Meeting documents

Audit Committee
Wednesday 27th June 2018

Chairman: Councillor Glover
Venue: Civic Centre, Scunthorpe, (Function Room 1)
Time: 10:00 am
E-Mail Address: matthew.nundy@northlincs.gov.uk

AGENDA

1. Substitutions (if any)
2. Declarations of Disclosable Pecuniary Interests and Personal or Personal and Prejudicial Interests (if any).
3. To take the minutes of the meeting held on 25 April 2018 as a correct record and authorise the chairman to sign.
4. Application of Council Assurance System - To receive a presentation from the Director: Learning, Skills and Culture
5. Audit Committee Terms of Reference Review
6. Audit Committee Forward Plan 2018-19
7. Head of Internal Audit Annual Report and Opinion 2017-18
8. Annual Governance Statement 2017-18
9. Attendance Management Annual Report - Report of the Director: Business Development
10. Information Governance and ICT Security Annual Report
11. Audit Committee - 26 September 2018
12. Any other items which the chairman decides are urgent by reasons of special circumstances which must be specified.

Note: Reports are by the Director: Governance and Partnerships unless otherwise stated.

MINUTES

PRESENT: – Councillor Glover in the chair

Councillors Ali, Clark, L. Foster, Godfrey, Longcake and K Vickers.

The committee met at the Civic Centre, Scunthorpe.

508 DECLARATIONS OF DISCLOSABLE PECUNIARY, PERSONAL OR PERSONAL AND PREJUDICIAL INTERESTS – The following member declared a personal interest –

Member Councillor Ali

 

Nature of Interest

Taxi Licence Holder and owner of a taxi company that had school transport contracts with the council.

509 MINUTES – Resolved – That the minutes of the proceedings of the meeting held on 25 April 2018, having been printed and circulated amongst the members be taken as read and correctly recorded and be signed by the chairman.

510 (1) APPLICATION OF A COUNCIL ASSURANCE SYSTEM - The Chairman welcomed Peter Thorpe to the meeting, the council's Director: Learning, Skills and Culture. Mr Thorpe had been invited to the meeting to guide members through the governance framework that was in place in respect of all financial, assurance and operational matters within the portfolio of the Director: Learning, Skills and Culture.

Following the verbal presentation, the Chairman facilitated a discussion between the Director and committee members.

Resolved - (a) That the presentation be noted, and (b) that the Director: Learning, Skills and Culture be thanked for his attendance, presentation and for answering members questions.

511 (2) AUDIT COMMITTEE TERMS OF REFERENCE REVIEW - The Director: Governance and Partnerships submitted a report that proposed revisions to the terms of reference of the Audit Committee.

Members heard that the Audit Committee was a key part of the council's governance arrangements and made a real difference to the way public services were run. The committee provided an independent, high-level resource supporting strong public financial management and governance.

The terms of reference of the committee were laid out in the council's constitution.

It was considered good practice for the terms of reference to be reviewed annually to ensure that they kept up to date with the regulatory changes and the needs of the council. In April 2018 the Chartered Institute of Public Finance and Accountancy (CIPFA) issued an updated publication - Audit Committees, Practical Guidance for Local Authorities and Police (2018 edition). This set out guidance on the function and operation of audit committees in local authorities and included a suggested terms of reference.

The Director: Governance and Partnerships and the Head of Audit and Assurance carried out a review of the terms of reference against CIPFA's suggestions. This was attached to the report at Appendix 1. The officers concluded that the terms of reference continued to reflect the activity of the committee, but had identified some areas that required small amendments to reflect changes to suggested good practice. These changes were as follows:

  • To review the governance and assurance arrangements for significant partnerships or collaborations.
  • To review the assessment of fraud risks and potential harm to the council from fraud and corruption.
  • To provide the Audit Committee the opportunity to meet in private with Internal/External Audit without any other officers present at the end of each meeting, if required.
  • To support the independence of external audit through consideration of the external auditor's annual assessment of its independence and review of any issues raised by PSAA (if applicable).
  • To report to full council on a regular basis on the committee's performance in relation to the terms of reference and the effectiveness of the committee in meeting its purpose.

The Director and council officers responded to members' questions on aspects of her report.

Recommended to Council - That the revised terms of reference of the Audit Committee, as outlined in Appendix A of the report, be adopted.

512 (3) AUDIT COMMITTEE FORWARD PLAN 2018-19 - The Director: Governance and Partnerships circulated a report that identified the committees work programme for the Municipal Year 2018-19, and considered whether the assurances indicated in the plan provided adequate coverage to allow the committee to fulfil its terms of reference.

Audit Committees were a key part of the council's governance arrangements and could make a real difference to the way public services were ran.

They provided an independent, high-level resource supporting strong public financial management and governance.

Each year a forward plan of reports was presented to members for approval. The plan showed the assurance each report would provide to allow the Audit Committee to fulfil its terms of reference. Appendix A of the report showed the proposed forward plan for 2018/19 and how the reports would enable Members to receive the assurances they required to fulfil the committee's terms of reference.

In addition, it was anticipated that the Audit Committee would receive additional reports from other providers of assurance, particularly in the following areas of the Audit Committee's remit:

  • To maintain an overview of the council’s constitution and governance arrangements in respect of contract procedure rules, financial regulations and the shared services programme with North East Lincolnshire Council, including the joint committee established thereunder;
  • To consider the council’s compliance with its own and other published standards and controls; and
  • To consider the council's arrangements to secure value for money and review assurances and assessments on the effectiveness of these arrangements.

The Director and council officers responded to members' questions on aspects of her report.

Resolved - (a) That the forward plan for 2018-19 provided sufficient scope to provide an appropriate level of assurance on the adequacy of the council's internal control and governance arrangements, and (b) that the forward plan be approved, subject to any additional reports being identified by the Director: Governance and Partnerships during 2018-19.

513 (4) HEAD OF INTERNAL AUDIT ANNUAL REPORT AND OPINION 2017-18 - The Director: Governance and Partnerships submitted a report that provided an opinion on the adequacy and effectiveness of the council's internal control environment based upon work carried out by Internal Audit in accordance with the approved 2017/18 audit plan. The report also considered the effectiveness of the audit service. This provided the Audit Committee with an important source of assurance when considering the Annual Governance Statement.

The Internal Audit Annual report complied with the Public Sector Internal Audit Standards (PSIAS) and The Accounts and Audit Regulations 2015.

The requirement for Internal Audit was supported by statute in the Accounts and Audit Regulations 2015 and the Local Government Act 1972.

The Accounts and Audit Regulations stated that a 'relevant body must undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into public sector internal audit standards for guidance'

Internal Audit operated in accordance with PSIAS which defined the way in which the Internal Audit Service should be established and undertake its functions. The PSIAS defined internal audit as:

'an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helped an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.'

As set out in the standards there was a requirement under PSIAS 2450 that the Chief Audit Executive must provide an annual report to the Audit and Governance Committee, timed to support the Annual Governance Statement. This must include:

  • an annual internal audit opinion on the overall adequacy and effectiveness of the organisation's governance, risk and control framework (i.e. the control environment);
  • a summary of the audit work from which the opinion was derived (including reliance placed on work by other assurance bodies); and
  • a statement on conformance with the PSIAS, the outcome of the five yearly external review of Internal Audit, and the results of the internal audit Quality Assurance and Improvement Programme.

A copy of the Annual Report and Opinion was attached to the report.

The Director and council officers responded to members' questions on aspects of her report.

Resolved - That the Internal Audit Annual Report for 2017-18 provided sufficient assurance on the adequacy and effectiveness of the council's internal control environment.

514 (5) ANNUAL GOVERNANCE STATEMENT 2017-18 - The Director: Governance and Partnerships submitted the Annual Governance Statement for 2017-18 for members consideration.

The Accounts and Audit Regulations 2015 required the council to publish with its final accounts an Annual Governance statement (AGS).

The AGS set out the council's governance arrangements in place and considered their effectiveness.

The council's governance arrangements were set out in its Code of Governance which were approved by the Audit Committee in September 2016, and subsequently updated in January 2018. The Code was based upon guidance provided by the Chartered Institute for Public Finance and Accountancy (CIPFA) and the Society for Local Government Chief Executives (SOLACE) 'Delivering Good Governance in Local Government - a framework' (April 2016).

The AGS 2017/18 was attached to the report. It showed that the council had well-established governance arrangements that were monitored and reviewed on a regular basis. Based upon the governance and assurance systems in place, no significant governance issues had been identified.

The AGS accompanied the accounts and was for the period up to the accounts were approved. The final published version therefore would be updated to take account of the completion of the audit of the statements of accounts 2017/18 and any additional sources of assurance completed up to that date.

The Audit Committee, as the body charged with governance, was responsible for advising on whether the council should adopt the AGS and for it to be signed by the Leader of the Council and the Chief Executive on the council's behalf.

The Director and council officers responded to members' questions on aspects of her report.

Resolved - (a) That the Annual Governance Statement for 2017-18 provided a sufficient level of assurance on the adequacy of the council's governance arrangements to allow the committee to fulfil its role; (b) that the Annual Governance Statement for 2017-18 be adopted by the council and be signed by the Leader of the Council and its Chief Executive, and (c) that the Director: Governance and Partnerships be provided with delegated responsibility to make any amendments to the Annual Governance Statement resulting from the outcome of the audit of the statements of accounts and any additional sources of assurance received up to the date of the approval of the accounts. This was on the proviso that any subsequent changes to section 5 of the Statement would require further approval by the committee.

515 (6) ATTENDANCE MANAGEMENT ANNUAL REPORT - The Director: Business Development submitted a report that informed the committee of the council's sickness absence levels for 2017-18.

In July 2017, the audit committee received a report on sickness absence during 2016-17 and agreed that there was continuing assurance that the risk to capacity due to sickness absence was being managed through adequate controls.

The committee requested a further report on sickness absence be submitted detailing the 2017/18 year-end position.

The average number of working days lost due to sickness absence in 2017-18 was 9.95 days. This indicated an increase in overall sickness absence levels of just below four per cent compared to 2016/17.

The report stated that nearly half of the workforce (43 per cent) did not have any periods of sickness absence during 2017-18 - this was consistent with levels of zero absence in 2016-17.

Long term absence due to cancer-related illness and treatment accounted for 0.53 days of the average number of days lost, which if excluded would reduce the annual average figure to 9.42 days per full time equivalent employee.

On average, a period of absence lasted for 5.6 days in 2017-18 which was slightly longer than in 2016-17 (5.5 days). A breakdown by short and long term absence was provided below:

  • average duration of a period of short term absence increased vary slightly from 2.1 days (2016/17) to 2.2 days (2017/18)
  • average duration of a period of long term absence had reduced by just over two days from 35.72 days (2016/17) to 33.56 days (2017/18).

The following activities were taking place to support good levels of attendance and achieve a reduction in sickness absence:

  • The establishment of a task and finish group to review the available stress, depression and mental health support.
  • The council was supported by PAM, its external occupational health (OH) provider, to manage attendance through weekly on-site OH clinics, case conferences to support the resolution of complex, long term cases and workplace assessments - all of which are focused on facilitating proactive OH advice. Additional OH clinics were provided for health surveillance monitoring.
  • Ongoing monitoring and reporting of sickness absence levels via the workforce reporting schedule continued to provide information to assist managers in targeting areas of high sickness absence - this covered levels of short term and long term absence, zero absence and completion of return to work interviews.
  • The in-house counselling and welfare service provided employees with access to British Association for Counselling and Psychotherapy approved counsellors on a self-referral basis.

The Director responded to members' questions on aspects of her report.

Resolved - (a) That a further attendance management progress report be submitted in six months time, and (b) that the stress, depression and mental health support task and finish group commence as a matter of urgency, with the findings of the review reported back to this committee in January 2019.

516 (7) ANNUAL INFORMATION GOVERNANCE AND ICT SECURITY UPDATE - The Directors: Business Development and Governance and Partnerships submitted a joint report that provided the committee with an annual position statement on the council's Information Governance and ICT Security Functions.

An annual assurance report was presented to the Audit Committee in June of each year detailing the current position of the council's Information Governance and ICT Security arrangements.

Since June 2017 further improvements had been made to the Information Governance and ICT security frameworks primarily in readiness for the new General Data Protection Regulation (GDPR), which came into force on 25 May 2018. Significant work was undertaken to prepare the council for the change in legislation. An external audit had taken place on the council's readiness for GDPR resulting in satisfactory assurance with low risk.

At the end of March 2018, the sixth NHS Information Governance Self-Assessment was made and accepted at the level required to maintain the council's access to certain health information.

The Directors referred to the ICT security enhancements that had been made over the past year, which included –

  • Implementation of the Government Secure Email to replace the legacy GCSx secure email which included encrypting email in transit over the internet between government organisations using Transport Layer Security (TLS).
  • Implementation of technical and business policies to check inbound and outbound government email to avoid the council's domains being used fraudulently (e.g. for spam or spear-phishing).
  • The procurement of a new Penetration Testing Partner to carry out the council's IT Health Checks.
  • Promoting the use of secure email and continuing to raise cyber security awareness across the council.
  • Strengthened the council's Microsoft patching policy to fix any known security bugs.

Members heard that awareness of the importance of information request legislation was reported via a monthly performance report to Head of Service.

The report included Freedom of Information and Environmental Information Regulation requests and the purpose was to maintain appropriate council response times in line with legislative requirements. This had continued to have a positive impact and had further improved the council's response time in line with its statutory duty.

In addition, members learnt that the use of the Corporate Records Store at Glanford House had continued to be embedded into council processes and the recent further rationalisation of buildings had seen additional records placed into storage there.

The Directors and council officers responded to members' questions on aspects of their report.

Resolved - That the report provided sufficient assurance on the adequacy of the council's Information Governance and IT security arrangements.

517 AUDIT COMMITTEE - 26 SEPTEMBER 2018 - The Chairman informed the committee that following a request from council officers, he had agreed that the 26 September 2018 meeting be used solely for the training and development of committee members.

Reports