Agenda item

To consider report FIN/455 of the Audit and Risk Manager.

The Committee considered report FIN/455 of the Audit and Risk Manager.  The purpose of the report was primarily to update the Committee on the progress made towards the completion of the 2018/2019 Audit Plan, and to report on the progress made in implementing the previous recommendations.  The report also included an update on the Council’s Strategic Risks.

The Audit and Risk Manager took the opportunity to brief the Committee on the high priority finding and follow up audits.  With regards to the former, the Audit and Risk Manager identified that non-compliance with the Procurement Code had been identified in the supply and recruitment of two ICT Consultants.  Following an in-depth discussion, the Committee:

·         Noted that this high-priority finding occurred in the context of a project which had itself been the subject of high-priority concerns.

·         Noted that the audit only related to the ICT Department, and that the Audit and Risk Manager felt confident that the issue of non-compliance with the Procurement Code when recruiting consultants was not a Council-wide issue.  The Audit report had been brought before a meeting of the Corporate Management Team and the information contained within it would be filtered down to all management.

·         Was advised that the Procurement Team had been restructured.  The team was now fully resourced and able to provide training where necessary.  Two new trainee Procurement Officers had also been recruited whose role included ensuring that the Procurement Code was followed across the Council.

·         Was reassured that the new Head of Digital and Transformation was aware of the previous non-compliance and taking action to avoid a recurrence.

·         Was informed of potential consequences should the Procurement Code not be followed.

·         Noted that, following the restructure of the Corporate Management Team, the Head of Corporate Finance was responsible for the Procurement Code.  Systems were now in place to cross reference contracts with payment requests.

·         Received clarification on the role of the Audit and Risk Manager with regard to the audit.

·         Was advised that actions had been agreed to improve the control environment and confirmation of those implementations would be brought before the next meeting of the Audit Committee.

·         Was provided more detail in relation to the recent IR35 changes.

The Committee then considered the follow-up to the Data Centre Migration Project audit and discussed the revised figures identified in the report which rectified the initial miscoding.  Following concern expressed by the Committee that this still left the project significantly over-budget; almost three years behind schedule and, notwithstanding this, unlikely to fulfil the original specification, the Committee strongly  recommended that an independent (external) review take place regarding the all the failures.  The Committee was assured that the follow-up audit would not be signed off until all agreed actions, including the review, had been cleared, or an alternative, appropriate action was agreed.  The Committee expressed its concern regarding the project overspend and strongly agreed that a review was necessary to understand how the overspend occurred, so that systems and practices could be put in place to avoid such a significant overspend in future.  The Committee was keen for a review to take place as soon as practicable.  The Head of Corporate Finance advised the Committee that an update report by the Head of Digital and Transformation would be discussed by the Corporate Management Team at its next meeting.  Following a question from a Committee member, the Head of Corporate Finance agreed to obtain confirmation as to when the Council would start to pay data hosting fees.  The Chair thanked the team, especially the Audit and Risk Manager, for the work which had been undertaken regarding the audit.

The Committee discussed the update provided on Strategic Risk Management.  The Committee noted that although work relating to the Corporate Assurance Group had not been detailed in the current progress report, it would be included in the next report to Committee.  The Town Hall Project Risk Register was discussed, with the Committee receiving clarification on a number of matters, including the financial implications of delaying the construction programme and the agreed budget for the project.

RESOLVED

That the Committee receive the report and note progress to date, as at 14 September 2018.