Agenda item

SWAP Internal Audit - Outturn Report 2020-21


The SWAP Assistant Directors introduced the report and provided an update on Cyber security work undertaken


The Internal Audit function plays a central role in corporate governance by providing assurance to the Audit, Governance and Standards Committee, looking over financial controls and checking on the probity of the organisation.


The 2020-21 Annual Internal Audit Plan is to provide independent and objective assurance on SWT Internal Control Environment. This work will support the Annual Governance Statement.


The report summarised the work of the Council’s Internal Audit Service and provided:-


 · Details of any new significant weaknesses identified during internal audit work completed since the last report to the committee in March 2021.

· A schedule of audits completed during the period, detailing their respective assurance opinion rating, the number of recommendations and the respective priority rankings of these.


The Internal Audit Outturn Report for 2020-21 was contained within the attached SWAP Unrestricted Report.


During the debate the following comments and questions were raised:-


·         Risks around sending emails to personal email addresses were considered.

·         This was dependant on what the content of the emails and personal responsibility of the data which is sent.

·         Awareness of content being circulated and using secure emails was a key part of security awareness training for Officers and Councillors.

·         Recognising scam emails from local authorities was discussed.

·         DLO external work and income recovery detailed on page 34 was considered. More information was requested in relation to this and how this would be dealt with. Progress against recommendations would be reported to follow up on risks.

·         Different types of cyber-attacks were considered and the risks to the organisation as a result.

·         Issues in relation to disaster capability and back up had been highlighted by Audit and in the Governance review. Work was ongoing with ICT and their capabilities in addressing this.

·         Debtors review for 2019-20 set out on page 36 highlighted control weaknesses and action had been taken in this area. Billing invoicing arrangements were now considered more robust across all areas.

·         The 2021/22 audit plan included other reviews, some were not to be conducted until the end of the year due to Covid-19. This included a report in relation to transformation benefits across the authority. It was requested that the committee were informed if this was likely to be considered after September.

·         It was questioned if there should be concerns in relation to advisories.

·         There would be a benchmarking review across all partners.

·         The Audit Committee needed to be confident on security measures around cyber-attacks. The audit plan had changed due to an increase of advisory work as a result of the Covid-19 pandemic.

·         The security risk of discussing confidential information on Zoom was discussed.

·         A cyber security session could be offered by SWAP which would complement the work of the governance review well.

·         Proposed by Coles and seconded by Lloyd:-

·         Resolvedthat the press and the public be excluded from the meeting for the end the debate of item 8 as the items contained exempt information as defined in Paragraph 3 of Part 1 of Schedule12Ato the Local Government Act 1972, and the public interest in withholding the information outweighed the public interest in disclosing the information to the public.

·         A brief discussion took place in relation to Audit plan activities that were still outstanding and therefore could not be discussed at a public meeting.



The Committee noted progress made in delivery of the 2020-21 internal audit plan and significant findings since the previous update in March 2021.

Supporting documents: