Venue: Town Hall, Moorgate Street, Rotherham. S60 2TH
Contact: Dawn Mitchell, Senior Democratic Services Officer
Declarations of Interest
There were no Declarations of Interest made at the meeting.
Questions from Members of the Public or the Press
There were no members of the public or press present at the meeting.
Consideration was given to the minutes of the previous meeting of the Audit Committee held on 6th February, 2018.
Resolved:- That the minutes of the previous meeting of the Audit Committee be approved as a correct record of proceedings.
Arising from Minute No. 51(a) (Health Check), it was noted that the report from the independent health check had been received. It had found that the approach taken by the Committee was well developed and could be considered as an exemplar.
Marie Buxton, Head of Information Management, presented a summary of the Council’s progress towards compliance with the General Data Protection Regulations (GDPR) as at March, 2018 and the outstanding actions.
Appendix 1 submitted provided details of work completed in Quarter 4 (January-March, 2018) which included:-
Phase 1 – Raise awareness, build accountability and gather information
- An Information Governance Framework and programme of work established and implemented
- Decision makers at all levels informed on the impact of GDPR
- A Council-wide ‘information audit’ established and implemented
- Review of IT systems and procedures in light of new information rights
- Review the resource and training requirements within the IM Team
Phase 2 – Plan and Prioritise (July-November, 2017)
- Recruit and appoint a Data Protection Officer
- Prioritise compliance activity and remedial measures based on areas with high risk and most significant impact
- Embed Privacy Impact Assessment (PIA) guidance and process across the Council
- Conduct retrospective PIA’s for riskier activities
- Embed the data breach guidance and process across the Council
Phase 3 – Implement changes (December, 2017-April, 2018)
- Review and update privacy standards and processes
- Review and update consent standards and processes
- Review and update information sharing (including confidentiality) standards and processes
- Review and update information rights, standards and processes
Phase 4 – Embed change, train and re-train (May-July, 2018)
- Implement the appropriate standards and processes in order to embed culture change
- Implement an appropriate training plan in order to embed culture change
- Implement the Communication Plan in order to embed culture change
Discussion ensued with the following issues raised:-
· There would be case studies highlighting where there had been gaps/good practice to learn from
· Identified risk – electronic record management
· Data sharing protocol
· The Council had signed up to an overarching information sharing protocol, as had organisations across South and West Yorkshire, and co-ordinated by the Health and Social Care Information Centre the aim of which was to ensure that everyone used the same standard paperwork in terms of sharing agreements. It also included the private sector. The representatives (approximately 60) met on a quarterly basis.
Resolved:- (1) That the report be noted.
(2) That a further report be submitted in 6 months.
Paul Stone, Head of Corporate Finance, presented the Draft Statement of Accounts 2017/18 which had been published on the Council’s website on 31st May, 2018, as required under the Accounts and Audit Regulations 2015.
The publication of the unaudited accounts triggered a period of 30 working days (ending on 12th July, 2018) for local electors to exercise their rights to inspect the accounts and supporting records and to ask questions of the external auditor.
The external audit of the unaudited accounts had commenced on 11th June, 2018 with KPMG reporting their findings to the July meeting of the Committee.
The deadline for publishing the audited accounts was 31st July, 2018.
There had been no significant accounting policy changes to the accounts since 2016/17.
The Highlights Report (Appendix B) summarised the key financial disclosures reported in the 2017/18 draft Statement of Accounts and provided further detail on each of the key financial issues referred to above.
Resolved:- That the draft 2017/18 Statement of Accounts be received.
Neil Concannon, Legal Services, presented an update on the use of covert surveillance and covert human intelligence sources (CHIS) carried out by Council officers under the Regulation of Investigatory Powers Act 2000 (RIPA).
As previously with the Office of Surveillance Commissioners (OSC) the Council was required to notify IPCO of the number of directed surveillance/CHIS authorisations granted in each financial year. The annual return submitted in April for the 2017/18 financial year confirmed that there had been no such authorisations in that period nor had there been any such authorisations so far this calendar year.
The Council was also required to notify the Interception of Communications Commissioner’s Office of the number of authorisations for the acquisition and disclosure of communications data granted each calendar year. There had been no such authorisations in 2017 nor had there been any this calendar year so far.
As reported at the 21st November, 2017 meeting of the Audit Commission, a corporate training day had been held for relevant officers from across all the Directorates focussing on the use of CHIS. The training had also covered RIPA and the use of social media which was a continually developing area and which was a line of enquiry during the OSC inspection.
The Council’s Policies were last reviewed by the Committee in April, 2017 and amended to include a section on the use of social media in investigations as a result of recommendations made by the OSC in their inspection report. Since that time there had been no revised Home Office codes of practice issued. In December 2017 the IPCO had conducted a public consultation on some suggested amendments to those codes of practice including expanded guidance on the use of social media and guidance on the reporting of errors to IPCO when certain sections of the Investigatory Powers Tribunal 2016 were brought into force. However, to date, no revised codes of practice had been issued, the relevant sections of the 2016 Act had not been brought into force and there was no indication as to when that would happen.
Given that there had been no revised codes of practice issued by IPCO since the last RIPA and ACD Policies were set and no indication when it would happen, the current policies remained fit for purpose. However, where there was reference to ICO/IOCCO it should be replaced with IPCO.
Resolved:- (1) That it be noted that the Council had not made use of surveillance or acquisition of communication data powers under RIPA during 2017/18 or to date in 2018/19.
(2) That, in its current form, the Council’s RIPA Policy and Acquisition and Disclosure of Communications Data Policy, except for minor amendments reflecting the name of the new regulator, be re-adopted.
(3) That a further update be submitted in 6 months’ time.
Further to Minute No. 36 of the meeting of the Audit Committee held on 21st November, 2017, consideration was given to a report, presented by Michelle Hill, Performance Assurance Officer, providing details of recent and current external audits and inspections including the details of arrangements that were in place regarding the accountability and governance for implementing recommendations arising therefrom.
The report included detail of progress being made in respect of the following specific areas and Directorates:-
- the “Fresh Start” Improvement Plan;
- Adult Care and Housing;
- Children and Young People’s Improvement Plan;
- Liberty House
- Regeneration and Environment Services
- Finance and Customer Services
The summary of recommendations from “Active” Inspection and Audit Action Plans was appended to the submitted report.
The Audit Committee’s discussion of this matter highlighted the following salient issues:-
- Liberty House had monthly visits from an independent visitor, externally commissioned to ensure independence and objectivity. The report was sent monthly to Ofsted
- All the actions in respect of the Fresh Start plan were now complete or in place. Performance was still monitored through the Strategic Leadership Team
Resolved:- (1) That the report be received and its contents noted.
(2) That the governance arrangements that were currently in place for monitoring and managing the recommendations from external audits and inspections, as now reported, be noted.
Consideration was given to the 2017-18 draft Annual Governance Statement (AGS) presented by Simon Dennis, Corporate Risk Manager.
In producing the 2017-18 AGS, the Council had gathered sufficient evidence to support the statements that it had made. Each Strategic Director had been asked to oversee a self-assessment of governance in their Directorate. This had comprised of completion of a self-assessment form based on the Principles and Sub-Principles in the Local Code by each Assistant Director as well as a review and update of the detailed issues raised in the 2016-17 AGS. Each Strategic Director was also required to sign a Statement of Assurance based on the information arising from their review of current and previous governance issues.
The Corporate Governance Group had reviewed evidence contained within the returned Statements of Assurance as well as considering which issues were of sufficient significance to require reporting in the Statement. The Group had then produced the AGS.
The AGS would be updated by 31st July to reflect any issues that emerged between now and the completion of the final Statement of Accounts. It would also take account of any comments made by the Committee and external auditor.
The overall conclusion of the review of governance was that the Council had continued to make good progress on its improvement journey throughout 2017-18 which was supported by comments made by the Commissioners in their most recent progress review. Positive progress continued to be made and this was supported both by the further restoration of powers to the Council throughout 2017/18 by the Secretary of State as well as by the positive outcome from the Ofsted re-inspection.
Although at present, Commissioners retained oversight of Children’s Safeguarding and Children’s Social Care, the evidence in place throughout 2017/18 supported a conclusion that overall the Council had demonstrated good governance and met its Best Value duty throughout the year.
Consultation had taken place with the Strategic Directors, the Strategic Director of Finance and Customer Services, the Assistant Director Legal Services and the Chief Executive.
Recommended practice required the Leader of the Council and the Chief Executive to sign the Annual Governance Statement prior to its publication.
The Audit Committee’s discussion of this matter highlighted the following salient issues:-
- Medium Term Financial Strategy and particularly the pressures on the Council from demands in Children’s Services
- The AGS would be updated to take account of any recommendations from the Peer Review and any announcement by the Secretary of State
- Update with regard to the Public Services Network certificate
Resolved:- (1) That the 2017-18 draft Annual Governance Statement be noted.
(2) That the requirement for the Leader and Chief Executive to sign the Statement prior to the publication of the Annual Governance Statement by 31st July, 2018, be noted.
(3) That the final version of the Annual Governance Statement be submitted to the 30th July meeting of the Audit Committee following completion of the audit of accounts by KPMG.
Consideration was given to a report presented by David Webster, Head of Internal Audit, on the role of Internal Audit, the work completed during the 2017/18 financial year and highlighted the key issues that had arisen. It provided the overall opinion of the Head of Internal Audit on the adequacy of the Council's control environment as well as the performance of the Internal Audit function during 2017/18.
Appendix 1 of the report submitted included:-
- Legislative requirements and Professional Standards
- The Head of Internal Audit’s annual opinion on the control framework, risk management and governance
- Resources and audit coverage during the year
- Summary of audit work undertaken during 2017/18 including both planned and responsive/investigatory work
- Summary of other evidence taken into account for control environment opinion
- Summary of audit opinions and recommendations made
- Internal Audit Performance Indicators
Based upon internal audit work undertaken and taking into account other internal and external assurance processes, it had been possible to complete an assessment of the Council’s overall control environment. An opinion of Partial Assurance or No Assurance had been given in 13 areas subject to audit. In the opinion of the Head of Internal Audit, the Council had overall an adequate and effective framework of governance, risk management and control.
Action plans had been agreed with management in respect of all final audit reports issued.
Consideration was also given to Appendix A which set out a summary of the audit opinions and recommendations that had arisen from audit work completed during the period.
Discussion ensued on the report with issues raised/clarified around:-
· Staffing of the Internal Audit team
· Introduction of new software
Resolved:- (1) That the Internal Audit work undertaken during the 2017/18 financial year and the key issues that had arisen therefrom be noted.
(2) That the overall opinion of the Head of Internal Audit be noted.
(3) That the information contained regarding the performance of Internal Audit during 2017/8 be noted.
Consideration was given to a report, presented by the Head of Internal Audit, concerning the Internal Audit Strategic Plan for the 3 year period 2018/2019 to 2020/2021.
The report explained the Internal Audit approach to the development of the Strategic Plan, as well as detailing the specific activities to be reviewed during the 3 years’ period of the Plan. It was noted that the Plan reflected a comprehensive risk assessment process, which also included discussions with the Council’s Strategic Directors and Assistant Directors to obtain their views of key risks and areas for audit coverage.
Outline scopes for each review were submitted. The following types of audit work would be completed:-
- Risk based work
- System based work
- Follow up audits
- Advisory work
- Value for money
- Grant claims
- Counter fraud work
The Committee discussed the following salient issues:-
· The Team had a contingency of 50 days for any new risks/ad hoc management risks
· Some “red” risks did not have a number of days assigned to them. This was possibly due to the Directorate taking action and was not to be audited until after that had taken place. “Green” risks may be reviewed to check that the categorisation was still valid
· There was nothing Audit could contribute in terms of the Finance risks
Resolved:- (1) That the report be received and its contents noted.
(2) That the Internal Audit Strategic Plan for the 3 years’ period 2017/2018 to 2019/2020, as now submitted, be approved.
(3) That reports about the progress of the implementation of the Internal Audit Strategic Plan 2017/2018 to 2019/2020 be submitted to meetings of the Audit Committee at regular intervals.
David Webster, Head of Internal Audit, presented a draft 2018-19 Prospectus which outlined the Audit Committee’s objectives, how the Committee would operate and how it would deliver its objectives through its work plan.
It highlighted key activities to be carried out in relation to risk management, corporate governance, accounting and internal and external audit.
Resolved:- That the 2018-19 Audit Committee Prospectus be approved.
Items for Referral for Scrutiny
Resolved:- That the Audit Committee Prospectus and Forward Work Plan 2018/19 be forwarded to the Overview and Scrutiny Management Board.
Exclusion of the Press and Public
That under Section 100(A) 4 of the Local Government Act 1972, the public be excluded from the meeting for the following items of business on the grounds that they involve the likely disclosure of exempt information as defined in Paragraph 3 of Part 1 of Schedule 12(A) of such Act indicated, as now amended by the Local Government (Access to Information) (Variation) Order 2006 (information relates to finance and business affairs).
Resolved:- That under Section 100(A) 4 of the Local Government Act 1972, the public be excluded from the meeting for the following items of business on the grounds that they involve the likely disclosure of exempt information as defined in Paragraph 3 of Part 1 of Schedule 12(A) of such Act indicated, as now amended by the Local Government (Access to Information) (Variation) Order 2006 (information relates to finance and business affairs).
Internal Audit Progress Report for the period 1st January to 31st May 2018
Consideration was given to a report presented by the Head of Internal Audit which provided a summary of Internal Audit work completed during 1st January to 31st May, 2018, and the key issues that had arisen therefrom.
It was noted that there had been no further changes to the Audit Plan since those reported to the November meeting of the Audit Committee.
Performance against key indicators had improved but in general the whole year targets had not been met. There had been a good start to 2018/19 with the Team engaged in a number of investigations, impacting upon the completion of the audit plan and continuing into the new financial year.
Summary conclusions in all significant audit work concluded during the period were set out in Appendix A of the report submitted. 8 audits had been finalised since the last Audit Committee meeting one of which had No Assurance and 2 had Partial Assurance. The remaining 5 all had Substantial Assurance or Reasonable Assurance.
Reference was also made Appendix C which detailed significant responsive work completed since the last Audit Committee.
Appendix D summarised Internal Audit’s performance against a number of Indicators. Appendix E showed outstanding recommendations that had passed their original due date. Where they had been deferred, the comment received from the Manager was given but where there was no change to the due date or comment, the Manager had not updated the system. The new software system was launched at the beginning of May so was not fully embedded; results would improve in the future.
Discussion ensued on the report with the following issues raised/clarified:-
- Any audit that received a “No Assurance” issued was immediately referred to the Chief Executive for action and follow up
- All “No Assurance” and “Partial Assurance” reports were also submitted to the Corporate Risk Manager for consideration as to whether they were included on the individual Directorate risk registers
Resolved:- (1) That the Internal Audit work undertaken since meetings of the Audit Committee, 1st January to 31st May, 2018, and the key issues arising therefrom be noted.
(2) That the information contained regarding the performance of Internal Audit and the actions being taken by management in respect of the performance be noted.
Strategic Risk Register
The Strategic Director of Adult Care and Housing and Councillor Roche, Cabinet Member, Social Care and Health, presented the Directorate Risk Register and risk management activity in particular highlighting:-
- How the Register was maintained/monitored and at what frequency
- Cabinet Member involvement
- How risks were included on/removed from the Register
- Anti-fraud activity in the Directorate
Discussion ensued with the following issues raised/clarified:-
- The risk factors would change once the review of the Learning Disability Service review was complete
- Direction of travel for the Adult Social Care budget
- Senior management staffing situation
- Workshop with risk owners to take place
- Deprivation of Liberty Safeguards
- Review of Rothercare
- Managing the market
- Universal Credit
Resolved:- That the progress and current position in relation to risk management activity in the Adult Care and Housing Directorate be noted.
Date and times of meetings for the 2018/19 Municipal Year
Monday, 30th July, 2018, at 2.00 p.m.
Tuesday, 28th September at 4.00 p.m.
29th January, 2019
Resolved:- That meetings be held during the 2018/19 Municipal Year as follows, all commencing at 2.00 p.m.:-
Monday, 30th July 2018
Tuesday, 2nd October
29th January, 2019