Agenda item

To receive and consider the report of the Head of Audit and Risk.

The Senior Auditor presented this report which provided an update on the work undertaken and ongoing in respect of the Internal Audit Plan (September 2023 – December 2023)

As outlined within the report, the Committees attention was drawn to the two reviews that had been given a ‘limited’ assurance rating, those being related to the physical security and environmental controls and also staff driving licence checks. It was noted that short deadlines for the completion of audit actions had been agreed to ensure areas of concern were addressed as soon as possible. The Director of Customer and Digital, the Head of HR and the Head of Property and Development were introduced to respond to any technical questions the Committee had.

Regarding the performance of the audit team, the Committee were provided reassurance that they were on track to deliver the Internal Audit Plan and satisfaction survey results remain high.

Questions were asked about the significant concerns around the security of the council’s ICT systems and sought assurances that actions would be completed by the agreed timescales. The seriousness of the issues highlighted within the report were acknowledged and in response, Members heard that progress had already been made in terms of sourcing specialist contractors to carry out the required work and was expected to be completed by the end of March 2024. Several aspects had already been actioned with regards to protocols around security alarms and building access. Clarification was provided with regards to fire suppression measures mentioned in the report, with additional staff training been arranged. Further work was also highlighted around CCTV which was underway following a new contract being agreed recently. Cost implications were being assessed as part of the project to complete the agreed audit actions with a further progress update at a future meeting welcomed by the Committee. Moving forward, a formal risk register was now in place which could be better monitored and managed, with risk management training undertaken with new starters and teams on an ongoing basis.

Responding to a query whether heat and energy produced from server rooms could be harnessed for use around the building, the Committee were informed that the increased use of cloud based external servers had reduced the overall need for on site servers, and advancements in technology meant that servers were generally much more efficient in their energy consumption.

Responding to queries raised regarding missed quality checks identified in the council tax review, it was noted that staffing changes and a period of transition as the two customer services teams became shared had been a factor but these checks had now been reintroduced.

Members were reassured that no areas of concern had been raised by the checks of staff driving licences, however the review had triggered a review of wider issues to consider such as insurance with updates to policies being made where appropriate.

On GDPR compliance it was noted that this was an ongoing process due to staff turnover with acknowledgement there may have been lapses, however improvements in this area had been demonstrated.

Resolved:

That the Committee note the current position with regard to the Internal Audit Plan.