Agenda item

The Committee considered a report which outlined the Internal Audit, Risk Management, Assurance and Counter Fraud work being undertaken by the Business Assurance Team for the year ending 31 March 2023. The Council continued to work towards a combined assurance model, with Internal Audit operating as the third line of assurance. The 2022/23 Internal Audit, Risk Management, Assurance and Counter Fraud work plans were produced with reference to the strategic and directorate risk registers; and informed through discussion with Senior Leadership Teams for each directorate.

During discussion, key points highlighted included:

·   Recruitment to the new Business Assurance team structure, as seen on page 88 of the reports pack had been successful and just two posts remained vacant, both of which had recruitment processes underway.

·   A summary of the Business Continuity Management (BCM) function was detailed on page 91 of the reports pack. The new Resilience Framework and Standards pack would be presented to the next meeting of the Committee along with the Risk and Business Continuity Management Strategy.

·   From the approved plan, there were seven audits that had been recommended for deferment with the rationale behind each detailed in the report.

·   There were nine overdue management actions, although it was noted that based on discussions with lead officers most actions were expected to be closed by the end of February.

·   The Committee congratulated officers both in terms of progress, low deferral numbers and for the successful recruitment to the new structure.

·   A Member raised reservations around the three IT audits deferred due to the significance of the area and increasing risks to the Council. The Committee was advised that disaster recovery and backups were still operating across multiple networks which should they be audited would impact on legacy IT teams dealing with the challenges of the new network migration. Assurances had been given by the Service Director that they do want the audits to take place during 2023/24. The Member advised that resourcing should not be a reason to defer this audit and suggested senior management reflect on the decision.

·   In relation to the housing and regulatory audits, it was explained that resource had been allocated to these, and the deferment had been related to capacity within the Business Assurance Team. There had been no pushback from the service area.

·   In respect of the AURA programme deferments the team would work alongside the project to provide assurance as the project develops and would have visibility of the transition plan risks which would enable future work to be planned.

·   It was confirmed that the SEND Ofsted Improvement Plan Assurance was still on schedule to be undertaken, it had not commenced at an earlier time to allow the team appropriate time to demonstrate that improvements were on track and were sustainable. The RAG rating of each audit reflected the different processes, volume of transactions and administration controls around transactions and payments.

·   The Organisational Resilience Delivery Group would be meeting for the second time the week commencing 6 February and it was confirmed that the governance structure had been established.

·   It was clarified that the Winter Framework Cell was formed from representatives from each directorate and they discussed key risks in their respective areas. The team provided assurance checks and if there were consistent issues provided a unified approach to resolve them. Lessons learnt were acted upon continuously.

·   The Chairman highlighted that during the course of the Budget Scrutiny Inquiry Group sessions held in January it became apparent that the proposed budget for demand led legal processes had been increased substantially due to the ever increasing demand. It was queried whether the low RAG rating should be higher.

RESOLVED:

That the report be noted.