Add to collection(s) Add to saved
  1. Business
  2. Finance

Please Contact: Please email: Please Direct Dial on: 01263 516047 Committee Room

advertisement 
Please Contact: Lydia Hall
Please email: lydia.hall@north-norfolk.gov.uk
Please Direct Dial on: 01263 516047
08 June 2015
A meeting of the Audit Committee of North Norfolk District Council will be held in the
Committee Room at the Council Offices, Holt Road, Cromer on Tuesday 16 June 2015 at
2.00 pm
Members of the public who wish to ask a question or speak on an agenda item are
requested to arrive at least 15 minutes before the start of the meeting. It will not always be
possible to accommodate requests after that time. This is to allow time for the Committee
Chair to rearrange the order of items on the agenda for the convenience of members of the
public. Further information on the procedure for public speaking can be obtained from
Democratic Services, Tel: 01263 516047, Email: democraticservices@north-norfolk.gov.uk
Anyone attending this meeting may take photographs, film or audio-record the proceedings
and report on the meeting. Anyone wishing to do so must inform the Chairman. If you are a
member of the public and you wish to speak on an item on the agenda, please be aware that
you may be filmed or photographed.
Sheila Oxtoby
Chief Executive
To: Mr V FitzPatrick, Mr S Hester, Mr M Knowles, Mrs A Moore, Mr R Shepherd
and Mr D Young
All other Members of the Council for information.
Members of the Management Team, appropriate Officers, Press and Public
If you have any special requirements in order to attend this meeting, please let us
know in advance
If you would like any document in large print, audio, Braille, alternative format or in a
different language please contact us
Chief Executive: Sheila Oxtoby
Strategic Directors: Nick Baker and Steve Blatch
Tel 01263 513811 Fax 01263 515042 Minicom 01263 516005
Email districtcouncil@north-norfolk.gov.uk Web site northnorfolk.org
AGENDA
1.
TO RECEIVE APOLOGIES FOR ABSENCE
2.
APPOINTMENT OF VICE-CHAIRMAN OF AUDIT COMMITTEE
Members to appoint a Vice-Chairman of the Committee.
3.
PUBLIC QUESTIONS
To receive public questions, if any.
4.
ITEMS OF URGENT BUSINESS
To determine any items of business which the Chairman decides should be
considered as a matter of urgency pursuant to Section 100B(4)(b) of the Local
Government Act 1972.
5.
DECLARATIONS OF INTEREST
Members are asked at this stage to declare any interests that they may have in any
of the following items on the agenda. The Code of Conduct for Members requires
that declarations include the nature of the interest and whether it is a disclosable
pecuniary interest.
6.
MINUTES
(Page 1)
To approve as a correct record, the minutes of the meeting of the Audit Committee
held on 17 March 2015.
7.
AUDIT UPDATE AND ACTION LIST
(Page 7)
To monitor progress on items requiring action from the meeting of 17 March 2015
including progress on implementation of audit recommendations.
8.
AUDIT COMMITTEE WORK PROGRAMME
(Page 8)
To review the Audit Committee Work Programme.
9.
PROGRESS REPORT ON INTERNAL AUDIT ACTIVITY
(Page 9)
To receive the Progress Report on Internal Audit Activity.
10.
ANNUAL REPORT AND OPINION 2014/15
(Page 28)
To receive the Annual Report and Opinion of last year.
11.
FOLLOW UP ON INTERNAL AUDIT RECOMMENDATIONS
(Page 40)
To receive a follow up report on the recommendations made by Internal Audit.
12.
CORPORATE RISK REGISTER
To receive an update on the corporate risk register.
(Page 46)
13.
BUSINESS CONTINUITY PLAN REVIEW AND TRAINING UPDATE
(Page 56)
To receive a report on the Businss Continuit Plan Review and an update on
contingency training with the Revenues and Benefits teams.
14.
EXCLUSION OF THE PRESS AND PUBLIC
To pass the following resolution, if necessary:
“That under Section 100A(4) of the Local Government Act 1972 the press and public
be excluded from the meeting for the following items of business on the grounds that
they involve the likely disclosure of exempt information as defined in
of Part I
of Schedule 12A (as amended) to the Act.”
Agenda item _6 _
AUDIT COMMITTEE
Minutes of a meeting of the Audit Committee held on Tuesday 17 March 2015 in the
Committee Room, Council Offices, Holt Road, Cromer at 2.00 pm.
Members Present:
Committee:
Mr N Dixon (Chairman)
Mrs A Moore
Miss B Palmer
Mr D Young
Officers in
Attendance:
The Head of Finance, the Internal Audit Consortium Manager, the
External Auditors (HA and AA), the Benefits Manager and the Democratic
Services Officer
40.
APOLOGIES
Mr R Reynolds.
41.
PUBLIC QUESTIONS
None received.
42.
ITEMS OF URGENT BUSINESS
A question had been received from Cllr G Jones;
Some while back I held a meeting with the external auditors and asked them to
evaluate a risk assessment for the District Council’s heavy reliance on car
parking income. I have not had an adequate reply or reply of any substance. Will
the Chief Executive advise on what rights the Members of the Council have to
raise issues with the external auditors and whether they have a right to a proper
response when they do?
The External Auditor (HA) said that Cllr Jones had written to them at the end of June
2014 and that he had asked for a meeting to discuss an element of the car parking
relating the overnight charges of £90,000.
The External Auditor said that she had met with Cllr Jones at the end of July and they
discussed what they (External Audit) could and couldn’t discuss. She said that they
talked about risk, their scope of work and financial sustainability. She added that she
asked Cllr Jones to bear in mind that the Council’s materiality limit is set at £1 million.
She had explained that £90,000 was not an amount that external audit were compelled
to look at.
Audit Committee
1
17 March 2015
The External Auditor said that following her meeting with Cllr Jones, she had written to
him to summarise the points in the discussion and that she had met with the Chief
Executive and the Head of Finance to discuss the matter. It had been agreed to
continue the Audit work as planned and their conclusions being reported to the Audit
Committee in September 2014.
The External Auditor said that Cllr Jones had been directed to where he would find
additional answers and reiterated that they were not charged to look at car parking due
to the materiality. She said that there had been correspondence on this between Cllr
Jones and the Head of Finance. She explained that it was not external audit’s role to
question the decisions of the Council unless they were unlawful.
The Chairman commented that this was the first time that he had any knowledge of the
matter running.
The Head of Finance said that Cllr Jones had questions that related to car parking
income as a risk – she said that it was a risk in the very nature that it is a demand led
service but there are controls in place in terms of the prudent way the budget is set
and that there is an element in the general reserve held to mitigate this also. She
explained that there was a process that Officers go through to determine the annual
service budget and this is monitored throughout the year.
Mr D Young asked for clarification on the £90,000 figure.
The Head of Finance said that the original report showed the impact of the changes to
the charges as being £110,000 and that the budget report last month showed a net
movement of £80,000.
The Chairman said that any Member could bring an issue to Audit Committee and that
this issue should have come to the Committee in the first instance and then they could
have decided whether to take it forward. The Chairman said that he was happy to
discuss the issue one to one with Cllr Jones.
The Head of Finance commented that the risk of car parking income was brought up
by Cllr Jones at the Overview and Scrutiny Committee meeting recently and that she
had explained then about risks and reserves.
The Internal Audit Plan for 2015/16 was an agenda item to be discussed later on in the
meeting, the plan includes a car parking internal audit, however this would be more
systems and control based. It was not considered necessary for the scope of this
Internal audit to be expanded to cover the matters raised as it was considered that this
would be duplication of the value for money external audit work and the matter was
around budgets as opposed to controls for which there are already controls in place.
The Chairman said that no formal action was required of the Audit Committee. The
Chairman asked Members whether they would like for him to speak to Cllr Jones or to
allow the matter to run to Full Council.
The External Auditor said that they had received assurances from Internal Audit and
External Audit that no other work was needed.
The Chairman said that an answer had been given, but that the question was not very
clear in its objective. He said that they were a pro-active committee and that they
would have wanted to involve themselves in this issue. He said they would have
looked at it until they were satisfied that the matter need not go any further.
Audit Committee
2
17 March 2015
The Head of Finance said that it was useful for the committee to discuss the matter.
The External Auditor said that unlawful transactions could be brought to External
Audit’s attention and that other issue should go through to Audit committee and that it
was a process point. She added that Members had no additional rights over members
of the public.
43.
DECLARATIONS OF INTEREST
None.
44.
MINUTES
The Minutes of the meeting of the Audit Committee held on 9 December 2014 were
approved as a correct record and signed by the Chairman with the amendments sent
by e-mail by the Internal Audit Consortium Manager.
45.
AUDIT UPDATE AND ACTION LIST
The items outlined in this were included in the agenda.
46.
AUDIT COMMITTEE WORK PROGRAMME
The work programmes for 2014-2015 and 2015-2016 were discussed. The work
programme included standard and cyclical items. Members ensured that all work in the
2014-2015 programme was completed or that arrangements had been agreed for
certain items to be carried forward.
The following changes were made to the 2015-2016 work programme:
 Protocol for liaison between internal and external auditors in September 2015
was changed to an update for December 2015.
 The Annual Review of the Effectiveness of Internal Audit and the Annual Report
and Opinion, both in June 2015, were intertwined and would be taken as one
task.
 There would also be a a progress report, in addition to the status of agreed
actions report for June 2015, as these support the Annual Report and Opinion.
 The Business Continuity Plan Review in June 2015 was changed to an annual
review and the Business Continuity in December 2015 was taken out.
47.
AUDIT PLAN – ANNUAL GRANT CERTIFICATION REPORT
The External Auditor (HA) introduced the report and said that these were the findings
of external audit. She said that the housing benefits total claim was £28m. She
explained that it was a prescribed set of procedures and not an audit process. The
External Auditor said that the materiality was nil and so all of the information was
brought to the Audit Committee’s attention.
Audit Committee
3
17 March 2015
The External Auditor said that there were two main points to highlight; the ability to run
detailed listing and reporting to Department of Work and Pensions. She said that there
were small error in the number of categories on pages 16 and 17.
Mr D Young, referring to page 16 under ‘Rent Allowances’ commented on the 24/40
ratio for errors and said that this was the same as the third paragraph on page 17. He
asked whether this was an error or the same thing.
The Benefits Manager said that these were failings in private income and pensions.
She said that eleven had no difference and that the calculation was not correct but that
they were paying the correct amount.
Mrs A Moore said that the testing was with 40 cases and asked how many cases there
were in total.
The Benefits Manager said that the case load had dropped and was now 9,200 and
that in the last eleven months there had been 4,009 new applications and 33,238
changes of circumstances for the period of April 2014 to February 2015 which was
worth £26-28m. She added that £7.5m had been paid in council tax support and that
£104,000 had been spent in discretionary housing payments.
The External Auditor (HA) said that the team had used the sample size prescribed and
that the initial testing was 40 cases with further testing and that significantly more than
40 cases had been looked at.
Mr Young said that on page 18 the implementation date was set as 13th March.
The Benefits Manager said that the purchase order had been raised.
The Chairman asked when the system would be live.
The Benefits Manager said that the team had the specification but would like to test it,
but that they wanted to implement in June 2015.
The Head of Finance said that it would inform audit for the 2014/2015 claim.
The Committee ACCEPTED the certificate.
48.
EXTERNAL AUDIT PLAN
The External Auditor (HA) informed Members that this was a standard document.
The External Auditor (AA) said that the plan was the responsibilities for the year. She
said that page 5 identified three risks, two of which were significant and were ISA
required risks. She said that page 6 showed an elevated risk and said that over several
years this was not unco0mmin in councils because they were dealing with a large
balance.
The External Auditor (HA) said that there were no change requirements for the year
and that the estimate had been made by management. She said that the materiality
was based on expenditure and was 2% of the expenditure and that it was unlikely to
vary significantly.
Audit Committee
4
17 March 2015
The External Auditor (HA) said that page 10 outlined the risk of fraud and that there
was a responsibility to gain assurance. She said that page 11 had questions for Audit
Committee to consider and to consider for themselves to be fully independent.
Mrs Moore, referring to page 13 of the report, asked about the audit fees and said that
2014-15 was lower than 2013-14. She commented that the certification costs had
increased and asked why.
The External Auditor (AA) said that the fees were set by the Audit Commission and
that she was not sure why they had been increased. She said that since writing the
report, the increase from 2013-14 was £35,187 to bring it in line with what had been
charged in the current year.
It was agreed that the final draft would be circulated to Members.
The Committee ACCEPTED the plan.
49.
PROGRESS REPORT ON INTERNAL AUDIT ACTIVITY
The Internal Audit Consortium Manager said that this was a regular report and,
highlighted the change that had been made to the 2014/15 plan. She added that all
audits where either in progress or complete.
The Internal Audit Consortium Manager highlighted the four reports which had recently
been finalised, all with positive assurances, and in addition brought to the Committee’s
attention the audit of local council tax support and housing benefit whereby the recent
audit had resulted in the previous negative assurance moving to a positive assurance.
Therefore resulting in a improved control environment. She added that there were no
high priority recommendations.
The Committee NOTED the report.
50.
STRATEGIC AND ANNUAL AUDIT PLANS
The Committee discussed the revised format of the report, which took on board the
Committee’s previous comments on content and layout. The Audit Charter would be
reviewed annually by the Internal Audit Consortium Manager and it would come to
Audit Committee every two years, for approval.
The report also highlighted the Internal Audit Strategy, the Strategic (3-year) Internal
Audit Plan and the resultant Annual Internal Audit Plan. Finally the report took the
Committee through the new performance measures which would be used to ensure a
quality service was provided by the new contractor.
The Chairman said that the reviewed content and format were the optimum to be
achieved.
The Chairman said that there would be audit training in the Member Induction following
the election in May and that they wanted to sustain the Committee’s high level of
effectiveness. He added that beyond the initial induction, further training would be
provided to take Members through the reports.
The Committee ACCEPTED the report.
Audit Committee
5
17 March 2015
51.
UPDATE ON SPORTS HALLS INTERNAL AUDIT RECOMMENDATIONS
Following on from a request by the Committee, the Internal Audit Consortium Manager
had reviewed the recommendations raised in the recent Sports Halls audit. She said
that in summary, in reference to DBS checks, she was satisfied that these were
complete, that staff were signing to check the banking sheets, that all health and safety
was in progress. She added that the year-end would show all of the issues as
complete.
The Chairman said he was pleased to close this item before the new administration –
that it was good to seek assurances and that this was why Members had this specific
work completed.
The Committee ACCEPTED the report.
52.
FLOOD RECOVERY
In the absence of the Civil Contingencies Manager, the Chairman introduced this
report and said that the flood recovery was an update on business continuity plans.
Mrs A Moore said that following the fire in Fakenham, the use of the emergency centre
there was encouraging.
The Chairman said that at the pre-agenda meeting, they had taken the view that it
would be acceptable to have a date for the contingency plans concerning revenues
and benefits to try and close the issue before the end of this administration. He added
that 23rd March was the date agreed upon and that the Civil Contingencies Manager
would be meeting with the managers in the Revenues and Benefits department.
The Chairman said that this should be actioned at the next meeting following the
March date so that the Committee could see the finalised plans. He said that the
contingency plan should be reviewed annually and was in the work programme for
December 2015.
The Chairman concluded the meeting by saying that it was the last meeting in the
current administration and thanked both Internal and External audit for all of their work.
The Chairman extended his thanks to the Head of Finance as the principal officer and
for servicing the Audit Committee. The Chairman also thanked Members stating they
had been very supportive of the Committee.
The meeting closed at 3.38 pm
______________________
Chairman
Audit Committee
6
17 March 2015
Agenda Item 7
AUDIT COMMITTEE 17 March 2015 – ACTIONS ARISING
FROM THE MINUTES
52. Flood Recovery
That the training took place on 23rd March and that
the committee was updated at the next meeting.
7
Richard Cook
Agenda Item 8
AUDIT COMMITTEE WORK PROGRAMME 2015 – 2016
JUNE 2015
PWC
SEPTEMBER
2015
DECEMBER 2015
PWC 2014/15
Annual
Governance
report
(ISA260)
MARCH 2016
Annual Audit
Letter (PWC)
Audit Plan (PWC)
(with overview)
Annual Grant
Certification
Report
Progress Report
on Internal Audit
Activity
Progress Report
on Internal Audit
Activity
Progress Report
on Internal Audit
Activity
Undertake selfassessment
Follow Up Report
Strategic and
on Internal Audit
Annual Audit
Recommendations Plans
Protocol for
liaison between
internal and
external auditors
Internal Audit
Annual Report and
Opinion and
Review of the
Effectiveness of
Internal Audit
Progress report on
Internal Audit
Activity
Follow up on
Internal Audit
Recommendations
NNDC
Corporate Risk
Register/ risk
management
framework
Business
Continuity Plan
Review
Internal Audit
training
Business
Continuity training
update
Monitoring
Officer’s Report
Internal Audit
training
Statement of
Accounts (+
informal training)
Review of
pension liability
Business
Continuity
Local Code of
Corporate
Governance and
Action Plan –
update and
Annual
Governance
Statement
2014/15 – update
Corporate Risk
Register
8
Risk
Management
Framework
Audit Committee
16 June 2015
Agenda Item No______9_______
Progress Report on Internal Audit Activity: 6 March 2015 to 9 April 2015
Summary:
This report examines the progress made between 6 March and
2 April 2015 in relation to delivery of the Annual Internal Audit
Plan for 2014/15, and provides the year end position.
Conclusions:
Progress in relation to delivery of the Internal Audit Plan is line
with expectations with the audit plan now being complete;
positive assurances have been awarded in the five audit reviews
finalised in this period.
Recommendations:
It is recommended that the Committee notes the outcome of the
audits completed between 6 March and 2 April 2015 where
assurance levels have been given and the conclusion of the
annual audit plan for 2014/15.
Cabinet member(s):
Ward(s) affected:
All
All
Emma Hodds, Internal Audit Consortium Manager
01508 533791, ehodds@s-norfolk.gov.uk
Contact Officer, telephone
number, and e-mail:
1.
Background
1.1.
This report reflects progress made with regard to assignments featuring in the
approved Annual Internal Audit Plan for 2014/15, which was endorsed by the
Audit Committee on 17 March 2014.
2.
Overall Position
2.1.
The overall position in relation to the progress made against the Internal Audit
Plan is within the attached report.
3.
Conclusion
3.1
Progress in relation to delivery of the Internal Audit Plan is line with expectations
with the audit plan now being complete; positive assurances have been awarded
in the five audit reviews finalised in this period.
4.
Recommendation
4.1
It is recommended that the Committee notes the outcome of the audits
completed between 6 March and 2 April 2015 where assurance levels have been
given and the conclusion of the annual audit plan for 2014/15
Appendices attached to this report:
Progress Report on Internal Audit Activity
9
Eastern Internal Audit Services
NORTH NORFOLK DISTRICT COUNCIL
Progress Report on Internal Audit Activity
Period Covered: 6 March 2015 to 2 April 2015
Responsible Officer: Emma Hodds – Internal Audit Consortium Manager (IACM)
CONTENTS
1. INTRODUCTION ............................................................................................................. 2
2. SIGNIFICANT CHANGES TO THE APPROVED AUDIT PLAN ...................................... 2
3. PROGRESS MADE IN DELIVERING THE AGREED AUDIT WORK ............................. 2
4. THE OUTCOMES ARISING FROM OUR WORK ........................................................... 2
5. PERFORMANCE INDICATOR OUTCOMES .................................................................. 4
APPENDIX 1 – PROGRESS IN COMPLETING THE AGREED AUDIT WORK .................. 5
APPENDIX 2 – AUDIT REPORT EXECUTIVE SUMMARIES ............................................. 7
Page 1 of 18
10
1.
INTRODUCTION
1.1
This report is issued to assist the Authority in discharging its responsibilities in relation to the
internal audit activity.
1.2
The Public Sector Internal Audit Standards also require the Chief Audit Executive (known in
this context as the Internal Audit Consortium Manager) to report to the Audit Committee on
the performance of internal audit relative to its plan, including any significant risk exposures
and control issues. The frequency of reporting and the specific content are for the Authority
to determine.
1.3
To comply with the above this report includes:



Any significant changes to the approved Audit Plan;
Progress made in delivering the agreed audits for the year;
Any significant outcomes arising from those audits; and
Performance Indicator outcomes to date.
2.
SIGNIFICANT CHANGES TO THE APPROVED AUDIT PLAN
2.1
At the meeting on 17 March 2014, the Annual Audit Plan for the year was approved,
identifying the specific audits to be delivered. A change was made to the plan and was
reported to the Committee at the previous meeting, since then there have been no further
changes.
3.
PROGRESS MADE IN DELIVERING THE AGREED AUDIT WORK
3.1
The current position in completing audits to date within the financial year is shown in
Appendix 1 and highlights completion of the 2014/15 annual internal audit plan
4.
THE OUTCOMES ARISING FROM OUR WORK
4.1
On completion of each individual audit an assurance level is awarded using the definitions
shown in the table below.
Good
There is a sound system of internal control designed to achieve the
client’s objectives.
The control processes tested are being consistently applied.
Adequate
While there is a basically sound system of internal control, there are
weaknesses, which put some of the client’s objectives at risk.
There is evidence that the level of non-compliance with some of the
control processes may put some of the client’s objectives at risk.
Limited
Weaknesses in the system of internal controls are such as to put the
client’s objectives at risk.
The level of non-compliance puts the client’s objectives at risk
Unsatisfactory
Control processes are generally weak leaving the processes/systems
open to significant error or abuse.
Significant non-compliance with basic control processes leaves the
processes/systems open to error or abuse
Page 2 of 18
11
4.2
4.3
Recommendations made on completion of audit work are prioritised using the definitions
shown in the table below.
High
A fundamental weakness in the system that puts the Council at risk. To be
addressed as a matter of urgency, within a 3 month time frame wherever
possible, or, to put in place compensating controls to mitigate the risk identified
until such time as full implementation of the recommendation can be achieved.
Medium
A weakness within the system that leaves the system open to risk. To be
resolved within a 4 – 6 month timescale.
Low
Desirable improvement to the system. To be introduced within a 7 – 9 month
period.
During the period covered by the report Internal Audit Services have issued five final reports
and the Executive Summary of these reports are attached at Appendix 2. In summary the
final reports issued conclude the following:

NN/15/08 Payroll and Human Resources
This is a regular audit which reviews the key controls within Payroll and Human
Resources, and also those areas requested by management, which this year was;
officer and member expenses.
The audit raised three risks which needed mitigating by management, with agreed
action already implemented to address these in relation to; user access rights to the
system, appraisal process and update to assurance statements to include driver
documentation checks. The audit concluded with an Adequate assurance opinion.

NN/15/11 Creditors
This is a regular audit which reviews the key controls within Creditors, and this year
also reviewed corporate credit cards, insurance and compliance with recent HMRC
guidance regarding the use of contractors, self employed persons and casual staff.
The audit concluded with an Adequate assurance opinion, and five medium priority
recommendations agreed with management. Three of these have since been
implemented with the remaining two recommendations relating to; HMRC compliance
to ensure guidance is put in place for Self-employed Contractors and Consultants
and that formal check of these are adopted. Work is in progress to implement these
early in 2015/16.

NN/15/12 Elections and Electoral Registration
This audit reviewed the system in place for the elections team, specifically in relation
to; election administration; postal votes; and Individual Electoral Registration.
A Good assurance opinion was awarded on conclusion of the review, with many
areas across the scope where sound controls were found to be in place and
operating consistently. No recommendations were raised.

NN/15/13 Work to Support the AGS
This audit is undertaken annually and reviews the key controls within the fundamental
financial systems that inform the Statement of Accounts for year end. The audit has
reviewed those systems that were not separately reviewed within year, and also
Page 3 of 18
12
carries out top up testing for those areas that were, as appropriate. Positive
assurances were concluded in all areas and only one low priority recommendation
was raised and agreed with management.

NN/1/5/17 Firewalls
The scope of this IT audit covered: firewall administration; firewall architecture;
firewall change control; firewall rules and services; firewall OS and patch
management; firewall backup and resilience; intrusion detection; logging and
monitoring; and penetration testing.
On conclusion of the review two medium recommendations were agreed with
management to improve firewall administrator account password controls and to
enable alerts/reporting for management review. A further two low priority
recommendations were agreed to provide enhancements to the current system. An
Adequate assurance opinion was awarded.
4.4
No high priority recommendations have been raised during the period covered by this report.
4.5
It is also pleasing to note that all audits concluded in a positive opinion being awarded,
indicating a strong and stable control environment to date, with no issues that would need to
be considered at year end and included in the Annual Governance Statement.
5.
PERFORMANCE INDICATOR OUTCOMES
5.1
The Internal Audit Service is benchmarked against a number of Performance Indicators as
part of the Internal Audit Contract with Mazars. Actual performance to date against these
targets is outlined below.
5.2
Audit briefs should be issued 10 days in advance of an audit commencing, and for 63% of
audits this target was met.
Once underway, 88% of audits were completed on time, with reasons for the minor overruns
being notified to the Internal Audit Consortium Manager.
Draft reports should be issued within 15 working days of completion of the audit, with only
63% of reports meeting this deadline. Reasons for these delays have been reported to the
Committee previously, and relate to the resourcing issues experienced in the second half of
the contract with Mazars.
Finally, final report should be issued with 10 working days of issue of the draft report, and for
81% of the audits this was achieved. There have been a few issues in getting management
responses to recommendations, and the introduction of exit meetings under the new contract
should alleviate this issue.
5.3
On conclusion of all audits a feedback survey is issued to the key client. The survey asks for
responses in relation to; audit staff, audit planning, delivery of the audit and audit reporting.
On completion an overall score of poor (1) through to excellent (6) is reported. To date 10
surveys have been completed and an average score of good (5) achieved.
5.4
However, as mentioned in the previous progress report the balanced scorecard approach
which will be taken in monitoring the contractor’s performance from 1 April 2015. This brings
with it a much more practical approach to performance management and one which will
ensure a high quality service is provided by the contractor.
Page 4 of 18
13
APPENDIX 1 – PROGRESS IN COMPLETING THE AGREED AUDIT WORK
Audit No.
Description of Audit
Frequency of
Audit
Coverage
Original
Days
Planned
Revised
Days
Scheduling
Days
Delivered
Planned
Status
Assurance
Level
applicable
Summary Report
Details presented to
Members
Final Report issued 20 August
2014
Final Report issued 2 October
2014
Final Report issued 4
September 2014
Final Report issued 4
September 2014
Final report issued 11
December 2014
Adequate
Audit Committee
16 September 2014
Audit Committee
9 December 2014
Audit Committee
16 September 2014
Audit Committee
16 September 2014
Audit Committee
17 March 2015
Final Report issued 30
October 2014
November Final report issued 27 January
2015
November Final Report issued 26 March
February 2015
December Final Report issued 27
February 2015
January
Adequate
PLANNED SYSTEMS AUDIT WORK
NN/1501
Coastal Protection
3-yearly
10
10
10
June
NN/1502
Procurement
3-yearly
10
10
10
July
NN/1503
Development Management
3-yearly
22
22
22
July
NN/1504
Performance Management, Corporate
Policy and Business Planning
Localism & Communities, including
focus on Big Society Fund Grant
Scheme
Sports halls/leisure centres & Sports
Development
Local C Tax Support, Housing benefits
2-yearly
10
10
10
July
2-yearly
10
10
10
October
3-yearly
12
12
12
October
2-yearly
20
20
20
Payroll & HR, officers'/members'
expenses
Council Tax and NNDR
2-yearly
19
19
19
2-yearly
20
20
20
Annual
8
0
0
2-yearly
13
13
13
January
NN/1512
Corporate Governance and Risk
Management
Creditors - Ordering, payments,
insurance
Elections & Electoral Registration
3-yearly
12
12
12
January
NN/1513
Work to Support the AGS
Annual
10
10
10
February
Annual
8
184
8
176
8
176
100%
NN/1505
NN/1506
NN/1507
NN/1508
NN/1509
NN/1510
NN/1511
Systems Audit Follow Up
TOTAL PLANNED SYSTEMS AUDIT WORK
Page 5 of 18
14
Final Report issued 26 March
2015
Final Report issued 2 April
2015
Final Report issued 30 March
2015
2 x 6-monthly validation
Adequate
Adequate
Good
Adequate
Adequate
Adequate
Good
Adequate
Good
various
Audit Committee,
9 December 2014
Audit Committee
17 March 2015
Audit Committee
16 June 2015
Audit Committee
17 March 2015
Audit Committee
16 June 2015
Audit Committee
16 June 2015
Audit Committee
16 June 2015
PLANNED COMPUTER AUDIT WORK
NN/15/14 Network Infrastructure
2-yearly
7
7
7
NN/15/15
Network security
2-yearly
8
8
8
NN/15/16
Virus protection/Software
3-yearly
8
8
8
NN/15/17
Firewalls
4-yearly
7
7
7
Annual
4
34
4
34
4
34
218
210
210
0
0
0
218
210
210
Computer Audit Follow Up
TOTAL PLANNED COMPUTER AUDIT WORK
TOTAL PLANNED WORK
April
Final Report issued 28 May
2014
June
Final Report issued 13 August
2014
November Final Report issued 16
December 2014
December Final Report issued 17 March
2015
2 x 6-monthly validation
100%
100%
EXTRA WORK REQUESTED
TOTAL OF EXTRA WORK UNDERTAKEN
GRAND WORK TOTAL
Page 6 of 18
15
100%
Limited
Adequate
Adequate
Adequate
Audit Committee
16 September 2014
Audit Committee
16 September 2014
Audit Committee
17 March 2015
Audit Committee
16 June 2015
APPENDIX 2 – AUDIT REPORT EXECUTIVE SUMMARIES
Appendix 2(a)
Report No. NN/15/08 – Final Report issued 26 March 2015
Audit Report on Payroll and Human Resources
Audit Scope
The scope of the audit covered the effectiveness and efficiency of controls operating around:



Payroll (including; HMRC compliance, payment processing and reconciliations);
Human Resources (including staff verification checks*, staff appraisals and sickness monitoring); and
Officers’ and Member Expenses.
*To avoid duplication, it was agreed with the Head of Organisational Development to exclude coverage of
Disclosure and Barring Service (DBS) checks since this was covered in the audit of Sports Halls (NN/15/06 –
issued 30th October 2014). This included a recommendation for staff to be subject to regular checks and for
improved monitoring thereof. The recommendation was accepted by the Community Sports Manager with a
deadline for implementation of 31st January 2015. The Internal Audit Consortium Manager provided an ad hoc
report to the Audit Committee in March 2015 which confirmed the implementation of this recommendation.
Assurance Opinion
Unsatisfactory
Assurance
Limited Assurance
Adequate Assurance
Good Assurance
Rationale supporting the award of the opinion
The systems and processes of internal control are, overall, deemed adequate in managing the risks
associated with Payroll, HR and Officers’ and Member’ Expenses. This opinion is based on having raised
three medium priority recommendations. The level of assurance has remained the same since the previous
audit undertaken for this area; hence the direction of travel remains unchanged.
The medium priority recommendations relate to the need to ensure that user access rights to the payroll
system are subject to regular review, to ensure that HR maintain an accurate record of staff appraisal
completion and to ensure assurance is given by Heads of Service that relevant staff members have valid and
up to date drivers documents for using their vehicles whilst on official Council business. In the latter case,
management have since taken steps to add this requirement to the 2014 / 15 Assurance Statement due for
completion in April 2015.
Positive Findings
We found that the Council has demonstrated the following areas where sound controls are in place and
operating consistently:
Payroll





HMRC rules and regulations are understood, complied with and made available to all relevant staff;
Up to date written procedures, available to all staff, are in place covering operational processes of the
payroll system;
HR notifies payroll of all starters, leavers and amendments which are checked for accuracy and input
onto the payroll system;
Establishment checks are undertaken with any changes to the establishment justified and approved;
Reconciliations between the payroll system and the general ledger are promptly completed and
independently reviewed;
Page 7 of 18
16




Differences in pay greater than the agreed threshold level from the previous month are subject to
review;
Payment totals are checked before the payroll run is authorised;
BACS payments are checked for accuracy and independently processed;
Third party payments are reviewed, checked and authorised prior to payment;
Human Resources





A valid and accessible Sickness Absence Policy is in place which details measures taken for short
and long term absences;
Sickness absence is monitored and reported to key managers;
Sickness absence across the Council is reviewed regularly by senior management, including long
term sickness cases, which are monitored and followed up regularly by HR staff;
Return to work interviews are carried out and formally documented;
Overtime claims are in accordance with Council policy and are authorised;
Officers’ and Members’ Expenses



HMRC rules regarding the VAT on mileage claims are adhered to;
Expense claims are verified, supported by relevant documentation, checked to prevent duplication
and authorised; and
Travel claims are promptly submitted with supporting documentation.
Control weaknesses to be addressed
During our work we have identified the following areas where processes within Payroll and HR would benefit
from being strengthened, and as a result, three medium priority recommendations have been made:

Regular reviews of the user access rights to the payroll system should be undertaken. Where regular
reviews of access rights do not take place, there is a risk of unauthorised changes to payroll data,
leading to financial and reputational damage to the Council.

HR should be provided with and retain evidence to confirm that all staff have been subject to mid and
year end appraisals. Where this information is not forthcoming, details should be provided to the
Corporate Leadership Team in order that they can liaise with their respective Heads of Service over
those that are missing. Where appraisal documentation is not retained on file, assurances cannot be
given that appraisals have actually been competed. Therefore there is a risk that staff have not met
their objectives nor justify potential salary increases.

Assurance Statements provided for the Annual Governance Statement should be amended to require
Heads of Service to acknowledge the responsibility and the importance in undertaking reviews on
staff driver documentation where they are required, as stipulated in the Driver Safety and Policy
Handbook. Where driver’s documents are not reviewed and the driver is involved in an accident or
other driving offence whilst on official Council business, there is a risk of potential legal claims against
the Council, including for corporate manslaughter, leading to financial loss and reputational damage to
the Council.
We also made one observation where the risks imposed remain outstanding. However, the Council has
endeavoured to accept such risks as a result of the potential operational impact of implementing the controls;
in particular, we found that a review of the entitlement over the continued receipt of car mileage allowance for
staff has not been undertaken for the current financial year. This review was last undertaken in 2013 and is
planned to be undertaken in April 2015. In addition to this, the current travel policy will be reviewed, requiring
car mileage allowance review every two years as opposed to annually, at present. The risk of staff claiming
car mileage where ineligibility may arise is accepted by the Council in light of the low likelihood of staff
requiring a review of their car mileage allowance without their circumstances qualifying for automatic review
by HR.
Page 8 of 18
17
Summary of the adequacy and effectiveness of controls
Area of
Scope
Adequacy and
Effectiveness
Assessments
Payroll
Human
Resources
Officers’ and
Members’
Expenses
Adequacy
of
Controls
Effectiveness
of Controls
Green
Amber
High
-
Medium
1
Low
-
Green
Amber
-
1
-
Green
Amber
-
1
-
0
3
0
Total
Recommendations Raised
High Priority Recommendations
No high priority recommendations have been raised as a result of this audit
Management Responses
Management have accepted the recommendations raised.
Page 9 of 18
18
Appendix 2(b)
Report No. NN/15/11 – Final Report issued 26 March 2015
Audit Report on Creditors
Audit Scope
The scope of the audit covered the effectiveness and efficiency of controls operating around:





Policy, Procedure and Systems (Related to the associated areas detailed below);
Ordering;
Creditors;
Corporate Purchasing Cards; and
Insurances.
Assurance Opinion
Unsatisfactory
Assurance
Limited Assurance
Adequate Assurance
Good Assurance
Rationale supporting the award of the opinion
The systems and processes of internal control are, overall, deemed Adequate in managing the risks
associated with Creditors - Electronic Ordering, Payments, Corporate Purchasing Cards and Insurances. This
opinion is based on having raised five medium recommendations. The level of assurance has remained the
same since the previous audit undertaken for this area; hence the direction of travel remains unchanged.
The medium priority recommendations relate to; the need to check that all payments to consultants and
casual workers have been made in line with HMRC requirements; ensuring that specific procedures are in
place for the payment of consultants and casual workers to reflect the HMRC requirements; to confirm that all
requests for a change in creditor payment details are supported by evidence that the creditor has been
contacted to confirm the validity of the request; ensuring that all Corporate Purchasing Card monthly
reconciliations are checked and authorised for approved purchases only; and ensuring that all evidence is
retained for all purchases made on Corporate Purchasing Cards.
Two further potential control weaknesses were identified where recommendations have not been raised, with
management willing to accept the associated risks, in particular, restriction of expenditure to the agreed
budget not being utilised and the continued use of manual order books.
Positive Findings
We found that the Council has demonstrated the following areas where sound controls are in place and
operating consistently:








Segregation of duties exists between the raising of purchase orders and approval of invoice for
payment with access levels aligned to officers’ delegated levels of responsibility. Confirmation is
obtained of goods received;
Authorised purchase orders can only be placed using suppliers already established within the system;
Invoices are promptly processed with processing times continually monitored;
BACS payments are checked for accuracy and independently authorised;
Reconciliations are promptly completed between the creditors control account and the general ledger;
Corporate Purchasing Cards are securely held with restricted access and supported with up to date
guidance on their usage;
Online purchases via Corporate Purchasing Cards are only made via secure sites;
Arrangements are in place to confirm that the Council’s assets are adequately insured which is
subject to review at regular intervals;
Page 10 of 18
19


Insurance arrangements are subject to review demonstrating value for money is being achieved when
placing cover; and
All claims are recorded and submitted to the Authority’s insurers in accordance with set timescales.
Control weaknesses to be addressed
During our work we have identified the following areas where processes in Creditors would benefit from being
strengthened, and as a result, five medium priority recommendations have been made:

The Council should check that all individuals (Self-employed Consultants, Contractors and Casual
Workers) paid via the creditors system provide the requisite evidence of their compliance with HMRC
requirements with regards declaring income tax and National Insurance liabilities. This should include
their Unique Taxpayer Reference (UTR) to be supplied prior to any payments being made. The
Council should also routinely run reports (supplier listings) to identify any potential instances of noncompliance with HMRC requirements. If the Council fails to confirm the employment status of all
persons working for the Council on a self-employed basis, there is a risk that the HMRC will impose
retrospective settlements of income tax and National Insurance payments and an additional penalty of
up to 100% of the Income tax and National Insurance payable and any interest payable. The risk of
such penalties would be compounded with HMRC checks covering the previous four to six-year
period. Such action would have a financial and reputational impact on the Council.

The Council should formally adopt procedural guidance which stipulates the requirement for selfemployed consultants, contractors and casual workers, to provide evidence of their employment
status in order for the Council to comply with HMRC requirements, before they are engaged. Where
written guidance does not provide for the need to obtain confirmation, the Council will fail to seek the
requisite information and therefore be in breach of its statutory tax requirements.

All requests for a change in creditor payment details should be supported by retained evidence that
the creditor has been contacted by telephone, on the original creditor details, prior to the change in
order to confirm the validity of the request. Where checks of legitimate change of payment details are
not carried out, there is a risk that the Council will not detect fraudulent activity, resulting in financial
loss to the Council.

All Corporate Purchasing Card monthly reconciliations should be checked and authorised for
approved purchases only. Where purchases on Corporate Purchasing Card monthly reconciliations
are not checked and authorised, there is a risk that inappropriate or unauthorised goods and or
services will be purchased resulting in financial loss to the Council.

All supporting evidence, in the form of receipts and invoices, and reasoning should be retained for all
purchases made on Corporate Purchasing Cards. Where supporting evidence is not retained, there is
a risk that not all expenditure is legitimate, thereby resulting in financial loss to the Council.
We also made two observations where the risks imposed remain outstanding. However, the Council has
endeavoured to accept such risks as a result of the potential operational impact of implementing the controls:

We found that a function is available on the Efinancials purchase order system, which can be linked to
the budget in order to impose an automated restriction on placing a purchase order if it would result in
an overspend for the department. However this function has not been switched on due to the fact that
an entire module of Efinancials would have to be enabled but would otherwise not be used.
The continual maintenance of such a module would put extra resource strain on the department. This was
raised in the previous audit NN/13/10 however, the Council has accepted that the risks associated with this
rest with the managers and any overspends are identified through retrospective budget monitoring.

We also found that the raising of manual orders is currently still being undertaken using manual,
paper based purchase order books. Using an electronic tablet based purchase order process will
allow all purchase orders to be raised by the Council in electronic format, thus linking to the
Efinancials system providing a clear audit trail for raising and authorisation of orders and the ability to
link this process to the control of the budget. In addition, security is provided due to each electronic
tablet being password protected.
Page 11 of 18
20
However, it has been identified that Council sees no substantial risk and no direct or immediate requirement
for the implementation of electronic tablets to be given to workers instead of manual order books.
Summary of the adequacy and effectiveness of controls
Area of
Scope
Adequacy and
Effectiveness
Assessments
Policy,
Procedure and
Systems
Ordering
Creditors
Corporate
Purchasing
Cards
Insurances
Adequacy
of
Controls
Effectiveness
of Controls
Recommendations Raised
High
Medium
Low
Green
Amber
-
2
-
Green
Green
Amber*
Amber
-
1
-
Green
Amber
-
2
-
Green
Green
-
-
-
0
5
0
Total
High Priority Recommendations
No high priority recommendations have been raised as a result of this audit
Management Responses
Management have accepted the recommendations raised.
Page 12 of 18
21
Appendix 2(c)
Report No. NN/15/12 – Final Report issued 2 April 2015
Audit Report on Elections and Electoral Registration
Audit Scope
The scope of the audit covered the effectiveness and efficiency of controls operating around:



Election Administration;
Postal Votes; and
Individual Electoral Registration.
Assurance Opinion
Unsatisfactory
Assurance
Limited Assurance
Adequate Assurance
Good Assurance
Rationale supporting the award of the opinion
The systems and processes of internal control are, overall, deemed good in managing the risks associated
with Elections and Electoral Administration. This opinion is based on having raised no recommendations and
with the Council having introduced improved controls for accounting / recovering elections costs from the
Returning Officer. The level of assurance has improved since the previous audit undertaken for this area;
hence the direction of travel is positive.
Positive Findings
We found that the Council has demonstrated the following areas where sound controls are in place and
operating consistently:
Election Administration




Training is in place for all staff involved in administering elections;
Election costs are effectively monitored and controlled with variances investigated;
Election costs are recovered where appropriate; and
Required statutory returns are completed.
Postal Votes




Records of postal voters are retained;
Postal votes are processed in accordance with statutes with applications acknowledged in writing;
Postal voters whose votes failed verification checks are duly notified as to the reasons why; and
Proxy voters are verified.
Individual Electoral Registration






The Council has engaged fully with Central Government to confirm electoral registration data and
RAG ratings from DWP data;
All Red and Amber matches undergo an automatic local data match on return from central matching;
All confirmed Green-classified electors are informed by letter;
Electors whose details still cannot be verified following local data match are contacted by letter and if
necessary canvassed to facilitate registration;
Access to the electoral system is controlled with access granted at required levels; and
Data from the system is backed up daily and backups are verified to confirm it has worked.
Page 13 of 18
22
Control weaknesses to be addressed
Prior to our fieldwork, issues with the reimbursement of elections expenditure from the Returning Officer’s
Bank Account were resolved with the Returning Officer Bank Account closing from the 2nd of February 2015
and separate accounting arrangements put in place.
Summary of the adequacy and effectiveness of controls
Area of
Scope
Adequacy and
Effectiveness
Assessments
Election
Administration
Postal Votes
Individual
Electoral
Registration
Adequacy
of
Controls
Effectiveness
of Controls
Recommendations Raised
High
Medium
Low
Green
Green
-
-
-
Green
Green
-
-
-
Green
Green
-
-
-
0
0
0
Total
No recommendations were raised on conclusion of this audit.
Page 14 of 18
23
Appendix 2(d)
Report No. NN/15/13 – Final Report issued 30 March 2015
Audit Report on Work to Support the Annual Governance Statement
Assurance Opinions
Key System
Fixed Assets
General Ledger
Debtors/Accounts
Receivable
Cash
and
Treasury
Management
Budgetary Control
Car Parks Income
Housing Benefits and
Council Tax Benefits
Covered
2014/15
No
No
No
No
No
No
Yes
Payroll
Yes
Council Tax and NationalNon Domestic Rates
Yes
Accounts Payable
Yes
in
Date
Review
of
Audit Ref.
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
November
2014
February /
March 2015
January 2015
Opinion
No. of recs
Adequate
Adequate
1*
0
Adequate
0
Adequate
0
N/A
N/A
Adequate
Adequate
0
0
NN/15/07
Adequate
1
NN/15//08
Adequate
3
NN/15/09
Adequate
0
Adequate
5
Adequate
0
January /
February
NN/15/11
2015
Assurance Framework
No
N/A
N/A
* Denotes additional recommendation made in this AGS report.
Key Controls Testing
There are a number of key controls within the fundamental financial systems that the Internal Audit
Consortium Manager requires to be covered by Internal Audit each financial year.
Under the agreed Internal Audit Plan for 2014/15, a number of these material systems have been reported on
in detail and those key controls have been addressed in each system reviewed. Recommendations have been
raised in these individual audit reports and the issues identified in this report should be viewed in conjunction
with those reports. This report provides the top-up testing for these material systems, thus ensuring the
systems are subject to full year testing.
In addition, the controls in the material systems that were not covered as part of the agreed Internal Audit Plan
for 2014/15 have also been reviewed.
During the Internal Audit review the following area has been identified where processes/arrangements within
Asset Management would benefit from being strengthened and as a result of this, one low priority
recommendation has been made, in particular, to update the Council’s Disposal, Investment and Acquisition
Policy.
It is also worth noting that all journals under the value of £100k are not subject to authorisation. The issue of
self-authorising journals below £100k has been raised previously by Internal Audit with management willing to
accept the associated risks; therefore no further recommendation has been raised. Journals over the value of
£100k are approved by the Head of Finance or the Chief Accountant.
Assurance Framework Arrangements
Assurance statements are issued to managers to provide assurance over the areas of their responsibility.
Administration of the assurance statement process is undertaken by the Policy and Performance Management
Officer. A sample of five assurance statements for 2014/15 was tested to confirm whether managers had
Page 15 of 18
24
provided comments or details of evidence to support the assertions made within their assurance statement.
We identified that in all five cases, all requisite information had been provided.
Through our audit of Payroll and Human Resources (NN/15/08), we have made a recommendation for an
enhancement to the 2014/15 Assurance Statements to include manager’s responsibility to check drivers’
details i.e. Road Tax, Insurance and MOT, where applicable, for those staff using their vehicles for official
Council business. We have received confirmation that this has been added to the 2014/15 statements.
Page 16 of 18
25
Appendix 2(e)
Report No. NN/15/17 – Final Report issued 17 March 2015
Audit Report on Firewalls
Audit Scope
The audit looked at:
 Firewall administration;
 Firewall architecture;
 Firewall change control;
 Firewall rules and services;
 Firewall OS and patch management;
 Firewall backup and resilience;
 Intrusion detection;
 Logging and monitoring; and
 Penetration testing.
Assurance Opinion
Unsatisfactory
Assurance
Limited Assurance
Adequate Assurance
Good Assurance
Rationale supporting the award of the opinion
The systems and processes of internal control are, overall, deemed adequate in managing the risks
associated with Firewall Administration. This opinion is based on having raised two medium and two low
priority recommendations, with the medium recommendations raised to improve firewall administrator account
password controls and to enable alerts/reporting for management review.
Positive Findings
We found that the Council has demonstrated the following points of good practice as identified in this review:











Responsibility for firewall administration is defined, including support for absence, etc.;
The firewall infrastructure is deemed adequate to protect all incoming and outgoing network traffic;
There are a limited number of firewall rules, which are subject to review whenever changes are made;
There is firewall resilience in place using an Active/Passive arrangement;
It is possible to test changes in one of the firewall appliances while leaving the other to protect the
network;
There are traffic filtering mechanisms in place, although these are external to the firewall infrastructure
itself;
Remote access is also managed adequately, although by other systems;
There are adequate Anti-Virus controls in place, although managed by separate systems;
Firewall configurations are regularly backed up;
The firewall incorporates an adequate Intrusion Prevention system; and
Penetration testing was noted as having been completed in late 2014 in preparation for the renewal of
the PSN compliance certificate.
Control weaknesses to be addressed
During our work we have identified the following area(s) where we believe that the processes / arrangement
for Firewall Administration would benefit from being strengthened and as a result of these findings medium
priority recommendations have been made.
Page 17 of 18
26


The three named firewall administration accounts should be configured so that the passwords are
required to be changed on a regular basis. Weak password controls increase the risk of security
vulnerabilities caused by inappropriate access to the firewall appliances; and
The available firewall monitoring blade should be configured to produce relevant exception alerts and
other reporting for management review. If alerts and reporting are not adequately configured, there is
an increased risk of unauthorised activity going undetected.
During our audit we have also raised two low priority recommendations which will provide enhancements to
the current system in relation to Firewall Administration.
It has been noted that there is an Information Security Incident Management Policy and Procedure document
that is currently being drafted and is awaiting formal signoff by senior management.
Summary of the adequacy and effectiveness of controls
Area of
Scope
Adequacy and
Effectiveness
Assessments
Firewall
Administration
Firewall
Architecture
Firewall
Change
Control
Firewall Rules
and Services
Firewall
OS
and
Patch
Management
Firewall
Backup
&
Resilience
Intrusion
Detection
Logging
&
Monitoring
Penetration
Testing
Adequacy
of
Controls
Effectiveness
of Controls
Recommendations Raised
High
Medium
Low
Amber
Amber
0
1
0
Green
Green
0
0
0
Amber
Amber
0
0
1
Green
Green
0
0
0
Amber
Amber
0
0
1
Green
Green
0
0
0
Green
Green
0
0
0
Amber
Amber
0
1
0
Green
Green
0
0
0
0
2
2
Total
High Priority Recommendations
No high priority recommendations have been raised as a result of this audit
Management Responses
Management have accepted the recommendation raised.
Page 18 of 18
27
Audit Committee
16 June 2015
Agenda Item No_____10________
Annual Report and Opinion 2014/15
Summary:
This report concludes on the Internal Audit Activity undertaken
during 2014/15, it provides an Annual Opinion concerning the
organisation’s framework of governance, risk management and
control and concludes on the Effectiveness of Internal Audit and
provides key information for the Annual Governance Statement.
Conclusions:
On the basis of Internal Audit work performed during 2014/15,
the Internal Audit Consortium Manager is able to give an
adequate opinion on the framework of governance, risk
management and control at North Norfolk District Council.
Recommendations:
1. Receive and consider the contents of the Annual Report
and Opinion of the Internal Audit Consortium Manager.
2. Note that an adequate audit opinion has been given in
relation to the framework of governance, risk
management and control for the year ended 31 March
2015.
3. Note that the opinions expressed together with significant
matters arising from internal audit work and contained
within this report should be given due consideration,
when developing and reviewing the Council’s Annual
Governance Statement for 2014/15.
4. Note the conclusions of the Review of the Effectiveness
of Internal Audit.
Cabinet member(s):
Ward(s) affected:
All
All
Emma Hodds, Internal Audit Consortium Manager
01508 533791, ehodds@s-norfolk.gov.uk
Contact Officer, telephone
number, and e-mail:
1.
1.1.
Background
In line with the Public Sector Internal Audit Standards, which came into force
from 1 April 2013; an annual opinion should be generated which concludes on
the overall adequacy and effectiveness of the organisation’s framework of
governance, risk management and control;



A summary of the work that supports the opinion should be submitted;
Reliance placed on other assurance providers should be recognised;
Any qualifications to that opinion, together with the reason for qualification
must be provided;
28
Audit Committee




1.2.
16 June 2015
There should be disclosure of any impairments or restriction to the scope
of the opinion;
There should be a comparison of actual audit work undertaken with
planned work;
The performance of internal audit against its performance measures and
targets should be summarised; and,
Any other issues considered relevant to the Annual Governance
Statement should be recorded.
This report now also contains conclusions on the Review of the Effectiveness of
Internal Audit, which includes;



The degree of conformance with the PSIAS and the results of any quality
assurance and improvement programme;
The outcomes of the performance indicators; and,
The degree of compliance with CIPFA’s Statement on the Role of the
Head of Internal Audit.
2.
Overall Position
2.1
The Annual Report and Opinion and the Review of the Effectiveness of Internal
Audit are shown in the report attached.
3.
Conclusion
3.1
On the basis of Internal Audit work performed during 2014/15, the Internal Audit
Consortium Manager is able to give an adequate opinion on the framework of
governance, risk management and control at North Norfolk District Council.
3.2
The outcomes of the Effectiveness Review confirm that Internal Audit:
 Is compliant with the Public Sector Internal Audit Standards;
 Is continually monitoring performance and looking for ways to improve;
and.
 Is complaint with CIPFA Statement on the Role of the Head of Internal
Audit in Public Service Organisations.
3.3
These findings therefore indicate that reliance can be placed on the opinions
expressed by the Internal Audit Consortium Manager, which can then be used to
inform the Council’s Annual Governance Statement.
4.
Recommendation
4.1
Consider and note the contents of the Annual Report and Opinion of the Internal
Audit Consortium Manager.
4.2
Note that an adequate audit opinion has been given in relation to the framework
of governance, risk management and control for the year ended 31 March 2015.
4.3
Note that the opinions expressed together with significant matters arising from
internal audit work and contained within this report should be given due
consideration, when developing and reviewing the Council’s Annual Governance
Statement for 2014/15.
4.4
Note the conclusions of the Review of the Effectiveness of Internal Audit.
Appendices attached to this report:
Progress Report on Internal Audit Activity 29
Eastern Internal Audit Services
NORTH NORFOLK DISTRICT COUNCIL
Annual Report and Opinion 2014/15
Responsible Officer: Emma Hodds – Internal Audit Consortium Manager
CONTENTS
1. INTRODUCTION ....................................................................................................... 2
2. ANNUAL OPINION OF THE IACM .......................................................................... 2
2.1
Roles and responsibilities .................................................................................... 2
2.2
The opinion itself.................................................................................................. 3
3. AUDIT WORK UNDERTAKEN DURING THE YEAR ............................................... 3
4. THIRD PARTY ASSURANCES ................................................................................ 3
5. ANNUAL REVIEW OF THE EFFECTIVENESS OF INTERNAL AUDIT ................... 4
APPENDIX1 – AUDIT WORK UNDERTAKEN DURING 2014/15 ................................ 6
APPENDIX 2 ASSURANCE CHART ............................................................................ 8
APPENDIX 3 – LIMITATIONS AND RESPONSIBILITIES.......................................... 10
Page 1 of 10
30
1.
INTRODUCTION
1.1
The Council is required by the Accounts and Audit Regulations 2011 to maintain an
adequate and effective system of internal audit of its accounting records and internal control
systems in accordance with proper internal audit practices. (The Regulations were recently
updated, which took effect from 1 April 2015, however these do not apply to this year end
opinion, and future opinions will be updated accordingly.) Those proper practices are set out
in the Public Sector Internal Audit Standards (PSIAS) which came into effect in April 2013.
1.2
Those standards require the Chief Audit Executive (known in this context as the IACM) to
provide a written report to those charged with governance (known in this context as the Audit
Committee) to support the Annual Governance Statement (AGS). This report must set out:
The opinion on the overall adequacy and effectiveness of the Council’s framework of
governance, risk management and control during 2014/15, together with reasons if
the opinion is unfavourable;

A summary of the internal audit work carried from which the opinion is derived, the
follow up of management action taken to ensure implementation of agreed action as
at financial year end and any reliance placed upon third party assurances;

Any issues that are deemed particularly relevant to the Annual Governance
Statement (AGS);

The Annual Review of the Effectiveness of Internal Audit, which includes; the level of
compliance with the PSIAS and the results of any quality assurance and
improvement programme, the outcomes of the performance indicators and the
degree of compliance with CIPFA’s Statement on the Role of the Head of Internal
Audit.
1.3
When considering this report, the statements made therein should be viewed as key items
which need to be used to inform the organisation’s Annual Governance Statement, but there
are also a number of other important sources to which the Audit Committee and statutory
officers of the Council should be looking to gain assurance. Moreover, in the course of
developing overarching audit opinions for the authority, it should be noted that the
assurances provided here, can never be absolute and therefore, only reasonable assurance
can be provided that there are no major weaknesses in the processes subject to internal
audit review. The annual opinion is thus subject to inherent limitations (covering both the
control environment and the assurance over controls) and these are examined more fully at
Appendix 3.
2.
ANNUAL OPINION OF THE IACM
2.1
Roles and responsibilities

The Council is responsible for establishing and maintaining appropriate risk
management processes, control systems, accounting records and governance
arrangements.

The AGS is an annual statement by the Leader of the Council and the Chief
Executive that records and publishes the Council’s governance arrangements.

An annual opinion is required on the overall adequacy and effectiveness of the
Council’s framework of governance, risk management and control, based upon and
limited to the audit work performed during the year.
This is achieved through the delivery of the risk based Annual Internal Audit Plan discussed
and approved with Corporate Leadership Team and key stakeholders and then approved by
the Audit Committee at its meeting on 17 March 2015. Any justifiable amendments that are
requested during the year are discussed and agreed with senior management and reported
Page 2 of 10
31
to the Audit Committee as part of the regular Progress Reports on Internal Audit Activity.
This opinion does not imply that internal audit has reviewed all risks and assurances, but it is
one component to be taken into account during the preparation of the AGS.
The Audit Committee should consider this opinion, together with any assurances from
management, its own knowledge of the Council and any assurances received throughout the
year from other review bodies such as the external auditor.
2.2
The opinion itself

The overall opinion is that the framework of governance, risk management and
control at North Norfolk District Council is deemed to be adequate, with three good
assurances awarded in year in relation to; Performance Management, Corporate
Policy & Business Planning, Council Tax & National Non-Domestic Rates and
Elections & Electoral Registration.

In providing the opinion the Council’s risk management framework and supporting
processes, the relative materiality of the issues arising from the internal audit work
during the year and management’s progress in addressing any control weaknesses
identified therefrom have been taken into account.

The opinion has been discussed with the Section 151 Officer prior to publication.
3.
AUDIT WORK UNDERTAKEN DURING THE YEAR
3.1
Appendix 1 records the internal audit work delivered during the year on which the opinion is
based. Detailed findings, conclusions and agreed management actions can be provided
upon request. In addition Appendix 2 is attached which shows the assurances provided
over previous financial years to provide an overall picture of the control environment.
3.2
The Audit Committee approved the Annual Audit Plan for 2014/15, which encompassed 17
audits totalling 218 days of work. Due to amendments to the plan in year, which were
discussed with Senior Management and reported to the Audit Committee in the Progress
Reports provided in year, the actual work delivered was 16 audits, equating to 210 days.
3.3
Internal audit work is divided into 4 broad categories;

Annual opinion audits;

Fundamental financial systems that underpin the Council’s financial processing and
reporting;

Other systems identified as worthy of review by the risk assessment processes within
internal audit;

Significant computer systems which provide the capability to administer and control
the Council’s main activities.
3.4
In relation to the follow up of management actions to ensure that they have been effectively
implemented the position at year end is that the two high priority recommendations (Network
Infrastructure) raised within year were implemented by management thus addressing the
control issues highlighted within the report. The year end position shows that management
have taken action in respect of 55 recommendations, with only 10 remaining outstanding at
year end. There are no high priority recommendations outstanding at year end.
3.5
Internal Audit work has not identified any weaknesses that are significant enough for
disclosure within the Annual Governance Statement.
4.
THIRD PARTY ASSURANCES
4.1
In arriving at the overall opinion reliance has not been placed on any third party assurances.
Page 3 of 10
32
5.
ANNUAL REVIEW OF THE EFFECTIVENESS OF INTERNAL AUDIT
5.1
Degree of compliance with Public Sector Internal Audit Standards (PSIAS)
5.1.1
A checklist for conformance with the PSIAS and the Local Government Application Note has
been completed for 2014/15. This covers; the Definition of Internal Auditing, the Code of
Ethics and the Standards themselves.
5.1.2
The Attribute Standards address the characteristics of organisations and parties performing
Internal Audit activities, in particular; Purpose, Authority and Responsibility, Independence
and Objectivity, Proficiency and Due Professional Care, and Quality Assurance and
Improvement Programme (which includes both internal and external assessment).
5.1.3
The Performance Standards describe the nature of Internal Audit activities and provide
quality criteria against which the performance of these services can be evaluated, in
particular; Managing the Internal Audit Activity, Nature of Work, Engagement Planning,
Performing the Engagement, Communicating Results, Monitoring Progress and
Communicating the Acceptance of Risks.
5.1.4
On conclusion of completion of the checklist full conformance has been ascertained in
relation to the Definition of Internal Auditing, the Code of Ethics and the Performance
Standards.
5.1.5
In relation to the Attribute Standards it is recognised that in order to achieve full conformance
an external assessment is required. This must be done within 5 years of the PSIAS coming
into force, i.e. 31 March 2018. As part of the new contract with TIAA Ltd for the provision of
Internal Audit Services it has been agreed that this will be undertaken in January 2016, with
the results being shared with the IACM.
5.1.6
In relation to the Quality Assurance and Improvement Programme, internal assessments are
undertaken on a regular basis and performance is regularly assessed and reported upon, in
relation to the contractor.
5.1.7
The detailed checklist has been forwarded to the Head of Finance for independent scrutiny
and verification.
5.2
Performance Indicator outcomes
5.2.1
The Internal Audit Service is benchmarked against a number of performance indicators as
agreed by the Audit Committee. Actual performance against these targets for the financial
year is outline below:
5.2.2
Audit briefs should be issued 10 days in advance of an audit commencing, and for 63% of
audits this target was met.
Once underway, 88% of audits were completed on time, with reasons for the minor overruns
being notified to the Internal Audit Consortium Manager.
Draft reports should be issued within 15 working days of completion of the audit, with only
63% of reports meeting this deadline. Reasons for these delays have been reported to the
Committee previously, and relate to the resourcing issues experienced in the second half of
the contract with Mazars.
Finally, final report should be issued with 10 working days of issue of the draft report, and for
81% of the audits this was achieved. There have been a few issues in getting management
responses to recommendations, and the introduction of exit meetings under the new contract
should alleviate this issue.
5.2.3
On conclusion of all audits a feedback survey is issued to the key client. The survey asks for
responses in relation to; audit staff, audit planning, delivery of the audit and audit reporting.
On completion an overall score of poor (1) through to excellent (6) is reported. To date 10
surveys have been completed and an average score of good (5) achieved.
Page 4 of 10
33
5.2.4
However, the balanced scorecard approach which will be taken in monitoring the
contractor’s performance from 1 April 2015. This brings with it a much more practical
approach to performance management and one which will ensure a high quality service is
provided by the contractor.
5.3
Effectiveness of the Head of Internal Audit (HIA) arrangements as measured against
the CIPFA Role of the HIA
5.3.1
This Statement sets out the 5 principles that define the core activities and behaviours that
apply to the role of the Head of Internal Audit, and the organisational arrangements to
support them. The Principles are:





Champion best practice in governance, objectively assessing the adequacy of
governance and management of risks;
Give an objective and evidence based opinion on all aspects of governance, risk
management and internal control;
Undertake regular and open engagement across the Authority, particularly with the
Management Team and the Audit Committee;
Lead and direct an Internal Audit Service that is resourced to be fit for purpose; and
Head of Internal Audit to be professionally qualified and suitably experienced.
5.3.2 Completion of the checklist confirms full compliance with the CIPFA guidance on the Role of
the Head of Internal Audit in relation to the 5 principles set out within.
5.3.3 The detailed checklist has been forwarded to Head of Finance for independent scrutiny and
verification.
Page 5 of 10
34
APPENDIX1 – AUDIT WORK UNDERTAKEN DURING 2014/15
Description of the audit
Assurance
level awarded
Annual opinion audits
Work to Support the Annual Governance Statement – the assurance levels
shown here are in respect of these fundamental financial systems not
subject to full audit review during the year. For the remainder of those
systems please see the individual entries elsewhere in this table.
 Fixed Assets
 General Ledger
 Accounts Receivable (Sundry Debtors)
 Cash and Treasury Management
 Budgetary Control
 Car Parking Income
Adequate
Fundamental financial systems
Local Council Tax Support and Housing Benefit
Adequate
Payroll and Human Resources
Adequate
Council Tax and National Non-Domestic Rates
Good
Accounts Payable (Creditors)
Adequate
Other systems
Coastal Protection
Adequate
Procurement
Adequate
Development Management
Adequate
Performance Management, Corporate Policy and Business Planning
Good
Localism & Communities, including Big Society Fund
Adequate
Sports Halls
Adequate
Elections and Electoral Registration
Good
Computer systems
Network Infrastructure
Limited
Network Security
Adequate
Virus Protection
Adequate
Firewalls
Adequate
Assurance level definitions
Number
GOOD
There is a sound system of internal control
designed to achieve the client’s objectives.
The control processes tested are being consistently
applied.
Page 6 of 10
35
3
ADEQUATE
While there is a basically sound system of internal
control, there are weaknesses, which put some of
the client’s objectives at risk.
There is evidence that the level of non-compliance
with some of the control processes may put some
of the client’s objectives at risk.
12
LIMITED
Weaknesses in the system of internal controls are
such as to put the client’s objectives at risk.
The level of non-compliance puts the client’s
objectives at risk
1
UNSATISFACTORY
Control processes are generally weak leaving the
processes/systems open to significant error or
abuse.
Significant non-compliance with basic control
processes leaves the processes/systems open to
error or abuse
0
Page 7 of 10
36
APPENDIX 2 ASSURANCE CHART
2014-15
2011-12
2012-13
2013-14
Annual Opinion Audits
Corporate Governance and Risk Management
Adequate
Corporate Governance
Risk Management
AGS - Assurance Framework
X
Good
Adequate
Adequate
Key - AGS relates to Work to Support the preparation of the Annual Governance Statement. This work scrutinises key controls only, rather
than providing for an in-depth review of systems in their entirety and because of this, the type of assurance that we are able to give is
restricted to adequate or limited.
Fundamental Financial Systems
Sundry Debtors
AGS - Sundry Debtors
Remittances
AGS - Cash
Accountancy Services
Treasury Management, Control Accounts, Banking,
Asset Register, Budgetary Control and Journals
Limited
Adequate
Adequate
Bank Reconciliation
AGS - Fixed Assets
AGS - General Ledger
AGS - Treasury Management
AGS - Budgetary Control
Local Council Tax Support and Housing Benefits
AGS Local Council Tax Support and Housing Benefits
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Limited
Council Tax / NNDR
AGS Council Tax / NNDR
Exchequer/Creditors
AGS Exchequer/Creditors
Payroll / HR
AGS Payroll / HR
Revenues and Benefits Partnership - Data Transfer,
Governance and Risk
Limited
Adequate
Adequate
Adequate
Adequate
Main reception Adequate
TIC - Limited
Adequate
See below
Good
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Good
Adequate
Adequate
Head of Finance
Procurement
Partnerships
Adequate
Adequate
Adequate
Head of Economic and Community Development
Economic Growth
Coastal Management
Housing Strategy and Affordable Housing
Private Sector Housing and Disabled Facilities Grants
Adequate
Good
Good
Adequate
Adequate
Localism and Communities
Adequate
Head of Business Transformation and IT
Homelessness and Housing Options
Adequate
Head of Planning
Development Management, Planning, s106
Agreements, Community Infrastructure Levy and Land
Charges
Postponed to
2014/15
Page 8 of 10
37
Adequate
Head of Environmental Health
Waste Management
Environmental Health
Limited
Adequate
Adequate
Head of Assets and Leisure
Sports Halls/Centres
Leisure Complexes
Property Services
Parks and Open Spaces
Car Parking and Markets
AGS - Car Park Income
Adequate
Adequate
Limited
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Head of Organisational Development
Elections / Electoral Registration
Performance Management, Corporate Policy and
Business Planning, inc Annual Action Plans
Good
Deferred to 2012/13
Good
Good
Adequate
Head of Legal
Legal Services, Data Protection, Freedom of
Information
Good
IT Audits - Head of Business Transformation and IT
General Ledger/Cedar Financials Application
Adequate
Project Management
Cash Receipting
Document Imaging and Workflow Application - Civica Revenues and Benefits
IT Security, Procurement and End User Controls
Revenues and Benefits Application
Network Infrastructure
Business Continuity
Data Centre, Back Up, Disaster Recovery
Data Consistency
Payroll and Personnel
Content Management
Network Security
Virus Protection / Spyware
Firewalls
Adequate
Adequate
Adequate
Adequate
Adequate
Limited
Adequate
Adequate
Adequate
Page 9 of 10
38
Limited
Adequate
Adequate
Adequate
Adequate
APPENDIX 3 – LIMITATIONS AND RESPONSIBILITIES
Limitations inherent to the Internal Auditor’s work
The Internal Audit Annual Report has been prepared and Mazars (the Internal Audit Services
contractor) were engaged to undertake the agreed programme of work as approved by
management and the Audit Committee, subject to the limitations outlined below.
Opinions
The opinions expressed are based solely on the work undertaken in delivering the approved
2014/15 Annual Internal Audit Plan. The work addressed the risks and control objectives agreed for
each individual planned assignment as set out in the corresponding audit briefs and reports.
Internal Control
The system of internal control is designed to manage risk to a reasonable level rather than to
eliminate the risk of failure to achieve corporate/service policies, aims and objectives: it can
therefore only provide reasonable and not absolute assurance of effectiveness. Internal control
systems essentially rely on an ongoing process of identifying and prioritising the risks to the
achievement of the organisation’s policies, aims and objectives, evaluating the likelihood of those
risks being realised and the impact should they be realised, and to manage them efficiently,
effectively and economically. That said, internal control systems, no matter how well they have
been constructed and operated, are affected by inherent limitations. These include the possibility
of poor judgement in decision-making, human error, control processes being deliberately
circumvented by employees and others, management overriding controls and the occurrence of
unforeseeable circumstances.
Future Periods
Internal Audit’s assessment of controls relating to North Norfolk District Council is for the year ended
31 March 2015. Historic evaluation of effectiveness may not be relevant to future periods due to
the risk that:
 The design of controls may become inadequate because of changes in the operating
environment, law, regulation or other matters; or,
 The degree of compliance with policies and procedures may deteriorate.
Responsibilities of Management and Internal Auditors
It is management’s responsibility to develop and maintain sound systems of risk management,
internal control and governance and for the prevention and detection of irregularities and fraud.
Internal Audit work should not be seen as a substitute for management’s responsibilities for the
design and operation of these systems.
The Internal Audit Consortium Manager has sought to plan Internal Audit work, so that there is a
reasonable expectation of detecting significant control weaknesses and, if detected, additional work
will then be carried out which is directed towards identification of consequent fraud or other
irregularities.
However, internal audit procedures alone, even when carried out with due
professional care, do not guarantee that fraud will be detected and Mazars examinations as the
Council’s internal auditors should not be relied upon to disclose all fraud, defalcations or other
irregularities which may exist.
Page 10 of 10
39
Audit Committee
16 June 2015
Agenda Item No____11_________
Follow Up on Internal Audit Recommendations 1 November 2014 to 31 March 2015
Summary:
This report provides an overview of progress made in
implementing agreed audit recommendations due for completion
between 1 November 2014 and 31 March 2015.
Conclusions:
Good progress continues to be achieved in relation to the
completion of agreed Internal Audit recommendations.
Recommendations:
It is recommended that the Committee notes management
action taken to date regarding the delivery of audit
recommendations.
Cabinet member(s):
Ward(s) affected:
All
All
Emma Hodds, Internal Audit Consortium Manager
01508 533791, ehodds@s-norfolk.gov.uk
Contact Officer, telephone
number, and e-mail:
1.
Background
1.1.
In accordance with agreed internal audit review and reporting cycles, we revisit
the status of audit recommendations on a 6-monthly basis and last presented our
findings in this area to the Audit Committee on 9 December 2014.
1.2.
This report now seeks to provide an update on the status of audit
recommendations following recent verification work performed by the Contractor,
which examined the level of activity concerning the delivery of audit
recommendations falling due between 1 November 2014 and 31 March 2015.
2.
Overall Position
2.1.
The overall position in relation to the implementation of Internal Audit
Recommendations is within the attached report.
3.
Conclusion
3.1
Good progress continues to be made in relation to the completion of agreed
Internal Audit recommendations, with 55 recommendations implemented over the
course of the 2014/15 financial year, resulting in improvements to the control
environment. There are only 10 recommendations outstanding at year end, six of
which relate to audits completed prior to 2014/15 and it would be beneficial to
address these early in 2015/16.
40
Audit Committee
16 June 2015
4.
Recommendation
4.1
It is recommended that the Committee notes management action taken to date
regarding the implementation of audit recommendations.
Appendices attached to this report:
Follow Up Report on Internal Audit Recommendations
41
Eastern Internal Audit Services
NORTH NORFOLK DISTRICT COUNCIL
Follow Up Report on Internal Audit Recommendations
Period Covered: 1 November 2014 to 31 March 2015
Responsible Officer: Emma Hodds – Internal Audit Consortium Manager
CONTENTS
1. INTRODUCTION
2
2. STATUS OF AGREED ACTIONS
2
APPENDIX 1 – STATUS OF AGREED ACTIONS
4
Page 1 of 4
42
1.
INTRODUCTION
1.1
This report is being issued to assist the Authority in discharging its responsibilities in relation
to the internal audit activity.
1.2
The Public Sector Internal Audit Standards also require the Chief Audit Executive (known in
this context as the Internal Audit Consortium Manager) to establish a process to monitor and
follow up management actions to ensure that they have been effectively implemented or that
senior management have accepted the risk of not taking action. The frequency of reporting
and the specific content are for the Authority to determine.
1.3
To comply with the above this report includes:
The status of agreed actions.
2.
STATUS OF AGREED ACTIONS
2.1
As a result of audit recommendations, management agree action to ensure implementation
within a specific timeframe and by a responsible officer. The management action
subsequently taken is monitored by the Internal Audit Contractor on a regular basis and
reported through to this Committee. Verification work is also undertaken for those
recommendations that are reported as closed. Appendix 1 to this report shows the details
of the progress made to date in relation to the implementation of the agreed
recommendations.
2.2
The summary position according to recommendation priority is shown in the table below:
Complete
Outstanding
Unable to confirm
status
Total
Status of Recommendations as at 31 October 2014
High
Medium
Low
Total
3
18
7
28
0
8
2
10
3
26
9
%
74%
26%
38
Status of Recommendations as at 31 March 2015
High
Medium
Low
Total
0
17
10
27
0
7
3
10
%
Complete
73%
Outstanding
27%
Unable to confirm
status
Total
0
24
13
37
Key:
H – High priority: A fundamental weakness in the system that puts the Council at risk. To be
addressed as a matter of urgency, within a 3-month time frame wherever possible, or, to put in place
compensating controls to mitigate the risk identified until such a time as full implementation of the
recommendation can be achieved.
M – Medium priority: A weakness within the system that leaves the system open to risk. To be
resolved within a 4 - 6 month timescale.
L – Low priority: Desirable improvement to the system. To be introduced within a 7 - 9 month period.
The tables provide two snapshots – one of the year end position at 31 October 2014 and
one covering the position as at 31 March 2015. The figures are not cumulative but enable an
overview to be maintained as to the nature of progress being made in relation to completing
agreed actions at periodic intervals during the financial year.
Page 2 of 4
43
2.3
Details of high priority recommendations which remain outstanding would usually be
attached to this report; however there were no high priority recommendations raised in the
second half of the financial year, and the 2 high priority recommendations raised earlier in
the year had previously been actioned by management.
2.4
Significant progress continues to be made with the implementation of recommendation by
management, the table highlights that over the course of the year 55 recommendations have
been actioned as required and has resulted in improvements to the control environment.
2.5
At financial year end only 10 recommendations remain outstanding, seven of these are
medium priority and three are low. Management responses have been received in relation to
all of these, with an up to date position being provided, along with revised deadline dates. Of
these 10 recommendations six relate to audits completed prior to 2014/15 and it would be
beneficial if management were to address these early in the 2015/16 financial year.
2.6
It is also worth noting that of the recommendations made to date in year, a further 10
recommendations are not yet due for implementation – see Appendix 1 for the audit areas
to which these relate. As mentioned although the dates for completion have not yet been
reached, until they are actioned, they represent weaknesses in the control environment
which leave the authority open to risk.
Page 3 of 4
44
APPENDIX 1 – STATUS OF AGREED ACTIONS
Reference
NN1112
NN1203
NN1209
NN1401
NN1402
NN1404
NN1409
NN1410
NN1502
NN1503
NN1504
NN1505
NN1506
NN1507
NN1508
NN1511
NN1513
NN1414
NN1514
NN1515
NN1516
NN1517
Description
Development Management,
Building Control and Land
Charges
Waste Management Contract
Sports Halls/Centres
Environmental Health
Private Sector Housing
Waste Management
Sundry Debtors
Work to Support AGS
Procurement
Development Management
Performance Management,
Corporate Policy and Business
Planning
Localism and Communities
Sports Halls/Centres
Housing Benefit and CTS
Payroll and HR
Exchequer Services
AGS
SYSTEMS AUDIT TOTALS
Business Continuity Planning
Network Infrastructure
Anti-Virus Management
Virus and Malware Protection
Firewall Adminstration
COMPUTER AUDIT TOTALS
Implemented
(November '14 March '15)
Assurance Level H
M
L
Adequate
Limited
Adequate
Adequate
Adequate
Adequate
Adequate
N/A
Adequate
Adequate
H
1
1
1
1
1
1
1
Good
Adequate
Adequate
Adequate
Adequate
Adequate
N/A
0
Adequate
Adequate
Adequate
Adequate
Adequate
0
1
1
2
15
1
1
4
0
3
1
2
6
6
1
1
1
0
1
Page 4 of 4
45
2
0
0
0
0
0
0
1
1
Total
Outstanding
Not yet due to be
implemented
H
M
L
1
1
0
1
1
1
1
0
1
1
1
1
2
3
1
3
3
2
Outstanding
M
L
Unable to confirm
status
H
M
L
0
0
0
0
0
0
0
8
0
0
1
1
0
2
Total Audit
Recommendations
to be actioned
1
1
0
1
1
1
1
0
1
1
1
2
1
1
0
3
1
3
0
2
2
2
2
1
0
0
0
2
1
12
0
0
1
1
4
6
Agenda Item 12
PRMB – June 2015
Corporate Risk Register May 2015
Summary Register
Ref.
Current
Score
Target
Score
Medium Term Financial Plan
015(CR)
20
12
Karen Sly - Head of Finance
Coastal Erosion - (the effects of)
002(CR)
20
12
Rob Goodliffe - Coastal Management Team Leader
Transformation Agenda/Business Transformation Work
003(CR)
16
8
Sheila Oxtoby - Chief Executive
Property assets (the condition of)/ Asset Management
001(CR)
12
9
Duncan Ellis - Head of Assets & Leisure
Procurement - (lack of value for money)
009(CR)
9
3
Karen Sly - Head of Finance
Individual Electoral Registration causing potential
disenfranchisement
021(CR)
9
6
Julie Cooke - Head of Organisational Development
Information - (loss of)
008(CR)
8
4
Sean Kelly - Head of Business Transformation and IT
Housing Delivery
010(CR)
6
6
Nicola Turner - Strategic Housing Team Leader
Operational disruption - (significant event)
013(CR)
6
6
Richard Cook - Civil Contingencies Manager, Steve
Hems - Head of Environmental Health
Homeworking - security, staff health and safety
019(CR)
6
6
Sean Kelly - Head of Business Transformation and IT
Disclosure and Barring Checks (DBS) for staff
020(CR)
6
4
Julie Cooke - Head of Organisational Development
Risk
Officer
KEY
Impact Type
Objectives
Financial
Impact (Loss)
Likelihood
Catastrophic - 5
The key objectives in the
Corporate Plan will not be
achieved.
Critical - 4
One or more Key Objectives
in the Corporate Plan will not
be achieved.
Moderate - 3
Significant impact on the
success of the Corporate
Plan.
Marginal - 2
Some impact on more than
one Service.
Negligible - 1
Insignificant impact on more
than one Service.
Over £1m
£400K - £1m
£200K - £400K
£10K - £200K
£0-10K
Very High - 5
High - 4
Moderate - 3
Low - 2
Very Low - 1
Probability
Over 90%
60 - 90%
40 - 60%
10 - 40%
below 10%
Timing
Within six months
This year
Next year
Probably within 15 years
Probably over 15 years
46
1
PRMB – June 2015
Corporate Risk Register May 2015
Risk
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Medium Term Financial Plan 015(CR)
Existing Controls
Controls that have been
implemented since the last
review are shown in green
Policy work
Score (with
controls)
Impact x
Likelihood =
Total
5x4=20
Lobbying Central Government
Action (to achieve target score)
and progress to date
Growth forecasting models to be
developed for housing and
business rates to inform future
financial forecasts and budget. –
Some Problems - Business rates
forecasting has been informed by
the annual NNDR returns and also
outcome of appeals. Timing of
businesses coming on track to be
reviewed with Planning and also
informed by visiting officers
progress. Housing forecast updated
annual as part of the Tax Base
setting and monitoring of the
collection fund position, monthly
CTB reports for Long term empties
to be reviewed for new property
reporting also.
1. Uncertainty around the Governments
spending reduction programme and the
impact on the Council’s funding. The
business rates retention system has
shifted the risk of business rates
fluctuations to the local level, meaning
that Local Authority funding will be
impacted directly from decline in
business and also planned reductions to
the revenue support grant and reliance
on New Homes Bonus funding
influenced by delivery of new homes
and reductions in long term empty
properties.
Medium Term Financial
Strategy
2. Failure to produce a balanced budget
position and funded future projections in
the medium term and to deliver a
freezing of Council Tax increases.
Utilisation of (part of) the New
Homes Bonus grant within the
base budget from 2014/15
Refresh of the financial projections
following May 2015 elections.
Annual review of the Councils
reserves
Early update of the Financial
Strategy to inform the 2016/17
budget process
3. The Corporate Plan may not be
delivered to the identified timescales.
The level of service currently provided
could be at risk, unplanned use of
reserves which is unsustainable in the
longer term. Higher level of savings
requirement in future years.
Corporate Planning / Service
Planning
Budget Process / Budget
Monitoring
Regular monitoring system of
the impact of the business
rates retention and the
localised council tax support
system
Target
Score
Impact x
Likelihood
= Total
4x3=12
Corporate
Objective /
Service
Priority
Officer
Delivering the
Vision
Karen Sly Head of
Finance
Reporting - New legislation
and consultation
Timely agreement of the
annual Localised Council Tax
Support Scheme
Project Management Plans
47
2
PRMB – June 2015
Corporate Risk Register May 2015
Risk
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Existing Controls
Controls that have been
implemented since the last
review are shown in green
Coastal Erosion - (the effects of) 002(CR)
The Pathfinder Project
1. Lack of Government funding to
maintain coast defences and / or to
support local compensation claims
2. Coastal erosion and blight of coastal
settlements through loss of public and
private infrastructure and assets. The
Council has devoted significant
resources to pursuing sustainable
answers to coastal management issues.
There is a considerable Health and
Safety context here which serves to
increase the reputational risk for the
Council at the same time.
3. Increased coastal erosion through
loss of defences presents a reputational
risk to the authority in the eyes of local
communities and direct loss of Council
owned assets / infrastructure which are
fundamental to the district's tourism
offer and therefore the economic wellbeing of the district. Loss of confidence
in respect of business investment and
residential property market; blight of
properties in erosion zone; direct loss of
tourism assets and infrastructure
promenades, beach chalets, cafés,
public toilets, car parks etc.; loss of
tourism income / employment.
Score (with
controls)
Impact x
Likelihood =
Total
5x4=20
Shoreline Management Plan
(SMP)
Repairs & Maintenance
Programme
Procurement practices
Health & Safety checking and
monitoring
DEFRA funding of capital
schemes
Action (to achieve target score)
and progress to date
Cromer Sea Defence Works –
Some Problems - Although works
are still progressing and much good
work has been done, Volker Stevin
are behind programme and works
will not be completed by the end of
March 2015. The storm surge of the
5th December 2013 has made a
significant impact on the
programme and the additional
works required to repair the
groynes, parapet walls and various
cliff slips have together combined to
slow the works. The latest draft
programme suggests it will be early
2016 before the works are
complete.
Target
Score
Impact x
Likelihood
= Total
Corporate
Objective /
Service
Priority
Officer
4x3=12
Coast,
Countryside
and Built
Heritage
Rob
Goodliffe Coastal
Manageme
nt Team
Leader
Coast monitoring
Control of coastal
management schemes
through procurement and
regular checking
Repairs in response to the
December 2013, Tidal Surge – On
track - Surge repairs are
substantially complete. Final works
are in preparation for the repair of
revetments and gabions at
Overstrand and revetments at Vale
Road. Repairs to revetments at
Mundesley are being incorporated
into a FLAG initiative to improve
beach access for fishing vessels
48
3
PRMB – June 2015
Corporate Risk Register May 2015
Risk
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Transformation Agenda/Project 003(CR)
1. It is clear that there is a new urgency
about change in local government
driven by the current financial pressures
and the ambition to ignite community
engagement. Previous incremental
change is being replaced by a more
wholesale restructuring of local
government and its place in local
service delivery.
2. The risk is that in moving to a new
agenda so quickly there is no basic
framework within which the new
arrangements can be undertaken.
Existing Controls
Controls that have been
implemented since the last
review are shown in green
Training, learning & policy
initiatives
Score (with
controls)
Impact x
Likelihood =
Total
4x4=16
Strategies
Reporting - New legislation
and consultation
Network development
Maintain technical
competence
Medium Term Financial
Strategy
Appointment of a Head of
Business Transformation to
deliver the programme
Property assets - (the condition of) 001(CR)
Work on R & M schedules
1. A lack of investment and sound
decision-making.
The introduction of a property
risk assessment and
inspection regime
2. Deteriorating property assets may
lead to a loss of revenue and possible
legal liability.
Effective team resourcing
IT transformation work that is
currently being undertaken –
Some Problems - Potential
imbalance between resources and
workload remains. Of particular
concern are the recruitment
difficulties relating to highly
technical positions especially within
Web development. The approach to
delivering the updated website is
being reviewed to identify and
implement alternate delivery
mechanisms including short term
contracts and third party support.
Target
Score
Impact x
Likelihood
= Total
Corporate
Objective /
Service
Priority
Officer
2x4=8
Delivering the
Vision
Sheila
Oxtoby Chief
Executive
3x3=9
Delivering the
Vision
Duncan
Ellis –
Head of
Assets and
Leisure
Managing delivery of
workstreams as included in the
Transformation programme – On
Track – Overall the programme
remains broadly on track. However,
conflicting priorities and resource
demands will have to be closely
monitored to ensure planned
timelines remain viable.
Approval of the Business
Transformation Programme
3. Vision and action may not be fully
supported by a sound assessment and
a solid understanding of policy
implications at national and local level.
Action (to achieve target score)
and progress to date
Business Transformation
Board monitoring projects
progress
4x3=12
49
Work is on-going in relation to the
R&M schedules in relation to
including all of this detail within the
Concerto system. The schedules
were used to support the update of
the Asset Management Plan and
the capital works highlighted within
the plan have gone forward as
capital bids to be considered by
Members as part of the budget
setting process for 2015/16.
4
PRMB – June 2015
Corporate Risk Register May 2015
Risk
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Existing Controls
Controls that have been
implemented since the last
review are shown in green
3. The Council does not achieve value
for money from its investment and/or
possible legal liabilities either directly or
through its leasing arrangements.
Asset Management Plan
Score (with
controls)
Impact x
Likelihood =
Total
Action (to achieve target score)
and progress to date
Target
Score
Impact x
Likelihood
= Total
Corporate
Objective /
Service
Priority
Officer
Rolling asset condition surveys
continue to be undertaken to
ensure that the R&M schedules
remain up to date.
Implement asset
management software
This scenario is detrimental to the local
tourism economy as well as damaging
to local communities contributing to a
lack of community pride and possible
increase in vandalism. The capital tied
up in assets cannot be released to
support wider Council initiatives and
income streams are not maximised.
Various policies are in place to help
manage property risks and risk
assessment inspections and review
works continue to be developed
and improved. Regular routine
inspections take place on all of the
Council’s car parks for example to
review, monitor and help manage a
number of risks.
Team resourcing continues to be
monitored although the recovery
works connected with the storm
surge have stretched the team this
year. Additional resource is being
investigated to support with further
data input onto the Concerto
system which is extremely time
consuming.
The Asset Management Plan was
updated and agreed earlier this
year and contains an improvement
plan which is currently being
implemented and forms part of the
Ten performance monitoring
system.
As mentioned above additional
temporary resource support is
being investigated in relation to the
50
5
PRMB – June 2015
Corporate Risk Register May 2015
Risk
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Existing Controls
Controls that have been
implemented since the last
review are shown in green
Score (with
controls)
Impact x
Likelihood =
Total
Action (to achieve target score)
and progress to date
Target
Score
Impact x
Likelihood
= Total
Corporate
Objective /
Service
Priority
Officer
3x1=3
Delivering the
Vision
Karen Sly
– Head of
Finance
2x3=6
Legislative
Concerto system to ensure this
becomes fully populated as quickly
as possible. The more information
the system holds the more useful it
will be.
Procurement - (lack of value for
money) - 009(CR)
1. The current financial climate, recent
resourcing issues causing an absence
of a focus for this work, together with a
reduction in the available accountancy
resources going forward increase the
risk of a lack of continuous improvement
in this area.
2. Failure to adopt new procurement
practices and delivery of efficient and
timely procurement processes could
mean that the Council will not achieve
value for money procuring the goods
and services it uses.
3. The Council may not achieve value
for money, financial/procedural
inefficiencies possible challenge to
contracting procedures.
Individual Electoral Registration
causing potential
disenfranchisement - 021(CR)
1. Implementing the new legislation
through the new software provided. As
the process and software is being
developed system errors and issues are
Procurement Strategy
A procurement evaluation – On
Track - An increased awareness of
the location and use of the Toolkit
(including the Quotation Value
Path) has been undertaken
including presentations to
Management groups and on one-toone basis.
3x3=9
Procurement Framework
Joint procurement protocol
and opportunities for
joint/shared procurement with
other authorities where
possible
Analysis of procurement outcomes
and the value for money achieved
has started.
Advice for external suppliers
Procurement responsibility
assigned to the Chief
Accountant
Note – Chief Accountant left in May
and post is yet to be filled.
Regular procurement refresh
and review of procedures
Reporting of errors detected
to the software company and
the Cabinet Office
3x3=9
Actions to be identified
Electoral Service Managers
Training and Networking
51
Julie
Cooke Head of
Organisati
onal
Developme
nt
6
PRMB – June 2015
Corporate Risk Register May 2015
Risk
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Existing Controls
Controls that have been
implemented since the last
review are shown in green
Score (with
controls)
Impact x
Likelihood =
Total
Action (to achieve target score)
and progress to date
Target
Score
Impact x
Likelihood
= Total
Corporate
Objective /
Service
Priority
Officer
Delivering the
Vision
Sean Kelly
- Head of
Business
Transform
ation and
IT
arising that need resolution. It is
possible errors could arise that are not
detected prior to the Parliamentary and
District elections in 2015.
2. The Government brought in
legislation which introduced
fundamental changes in the electoral
registration process during 2013/14
including the introduction of totally new
software systems.
3. The result of these multiple changes
could cause issues leading to
disenfranchisement. In addition the
software system may not provide the
necessary support to manage the
election process effectively.
Information - (loss of) - 008(CR)
1. Lax security - Information may be
lost, mislaid or stolen. Increased use of
mobile technology such as I Pads etc.
2. There exists an inherent potential for
the loss of organisational information at
any security level. ICT is responsible for
ensuring electronic data is secure (in
conjunction with system owners who
control access to their databases),
3. Information may be inappropriately
used. Fraud or data corruption may
occur. Systems may suffer damage.
The Council's reputation may be
harmed.
Information Management
Strategy
4x2=8
Information security and data
protection training.
Implement data security
protocols on mobile devices
Interim generic information on
information security and data
protection to be shared with staff
through intranet.
ICT Security Policy
4x1=4
IT Monitoring
Data Protection training
Code of Connection
compliance
Regular audits of IT security
52
7
PRMB – June 2015
Corporate Risk Register May 2015
Risk
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Existing Controls
Controls that have been
implemented since the last
review are shown in green
Score (with
controls)
Impact x
Likelihood =
Total
Action (to achieve target score)
and progress to date
Target
Score
Impact x
Likelihood
= Total
Corporate
Objective /
Service
Priority
Officer
3x2=6
Housing and
Infrastructure
Nicola
Turner Housing
Team
Leader Strategy
3x2=6
Delivering the
Vision
Richard
Cook Civil
Contingenc
ies
Manager,
arrangements
rd
Regular 3 party data
protection and integrity testing
Housing Delivery - 010(CR)
1. A combination of lack of developer
confidence because of recession / weak
financial markets and pressure on public
finances meaning reduced availability of
grant funding for affordable housing
provision.
Use of capital
3x2=6
Partnership work with
Registered Providers
All controls are implemented and
risk is currently under control, to be
reviewed in six months time.
Local Investment Plan
Local Development
Framework (LDF) policies
2. Inability to secure planning
permission for provision of affordable
housing.
Internal planning protocol
3. A challenge over the Council's ability
to deliver sufficient affordable homes
Housing Strategy discussion
document (2010)
Increased Focus
Enhance Housing Association
delivery
Operational disruption - (significant
event) - 013(CR)
Response & Recovery
Planning
1. Both the National and Community
Risk Registers have more information
regarding the risk of specific events
(e.g. Pandemic) occurring.
Continuity Planning
2. Any Internal or external event that
has a significant impact on the ability of
the Council to deliver services.
Critical Services Business
Continuity Plans completed.
3x2=6
Corporate Business
Continuity key role training
Steve
Hems Head of
Environme
ntal Health
53
8
PRMB – June 2015
Corporate Risk Register May 2015
Risk
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Existing Controls
Controls that have been
implemented since the last
review are shown in green
Score (with
controls)
Impact x
Likelihood =
Total
Action (to achieve target score)
and progress to date
Target
Score
Impact x
Likelihood
= Total
Corporate
Objective /
Service
Priority
Officer
2x3=6
Delivering
the Vision
Sean Kelly
- Head of
Business
Transform
ation and
IT
2x2=4
Delivering
the Vision
3. a) Loss of staff for 'usual' service
delivery
b) Loss of premises
c) Loss of key partners/suppliers
d) Loss of infrastructure services
A reduction in the ability of the Council
to deliver services, possibly at a time of
increased demand from the community.
Homeworking - security, staff health
and safety - 019(CR)
1. All aspects of remote working not
covered by corporate policies. There are
procedures in place for IT risks.
Produce and implement staff
policies and procedures for
homeworking - Work has started
in producing a Mobile Working
Guidance which will cover; hot
desking, working on District and
working at and from home. A draft
is being discussed with services
that will pilot the arrangements.
This pilot is planned to start in early
2015. The results of the pilot and
any revisions to the guidance will
be discussed at JSCC with a view
to being fully implemented later in
2015 after approval by CLT.
Update report – managed risk?
2x3=6
IT Monitoring
2. Security put at risk. Cost of home
working not adequately budgeted for. All
managers have a responsibility for their
staff working from home.
3. Remote staff unable to access
technology needed to do their jobs and
for business continuity.
Disclosure and Barring Checks (DBS)
for staff - 020(CR)
1. Management and HR not adhering to
set internal processes around applying/
renewing DBS checks, particularly in a
timely manner.
2. Specific jobs require pre-employment
checks and on-going (minimum every 3
years) checks to comply with the
relevant legislation where the post
holder has works with or has access to
Pre employment checklist
3x2=6
Reminder process to the
service manager.
Reporting of lack of
compliance with agreed
process. The process
includes escalation to the
relevant Head of Service
and to the Head of
Organisational
Development if the check is
54
Julie
Cooke Head of
Organisati
onal
Developme
nt
9
PRMB – June 2015
Corporate Risk Register May 2015
Risk
1. Cause of risk
2. Description of Risk or potential
event
3. Consequence of risk happening
Existing Controls
Controls that have been
implemented since the last
review are shown in green
children and vulnerable adults.
not initiated/completed
within the relevant
timescales.
3. If checks aren't completed in a timely
way there is the risk that someone who
may be barred from working with
children/ vulnerable adults has access
to those groups through Council
activities.
Score (with
controls)
Impact x
Likelihood =
Total
55
Action (to achieve target score)
and progress to date
Target
Score
Impact x
Likelihood
= Total
Corporate
Objective /
Service
Priority
Officer
10
Agenda Item 13
Brief for Audit Committee June 2015
Incidents and Emergency Planning
There have been no recent incidents that have had an impact on the Authority.
The most significant recent event for the Authority was the tidal surge, in December
2013 and a full de-brief report has been complied and this report went to Overview
and Scrutiny Committee in January 2014, all action are now complete.
Overall the Emergency Response Plan was proved to be fit for purpose and the new
additions will help to deliver an even slicker response to any future incident the
authority may face. The new updated version four of the NNDC Emergency
Response Plan has now been completed and has been published.
Team BC Plans
All team BC plans are in place, including Revenue and Benefits. The Civil
Contingencies team has peer reviewed all the team plans and has a database to
ensure that all the plans are reviewed and remain up to date.
Despite the fact that authority experienced several significant emergency incidents
over the previous year, these had little impact on service delivery. This proves that
the current Business Continuity plans in place are robust and fit for purpose. The
Corporate BC plan is currently under review and this will be completed by the end of
June.
Training
An initial meeting of the new Business Continuity Working Group took place on 20th
May 2015. The format was an external training session that was delivered by
Norfolk County Council.
It is hoped that this group will meet quarterly and the main focus of the group will be
to help embed business continuity into to the normal day to day activities of the
authority, as well as looking, as a group, to enhance the team BC plans that are in
place.
The CCT team are still helping teams to develop and improve their own BC plans
with one to one training sessions.
56
Disaster Recovery and Work Action Recovery site
This project is still on-going but has been delayed due to the heavy work load for IT
and the role out of the business transformation program. All data is being replicated
from the Cromer office to the Fakenham site on a daily basis and if we suffer a total
loss of this building it would take a small amount of reconfiguration work to get
access to the stored data. The new plan for the Fakenham DR site is to upgrade the
equipment Q1 2015/16 as part of the planned upgrade to the IT facilities. A test of
the new equipment will be built into the project implementation plan, to be completed
by June 2015.
The Work Action Recover (WAR) Site is in place with an initial 10 networked PC’s
and associated equipment. During the recent Fakenham fire the building was used
to great effect as an evacuation and information centre for the members of the public
that were made homeless. The staff that used the site during the incident reported
that the ability to use NNDC IT networks made the whole process far easier. The
fact that they had the ability to use the small rooms for confidential interviews and
the kitchens for refreshments only further enhanced service delivery. The Civil
Contingencies team will be carrying out a low level test of the WAR facility In March
2015.
57
Related documents
Look Ahead Feature To access the application that
Look Ahead Feature To access the application that
Audit Committee Board of Trustees The University of North Carolina at Wilmington
Audit Committee Board of Trustees The University of North Carolina at Wilmington
Marketing Plan Rubric
Marketing Plan Rubric
Download
advertisement