Agenda item

SWAP Internal Audit – Progress Report 2021-22

The Internal Audit function plays a central role in corporate governance by providing assurance to the Audit, Governance and Standards Committee, looking over financial controls and checking on the probity of the organisation.

 

The 2021-22 Annual Internal Audit Plan is to provide independent and objective assurance on SWT Internal Control Environment. This work will support the Annual Governance Statement.

 

Minutes:

Alastair Woodland, Assistant Director – SWAP provided an introduction to the report: 

·                     The report provided an update on the Audit Plan progress and updated on any significant findings from work completed so far as well as any changes to the Audit Plan.  

·                     One limited assurance audit on data centres. A couple framework reviews were carried out around risk management and performance. These are crucial governance areas; a good level of assurance was given for both. The fraud risk assessment would be shared with the Committee in due course.  

·                     Regarding the data centres audit, the data centres had recently been refurbished and some aspects to support their safe operation were still being embedded. These recommendations and actions would be added to the tracker. There would be a follow up on this audit to ensure the recommendations were implemented.  

·                     For the procurement audit, which previously had limited assurance, a number of the recommendations were materially complete, but some final aspects needed to be implemented before they were complete.  

·                     The Committee were updated that one of the actions recorded as Priority 2 in the report was actually a Priority 3 action.   

·                     There had been follow up work on the grounds and maintenance audit. All actions and recommendations had now been completed.  

·                     There had been some changes to the audit forward plan which was a rolling plan. The data centre audit was brought forward. The ICT infrastructure review had been replaced by a management review may not be undertaken ahead of unitary.  

·                     Overall, the governance risk control was working relatively effectively, though, there were some areas for improvement.  

 

During the debate the following points were raised: 

·                     It was questioned about the location of the data centres. The SWAP Assistant Director responded that the major data centre was at Deane House, with a more minor one at West Somerset House.  

·                     It was asked about financial training not having been given to DLO staff when this was recommended previously. It was responded by the SWAP Assistant Director that the way of working and processes had changed meaning that there was less of a need for the training.  

·                     Concerns were raised about the delay to the GDPR audit and about health and safety only having limited compliance. The SWAP Assistant Director responded that the GDPR audit had been delayed but it was hoped the review would be completed in the next four weeks. The health and safety audit would be followed up in the new year. Senior management were looking to implement improvements as soon as possible.  

·                     Concerns were raised about GDPR and ensuring that measures are in place. It was responded by officers that specialist advice was being taken to ensure that GDPR was addressed well.  

·                     It was asked how internal audit would rate the Council’s ability to defend against cyber-attacks given the data centre having limited assurance. It was responded by the SWAP Assistant Director that a separate review on cyber security had been undertaken. The data centre was more about physical security.  

·                     It was questioned how realistic some of the target dates for achieving completion of actions were. It was responded by the SWAP Assistant Director that completion of actions in a timely manner was encouraged but changing priorities sometimes meant target dates had to be revised.  

 

The Committee resolved to note the recommendation in the report:  

2.1 Members are asked to note progress made in delivery of the 2021-22 internal audit plan and significant findings since the previous update in September 2021. 

 

Supporting documents: