completed. Requires development of the application eform. Wider transformation would see this become part of CRM. |
31.3.2023 |
No. |
Audit Year |
Audit Name |
Service Area(s) |
Rec ID |
Recommended Action |
Risk Rating |
Original / Revised Due Dates |
Action Owner Comments |
Expected Implementation Date |
12 |
2019/20
|
Budgetary Control |
Finance |
950 |
Review and update the accountancy charter to reflect the recent restructuring within Finance. |
Low |
31.3.2020 |
Awaiting action owner comments. |
TBD |
13 |
953 |
Review the current process for recording and approving virement and budget transfer requests and investigate the functionality of the automated approval workflow within Agresso to formally document virement requisitions and approvals. In the meantime, remind relevant officers of the requirement for virements to be formally approved by the relevant head of service. |
Medium |
31.3.2020 |
Online validation through Unit4 is possible but would require Unit 4 development and implementation this isn’t considered cost effective, manual virements are not considered an onerous problem and can be reversed if not correct |
TBD |
|||
14 |
954 |
Review and update the financial procedure rules to provide guidance on what approval should be sought on the approval of urgent virement requests during pre-election periods when cabinet and full council meetings do not take place. |
Medium |
31.3.2020 |
Awaiting action owner comments. |
TBD |
|||
15 |
2019/20 |
Cornerstone |
Development & Corporate Landlord |
973 |
Establish a process to regularly review and update Cornerstone policies and procedures. |
Low |
31.3.2020 |
A review of open actions relating to Cornerstone operations is in progress. No other updates at this time. |
31.1.2023 |
16 |
974 |
A reminder should be given to all staff not to authorise any refunds that they have processed. |
Low |
30.11.2019 |
31.1.2023 |
||||
17 |
975 |
A review of credit card transactions should be undertaken to identify regular payments where the standard accounts payable should be followed. Appropriate actions should be taken to ensure that future payments are processed via accounts payable. |
Medium |
31.3.2020 |
31.1.2023 |
||||
18 |
976 |
Remind officers of the requirement to only use corporate credit cards for exceptional purchases, especially the need to follow the accounts payable process where suppliers are already setup on Agresso. |
Medium |
30.11.2019 |
31.1.2023 |
||||
19 |
977 |
The stocktake record should be signed by both the officer undertaking the stocktake and the officer independently reviewing the stocktake to ensure that an audit trail is in place and to confirm accuracy. |
Low |
30.11.2019 |
31.1.2023 |
No. |
Audit Year |
Audit Name |
Service Area(s) |
Rec ID |
Recommended Action |
Risk Rating |
Original / Revised Due Dates |
Action Owner Comments |
Expected Implementation Date |
|||||
20 |
2019/20
|
Data Protection / GDPR |
Legal & Democratic |
1102 |
Review the roles associated to the councils' DPO and SIRO against GDPR/DPA guidance, taking necessary actions to ensure there is no conflict of interest with the nominated positions and any other tasks/positions held. |
Low |
31.10.2020 / 31.7.2021 |
Since the initial audit, responsibility has moved to the Head of Legal and Democratic Services who has the role of both named DPO and SIRO. The DPO function on a day-to-day basis is managed by the Information Governance and Data Protection Officer with only significant or high-risk issues escalated to the named DPO. This does still present an issue with one officer holding two roles which are ordinarily independent. Issues to be discussed and decision record as either to accept the risk and add to risk register or to resolve. |
31.3.2023 |
|||||
21 |
1104 |
Establish a formal, regular programme of training to ensure officers and councillors receive and maintain the appropriate knowledge to conduct their duties. |
Medium |
30.11.2020 / 31.10.2021 |
The corporate delivery method for training, LEAH, is not user friendly and the Information Governance and Data Protection Officer is exploring the use of metcompliance modules to delivery targeted and refresher training. In the meantime, more information is added to Jarvis as policies and procedures are adopted. |
30.6.2023 |
||||||||
22 |
1106 |
Review and update the data retention and disposal policy and associated record management guidance documents, as listed on Jarvis. |
Medium |
30.11.2020 / 30.9.2021 |
This is included within the information Governance Framework as set out in rec 1d. This specific guidance is not yet updated. |
31.3.2023 |
||||||||
23 |
1107 |
Communicate and publish the updated guidance for officers in relation to data retention and disposal. |
Medium |
30.11.2020 / 30.9.2021 |
This is almost the same as rec 3d above, when updated they will be published on Jarvis, which will be promoted through Info Governance Champions? |
31.3.2023 |
||||||||
24 |
1112 |
Establish an agreed upon process to regularly review and update the ROPA and to reflect any changes in data processing activities across service areas. |
Medium |
31.3.2021 / 30.9.2021 |
As the Information Governance Team becomes aware of any changed or new processes, such as through project documents or DPIA's, teams are asked to update their RoPA and privacy notices. A RoPA policy and procedure has been approved by the Head of Legal and Democratic services and is to be presented to SMT for review. Once done this will be published on Jarvis and communicated through Information Governance Champions. |
31.3.2023 |
||||||||
25 |
1114 |
Conduct a review across all service teams to ensure data sharing agreements are in place, where required. |
Low |
31.3.2021 / 30.9.2021 |
Work is in progress as a part of the Information Governance self-assessment process. A large number of sharing agreements are embedded within contract terms and only sharing agreements that sit outside of those contracts will form part of the record of sharing agreements. |
30.9.2023 |
||||||||
26 |
1116 |
Conduct a review across all service teams to ensure DPIAs are in place for new projects, where required. |
Low |
31.3.2021 / 30.9.2021 |
This was partly implemented at the time of follow up. The agreed action was to embed as a process for all new projects - hence to review information about DPIA's to ensure it is embedded within project documents. The Information Governance & Data Protection Officer advises in all GW1 documents if a DPIA is needed. The need for a DPIA is stated on Jarvis in the data protection pages. An update to the existing DPIA policy and procedure is in progress which will simplify the form and make it less cumbersome for officers to use. This will be published on Jarvis and promoted through the Information Governance Champions. Once this is in place the recommendation will be fully implemented. |
31.3.2023 |
||||||||
No. |
Audit Year |
Audit Name |
Service Area(s) |
Rec ID |
Recommended Action |
Risk Rating |
Original / Revised Due Dates |
Action Owner Comments |
Expected Implementation Date |
|||||
27 |
2019/20
|
Moorings (Vale only) |
Development & Corporate Landlord |
1076 |
Review the moorings policy and establish a procedure to ensure the policy is regularly reviewed on an ongoing basis. |
Medium |
31.10.2020 / 1.6.2021 |
The Technical Projects team have recently taken over as action owner and are working on reviewing and implementing the Moorings audit actions. A draft mooring policy is under review, along with officer training, digital permits, charging, and a winter permit system. |
31.3.2023 |
|||||
28 |
1077 |
Develop procedure notes detailing the tasks which must be completed in relation to moorings and establish a procedure to regularly review and update the notes. |
Medium |
31.10.2020 / 9.4.2021 |
||||||||||
29 |
1078 |
Review payment methods for the moorings service and consider other possible methods, such as BACS. |
Medium |
31.10.2020 / 31.5.2021 |
||||||||||
30 |
1082 |
Undertake a health and safety risk assessment. |
Medium |
31.8.2020 / 9.4.2021 |
||||||||||
31 |
1085 |
Ensure the moorings officer attends health and safety and lone working training. |
Medium |
30.9.2020 / 30.9.2021 |
||||||||||
32 |
1086 |
Set up the moorings officer on the LoneAlert system and establish a process to ensure that it is used during patrols. |
Medium |
30.9.2020 / 1.5.2021 |
||||||||||
33 |
1087 |
Review the mooring rent on an annual basis. As part of the annual review, consider performing a comparison to other local authorities, e.g. nature and type of fees, additional fees for overstaying permit. |
Low |
31.10.2020 / 1.6.2021 |
||||||||||
34 |
1088 |
In order to accommodate residents on the reserve list, and to maximize income to the authority, consider allowing part year moorings when a mooring becomes vacant. |
Low |
31.10.2020 / 1.6.2021 |
||||||||||
No. |
Audit Year |
Audit Name |
Service Area(s) |
Rec ID |
Recommended Action |
Risk Rating |
Original / Revised Due Dates |
Action Owner Comments |
Expected Implementation Date |
|
35 |
2021/22 |
Car Parking & Enforcement |
Development & Corporate Landlord |
1297 |
SABA to continue the recruitment drive to ensure there is adequate resource to conduct car park inspections and patrols in line with the agreed service specification. |
Medium |
31.5.2022 / 31.8.2022 |
Saba have now identified a number of different options to advertise posts but are still struggling to recruit staff (this is a national problem). However, they are short of a weekend worker to work Sundays but are covering on a temp bases with employed staff while still looking to appoint a suitable Sunday operative. Saba failed to meet the KPI for last year financial deductions have been implemented |
TBD |
|
36 |
1298 |
A review of the car park patrol schedule should be considered to ensure there is suitable coverage of all car parks where recent changes in SODC charging periods have been implemented (Sunday charges now apply). |
Low |
1.2.2022 / 12.9.2022 |
This implementation of the recommendation has been affected by moving Parking enforcement to CPE (first ticket issued 23 November 2022). Information is now being built up on Chipside (parking software) as to where the inspection is most effective/required and then the patrol schedule will be reviewed. It is considered that 6 months information is required in the system, so the review is planned to take place in June 2023. |
1.6.2023 |
||||
37 |
Finance |
1304 |
Pay360 system settings to be adjusted to deliver summary level output files for transactions imported to Unit4.
|
Low |
31.3.2022 / 31.12.2022 |
After agreeing the recommendation, it was discovered that the Pay360 settings appeared correct so further investigation would be required, and it was decided to pick this up as part of the Pay360 upgrade project. It had been expected that the upgrade to Pay360 would take place this calendar year. The upgrade is now due to commence in January 2023 with go-live in May 2023 - this recommendation will be picked up as part of that project |
31.5.2023 |
|||
38 |
2021/22 |
Contract Management |
Finance |
1380 |
Remind heads of service of their requirement to perform regular contract monitoring activities, including obtaining management information from suppliers as stated in the contract. |
Low |
31.12.2022 |
This will be covered as part of the procurement training that will be rolled out during the first half of 2023 |
30.6.2023 |
|
39 |
1381 |
Remind heads of service of their requirement to perform regular contract monitoring activities, including formally documenting contract monitoring meetings with suppliers. |
Low |
31.12.2022 |
30.6.2023 |
|||||
40 |
1382 |
Remind heads of service of their requirement to perform regular contract monitoring activities, including ensuring payments are being made in line with contract terms and conditions. |
Low |
31.12.2022 |
30.6.2023 |
|||||
41 |
2021/22 |
Covid-19 Grants |
Development & Corporate Landlord |
1426 |
A record of file access codes to be retained on the secure drive.
|
Low |
1.9.2022 |
Relevant data is being stored at U:\Discretionary Covid Grants - Secure Data. This data is only accessible to the EcDev and Audit teams. The data is currently being populated, and a standard simplified password process will be implemented. |
1.7.2023 |
|
42 |
2021/22 |
Garden Waste |
Corporate Services |
1440 |
A review of the non-direct debit paying customers should be undertaken to establish whether resident circumstances have changed, which may enable payment via direct debit. |
Low |
31.12.2022 |
This is inked to the migration of Garden Waste to the CRM - now scheduled for Q1 2023. |
31.3.2023 |
|
43 |
1441 |
A review should be undertaken of all customers that have not provided an email address and contact should be made to obtain one, so that paper invoices are no longer issued. |
Low |
31.12.2022 |
31.3.2023 |
|||||
No. |
Audit Year |
Audit Name |
Service Area(s) |
Rec ID |
Recommended Action |
Risk Rating |
Original / Revised Due Dates |
Action Owner Comments |
Expected Implementation Date |
|
44 |
2021/22 |
Information Governance |
Legal & Democratic |
1437 |
The information governance and data protection officer could explore the possibility of purchasing a more efficient system to manage information requests. |
Low |
31.12.2022 |
The CRM system being introduced does have a module available for managing information requests but that is not a part of the current project business case. If a business case to include the module were to be approved, the CRM supplier recommends it is left to the end of the project so all teams are familiar with the CRM and this will not be for a couple of years. To be discussed with Head of Service |
31.12.2023 |
|
45 |
2021/22 |
Land Charges |
Legal & Democratic |
1292 |
The area of the website showing the incorrect charges is corrected and in future appropriate checks are made to ensure that both areas are correct. |
Medium |
30.11.2021 |
The same format spreadsheet is now used by both finance and the service teams for fees and charges currently being set for 2023/24. Therefore, the differences should not be present for the 2023/24 charges currently being finalised. |
31.3.2023 |
|
46 |
2021/22 |
Learning & Development |
Corporate Services |
1409 |
Load the approved courses onto LEAH in line with an agreed up3on timescale. |
Medium |
31.10.2022 |
All mandatory courses have now been uploaded. The long list of approved catalogue courses is ongoing. No dedicated resource for this work, but low risk now. |
30.6.2023 |
|
47 |
1413 |
Continue to develop the training matrix identifying the health and safety training required for each role within the council. |
Medium |
31.12.2022 |
Single resource in H&S currently, so focus often on day-to-day support, responding to incidents etc. Seeking to recruit second person to accelerate actioning recommendations. |
30.6.2023 |
||||
48 |
1417 |
Develop a process to monitor progress of the Lets Talk process by service teams. |
Medium |
31.12.2022 |
Discussions held with IT to add automated workflow but held up by general IT / 5Cs issues and priorities. |
30.6.2023 |
||||
49 |
1418 |
Consider whether it would be beneficial to implement post training delivery evaluation. |
Low |
31.12.2022 |
As per management response, induction programme launched in November 2022, so will now review potential to evaluate training. |
31.3.2023 |
||||
50 |
1420 |
Establish a process to provide the agreed reports in the agreed timescale. |
Low |
31.10.2022 |
As we began sending HR data so SMT in October and induction programme rolled out in November, this deferred to consider how to report on L&D and discuss what would be relevant for SMT and/or committees. |
31.3.2023 |
||||
No. |
Audit Year |
Audit Name |
Service Area(s) |
Rec ID |
Recommended Action |
Risk Rating |
Original / Revised Due Dates |
Action Owner Comments |
Expected Implementation Date |
51 |
2021/22 |
Property Compliance |
Development & Corporate Landlord |
1313 |
A full review of properties where the councils hold responsibility should be undertaken to ensure that there are appropriate service contracts in place to ensure full adherence to regulatory and legislative standards. |
High |
30.4.2022 / 30.9.2022 |
Service level agreements (SLA's) reviewed November 2022. Not all SLA's signed off due to gaps in training and resources. Training to completed by 1st Quarter of next financial year (2023-24). |
30.6.2023 |
52 |
1316 |
A review of assets to be conducted and where there may be contention of associated responsibilities, appropriate controls to be implemented to ensure there is clear ownership and acknowledgment of compliance management across services. |
Medium |
30.4.2022 / 30.9.2022 |
Linked to above item 3(a) (Rec ID 1313). In terms of roles and responsibilities going forward this is linked to the of Corporate Landlord Model project. Expected implementation date to be confirmed on Corporate Landlord Model projects approval for the transformation and implementation phase. |
TBD |
|||
53 |
1319 |
Consider implementing a centralised Compliance Performance Report to distribute to responsible officers and/or service teams that displays the status of compliance performance for individual properties and/or service areas, to raise awareness of scheduled works, due dates and outstanding tasks required to be completed. |
Low |
30.6.2022 / 1/1/2023 |
This outcome is aligned to the Concerto upgrade project and the report and dashboard training. Training is scheduled to be delivered on 12 January 2023 |
12.1.2023 |
|||
54 |
1322 |
A regular programme of building stock condition surveys to be in place to ensure that council assets are suitably managed and maintained. |
Medium |
30.6.2022 / 30.9.2022 |
New staff resource due to start January 2023. To then schedule the forward maintenance plans. To be completed by second quarter of the financial year (2023-24) |
30.9.2023 |
|||
55 |
Corporate Services |
1311 |
In coordination with HR, review that adequate training is available and provided to individuals to conduct operational duties safely in respect of property management compliance. |
Medium |
30.6.2022 / 31.12.2022 |
Corporate Landlord not yet implemented. Training matrix in progress and not yet supplied to HR to review and implement. |
31.12.2023 |
||
56 |
2022/23 |
Gifts & Hospitality |
Corporate Services |
1451 |
a) Issue a reminder to officers of the requirement to declare any gifts or hospitality received to their service manager, even if the offer was accepted or declined.
b) Issue an email to all service managers regarding the process of officers declaring gifts and hospitality and their role in managing it and reporting it to human resources on a regular basis. |
Medium |
30.11.2022 |
The action is transferred to HR ownership. Mark Minion is seeking an update from David Fairall and has advised that he is happy for HR to own this recommendation |
TBD |
57 |
Legal & Democratic |
1452 |
Risks identified and control in place regarding officers’ gifts and hospitality should be entered on either the corporate or operational risk registers. |
Medium |
30.9.2022 |
This risk will be added to the corporate risk register |
31.3.2023 |
||
58 |
2022/23 |
Grievance Policy |
Corporate Services |
1430 |
Review and update the contractual polices page on SODC and VWHDC websites. |
Low |
31.10.2022 |
In progress - date extended. |
31.1.2023 |
No. |
Audit Year |
Audit Name |
Service Area(s) |
Rec ID |
Recommended Action |
Risk Rating |
Original / Revised Due Dates |
Action Owner Comments |
Expected Implementation Date |
59 |
2022/23 |
Information Security |
Corporate Services |
1476 |
Review requirements for agency staff, contractors, and members to complete mandatory information/cyber security training to ensure awareness of council IT security practices. |
High |
31.12.2022 |
Actively working with IT to develop and upload Leah courses. On track to implement on time. |
31.12.2023 |
60 |
1486 |
Capita to provide a suitable offline immutable backup solution for servers hosted within the Capita provided platforms (e.g., Nuvem, Azure), currently being pursued by the 5CP security working group. |
High |
30.11.2022 |
Completed CCRF received from Capita on 16/12/22. Now sat with 5C for sign-off and into delivery. Expected 31 March 2023 however the migration of Mendip out of 5C might cause delay and will take priority. |
31.3.2023 |
|||
61 |
2022/23 |
Payroll |
Corporate Services |
1459 |
Develop a checklist of the training required by new starters and record the completion of training. |
Low |
31.12.2022 |
This is in progress, but date extended to enable chance to test and review with new members of the team. |
31.3.2023 |
62 |
1461 |
Senior managers remind officers that they must submit adequate fuel receipts to support their mileage claim and that if they are not submitted then their mileage will not be authorised. |
Medium |
31.12.2022 |
A new draft mileage log has been created, but not yet ready to be rolled out (as seeking feedback from high-mileage users). When ready, will communicate new process as well as reminding everyone of the need to attach a receipt AND the log. |
31.1.2023 |
|||
63 |
1462 |
Consider introducing a standardised business mileage log that details full journey details, (including start and end locations), vehicle details (make model/engine size) and a claimant declaration that can be reconciled to route planners as part of a management review. |
Medium |
31.12.2022 |
31.1.2023 |
||||
64 |
1463 |
Consider requiring a copy of the authorised log to be attached to the claim submission within the MyView system, ensuring claim documentation is supported, easily accessible and provides a suitable audit trail within the system. |
Medium |
31.12.2022 |
31.1.2023 |
Actions awaiting action owner comments:
No. |
Audit Year |
Audit Name |
Service Area(s) |
Rec ID |
Recommended Action |
Risk Rating |
Original / Revised Due Dates |
Action Owner Comments |
Expected Implementation Date |
65 |
2019/20 |
Development Management |
Planning |
969 |
Update the draft delegation protocol document to include authorisation of delegated reports prepared by team leaders and the protocol for review of pre-application letters. |
Medium |
31.12.2019 / 31.10.2020 |
Awaiting action owner comments. |
TBD |
66 |
2021/22 |
Council Fees and Charges |
Finance |
1284 |
Consider developing a standard format for each page within the fees and charges schedules. |
Low |
31.12.2021 / 30.9.2022 |
Awaiting action owner comments. |
TBD |