Agenda item


A report by John Scott, Internal Audit Manager


John Scott reported on progress with the work undertaken by Internal Audit in 2021/22.


As at 31stMarch, 97% of the revised 2020/21 Audit Plan had been completed. In this period, five assurance reviews had been completed and had received the following assurance ratings:


• Council Tax – Substantial

• IT Assurance Map update – Limited

• Housing Benefit & Council Tax Support – Substantial

• Accountancy Key Controls – High

• Payroll – Substantial


Two further audits were at the draft stage: Governance and Risk Management & Counter Fraud.


The IT Assurance Map update, a review against IT security best practice conducted by Internal Audit’s ICT auditor, had made 4 High priority and 9 Medium priority recommendations.  There were still further actions to be completed, particularly around the development of IT security policy and procedures. 


The IT team at Boston had joined with PSPS and, over time, would adopt their IT governance arrangements.  PSPS and its team would address and monitor the agreed actions, and provide updates to management through the Assistant Director – Organisation and Corporate Services, who oversaw the PSPS ICT Service Level Agreement, and the Audit and Governance Committee during 2021-22 as part of their implementation plan.


The report highlighted the control areas that needed improvement.  However, it was found that many areas were operating in accordance with good practice.  Further details were contained in Appendix 1.


An update giving the position of all recommendations as at 31stMarch was attached at Appendix 3.  The 2021/22 Audit Plan, which would start May, was shown in Appendix 4.


In response to questions, it was explained that ISO 2701 stood for International Standard for Information Security.


A Member queried whether the Council had not taken action where needed with respect to IT because it was moving over to PSPS. 


Mr Scott confirmed there had been some delay in completing some previous actions and some remained outstanding.  However, it was hoped that the transition to PSPS and the capacity available within PSPS would ensure that those areas were addressed quickly.  This would be monitored and regular updates would be reported to the Committee, as requested by the Chairman. 


A Member was concerned the transition couldleave the Council open to risk of cyber hacking etc. and felt it would be essential to keep the Committee up to date on a regular and timely basis.


The Assistant Director – Organisation and Corporate Services recognised the number of outstanding recommendations from the audit and assured the Committee that the move to PSPS would provide the ICT service with much greater capacity and expressed confident that the service was addressing them in as short a timescale as possible.


The Chairman commended the move to PSPS and felt reassured that many issues with be resolved and that the Committee would receive regular updates on progress.


Other Members agreed.  It was remarked that although some should perhaps have been resolved sooner, this was certainly not a criticism of the Council’s IT staff, who were an excellent team, but did not have the capacity to deal with all the current demands, particularly security. 


In response to a question about ensuring council tax payments were up to date as EU nationals left the country as a result of Brexit, the Section 151 Officer explained that council tax was a tax on the property, not the individual, which minimized the risk to some extent.  There were processes in place to make sure that people paid their council tax up the time of leaving.  It was not anticipated that a large number would leave at the end of June.  However, the comments would be fed back to the manager for her view.


Action: AS

Contact the Housing Benefit and Council tax Manager for her view on the effect of the resettlement of EU nationals on arrears of council tax.


The report was noted and the progress reported was commended.

Supporting documents: