Agenda item

This report provides an update on progress made in delivering the internal audit workplan for 2018/19 and on current counter fraud activity.

Members considered a report providing an update on progress made in delivering the internal audit work plan for 2018/19 and on current counter fraud activity. The Head of Internal Audit attended the meeting to present the report and answer Member questions.

They stated that the external assessment discussed in the report was undertaken every five years and involved an external assessor reviewing internal audit working practices. This had been completed and the report would be presented the next Committee meeting. Confirmation had been received that Veritau ‘generally conform’ with public sector internal audit standards.

In response to Member questions they stated:

·        They would expect that the March 2019 Audit on ICT & Cyber Security would cover the recent data breaches, however they were awaiting the results of the ICO investigation and work done by the data protection team. It would be helpful to consider those findings in order to give the Committee assurances around the actions to be taken;

·        The previous audit on arrangements around Cyber Security was given substantial assurance. This would not have looked at every app and system but at high level arrangements;

·        When areas are audited follow ups are always undertaken. Where there are any issues of non-compliance they are raised with senior managers and if Veritau then had concerns they would be raised at this Committee. It was often the case that Veritau were satisfied that there was a genuine reason for actions not being completed on time and a revised target date would be set. If it did not seem the issue was being addressed in a timely manner then the issue would be escalated;

·        The sickness absence report to Executive was not an just audit issue but a wider issue as to how CYC had dealt with sickness;

·        At this point in the year 15% of the audit plan for the year was complete. This was based on audits completed and reports already drafted. This figure changed yearly as there was always a mix of audits, which also differed in length and complexity. They were still on track to complete the plan by the end of the year; and

·        The plan was always to deliver 100%, but 93% is was the target they are were judged on. There are also some factors outside of their control.

Members expressed concern over detail contained in the report ‘Overtime 2017 – 2018’, particularly on the working time directive and potential timesheet fraud. It was agreed this would be considered in more detail at this committee or Customer and Corporate Scrutiny Management Committee (CSMC), this would be discussed with the relevant Chairs and added to the work plan.

Resolved:  

1.   That Members are asked to note the progress made in delivering the 2018/19 internal audit work programme, and current counter fraud activity.

2.   That the Internal Audit Report ‘Overtime 2017 – 2018’ be given further consideration at either Audit & Governance Committee or Customer and Corporate Services Scrutiny Management Committee (CSMC) in relation to:

a.   The working time directive

b.   Potential timesheet fraud

Reason:     To enable Members to consider the implications of audit and fraud findings.