Issue - meetings

[To receive an annual internal audit report 2021-2022 update.]

Peter Farrow, Head of Audit, presented the Annual Internal Audit Report 2021-2022. He provided the Committee with an overview of the Audit review process for the benefit of the new members in attendance.

He advised the Committee that the cyber security and disaster recovery review was completed at a satisfactory level of assurance.

The Committee were advised that three limited assurance reports were made during the year and had been reported previously to the Committee.

He advised that action was being taken to address the recommendations.

The Head of Audit was able to provide an unqualified opinion, based on a 12- month period. He was confident to give reasonable assurance, that the Council has adequate and affective governance/ internal controls and risk management process in place.

In response to a question raised by the Chair of the Committee regarding cyber security. The Head of Audit advised that the Council was signed up to the National Cyber Security to receive updates on emerging risks. He advised that Jai Ghai, Head of ICT, would provide members with a cyber security update at the next meeting.

In response to a question raised by Armstrong Ngoh, Independent Member, regarding the ICT development and testing. Ian Cotterill, Audit Business Partner, advised the Committee that programme testing/ backup and restore, for all Council systems are practiced regularly.

The Chair of the Committee commented that at future meetings, a risk or risks may be identified by the Committee for a deep dive, and that in such cases, the relevant risk owner would be invited to the following meeting in order to provide further details to the committee on how that particular risk was being managed. The Head of Audit advised that this was considered good practice for the Committee.

The Chief Operating Officer advised the Committee that a report on disaster recovery and local flooding would be bought to the Committee.

Resolved:

That the contents of the Annual Internal Audit Report and the overall opinion that “based on the work undertaken during the year, the implementation by management of the recommendations made and the assurance made available to the Council by other providers as well as directly by Internal Audit, Internal Audit can provide reasonable assurance that the Council has adequate and effective governance, risk management and internal control processes” be noted.