51 Internal Audit Quarter 3 Report 2023/24 PDF 247 KB
Additional documents:
Minutes:
The Head of Internal Audit presented the update report for quarter 3 which detailed the progress made and work undertaken to date on the Internal Audit work plan. The team had completed 79% of the plan and there were four audits in progress relating to procurement, performance management, ICT incident management and levelling up fund phase 2. There was also a combined assurance audit that had been requested by Management. The outstanding key controls audit would be taking place at the end of January, and this would feed into the Head of Internal Audit’s opinion on governance, risk and controls. In agreement with the Director of Corporate Services, the Safeguarding Policy had been removed from the Internal Audit plan and more time had been allocated to Financial Key Controls testing with a focus on cash and cash receipts. There were three outstanding medium actions relating to key controls and contract management. The Head of Internal Audit gave assurance that it was anticipated the work would be completed by the end of March 2024 and would be brought back to the next Governance and Audit committee meeting.
Members discussed storage and back up of data in the instance of a cyber security threat. Members asked for assurance surrounding IT equipment and cyber security. The ICT Manager explained the nature of cyber-attacks and the impact of wars and conflict internationally. The Council was continuing to change measures to counteract cyber security threats. Members were pleased to see the actions being taken in line with the 10 steps guidance from the National Cyber Security Centre. The ICT Manager shared that all staff had received training and were the council’s first line of defence in any instance. There were also plans to move away from passwords to facial recognition technology to enhance security.
Members asked questions relating to the percentage of completed internal audit work and the overdue medium actions. The Head of Internal Audit responded that the percentage demonstrated the work completed which was based on the days and time allocated to complete audit work. The Section 151 Officer added that some of the incomplete actions related to key control testing and a meeting had taken place with a software company and consultants were providing advice on some issues to enable the actions to be closed down.
RESOLVED that having not identified any further actions required the Internal Audit Quarter 3 report be received.