Agenda item

Report of the City Treasurer

8.1       The Committee considered a report that set out the key outcomes from the internal audit work carried out in the reporting period (November to December 2015.

8.2       The Committee noted the Internal Auditor’s opinion that the Council’s internal control systems based on the areas reviewed were generally effective, with no limited assurance audits issued.  Since the last report to Members two audits had been completed (Freedom Passes and Business Intelligence, neither of which identified any key areas of concern).

8.3       With regards to the audit undertaken on Freedom Passes officers were asked whether they had detected as part of their review examples of fraudulent applications.  Officers were referred to the fact that there had previously been examples of individuals making fraudulent applications for the purposes of committing identity fraud.  Moira Mackie, Internal Audit Manager, stated that the service was not aware of such activity but explained that this did not form part of the review.  She explained that when the Royal Borough of Kensington and Chelsea (RBKC) was appointed to administer the Disabled Person’s Freedom Passes Scheme on behalf of the City it spent time cleansing the data to determine where passes were no longer valid or required and could be deactivated.  The committee was informed that RBKC is able to validate home addresses in applications for their borough by cross-referencing against Council tax information.  However, RBKC is currently unable to cross match Westminster applications against Westminster’s Council tax information as it does not have an automatic ability to access the data which is held by Capita.  The committee has asked the Internal Audit Service to look at how this situation can be overcome to enable more efficient cross checking of applications.

8.4       The committee was informed that although no key controls testing had been undertaken by internal audit work on the Council’s key financial systems due to the ongoing implementation of the Managed Services Programme, the finance service had undertaken an extensive range of testing of systems transactions.

8.5       This testing had been undertaken, amongst others to mitigate the risks associated with the new system and had identified a range of issues which have been reported to the Managed Service Provider for correction and substantive resolution.  Internal Audit had reviewed the testing undertaken and is working with the Finance service to follow up on the actions taken to resolve the issues identified. 

8.6       In the period under review, two follow up audits were undertaken (College Park Special School and QEII Special School) which found that the implementation of recommendations was good with 100% of high and medium priority recommendations implemented or being implemented at the time of the review.

8.7       At the committee’s meeting in December 2015 members were informed of a no assurance audit report that was issued following a review of the controls in place over user logins across the Tri-Borough.  The committee was informed that progress on implementing the recommendations made to address the weaknesses identified in the current system were still being progressed.  A follow-up review would be undertaken during the first 6 months of 2016/17 to validate the progress.

8.8       RESOLVED: That the results of the internal audit work carried out during the period be noted.

8.9       ACTION: Provide the committee with a paper on cyber security including potential risks to the Council and measures in place for their prevention.  (Action for: Moira Mackie, Internal Audit Manager) (NB: an audit of Security Incident and Data Management has been included in the draft Internal Audit Plan 2016/17)