Agenda item

Report of the Corporate Director Resources (Section 151 Officer) Clare James, presented by the Audit and Risk Manager.

The Corporate Director Resources submitted a report to support members in reviewing the Internal Audit Annual Report for 2021/22 and in reviewing progress in relation to risk management activity.

The Audit and Risk Manager introduced the report.

She explained to members that the internal audit report was produced to meet requirements set out by PSIAS and to assist in meeting the Accounts and Audit Regulations 2015. The report set out the progress made and work carried out in relation to internal audit and risk management for the year 2021/22. She told members that the outcomes of this work would allow her to make an annual, overall opinion in relation to internal control, risk management and the governance processes across the council.

She explained to the committee that owing to resourcing constraints, there was some work that had not been completed, with work on the two delayed areas being added to the audit plan for 2022/23. She also explained to members that Marine Hall had been added back onto the audit plan for 2022/23 as a result of its re-opening after its closure during the pandemic.

The Chair asked about the site inspections report, which had been given a ‘Fair’ rating by the Auditor and what processes were in place to complete this work. The Audit and Risk Manager explained that this work would be added to their GRACE Risk Management system, with actions to be followed up by officers and the internal audit team.

She also took the committee through the other audit work undertaken by the team during 2021/22, as detailed on pages 103-110 of the agenda pack. The Audit, Risk and Performance Lead explained the item on the National Fraud Initiative, updating members that they had trained the Corporate Apprentices and the Insurance and Business Continuity Officer to assist with the ongoing investigations from the 2020/21 council tax single person discount data matching exercise.

The Head of Governance and Business Support spoke to members on information governance and her judgement as Data Protection Officer on security and use of business assets. She stated  that cyber security continued to be a concern, and a risk assessment was in progress. Despite the continued concerns around cyber security and larger pieces of work continuing on the council’s information asset registers, she told members she was happy that both of these issues would be addressed.

The Audit and Risk Manager spoke to the committee on updates to the council’s counter fraud policies; she reminded members that they had recently completed the Ethical Governance Surveys, which test users’ knowledge and understanding of the council’s counter fraud policies. The actions that arose through the survey were being addressed by Democratic Services, the majority of which were completed following the launch of the councilor portal.

She also updated members on recent whistleblowing calls and informed the committee that the Audit Chair had been fully briefed on these.

Councillors asked questions on the discretionary policy for residents receiving the £150 council tax energy rebate payment. The Corporate Director Resources explained that there was a requirement for the council to have a discretionary policy for residents in bands E-H which would target residents in receipt of localised council tax support and other uses were being explored.

Following discussions on the Quality Assurance Improvement Plan (QAIP), the compliance of the PSIAS, and an update to the work of the Compliance team, the Audit and Risk Manager gave her annual opinion to members. She explained to members she was required to form an opinion on the adequacy and effectiveness of the council’s internal control environment. She was pleased to present a positive report to the committee in light of the effect of the pandemic and other challenges, such as the new hybrid-working arrangements. She said that improvements to their resources would have a positive effect on the PSIAS peer review in early 2023.

Her overall opinion was that ‘reasonable assurances could be given on the overall adequacy and effectiveness of the council’s governance risk management, and control processes’. The full opinion can be found at pages 31-32 of the report in the agenda pack.

In addition, the Audit and Risk Manager went through the risk management progress report for members. She told members that purchasing the risk management system (GRACE) enabled the team to automate the process and remove internal audit from the management and administration of risk, allowing them to give a more independent and objective opinion on the effectiveness of these processes.

Members considered the internal audit annual report, the risk management progress report, the strategic risk register and the ICT risk register.