Agenda item

This report gives details of the progress made in implementing the recommendations of the internal auditor.

The Committee received reports from the Head of Finance Shared Services and the Shared Internal Audit Service.

Councillor Khan referred to the recommendations related to remote working.  He said that the deadlines appeared to have been missed.

The ICT Client Manager confirmed that all policies and procedures had been completed.  They had been approved by Three Rivers District Council’s Management Board and the IT Steering Group.  Consideration had been given to how the information would be distributed to staff.  It would be included as part of e-learning modules for staff. 

In response to a question about security settings on mobile devices, the ICT Client Manager informed the Committee that this matter was covered by the Public Service Network (PSN) Directive.  The Councils were working with Capita to develop a roadmap to deliver the PSN related work for 2014 and 2015.  The Cabinet Office had recently re-issued guidance and the timeframe for completion for specific conditions related to unmanaged end user devices for PSN accreditation in 2015.  For example, any mobile phone solutions would need to be in place by December 2015.  She explained that additional protocols were in the process of being put in place if officers wished to access their non-secure (non-GCSX) emails on mobile devices.  The protocol change would mean that information would be encrypted in transmission. 

The ICT Client Manager advised the Committee that Price Waterhouse Cooper was currently reviewing the IT vulnerabilities audit from 2012.  Any controls related to achieving the PSN standards were also included within the Price Waterhouse Cooper review. 

In response to a question about the recommendation related to a framework for the procurement of agency staff, the Head of Finance Shared Services advised that he was unaware of the present position and would need to circulate the information after the meeting.

Councillor Khan referred to the recommendations about IT back up and disaster recovery.  He asked for an explanation regarding further delays in this work being completed.  He was concerned about the security of the systems.  The date of the move to Capita’s Data Centre was constantly being changed.

The ICT Client Manager explained that the dates were originally based on information from Capita.  Further processes had needed to be implemented prior to the move to the data centre and this work needed to be tested.  The dates had also been changed due to critical deadlines at both authorities, including the closure of accounts at the end of year and elections.  The work already carried out to meet PSN requirements for 2013 mitigated the risks with the IT system.

The Shared Director of Finance confirmed that since the original date had been set, the PSN directive had required work to be completed.  This work had therefore had an impact on the date of the move to the data centre.  She assured members that the Councils’ management were aware of the issues.  It was necessary to do the work in the right order.  The matters raised through PSN were already on the list of required works.  She added that PSN was a Government directive.

The ICT Client Manager said that the work required for PSN had involved introducing new firewalls and how servers communicated.  She informed Members that the work on the move to the data centre had not stopped.  The design documentation for the virtual server environment had been completed and fortnightly project meetings were being held.

The Head of Finance Shared Services explained that the format of the report set out the history of the actions taken and the progress of the recommendations.  The latest information was printed in bold.

RESOLVED –

1.      that the Internal Audit Progress Report be noted.

2.      that the amendments to the Audit Plan as at 6 December 2013 be approved.

3.      that the removal of implemented recommendations be agreed.

4.      that the changes to the implementation date for 11 recommendations be agreed.