REPORT OF THE SHARED INTERNAL AUDIT SERVICE
To receive the SIAS Progress Report for the Internal Audit Plan 2023 -2024 as of 20 October 2023.
Decision:
RESOLVED: That the Committee:
(1) Noted the SIAS Progress Report for the period to 20 October 2023.
(2) Noted the implementation status of the reported high priority recommendation.
(3) Noted the plan amendments to the 2023/24 Annual Audit Plan.
Minutes:
Audio recording – 4 minutes 4 seconds
The Head of Assurance presented the report entitled ‘SIAS Progress Report Update 2023-2024’ and drew attention to the following, that:
· At the time of the report there had been two final audit reports a further Freedom of Information (FOI) report had been finalised and sent to the Committee.
· The high priority recommendation was highlighted in appendix D with a revised completion date of 15 December 2023.
· There were no new plan amendments however the Houses in Multiple Occupation (HMO) audit had been moved to quarter four for resourcing reasons.
· The Digital Strategy draft report had now been issued, and the Software Licensing report was imminent.
· The report showed the Planned Projects completion as 25% this had now increased to 33%.
· The delivery of the plan was slightly behind schedule, but there were several projects that had recently commenced field work and there were projects waiting for a mutually agreeable start date.
· The overall picture remained as cautiously optimistically on the completion of the plan.
The following Members asked questions:
· Independent person John Cannon
· Councillor Sean Nolan
In response to questions the Head of Assurance stated that:
· There were three Churchgate audits occurring, the completed audit looked at the Governance Framework to manage the project and that report was returned as reasonable assurance with a consideration regarding the operational risks of the project, which had now been addressed.
· The Churchgate Ongoing Project Assurance was scheduled for quarter 4 and the Churchgate Landlord Compliance was expected in quarter 3.
· The FOI audit looked at the Information Commissioner and internal audit reports from other authorities and compared the findings to practices at NHDC, with the conclusion that there were reasonable assurances, however work was required on staff training and the reporting of statutory information which was a statutory indicator.
· Overall, there had been more Council breaches from the release of personal data through GDPR requests than FOI, however when personal data was released in a FOI request, this may lead to a GDPR breach, ongoing staff training was therefore essential.
· Whilst GDPR was mandatory training the FOI training was optional, and this was being reviewed.
· FOI requests should be completed by Council Officers and screened and controlled by FOI Officers accordingly.
· The FOI training had been completed by 59% of employees, but the training was not mandatory.
· Any FOI requested were dealt with by well-trained FOI Officers.
· There were some concerns that FOI requests were not always received directly to the FOI team and Officers needed to be aware that any requested needed to be logged and sent to FOI team for responses.
· Data protection training was mandatory at most Councils.
· No serious FOI or GDPR breaches had occurred at NHDC.
Councillor Tom Plater proposed and Councillor Clare Billing seconded and, following a vote, it was:
RESOLVED: That the Committee:
(1) Noted the SIAS Progress Report for the period to 20 October 2023.
(2) Noted the implementation status of the reported high priority recommendation.
(3) Noted the plan amendments to the 2023/24 Annual Audit Plan.
Supporting documents: