Diligent One Platform World tour ad April 2024 TeamMate ESG advertising banner 2023

Local Authority Internal Audit Virtual Forum

29 November 2023

Please note:

  • All Institute responses are boxed and highlighted blue
  • Where the chair comments in that capacity this box is highlighted in yellow
  • For confidentiality, the identities of all delegates/attendees are anonymised

Institute welcome | Anne Kiem, CEO, Chartered IIA UK and Ireland

Our topic today is how your organisation can deliver end-to-end digital services that transform citizen's experience and make radical operational savings across customer service and back office administrative functions. Exploring internal audit’s role in this agenda topic.

For the past 20 years, digital technologies have dramatically reshaped the way organisations engage internally and externally with their stakeholders and customers, creating a completely new digital eco-system in need of its own governance and dedicated management.

Digital infrastructure is a vital part of delivering a local authority’s vision for the future of its community and can form an important element of both a local digital strategy and a local industrial strategy. A ‘digital champion’ can provide the leadership and focus required to develop and deliver an effective digital infrastructure strategy.

Developing a local digital infrastructure strategy could involve:

  • identifying a senior ‘digital champion’ to lead the process
  • bringing together local teams involved in the deployment of digital infrastructure
  • translating digital connectivity ambitions into a detailed strategy
  • agreeing the required skills and resources to deliver the strategy
  • collaborating with network providers
  • clarifying a division of tasks and resources in two-tiered local authorities

A digital infrastructure strategy could highlight the importance of taking future digital infrastructure requirements into account when conducting council business. For example, considering the potential for additional capacity when installing ducting/fibre-optic cables, or the potential need for mobile small cells when procuring streetlights.

Our speaker today Neil MacDonald, Managing Director, Technology4Business will explore how internal auditors might support their local authority in the development of a digital strategy.

 

Chair opening comments | Piyush Fatania, Head of Audit, Risk, Assurance and Insurance at Gloucestershire County Council and Chartered IIA Council member

Digital infrastructure is a crucial component of delivering a local authority’s vision for the future of its community and can form an important element of both a local digital strategy and a local industrial strategy.

The UK government provides guidance to assist local authorities in areas of digital leadership, legislation, regulation, planning, public assets, and deployment. The guidance covers topics such as digital strategy and leadership, legislation and regulation, access to public sector assets, and guidance for the local planning authority.  The guidance is intended to help local authorities demonstrate leadership and create a strategy to encourage investment in digital infrastructure. It also offers practical guidance on access matters, including advice on access agreements and how local authorities can promote and encourage the use of public sector land, buildings, and other assets for digital deployment.

Internal audit has a major role to play in raising awareness and providing insights on the dimensions of digital culture and management across the organisation. Given the fragmentation of digital controls, internal audit can provide assurance that the governance is holistic and appropriate for a modern digital eco-system.

Internal audit can assess how well the organisation is doing by performing audits of the various elements of the digital framework. But the greatest value will be obtained by performing a digital governance maturity assessment that cuts across all the relevant dimensions of the framework: customer experience, business development, data management, inventory and classification, marketing, branding and use of social media, legal function involvement, cyber-security posture, technological advancement (including the use of machine learning and artificial intelligence).

Internal audit can play a vital role in ensuring that the implementation of such digital services is in line with the organisation’s objectives and that the risks associated with the implementation are identified and managed effectively.

In summary, internal audit can help local authorities to achieve their digital transformation goals by providing assurance that the governance is holistic and appropriate for a modern digital eco-system, and by ensuring that the implementation of digital services is in line with the organisation’s objectives and that the risks associated with the implementation are identified and managed effectively.
  • Digital services allow stakeholders and service receivers to seamlessly interact with the Authority via digital media, traditional methods, or a combination of both.
  • Digital services such as apps, chat bots, automated booking services and blockchain can improve the quality, speed and cost of delivering services – traditional channels such as phones or being available 9-5 are no longer sufficient. 
  • The Government Service Standard is the guiding principle for internal auditors.
  • Click here for the presentation slides which focus on the 14 points covered by the Standard. 

Role of Internal Audit

  • Have an appreciation of digital services and what they are trying to achieve!
  • Become familiar with the Standard and its requirements.
  • Be proactive in gaining cross industry experiences, tools and techniques.
  • Be a champion for Data Quality within your organisations – consider DAMA, concepts and practices relating to Information Management and Data Management.
  • Be the devil’s advocate in the room:
    • Stress test assumption planning and user base that has been defined.
    • Challenge management on the technology choices, level of ambition.
    • Ensure proper engagement with all stakeholders.
    • Challenge consultant messages.
  • Consider if the digital team are:
    • Working towards the Standards.
    • Focusing on outcomes not the process.
    • Addressing what the end user needs to achieve – addressing a problem.
    • Understanding what has already been delivered across wider sectors – it is costly to reinvest wheels.
    • Realistic in terms of capability for in-house development.
    • Using an agile approach to deliver incremental change.

Chair closing comments

Technology is transformative and brings so many benefits. On demand services are potentially the future but our political environment, and the cost challenges of this change present a dilemma to be managed. There will need to be a balance between convenience and the personal touch – keeping the service user at the centre is essential. It is therefore essential that internal audit is involved at the outset – be proactive and get involved at the start of digital projects.

  

Institute close | 

Please check out these useful publication from the Institute:

Join us for our next forum on 13 December looking back at the lessons from 2023 with BDO.

In 2024, our Data Analytics Working Group will focus specifically on Local Authorities at every third meeting. If you are interested in joining, please email paola.petritoli@iia.org.uk 

 Chat Questions and Comments

Answers from speaker, anonymised comments from attendees

Comment | I’ve experienced car parks where there are multiple App options to pay – why is this – it makes me wonder where the internal auditors were during the project.

Response NM | In summary it is all too easy to forget the core purpose of why something is done. Perhaps some public sector services have lost sight of the outcomes because of focusing too much on individual processes rather than the big picture.

Comment | We have just gone over to all cashless parking. We have had lots of complaints from residents, particularly those that don’t use mobile phones or apps. But apparently the Equality Impact Assessment prior to decision said it would be minimal impact. We haven’t looked at it in Audit yet but I do wonder how robustly the EqIA was done…

Question | You highlighted that it’s important to protect information and privacy but OpenSource is freely available – is there any tension in this?

Response NM | There shouldn’t be. There will be segregations in place when using code obtained via OpenSource so it doesn’t interact directly with private data. And your own security controls would operate around this like the layers of an onion.