Meeting documents

Audit Committee
Wednesday 15th July 2020

Vice-Chairman: Councillor K Vickers
Venue: Virtual Meeting
Time: 10:00 am
E-Mail Address: matthew.nundy@northlincs.gov.uk

Watch this meeting live

AGENDA

1. Substitutions (if any)

2. Declarations of Disclosable Pecuniary Interests and Personal or Personal and Prejudicial Interests (if any).

3. To take the minutes of the meeting held on 20 May 2020 as a correct record and authorise the chairman to sign.

4. Audit Committee Annual Report 2019-20

5. Head of Internal Audit Report and Opinion 2019-20

6. Internal Audit Plan 2020-21

7. Audit Strategy Memorandum - Report by Mazars

8. Sickness Absence - Report by the Director: Business Development

9. Annual Information Governance Update

10. Partnership Protocol and Joint Working Framework

11. Any other items which the chairman decides are urgent by reasons of special circumstances which must be specified.

Note: Reports are by the Director: Governance and Partnerships unless otherwise stated.

MINUTES

PRESENT: – Councillor K Vickers in the chair.

Councillors Clark, Ellerby, T Foster, Gosling, Wells and Yeadon.

This was a Microsoft Teams Virtual Online Meeting

580  DECLARATIONS OF DISCLOSABLE PECUNIARY, PERSONAL OR PERSONAL AND PREJUDICIAL INTERESTS - There were no declarations of disclosable pecuniary interests and personal or personal and prejudicial interests.

581  MINUTES - Resolved - That the minutes of the proceedings of this committee held on 20 May 2020, having been printed and circulated amongst the members, be taken as read and correctly recorded and signed by the Vice-Chairman.

582  Audit Committee Annual REPORT 2019-20 - The Director: Governance and Partnerships circulated the annual report of the Audit Committee under the council’s governance arrangements for the year 2019-20.

A draft of the annual report of the Audit and Governance Committee was attached to the report as an appendix.  It summarised the activities of the committee and demonstrated how it had discharged its duties.  The report included the outcome of the updated self-assessment against good practice identified by the Charted Institute of Public Finance and Accountancy (CIPFA) that was carried out by the committee.

The Director informed the committee that the main conclusions of the report were that the Audit Committee had effectively discharged its duties, and its design and operation complied with expected practice.  This could be further enhanced by:

  • The promotion of the role and purpose of the Audit Committee across the council and included the role of the Audit Committee in member induction.
  • Increase the Committee’s knowledge of Value for Money.
  • Invite managers with adverse internal audit reports to meet with the Committee to receive assurance on how they were dealing with the issues identified.

The Director responded to members questions on aspects of her report.

Recommended to Council - That the Audit Committee Annual Report for 2019-20 be considered by council to support the requirements of the Code of Governance.

583  HEAD OF INTERNAL AUDIT REPORT AND OPINION 2019-20 - The Director: Governance and Partnerships circulated a report that provided an opinion on the adequacy and effectiveness of the council’s internal control environment based upon work carried out by Internal Audit in accordance with the approved 2019/20 audit plan.

The report also considered the effectiveness of the audit service.  This provided the Audit Committee with an important source of assurance when considering the Annual Governance Statement.

The committee was informed that a requirement for Internal Audit was supported by statute in the Accounts and Audit Regulations 2015 and the Local Government Act 1972.  The Accounts and Audit Regulations stated that a “relevant body must undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into public sector internal audit standards for guidance”

Internal Audit operated in accordance with the Public Sector Internal Audit Standards (PSIAS) which defined the way in which the Internal Audit Service should be established and undertake its functions.  The PSIAS define internal audit as:

“an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations.  It helped an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”

As set out in the standards there was a requirement under PSIAS 2450 that the Chief Audit Executive must provide an annual report to the Audit and Governance Committee, timed to support the Annual Governance Statement. This must include: 

  • an annual internal audit opinion on the overall adequacy and effectiveness of the organisation’s governance, risk, and control framework (i.e. the control environment).
  • a summary of the audit work from which the opinion was derived (including reliance placed on work by other assurance bodies); and
  • a statement on conformance with the PSIAS and the results of the internal audit Quality Assurance and Improvement Programme.

A copy of the Annual Report and Opinion was attached to the report as an appendix, and its main findings were summarised below.

Section 2 of the Annual Report referred to the work carried out from which the audit opinion was derived, and showed the work carried out compared to the Audit Plan.  Due to the impact of COVID-19 on re-prioritising audit resources to support the emergency, a small number of audit assignments were not completed by 30 June 2020.  However, the report concluded that sufficient work was carried out to support the opinion, whilst the outstanding work would be reported in 2020/21. Should any significant issues arise between the date of this report and the issue of the final Annual Governance (AGS) statement then they would be considered for inclusion in it. 

Section 3 of the report stated that satisfactory assurance could be provided on the council’s governance, risk, and control framework, with a small number of areas identified for further development. 

Section 4 of the report confirmed that the Audit Team complied with the standards in all material respects and had effective arrangements in place for monitoring quality.  Working with clients to improve the timeliness of audit reporting and the implementation of agreed actions had again been highlighted as an area for further development.

The Director responded to members questions on aspects of her report.

Resolved - (a) That following consideration of the report and appendix, and discussion of their content, that the Internal Audit Annual Report for 2019-20 provided adequate assurance in respect of the council’s internal control environment, and (b) that the committee would take account of the content of this report when considering the Annual Governance Statement.

584     INTERNAL AUDIT PLAN 2020-21 - The Director: Governance and Partnerships introduced the council’s internal audit plan for 2020/21.

The Director informed the committee that the Accounts and Audit Regulations 2015 required the council to ensure there were sound systems of internal control and to undertake effective internal audit to evaluate the effectiveness of its risk management, control and governance processes.  Internal audit must take into account Public Sector Internal Auditing Standards (PSIAS) and guidance.

The PSIAS required that an Internal Audit Plan was agreed by the Audit Committee annually.  The audit plan must be risk-based and take into account the organisation’s risk management framework and reflect changes in the organisation’s business, risks, operations, programmes, systems and controls.  The plan also confirmed the resources available and required to support a reliable year-end Audit opinion.

The updated Audit Charter, approved by the Audit Committee in January 2020 defined the internal audit activity’s purpose, authority and responsibility and defined the scope of internal audit activities.  The audit plan was attached to the report as an appendix.  It was prepared by the Head of Audit and Assurance in March 2020 with the intention of taking it to the Audit Committee at its scheduled meeting on 1 April 2020.  However, due to the social distancing rules resulting from Covid-19, the meeting was postponed and therefore it had been brought back to this meeting for consideration, following further discussion with the senior management team in May 2020.

It provided the committee with an outline of the Audit Plan, a commentary on the methodology for compiling the plan, and assurance on compliance with auditing standards.

The Director informed the committee that, at its meeting on 20 May 2020 it was reported that this plan was likely to be subject to change as a result of the impact of COVID-19 for the following reasons:

  • In quarter 1, audit resource had been prioritised on areas to support the council’s response to COVID-19, such as the distribution of Business Grants where audit had played a key role in providing advice on the design of the system and carrying out checks that applications were in line with the requirements, as well supporting managers in designing control frameworks for new activities such as the shielding hubs, adult social care payments, and support to suppliers;
  • the audit programme would need to reflect risks to the control environment arising from Covid-19 – as well as specific audit assignments relating to Covid-19, when designing the testing programme for existing planned audits auditors would consider the impact of Covid-19 when designing testing programmes;
  • the timing of some audits may need to be re-considered as council staff were required to focus on recovery; and
  • the audit of two schools due to be completed in March 2020 were postponed and would now need to take place in 2020/21.

The Director added that although some of this additional work would be able to be absorbed via the planned contingency, there was potential that some areas of the plan would need to be re-prioritised.  Any changes to the plan would be reported to the Audit Committee during the year.

Members commented on particular aspects of the report to which the Director responded to.

Resolved - (a) That the committee agreed that the Internal Audit Plan 2020-21 had been produced on a proper basis and would provide sufficient assurance to form a reliable opinion on the Council’s control environment, and (b) that, subject to any potential amendments which were made during the Municipal Year as a result of Covid-19, the Internal Audit Plan 2020-21 be approved.

585     AUDIT STRATEGY MEMORANDUM - The Chairman welcomed representatives from the council’s external auditors Mazars to the meeting, who were in attendance to present the Audit Strategy Memorandum for North Lincolnshire Council for the year ending 31 March 2020.

The purpose of the document was to summarise Mazars audit approach, highlight significant audit risks and areas of key judgements and provide the committee with the details of the audit team.

It was a fundamental requirement that an auditor was, and was seen to be, independent of its clients.  Section 7 of the document also summarised Mazars considerations and conclusions on its independence as auditors.

Mazars consider two-way communication with the council to be key to a successful audit and important in:

  • Reaching a mutual understanding of the scope of the audit and the responsibilities of each of each party;
  • Sharing information to assist each party to fulfil our respective responsibilities;
  • Providing the council with constructive observations arising from the audit process; and
  • Ensuring that Mazars, as external auditors, gain an understanding of the council’s attitude and views in respect of the internal and external operational, financial, compliance and other risks facing the council which may affect the audit, including the likelihood of those risks materialising and how they were monitored and managed.

The document, which had been prepared following Mazars initial planning discussions with management, was the basis for discussion of its audit approach, and any questions or input the council may have on their approach or role as auditor.

The document also contained specific appendices that outline our key communications with the council during the course of the audit, and forthcoming accounting issues and other issues that maybe of interest.

Members commented on particular aspects of the report to which the representatives of Mazars responded to.

Resolved - That the Audit Strategy Memorandum be received with thanks.

586     SICKNESS ABSENCE - The Director: Business Development submitted a report that informed the committee of the council’s sickness absence levels, including the year-end position, for 2019-20.

The Director informed the committee that the average number of working days lost due to sickness absence in 2019/20 was 9.40 days.  This indicated a 3.5% decrease (0.11 days) in overall sickness absence levels compared to 2018/19.  The Director stated that 42% of the workforce did not have any periods of sickness absence during 2019/20 - this was lower than levels of zero absence in 2018/19, which was 47%.

At the end of 2019/20, 80% of council employees met attendance targets as set out in the council’s Managing Attendance policy - this meant that they were not meeting or exceeding trigger points based on absence in the 6 months preceding March 2020.

The report stated the number of full time equivalent days lost due to short term (up to 20 days) and long term (over 20 days) for 2018/19 and 2019/20.  The report also set out the most common reasons for sickness absence during 2019/20.

The Director informed the committee of the following activities that were taking place to support good levels of attendance and achieve a reduction in sickness absence:

  • Organisational Development (OD) Plan/People Plan: The council’s OD and People Plans had included workforce wellbeing as a priority area for 2019/20. This had involved taking a strength-based approach to wellbeing by running initiatives across the council to support and encourage employees to improve their mental and physical health, including a wellbeing calendar with an area of focus for activities, advice and support each month for example, employee health checks and 10,000 steps initiative.
  • Health champions: More employees had been identified as health champions on a voluntary basis and had been trained to support/signpost employees on physical and mental health issues. The council now had 119 Active Health Champions, continuous development of quarterly meetings and workshops had also provided opportunities for feedback and the tailoring of additional training opportunities to meet workplace need.  This had strengthened the network of health champions and enabled more employees to become engaged in the council’s wellbeing agenda and initiatives to have a positive impact on attendance.
  • Be Yourself at Work (BYAW) conversations: One of the council wellbeing focuses over the past year was the BYAW Employee Conversations and development of BYAW Staff Networks. In 2019 the council held 16 BYAW employee conversations with seven themes - BAME Employees, Disability, Faith, LGBT+ Employees, Menopause, Older Employees and Young Employees.  This was enabling the council to better understand the different experiences of its workforce and promote an inclusive approach to well-being which had a positive impact on reducing sickness absence levels.
  • Targeted support: HR business partners continued to provide support to services to identify ‘hotspots’, take action to address high levels of sickness absence and provide support for managing long term, complex cases.
  • Counselling and Welfare Service: The in house counselling and welfare service provided employees with access to British Association for Counselling and Psychotherapy (BACP) approved counsellors on a self-referral basis. HR business partners and the council’s OH provider work with the service to signpost employees where they may benefit from additional support to remain in work or return to work after a period of absence.
  • Occupational Health (OH) provision: The council was supported by People Asset Management (PAM), its external OH provider, to manage attendance through weekly on-site OH clinics, case conferences to support the resolution of complex, long term cases and workplace assessments - all of which were focused on facilitating proactive OH advice. Additional OH clinics were provided for health surveillance monitoring.
  • Monitoring and reporting: Ongoing monitoring and reporting of sickness absence levels via the workforce reporting schedule including monthly ‘trigger reports’ for managers highlighting those employees who were approaching or have exceeded trigger points. Sickness absence was reported both to the council’s Assurance Group and the Council Quarterly Review (QR) as part of the shared performance dataset.

The Director also gave the committee a comprehensive update on the impact of the COVID-19 pandemic on council employees.  

The Director responded to members questions on aspects of her report. 

Resolved - That the council’s sickness absence levels, including the year-end position for 2019-20 provided sufficient assurance that the risk to capacity due to sickness absence was being managed through adequate controls.

587     ANNUAL INFORMATION GOVERNANCE UPDATE - The Director: Governance and Partnerships circulated a report on the annual position statement on the council’s Information Governance arrangements.

The committee was informed that an assurance report was presented to the members each year to provide an update on the council’s Information Governance arrangements and compliance.

The council had a legal obligation to comply with information legislation, notably the General Data Protection Regulation (GDPR)/Data Protection Act 2018, Freedom of Information Act and the Environmental Information Regulations.  Collectively these requirements were known as “Information Governance”.

An Information Governance Framework comprising a series of policy schedules sets out how the council would comply with legislation and good practice.  Its implementation was led and overseen by the Data Protection Officer.

The council was committed to the ongoing strengthening of its Information Governance arrangements and continued to strive to meet the standards set by both internal audit and external assessments, with a high standard of compliance evidenced.

Key developments and assurance highlighted over the last 12 months included:

  • The annual Information Governance Self-Assessment, necessary for accessing health information would usually have been completed and accepted by the NHS by 31 March, but due to the COVID19 pandemic the submission date for 2020 was now 30 September 2020. Previous submissions had been successful and the council was well positioned for the re-submission.
  • An Internal Audit review of the council’s approach to compliance with the General Data Protection Regulation (GDPR) concluded in October 2019 with a “satisfactory assurance / low risk” opinion.
  • The information governance framework was comprehensively reviewed and updated in March 2020 to align it with changes in legislation and professional good practice.
  • Mandatory training for all employees on Information Governance requirements, including GDPR was undertaken on a regular basis. A communication campaign for all employees was undertaken January 2020 as a refresher of key considerations.
  • Compliance with national ICT security standards was maintained and externally certified with no serious ICT breaches occurring.

The Director added that during the last 12 months there had been six referrals from the Information Commissioner’s Office (ICO) about how the council responded to requests for information or protected personal information.  This number was lower than the previous year where there were eleven referrals, and was within the normal reporting level as seen in previous years.  In addition the council self-reported two issues to the ICO.

Members commented on particular aspects of the report to which the Director responded to.

Resolved - That the report and discussion of its content provided sufficient assurance on the adequacy of the council’s Information Governance arrangements.

588     PARTNERSHIP PROTOCOL AND JOINT WORKING FRAMEWORK - The Director: Governance and Partnerships submitted a report that set out the necessary arrangements involved in establishing, maintaining and exiting a partnership or joint working agreement.  The Protocol also ensured that joint working happened in an efficient and accountable manner, focussed on achieving good outcomes for residents.

The council had operated a Partnership Protocol for many years.  This provided a framework for the setting up, operating, or disbanding a partnership or joint working arrangements.  The protocol ensured that partnerships were focussed on collectively improving outcomes or progressing shared priorities and that they had the necessary governance structures in place to work most effectively.

The Partnership Protocol contained, which was attached to the report as an appendix, represented a streamlined version of the former documents.  This simplified the process whilst ensuring that all partnerships where the council acted as the lead operated with the most robust governance standards.  This ensured value for money and a continued focus on delivering the best outcomes for local residents.

The committee was required to have oversight of partnership arrangements as part of its democratic oversight of risk and assurance and to ensure that the Code of Governance was robust.

Members commented on particular aspects of the report to which the Director responded to.

Resolved – That the Partnership Protocol and Joint Working Framework and Guidance be agreed, approved and circulated to all Partnership leads as appropriate.