The Chairman welcomed Karen Williams, the Director of the Council’s Internal Audit Team at RSM, and Bill Pallett, Head of Finance, to the meeting.
Karen Williams introduced a report on the proposed Internal Audit Strategy 2015-18 and Internal Audit Plan for 2016/17, which were set out at Annex 1, and drew attention to the particular key audit areas within the Plan. These were:
• Partnership governance and collaborative working – the Committee noted that this would cover all partnership and contractual arrangements, including the Council’s contract with Staywell for operation of the borough’s Community Centres, and any contractual arrangements with Surrey County Council.
• Cyber Security – It was noted that penetration testing could be included if this emerged as a concern during the scoping review for this audit;
• Income generating activities - this would cover existing activities within licensing and pest control to ensure completeness in collection and recording of income; and
• Data Protection - this was to ensure the Council’s preparedness for incoming changes as a result of new EU legislation.
It was noted that cyber security and data protection were common concerns within the sector, and that a detailed investigation would be beneficial in providing specific reassurances to the Council. The Committee suggested that a review of Member responsibilities with regard to the protection of sensitive data be included where appropriate. It was agreed that Member engagement could be useful in order to understand the extent of these concerns.
The Committee raised comments and questions relating to the following additional topics:
• Key budgetary risks identified by the Committee relating to homelessness and recycling. The Committee noted actions already being taken to address both. It was noted that an audit of homelessness scheduled for 2017/18 would be timely as it would follow the implementation of any changes arising from a strategic review of the Housing Service;
• Car Parking – it was noted that this would include enforcement issues;
• Business continuity and disaster recovery – it was noted that this would review both buildings and systems, including storage encryption and measures for recovery;
• Planning – compliance and income – it was noted that this would also include enforcement issues.
The Committee had received five advance questions relating to this item, which had been circulated prior to the meeting and were tabled and noted.
The Committee reviewed the key questions set out in section 4 of the strategy and was content that:
• The work within the Audit Plan (as set out in Appendix A) was sufficient to monitor the organisation’s risk profile effectively;
• The strategy for internal audit (as set out in Appendix B) covered the organisation’s key risks as they were recognised by the Committee;
• The areas selected for coverage this coming year were appropriate; and
• The Committee was content that the standards within the charter in Appendix C were appropriate to monitor the performance of internal audit.
It was noted that the Internal Audit Plan would be kept under review by RSM and regularly discussed with the Management Team throughout 2016/17.
RESOLVED that the Internal Audit Strategy and Audit Plan for the Period 2015/16 be endorsed.
|