Skip to main content

Agenda item

Internal Audit Progress Report

Purpose

To present a summary of the audit work concluded since the last meeting of this Committee.

 

Recommendation

That the Audit and Governance Committee resolves to NOTE the report.

Minutes:

The purpose of the report was to present a summary of the audit work concluded since the last meeting of this Committee.

 

The Assistant Director of SWAP Internal Audit Services presented the report which was an update on the Internal Audit team's work for Cotswold District Council. The report was extensive, covering eight final audit reports—three with substantial assurance, two with reasonable assurance, and one with limited assurance. Additionally, two advisory reports were issued due to service transitions back to the Council from Publica, with no assurance ratings provided.

 

An update on Open Agreed Actions was included in Annex B, along with a draft plan for 2025-26, which members were invited to review and provide feedback on.

 

Councillors asked for clarity around the Emergency Planning function.  It was confirmed that this service would remain within Publica, and that a Section 113 agreement was in place, allowing statutory officers across Cotswold, Forest of Dean, and West Oxfordshire District Council to provide strategic-level emergency planning support. Tactical-level support was adequately covered by Publica staff within the emergency planning team, with a detailed on-call rota and guidance in place. The Emergency Planning Service, when reviewed by the three partner councils, was considered to be robust under existing arrangements. While the nature of strategic-level support had changed for major incidents, tactical-level coverage remained sufficient.

 

The Committee raised concerns about the data protection and data breaches section and asked if the suggestions offered in the report were mandatory as the issues reported needed to be addressed. It was noted that the advisory report was conducted during a period of transition within Publica, and the data breach register was initially found to be of poor quality. Since then the data breach register had improved to meet expected standards as per the audit which followed best practices based on guidance from the Information Commissioner's Office.

 

A broader issue was identified regarding internal controls, particularly as services transferred from Publica to the Council. The Deputy Chief Executive emphasised that these concerns would not be ignored, and assured Members that a review of internal controls would take place.

 

Specific concerns were raised about human resources, including the lack of corporate monitoring of sickness absence reporting. It was acknowledged that approaches that had worked for Publica might not be suitable for the Council and might require modification.  Assurance was given that advisory findings and best practice recommendations would be addressed. The Audit and Governance Committee would receive an update at its next meeting in May, detailing identified issues, actions taken, and further steps required.

 

The Planning Advisory Service was expected to review the planning service in March, likely recommending improvements related to internal controls and governance.

 

The Committee raised concerns about potential GDPR breaches in relation to data breaches. It was unclear whether a statutory breach had occurred, the Assistant Director of SWAP committed to reviewing this and updating the Committee.  A follow-up audit for both HR and data breaches would be included in the 2025-26 audit plan to ensure continued oversight.

 

It was suggested that audit judgment gradations (e.g. high, reasonable, limited) be visually clarified using a colour-coded system for easier interpretation.

 

Significant gaps were identified in budget monitoring, particularly regarding oversight of members' expenses and the lack of evidence for claims.

he Deputy Chief Executive acknowledged that budget monitoring had been insufficient and emphasised that the issue was not fraudulent claims but an administrative oversight related to a Special Responsibility Allowance. Improved monitoring measures had been introduced, including clearer responsibilities for Democratic Services and enhanced oversight of payroll changes, with monthly reports now being reviewed to ensure accuracy and mitigate reputational risks for Cotswold District Council.

The audit report identified some unspent allocation in both the UK Shared Prosperity Fund (UKSPF) and the regional Strategic Partnership Fund (RSPF). The Committee asked what actions were being taken to ensure the remaining £71k of Royal Agricultural University (RAU) Growth Hub funding would be spent effectively before the March 2025 deadline, and how were the project's outcomes being aligned with UKSPF and RSPF objectives to avoid repayment risk. The Deputy Chief Executive reassured and confirmed that adequate steps had been taken to minimize the risk and ensure the effective use of resources within grant conditions and the overall framework. An overview of spend would be provided in May.

 

The Committee discussed unresolved suspense account balances dating back to 2020, audit trail issues, and negative balances in revenues and benefits. The following actions are being taken:

  • Historic suspense account values would be reviewed as part of the year-end process, with a firm implementation deadline of 31 March 2025. A final review to resolve any remaining discrepancies would be scheduled after financial year-end.
  • Accurate reconciliation to be assured by matching payments to the correct accounts through regular reviews.
  • Collaboration between finance and revenues staff to minimize errors and unclear balances.

 

The Committee thanked the Assistant Director for her report.

 

Resolved: The Audit and Governance Committee noted the report.

 

Supporting documents:

 

Related Pages