Venue: Virtual Meeting - the recording of the meeting will be uploaded after the conclusion of the meeting
Contact: Dawn Mitchell, Governance Advisor
Declarations of Interest
To receive declarations of interest from Members in respect of items listed on the agenda.
There were no Declarations of Interest made at the meeting.
Questions from Members of the Public or the Press
To receive questions relating to items of business on the agenda from members of the public or press who are present at the meeting.
There were no members of the press or public present at the meeting.
To consider and approve the minutes of the previous meeting held on 18th August, 2020, as a true and correct record of the proceedings.
Consideration was given to the minutes of the previous meeting of the Audit Committee held on 18th August, 2020.
It was noted that remote interviews would be taking place in early October for the appointment of the Independent Person.
Resolved:- That the minutes of the previous meeting of the Audit Committee be approved as a correct record of proceedings.
Consideration was given to an update and annual report presented by Paul Vessey, Head of Information Management, on the Council’s compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA).
Since the last report submitted on 26th November, 2020 (Minute No. 44 refers), all outstanding tasks had been completed and all required policies and processes for compliance with GDPR and DPA were now in place and embedded within the organisation. It was now the responsibility of all Directorates and Service areas to comply with the Council’s Data Protection policies and procedures.
Monitoring of the Council’s compliance with GDPR and DPA was carried out by the Corporate Information Governance Group (CIGG) which had representatives from all Directorates and Chaired by the Council’s Senior Information Risk Officer. Any risks were monitored on a regular basis by the Group with risks and actions logged and reviewed at CIGG meetings and, if necessary, escalated in line with the Council’s risk management processes.
The key issues were:-
- Maintain compliance
Compliance with Data Protection principles was a continuous project
CIGG fulfilled a core function in monitoring and overseeing information risks
Regularly monitored the effectiveness of the Council’s Data Protection Policies and each Directorate’s Information Governance and Data Protection processes
- Raised awareness of Data Protection
The Council had received a 75% increase in the volume of validated Information Right of Access Requests (RoARs) in the 2018/19 financial year
This had coincided with increased national media coverage of GDPR and Data Protection and was reasonable to suggest that this rise was partly attributable to greater public awareness of information rights
The trend had been monitored – the validated number of RoARs for 2019/20 was 188, a further increase of 10% on 2018/19
- Monitor performance of Freedom of Information (FOI) and Right of Access requests
Completion ‘in time’ of validated Right of Access Requests had continued to improve despite an increase in the overall volume of enquiries
Performance was below the 100% completion target within the statutory time limits due to the large number of RoARs that were complex in nature involving large volumes of historical data, Children’s Services and often linked to CSE
Slight decrease in completed ‘in time’ Freedom of Information Requests and a reduction in volume. Analysis of the data did not raise any significant concerns and was mainly due to a poor month’s performance that could not be overcome during the rest of the year’s performance
Performance would continue to be closely monitored with the focus on improvement.
Discussion ensued with the following issues raised/clarified:-
· Very low number of FOI’s refused for not meeting the criteria
· Internal Audit had been requested to look at the processes for possible enhancements to improve what was currently in place
· It was the Authority’s public duty to provide the information it held if no valid reason to withhold
Resolved:- (1) That the General Data Protection Regulation annual report 2019/20 be noted.
(2) That the legal requirement of the Council ... view the full minutes text for item 110.
Gareth Mills, Grant Thornton, presented a report on the Redmond Review launched in September 2019 and led by Sir Tony Redmond, former President of CIPFA. The purpose of the review had been to assess the effectiveness of audit in local authorities and the transparency of financial reporting.
The review recommendations were:-
- A new regulator – the Office of Local Audit and Regulation to replace the FRC and PSAA
- Scope to increase fees – the current fee structure for local audit be revised i.e. increased to ensure that adequate resources were deployed to meet the full extent of local audit requirements
- Move back to a September deadline – the deadline for publishing audited local authority audits be revisited with a view to extending it to 30th September from 31st July each year
- Accounts simplification – CIPFA/LASAAC be required to review the statutory accounts to determine whether there was scope to simplify the presentation of local authority accounts
- Recognition of the role of authorities in improving governance and reporting
- Development of audited and reconciled account summaries
Discussion ensued with the following points raised-
· Acknowledgement that audits were currently significantly under priced
· CIPFA to look at the accounting codes
· NHS bodies were outside the regime but will be impacted by it
· The new 2021 accounting code required more detailed work on the Value for Money conclusion
· Suggestion of a summary of accounts in 2020/21 to make local authority accounts more user friendly
Resolved:- (1) That the report be noted.
(2) That Grant Thornton submit a report to the January 2021 meeting of the Audit Committee on the Value for Money review that would be undertaken in 2021.
Further to Minute No. 33 of the meeting of the Audit Committee held on 26th September, 2019, David Webster, Head of Internal Audit, presented the revised Internal Audit Charter.
The Charter, which in effect was the Terms of Reference of the Internal Audit Department, was aligned to the Public Sector Internal Audit Standards (PSIAS) and Local Government Application Note (LGAN) which was mandatory for all Local Government audit departments. It also took account of the contents of the CIPFA Statement on the Role of the Head of Internal Audit.The Charter must be reviewed periodically and presented to the Audit Committee for approval.
The review had been completed, however, none of the requirements had changed in the last year and, therefore, no changes made to the Charter.
The Charter outlines the regulatory requirements for Internal Audit and detailed:
· The Mission, Definition, Core Principles and Code of Ethics of Internal Audit.
· The Independence, Role, Scope of Work, Responsibilities, Reporting arrangements, Relationships, Resources and Performance Reporting of Internal Audit.
· The role of Internal Audit in reducing and investigating fraud, and in consulting services.
Resolved:- That the Internal Audit Charter, as now submitted, be approved.
(Due to technological difficulties experienced by the Chair, the Vice-Chair assumed the Chair for the remainder of the meeting.)
(Councillor Walsh in the Chair.)
Further to Minute No. 47 of the Audit Committee meeting held on 26th November, 2019, consideration was given to a report presented by David Webster, Head of Internal Audit. It detailed the proposed update to the Council’s Anti-Fraud and Corruption Policy and Strategy following an annual review process designed to ensure that the Policy and Strategy were up-to-date with current best practice and to take into account any changes to the Council’s organisational structure.
The CIPFA Code of Practice on Managing the Risk of Fraud and Corruption required an annual report on performance against the Strategy.
The Council’s updated Anti-Fraud and Corruption Policy was attached at Appendix A of the report submitted together with the updated Strategy at Appendix B. Appendix C of the report contained an update to the self-assessment against the CIPFA’s Code of Practice on Managing the Risk of Fraud and Corruption. This led to the action plan for maintaining/developing the Council’s arrangements.
The main changes to the documents were:-
- Reference to the new electronic system to declare interests, gifts and hospitality
- Reference to anti-fraud work carried out by Internal Audit
- How the Council dealt with attempts at fraud
Discussion ensued with the following issues raised:-
· There had been some attempted fraudulent claims of the Council-run grants during the pandemic but had been picked up by the Finance Team
· Information regarding the main themes of the Policy were included within briefings to staff as well as being available on the intranet. Consideration to be given to awareness raising for Members
Resolved:- (1) That the proposed revisions to the Anti-Fraud and Corruption Policy and Strategy, including the textual amendments and additions discussed at the meeting, be approved.
(2) That the proposed actions intended to strengthen the Council’s fraud and corruption arrangements be noted.
Consideration was given to the proposed forward work plan for the Audit Committee covering the period November, 2020 to September, 2021.
It was noted that the Accounts Audit Plan, due for submission to the January meeting, would also include information on the new Audit Code.
Resolved:- That the Audit Committee forward plan, now submitted, be supported and any amendments arising actioned in due course.
Items for Referral for Scrutiny
To consider the referral of matters for consideration by the Overview and Scrutiny Management Board.
There were no items for referral to Scrutiny.
Exclusion of the Press and Public
Resolved:- That, under Section 100(A) of the Local Government Act 1972, the public be excluded from the meeting for the following items of business on the grounds that they involve the likely disclosure of exempt information as defined in Paragraph 3 of Part 1 of Schedule 12(1) of such Act indicated, as now amended by the Local Government (Access to Information) (Variation) Order 2006 (information relating to business and financial affairs).
Resolved:- That under Section 100(A) 4 of the Local Government Act 1972, the public be excluded from the meeting for the following items of business on the grounds that they involve the likely disclosure of exempt information as defined in Paragraph 3 of Part 1 of Schedule 12(A) of such Act indicated, as now amended by the Local Government (Access to Information) (Variation) Order 2006 (information relates to finance and business affairs).
Information Technology Audit Report
Gareth Mills, Grant Thornton, together with Thilina Da Zoysa and Calum Clark, presented a report on the assessment undertaken of the design and implementation effectiveness of the IT General Controls within the IT environment as they affected the financial statements for the year ended 31st March, 2020.
The report set out a summary of observations, the scope and summary of work completed and detailed observations and recommendations.
Discussion ensued with the following issues raised/clarified:-
· The recommendations would be followed up on as part of the audit planning work
· The audit would take place late February/early March which would include a 6 months’ follow-up from implementation of the recommendations
Resolved:- That the report be noted.
Internal Audit Progress Report 1st July to 31st August, 2020
Consideration was given to a report presented by David Webster, Head of Internal Audit, which provided a summary of Internal Audit work completed during 1st July to 31st August, 2020, and the key issues that had arisen therefrom.
Work on the 2020/21 plan had commenced with the current position set out in Appendix A of the report submitted. There would be a half-yearly review and the plan would need to remain flexible throughout the year to allow for any developments relating to Covid-19. Appendix B set out the addition to the Plan.
4 audits had been finalised since the last Committee meeting including 2 receiving Substantial Assurance, 1 Reasonable Assurance and 1 Partial Assurance. Audit opinions and a brief summary of all audit work concluded since the previous meeting were set out at Appendix C.
Internal Audit’s performance against a number of indicators was summarised in Appendix D but had been impacted by the time spent on Business Support Grants and sickness absence.
Appendix E showed the number of outstanding recommendations that had passed their original due date, age rated. The number of aged outstanding actions had decreased slightly from 38 to 36. 14 of the older actions had been cleared but another 12 had become overdue.
Discussion ensued on various matters contained within the agreed actions section of the report which included:-
· A meeting was to be held with all Assistant Directors/Heads of Service to ensure they were fully aware of their responsibility when making a commitment to an agreed action due date
· Deviation from Internal Work required during the height of the Covid-19 pandemic and subsequently the taking of leave had impacted upon performance
· Acknowledgement that remote working did impact upon the time taken to undertake tasks
Resolved:- (1) That the Internal Audit work undertaken since meetings of the Audit Committee, 1st July to 31st August, 2020, and the key issues arising therefrom be noted.
(2) That the information submitted regarding the performance of Internal Audit and the actions being taken by management in respect of the outstanding actions be noted.
(3) That the Committee’s thanks be placed on record to the work of the Internal Audit Team under the current circumstances and the contributions they had made to other work within the Council.
To consider any item which the Chair is of the opinion should be considered as a matter of urgency.
There was no urgent business to report.
Date and time of next meeting
The next meeting of the Audit Committee will be held on Tuesday, 24th November, 2020 commencing at 2.00 p.m.
Resolved:- That a meeting of the Audit Committee be held on Tuesday, 24th November, 2020, commencing at 2.00 p.m.