To consider the report attached as Appendix D coloured blue.
Contact Officer: Evelyn Kaluza (01296) 585549
The Committee received a progress report on assurance work activity undertaken against the 2015/16 Assurance Plan since March 2015 and the following matters were highlighted:-
(i) Assurance / Project Delivery reviews completed since the last progress report:
· Data Transparency Code – Limited Assurance.
· 2014/15 Oyster Travel Cards – Substantial Assurance.
· 2014/15 Payroll – Substantial Assurance.
· 2014/15 Car Parking Income – Substantial Assurance.
· 2014/15 Treasury Management – Substantial Assurance.
· 2015/16 Depot Fuel Management – Substantial Assurance.
For the Data Transparency Code, a limited assurance meant that the review had identified some concerns on service delivery arrangements or the controls in place to manage identified risks. As such, the risk of the activity not achieving its objectives was medium to high.
In addition one Project Delivery Review on the Right Here Right Now project had been undertaken and had been given an Amber/Green rating (i.e. successful delivery appeared probable, although constant attention would be needed to ensure risks did not materialise into major issues threatening delivery).
(ii) Assurance Reviews Follow-up:
New Finance Software – the new finance system (Tech One) had gone live on 1 June 2015. The main internal control changes implemented that could be demonstrated as working were the procure to pay process and to a limited extent the contract payment process. (These would be subject to detailed testing in October 2015)
There were still a number of outstanding control issues which the Finance Team had not yet been able to demonstrate were working in the system to the satisfaction of Business Assurance.
The list had been reviewed by the programme board on 14 July 2015 and dates had been set for improvement actions to be completed. Without these basic controls in place and operating would likely result in a significant amount of extra testing by both Business Assurance and External Audit to provide the assurances that determine the audit opinion over the statement of accounts for 2015/16.
(iii) Assurance Plan Work in Progress – the following work from the 2014/2015 plan had started:-
· 2014/15 Policy Compliance – The contract for software had been agreed and the project implementation started. It was expected to go live in September 2015.
· 2015/16 Section 106 Agreements – the field work was complete and the draft report was being written with a view to it being finalised by the end of July 2015.
· 2015/16 Taxi Licensing – the terms of Reference hade been issued and the fieldwork had started. The target date for completion of this review was mid-August.
· 2015/16 Conference Centre income – the terms of reference had been issued and the fieldwork had started. The target date for completion of this review was mid-August.
(iv) Service Risk Assurance 2014/15
A summary of the results of the service risk assurance process for 14/15 were attached as Appendix 3 to the Committee report. The results were used to identify areas of weakness to be reported in the Annual Governance Statement.
Business continuity and information security had been identified as showing a number of “amber” ratings from the self assessment which would need to be followed up.
(v) Overdue Audit Recommendations and Tracker – All assurance reviews were followed up at an appropriate point in time to ensure that agreed management actions had been completed. Further follow-ups were undertaken on outstanding actions and where these were six months overdue (or more), they were reported to the Committee.
The Business Assurance Manager did not close cases until she was satisfied that the management control was fully completed or in operation. A further date was then set to review the item again.
A summary of the reviews completed in 2013/14 and 2014/15 was detailed at Appendix 2 to the Committee report, with information on recommendations over 6 months old which had not already been mentioned on Follow Up work detailed at Appendix 4.
(vi) Business Assurance Customer Feedback – the results were provided of the customer feedback surveys for reviews undertaken during 2014/15, which clearly indicated high customer satisfaction with the service. The results were reported as part of the annual review of effectiveness of internal audit in the Annual Business Assurance Manager’s Report, under the headings staff performance, conduct of reviews and reporting.
(vii) Response to Ernest and Young (EY) Briefing for Audit Committee – Each quarter EY produced a briefing note aimed at Local Government Audit Committees. At the back of the latest briefing note (attached as Appendix 5 to the Committee report) was a set of questions which the Audit Committee should ask of their Officers. Responses to these questions were provided as part of the progress report.
Members commented or sought clarification around a number of issues including the following:-
· An explanation was given by the Business Assurance Services Manager of the graphical presentations showing the results of the service risk assessments and the effectiveness of the controls put in place. It was acknowledged that there was potential for making the information easier to digest.
· Again, it was confirmed that major capital projects each had individual risk registers.
· It was confirmed that the information obtained via the risk management and service risk assurance process was used to inform the budgetary planning process where this was considered appropriate.
· The Business Assurance Services Manager confirmed that existing staffing resources were such as to manage existing programmes of work and that if considered appropriate there was sufficient flexibility within the budget to buy in external expertise as and when required.
· It was confirmed that the gaps in the transparency data would be on the new web site by 31 August 2015. The exception would be the land and property register which required a further technical solution.
· It was confirmed also that details of the hits on the Transparency pages of the new web site could be reported to the Committee at its January 2016 meeting as part of the regular Business Assurance progress reporting.
· It was noted that a full update on risk management would be provided for the September meeting of the Committee, including a briefing prior to the Committee.
That the progress report be noted.