Agenda item

The report of the Service Director Finance will be circulated along with the report by KPMG.

The Committee considered the report of Michael Hudson, Service Director, Finance and KPMG on the Interim Audit for the 2012/13 financial year.

The Service Director, Finance explained that KPMG’s report concluded that the Council’s control environment was effective overall and noted a significant improvement in the control environment, in particular reliance on internal audit and actions on the IT control environment. The KPMG report made a range of recommendations, and management actions had been identified to address them.

Darren Gilbert, Director, KPMG, introduced his report explaining that it was a very positive report.  He commented on the organisational and IT control environment, Controls over key financial systems, review of internal audit, accounts production and specific risk areas and Value for Money risks.   

In particular KPMG commented on the IT control environment and confirmed that improvements had been made from the previous year.  However KPMG were unable to fully rely on the Authority’s general IT control environment. 

Jacqui White, Service Director, Business Services explained the background to ongoing discussions with KPMG about the IT control environment and that the issue surrounded the level of certification for security controls provided by the Councils provider – Logica.  KPMG were asking for a higher level of certification not asked of other Councils who also used Logica as provider and at considerable cost to Wiltshire Council, which could be on-going year on year.  Members were assured that controls were in place to manage the issue.  It was stressed that KPMG did not regard the identified issues as meaning there had been fundamental failings in operational concerns.

In commenting on the areas detailed above the following points and comments were raised by the Committee:

·       Concern was expressed about the assessment of two aspects of the IT control environment, (i)  Access to systems and data and (ii) system changes and maintenance.  Concerns were also highlighted about the comments from KPMG that it remained critical that the weaknesses were fully addressed to enable the IT control environment to strengthen overall and to be able to continue to progress to the next level.  KPMG confirmed that management had now looked at this area and reassured the Committee that action had now been taken by the council on this issue.

·       Members sought reassurance that risks were looked at and identified and informed judgements were made.  The Service Director, Finance confirmed that within any system there was an inherent risk that something could go wrong.  Officers look at putting controls in place to mitigate these risks.  Having the level of certification referred to above would mitigate the risk.  Due to the considerable expense of raising the level of certification other controls had been put in place.  Members noted that there was a ceiling with residual risk where putting in place additional controls wouldn’t add any further value and that was the point that the Council had reached with the level of certification. Further discussions would take place to resolve the issue.

The Chairman suggested that officers report further to the Committee on the current position in relation to the level of certification, with costs defined for the various levels.

Resolved:

1.   That the report be noted and KPMG be thanked for the update.

2.   That officers be asked to report further on the current position in relation to the level of certification, with costs defined for the various levels.