This report provides an update on key findings emanating from Internal Audit reports issued since the last quarterly progress report.
Minutes:
The Committee considered a report providing an update on the key findings emanating from the Internal Audit reports issued for the period 1 April to 30 June 2023 (Quarter 1).
The report summarised the findings, recommendations and management actions that had been put forward for each audit review and stated the overall assurance opinion level given by the Internal Audit team. A total of seven audit reviews had been finalised in the period with two receiving substantial assurance opinions and two receiving a limited assurance opinion. The specific areas looked at were:
The audit of Housing Repairs had identified several areas with scope for improvement, caused by a lack of compliance and inconsistencies with various processes followed. In relation to Cyber Security, the audit identified that there were weaknesses in the internal configuration of the ICT estate. The Executive Director of Resources reported that the results of the Cyber Essentials Plus Audit would be available in the next couple of weeks and the outcome of the Future Government Audit, which was a more in-depth trial with central Government and other local authorities, was expected to be received in the next few months.
The report also detailed the audits that were currently in progress and gave a summary of
investigations work that had taken place between 1 April and 30 April 2023.
Resolved:
(1) That the audit findings be noted, and the recommendations and management action underway, as set out in the Internal Audit & Investigations Quarter 4 Update Report, be endorsed;
(2) That the Assistant Director for Housing & Communities be invited to attend the next meeting on 27 September 2023 to reassure the Committee that progress had been made to correct deficiencies in the Housing Repairs processes that had been identified by Internal Audit as requiring improvement;
(3) That a composite Cyber Security report be submitted to a future meeting within the current Municipal Year, bringing together the information included within the Strategic Risk Register and Audit Recommendations tracker reports and feedback from the Cyber Essentials Plus and Future Government Audits and the internal audit follow-up assessment if it had been carried out.
Supporting documents: