Agenda item

The Committee considered a report which outlined the Risk Management, Business Continuity Management, Assurance, Internal Audit, Counter Fraud work being undertaken by the Business Assurance Team for the year ending 31 March 2023. Delivery of the Business Assurance work plans helped ensure that there was an appropriate governance and control framework in place and that risk management was embedded across the council to enable the achievement of set objectives.

Key points raised during discussion included:

·       In terms of risk management, the training programme continued to be rolled out and work was progressing on ensuring greater visibility of programme and project risks and ensuring they were captured and escalated as appropriate. This would be reported to the Risk Management Group in further detail.

·       The new framework was being implemented in relation to business continuity. There was a focus on cyber resilience and the development of a cyber resilience framework. As part of business continuity plans, it was being reviewed as to what level of assurance there would be for cyber security controls of any external partner.

·       There had been no significant changes to the internal audits since the time of the last meeting, given the short timescale, however these audits had continued to progress and would be reported to the next meeting of the Committee when finalised. The team had undertaken significant grant assurance certifications and would continue to do this in to 2023/24.

·       Appendix 1 summarised the internal audit activity and detailed those deferred to form the Q1 Internal Audit Plan (item 7 on the agenda). Some of these audits had commenced, whilst others were in the planning stage. These would be reported to either the July or September 2023 Committee meeting.

·       The full 2023/24 Internal Audit Plan would be presented to the Committee in July 2023. Members would be invited to comment on its contents and on any other area they feel would be of importance to look at.

·       Future plans for Council owned property were discussed, there were no plans for internal audit to look at anything specific at this time. The Finance and Resources Select Committee could choose to review Cabinet Member decisions made in relation to property and this may form part of their 2023/24 work programme.

·       Assurance was given that all IT audits deferred to 2023/24 would be delivered within quarter 1 of the year.

·       A Member asked for clarity on the proportion and responsibility level of staff who were undertaking risk management training. These details would be provided in the next update, along with data on the uptake of the risk management e-learning package. The Committee noted the importance of this training, as officers had often not taken account of the wider risk and reputational issues to the Council whilst undertaking projects in their day-to-day roles.

ACTION: Ms M Gibb to provide further information and statistics on Risk Management Training delivery.

·       In relation to the three vacant posts within the Business Assurance team structure, the Committee was advised that the Assurance Lead post would be re-advertised, whilst the Senior Auditor was acting up into the Audit Lead role, with their role being backfilled through the arrangement with Mazars. The advert for the Fraud Officer was live and a further update would be provided at July’s meeting.

RESOLVED:

That the report be noted.