Agenda item

Report of Moyra McGarvey, Shared Services Director for Audit, Fraud, Risk and Insurance.

5.1     Moira Mackie, Senior Internal Audit Manager, introduced a report that provided details of the work carried out by the Council’s Internal Audit service in the reporting period. The paper highlighted that in the areas audited internal control systems were generally effective although five limited assurance reports had been issued.  Follow up reviews completed in the period confirm that the implementation of medium and high priority recommendations had been consistently effective.

5.2     The committee discussed the limited assurance relating to an audit of corporate services monitoring of Internet and social media use.  Members were especially concerned that filters and blocks applied to the network are not tested for any ‘work arounds’ or weaknesses that can be exploited which can potentially allow access to inappropriate Internet sites.The committee was concerned by the potential security implications that this could expose the authority to. 

5.3     Members noted that Internet activity reports are not produced on a regular basis to enable managers to monitor usage by staff.  Ms Mackie explained that while general guidance and protocols on the use of social media tools exist it was unclear whether these have been circulated to staff or that all staff know about them.  She clarified that despite the lack of data reports provided to managers it was a manager’s responsibility to monitor their staffs’ activity.  There was a likelihood that where staff are office-based managers will be in a position to identify instances of exclusive personal use of the internet.

5.4     Moira Mackie advised the committee that the Head of Information Services had accepted the recommendations and was working to implement them.

5.5     The committee discussed the fact that while there was supposed to be a separation between the emails they receive in their capacity as councillors and their private correspondence in practice this is often not the case.  They considered that given the ever increasing threat of malware and viruses it would be useful for all members to receive a dedicated training session on IT/digital security.

5.6     The Committee noted that while the audit of Procurement Governance had received a satisfactory assurance three medium priority recommendations were made to ensure that weaknesses identified are effectively addressed.  This included ensuring that sufficient time is built into the process for appropriate exit planning prior to contracts expiring. The committee had raised concerns at its meeting on 30 June about non-compliance with the completion of mandatory information into the capitalEsourcing system.  This had led to a number of contracts needing to be extended because insufficient time had been available to progress new procurements.  Ms Mackie advised that the Procurement Service team had recently undertaken a great deal of training and publicised guidance to contract managers on their responsibilities.  The City Treasurer advised that compliance with this requirement was being reported to EMT to ensure that the situation improved.

5.7       RESOLVED:   That the report be noted.

5.8       ACTIONS:

1.     The Committee would like to know whether any of the server problems experienced by the authority in the last few months could have been caused by the misuse of Internet usage by staff exposing the Council to viruses or malware.

(Action for: Ben Goward, Tri-Borough Head of Digital Services)

2.     Given the volume of digital correspondence received by councillors and the lack of division between these and their private emails the committee considered that it would be useful for all members to receive a dedicated training session on IT/digital security.

(Action for: Ben Goward, Tri-Borough Head of Digital Services, Janis Best, Member Services Manager)

.