Issue - meetings

Report by Chief Operating Officer

11.1     The Cabinet considered a report by the Chief Operating Officer.

11.2     It was RESOLVED to note the internal audit service’s opinion on the Council’s control environment.

Reason

11.3     The report gives an opinion on the adequacy of East Sussex County Council’s control environment as a contribution to the proper, economic, efficient and effective use of resources.  The report covers the audit work completed in the year from 1 April 2020 to 31 March 2021 in accordance with the Internal Audit Strategy for 2020/21. Reasonable assurance can be provided that East Sussex County Council had in place an adequate and effective framework of governance, risk management and internal control for the period 1 April 2020 to 31 March 2021.

Report by the Chief Internal Auditor

4.1       The Committee considered a report by the Chief Internal Auditor which presented his overall opinion of “reasonable assurance” on the Council’s control environment for 2020/21.

4.2       The Committee discussed the audit of Commissioning and Delivery of Property Projects, which had an opinion of minimal assurance (page 28 of the agenda pack).  The Chief Operating Officer explained that a robust management action plan had been agreed and implemented.  The Committee agreed to receive an update on the action plan from the Assistant Director for Property at the next meeting.  A further concern about relationships with consultants will be considered as part of the Internal Audit team’s follow-up, which will be reported to a future Audit Committee meeting. 

4.3       The Committee commented on the audit of Modernising Back Office Systems (MBOS) programme governance and risk management arrangements (Phase 2) (p34 of the agenda pack).    The IT Audit Manager, Mark Winton, explained that he attends the MBOS Programme Board to assist the Board and the new Programme Manager.  The Chief Operating Officer suggested that the Audit Committee could also assist with oversight of the Programme. 

4.4       The Chief Finance Officer set out that the increased level of grants received by the Council had led to an increased volume of assurance required by Government.  This was being managed within existing resources, but should the certification and assurance work become more onerous the matter would be looked at during the RPPR process.

4.3       The Committee RESOLVED to: (1) note the Internal Audit Service’s opinion of reasonable assurance on the Council’s control environment;

(2) confirm that there are no significant control issues that should be included in the Council’s Annual Governance Statement for 2020/21;

(3) confirm that the Council’s system for internal audit has proved effective during 2020/21; and

(4) consider additional reports on Property Projects and MBOS at the next meeting.

Report by the Chief Internal Auditor

39.1     The Committee considered a report by the Chief Internal Auditor which set out the Internal Audit team’s work during Quarter 3.

39.2     The Committee discussed the MBOS reprocurement project.  The Chief Operating Officer confirmed that three proposals in response to the tender were being analysed and a decision would be taken in late Spring.  Surrey County Council is also undertaking a reprocurement, which has generated a high degree of collaborative work, but which may result in two separate systems, depending on the specific needs of the sovereign partners.  The project is part of the Internal Audit team’s scheduled work for Q4 and will be reported to the next meeting.  More widely, the risk profile and mitigations to address business continuity during the implementation stage will also be addressed.

39.3     The Committee RESOLVED to (1) note the report; and

(2) thank the Internal Audit team for their work during the pandemic.

Report by the Chief Internal Auditor

27.1     The Committee considered a report by the Chief Internal Auditor which presented the work undertaken by the Internal Audit team for 2020/21 Quarter 2 (July to September).  The Audit Manager highlighted the one instance of partial assurance provided on the audit of Direct Payments for Adult Social Care, and the actions agreed with management to address the findings. The Audit Manager also drew attention to the number of completed ICT-related audits, undertaken in response to the Council’s current priorities and the increasingly digital environment. 

27.2     The Committee discussed the loan provided by the Pension Fund to the County Council.  Members were reassured that no such lending would recur and clear guidance had been provided to the Head of Pensions and the Pension Investment Manager to reinforce the need for full understanding of the LGPS rules. The input of the Internal Audit team to assist the Pensions Team with their governance review was acknowledged by the Committee. 

27.3     The Committee RESOLVED to (1) note the report; and

(2) confirm that there were no other areas of concern arising from the report. 

Report by the Chief Internal Auditor

16.1     The Committee considered a report by the Chief Internal Auditor, which presented outcomes of five reasonable assurance and two partial assurance.  The Audit Manager also set the work the Team had done in advising departments on changed ways of working caused by the pandemic, and the redeployment of Internal Audit staff.

16.2     The Committee discussed:

·         Cultural Compliance – Contracts Management Group and the comment about recovery of VAT

·         Digital Postal Hub – Control Environment Review and the Data Security breach

·         Library asset management and the effect of other services, for instance Parking Teams, relocating into libraries

·         Purchase to pay, and the monitoring of departmental figures for high volume low value transactions 

·         MBOS Requirement Catalogue and assurance of avoiding unnecessary costs

16.3     Officers responded:

·         The Cultural Compliance audit was an assessment of the Group’s compliance with the Council’s policies on performance, supervision, training, administration of sickness and travel claims.  In respect of the VAT issue, it related to Purchase Card transactions and only £240 was not reclaimed. 

·         The Post Hub Data Security breach happened when the system went off-line and two items were printed back-to-back and placed in a single envelope.  The recipient notified the Information Commissioner’s Office.  The Audit Team then assessed the overall control environment of the Hub.

·         The effect of other Teams relocating into Libraries was not  part of the original scope of the audit, but will be taken forward in the follow up. 

·         Processing of invoices without purchase orders (retrospective orders) is monitored through SAP. Multiple low value transactions are addressed by the Orbis Sourcing Solutions team, who look to aggregate orders through the procurement process.  The audit found no evidence of systematic avoidance of the procurement rules.

·         The MBOS Requirement Catalogue is a live document that is kept under review by the Project Board and Programme Manager.  All requirements are reviewed by subject matter experts (SMEs) and challenged to ensure a future-proofed system, and not a replication of current features.   

16.4     The Committee RESOLVED to note the report.