Decision details

Ruth Lowry, chief internal auditor, presented a report on the work undertaken by the Internal Audit Service for the period to 28 February 2013.

It was reported that during the period since December 2012, the Internal Audit Service had reported assurance in relation to emergency planning, payment of staff expenses, officers' declarations of interest and of gifts and hospitality, and the carbon reduction commitment. 

It was noted that since the publication of the agenda, new evidence had been submitted in respect of the carbon reduction commitment and that the level of assurance had been revised and upgraded from 'limited' to 'substantial'.

Reference was made to a briefing meeting held on 11 March 2013 between members of the committee and officers to discuss the progress being made to re-invigorate the council's information governance arrangements. The committee was advised that measures had been put in place and that the County Secretary and Solicitor had been appointed to the role of senior information risk officer (SIRO).  Despite this assurance the committee reiterated their concern that the council was not compliant with the standards required for information governance.  It considered that the council's information governance arrangements exposed the council to significant risk which should be reflected in the county council's annual governance statement with an indication that appropriate action would be taken to remedy the situation following the transfer of the SIRO responsibilities to the Council.  It was agreed that the Chairman of the committee would write to the chief executive and the monitoring officer drawing attention to these concerns.

Reference was also made to the concessionary travel scheme which had been awarded 'limited' assurance. 

In commenting on the presentation of the progress report, the committee suggested that it would be helpful if the report contained a summary listing all 'limited assurance' from the previous quarter and the action taken by management. In response, the committee was advised that this information would be included in the annual progress report to be presented to the next meeting on the 24 June 2013. 

Resolved:   i)  That the internal audit progress report for the period to 28 February 2013 as now presented, be noted. 

  ii)  That the significant risk posed by the council's information governance arrangements be reflected in the county council's annual governance statement for the year ending 31 March with an indication that appropriate action will be taken to remedy the situation following the transfer of the senior information risk officer (SIRO) responsibilities to the Council.

iii)  That the Chair of the committee be requested to write to the chief executive and the monitoring officer drawing attention to the concerns of the committee in relation to the council's information governance arrangements.