Issue - meetings

Report by the Chief Operating Officer

12.1    The Cabinet considered a report by the Chief Operating Officer.

12.2    It was RESOLVED to note the internal audit service’s opinion on the Council’s control environment.

Reason

12.3    The report gives an opinion on the adequacy of East Sussex County Council’s control environment as a contribution to the proper, economic, efficient and effective use of resources. The report covers the audit work completed in the year from 1 April 2021 to 31 March 2022 in accordance with the Internal Audit Strategy for 2021/22. Substantial assurance can be provided that East Sussex County Council had in place an adequate and effective framework of governance, risk management and internal control for the period 1 April 2021 to 31 March 2022.

Report by the Chief Operating Officer

39.1     The Committee considered a report by the Chief Internal Auditor which set out the Internal Audit team’s work during Quarter 3.

39.2     The Committee discussed:

            39.2.1  The Pension Fund Governance opportunities for improvement.

            39.2.2  The Revenue Budget Management opportunities for improvement.

            39.2.3  The Re-procurement of Framework Agreement and the areas where controls could be strengthened.

39.3     In response:

            39.3.1  The Audit Manager noted that the governance manual for the Access Pool is due to be completed by the end of the financial year.

            39.3.2  The Audit Manager noted that follow up reports will only be conducted for audit areas which had partial or minimal assurance. However, the agreed actions arising from the Revenue Budget Management audit will be looked at next time the review is undertaken.

            39.3.3  The Chief Internal Auditor explained that the investigation conducted following a whistle blowing report regarding the re-procurement of the Framework Agreement found no fundamental failures that undermined the procurement process, but it did identify areas for improvement.

39.4     The Committee RESOLVED to note the report.

Report by the Chief Operating Officer

26.1     The Committee considered a report by the Chief Internal Auditor.

26.2     The Committee discussed:

26.2.1  Audits conducted during the pandemic, and keeping the Committee appraised of ongoing work – the Chief Internal Auditor assured the Committee that the Team delivered all the key work that allowed him to deliver his annual opinion. The Team has now adjusted to delivering all its audit work remotely, including with schools which has been successful.  The Chief Internal Auditor also remarked on the work undertaken to produce the final reports which are presented to the Committee in the form of field work and report drafting. The Chief Internal Auditor confirmed his intention to conduct a session in the New Year with committee members to discuss items for the forthcoming Audit Plan. 

26.2.2  Mandate Fraud, and whether following the correct process would have prevented the fraud, and whether there were other mandate frauds where payment had been made to the wrong account – controls are in place to identify and stop any future mandate frauds, and clear instructions issued to remind officers to follow the agreed processes.

26.2.3  Emergency procurement, and similarities with issues at a national level – the Chief Internal Auditor drew attention to the Council’s Anti Fraud and Corruption Strategy and the comprehensive Code of Conduct which covers clearly issues of relationships with contractors.  He also highlighted the requirements of the Declarations of Interests processes for officers and members, and the Council’s participation in the National Fraud Initiative. The Audit Manager confirmed that the emphasis of the review was on compliance with statutory requirements, rather than concerns over corruption.

26.2.4  The Risk Management Framework, and the emphasis given to climate change such as adaptation/mitigation and to the natural environment – the Chief Operating Officer set out the purpose of the Framework and the Register which includes the climate risk which will have an impact on the Council’s strategic objectives. The Chief Internal Auditor confirmed the purpose of the Team’s review, in looking at the process by which the authority identifies and manages risk rather than the Team investigating each risk within the Register. The Audit Plan is a risk-based plan, so the issue will be engaged with in future planning.

26.2.5  Amendments to the Audit Plan – the recent additions will form part of future reports to the Committee.  The Chief Internal Auditor set out the scope of the Team’s capabilities and the targeting of resources.  Investigations sometimes indicate a wider review would be an effective response to a potential risk, so they are added to the Plan. 

26.2.6  Deprivation of capital, and differing outcomes – there is no single approach that suits all cases.  The Team’s role is to provide the evidence for the Service to take a decision on how to proceed, given the Service’s specialist and expert knowledge.

26.3     The Committee RESOLVED to note the report.

Report by the Chief Internal Auditor

13.1     The Committee considered a report by the Chief Internal Auditor which set out the work done and performance of the Internal Audit team.  There was only one audit with a partial assurance (building security) and all the performance indicators are currently green.  

13.2     The Committee discussed the implications of the breach of building security, including data loss.  The Committee was reassured that the loss was of new ICT equipment, that the theft has been committed by an employee of a contractor who had been subject to their disciplinary processes, and that there had been no loss of data. The loss has led to a review of areas accessible to contractors, and the regular reconciliation of staff lists and access cards. The matter had also been reported to Sussex Police.

13.3     In respect of the audit of remote working (point 1.32 of Annex A), the Audit Manager - IT explained that the Information Governance Group had now implemented a process for escalation of decision making.

13.4     The Committee RESOLVED to (1) note the report; and

(2) confirm there are no new or emerging risks for consideration for inclusion in the audit plan.