Report of: The Chair of ODS Audit Committee.

Purpose of the report: To informt the Audit and Governance Committee of the Annual Audit Opinion of ODS for the 2023/2024 year.

Recommendation: To discuss and note the report.

Catherine Pridham, Non-Executive Director of ODS, introduced the report which provided an overview of the internal audit plan of the 2023/2024 year that covered data input controls, employee code of conduct and advisory pieces of work, such as executive pay and strategic fraud risk review. 

She provided further details on the audit, noting that the data input controls audit received a moderate rating, reflecting strong controls over data input and ongoing quality control processes. This applied to QL and Pergo, with one medium-level observation related to the absence of a data quality policy. Additionally, she reported that the employee code of conduct received a substantial rating, which included a staff survey to confirm their awareness of the code of conduct policies.

The Non-Executive Director of ODS noted that a recent review identified the need for improvements in guidance and documentation related to conflicts of interest, with these enhancements currently in progress. Additionally, the review of exceptions in pay practises underscored the need to enhance the committees’ terms of reference and the executive pay policy to ensure accurate reflection of the shareholder agreement in these documents.

She stated that the strategic fraud risk review was completed following the year-end, concluding that existing policies and procedures established a coherent framework for identifying fraud risks and implementing mitigation measures. It was noted that the IT governance audit remained in draft status at the last audit committee meeting, with a moderate assurance rating expected. This audit underscored the need for both Oxford City Council (OCC) and ODS to establish a dedicated IT governance committee and to ensure comprehensive stakeholder involvement in IT projects.

She noted that during the year, the meeting reviewed the organisations information assurance status. Key risks identified included the continued use of paper-based information with some teams and, specifically within the trading business, the risk of employees taking confidential and commercial information to competitors after leaving the organisation. Additionally, she added that there was an observed increase in cybercrime risks.

The Non-Executive Director of ODS stated that additional non-internal audit assurance was provided through a governance questionnaire distributed across all service areas of the organisation, along with work of the quality assurance team, who conduct audits and provide training on established policies.

In conclusion, the Non-Executive Director of ODS expressed confidence in providing assurance on behalf of the audit committee and the board regarding the overall effectiveness of governance and risk management.

Councillor Ottino raised a question about the governance questionnaire, specifically regarding areas of challenge, asking whether heads of services identified these challenges and if there was a plan to address them.  The Non-Executive Director of ODS responded that service areas themselves had identified relevant issues and stated that the audit committees took follow-up action where necessary.

Councillor Gant inquired about the reluctance to offer an overall audit opinion, asking why this was the case and what had not been included to enable such an opinion. The Non-Executive Director of ODS explained that given the organisations size, internal audit resources were insufficient to review every area comprehensively. She noted that audits follow a risk-based approach, targeting strategic risks, and the audits conducted address these priority areas.

Councillor Fry sought clarification on whether fraud prevention is investigated.  The Non-Executive Director of ODS confirmed that they had requested BDO to include fraud information in each sector update, ensuring this information is provided to the audit committee at every meeting.

Nigel Kennedy, Head of Financial Services, added that the fraud team had conducted detailed work with ODS colleagues to raise fraud awareness.

The Committee noted the report.