Members considered the Internal Audit Draft Annual Plan Report for 2021/2022 based on assurance mapping and risk assessments across the Council’s critical services.
The following points were highlighted by Assurance Lincolnshire:
· Planning processes behind the draft plan were outlined within the report, and assurances were drawn together from a number of different sources;
· All work was carried out in line with Public Sector internal audit standards. It was not possible to look at all areas of work so there was a focus on areas of highest risk. Any postponed work had been pushed into next year’s planning;
· Council management had been assisted with Housing Benefit subsidy testing.
Members then asked questions of Assurance Lincolnshire. Further information was provided:
· In general governance processes at the Council worked well, and this wasn’t just down to one individual. If staff move on there are a number of checks and balances, such as statutory officers, internal audit, and external audit;
· There was a follow up audit on culture and ethics this year that received full assurance;
· More detailed work had taken place on the ICT audit risk and assurance. Cyber security was a huge risk.
The ICT plan was flexible, and work takes place with management throughout the year so any changes within ICT can be addressed. Where possible, the ICT plan would be combined with North Kesteven District Council as the two ICT departments were linked;
· In the worst case scenario where all IT failed, there were several spare copies of the Council’s disaster recovery plan.
The report was moved, seconded, and following a vote it was unanimously RESOLVED to:
(1) Approve the contents of the report and be assured that the plan provides robust coverage of the Council’s critical areas and services;
(2) Note the content of the report related to the ICT Audit Plan.