Agenda and draft minutes

Councillor Moss explained that Council at its meeting on Wednesday 15 January had approved the two new Independent persons of the Audit Committee. Councillor Moss welcomed Ben Thomas and David Webster.

Councillor Moss also reported that Phil Llewellyn had recently left the authority and asked that the thanks of the Audit Committee for Phil’s work be placed on record.

Apologies were recorded above.

Members of the Audit Committee are asked to consider whether they have an interest in any of the matters on the agenda and, if so, to formally declare that interest.

There were no declarations of interests made at the meeting.

The Minutes of the following meetings are attached:

29^th October 2024

3^rd December 2024 (Special Meeting)

9^th January 2025 (Special Meeting)

It was agreed:

That Minutes of the following Meetings held on:

29 October 2024

3 December 2024

9 January 2025

Be approved as a correct record and signed by the Chair.

·         Councillor Moss referred to AU.32 of the Minutes of the meeting on 29 October 2024 in reference to the question raised by Councillor Berry regarding ‘School Streets’. Councillor Moss asked how many schools had expressed a willingness to be an additional scheme.

The Council’s Risk Manager reported that two schools had submitted expressions of interest, Woodhey High And Woodbank Primary.

·         Councillor Moss explained that at a previous meeting of the Committee the start time of future meetings had been discussed and had been agreed at 6.30pm.

Councillor Moss explained that as a number of the Committee had arrived at the start of the meeting or just after, would the Committee want to review this decision before the Timetable of Meetings was presented to Council in March for approval.

·         Councillor Moss referred to AU.42 of the Minutes of the Meeting held on 3 December 2024 and the request to include more information in the final Annual Governance Statement with regards to Project Safety Valve.

The Director of Finance confirmed that this had been undertaken.

·         Councillor Hook referred to AU.45 of the Minutes of the Meeting held on 9 Jan 2025 and the amendment to the action Plan to include reference to the Member Assurance Group and revised implementation of February 2026. Councillor Hook asked whether the plan had been updated and if so could it be reissued to the Audit Committee.

It was agreed:

1.   That the draft timetable of meetings be updated to include the start time of Audit Committee meetings to 7pm.

2.   That the Director of Finance reissue the action plan to the Audit Committee.

Reports attached include:

Statement of Accounts

Audit Completion Report

Value for Money Report

Audited Statement of Accounts

Annual Governance Statement

It was reported that in accordance with the Accounts and Audit Regulations 2015 (as amended) the 2023/24 Draft Unaudited Statement of Accounts were signed by the Interim Deputy Chief Finance Officer (acting S151 Officer) on 31 May 2024 by the deadline and published on the Councils website. However, the Annual Governance Statement was not available by the 31 May 2024 deadline, therefore the Council had been unable to commence the 30-working day period for the Exercise of Public Rights and a delay notice was published on the Council website.

To achieve the statutory backstop date of the 28 February 2025, the Council had been required to commence the 30-working day period for the Exercise of Public Rights, no later than 16 January 2025. Following the 3 December 2024 Audit Committee meeting both the 2023/24 Draft Unaudited Statement of Accounts and Annual Governance Statement were published on the Council website and the Period for the Exercise of Public Rights ran from Monday 16 December 2024 and concluded on Friday 31 January 2025.

The Accounts and Audit (Amendment) Regulations 2024 came into force on the 30 September 2024, this legislated the statutory backstop dates, including the 2023/24 Statement of Accounts of 28 February 2025. To comply with the backstop date legislation the Council had to publish accountability statements on the website by this backstop date, accountability statements needed to include:

·         The Statement of Accounts together with the Audit Opinion and any certificate.

·         The Annual Governance Statement.

·         The Narrative Statement (the Council includes this within the Statement of Accounts)

The Accounts and Audit (Amendment) Regulations 2024 require those charged with governance to approve the final audited accountability statements prior to publication. Therefore, Audit Committee are asked to approve the 2023/24 Statement of Accounts (Appendix 3) and Annual Governance Statement (Appendix 4) and delegate authority to the Chair of the Audit Committee and the Director of Finance, to sign-off the 2023/24 Statement of Accounts and the Leader and Chief Executive to sign-off the 2023/24 Annual Governance Statement.

The Engagement Partner, Forvis Mazars  presented the Audit Strategy Completion Report – year ended 31 March 2024 and confirmed that they would be providing a disclaimer opinion on the 2023/24 accounts in line with the backstop arrangements following the disclaimer opinions provided previously for 2022/23 and 2023/24.

The purpose of the document is to summarise the audit and to explain how the statutory backstop arrangements introduced by the Accounts and Audit (Amendment) Regulations 2024, have affected the completion of the work and the reporting consequences.

It was explained that the external auditors consider two-way communication with the Council to be key to a successful audit and particularly important in the context of the backstop arrangements as it facilitates:

• reaching a mutual understanding of the scope of the audit and the responsibilities of each of the external auditors and the council;

• sharing information to assist the external auditors and the council to fulfil their respective responsibilities; and

• providing the council with constructive observations arising from  ...  view the full minutes text for item AU.51

Report and appendices attached.

The Head of Fraud, Audit Insurance and Risk  presented a report setting out the Global internal Audit Standards.

The report introduced and outlined the Global Internal Audit Standards which are to be followed by the Council from 1 April 2025

It was explained that the main changes in the Global Internal Audit Standards (GIAS) include a new structural organisation, a stronger emphasis on risk management, increased focus on Audit Committee involvement, the introduction of "essential conditions" regarding governance, revised requirements for engagement planning and communication, and a more robust quality assurance and improvement program, all aiming to enhance the effectiveness and relevance of internal audit functions within the organisation. 

Whilst GIAS is different to the material it replaces, (PSIAS) most of the requirements have the same practical effect as the previous standards.

Internal Audit have recently been assessed against PSIAS and this has identified recommendations to be addressed. As we address these recommendations we will also ensure that we are complying with the new GIAS.

The Council will be reviewing and revising the Audit Charter and Strategy, and the teams’ Audit Manual ensuring that all key documents support the strategy, planning and delivery of the service. We will develop the quality assurance improvement plan. 

It was explained that updates on progress will be reported to future audit committees.

·         Councillor Moss asked whether Internal Audit always sit in Finance?

The Head of Fraud, Audit Insurance and Risk stated that no, internal audit does not always sit within the finance department; while it often has a focus on financial controls, it is considered a separate, independent function within an organization. 

·         Councillor Moss referred to next steps set out at  4.14 and 4.15 and asked when the Committee should expect a further report back?

The Head of Fraud, Audit Insurance and Risk explained that the Council have just received the  CIPFA Code of Practice which accompanies the GIAS and the CIPFA Application Note for the standards.  It is the intention to keep Audit Committee up to date as often as is needed as the application of the new standards take place. The Council internal Audit Team have recently been reviewed against the existing standards (PSIAS) and it is intended to bring a report regarding this in April 2025, there have been recommendations from this PSIAS review to implement and as these are implemented we will be referring to the new standards to ensure we meet these too.

·         Councillor Moss asked what practical changes in the way that Internal Audit work are necessitated by the new standards and whether it involves extra work?

The Head of Fraud, Audit Insurance and Risk explained that many of the introduced new standards are already being met by the team, such as  planning, supervising and communicating regarding audit engagements. The standards look to improve the governance arrangements and Audit will be required to report upon the organisations risk management processes, and this has already identified this in the 2024/25 plan.

The standards express that auditors are expected to  ...  view the full minutes text for item AU.52

Report and appendices attached.

The Head of Fraud, Audit, Insurance and Risk presented a report giving an update on the work undertaken by the internal audit team. The report covers the period 1st October to 31st December.

It was explained that the audit plan for 2024/25 had been updated to show current position and this is set out in Appendix A.

Narrative progress against the original plan is shown at 2.1 to 2.13 and paragraph 2.1.4 identifies amendments which have had to be made to the plan. 

Since the Audit Committee met in October 2024, 12 audits have been completed and reports have been issued to Members, these are detailed at table 2.2.1 , also seven first follow ups and four second follow ups have been completed and these are detailed at paragraph 2.3

At the time of preparing the report, there were 9 audits in progress and one draft report had been issued.  (Details are at paragraph 2.4.1.)

·         Councillor Moss referred to 2.1.2  of the report and stated that the 24/25 Plan has always been in difficulties because of the number of non-finalised audits from 23/24.

Councillor Moss asked whether there will always be some work that carries over from one year to another, and whether, when the  plan for 25/26 is presented to the Committee in April Janet will be confident of being able to forecast how much work will be left over from 24/25?

Councillor Moss also enquired as to whether any follow ups from 24/25 Audits go into the Plan for 25/26 or do they count as unfinished 24/25?

The Head of Fraud, Audit Insurance and Risk explained that the Annual Audit Plan will identify audits which have been brought forward from 24/25.  Some audits for 24/25 may not now be needed if other works have been undertaken in the area (external review for example) and these will not be brought forward. The Committee receives a report at each meeting on progress on current year plan which includes audits to be carried forward. The report estimates the target days for each review brought forward, but as with any other audit review, these are a target and may come in under / over this target time.

It is very  difficult to be exact when preparing the plan to know the work leftover to be carried forward as we will be writing the Audit Committee  reports and producing the audit plan 6 weeks prior to the end of the financial year.  Other works may take priority in those six weeks which could cause further slippage.  We will however do our best to identify the audits that will not have been completed by the end of March.  Looking at what is still active as at Monday 10 February, there are 17 active audits that are currently at different stages of the process and 6 audits that are still to commence.

Follow ups from 24/25 roll over into the next financial year and go into the plan and will be counted within the total  ...  view the full minutes text for item AU.53

Report and appendices attached.

The Risk Manager presented a report which provided an updated position with regards to the risks identified and assessed on the Council’s Corporate Risk Register.

23 risks were currently present on the Corporate Risk Register and had been identified as those that have the potential to disrupt the Council’s strategic objectives and service delivery.

The report presents all relevant information and scoring of these risks, an overview being:

Of the 23 risks, 16 risks are currently rated as Significant (risk score 15-25)

7 risks are currently rated as High (risk score 8-12)

·         0 have increased in score

·         2 have decreased in score

·         21 have remained static

·         0 are proposed for closure

·         Councillor Moss referred to CR29 Reinforced Autoclaved Aerated Concrete (RAAC) because the Council had been unable to satisfy the External Auditors in December that all its buildings are free of RAAC. Councillor Moss asked why the risk score  remained unchanged from the last report (15) as the last comment under Current Controls looks positive.

It was explained that the report and Corporate Risk Register review is as at 13^th December 2024, However, further to risk assessments and inspections/surveys carried out over the last 2 months, the risk has since been reviewed and now scores a Likelihood of 2, Impact of 5, with an overall score of 10. Resource has been significantly prioritised since September 2024 in order to ensure the desired target score of 5 is achieved at the earliest opportunity.

·         Councillor Moss raised a further point regarding CR29 RAAC and explained that at the Special Audit Committee meeting on January 9, the Chief Executive agreed that it was unsatisfactory that any Risk sat under multiple owners and said it would/should be changed to sit under just 1. However, the current Risk Register shows it as still having 3.

It was reported that the risk review was prior to this being agreed (as at 13th December). The removal of multiple risk owners has since been explored and so at the next Audit Committee meeting, you can expect to see only one risk owner against this risk.

·         Councillor Moss referred to CR21 - Project Safety Valve and stated that the Risk is 1 of only 2 that have decreased in score. Its likelihood has reduced from 5 to 3, reducing the score from 25 to 15.

Councillor Moss explained that he was in attendance at Budget Overview & Scrutiny last week and asked questions regarding the Risk. The Executive Director Children and Young People did speak encouragingly about various things improving post March 2026, but at present the deficit is increasing and is forecast to increase further during 25/26. Councillor Moss explained it does not seem the right time to lower the risk score. 

The Risk Manager reported that the Executive Director of Children’s Services had given the following explanation: The national context for Project Safety Valve (PSV) has changed with the new government, with an acceptance that the programme has not delivered what was intended largely because of the  ...  view the full minutes text for item AU.54

Report ‘to follow’.

The Head of Governance and Council’s Data Protection Officer  presented a report on Council’s Information Governance activity up to the end of December 2024, which highlighted improvements in training compliance, performance at responding to requests for information and dealing with data breaches in terms of Information Governance.

The report gave a full update on the ICO recommendations and actions taken by the Council. The report also gave details of figures relating to Subject Access Reviews (SARs) and SAR reviews, statistics relating to Freedom on Information (FOI), Environmental Impact Reviews and DPO Reviews, Data breaches, and Complaints, included those upheld by the ICO. Details were also shared of attendance by Officers and Members in terms of mandatory training and non-compliance and actions taken.

The Policy Compliance Team had been established in April 2024 and report directly to the Data Protection Officer who reports to the Law of Law and Governance who acts as SIRO. Regular updates on all IG matters are provided to the SIRO. The SIRO and DPO report IG matters to the Corporate Governance Group at each meeting to ensure there is oversight of IG across the council. Additionally, the Information Governance Framework has been reviewed and was approved by the Audit Committee in October 2024. The 15 policies and procedures that sit underneath this framework have also been reviewed in line with best practice and legislation. These were attached to the report for endorsement. Detailed guidance and step by step instructions have also been created to supplement the policies and procedures within the IG Framework.

If endorsed, the new framework, policies and procedures and guidance will be launched with staff. Updated intranet pages and staff communications are planned to be launched the middle of February following this endorsement.

The recommendations from the ICO report in 2021 and an update against each was attached to the report at Appendix 1.

·         Councillor Bernstein asked if any comparative data was available to see how Bury was performing.

The Head of Governance explained that the Council did work with the GM Information Governance team and that comparison from other GM authorities could be sought.

It was also reported that the feedback received from the ICO was positive.

·         David webster asked how many FOIs and SARs had been cleared.

The Head of Governance explained that this information was available to the CGG and would be shared with the Committee. There were currently 4 SARs outstanding.

It was agreed:

1.    That Audit Committee note the performance from 1 January 2024 to 31st December 2024.

2.    That the Audit Committee notes, the updated actions taken in respose to the Information Commissioners recommendations.

3.    That the Audit Committee endorses the reviewed and updated Information Governance policies and procedures.

To consider passing the appropriate resolution under Section 100(A)(4) of the Local Government Act 1972 that the press and public be excluded from the meeting during consideration of the following items of business since they involve the likely disclosure of the exempt information stated.

It was agreed:

That the press and public be excluded from the meeting under Section 100 (A)(4), Schedule 12(A) of the Local Government Act 1972, for the reason that the following business involves the disclosure of exempt information as detailed against the item

Report attached.

The Head of Fraud, Audit, Insurance and Risk introduced the report which was provided for information only.

The report related to the reports highlighted in the Internal Audit Progress report which was delivered in the open session of the meeting.

Members were given the opportunity to seek clarification / challenge any parts of the report / audit reports which they have already received each month.

It was agreed

That the report be noted.

The Committee will receive a verbal update on Corporate Governance Group's review of outstanding recommendations from 2nd Follow Up Reports.

It was agreed:

That a written update be provided to the Audit Committee following the meeting.

Report attached.

A confidential report was submitted for information only on Special Investigations carried out by the Internal Audit Team.

It was agreed:

That the report and information received at the meeting be noted

Report and appendices attached.

The Committee received a report providing an update on the Annual Counter Fraud Plan 2024/25 and the work undertaken by the Counter Fraud Team during the period 1st October 2024 to 13th December 2024.

It was agreed:

That the report and information received at the meeting be noted.

It was noted that the planned training for Audit Committee members to be delivered by representatives from the LGA has been scheduled for the 1^st May.  This will be supplemented by Bury specific training as required in areas such as the understanding the Risk matrix and approach.