Minutes:
The Head of Audit introduced the report, as set out in the agenda pack, highlighting that a lot of the work, for the last financial year , was finalised in the first quarter of this financial year,
In summary for all audits completed, four were assigned to substantial assurance, six were assigned to adequate assurance, and four for limited assurance. The Head of Audit continued to outline the 4 services that received the limited assurance: Health and Safety, Brokerage , IT disaster recovery and management of triage related arrangements for safeguarding. In addition, there were audits completed in four schools, with three of the schools receiving adequate assurance and one limited assurance. Fuller details on the findings of these reviews were already provided in the July report to Corporate Committee.
In response to a question from Cllr Ejiofor, schools would be audited once every four years as a minimum with some schools audited more frequently. These would likely be schools that may been assigned limited assurance or nil assurance.
The Head of Audit reported that the number of schools getting limited or nil assurance had decreased in the last financial year. Around three years ago, there had been an intensive programme of work from the Local Authority and audit team to help schools understand the requirements of good financial management. This guidance was continuing with meetings being held with headteachers, governors and business managers on a 6 monthly basis to continually set out the Council’s expectations on financial management and use of public funds.
The Head of Audit set out the findings of the limited assurance audits and the committee noted the following:
With regards to the health and safety findings, where people were trained on health and safety , there needed to be accurate record of training and plan had been put in place to change the system with a new system expected to be implemented in December/ January. There was a good risk assessment template , however guidance was needed on how to better use the risk assessment and ensure regular review of the assessment to ensure nay key issues arising were followed up and implemented. The third area considered on health and safety was that there were a few health and safety policies in place to drive the work of the health and safety team and these needed to be refreshed.
The Brokerage team assisted both Children’s Services and Adults Services with care placements. With regards to Adults service area, the risks identified related to: placement policy procedures, the need to ensure purchase orders were raised properly at the start of the assignments, the need to retain evidence for approved placements by the manager, demonstrate cost of the placement and offer an evaluation, of how, that compared with other placements. The Committee also noted that for Children’s service placements there was a need to have in place: the policy and procedure guidance retention of documentation, a system of quality assurance so that when placement was made there was a mechanism to ensure that placements were to an adequate standard.
The IT disaster recovery findings related to completion of arrangements and plans for tests in the event of a disaster. The Audit Team found that plans had not been tested as well as it should have been at the time of the Audit. The additional issue had been how the IT response plan aligned to the Council’s business continuity planning arrangements and need to have a priority listing of actions . The third area considered was the reporting the findings of tests back to the services so there was better connection with the service in case there was a need for the disaster recovery plan to be invoked.
In response to questions from the Chair, and Vice Chair the following information was provided:
· The areas that had received limited assurance, Audit would revisit these recommendations every 6 months with some revisited sooner, depending on the priority of the recommendation. It was noted that limited assurance areas would be prioritised for earlier review. The Annual Audit report also reflected the review of the implementation of Audit recommendations and if the recommendations are not implemented , the Head of Audit would raise concerns with the Director.
· The importance of reviewing the implementation of the recommendation on the IT disaster recovery sooner given the reliance on services for IT and taking into consideration the recent cyber-attack on Hackney Council’s data system.
· The recommendations arising from the limited assurance findings of the safeguarding of Adults triage function were connected with the audit trail of how decisions are made and implemented.
· It was noted that right to buy applicants would need to complete a due diligence form which is part of the money laundering regulations. Following receipt of this information, each application would be risk assessed. Audit would then carry out an investigation on those areas with concern and request additional information from the applicants. It was suggested that the language around this be updated to reflect this with applications advised as being ‘considered’ instead of ‘investigated.’
RESOLVED
To note the activities of the team during quarter one of 2021/22.
Reasons for decision
The Corporate Committee is responsible for monitoring the effectiveness of the Council’s Internal Audit Strategy; policies on Anti-Fraud and Corruption and receiving assurance with regard the Council’s internal control environment and mechanisms for managing risk. In order to facilitate this, progress reports are provided on a quarterly basis for review and consideration by the Corporate Committee with regards Audit and Anti-Fraud.
Alternative options considered
Not applicable.
Supporting documents: