72 Q4 Internal Audit Report PDF 129 KB
Additional documents:
Minutes:
The Section 151 Officer presented the Q4 Internal Audit Report on behalf of the Head of Internal Audit and Risk Management. Members heard that the Internal Audit Plan was 99% complete as of 12 April 2024, and the audits were now 100% complete. Three audit reports had been issued on Procurement, ICT Incident Management, and the Levelling Up Fund Phase 2. The ICT and Levelling Up audits were rated substantial, and the Procurement report had received a limited opinion. There were two assurance reports that were in the draft report stage relating to Performance Management and Financial Key Controls.
The Section 151 Officer assured Members that the Procurement report was the first and only limited assurance review for West Lindsey. The Council had requested for this area to be revisited by the new Internal Audit team in 2024/25 to ensure actions had been implemented and progress made. Some of the issues raised in the report related to updating the Council’s Contract and Procurement Procedure Rules (CPPRs) in line with the new Procurement Act 2023, ensuring that resources were in place, compliance with procedure rules, and document management
Members discussed the report and felt that the limited assurance rating was inappropriate and too severe a rating given the ongoing work planned between the Council and Procurement Lincolnshire. Members questioned if Officers had challenged this rating and the Section 151 Officer responded that this was challenged during the audit process and the Council were busy implementing recommendations, making improvements and working on other outstanding audits. Members asked a question surrounding assessing cybersecurity and the Section 151 responded the Council was not ISO 27001 compliant yet and were not able to test controls at present and the statement had been amended to reflect this position.
The Chairman requested the Director of Operational and Commercial Services be invited to the next meeting of the Governance and Audit Committee to provide assurance in the Council’s Procurement processes. The Chairman also asked Internal Audit (RSM) could report all audit actions within the report, low, medium, and high, with explanations included for Member’s understanding. Aaron Macdonald, RSM Manager confirmed this could be included in Internal Audit reports going forward.
RESOLVED that Members considered the content of the report and identified any actions required.