AUDIT COMMITTEE - Charnwood · AUDIT COMMITTEE – 12TH JULY 2017 Report of the Head of Strategic Support Part A ITEM 09 INTERNAL AUDIT PROGRESS REPORT Purpose of Report The report

AUDIT COMMITTEE – 12TH JULY 2017

Report of the Head of Strategic Support

Part A

ITEM 09 INTERNAL AUDIT PROGRESS REPORT Purpose of Report The report summarises the status of the 2016-17 Audit Plan and also outlines the key findings from final audit reports and follow-up work completed since the previous progress report considered by the Audit Committee at the meeting held 21st February 2017. Recommendation The Committee notes the report. Reason To ensure the Committee is kept informed of progress against the approved Internal Audit plan.

Policy Justification and Previous Decisions The Accounts and Audit Regulations 2015 state (Regulation 5 (1)) that the relevant authority must undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account public sector internal auditing standards or guidance. Implementation Timetable including Future Decisions Reports will continue to be submitted to the Committee on a quarterly basis. Report Implications The following implications have been identified for this report. Financial Implications None Risk Management There are no specific risks associated with this decision.

1

Background Papers: None. Officers to contact: Adrian Ward, 01509 634573 [email protected] Shirley Lomas. 01509 634806 [email protected]

2

mailto:[email protected]

mailto:[email protected]

Part B 1. Progress against the 2016/17 Audit Plan Appendix A summarises progress against the 2016/17 Audit Plan as at 12th May 2017. General audit work: The majority of planned audits are complete, three audits (Council Tax, Non Domestic Rates and Responsive Repairs) remained in progress at the end of year. One audit, Homelessness, has been deferred to the 2017/18 Audit Plan as agreed with SMT and the Audit Committee earlier in the year. The audit was not able to be undertaken prior to the end of March 17 as the scope of the audit was to review the implementation of actions arising from the Gold Standard Assessment and the assessment report had not been received. ICT Audit: Progress has been made with the ICT Audits and the majority are nearing completion. One audit, Infrastructure – Telephony project, has not been able to be completed due to delays in the implementation of the new telephony system. The time allocated but not utilised for this audit was reallocated to the ICT Key Controls audit to enable additional unforeseen testing to be undertaken in this area and additional work required to assist with KPMG IT work. One audit, Software Compliance, remained in progress at the end of year. 2. Progress against the 2017/18 Audit Plan Work has commenced on scheduling the general audits with the relevant services and planning has commenced on those audits scheduled to be completed in Quarter 1. 3. Final Audit Reports Issued The following final audit reports have been issued since the last update report to the committee. Further detail in respect of these audits is attached in Appendix B, including a background section, the executive summary, and the agreed action plan listing recommendations made and the management responses.

Audit Field Work Completed

Draft Report Issued

Final Report Issued

Current Level of

Assurance

Previous Audit

Level of Assurance

Corporate Significance

Housing Benefits & Council Tax Support

Jan – Feb 17

Mar 17 Mar 17 Substantial Substantial High

Housing Rents Jan – Feb 17

Feb 17 Mar 17 Substantial Substantial High

Capital Accounting

Jan – Feb 17

Feb 17 Mar 17 Substantial Substantial High

Income Collection

Feb 17 Mar 17 Mar 17 Substantial Substantial High

Procurement – Fraud & Corruption

Jun – Nov 17

Feb 17 Mar 17 Substantial N/A High

3

Audit Field Work Completed

Draft Report Issued

Final Report Issued

Current Level of

Assurance

Previous Audit

Level of Assurance


Recyclates Contract

Feb – Mar 17

Apr 17 Apr 17 Substantial Substantial High

Land Charges Mar 17 Mar 17 Apr 17 Substantial Substantial Medium

Non-domestic Rates

Mar – Apr 17

May 17 May 17 Substantial Substantial High

Creditors Jan - Feb 17

Mar 17 Mar 17 Substantial Substantial High

4. ICT Audit One ICT audit final report has been issued since the last update report to the Committee. Further detail in respect of this audit is attached in Appendix C. Audit Field Work

Completed Draft

Report Issued

Final Report Issued

Current Level of

Assurance

Previous Audit

Level of Assurance


Applications Management

Oct – Dec 17

Jan 17 Apr 17 Moderate N/A Medium

5. Follow Up of Recommendations The table below summarizes the follow-up status of recommendations which were due to be implemented during the period December 2016 and March 2017. Two medium priority and one low priority recommendation have not been implemented by the agreed action date. Further details are available at Appendix C.

6. Special Investigations One special investigation has been undertaken during the reporting period. The investigation was in respect of shopping vouchers which had been awarded to a Council tenant by a local charity and were to be delivered to the Council Offices. When the vouchers were not received within the expected timescale, enquiries with the charity and subsequently with the Post Room found that a package from the charity, which had been sent by recorded delivery, had been received at the Council Offices. It was not possible to track the package or its contents beyond the point of receipt when signed for.

Implementation Due Priority Level

Implemented Not Implemented

No Further Action

December 2016 – March 2017.

High

0 0 0

Medium

2 2

0

Low

9 1

0

Percentages 85% 15% 0%

4

Following this incident, revised procedures for handling recorded/special delivery post have been introduced in the Post Room. On issue of the Investigation Report recommendations will be made to review both Post Room and Service procedures with regard to the handling of all post. 7. Performance Indicators for Internal Audit The following summary outlines the results against the local performance indicators for Internal Audit for 2016/17.

Indicator Target Result Notes

Percentage of clients that rated the performance of Internal Audit as good or excellent.

90% (Annual)

98% Results of annual survey of Heads of Service (based on 5 responses received).

Percentage of the agreed 2016/17 Internal Audit plan delivered (as at 12.5.17).

90%

84%* *Includes allocated time for contingency etc. Percentage of planned audits completed is 94%. At 31.3.17 the percentage of planned audits completed was 91%.

Percentage of agreed recommendations arising from internal audit reviews implemented by the agreed date (as at 31.3.17)

80% 84% April 2016– March 2017 (48/57 recommendations)

Appendices Appendix A - Summary of progress against the 2016/17 Audit Plan as at the 12th May 2017. Appendix B – Final Audit reports issued. Appendix C – Final ICT Audit reports issued. Appendix D – Outstanding Recommendations

5

6

Appendix A

PROGRESS AGAINST THE 2016/17 AUDIT PLAN (as at 12th May 2017)

2016/17 Audit Plan Plan Days

Spent Days

Status Assurance Level


Key Financial Systems

Full Systems Audit

Creditors 10.00 10.00 Completed Substantial High

Debtors 10.00 10.00 Completed Substantial High

Council Tax 10.00 9.50 Draft Report

Targeted Testing:

Accountancy & Budgetary Control

3.00

3.00

Completed

Substantial

High

Payroll 3.00 3.00 Completed Substantial High

Capital Accounting 2.00 2.00 Completed Substantial High

Income Collection 2.00 2.00 Completed Substantial High

Housing Benefits

3.00

3.00

Completed Substantial High

Non – Domestic Rates 2.00 2.00 Completed Substantial High

Housing Rents 3.00 3.00 Completed Substantial High

Quarterly Testing:

Treasury Management 2.00 2.00 Completed N/A

Bank Reconciliation 2.00 2.00 Completed N/A

52.00

Strategic & Service Risk Audits

Anti fraud inc NFI 10.00 10.00 Ongoing

Procurement 10.00 10.00 Completed Substantial High

Recyclates Contract 10.00 10.00 Completed Substantial High

Residential Fire Safety 10.00 10.00 Completed Substantial High

Development Control Fees 10.00 10.00 Completed Substantial Medium

Responsive Repairs 8.00 7.00 In Progress

Loughborough Cemetery & Crematorium

8.00 8.00 Completed Moderate Medium

Homelessness 8.00 0.00 Deferred to 2017/18 Audit Plan

Industrial Units 8.00 8.00 Completed Substantial Medium

Town Hall – Follow Up Review

8.00 8.00 Completed Substantial Medium

Green Waste Collection – End to End Process Review

7.00 6.75 Draft Report Pending

PCI DSS Compliance (in conjunction with technical IT aspect included in IT Audit Plan)

5.00 4.75 Draft Report

Fleet Management – Follow Up Review

5.00 5.00 Completed Moderate Medium

Charnwood Museum – new shop/tills

3.00 3.00 Completed Substantial Low

7

2016/17 Audit Plan Plan Days

Spent Days

Status Assurance Level


Land Charges 3.00 3.00 Completed Substantial Medium

Food Safety 3.00 3.00 Completed Substantial Medium

IT Audit (Non-technical)

PSN Requirements 15.00 13.00 Ongoing

IT Audit (Technical – LCC)

Key ICS General Controls 8.00 9.50 Draft Report

Applications Management 6.00 6.00 Completed Moderate Medium

PCI Compliance (technical IT aspect)

1.00 1.00 Draft Report

Infrastructure Development (Telephony)

5.00 1.00 Unable to progress audit due to delays with implementation of new telephony. Time not utilised was used to complete additional unforeseen testing on ICT Key Controls audit ( 2 days) and on advisory for work requested by KPMG (2 days)

Software Compliance 8.00 7.00 In Progress

ICS Advice 2.00 4.00

161.00

Other Work

Recommendations - Follow Ups

20.00 10.00 Ongoing

Contingency 30.00 10.00

Allowance to complete 2015/16 Audits

10.00 10.00 Completed

60.00

TOTAL – Audit Plan 273.00 229.50*

*Including work in progress, and the planned number of days when an audit reaches the final report stage.

8

Appendix B SUMMARY OF FINAL AUDIT REPORTS ISSUED

Housing Benefits and Council Tax Support

1. Introduction 1.1 Background

The Housing Benefits and Council Tax Schemes are one of the identified key financial systems, which are audited on an annual basis. The Benefit Service is responsible for administering the Housing Benefit Scheme and the Leicestershire and Rutland Council Tax Support Scheme for the residents of Charnwood.

The administration of Benefit and Council Tax is undertaken by Capita. The monitoring of the Capita Contract was temporarily being overseen by the Strategic Director of Corporate Services, whilst waiting for the arrival of the newly appointed Head of Customer Experience.

2. Executive Summary

2.1 Overview

ASSURANCE RATING - SUBSTANTIAL

CORPORATE SIGNIFICANCE - HIGH

Assurance

Internal Audit can give substantial assurance to those charged with governance. The internal control environment within the areas reviewed is adequate and effective, and appropriate actions are being taken to manage risks.

9

There were no significant areas of weakness identified during the audit.

Corporate Significance The area reviewed has been rated as being of HIGH corporate significance, on the basis of:

General risk of financial loss greater than £100,000

Service failures would have significant impact on customers

Risk of serious reputational damage (national press/TV) 2.2 Key Findings

We are pleased to report that the procedures in place incorporate the following examples of good practice:

there are regular reconciliations made between the benefits system and the general ledger and the bank account;

overpayments of benefit are dealt with in accordance with council policy, properly recorded, calculated correctly and arrangements for recovery are made promptly;

an adequate segregation of duties exists between payment of benefit, recovery of overpaid benefits and assessment of claims.

From the work undertaken during the review, we have identified the following areas where there is scope for improvement to ensure that the system operates more effectively and efficiently:

The overpayment strategy was not reviewed in 2016.

Automated Letters produced by Academy have not been updated since the departure of the Benefits Manager.

10

3. Action Plan

Observation Risk Recommendation Priority Response/Agreed

Action

Officer

Responsible

Action

Date

1. The Overpayment Strategy was not reviewed in 2016.

It may not comply with current legislation and may not reflect current best practice.

1. The Overpayment Strategy is reviewed.

L The Strategy will be reviewed and agreed by both CBC and Capita.

Head of Customer Experience and Benefits/Site Manager (Capita)

May 2017

2. Automated letters produced by Academy have not been updated since the departure of the Benefits Manager

Claimants are unable to contact the appropriate officer if necessary.

The Benefits Manager details within the automated letter within Academy are updated

L A call will be raised to amend debtors documents in line with other Academy documents to read PP Linda Palmer

Benefits/Site Manager (Capita)

May 2017

11

Housing Rents


The collection of housing rents is one of the key financial systems for which assurance is required to be provided annually.

The Council’s housing stock as at January 2017 is c.5, 663 dwellings and the budgeted rental income for 2016-17 is

£21.5million.

The calculation of the annual rent debit is undertaken within Financial Services and the collection of housing rents falls under the responsibility of Landlord Services.

2 Executive Summary

2.1 Overview

ASSURANCE RATING -

SUBSTANTIAL CORPORATE

SIGNIFICANCE - HIGH Assurance

Internal Audit can give substantial assurance to those charged with governance. The internal control environment within the areas reviewed is adequate and effective, and appropriate actions are being taken to manage risks.

12

Based upon the work undertaken, the procedures in place for the monitoring and recovery of current tenant rent arrears are working well. Reconciliations between the rents system, benefits system and the general ledger are undertaken on a regular basis.


The area reviewed has been rated as being of high corporate significance, on the basis of:





There are established, documented procedures in place to ensure current tenant rent arrears are managed effectively.

The rents system is regularly and accurately reconciled to the general ledger and housing benefits system. Reconciliations are completed and reviewed on a timely basis.

3. Action Plan

There are no recommendations for management consideration.

13

Capital Accounting 1. Introduction 1.1 Background The capital accounting system is one of the identified key financial systems, which are required to be audited on an annual basis. The system is managed within Finance and Property Services by the Accountancy and Asset Management teams. 2 Executive Summary

2.1 Overview

ASSURANCE RATING -



Internal Audit can give substantial assurance to those charged with governance. The internal control environment within the areas reviewed is adequate and effective, and appropriate actions are being taken to manage risks. Based upon the work undertaken the systems and controls in place surrounding profiling of budgets are operating well and effectively. However, in the instances where there has been a change to the budget profile, there was not always clear evidence of the dialogue between the budget holder and Group Accountant agreeing the change. The Group Accountant has agreed that in future a more detailed commentary will be included within the monitoring return and emails retained as a trail of any discussion. It was also agreed that where there was a significant change a greater emphasis would be put on obtaining clearer justification for the change from the budget holder. In addition, it was established that the controls around

14

capital monitoring are currently under review which may result in additional controls around project slippage. Therefore, no further recommendation has been made.







Profiling of budgets is accurate

Under/Overspends are investigated and reported upon. 3. Action Plan


15

Income Collection


The cash receipting system is one of the identified key financial systems, which are audited on an annual basis. The cash receipting system is operated by the Customer Services Centre within Revenues, Benefits and Customer Services which provides a centralised service for the collection and receipting of income received by the Council. The Accountancy Control Section, within Financial Services, is responsible for reconciliations of the cash receipting system to the bank account and general ledger.

2 Executive Summary

2.1 Overview

ASSURANCE RATING -



Internal Audit can give substantial assurance to those charged with governance. The internal control environment within the areas reviewed is adequate and effective, and appropriate actions are being taken to manage risks. Based upon the work undertaken, the procedures in place for the collection of income from Customer Advisors are working well.

16







There are procedures in place to ensure that cash and cheque payments received are processed and recorded accurately and timely.

Reconciliations between the bank account, the general ledger and cash book are undertaken on a regular basis.

There are adequate arrangements for the receipt and recording of cash/cheque remittances. 3. Action Plan


17

Procurement – Fraud and Corruption


The Council has an established Central Procurement Team within Financial Services who provide advice on procurement and have run procurement for some central procurement contracts, for example, stationery and agency staff. The team are responsible for the Procurement Strategy which provides guidance and support for all officers who procure goods and services and for the regular monitoring of suppliers. The Chief Executive requested that the audit considered whether there are any patterns of contract awards or any other indications which might suggest concerns that need further review.

2. Executive Summary 2.1 Overview



Assurance Internal Audit can give substantial assurance to those charged with governance. The internal control environment within the areas reviewed is adequate and effective, and appropriate actions are being taken to manage risks. The work undertaken during this review has not identified any patterns in contract awards and hasn’t given any other indications which might raise concern. It was found that appropriate monitoring of procurement practices is being

18

undertaken by the Procurement Manager, who provides the appropriate amount of challenge to services. All areas of large expenditure have contracts in place in accordance with contract procedure rules. The main area where there is scope for improvement is the raising of retrospective orders. There are a number of reasons given by services for why orders are being raised following receipt of the invoice and some of these are poor and could be challenged.

Corporate Significance The area reviewed has been rated as being of high corporate significance, on the basis of:


Suspected cases of fraud or corruption over £10,000

Risk of serious reputational damage (national press/TV)

Direct link to identified strategic risks

2.2 Key Findings


There are appropriate procurement policies and procedures in place.

Procurement activities are being processed in a manner that is compliant to policies and procedures.

Appropriate monitoring procedures are in place and the Central Procurement Team provides appropriate challenge on procurement compliance.


The AZ prefix on orders (which prevents orders being automatically sent out to suppliers) is not always used for the purpose it was intended.

19

3. Action Plan


Action

Officer

Responsible

Action Date

1. The AZ prefix on orders (which prevents orders being automatically sent out to suppliers) is not always used for the purpose it was intended.

Unauthorised expenditure may be incurred. Expenditure commitment is not recorded in the Council’s accounts. Cases where retrospective orders are inappropriately raised are not identified and prevented in future.

1.1 All Heads of Service should remind officers that orders should be raised before goods/services are received to ensure all expenditure is authorised before ordered and all commitment is recorded in the accounts. 1.2 Quarterly AZ order monitoring reports are produced and distributed to Heads of Service so that they can challenge staff and work towards reducing the number of AZ orders being raised in services and ensure that expenditure is appropriately authorised.

L Report taken to CMT and action requested from Heads of Service on 7th December 2016. 1.2 Report to be circulated quarterly to Heads of Service identifying individuals raising AZ orders. Shows number raised and percentage of AZ orders.

Procurement Manager Procurement Manager

Implemented July 2017

20

Recyclates Contract


The Council has entered in to a new recyclates contract with Casepak which commenced on the 12th May 2016. The contract is for the period to 11th May 2018. An extension period of up to two years may be granted upon the chosen provider satisfactorily meeting agreed Key Performance Indicators.

Casepak will sort and process mixed recyclables from across the Borough; Charnwood produces approximately 17,400 tonnes of recyclable material per year. Mixed recyclables includes glass, plastic bottles, aluminium and steel cans, mixed paper and cardboard. The Management and monitoring of the contract falls under the responsibility of the Cleansing and Open Spaces division of the Neighbourhoods and Community Wellbeing Directorate.

2 Executive Summary 2.1 Overview

ASSURANCE RATING -



Internal Audit can give substantial assurance to those charged with governance. The internal control environment within the areas reviewed is adequate and effective, and appropriate actions are being taken to manage risks. Based upon the work undertaken, the procedures in place for the management of the Casepak contract are working well.



21





There are procedures in place to ensure that the contract is managed appropriately.

There are adequate arrangements to ensure that there is monitoring of the contractor’s performance against agreed Key Performance Indicators.

There are adequate arrangements in place to ensure that all payments due under the terms of the contract are made appropriately.

3. Action Plan


22

Land Charges 1. Introduction 1.1 Background

The role of Local Land Charges is to maintain and update the Local Charges Register and issue official certificates of search and Con 29 enquiry replies. The search process is fully automated and results are produced by the Land Charges computerised system (NLIS). The system is able to receive and dispatch search applications electronically. There is also a shared website portal providing online access to local authority searches called Leicestershire Land & Property Searches, which is a partnership between eight local authorities. The Land Charges team sit within Strategic Support which is part of Corporate Services. The budget holder is Adrian Ward, Head of Strategic Support and the budgeted income for 2016-17 is £256k.


ASSURANCE RATING -


SIGNIFICANCE - MEDIUM Assurance

Internal Audit can give substantial assurance to those charged with governance. The internal control environment within the areas reviewed is adequate and effective, and appropriate actions are being taken to manage risks. Based upon the work undertaken, the procedures in place for the receipt of income for searches are appropriate and from testing undertaken all searches are paid in full prior to the issue of the search.


The area reviewed has been rated as being of medium corporate significance, on the basis of:

23

General risk of financial loss between £10,000 and £100,000 Service failures would have moderate impact on customers Risk of moderate reputational damage (local press) Direct link to identified operational risks

2.2 Key Findings


There are adequate documented procedures in place to ensure that payments are received prior to a search being carried.

Income received from all sources is accurately recorded and accounted for.

3. Action Plan


24

Non-Domestic Rates 1. Introduction 1.1 Background

The non-domestic rates (NDR) system is one of the identified financial systems which are audited on an annual basis. The Revenues and Benefits function, including the collection of NDR, is administered by Capita. Their three main areas of responsibilities include billing, enforcement and control. The monitoring of the Revenues and Benefits contract falls under the responsibility of the Head of Customer Experience.

2. Executive Summary

2.1 Overview



Assurance Internal Audit can give substantial assurance to those charged with governance. The internal control environment within the areas reviewed is adequate and effective, and appropriate actions are being taken to manage risks. Based upon the work undertaken during the review the controls in place for identifying new and altered properties and the updating of the ratings list are generally satisfactory. All reconciliations tested were accurate and completed in a timely manner however the independent reviewing of VO schedules to the rating list is not always being completed in a timely manner.

Corporate Significance The area reviewed has been rated as being of High corporate significance, on the basis of:


25


Direct link to identified strategic risks

2.2 Key Findings


The ratings list is maintained accurately and is up to date.

The reconciliation of the VO Rating List to the Academy system is undertaken timely on a weekly basis.

The NDR system is regularly reconciled to the cash feeder system and the general ledger.

There are adequate procedures in place to ensure new or altered properties are identified and appropriate supporting documentation is retained to record inspections.


The independent checking of the VO to Academy reconciliations is taking between one and six weeks to undertake following completion of the reconciliation.

3. Action Plan


Action

Officer

Responsible

Action

Date

1. The independent checking of the VO to Academy reconciliations is taking between one and six weeks to undertake following completion of the reconciliation.

Errors are not detected promptly.

1. The independent checking of VO to Academy reconciliations is completed in a timelier manner.

L Agreed that independent checking of the VO to Academy reconciliations will be completed within 2 weeks of completion of the reconciliation.

Senior Control Officer

June 2017

26

Creditors 1. Introduction 1.1 Background

The creditors system is one of the identified key financial systems, which are audited on an annual basis. The creditors function within Charnwood Borough Council is located within Financial Services and provides a centralised service for the payment of invoices to the suppliers of the Council.

2 Executive Summary 2.1 Overview

ASSURANCE RATING -



Internal Audit can give substantial assurance to those charged with governance. The internal control environment within the areas reviewed is adequate and effective, and appropriate actions are being taken to manage risks. Based upon the work undertaken the systems and controls in place surrounding the purchasing of goods and services are operating well and effectively.

. Corporate Significance





27

2.2 Key Findings


Roles and responsibilities are clearly defined. There are adequate procedures in place for the payment and authorisation of good and services.

VAT is accounted for appropriately.

Procedures are in place to ensure amendments to standing data are authorised.

BACS and cheque payment runs are appropriately authorised.

Cheques are stored securely.

Reconciliations are undertaken on a regular basis.

Exception reports and suspense accounts are regularly reviewed.

3. Action Plan


28

Appendix C SUMMARY OF FINAL ICT AUDIT REPORTS ISSUED. Applications Management 1. Background

Charnwood Borough Council has many key applications in operation. A list of the key applications and the associated owners was obtained from the Information Security Policy. This list highlights approximately 19 areas of key software in use throughout the Authority. In order for efficient and effective service delivery it is vital that key applications are managed and supported to prevent any disruptions to the service. Currently ICS have responsibility for corporate applications and back office services have responsibility for their specific applications. These contracts are managed by ICS Services within the Corporate Resources Directorate


ASSURANCE RATING: MODERATE

CORPORATE SIGNIFICANCE: MEDIUM

Assurance Internal Audit can give moderate assurance to those charged with governance. Whilst there are no serious weaknesses in the internal control environment within the areas reviewed, there is a need to further enhance controls and to improve the arrangements for managing risks.

29

Based upon the work undertaken during the review, there are satisfactory arrangements are in place to ensure that there is appropriate patching and that upgrades are undertaken promptly. There are appropriate Business Continuity and Disaster Recovery plans in place. However, there was no evidence of arrangements to ensure there is adequate monitoring of support/maintenance contracts for applications.


The corporate significance of this audit has been assessed as MEDIUM on the basis of:

General risk of financial loss between £10,000 and £100,000 Potential cases of fraud or corruption up to £10,000 Service failures would have moderate impact on customers Risk of moderate reputational damage (local press) Direct link to identified corporate/operational risks

2.2 Key Findings


There is an IT Steering Group established which will oversee an IT User Group and the associated programme of work.

There are adequate arrangements in place for patching and upgrades.

There are Business Continuity and Disaster Recovery Plans in place.

All key applications are risk assessed.

However, from the work undertaken during the review, we have also identified the following area where there is scope for improvement to ensure that the system operates more effectively and efficiently:

System Ownership for back office applications is not clearly defined and relevant staff are not aware of their responsibilities regarding ownership.

The Information Security Policy Software Asset list does not include all key applications and is in need of updating.

It was not possible to locate all the support/maintenance agreements that are in place for key applications.

There was no evidence of any formal contract monitoring with external suppliers for back office applications.

30

3. Action Plan

Observation Risk Recommendation Priority Response/Agreed Action

Officer Responsible

Action Date

1.System Ownership for back office applications is not clearly defined and relevant staff are not aware of their responsibilities regarding ownership

No one is accountable if there was any breach relating to an application

1. 1. System Ownership needs to be clearly defined and relevant staff need to be made aware of their responsibilities for this ownership.

Medium Agreed – this will be addressed through the ICT Steering Group. An agenda item will be included for the June 2017 meeting.

ICT Steering Group ICT Service Delivery Manager (for agenda item)

Sept 17

2. The information Security Policy Software Asset list does not include all key applications and is in need of updating.

Unsupported applications may not be identified until a problem occurs.

2. 2. The ICT User Group should be tasked with updating the Software Asset List to ensure that all current key applications are included and ownership for these applications defined as per recommendation 1).

Medium Agreed – software asset list will be updated.

ICT Service Delivery Manager

Apr 2017

3. It was not possible to locate all the support/maintenance agreements that are in place for key applications.

Application is unsupported and becomes unusable.

3. Management should ensure that all existing application support agreements are located and ensure that they are still valid.

Medium Agreed – It is important to formalise vendor relationships. We will make reasonable endeavours to obtain support/maintenance agreements. Will be addressed in conjunction with Recommendation 1.

System Owners Dec 2017

4. There was no evidence of any formal contract monitoring with

Issues occur and then have to be resolved rather than be

4. There should be formal ICT contract monitoring meetings with key suppliers of IT applications and

Low Agreed – will be addressed in conjunction with Recommendations 1 and 3.

System Owners Dec 2017

31

Observation Risk Recommendation Priority Response/Agreed Action

Officer Responsible

Action Date

external suppliers for back office applications.

prevented through regular communication and contract monitoring with suppliers.

systems being operated within Charnwood Borough Council

32

Appendix D

Follow Ups: Recommendations Not Implemented By the Agreed Date as at 31st March 2017.

Audit Observation Recommendation

Priority Agreed Action Agreed

Date

Responsible Officer Comments

Voids Management

1. Housing Management System Data Various elements of the testing undertaken during this review identified inaccuracies in the recording of data on the housing management system (QL) whereby manual records did not match the information held on the system these include:

Date recorded

on key register

Post inspection

1. The procedures for recording voids data on the housing management system are reviewed and guidance notes produced for officers to ensure consistency in the recording of data.

Medium Agreed It has also been identified that there is a fault in QL where dates are defaulting to the wrong date. It is not possible to check this retrospecitively so it will investigated by the QLIT team next time it occurs QL system issues will be investigated and resolved.

December 2016 Revised to July 2017

Senior Allocations and Lettings Office and Repairs and Investment Manager.

Jan 17 – Repairs and Investment Manager reported there was no change. They have identified no recurrence of this and that it will be reviewed as part of the void repairs review to commence in the next financial year (2017/18)

33

dates

Repairs

completion

dates.

Asset Management 2016/17

1. Of the 150 assets checked through various methods of testing, it was found that 4% (6) assets could not be found.

1.2 A cleansing exercise is regularly undertaken to ensure all information on the register is accurate and the assets are still where they should be.

Medium Agreed. December 2016 Revised to May 2017.

Service Desk Manager

Feb17 – Partially Implemented – one spot check of 10 assets completed but initial full cleansing exercise not completed and neither has a schedule of regular spot checks been developed. Apr 17 update - Meeting has been requested by ICS with Audit to discuss implementation of these recommendations

34

following issue of follow up email. The meeting is scheduled for mid-May 17.

Asset Management 2016/17

2. Not all mobile workers have signed the current mobile working policy, a good proportion of these are long standing employees, whereby permission was given by Human Resources for them to work from home.

2.1 A review of those who are recorded as 'mobile workers' is completed to ensure all those employees listed wish to remain a mobile worker and that they have signed the current Mobile Working Policy.

Low Agreed as per recommendation.

January 2017 Revised to May 2017

Information Technology Delivery Manager/Improvement and Organisational

Feb 17 - Not implemented. Apr 17 update – Meeting has been requested by ICS with Audit to discuss implementation of these recommendations following issue of follow up email. The meeting is scheduled for mid-May 17.

35

Documents

AUDIT COMMITTEE - Charnwood · AUDIT COMMITTEE – 12TH JULY 2017 Report of the Head of Strategic Support Part A ITEM 09 INTERNAL AUDIT PROGRESS REPORT Purpose of Report The report