The report of the Assistant Director, Finance and Technology is attached.

Contact:  Ben Jay (01743) 250691

The Committee received the report of the Assistant Director Finance and Technology (Deputy S151 Offocer) – copy attached to the signed minutes – which provided an update on the actions to address the recommendations arising from the 2021/22 Purchase Ledger Audit report.  He explained that it was part of the work that himself and the Head of Finance Management & Reporting were doing to ensure, both within the finance team but also more broadly across the Council, that work was up to date and that best practice was being followed around purchase ledger issues.

In response to concerns, the Deputy S151 Officer explained that some of the key work, particularly around the ‘no purchase order no pay’ policy, and the way it was being worked through both in terms of the way in which budget holders process payments through the ledger but also in terms of the way that was reported internally, prominence was increasingly being given to where purchase orders were being raised in a timely manner versus those areas where, for example, the invoice was received and then the purchase order raised (ie in reverse). There was a number of financial and control reasons why that was not a great way to work and more simply it was a more time-consuming process to do it that way so they were trying to save colleagues time by helping them do it in the right way.

The Head of Finance, Management & Reporting added that when ERP went live, although improvements were made to a number of processes, one thing that wasn’t implemented straight away was the ‘no purchase order no pay’ approach.  18 months down the line that was implemented, so whilst it was now in use across the Council, it was not being applied perfectly, which has led to some of the issues that have been identified in the report and therefore further work needed to be done to ensure the policy was being applied consistently. 

In response to concerns around the procure to pay process, the Deputy S151 Officer explained that the supplier had been held to account around those issues and significant progress had been made.  He went on to explain that the workflow processes had proved to be quite complicated to unpick and understand the problem but were now in the process of putting together a fix, so, although at the point of preparing the report, the rectification was not yet complete, there was a clear line of sight into exactly how that would be achieved and work was ongoing to get that in place as quickly as possible.

A query was raised around the Council’s contingency arrangements in case of IT failure and whether more work was still to be done.  In response, the Deputy S151 Officer stated that the Council would always need to do more work on contingency arrangements, and he informed the Committee that the level of cyber-attacks being dealt with by IT had increased from half a million a day last summer to around 3.5m a day.  He reported that work was being undertaken around contingency arrangements and improving back up arrangements.  IT had also worked with a third-party supplier, so that they were no longer relying on the 3 or 4 members of the retained permanent staff to help defend against cyber-attacks, and they also had the benefit of working with a supplier that provided the Council with 24/7/365 cover. 

He went on to explain that they had now automated regular reviews of firewalls that were in operation which sometimes identified that a patch had not been applied or that an update was available, so they were able to get ahead of those attacks that were being batted away. The contingency plans that had been put in place around a failure and the cyber preparedness had placed the Council well ahead and would continue to be a core area of activity into the future and although there was a lot of challenges there was also a lot of good activity that had been undertaken in recent months to improve the Council’s position but they would not rest on their laurels because this area would continue to get more challenging.

RESOLVED:

to note the contents of the report and the progress made to date to address the 2021/22 Purchase Ledger audit recommendations.