Institute welcome | Anne Kiem, CEO, Chartered IIA UK and Ireland Our topic today is how your organisation can deliver end-to-end digital services that transform citizen's experience and make radical operational savings across customer service and back office administrative functions. Exploring internal audit’s role in this agenda topic. For the past 20 years, digital technologies have dramatically reshaped the way organisations engage internally and externally with their stakeholders and customers, creating a completely new digital eco-system in need of its own governance and dedicated management. Digital infrastructure is a vital part of delivering a local authority’s vision for the future of its community and can form an important element of both a local digital strategy and a local industrial strategy. A ‘digital champion’ can provide the leadership and focus required to develop and deliver an effective digital infrastructure strategy. Developing a local digital infrastructure strategy could involve:
A digital infrastructure strategy could highlight the importance of taking future digital infrastructure requirements into account when conducting council business. For example, considering the potential for additional capacity when installing ducting/fibre-optic cables, or the potential need for mobile small cells when procuring streetlights. Our speaker today Neil MacDonald, Managing Director, Technology4Business will explore how internal auditors might support their local authority in the development of a digital strategy. |
Chair opening comments | Piyush Fatania, Head of Audit, Risk, Assurance and Insurance at Gloucestershire County Council and Chartered IIA Council member Digital infrastructure is a crucial component of delivering a local authority’s vision for the future of its community and can form an important element of both a local digital strategy and a local industrial strategy. The UK government provides guidance to assist local authorities in areas of digital leadership, legislation, regulation, planning, public assets, and deployment. The guidance covers topics such as digital strategy and leadership, legislation and regulation, access to public sector assets, and guidance for the local planning authority. The guidance is intended to help local authorities demonstrate leadership and create a strategy to encourage investment in digital infrastructure. It also offers practical guidance on access matters, including advice on access agreements and how local authorities can promote and encourage the use of public sector land, buildings, and other assets for digital deployment. Internal audit has a major role to play in raising awareness and providing insights on the dimensions of digital culture and management across the organisation. Given the fragmentation of digital controls, internal audit can provide assurance that the governance is holistic and appropriate for a modern digital eco-system. Internal audit can assess how well the organisation is doing by performing audits of the various elements of the digital framework. But the greatest value will be obtained by performing a digital governance maturity assessment that cuts across all the relevant dimensions of the framework: customer experience, business development, data management, inventory and classification, marketing, branding and use of social media, legal function involvement, cyber-security posture, technological advancement (including the use of machine learning and artificial intelligence). Internal audit can play a vital role in ensuring that the implementation of such digital services is in line with the organisation’s objectives and that the risks associated with the implementation are identified and managed effectively. In summary, internal audit can help local authorities to achieve their digital transformation goals by providing assurance that the governance is holistic and appropriate for a modern digital eco-system, and by ensuring that the implementation of digital services is in line with the organisation’s objectives and that the risks associated with the implementation are identified and managed effectively. |
Role of Internal Audit
Chair closing comments Technology is transformative and brings so many benefits. On demand services are potentially the future but our political environment, and the cost challenges of this change present a dilemma to be managed. There will need to be a balance between convenience and the personal touch – keeping the service user at the centre is essential. It is therefore essential that internal audit is involved at the outset – be proactive and get involved at the start of digital projects. |
Institute close | Please check out these useful publication from the Institute: Join us for our next forum on 13 December looking back at the lessons from 2023 with BDO. In 2024, our Data Analytics Working Group will focus specifically on Local Authorities at every third meeting. If you are interested in joining, please email paola.petritoli@iia.org.uk |
Chat Questions and Comments
Answers from speaker, anonymised comments from attendees
Comment | I’ve experienced car parks where there are multiple App options to pay – why is this – it makes me wonder where the internal auditors were during the project.
Response NM | In summary it is all too easy to forget the core purpose of why something is done. Perhaps some public sector services have lost sight of the outcomes because of focusing too much on individual processes rather than the big picture.
Comment | We have just gone over to all cashless parking. We have had lots of complaints from residents, particularly those that don’t use mobile phones or apps. But apparently the Equality Impact Assessment prior to decision said it would be minimal impact. We haven’t looked at it in Audit yet but I do wonder how robustly the EqIA was done…
Question | You highlighted that it’s important to protect information and privacy but OpenSource is freely available – is there any tension in this?
Response NM | There shouldn’t be. There will be segregations in place when using code obtained via OpenSource so it doesn’t interact directly with private data. And your own security controls would operate around this like the layers of an onion.