Agenda item

Amanda Stanislawski, Audit Manager:

a.    presented an update to Audit Committee on outstanding audit recommendations including recommendations over 12 months old.

b.    referred to Appendix A attached to her report which provided details of relevant audits, outstanding recommendations, agreed actions and the current position/explanation from the service manager

c.    explained that within the report there were 4 actions which were overdue and which had requested extensions. As per the revised protocol all extensions had to be approved by the relevant Director and at the time of writing the report these had not been received. These included ICT Anti-Malware, Housing Allocations and Safeguarding

d.    invited members’ questions and comments.

Question: Asked if Officers required the Committees support in progressing the overdue recommendations.

Response: It was felt that it was not required at the moment as the ICT Anti-Malware overdue recommendation had been addressed via a final extension to the end of March. If support was required it would be brought to the attention of the Audit Committee.

Comment: Expressed concern that due to all of the staffing and control issues, there could be potential for something to go wrong across the organisation. This was not just an issue at the City Council but across all of the public sector.

Question: Asked if this issue would be eased if recruitment to the team was successful.

Response: It would address the issue within the Audit Team, when fully staffed there would be capacity to chase outstanding recommendations and find out why they had not been completed.

Comment:  Referred to the ICT Anti-Malware recommendation and commented that the deadline was 2 years ago and that the ‘short document’ required was not a large piece of work. It was suggested that the responsible Officer be invited to attend Audit Committee if the recommendation had not been completed 7 days before the next Audit Committee which would be held on 31^st January 2023.

Comment: Referred to paragraph 3.1 of the Recommendation/Agreed Action Follow Up protocol and commented that the paragraph was ambiguous in the way it was written and could be interpreted that extensions should be approved. It was suggested that the wording be amended to read “Directors will consider and approve extensions where appropriate”

Question: Referred to the “Review and update the incident management policy and procedure” in relation to the ICT Anti-Malware Audit and asked if the resource had been found to progress this.

Response: The East Midlands Warning, Advice and Reporting Group (WARP) were responsible for this and there was a lack of resources within the group. The group was not controlled by the City Council.

Question: Referred to the Office 365 Audit and asked if there was a date for completion.

Response: The date for completion was June 2024, due to the amount of time it would take for the migration of the data.

Question: Referred to the Creditors Audit in relation to the action “ Review and approve authorising officers on Aggresso” and commented that the action was overdue and asked if this had now been completed.

Response: An answer would be circulated following the meeting.

Question: Referred to the Housing Allocations Audit in relation to the action “Annual Review of Allocations” and asked what was the testing phase and how had it delayed the implementation of the live system.

Response: An answer would be circulated following the meeting.

RESOLVED

1.    that updates on Audit Recommendations older than 12 months be noted.

2.    that the requested extensions be approved

3.    that the responsible Officer for the ICT Anti-Malware Audit be invited to attend Audit Committee if the recommendation had not been completed 7 days before the next Audit Committee due to be held on 31^st January 2023.