Contact: Ejner Knudsen, ext 7403, email [email protected]

1 Introduction

1.1 This report summarises:

· Progress against the Hampshire County Council's internal audit plan for 2003/04.

· Significant matters arising from 2003/04 internal audit work.

· Action taken by management to address the issues raised in the Hampshire County Council annual internal audit opinion for 2002/03.

· Priorities for the remainder of 2003/04.

1 Progress against the internal audit plan for 2003/04

1.1 The 2003/04 internal audit plan was prepared in line with the internal audit strategy that was agreed by members in January 2003. The original plan totalled 3118 days. In addition, 303 days of work in progress was carried forward from last year. Approximately half the year's plan has been delivered to date as shown in table 1 below.

Table 1 - summary of audit days delivered 1 April 2003 to 30 September 2003

1.2 A summary of the audit opinions given to date for each department is included in Appendix A.

2 Significant matters arising from 2003/04 internal audit work

2.1 Details of the level of control and the main issues identified between April and September 2003 are given in appendix B which is not for publication by virtue of paragraph 14 of Part I of Schedule 12A of the Local Government Act 1972. Appropriate action has been agreed by relevant managers to address these issues and progress is being monitored. To date, significant issues have been found in respect of the areas outlined below.

Social Services

2.2 There are ongoing concerns relating to child care services as some providers of care are not being vetted in accordance with guidelines. In addition to some of the financial issues for the County Council, our greatest concern is that procedures for placing children into care need to be more firmly adhered to.

2.3 The Director of Social Services has implemented an action plan to address these issues and will report progress to the Chief Internal Auditor in December 2003.

IT Services

2.4 Concerns were raised relating to access to databases containing personal data. In response, IT Services management are introducing tighter password change control processes and closer supervision of access.

3 Action taken by management to address the issues raised in the Hampshire County Council annual internal audit opinion for 2002/03

3.1 The 2002/03 annual internal audit opinion reported to members in July 2003 raised concerns in the following areas:

· SAP implementation

· Social Services children's services

· Business continuity

· Information security.

An update on these issues is given below.

SAP implementation

3.2 Treasurer's department managers are continuing to review processes and develop reports to improve input controls for areas of the payroll and creditors systems. These measures will be reviewed by internal audit later this financial year. Meanwhile internal audit testing of transactions from these systems is continuing with no significant issues arising.

Social Services

3.3 As reported at paragraph 3.3 above, the Director of Social Services has implemented an action plan to address the issues raised by internal audit and will report progress to the Chief Internal Auditor in December 2003.

Business continuity

3.4 The potential risks arising in the event of a disaster that destroyed a large part of The Castle site are being assessed by the e-Government and ICT Steering Group and will be reviewed by internal audit later in the year.

Information security

3.5 The Security Managers Group, comprising representatives from all departments, is reviewing guidance and processes to improve control of network users accounts and storing of sensitive and personal information on IT2000.

4 Priorities for the remainder of 2003/04

4.1 During the first half of the financial year internal audit work mainly focused on establishment visits and some departmental systems. During the second half of the year internal audit attention will turn to key financial systems audits. This is to allow audit samples to be drawn from a greater number of transactions. This work will include the central payroll, creditors, asset register and main accounting systems and also departmental arrangements for budgetary control.

4.2 In line with the internal audit strategy and other reports to members on monitoring compliance with the Code of Corporate Governance, internal audit work will be carried out during the period December 2003 to March 2004 in order to provide an opinion on the effectiveness of corporate governance and the extent of compliance in departments and the County Council as a whole. The results of this work will be reported to the Committee during 2004/05.

4.3 Internal audit review of management action in respect of key issues raised during 2002/03 will also take place during the second half of the year.

5 Recommendation

5.1 That the Standards Committee notes the progress of internal audit work during 2003/04 and notes the key issues arising from that work.

Section 100 D - Local Government Act 1972 - background papers

The following documents disclose facts or matters on which this report, or an important part of it, is based and has been relied upon to a material extent in the preparation of this report.

NB the list excludes:

Published works.

Documents which disclose exempt or confidential information as defined in the Act.

TITLE FILE

None

Appendix A

Internal audit opinions for work delivered between April 2003 and September 2003

Audit opinion definitions