Agenda item

Report of the Senior Auditor

The Senior Auditor presented the report to Members. She informed Members that four final reports had been issued since the last report, one of which was the Review of Compliance with the CIPFA Code of Practice on Managing the Risk of Fraud and Corruption and she was of the opinion that internal controls required some improvement. She advised Members that a Head of Transformation had been appointed to cover the role of the Head of Finance, that the work in the final reports had not identified any significant control weaknesses and that there were no overdue recommendations at the time.

In response to a question from Councillor S Sheahan, the Senior Auditor advised Members that when visiting the Partnership, the authority’s employees had raised concerns that the key policies were available on the internal website, however due to ICT account set ups they were unable to access the information. However the issue had now been addressed.

Councillor S Sheahan sought further information on the report into the Disabled Facilities Grants and the recommendations expressing concerns that there may have been a financial loss to the Council or issues for residents.

The Senior Auditor informed Members that the main issues were in relation to procedures in maintaining files so that previous grants checks could be carried out as before the recording on the files was inconsistent.

Councillor A C Saffell expressed concerns over the length of time that inert accounts were left before being reviewed and that it should be tighter; that should the systems be hacked, the inert accounts could be targeted; and that how access and use of generic accounts was monitored was important as that also was a dangerous path.

The Senior Auditor advised Members that accounts for staff that have left the authority are closed as soon as possible after they leave. The accounts that are reviewed after 90 days are for staff who that are on long term sick, Maternity Leave or partner staff accounts. In relation to the partner staff accounts ICT monitored the access controls but may not have been notified when they no longer work here so this review of inactive accounts would identify this.

Councillor A C Saffell felt that all inert accounts should be deactivated within 48 hours as Managers of staff on sick or Maternity Leave know when they are coming back to ensure that they are reactivated. He did not feel entirely reassured but was not convinced. The Senior Auditor explained that even when staff were absent on long term sickness or maternity leave, arrangements were generally put in place through email so that the employee could keep up-to-date with the council’s developments and news.

The Senior Auditor advised that ICT specialist auditors employed by the County Council  carried out the audit and internal audit will follow up to ensure that everything is implemented, and that she would pass his comments on to the ICT Manager.

In response to a question from Councillor R Ashman, the Senior Auditor advised Members that the Council had three credit cards and that there were no issues surrounding the inappropriate use but that a check was required by finance as there were issues over the procedures in the recovery of VAT. She informed Members that the credit cards were used for online payments.

The Head of Legal and Support Services advised Members that the Legal Team held a credit card as court payments had to be made online.

By affirmation of the meeting it was

RESOLVED THAT:

The report be noted.