Decision details

8.1     The Committee considered a report by the Director of Finance, Performance and Procurement and the Head of Southern Internal Audit Partnership (copy appended to the signed minutes).

8.2     Mr Pitman, Head of Southern Internal Audit Partnership, introduced the report and informed the Committee that the Annual Internal Audit Opinion for 2017/18 was Satisfactory.

8.3     The Committee made comments including those that follow.

·         Queried if DOLS were a key issue for other authorities.  – Mr Pitman explained that a recent change in legal requirements had brought this under the microscope for local authorities.

·         Asked if the one hundred day plan for Adult Social Care would address concerns.  – Mr Pitman commented that the plan would address some of the issues.  Ms Eberhart reported that governance would be overseen by the Adult Improvement Board.

·         Sought clarity on the actions for business resilience.  – Ms Eberhart explained that it was important to understand the distinction between contingency and emergency plans.  Business resilience focused on specific services and contingency plans needed proper rigor checking.

·         Questioned the testing for resilience with regard to power outages and virtual attacks to data.  – Mr Pitman explained that these tests were part of the IT audit plan.  Ms Eberhart reported that a white hacker had conducted an attack on the County Council’s system and reported that it was robust.  The attack had taken two days to breach the firewall, compared to previous tests where it had only taken eight hours.  The Committee queried if training was given to officers on phishing tactics.  Mr Chisnall explained the mandatory training modules for staff on IT security.

·         Queried General Data Protection Regulation (GDPR) and if the County Council was fully compliant.  – Mr Pitman explained that local authorities had clear guidance for GDPR requirements.  Full reassurance could only be given when a review was undertaken.

·         Queried the lack of opinions for the schools listed in the report.  – Mr Pitman explained that it was unusual to provide a specific audit opinion for each school.  Mr Pitman agreed to share his comments on each school with the Committee.

·         Asked for progress on previous recommendations.  – Mr Pitman informed the Committee that a progress report would be included within the annual report.

·         Queried what would be required to receive a substantial assurance rating.  – Mr Pitman commented that in the current climate with a large and diverse authority, satisfactory is a good rating to receive.

8.4     Resolved – That the Committee approves the annual audit report for the year ended 31March 2018.