Report of the Chief Accountant
Sandra King, Audit Manager - South Norfolk Council, presented the Annual Report on Internal Audit Activity for 2007/2007.
The report had been prepared in accordance with the requirements of the Accounts and Audit Regulations 2003, the Accounts and Audit Regulations (Amendment) (England) 2006 and the CIPFA Code of Practice for Internal Audit in Local Government 2006. It contained an opinion as to the adequacy and effectiveness of the Council’s systems of internal control for 2006/07 comments on Internal Audit Activity in 2006/07 delivered against the Annual Audit Plan and also provided performance information for the Internal Audit Service.
Unfortunately, during April/May 2006 there were major problems with the external contractor regarding the resourcing of the Annual Audit Plan for 2006/07. Resourcing issues caused by staff sickness and turnover were not fully resolved until the Autumn by which time some slippage against planned reviews had occurred. This, in turn, had an adverse impact on performance indicators for the Internal Audit Service and completing individual audit assignments by 31 March 2007. Members were assured that the contractor had recruited staff and now provided a stronger dedicated team.
The overall standards of internal control were satisfactory, based upon the internal audit work undertaken in relation to the 2006/07 Annual Audit Plan. The overall position was that, whilst recommendations had been made to improve procedures and controls in a number of areas, there were no instances in which internal control problems created significant risks for Council activities or services. Furthermore, it was pleasing to note that managers were committed to addressing control issues and/or adopt best practice recommended by Internal Audit, within a 2-5 month timescale of the issue of final audit reports.
Members queried the high priority issues in relation to ICT, in particular, the need for an IT Disaster Recovery Plan. ICT was of paramount importance when considering the recommendations from the Project CREATE team. There were also concerns with regard to the ICT Management situation as the current Interim ICT Manager would shortly be leaving Breckland.
In response the ICT Manager stated that a new short-term Interim ICT Manager would be replacing himself and plans were in place to recruit a full-time member of staff for this post.
With regard to the ICT Disaster Recovery Plan this Plan was in place and was tested on a regular basis. However, what was missing was the documentation to prove that all these assessments were in place. Without the documented proof the Audit Assessors could not state categorically that the ICT systems were in place.
Further to this the risk associated with using 3 sites would shortly be reduced as the servers from Cardiff would be moved to Thetford at little extra cost.
RECOMMENDto Cabinet to recommend to Full Council:
(1) To receive and note the Annual Report of the Audit Manager.
(2) To note that the overall standards of internal control were satisfactory during 2006/07.
(3) To note that the satisfactory opinion on internal control is taken forward into the Council’s Statement on Internal Control for 2006/07.
(4) To note that initial feedback on the effectiveness of Internal Audit indicates enhancements are being made to service delivery and that closer adherence to the Code of Practice for Internal Audit in Local Government in the United Kingdom is currently ongoing.