Agenda item

The Committee considered a report of the Technical Services Manager, ICT Services that gave an update on the recent audit completed by Mazars of the general controls relating to the authority’s financial/pension IT systems (for copy see file of Minutes).

The Technical Services Manager summarised the findings and actions carried out.  He advised that to date, all of the recommended actions had been completed with the exception of the testing of systems and replacement of equipment at Tanfield.  There had been a delay on works due to the introduction of a solar farm next to the depot.

Councillor C Carr asked who had agreed the overall review and was advised that it had been signed off by the ICT Senior Leadership Team.

Councillor L Armstrong referred to the system recovery arrangements and the back up arrangements with Sunderland City Council.  He understood that we had undertaken testing but asked how confident we were that Sunderland could do the same.  The Technical Services Manager advised that the arrangements were independent of the Council and that we rent space from Sunderland City Council with 24 hour access to the building, power supply and equipment.

Referring to the review Councillor O Temple said that it had been very thorough and asked why the number of generic accounts were so high compared to the number of employees.  The Technical Services Manager said that they were not attributable to a person as they relate to machines rather than the employee.  Councillor Temple asked where the risk would lie with this and was advised that it was monitored as you could not track the system to a person.

Mr T Hoban asked about the programme for protecting the UPS and was advised that it was tested on a monthly basis and that there were three generators at Tanfield.  The Technical Services Manager explained that the system had been in place for 8 years with a review to replace in the New Year.

Councillor J Rowlandson referred to the back-up plan and asked why there was still no date about the full check of the system.  He was informed that it was programmed.  The Chairman asked that concerns were taken back to the team but did understand that works had been put back work due to electrical work.

Mr C Waddell, Mazars informed the Committee that the review was carried out as part of the core audit with a focus on ICT Systems.  He added that it had been a big piece of work, updating assessments from the 2015/16 audit testing any changes and controls.  Any weaknesses found had been followed up and the Chief Internal Auditor and Corporate Fraud Manager said that Internal Audit had found the same issues as Mazars.

The Chairman said that it was a positive report with a lot of work carried out.

Resolved:

(i)            That the report and appendices are noted.

(ii)          That the actions be added to the ICT Services Audit Action Log and monitored as part of the regular service management team meetings on a monthly basis, be noted.