Agenda item

Report of the Audit and Risk Manager, Karen McLellan.

Presented by the Audit and Risk Manager, Karen McLellan.

Papers to follow.

The Audit and Risk Manager, submitted a report recommending that the committee review the progress in relation to the 2023/24 audit plan and risk management, and for the committee to consider the progress against the action plan resulting from the 2022/23 Annual Governance Statement (AGS).

The Audit and Risk Manager introduced the item. She told members that this was her six-monthly update from April – November 2023 on the Internal Audit plan. All audit work was now being completed, partly by the in-house team and also by the Lancashire County Council internal audit team.

She directed members to pages 63-73 of the agenda pack. This showed the audit work completed to date, as well as work still to be completed. All completed audit reports, when finalised, were and would be circulated to members.

She also directed members to other work being undertaken by internal audit. This included the NFI, addressed at agenda item one, and the peer review of the internal audit team. The independent peer review of the internal audit service had been completed in July 2023 and full compliance  with the Public Sector Internal Audit Standards (PSIAS) was achieved. A report had been issued on this, together with an action plan detailing minor actions; members could review this on the Councillor Portal.

The Head of Governance and Business Support (and Data Protection Officer) addressed members on work undertaken in regards to Information Governance. She told members that this was a six-monthly update to members on the council’s compliance with the Data Protection Act 2018 and UK GDPR. Most of the GDPR work was done in-house by the Information Governance Team, which had limited capacity. A limited assurance opinion had been given previously by the Internal Audit team following a recent audit review; this was mainly owing to the refresh of the Information Asset registers, of which work was still outstanding due to the limited resources needed to complete this. She hoped that this would be completed within the next 12 months but noted this might be an optimistic timescale.

Members raised questions over the council’s capacity to answer Freedom of Information Requests (FOIs) and a new ICT system.

The Head of Governance and Business Support responded that the nature of FOIs meant that capacity was an issue. However they were hoping for additional resources to address this. They also needed to review the process to include the provision of datasets to lessen administrative work when answering repetitive or similar requests.

In terms of the new ICT system, the council’s disaster recovery solution system, it was noted that the procurement of this system was part of the council strengthening its cyber resilience framework and provided the council with 24/7 live monitoring off all the councils data traffic.  The Audit and Risk Manager drew members’ attention to pages 75-77 of the agenda pack. There had been no reports of suspected money laundering during 2023/24, three registrations of gifts or hospitality by officers and two whistleblowing investigations. Further updates detailing the outcome of these investigations would come before members once finalised. She also reminded members that copies of the council’s risk registers were available on the Councillor Portal.

In terms of the Annual Governance Statement (AGS) action plan, this had been published late and paper copies had been distributed at the meeting.

The Head of Governance and Business Support explained to members that the AGS had been presented to them in June 2023; there had been a number of issues reported, and the original action plan would later be published on the Councillor Portal for members to review. Typically, updates to this action plan would come before committee in November, and in future would push for officers to complete the action plan more quickly.

Members noted the internal audit progress reports.