The report of the Deputy Chief Executive andCity Treasurer / Head of Internal Audit and Risk Management is enclosed.

The Committee considered the report of the Deputy Chief Executive and City Treasurer and the Head of Internal Audit and Risk Management that provided a summary of the audit work undertaken and opinions issued in the period April to December 2019.

The Head of Internal Audit and Risk Management introduced the key themes as set out within the report. The Chair then invited questions from the Committee.

A Member sought further information regarding the current vacancies within the Audit Department. The Head of Internal Audit and Risk Management stated that two temporary staff had been appointed to cover imminent vacancies and the intention was to have implemented a full review and restructure by the end of June 2020, following the appropriate consultations. He described that this programme of work was being delivered in conjunction with Bolton Council and he envisaged that this approach, in addition to reviewing the progression opportunities for staff would make Manchester an attractive and interesting place to work that would also help assist with the recruitment and retention of staff.

A Member enquired if staff with audit responsibilities across the schools’ estate were appropriately trained and competent to discharge their responsibilities. The Head of Internal Audit and Risk Management commented that appropriate oversight and support for this function was promoted across all schools for this critical role and advice and guidance, including lessons learnt was provided to Head Teachers. A Member commented that a service level agreement should be introduced regarding training for school business managers to assist them and support them in the areas of activity and themes that emerged from the audit work. The Head of Internal Audit and Risk Management stated that he would raise this with colleagues in the Education Department and the Schools Group with a view to progressing this, noting that issues seemed to arise when schools deviated from agreed purchase protocols and systems.

A Member sought clarification as to who was responsible for recommendations identified for schools and if any remained outstanding, where were these reported to and monitored. The Head of Internal Audit and Risk Management clarified that there existed a separate schools’ recommendations tracker and that they were monitored, and if areas of concern were identified these would be reported to the Executive Member for Children and Schools and if appropriate to the Audit Committee. He further stated that clarification would be sought as to whether any outstanding recommendations relating to schools needed to be included in the regular Outstanding Audit Recommendations report that was considered by the Committee.

The Head of Internal Audit and Risk commented that there was significant work required to improve Data Protection Impact Assessments (DPIA) and said that work had been undertaken to reiterate the importance for officers to complete these in a timely manner and a programme of actions had been agreed, in consultation with the City Solicitor to improve this area of activity. A Member noted the importance of this as failure to carry out a DPIA when required or to consult the Information Commissioner’s Office (ICO) when necessary, could lead to the Council facing enforcement action with the maximum financial penalty of 10 million euros. A Member commented that any information and guidance issued to staff in relation to DPIA’s should also be circulated to all Members.

In response to comments made regarding Section 106 money, the Head of Internal Audit and Risk Management stated that the audit of this activity had taken place during a period of change to this system. He stated that the planned improvements and identified key actions should significantly enhance the arrangements in place to monitor s106 agreements. A Member commented upon the importance of the development of a database that would enable records and information to be consolidated and supported the inclusion of this as an identified key action and recommended that this activity was reported back to the Committee, in particular the reported delays in the spending and movement of monies and the indications that there may have been a number of unspent historical balances remaining on SAP. The Head of Internal Audit and Risk Management stated that a progress report would be submitted to the Committee at an appropriate time.

In response to a question from the Committee regarding her opinion on the completion of DPIAs by officers of the Council, the City Solicitor stated that as an organisation the Council was still learning about Key Decisions and DPIAs and she was of the opinion that they were not purposefully not completed. She stated that the importance of this was recognised corporately and a programme of staff training, including the development of a template for staff to use and communications was ongoing to officers across the organisation. She further reiterated the importance of retaining the right data and information for the right amount of time. She stated that to support this the process required for staff completing DPIAs was appropriate and not too onerous for staff required to complete them and a user friendly guide had been produced and that this was continually reviewed, recognising the importance of the Group of officers who meet regularly to review and monitor this activity.

Decisions

The Committee;

1. Note the Internal Audit Assurance Progress Report to 31 December 2019.

2. Confirm and approve the proposed changes to the Internal Audit Plan 2019/20.