(Chief Internal Auditor) To consider the attached report (AGC-010-2017/18).
The Senior Auditor, Ms S Linsley introduced the internal audit monitoring report (June to September 2017) updating members on the work completed by the Internal Audit Shared Service. She noted that good progress was being made against the 2017/18 Audit Plan and an additional audit had been included for this year to follow up the Health and Safety at Townmead Depot audit which was carried out in September 2016.
The report gave a summary of the audit reports issued since the last update in June 2017. These reports were about:
· Fire Risk Assessments – audit reviewed the policies and processes around the Fire Risk Assessments (FRAs) in Council owned residential blocks of flats and communal areas. It was found that properties requiring FRAs were complete and accurate and completed within agreed timescales. Following the Grenfell Tower incident, FRAs will now be undertaken every two years in all Council owned residential blocks.
· Cyber Security – this was a non-technical audit designed to assess the adequacy of the Council’s framework in relation to both internal and external cyber threats. It was found that the security of the Council’s computer network and servers was well managed and there were effective controls in place to detect unauthorised access and suspicious activity. Cyber awareness training was given to new staff and refresher training and security updates ensured existing staff are kept informed of current threats.
· Planning Applications Processes – this reviewed the processes around the external publicity of planning applications submitted to the Council and checked that planning applications were determined in accordance with the Council’s Scheme of Delegation. They recommended that the relevant polices, procedures and the Scheme of Delegation were reviewed ahead of adoption of the Local Plan to identify any areas where efficiencies can be made in order that processing times were not affected by any increase in the number of planning applications.
Another item that Internal Audit was involved in was the General Data Protection Regulation (GDPR) working party. In May 2018 the Council will be required to ensure compliance with the principles of the new GDPR legislation and work was in hand to ensure the Council was compliant with the new requirements. Internal Audit was playing a key role in the preparation of a Council-wide Information Asset Register. This involves identifying the Council’s information assets (manual records and electronic information) to ensure personal data was recorded and used responsibly.
Internal Audit was also actively involved in improving risk management processes throughout the Authority and as part of this work has revised the risk management strategy. They were also involved with the Corporate Fraud Team and the work they were doing.
Ms Linsley was asked who carried out the fire risk assessments for the Council. She replied that the high risk properties assessments were carried out by a specialist fire risk firm; the lower risk properties assessments were carried out by Council Officers.
She was then asked if the council needed evacuation plans for its sheltered accommodation sites. She responded that the current risk assessments would pick up on details like this. Mrs Marsh added that she would consult the relevant officers about this.
Councillor Knapman asked about the planning application process, as Internal Audit had said that these processes were operating satisfactorily, but he tended to disagree and wanted to know who she had spoken to. Ms Linsley said they looked at the publicity relating to site applications etc. and its relation to Council Policy. Councillor Knapman then asked if they looked at the length of time it took to make a decision and noting they tended not to make a decision until the last moment that they were allowed, or people were asked to withdraw their application so the clock started again when they re-applied. Was there a culture of delay here? Ms Linsley said that they did not look at the processing times, although they did look whether planning applications were determined in line with the scheme of delegation. They found that if it was referred to Committee then it would take longer and that this Council referred more applications to Committee that other councils. Councillor Knapman was happy for things to be referred to committee but would like them to look at the delegation procedure and if delegation actually sped things up. Also he would like to see how the public could make contact with planning officers as it appeared to be more difficult theses days. He agreed that efficiencies could be made to deal with increases in applications.
Mrs Marsh responded that he was asking for a specific piece of work but they looked at work on a risk basis and would have to look at what the specific risks for the Council were, also they have set out their programme for the year so could not promise to take on this piece of work, but they would look at it. Councillor Knapman responded that the whole point of audit was that members could ask Internal Audit to look at things that they thought should be looked at.
Councillor Lion noting the fire risk assessment item said that he had visited some of the blocks of flats in conjunction with the portfolio holder after the Grenfell Tower incident and noted that the fire evacuation routes were not clearly marked and the shared spaces had items placed in them by the residents; something to note for the future. These things had been picked up and were being dealt with. Also, our cyber security was good and there was new IT strategy being considered at present. And lastly on the planning process, one of the things that would be of interest would be planning enforcement and how that was carried out in relationship to planning applications. This maybe something for a future programme.
Councillor Patel asked if the Covalent system was proving useful to audit. Mrs Marsh said that as a project management system was really good and enabled them to monitor projects just by checking the system. It saved time and enables them to focus in on what mattered.
Mr Jarvis noted that there was an earlier item on waste, was there a specific contract management group in the council that was looking any lessons that were learned or does each service manage its own contract. Mrs Marsh said that each service manages its own contract and that was part of what she did was to go around and talk to people and if she saw things that were going wrong or not work as they should do, then that would be a reason for putting it on the audit programme. Mr Jarvis noted that contract management was a specialist skill that some service managers may or may not have.
Councillor Lion noted that this was a new part to his portfolio and that Internal Audit were a tremendous asset to the Council and the fact that we were auditing on a regular basis was a valuable service and he would like to thank the whole team for doing this. Also the corporate fraud team were doing a tremendous job, and we were making some really good inroads into this area. It was a very valuable service.
That the Committee noted and commented on the progress made against the 2017/18 Internal Audit Plan and the summary of the work of Internal Audit and the Corporate Fraud Team for the period June to September 2017.