To consider report 59/11 of the audit manager.
The committee considered report 59/11 of the Audit Manager, which set out the internal audit reports completed in the third quarter of 2011/12. The committee noted that of the ten audit reports completed since the last committee meeting, three had received limited assurance ratings from internal audit. The report also referred to two follow-up reports, one of which received limited assurance in the original audit review. Councillors noted that for the first time, audit reports referred to quantums to allow the committee to assess the severity of the issues raised.
The committee debated the audit reports as follows.
This audit had been awarded satisfactory assurance from internal audit. However, following a question from a councillor, it was reported that the audit had discovered no fraud. An explanation of the car park cash collection process was circulated to committee members.
This audit had also received satisfactory assurance. The committee noted that reconciliations were being carried out by the council’s contractor, Capita, as the council received monthly reports.
This audit received a limited assurance. The committee noted that a number of the recommendations had not been implemented pending the transfer of the payroll operation to Capita. This was due to happen in mid-February. To test Capita’s ability to run the payroll system, Capita had run the payroll in tandem with the council for the last two months. This had highlighted some minor but surmountable issues.
In answer to a question, the committee noted that the council’s management team was content that staff claiming travel allowances should self-certify that they had motor insurance to cover business travel. However, internal; audit committed to undertake spot checks. In addition, human resources staff were aware that details of staff starters and leavers must be checked and signed off. These checks were taking place.
The committee accepted that the next annual assurance audit would highlight any issues and any outstanding audit recommendations. Internal audit would undertake this in the first quarter of 2012/13 and provide assurance on the Capita transfer.
Waste management and recycling
This audit resulted in a limited assurance rating. The committee noted that with regard to the accuracy of weighbridge records and invoices, internal audit had taken a sample of records and had only found one labelling error, which was considered insignificant. The monthly checks recommended by internal audit were now in place. The committee also noted that the waste and recycling collection tracking system recorded the movement of collection vehicles and the lifting (emptying) of each bin. This data was recorded by reading the chips inserted in the bins. The records showed each bin that had been emptied, and the time and date. The committee asked for details of how often this system was unavailable. The officers reported that they were working with the contractor to improve customer service standards.
This audit also received limited assurance. In answer to a question from a councillor, it was noted that the discrepancies between the human resources establishment list and the payroll records were mainly related to data entry errors and would not cause a budget variance. The list was updated monthly by heads of service and was now accurate. Capita would be carrying out a data cleansing exercise before it began operating the payroll service and would ensure its records were the same as the establishment list.
ICT - Follow-up audit 2010/11
The original audit received limited assurance but the follow-up audit was presented as many implementation deadlines had not been met. As the committee had several questions arising from this audit and the service manager was unable to attend this meeting, the committee deferred consideration of this item.
However, in many audit reports, internal audit had highlighted that staff leavers’ names had not been immediately removed from IT systems. The committee expressed concern that staff might be able to access the council’s systems after they had left the council’s employment. The committee was assured that there were systems in place for managers to alert human resources of staff leaving dates and to alert other services and IT staff. The committee noted that IT staff immediately removed staff leavers from the council’s network, meaning former staff would be unable to access this council’s systems. However, internal audit’s concern was that individual services had not removed some leavers from their IT systems. This action was repeated in several internal audit reports. The committee asked internal audit to follow up these recommendations.
The committee then discussed appendix 2 to the internal audit activity report. This related to systemic control weaknesses. The committee asked whether the weaknesses were ranked, and if so how? The officers agreed to check this with the audit manager and report back to the next meeting.
(a) note the report;
(b) request the officers to provide:
· assurances in the internal audit follow-up reports that staff leavers’ names and logins had been quickly removed from the council’s IT systems to prevent unauthorised access
· the amount of aged debt from brown bin customers likely to be written off
· an update on whether Biffa was complying with the council’s instruction not to collect garden waste from the addresses of persistent non-payers
· details of the regularity of waste and recycling collection system downtime
(c) defer consideration of the ICT follow-up audit until the next committee meeting in March; and
(d) determine whether the systemic control weaknesses are ranked, and if so how?