Issue - items at meetings - Internal Audit Reports - Assurance Opinion Limited Issued Quarter 3
Issue - meetings
Internal Audit Reports - Assurance Opinion Limited Issued Quarter 3
Meeting: 28/01/2020 - Governance Committee (Item 27)
27 Internal Audit Reports - Assurance Opinion Limited Issued Quarter 3 PDF 81 KB
Report of the Interim Head of Shared Assurance to follow.
Additional documents:
- Appendix 1 for Internal Audit Reports - Assurance Opinion Limited Issued Quarter 3, item 27 PDF 212 KB View as DOCX (27/2) 279 KB
- Appendix 2 for Internal Audit Reports - Assurance Opinion Limited Issued Quarter 3, item 27 PDF 261 KB View as DOCX (27/3) 317 KB
Minutes:
The Council’s Interim Head of Shared Assurance presented a report which provided the complete audit reports for 2019/20 where the opinion was of limited assurance.
The first audit report presented was performance management. Members were advised that there were significant areas of weaknesses. Internal Audit looked at a number of performance indicators and found 18/31 definitions were ineffective, and no evidence was found to support officer data. Since the audit, management actions had been devised with Leadership Team and the Policy and Performance Manager with some work now completed.
Following a member query, it was confirmed that some actions contained within the management plan would remain ongoing throughout the year.
In response to a member enquiry regarding data owners’ responsibilities, the Interim Head of Shared Assurance confirmed that Leadership Team were responsible for the data owned with the Policy and Performance Manager responsible for ensuring that a Data Quality framework was in place.
The Interim Head of Shared Assurance presented the second audit report on General Data Protection Rules (GDPR). Members were advised that the report focused on implementation and compliance with GDPR and performed a gap analysis. There were two opinions formed, both of which had a limited rating. The Interim Head of Shared Assurance advised members that the action plan did not yet contain agreed actions due to sickness and annual leave. The management actions would be brought back to Committee in March.
It was provided that Internal Audit had
conducted spot checks and found several issues with the way that
data contained on paper was being stored, such as boxes being left
in open areas. Although it had been noted the data held on
computers was stored better, computers were locked by staff when
away from desks.
In response to a member enquiry, the Interim
Chief Executive explained that a wider culture change was needed in
order to become more compliant, it was recognised that there was a
need for the Council to become paperless to reduce
risk. Members were advised that the
Senior Risk Information Officer (SIRO) had now been appointed and
senior officers were now recognising the importance of data
management.
Following an enquiry, members were advised that the internal audit report on GDPR was available publicly.
RESOLVED: (Unanimously)
That the report be noted.