Standards and Audit Committee 23rd August 2011 Agenda Item No.

Response to IT Service and Support Management External Audit Report

Report by: Michael Enston, Executive Director, Corporate Services All Wards Affected:

Purpose This report responds to the External Audit report and provides additional assurance on the improvement actions. Recommendation(s) It is recommended that Committee considers the content of this report in conjunction with the External Audit report and notes the actions being taken to address the issues raised. Resource Implications There are resource implications for some of the actions identified in the audit report. These are being met from existing resources. Legal & Risk Implications The management actions identified seek to control and mitigate the areas of risk identified within the report. Impact Assessment An Equality Impact Assessment is not required for responses to audit reports. Consultation IT Management and staff have been fully involved in making the improvements identified in this report.

1.0 Background
1.1 In 2008/09 IT Services went through a root and branch restructuring characterised by a significant move away from in-house software development, investment in project delivery and IT process governance together with more flexible deployment of staff resource. These changes followed an earlier External Audit report on IT Services. 1.2 These changes did lead to improvements in IT service delivery and governance as recognised in the 2009/10 follow up review by the External Auditor. That report did highlight nonetheless that there remained scope for improvement and that a number of recommendations had still to be implemented. 1.3 During 2009/10 the Council Management Team identified the need to improve the effectiveness of IT in supporting transformation work across the Council. The Councils IT Service is critical to the success of these change programmes and associated savings and in turn the decision was made to transfer responsibility for IT to Corporate Services Directorate. This transfer was made in October 2010 coinciding with the completion of the contract of the Councils interim Chief Information Officer.

2.0 Recent Changes

2.1 In June 2011 the Policy, Finance & Asset Management Committee considered two reports which summarised proposals to improve and reform IT Services. These included : Introduction of a flatter management structure with the deletion of two tiers of management. Agreement to an ICT Strategy 2011/14 setting out the basis for improving IT delivery and cost management. Improved governance arrangements and performance reporting to senior management and elected members.

2.2

These changes have been implemented and are addressing the specific issues identified in the audit report. The action plan in the Audit report will be incorporated fully into the ICT Strategy action plan. This will ensure proper performance monitoring and reporting of progress to senior management and PFAM Committee. The audit report contains an assessment of the Councils IT Service against the ISO 20000 standard and in turn recommends that IT Service implements a formal IT service and support delivery best practice framework. IT Services currently use two assurance frameworks ie Information Technology Infrastructure Library (ITIL) and Controlled Objectives for Information and related Technology (Cobit) though neither is fully implemented.

2.3

2.4

One important difficulty with the External Audit report is that the basis for the assessment given against the ISO 20000 controls is unclear. The report relies on very specific case studies identified in part through discussions with a member of the Standards & Audit Committee. It is difficult to chart the relationship between these case studies and the assessment against the ISO standard. This presents a problem in using the gap analysis presented at the start of the Audit report as a baseline.

3.0 Conclusions
3.1 The External Audit report confirms in overall terms some of the issues identified by senior management around IT service delivery and processes. Despite the reservation expressed over the assessment against the ISO 20000 standard, detailed actions have been agreed and are being addressed. The two reports to the June 2011 PFAM Committee on structure and strategy respectively provide a solid basis for improvement while the recent appointment of a permanent Head of ICT provides a focus for improving leadership and direction. While the revised arrangements should provide assurance to members, the Standards and Audit Committee may wish to call for an early report on progress against the action plan. This would be in addition to the proposed report to PFAM against the ICT Strategy.

3.2

3.3

Background Papers The following papers were relied on in the preparation of this report in terms of the Local Government (Scotland) Act, 1973: Directorate Management Structure Policy, Finance & Asset Management 16th June 2011 ICT Strategy Policy, Finance & Asset Management 16 th June 2011 IT Service and Support Management Audit Report by Scott-Moncrieff, August 2011.

Report Contact Author Name Authors Job Title Workplace Telephone: Edmund Whiffen IT Management S/DM Carleton House, Markinch 08451 55 55 55 442346 Ext No 444278

Email:

Edmund.whiffen@fife.gov.uk