Agenda item

To consider a report of the Assistant Executive Director (Finance).

Consideration was given to a report of the Assistant Executive Director (Finance) and Head of Risk Management and Audit Services detailing the work undertaken by the Risk Management and Internal Audit Service between April and September 2016.

The following areas of work undertaken by Risk Management and the Internal Audit Service were reported as follows.

Risk Management and Insurance – the approved priorities for 2016/17 were detailed as follows:

·         To facilitate the continued implementation of the Information Governance Framework by:-

-       Providing advice and guidance in relation to information governance;

-       Keeping the framework up to date and fit for purpose with any new guidance issued by the Information Commissioners Office; and

-       Delivering and monitoring training for general users and for staff in high risk areas.

·         To review the Business Continuity Management system in place to streamline the process to create a management tool that was workable, with a capability to provide knowledge and information should a major incident occur; and

·         To continue to support managers to assess their risks as services were redesigned to ensure that changes to systems and procedures remained robust and resilient offering cost effective mitigation and that claims for compensation could be successfully repudiated and defended should litigation occur.

Panel Members were notified that the risk management system was under review and the Corporate Risk Register was now being presented to the Senior Management Team on a quarterly basis.  Operational risk registers for quarter three would be compiled by service areas using the corporate risk register template.

With regard to Information Governance Framework a number of documents had been revised to take into account minor structural or procedural changes as follows:-

·         Information Governance Policy had been updated to reflect structural changes and the addition of the revised Subject Access Request Guidance;

·         Information Governance Conduct Policy had been updated to reflect the additional Subject Access Request Guidance;

·         Information Security Incident Reporting Procedure had been updated to reflect some structural changes and included a practice note for undertaking investigations; and

·         Subject Access Requests Guidance had been refreshed to ensure consistency across all areas of the Council.

With regard to Internal Audit, reference was made to the Audit Plan, which had been approved in May 2016 and covered the period April 2016 to March 2017.  An update on progress against the plan to 30 September 2016 was provided.  It was reported that 42% of the audit plan had been achieved so far, compared with 41% at this stage during 2015/16.  It was explained that performance to date had been affected by reduced resources, annual leave and ad hoc requests for reviews, advice and support which were not included in the original plan.  It was further explained that the Audit Plan was responsive to the needs of the organisation and as such, it was normal practice to amend the plan during the year. 

The annual audit plan progress as at 30 September 2016 was outlined to Members.  In total, 761 actual days had been delivered with 920 days remaining.  A revised plan for 2016/17 would be reported to a future meeting of the Panel.

During the first half of the year, ten final reports had been issued in relation to systems, risk and managed audits.  In addition, seven draft reports had been issued for management review and responses and these would be reported to the Panel in due course.  Two school audits were completed during the period, the results of which were summarised.  In addition, six visits had been completed and the draft reports were being reviewed before they were issued to Schools for management review and responses.

It was further reported that the review of Internal Audit against the Public Sector Internal Auditing Standards (PSIAS) highlighted that the service was fully compliant with the requirements of the standard.  PSIAS, introduced from April 2013, required at Standard 1312 that each organisation’s internal audit service was subject to an external assessment “once every five years by a qualified, independent assessor or assessment team from outside the organisation”.  Across AGMA and the wider North West a Peer Review process had been developed by the Chief Audit Executive Group and piloted in Blackburn and Blackpool.  Feedback from both the reviewers and those being assessed was summarised.  Three options had been considered as follows:-

·         Local Authority Peer Review;

·         Chartered Institute of Public Finance and Accountancy; and

·         Chartered Institute of Internal Auditors.

Following detailed discussion the Panel made the decision to support the Local Authority Peer Review option.

An update was given on the four annual governance statement development areas concerning the ongoing level of change across the organisation, the move towards an Integrated Care Organisation, Vision Tameside and Greater Manchester Pension Fund Pooling.  An update was also provided on work undertaken on NAFN Data and Intelligence Services.

With regard to Irregularities/Counter Fraud Work a summary of cases, which had been investigated during the period April to September 2016, was provided.  In total, 19 cases had been received with 13 still under investigation.  Members requested that for future reporting the table contained within the report should include a column detailing the fraud amount.

RESOLVED:

(i)           That the report and performance of the Service Unit for the period April to September 2016 be noted;

(ii)          That the Information Governance Policy be approved;

(iii)         That the Information Governance Conduct Policy be approved;

(iv)         That the Information Security Incident Reporting Procedure/Practice Note be approved;

(v)          That the Subject Access Requests Guidance be approved; and

(vi)         That support be given to the Peer Review process for the Assessment of Internal Audit as outlined in the report.