Agenda and minutes

Apologies were received as above.

Members of the Audit Committee are asked to consider whether they have an interest in any of the matters on the agenda and, if so, to formally declare that interest.

There were no declarations received at the Meeting.

The Minutes of the last meeting of the Audit Committee held on

It was agreed:

That the Minutes of the last meeting held on 6 March 2024 be approved a a correct record and signed by the Chair.

Under Matters Arising, it was noted that on Page 5, the questions from Cllrs Berry and McBriar needed to be carried forward as there was no officer present who could answer them until the meeting on 29^th October 2024.

Councillor Moss reported that all members had received an email regarding the appointment of a nominated Corporate Parenting Champion from each committee. It was explained that the person would receive training and would be responsible for advocating for Corporate Parenting matters at each committee.

Councillor Moss asked for nominations.

It was agreed:

That Councillor J Hook would be the Corporate Parenting Champion for the Audit Committee

Attached.

Louise Kirkman, Risk Manager presented the Risk Management Strategy.

The Strategy had been updated and included the aim and scope of the strategy, risk management definition and objectives,  the roles and responsibilities of all employees and elected members and the Risk Management toolkit.

Members of the Committee were given the opportunity to ask questions, the following points were raised:

·         Councillor Hayes referred to 2.3 of the report and the reference to insurance. Councillor Hayes asked if there were specialist municipal insurance companies that provide cover.

Louise explained that as well as insurance there would also be mitigating factors in place to make sure that the issues didn’t happen in the first place. 

It was agreed:

That the updated Risk Strategy be approved

Attached

Louise Kirkman, Risk Manager presented the Committee with the updated Risk Register.

The report provided an updated position with regards to the risks identified and assessed on the Council’s Corporate Risk Register as at the end of Quarter 1.

The risks have been considered by the Executive Team as those with the potential to disrupt the Council’s strategic objectives and service delivery. Furthermore, the report provided the Audit Committee with an analysis of the 2023/2024 Corporate Risk Register to support their annual review of strategic risks and the approach taken to their management.

It was explained that a total of 23 risks are present on the Corporate Risk Register and have been identified as those of a genuine corporate nature and are summarised as follows:

·         14 risks are currently rated as Significant (risk score 15-25)

·         8 risks are currently rated as High (risk score 8-12)

·         1 risk is currently rated as Moderate (risk score 4-6)

·         0 have increased in score 

·         3 have decreased in score

·         19 have remained static

·         1 has been newly introduced

·         2 of the static risks have not been reviewed in the last reporting period

·         1 of the decreased risks is proposed for closure

Members of the Committee were given the opportunity make comments and ask questions and the following points were raised:

·         Councillor Berry referred to CR.3 security and mentioned the recent worldwide outage to IT systems and asked what was in place in relation to this at the Council.

Kate Waterhouse reported that this was kept under regular review in relation to both digital risk and human risk. It was also explained that the Council had a managed IT security contract with an external provider.

·         Councillor Berry referred to CR.5 and asked if the demand on pressure at A & E was due to a  lack of GP appointments across the borough.

Louise reported that she would take this question away and request an update.

·         Councillor McBriar referred to CR.1 and CR.3 and the current status being on target but asked how this was if the risks were currently static.

Louise reported that this issue was currently being looked at.

·         Councillor Hook refereed to CR.16 and asked about the realisation of the risk.

Louise explained that the service risk registers and departmental risk registers contained more information.

·         Councillor Moss referred to CR.28, Asylum and Immigration and stated that the work of the department should be note.

It was agreed:

1.    That the contents of the report be noted

2.    That the Corporate Risk Register is received.

3.    That the Audit Committee approve the closure of CR25 – housing conditions

4.    That the Audit Committee select CR.19, Financial Capacity and CR.3, Security and Resilience as the  as the 2 ‘Deep Dive’ risks to be considered at the next meeting of the Audit Committee.

A report and appendices from the Council’s Section 151 Officer is attached.

Janet Spelzini, Head of FAIR (Fraud, Audit, Insurance and Risk)  presented the Internal Audit Report

It was explained that this is the regular report which gives an update of the work of the Internal Audit Team since the last update report submitted to Audit Committee at its meeting in March 2024.

The report covers the period 1^st February to 31^st May 2024.

It was explained that the majority of work from 2023/24 plan has now been completed and work on 2024/25 plan is now progressing.

Since Audit Committee last met in March 2024, 14 audit reports have been issued and these are listed in the table at paragraph 2.2.2.

10 first follow ups and 9 second follow ups  have been completed and issued – and are listed in the table at paragraph 2.3 of the report.

Those present were given the opportunity to make comments and ask questions and the following points were raised:

·         Councillor Moss referred to 2.12 of the report and the 93 days that it had taken to complete audits for which 47 days had been allocated. Councillor Moss asked whether the extra days taken would be absorbed or whether this would impact on the Audit plan.

Janet reported that the work had followed over from 2023/2024 and had taken more days than were initially allocated to complete but the days would be absorbed and there was no requirement to alter the plan.

·         Councillor Moss referred to work on school audits and those that had been completed for the school to transfer to an academy. Councillor Moss asked why this work was being done when schools could move over to a trust.

Judith explained that before school audits are undertaken checks will be carried out to ensure that hey are remaining under Council control.

·         Councillor Moss referred to the planned work on debtors and creditors and stated that this work had been done in 2023/24.

Judith explained that the planned work was to undertake deep dives  on controls and processes within debtors and creditors.

It was agreed:

That the contents of the report be noted.

Karen Murray, external auditor presented a report giving an update on the progress made by the external auditors since the last meeting of the Audit Committee.

It was reported that the 2021/2022 financial statements audit work was substantially complete, Mazars were waiting for updates on a couple of queries in relation to RAAC in council buildings, responses to queries in respect of related party disclosures and the final audit file review and closure.

Karen explained that for the work to commence on the 2022/2023 and the 2023/2024  financial statements there needed to be a closing balance for one before starting on the other.

Prior to the announcement of the General Election it was explained that the government were working on a proposal to implement a backstop which would mean that all work on the 2022/23 accounts would stop and that accounts for 23/24 and prior years would have backstop dates enabling a catch up from 24/25 onwards.

·         Councillor McBriar stated that this would be a sensible option.

·         Councillor Rubinstein asked if the accounts weren’t reliable what position would that put the council in in relation to debt and fees etc.

Karen explained that the National Audit Office would issue guidance to all Councils that were affected.

Neil explained that this wouldn’t affect the position of the Council as credit would not be an issue.

Karen directed Members to section 2 of the report, national publications. Karen explained that the National Audit Office had published a guide for senior leaders and Audit and Risk Committees on Digital Transformation in Government and recommended that Members may want to review the document.

It was agreed:

That the content of the report be noted.

A report from the Head of Fraud, Audit, Insurance and Risk (FAIR) is attached.  

Janet Spelzini presented a report summarising the results of Internal Audit work during the financial year 2023/24 and, as required by the Accounts and Audit Regulations 2015, gives an overall opinion of the Authority’s control environment.  

The report highlights that for a variety of reasons changes had to be made to the original plan for the year. However, an annual opinion could be formed, and this was based on the opinions and findings from 22 internal audit reports. 21 first follow ups and 15 second follow up exercises which had been undertaken.

The overall opinion provided is that the Council’s control environment provides moderate assurance that significant risks facing the Authority are being addressed.

Members of the Committee were given the opportunity to ask questions and make comments and the following points were raised:

·         Councillor Hayes referred to the reference made in relation to the fundamental and significant recommendations that had not been fully implemented and what the implications of this were.

Janet reported that some of the follow ups may have been at stage 1 and therefore had not been addressed.

Janet also reported that the Corporate Governance Group had been established to take oversight of the recommendations to make sure that they were addressed.

·         Councillor Moss referred to the outstanding follow ups of audits during 2023/2024 which were set out in Appendix B and appendix C and hadn’t been implemented and asked what the next step was for these.

Janet explained that the outstanding follow ups were sat with the Corporate Governance Group.

·         It was asked who the members of the Corporate Governance Group were.

Jacqui Dennis explained the group was made up of officers including herself as Chair and Neil Kissock S.151 Officer and team members from Risk and Audit. Directors and Assistant Directors attend to update and answer questions.

Jacqui stated that thanks should be noted to Risk and Audit colleagues for the support that they have given to the Corporate Governance Group.

It was explained that the group had met 3 times to date and was scheduled to meet every 6 to 8 week going forward.

·         Councillor Berry asked whether staff capacity was part of the issue in relation to the outstanding follow ups.

Neil stated that capacity might be one issue but there will also be other reasons which were not so straightforward.

It was agreed:

That the contents of the report be noted.

The Councils Solicitor will provide a verbal update at the meeting, report attached.

Jacqui Dennis presented a report updating the Audit Committee on the Council’s Information Governance activity up to the end of June 2024, these reports now focus on the Council’s ‘business as usual’ performance in the delivery of Information Governance.

Following the transfer of Six Town Housing into the Council, this report now includes information in relation to Housing Services levels of compliance.

As referenced in the last update report, following the restructure of the Business Support Unit, a Policy and Compliance Team has been established, under the direction of the Data Protection Officer. The department will streamline oversight, of all Complaints, Subject Access Requests, Environmental Information Regulations and Freedom of Information Requests. In addition, the newly appointed Policy and Compliance Manager will lead this team; and will have operational responsibility for Information Governance matters, supported by the wider team.

The team “went live” on the 18th March 2024, and have already undertaken a review of the Councils retention schedule; established a repository for data sharing agreements; joint controller agreements and privacy statements and commenced a review of the Councils Record of Processing Activity (ROPA). In addition, the team have developed a caseviewer system for recording, activity against all our FOIs and EIRs, training has commenced across all departments and a go live date is scheduled for the summer.

Pressure points still exist with regards to the redaction of a number of complex Childrens Service SARS, in many cases there may be thousands of documents that require oversight and redaction, this can be a very onerous process. In response to this, the DPO, working with Childrens Services has developed a new process in assessing the need to have additional checks on completion of the first sift of the redaction process and this has helped to address the backlog.

The report gave an update on the number of Subject Access Requests and Sar Reviews received, the number of FOI requests, Environmental Information Reviews and DPO reviews received, the number of data breaches reported across the different departments, Police Disclosures,  information on complaints and assurances from the ICO and training non-compliance. It was reported that ‘core training for Councillors had increased to 54.9%.

Members were given the opportunity to ask questions and make comments and the following points were raised:

·         Councillor McBriar refereed to data breaches and emails sent to wrong addresses and asked about members sending emails to wrong addresses and whether this was reported.

Jacqui explained that Members were there own data controllers so it was up to them to decide whether to report a breach. All staff were required to report breaches and it was seen as positive to do so.

·         Councillor Berry referred to the numbers of SARs that were received and how much this cost the council in money and in time.

The Monitoring Officer responded to Councillor Berry’s question and advised that she could provide information on the number of SARs to the Chair, but that no information was collected on the time undertaken as it would  ...  view the full minutes text for item AU.10

To consider passing the appropriate resolution under Section 100(A)(4) of the Local Government Act 1972 that the press and public be excluded from the meeting during consideration of the following items of business since they involve the likely disclosure of the exempt information stated.

It was agreed:

That the press and public be excluded from the meeting under Section 100 (A)(4), Schedule 12(A) of the Local Government Act 1972, for the reason that the following business involves the disclosure of exempt information as detailed against the item.

A report from the Council’s Section 151 Officer is attached.

The Audit Committee was presented with a report from the Section 151 Officer. The report was to inform Members about the current status of investigations as at 31^st May 2024.

Five cases are presented to Audit Committee for information. 

Members were given the opportunity to ask questions on the information provided.

It was agreed:

That the report be noted

Sam McVaigh, Director of People and Inclusion attended the meeting to report on the Deep Dive relating to risk CR.31 Staff Wellbeing and Absence.

Sam introduced the report and answered questions of the Committee.

It was agreed:

1.  That Sam be thanked for his attendance at the meeting

2.  That the update be noted

It was explained that Internal Audit Committee had issued five limited assurance reports during the period 1 Feb 24 to 31 May 24.

Full copies of the reports which include the recommendations and the management responses received have been circulated to Audit Committee Members.

The reports have also been circulated during the Audit Committee meeting of 25th July 2024.

All the recommendations made were accepted by Management and positive responses were received indicating that the recommendations would be implemented.

Kate Waterhouse, Executive Director, Strategy and Transformation and Claire Rogan, Business Development Co-ordinator, Housing Management  attended the meeting to update Members on the Six Town Housing Limited Assurance Report.

Members were given the opportunity to make comments and ask questions in relation to the report and the recommendations within it.

It was explained that it is currently a requirement that Directors of Services attend Audit Committee as and when a limited assurance report is issued. This report proposes a change to this requirement where Executive Directors will be asked to attend if fundamental/significant recommendations have not been completed.

It was agreed:

1.   That Members thank Kate Waterhouse and Claire Rogan for their attendance at the meeting.

2.   That the contents of the report be noted.

3.   It is agreed that Executive Directors are asked to attend Committee to if fundamental/significant recommendations have not been completed following a second follow up exercise by Audit.

A report from the Council’s Section 151 Officer is attached.

Janet Spelzini presented a report setting out the reports that had been issued by Internal Audit since the last opinion report in 2022/23 and up to May 2024.

Members were given the opportunity to ask questions and make comments.

It was agreed:

That the contents of the report be noted.

A report from the Council’s Section 151 Officer is attached.

Janet Spelzini presented a report summarising the work of the Counter Fraud Team throughout 2023/24.

The Counter Fraud Plan was appended to the report.

Members were given the opportunity to ask questions and make comments.

It was agreed:

That the contents of the report be noted.

A report from the Council’s Section 151 Officer is attached.

Janet Spelzini presented a report providing an update on the work of the Counter Fraud Team for Q1 2024/25.

Appended to the report was the Counter Fraud Plan 2024/2025.

Members were given the opportunity to ask questions and make comments.

It was agreed:

That the content of the report be noted.

It was explained that the next scheduled meeting of the Audit Committee was 23 September 2024 at 7pm. The meeting had been scheduled to received an update on the outstanding Statement of Accounts 2021/2022 and 2022/2023.

The Chair asked for the meeting to remain in the schedule to allow an update on both sets he accounts to be received.

It was agreed:

That the Committee would receive an update on the progress made in relation to the Statement of Accounts 2021/2022 and the Statement of Accounts 2023/24.