The Committee will consider a report of the Head of Internal Audit and Risk Management summarising the work carried out by Internal Audit since April 2009.

The Committee considered a report of the Head of Internal Audit and Risk Management summarising the work carried out by the Internal Audit since April 2009.

The Committee was informed that:

(i)                  Internal audit had agreed a total of 55 Priority 1 or high level recommendations with management since April 2009. Priority level 1 recommendations were linked with a high level of risk and defined as being those where major issues had been identified for the attention of senior management.

(ii)                Six Priority 1 recommendations had been made in relation to Data security and Transfer during the year 2008/09. This related to how data was held and transferred out of the authority. The Council was investigating how to make key data streams more secure. Seven Priority 1 recommendations had been made in relation to Capital Contracts. However, positive improvements had already been achieved within this area.

The Committee discussed the recommendations that had been made within the report:

(i)                  In relation to Self Directed Care, the Committee raised concerns over the level of monitoring that would be required, and whether the care allowance system would be subject to misuse. The Assistant Director of Commissioning Care Services stated that a number of measures would be put in place to ensure adequate monitoring and appropriate use of funds. Most service users were currently using carers who had been commissioned by the Council or received care from family members. Nevertheless, Self Directed Care was a high risk area and would be audited on an annual basis.

(ii)                The Assistant Director of Highways and Transport explained that Parking Contracts was included as an outstanding recommendation owing to the high level of finance and evolution involved in this area. New developments had reduced the volume of money being handled, although the figure remained significant. Another audit was due to begin in January 2010 where it was hoped that the risk level would be reduced.

(iii)               The Committee was informed that with regards to a nursery school which previously had CRB checks outstanding, a reminder had been issued and the Children’s Services and Culture Department was due to carry out an inspection to resolve this.

(iv)              In relation to Data Security and Transfer it was reported that the ICT Department was in the process of recruiting a new ICT Manager. This had impacted on the development of data transfer protocols. It was explained that this recommendation related to the transfer of data to third parties such as NHS Richmond, and did not include the transfer of data between Council employees (though this was also subject to strict data protection regulations).

(v)                It was explained that since the recommendations for Capital Contracts had been made in 2008/09, new procedures had been set up to reduce the risk levels. These procedures would take effect when the contracts were due for renewal and at this point another audit would be carried out. The contracts being audited ranged from those of £100, 000 to £1 million.

The Committee thanked the Internal Audit and Risk Management team for the presentation of a comprehensive and accessible report.

It was RESOLVED:

(i)         that the monitoring report and the current performance of internal audit be noted.

(ii)        that the assurance levels and management action in respect of audit reviews undertaken be noted.