The Audit Manager led Members through the internal audit report to 30 September 2021 that gave details of audit matters and any emerging issues, not only in relation to audit but risk management and corporate governance. 

Progress on the 2021/22 Audit Plan was currently running a few weeks behind schedule, but the position had improved since the last quarter and continued to do so.

Two audit reports were issued in the quarter and an overview of the findings arising from each was given in the Executive Summaries in Appendix A to the report.  Both audits provided substantial assurance on those areas reviewed.

Several audits were also nearing completion at the end of the quarter and had since been issued – these included reviews of the Grounds Maintenance Contract, the Blackfriars Project and Income Management. The Executive Summaries for these reviews and any other audit reports completed in the third quarter would be included in the next progress report.

Appendix B to the report updated Members on the progress made on implementing the audit recommendations reported at the previous meetings.  Six of the older year recommendations remained outstanding; three of these (Council Tax, ICT Network Security and ICT Governance) were now at an advanced stage and were all scheduled to be completed by March 2022 at the latest. However, progress on the other three cases (Procurement and the two Creditor recommendations) remained slow, and this was due in part to resourcing issues. The Chief Executive had been informed of the situation and was monitoring progress. However, the Head of Service responsible for all six issues was soon retiring meaning that the responsibility for resolving these outstanding matters would now fall to the relevant line managers.

Of the current year recommendations, almost half of these had already been implemented and work had begun on all other cases.

Every three years Internal Audit had traditionally produced a Strategic Audit Plan setting out the audits it intended to carry out over the next three-year period.  However, the need for a more responsive, adaptable approach to audit planning was brought into sharp focus during the COVID-19 pandemic, but, even in normal times, the rigid structure of a Strategic Audit Plan model did not cope well with major change.  With the new Strategic Audit Plan due to be reported to the Committee in the next quarter, it was therefore proposed that the 3-year Strategic Audit Plan be dropped in favour of standalone, annual audit plans. The Audit Manager would continue to use a risk assessment to determine what audits were included in the annual plan, but the move away from the existing model would provide greater flexibility and better use of limited resources.

Owing to the imminent retirement of the Assistant Director Resources, the Audit Manager had taken on responsibility for Risk Management Policy and for collating and reporting on updates to the Corporate Risk Register.  The Audit Manager’s role was limited to that of Risk Management Co-ordinator and it did not include any responsibility for managing risk, which remained the responsibility of Management.  Members had considerable concerns about the Audit Manager’s role in the Risk Management process and questioned who would ultimately be responsible for managing/mitigating Council-wide risks going forward. Members recommended that it would seem necessary for a senior officer to be identified to take responsibility for managing risk.  Members requested and agreed that their concerns be taken back to senior officers.

The Audit Manager updated Members on two issues raised previously on the Corporate Risk Register – an additional risk had been added to cover the loss of staff and recruitment issues experienced by contractors delivering key Council services; and the unmitigated risk score for major projects had been increased from 9 to 15, indicating a high priority.

The Audit Manager confirmed that issues found in the Waste Contract audit concerning cleansing of roads exceeding 40 miles per hour limit detailed in Appendix A to the report would be followed up six months after the audit was issued, and that the waste team were aware and in contact with the contractor.  Members recommended and agreed that the Audit Manager request further information on progress from the Head of Neighbourhood Services.

RESOLVED: That:

1)         the Internal Audit report to 30 September 2021 be noted;

2)         the proposal to replace the 3-year Strategic Audit Plan with standalone, annual audit plans be approved;

3)         the Committee’s concerns regarding the Audit Manager’s role in the Risk Management process be taken back to senior officers to consider identifying one senior officer to take responsibility for managing/mitigating Council-wide risks; and

4)         the Audit Manager request a progress update from the Head of Neighbourhood Services regarding negotiations with the contractor to remove the 100 km cap on the cleansing of roads with a speed limit exceeding 40 miles per hour.