Agenda and minutes

Audit Committee - Tuesday, 26th November, 2019 2.00 p.m.

Venue: Town Hall, Moorgate Street, Rotherham. S60 2TH

Contact: Dawn Mitchell, Senior Democratic Services Officer 

Items
No. Item

40.

Declarations of Interest

Minutes:

There were no Declarations of Interest made at the meeting.

41.

Questions from Members of the Public or the Press

Minutes:

There were no members of the press or public present at the meeting.

42.

Minutes of the previous meeting held on 26th September, 2019 pdf icon PDF 84 KB

Minutes:

Consideration was given to the minutes of the previous meeting of the Audit Committee held on 26th September, 2019.

 

Resolved:-  That the minutes of the previous meeting of the Audit Committee be approved as a correct record of proceedings.

43.

Mid-Year Treasury Management and Prudential Indicators Monitoring Report - 2019/20 pdf icon PDF 208 KB

Minutes:

Consideration was given to the report presented by the Head of Corporate Finance outlining the mid-year treasury review which also incorporated the needs of the Prudential Code to ensure adequate monitoring of the capital expenditure plans and the Council’s Prudential Indicators.

 

The review, as set out in the Appendix submitted, highlighted the key changes to the Council’s capital activity (the PIs) and the actual and proposed treasury management activity (borrowing and investment).

 

With regard to investments, the primary governing principle remained security over return and the criteria for selecting counterparties continued to reflect this.

 

Overall borrowing remained fairly constant over the period covered by the report.  The Council would maintain its strategy of being significantly under-borrowed against the capital financing requirement as the most cost effective approach in the current financial climate.  The Council’s existing Treasury Management Strategy provided for the Council to take out £30M of new borrowing per annum over the next 4 years to reduce the amount of under-borrowing over time.  The position would remain under review and an update of the Strategy would be submitted to Members within the Budget and Council Tax 2020/21 report to Council in February, 2020. 

 

With regard to governance, strategies and monitoring were undertaken by the Audit Committee.

 

The report showed that the underlying economic and financial environment remained difficult for the Council, foremost being the improving but still challenging concerns over investment counterparty risk.  This background encouraged the Council to continue maintaining investments short term and with high quality counterparties.  The downside of such a policy was that investment returns remained low. 

 

As the Council continued to utilise the short term borrowing market to generate interest rate savings as part of approved budget plans, the level of short term borrowing would continue to rise.  As a result of this, the Council would need to increase its Prudential Indicator for borrowing volumes with a maturity date less than 12 months, currently set at 35% of total borrowing.  This change would come into effect as part of the Treasury Management Strategy for 2020/21.

 

Treasury Management and Prudential Indicators would form part of the 2020/21 budget report submitted to Council on 26th February, 2020.

 

Discussion took place with the following issues raised/clarified:-

 

-          PWLB was the lender of choice for most local authorities

-          The Authority was borrowing within the Strategy set

-          There was an indicator worked to which suggested the timeframe for each loan

 

Resolved:-  That the report be noted.

44.

Information Governance Annual Report pdf icon PDF 180 KB

Minutes:

Consideration was given to an update and annual report presented by Paul Vessey, Head of Information Management, on the Council’s compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA).

 

Since the last report submitted on 19th June, 2019 (Minute No. 4 refers), all outstanding tasks had been completed and all required policies and processes for compliance with GDPR and DPA were now in place and embedded within the organisation.  It was now the responsibility of all Directorates and Service areas to comply with the Council’s Data Protection policies and procedures.

 

Monitoring of the Council’s compliance with GDPR and DPA was carried out by the Corporate Information Governance Group (CIGG) which had representatives from all Directorates and Chaired by the Council’s Senior Information Risk Officer.  Any risks were monitored on a regular basis by the Group with risks and actions logged and reviewed at CIGG meetings and, if necessary, escalated in line with the Council’s risk management processes.

 

The key issues were:-

 

-          Maintain compliance

Compliance with Data Protection principles was a continuous project

CIGG fulfilled a core function in monitoring and overseeing information risks

Regularly monitored the effectiveness of the Council’s Data Protection Policies and each Directorate’s Information Governance and Data Protection processes

 

-          Raised awareness of Data Protection

Improvements in employee training awareness had led to increase in the identification of potential risks

Public awareness of information rights had resulted in an increase of 75% in the volume of Right of Access requests (RoAR) – 97 received in 2017/18 and 170 in 2018/19

-          Monitor performance of Freedom of Information (FOI) and Right of Access requests

Completion times for both types of requests had seen improved performance

Performance would continue to be closely monitored

Requests varied substantially in complexity and workload

 

Discussion ensued with the following issues raised/clarified:-

 

·           There had been occasions when complaints had been received with regard to performance but this had been due to some quite complex RoARs.  However, there had been no actions taken against the Authority by the Information Commissioner

·           Internal Audit had undertaken a full audit of the approach taken to GDPR and FOI

·           Rotherham’s performance was comparable to that of its neighbouring authorities

·           All FOI and RoARs currently being worked on were those received within the current financial year

·           FOIs still had a timeconsuming restriction on them; there was no such restriction on RoARs

 

Resolved:-  (1)  That the General Data Protection Regulation annual report 2018/19 be noted.

 

(2)  That the legal requirement of the Council continuing its maintenance of its Information Governance policies and processes in compliance with legislation be noted.

45.

External Inspections, Reviews and Audits Update pdf icon PDF 125 KB

Minutes:

Consideration was given to a report, presented by Simon Dennis, Corporate Risk Manager, providing details of recent and current external audits and inspections including the details of arrangements that were in place regarding the accountability and governance for implementing recommendations arising therefrom.

 

The report included detail of progress being made in respect of the following specific areas and Directorates:-

 

-          Children and Young People’s Services

-          Adult Care and Housing

-          Regeneration and Environment Services

-          Finance and Customer Services

-          External Auditor’s Report on the Accounts 2018/2019

 

It was noted that the report fed into the Annual Governance Statement.

 

Resolved:- (1) That the report be received and its contents noted.

 

(2) That the governance arrangements that were currently in place for monitoring and managing the recommendations from external audits and inspections, as now reported, be noted.


(3) That the Audit Committee continue to receive regular reports in relation to external audit and inspections and the progress made in implementing recommendations.

46.

Code of Corporate Governance pdf icon PDF 110 KB

Additional documents:

Minutes:

Further to Minute No. 50 of the meeting held on 27th November, 2018, David Webster, Head of Internal Audit, submitted the refreshed Council Code of Corporate Governance for consideration.

 

There had been no new revisions to the CIPFA (the Chartered Institute of Public Finance and Accountancy) and SOLACE (the Society of Local Authority Chief Executives) guidance on delivering good governance in local government.  However, it was good practice to review and revise the Council Code on an annual basis.

 

The Corporate Governance Group had completed the review.  It should also be noted that at the time of the last review the Council had still been in intervention meaning that some aspects of Guidance had not applied.  These had now been included within the Code and reflected the guidance in full.

 

The 7 key principles set out in the guidance which underpinned the governance of each local government organisation had not changed.  The Rotherham Code followed each of the principles and demonstrated how they were applied and evidenced in practice. 

 

Resolved:-  That the refreshed version of the Local Code of Corporate Governance be approved.

47.

Anti-Fraud and Corruption Policy, Strategy and Self-assessment against CIPFA Code of Practice pdf icon PDF 99 KB

Additional documents:

Minutes:

Further to Minute No. 34 of the Audit Committee meeting held on 2nd October, 2018, consideration was given to a report presented by David Webster, Head of Internal Audit.  It detailed the proposed update to the Council’s Anti-Fraud and Corruption Policy and Strategy following an annual review process designed to ensure that the Policy and Strategy were up-to-date with current best practice and to take into account any changes to the Council’s organisational structure.

 

The CIPFA Code of Practice on Managing the Risk of Fraud and Corruption required an annual report on performance against the Strategy. 

 

The report also provided a summary of proposals to further strengthen the Council’s fraud and corruption arrangements following a refresh of the self-assessment against the CIPFA Code of Practice on managing the risk of fraud and corruption.

 

The main changes to the documents were:-

 

-        Reference to the new electronic system to declare interests, gifts and hospitality

-        An update on the way to report a suspected wrongdoing under the Whistleblowing and Serious Misconduct Policy

 

It was also suggested that the out of hours contact number for concerns regarding both an adult and child safeguarding issue be included under Section 5.7.

 

The updated Anti-Fraud and Corruption Policy was attached at Appendix A and the updated Strategy at Appendix B.  Appendix C of the report contained an update to the self-assessment against the CIPFA’s Code of Practice on Managing the Risk of Fraud and Corruption.  It was important that the arrangements continued to be reviewed and updated where necessary to ensure the risk of fraud continued to be minimised.   

 

Resolved:-  (1)  That the proposed revisions to the Anti-Fraud and Corruption Policy and Strategy, including the textual amendments and additions discussed at the meeting, be approved.

 

(2)  That the proposed actions intended to strengthen the Council’s fraud and corruption arrangements be noted. 

48.

Risk Management Policy and Guide Refresh 2019 pdf icon PDF 138 KB

Additional documents:

Minutes:

Further to Minute No. 51 of the meeting held on 27th November, 2018, Simon Dennis, Corporate Risk Manager, submitted proposed minimal changes to the Risk Policy and Strategy.

 

The changes in the main consisted of typographical corrections and the updating of dates and names.  The Council’s risk management processes had been working effectively and it was the view of the Risk Champions group that implementing significant changes at the present time would be unnecessarily disruptive to the development of risk management in the Council.  However, in the course of the coming year, work would commence on an adaptation to the style of risk registers to reflect lessons learned since the adoption of the “word based” version last year.

 

Resolved:-  That the revised Risk Policy and Strategy be approved.

49.

Audit Committee Forward Plan pdf icon PDF 106 KB

Minutes:

Consideration was given to the proposed forward work plan for the Audit Committee covering the period January to September, 2020.

 

Resolved:-  That the Audit Committee forward plan, now submitted, be supported and any amendments arising actioned in due course.

50.

Items for Referral for Scrutiny

Minutes:

Resolved:-  That the Information Governance Annual Report be referred to the Overview and Scrutiny Management Board for information.

51.

Exclusion of the Press and Public

Resolved:-  That, under Section 100(A) of the Local Government Act 1972, the public be excluded from the meeting for the following items of business on the grounds that they involve the likely disclosure of exempt information as defined in Paragraph 3 of Part 1 of Schedule 12(1) of such Act indicated, as now amended by the Local Government (Access to Information) (Variation) Order 2006 (information relating to business and financial affairs).

Minutes:

Resolved:-  That under Section 100(A) 4 of the Local Government Act 1972, the public be excluded from the meeting for the following items of business on the grounds that they involve the likely disclosure of exempt information as defined in Paragraph 3 of Part 1 of Schedule 12(A) of such Act indicated, as now amended by the Local Government (Access to Information) (Variation) Order 2006 (information relates to finance and business affairs).

52.

Internal Audit Progress Report for the period 1st September to 31st October 2019

Minutes:

Consideration was given to a report presented by David Webster, Head of Internal Audit, which provided a summary of Internal Audit work completed during 1st September to 31st October, 2019, and the key issues that had arisen therefrom.   

 

The completion of the audit plan had been impacted by a member of the Audit Team leaving at the end of July and their replacement only working 4 days a week.

 

The current position with regards to the plan was given in Appendix A with 11 reviews having been deleted from the current year’s plan and additional days being allocated to 2 reviews; the deleted reviews were listed in Appendix B. 

 

7 audits had been finalised since the last Audit Committee meeting all with Substantial or Reasonable Assurance.   

 

Appendix D set out details of the unplanned responsive work completed since the last Audit Committee with Appendix E summarising Internal Audit’s performance against a number of Indicators.

 

Appendix F showed the number of outstanding recommendations that had passed their original due date, age rated.  The detail was then given, where they had been deferred the comment received from the Manager was given and where there was no change to the due date or comment, the Manager had not updated the system. 

 

Discussion ensued on various matters contained within the agreed actions section of the report which included changes that were to be made to the working practices and earlier reminders to be sent to officers and Assistant Directors which would hopefully reduce the number of outstanding recommendations.

 

Resolved:-  (1)  That the Internal Audit work undertaken since meetings of the Audit Committee, 1st September to 31st October, 2019, and the key issues arising therefrom be noted.

 

(2) That the information submitted regarding the performance of Internal Audit and the actions being taken by management in respect of the outstanding actions be noted. 

53.

External Assessment of Internal Audit

Minutes:

David Webster, Head of Internal Audit, presented a proposal for an external assessment to be undertaken of Internal Audit to reflect the changes that had taken place.

 

Under Public Sector Internal Audit Standards Internal Audit must be externally assessed against the standards at least every five years.  Rotherham MBC Internal Audit was last externally assessed at the end of 2015. 

 

Discussion took place on the options available for the assessment together with the relevant costs and the preferred option.

 

Resolved:-  (1)  That the completion of an external validation of an internal assessment of Internal Audit be endorsed.

 

(2)  That Option 1 be the preferred option and be carried out by the Head of Internal Audit from another Authority. 

 

(3)  If (2) above could not be achieved, then Option 3 be proceeded with and the external validation be carried out by the CIPFA consultant stated in the report submitted.

54.

Risk Management Directorate - Assistant Chief Executive

Minutes:

Consideration was given to a report, presented by Shokat Lal (Assistant Chief Executive) providing details of the Risk Register and risk management activity within the Assistant Chief Executive’s Directorate and in particular highlighting:-

 

-          How the Register was maintained/monitored and at what frequency

-          Involvement of the Cabinet Members for Finance and Corporate Services and Housing

-          How risks were included on and removed from the Register

-          Anti-fraud activity in the Directorate

 

The Cabinet Member for Housing was in attendance for this item.

 

Discussion ensued with the following issues raised:-

 

-          4 risks were currently rated as red :

(a)  Tackling Family Poverty

       (b)  Operating sound Recruitment Practices encompassing statutory and safeguarding requirements.

       (c)  Successfully delivering the Council’s Change Programme

       (d)  Management and delivery of the Vulnerable People Resettlement Scheme and the Asylum Programme

-          Implementation of the new HR and Payroll Service had been added as a risk.  Internal Audit would be undertaking a review

-          The definition used by the Council for Family Poverty

 

Resolved:- That the progress and current position in relation to risk management activity in the Assistant Chief Executive’s Directorate, as detailed in the report now submitted, be noted.

55.

Regeneration and Environment Directorate Risk Register

Minutes:

Consideration was given to a report, presented by Paul Woodcock, Strategic Director, Regeneration and Environment, providing details of the Risk Register and risk management activity within the Regeneration and Environment’s Directorate.

 

The Cabinet Members for Jobs and the Local Economy and Cleaner, Greener Communities, were also in attendance for this item.

 

The Committee sought reassurance on the Risk Register and risk management activity in particular highlighting:-

 

-          How the Register was maintained/monitored and at what frequency

-          Involvement of the Cabinet Members for Jobs and the Local Economy, Waste Roads and Community Safety and Cleaner, Greener Communities

-          How risks were included on and removed from the Register

-          Anti-fraud activity in the Directorate

 

Discussion ensued with the following issues raised:-

 

·           The Register currently had 19 risks listed 3 of which were also deemed Strategic risks

·           A de-brief would take place following the activation of the Emergency Plan in connection with the recent flooding incidents.  It was important for Elected Members to feed into that process

·           A condition survey of the Authority’s estate had been undertaken

·           Importance of diversification of the Town Centre

·           Flood defence work in the Town Centre

·           Licensing standards/Home to School Transport

·           Discussion of the Risk Register with Cabinet Members

·           BDR/Household Waste Collection Contract

 

Resolved:- That the progress and current position in relation to risk management activity in the Regeneration and Environment Directorate, as detailed in the report now submitted, be noted.

56.

Date and time of next meeting

Tuesday, 28th January, 2020 commencing at 2.00 p.m.

Minutes:

Resolved:-  That a further meeting be held on Tuesday, 28th January, 2020, commencing at 2.00 p.m.