Audit and Governance Committee Minutes

Audit and Governance Committee Minutes

Thursday 7 February 2013
10:00 a.m.
Oberhausen Room,Town Hall, Middlesbrough

Attendance Details

Junier, (Chair), Harvey, P Khan.
B Baldam, P Clark, H Fowler, S Harker, I Hope, N Pocklington, B Roberts and J Wilson.
Apologies for absence:
were submitted on behalf of Councillors Hawthorne, C Hobson, Loughborough and Taylor
Declarations of interest:

There were no declarations of interest at this point in the meeting.

Item Number Item/Resolution

The minutes of the meeting of the Audit and Governance Committee held on 6 December 2012 were taken as read and approved as a correct record.


The Senior Scrutiny Officer presented a report outlining concerns raised by the Tees Valley Audit and Assurance Service (TVAAS) in respect of a Microsoft Access database system used for processing payments to foster carers. (TVAAS) undertook an audit into the bespoke database system and also looked at the SWIFT Foster Carers’ Payment Module that was purchased from Northgate in 2004 to replace it. The bespoke Microsoft Database was used for processing payments to foster carers of approximately £36,000 per week and it was essential that the Council retained the goodwill of its foster carers by paying them correctly and on time.


A number of concerns were highlighted in the Auditor’s report and only limited assurance was given. The Audit and Governance Committee were informed that management had failed to act on the agreed recommendations contained in the Internal Audit Report issued in August 2012. The Audit Report made a Priority One recommendation, the highest level of priority for action, and failure to deliver this action placed the service at significant risk.


The SWIFT/Northgate Foster Carer Payments Module was purchased in 2004 as a replacement for the bespoke Microsoft Access system that had been developed in-house. The Northgate system was still awaiting implementation and in its current state, it was now not fit for purpose. Consequently, the bespoke system continued to be used.


Although it was feasible to continue in the short to medium term with the bespoke system, an examination of the controls highlighted significant risks, which needed to be addressed if the system was to continue to be used for any length of time. These risks were mainly associated with the database, as it was not formally supported and the data was stored locally and not backed up. However, a more imminent issue was that there was only one member of staff who had provided support to the stand-alone database and had IT knowledge of the application. Therefore, for a system crucial to the payment of foster carers, the service was faced with a single point of reliance.


The audit identified a range of concerns. The Council was paying a licence and support fee for the SWIFT Foster Carer Module, which had not been implemented. The Council was operating a bespoke database system, which was written in-house by an employee who had since left the Council. The system support had never been adopted by Mouchel and therefore the service was operating a system which was not formally supported.


It was the responsibility of departmental management to ensure that agreed recommendations emerging from Audit reports were implemented within the agreed timescales, and that this action was reported back to Internal Audit.   Consequently, service representatives had been invited to the meeting to provide an explanation for the apparent lack of action to the 2012 Audit Report.


The Service Manager, Specialist Services, explained that there were a variety of reasons why the SWIFT system had not been implemented. One of the main reasons was technical issues with the software. When the system was tested it had failed. The other crucial factor was that it was reliant on information inputted into another system - the Integrated Care System (ICS). There was a lack of confidence that the information on the ICS was not up-to-date and a risk that foster carers would not be paid. The Deputy Director, Safeguarding and Specialist Services, had therefore put a stop on the implementation of the system.


Following the publication of the Audit Report in August 2012, the Service Manager, Specialist Services, had met with representatives from Mouchel and the ICS Data Team to ascertain whether a more reliable replica system could be developed. However, Mouchel were unwilling to re-create a similar system to the one in use.


The Government had recently provided the Authority with an Adoption Improvement Grant, the purpose of which was to purchase an IT system to facilitate the postbox system. The postbox system was in place to maintain indirect contact between looked after and adopted children and their birth families and was currently operated manually. Service representatives had attended a demonstration of an IT system that provided a variety of other applications including a payment system for foster carers. A report had been submitted to the Senior Management Team recommending the purchase of the electronic postbox system.


The Deputy Director, Safeguarding and Specialist Services, commented that he was fairly confident that in the medium term, in-house staff were able to maintain the Access Database for the bespoke system whilst pursuing the purchase of a new system.


AGREED that:

1. the information provided be received and noted.
2. the item be deferred to the next meeting of the Audit and Governance Committee for further consideration.
3. attendance of the Council’s IT Service Representatives was required at the next meeting of the Audit and Governance Committee to be held on 7 March 2013 at 10.00 am.


The Audit Manager presented a report to inform Members of the progress made to date in delivering the 2012/2013 Internal Audit Plan and any developments likely to impact on the Plan and other agreed performance measures throughout the remainder of the year. The submitted report also outlined the main findings from any 2012/2013 internal audit reports that had been issued in final so far this year and provided an update on the progress made to implement recommendations made as a result of audit work undertaken in both the current and last financial year. The total number of planned audit days for 2012/2013 was 1,325.


To date, the Tees Valley Audit and Assurance Service (TVAAS) had issued a number of 2012/2013 reports in final. A brief summary of the main findings of each of these audits, together with the overall assurance opinion and the number of recommendations made, was provided in Appendix two to the submitted report. Appendix three provided a summary of the progress made by management to implement recommendations made as a result of audit reports issued from the previous year’s internal audit plan. The fourth appendix detailed the changes to the agreed audit plan.


At the end of January 2013, 50% of planned audits had been completed which was slightly behind schedule to reach the target of 100% by the end of the financial year. There had been some staff sickness absence and a number of audits in the plan had been deferred for a variety of reasons. However, the TVAAS would be focussing on Middlesbrough audits for the remainder of the year and the Manager was confident that the target would be met. All other performance measures were on target or had been exceeded.


Details of the internal audit reports from the 2012/2013 audit plan that had been issued in final during the current financial year were provided in Appendix 2 to the submitted report. A total of 124 recommendations had been made. Of six Priority One recommendations made this year to date, four had been implemented, one had not yet reached the agreed target date and the remaining one had already been discussed at the Audit and Governance Committee meeting. Whilst a number of recommendations were still outstanding this did not necessarily mean that they had not been implemented but possibly that the evidence had not yet been provided to TVAAS. A clearly defined process for following up on the implementation of recommendations was under discussion. All recommendations would be loaded onto a database and service areas would be able to update the schedule themselves once recommendations had been implemented.


The majority of recommendations made in 2011/2012 had been implemented, however some could not be followed up, for example where a school had become an academy or where a recommendation had been picked up in another more recent audit. An analysis of all 478 recommendations made in 2011/2012 was shown at Appendix 3 to the submitted report.


Appendix 4 to the submitted report provided details of significant variations to the 2012/2013 Audit Plan. For various reasons, a number of audits had been removed from this year’s plan, many of which would now be undertaken in 2013/2014. In some cases, a different piece of work was proposed as a replacement for the area deferred. However, in other instances the time planned for that audit had not yet been allocated other than to be an addition to the contingency allocation of time. A number of additional assignments had been carried out using the contingency time allocation.


It was highlighted that due to a reported fraud elsewhere, a review had been undertaken to examine the control environment in place relating to the management of the credit fund that was attached to the Council’s contract with Vodafone. It was explained the contract was tendered every three years to ensure best value. The cost of handsets, rental and calls, as well as the different benefits that were offered, were examined to ensure that the Council received value for money on the mobile phone contract.


AGREED that the information provided be received and noted.


The Deputy Director of Resources suggested that Members might wish to receive a presentation on Information Governance at a future meeting of the Audit and Governance Committee.   


AGREED that arrangements would be made for a presentation to the Audit and Governance Committee on Information Governance.

Powered by E-GENDA from Associated Knowledge Systems Ltd