The Audit Manager led Members through the internal audit report to 30 September 2019 that gave details of audit matters and any emerging issues, not only in relation to audit but risk management and corporate governance.  It was advised that, owing to a combination of audit overruns and other circumstances beyond the Council’s control, overall progress on the 2019/20 Audit Plan was slightly behind target at present, meaning that some of the planned audits would not be carried out during the current financial year. The annual Governance Audits were, however, well underway and the Internal Audit Team was making good progress.   

The report gave details of the three audits completed in the quarter (HMO Licensing, Joint Waste Contract and Car Park Income), two of which had been given good or substantial assurance on the overall governance arrangements. However, the third report (Car Park Income) only provided limited assurance owing to the issues found with the operation of Western Car Park, Camber. The precise nature of the audit findings were the subject of a separate confidential report elsewhere on the agenda. 

It was noted that the Joint Waste Contract audit was based on the outgoing contract with Kier; the Biffa contract would be covered later in the year.

Work on four other audits (Housing Allocations, Property Investment, Community Infrastructure Levy (CIL) and Software Licensing) was at an advanced stage as at 30 September 2019.  

All recommendations issued to date in the current financial year had been implemented. It was noted that progress on the older year recommendations had been quite slow this quarter with a total of 13 recommendations still outstanding. All cases where there had been no movement in the past six months had therefore been brought to the attention of the Executive Directors for further action.

At the previous meeting, the Committee expressed concern that three recommendations from 2017/18 were still outstanding and they requested a progress update at the next meeting.  Progress was being made to address all issues, although none had so far been resolved.  The implementation of two Data Protection recommendations had been delayed due to the previous Data Protection Officer leaving the authority.  The writing of the Document Retention Policy had become a larger piece of work than had initially been anticipated, but privacy notices had been placed on the website.  Data Protection training would be rolled out to all staff and Members in the New Year.

Migration of the email exchange server was now complete so the off-site disaster recovery exercise could now be run.

RESOLVED: That the Internal Audit report to 30 September 2019 be noted.