To receive the report from the Internal Audit and Risk Manager.
The purpose of this report is to summarise the outcomes of recent internal audit activity at both councils for the committee to review.
Recommendation:
That members review the results of recent internal audit work and monitor progress of management actions.
Minutes:
The internal audit and risk manager, presented the report, outlining the work of the internal audit team and completed audits. They confirmed that they were reviewing the current internal audit plan to determine if it still meets the councils’ strategic objectives.
They also confirmed that many actions had been implemented, including some of the high-risk overdue items. There were eight such items, and the team was working with the heads of relevant services, with assurances that these were being progressed.
Members enquired why some high priority overdue actions from 2021-22 were still included and what the process was for escalation.
The officer confirmed these actions were part of a longer-term plan for some departments. They reassured members that the audit team was proactively engaging with the heads of service and these items were being prioritised. The list has significantly reduced in number and will continue to be a focus.
The head of finance, noted that the internal audit team should bring to the committee's attention any items that were not progressing. Members agreed importance of the committee’s role in holding department accountable and agreed that heads of service attending committee meetings if necessary was a helpful part of this process.
Members were assured that the high-risk items were progressing positively, and the focus will now shift to medium-risk items. It is expected that most of the high-risk items will be closed by the next meeting.
It was agreed that the officers would consider how items were brought to the committee's attention.
Members enquired about the status of any information security audit items. It was confirmed that the information security actions were completed.
The head of finance reassured members that an issue being defined as high-risk does not necessarily refer to a statutory duty. They reiterated that some actions require an overhaul of systems and processes and would take many months to complete, whereas some issues could be resolved more quickly.
The internal audit and risk manager stressed that many departments had a heavy workload, with many urgent priorities to manage. Members acknowledged this and noted the progress that had been made on the risk register.
RESOLVED: to note the internal audit report.
Supporting documents: