Report of: the internal auditor BDO

Purpose of report: to inform the Committee on progress on those recommendations raised by Internal Audit which are due for implementation.

Recommendation: to discuss and note the report.

The Chair took this item first.

The Committee considered the report of the internal auditor BDO setting out progress made on those recommendations raised by Internal Audit which are due for implementation

Greg Rubins, internal auditor, reported that, of the 25 recommendations due for follow up, 18 were now complete. Of the 9 incomplete recommendations it was expected that Cyber Crime (Information Security Policy) and Cyber Crime (General Data Protection Regulation) and Accounts Payable / Barclaycard were on target for completion.

ICT Service Desk

The Head of Business Improvement and the newly appointed Chief Technology and Information Officer were present to brief the Committee on the progress of the restructure of the ICT Service Desk.  The restructure was now largely complete and should be signed off by the end of April although recruitment to the vacant posts would take longer. The Committee learnt that the retention of experienced IT staff was a recognised problem for local authorities.  To address this challenge the current restructure had sought to promote alternative benefits such as formal training, mentoring, providing a suitable life/work balance and placing staff in tailored posts that matched their personal aspirations.

Freedom of Information

The Monitoring Officer advised the Committee that April 2018 was not a realistic target due date.  She said that delivery of this recommendation required significant work and was, in part, dependent on the availability of IT support. She undertook to provide a written update on this recommendation.

The Committee noted the report and the progress against individual recommendations.

Report of: the internal auditor BDO

Purpose of report: to inform the Committee on progress on those recommendations raised by Internal Audit which are due for implementation.

Recommendation: to discuss and note the report.

The Committee considered the report of the internal auditor BDO setting out progress on those recommendations raised by Internal Audit which are due for implementation.

Gurpreet Dulay, internal auditor, reported that work on the recommendations on Freedom of Information was ongoing and the ‘publication scheme’ was being developed.

On the recommendations on cybercrime, Vic Frewin reported that work was ongoing with the different services’ data owners as they were responsible for their own data security. All data stored remotely was on fully PSN complaint, secured and accredited servers.

The Committee noted the report.

Report of: the internal auditor BDO

Purpose: to inform the Committee of progress on those recommendations raised by Internal Audit which are due for implementation.

Recommendation: to discuss and note the report.

The Committee considered the report of the internal auditor BDO on progress on those recommendations due for implementation

The Business Improvement & Performance Manager, the Head of Financial Services, and the Acting Head of Law and Governance answered questions about recommendations for their areas.

The Committee noted:

·         Although 3 major recommendations for ICT had slipped 4 times these were in progress and were nearing completion.  Contracted staff were completing tasks in the transformation plan and a permanent staffing structure was nearing completion and it was anticipated, although not without risk, that suitable permanent staff could be recruited on standard pay grades.

·         To build resilience, legal support staff would be trained in Freedom of Information procedures and be able to assist if necessary. FoI training for service champions would be starting in November.

·         The recommendation on the capital gateway had been removed as no longer necessary.

·         Work on implementing the recommendations for Accounts Receivable processes was in progress but awaited technical changes to Agresso by ICT specialists.

The Committee noted the comments above and the report.

Report of: the internal auditor: BDO

Purpose: to inform the Committee of progress on those recommendations raised by Internal Audit which are due for implementation.

Recommendation: that the Audit & Governance Committee considers and notes the report.

The Committee considered the report of the internal auditor BDO on progress on those recommendations raised by Internal Audit which are due for implementation.

Gurpreet Dulay, BDO, introduced the report. The Committee noted progress and expected completion dates for outstanding and high-priority actions.

The Committee resolved to note the report.