The Chief Internal Auditor introduced his report that identified and evaluated the performance of the Internal Audit Section and included items of note arising from the actual work undertaken during the period 1 September to 31 October 2016. The report focused upon:

·  Any items of note arising from audit work conducted;

·  Any issues arising that require actions to be taken by Members;

·  Performance information relating to the Internal Audit Service;

Members’ attention was drawn specifically to a number of items of note that had been identified, which included:

Cyber Security

An audit had been conducted of the Council’s Cyber Security position as it was widely acknowledged that effective controls in this increasingly high risk area were vital to public bodies as they were in the front line of the cyber criminal’s targets and (across the public sector) had recently experienced a dramatic increase in this type of activity.

The conclusion from the work undertaken was that Wirral had controls in place to address some of the business risks reviewed, however a number of areas were identified for improvement to address emerging risks and a ‘Moderate’ overall risk to the organisation, these included:

• Firewalls
• Vulnerability Monitoring
• Rogue Wireless Access Points
• Information Risk Register
• Information Security Training
• Cyber Insurance

Prepaid Cards – Local Welfare Assistance Scheme (LWAS)

A number of additional measures and controls had been agreed with management following the audit in order to enhance the control environment of the system and these had been implemented with immediate effect. In addition a significant number of issues were identified in respect to the service provided by ‘allpay’ Limited which had adversely impacted on the effectiveness of the prepaid card operation for the LWAS. It had been agreed that these matters will be raised directly with representatives of the company and that Internal Audit would continue to provide support to the Business Support and Housing Benefit Managers in resolving these issues.

Performance and Management Planning

Members were informed that a review of performance management will involve testing a sample of operational performance indicators and indicators from the Wirral Plan in order to assess the robustness of data quality.

Children’s Services

An audit had recently been commissioned as part of the Children’s Services Improvement Plan to evaluate and test data quality across a number of performance indicators currently in operation. The report informed that findings from this piece of work including identified development actions will be included within the Improvement Plan and reported to senior managers and Members.

The Chief Internal Auditor informed the Committee that here were currently no significant issues arising although it should be noted that achievement of the audit plan was slightly behind schedule for this time of year. This was primarily due to a number of vacant posts within the section that had proven difficult to fill. He advised that work was currently ongoing to attempt to address this issue and two recent staffing appointments had been made.

Members thanked the Officer for his comprehensive report, but expressed concern at the apparent lack of progress with regard to a number of IT related matters identified during the audit process, in particular data loss prevention, that continued to be highlighted as an ‘amber’ risk after a period of nearly 3 years.

The Chair again expressed Members’ thanks to the Officer and his team for all their work in the monitoring and reporting of internal audit findings.

Resolved - That

1)  the report be noted; and

2)  the Head of Digital (SIRO) attend the next meeting of the Audit and Risk Management Committee to provide an update on Outstanding Audit Recommendations in respect of IT.