Agenda and draft minutes

Audit Committee - Wednesday 20th November 2024 10.00 am

Venue: Room F01e, Conference Room

Contact: Matthew Nundy  Email: Matthew.nundy@northlincs.gov.uk

Items
No. Item

816.

Substitutions (if any)

Minutes:

There were no substitutes at the meeting.

817.

Declarations of Disclosable Pecuniary Interests and Personal or Personal and Prejudicial Interests (if any).

Minutes:

There were no declarations of Disclosable Pecuniary Interests and Personal or Personal and Prejudicial Interests.

818.

To take the minutes of the meeting held on 18 September 2024 as a correct record and authorise the chairman to sign. pdf icon PDF 123 KB

Minutes:

Resolved - That the minutes of the proceedings of the meeting held on 18 September 2024, having been printed and circulated amongst the members, be taken as read and correctly recorded and be signed by the Chairman.

819.

Treasury Management Mid-Year Report 2024-25 pdf icon PDF 75 KB

Additional documents:

Minutes:

The Director: Transformation and Outcomes submitted a report that provided an overview of the council’s treasury performance during the first six months of 2024-25 and sets out national factors that affected the council’s treasury activity.

 

Members were informed that the council had a legal obligation under the Local Government Act to have regard to both the CIPFA Code and the Ministry of Housing, Communities and Local Government (MHCLG), Investment Guidance.  The CIPFA Code required that Council receive a report at the start of the financial year, mid- year and year end. The Audit Committee also received regular updates regarding treasury activity, providing assurance on the effectiveness of the council’s treasury management arrangements.

 

The CIPFA Code set out the following objectives for treasury management:

 

“It was important that treasury management policies adequately reflected risk and in particular security, liquidity and yield risk, in that order of importance.  No treasury management transaction was without risk and management of risks was the key purpose of the treasury management strategy.”

 

Full Council agreed the Treasury Management Strategy Statement (TMSS) for 2024-25 in February 2024.

 

Members were informed that –

 

·        Interest rates were expected to remain slightly higher and for longer than previously estimated.  The bank rate was expected to fall gradually until reaching 3.25% in September 2025.  It was expected to remain constant at this rate for the following 12 months before falling to 3% in September 2026, remaining at that level into early 2027.

 

·        The council aimed to achieve optimum return on its investments in accordance with its priorities of security, liquidity and yield appetite.

 

·        The council’s average level of funds for investment during the first six months of the year were £40.3m and was therefore able to meet its liabilities, while managing risks associated with carrying cash balances.

 

·        Interest earned in the first six months amounted to £1.027m an average of 5.07%. This slightly lower (0.05%) than the SONIA benchmark.  The council continue to prioritise security, liquidity and yield in that order.

 

·        The investment activity during the year conformed to the approved strategy, and the Council had no liquidity difficulties.

 

·        The current forecast was that cash balances would continue to reduce towards year end.  This being due to planned capital expenditure, repayment of existing borrowing and planned use of reserves.  It was anticipated that borrowing may be required towards the end of this financial year.

 

The mid-year review was attached to the report as an appendix.

 

Resolved – (a) That after consideration of the report and discussion on its content, the treasury management mid-year report for 2024-25 provided the committee with sufficient assurance on the adequacy of the council’s treasury management arrangements, and (b) that the mid-year treasury management performance 2024-25 be noted.

820.

Annual Information Governance Update pdf icon PDF 105 KB

Minutes:

The Director: Transformation and Outcomes submitted a report that informed the committee of the annual position statement on the council’s key Information Governance arrangements.

 

The committee was informed that in order to carry out many of the council’s functions it was required to process personal data and special category personal data about identifiable individuals (data subjects).

 

The council had a legal obligation to comply with information legislation, notably the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018), Privacy and Electronic Communications Regulations, the Human Rights Act, Freedom of Information Act, the Environmental Information Regulations and associated Codes of Practice.  Collectively these requirements are referred to as “information governance”.

 

The UK GDPR and the DPA 2018 set out the data protection principles that the council must follow for the lawful, fair and transparent processing of personal data; as well as the rights that individuals had relating to the processing of their personal data to hold the council to account and ensure that their privacy was respected.  Failure to comply with these responsibilities could result in monetary penalties.

 

An Information Governance Framework comprised a series of individual policy schedules which set out how the council would comply with legislation and good practice.  Its implementation was led and overseen by the Data Protection Officer with support from the Senior Information Risk Owner.

 

Members were informed that the council was committed to the ongoing strengthening of its Information Governance arrangements and continued to strive to meet the standards set by both internal audit and external assessments, with a high standard of compliance evidenced as summarised below.

 

The report contained an extensive list of key developments and assurance highlights over the last 12 months.

 

The report also contained an update on the twelve referrals that had made to the Information Commissioner’s Office (ICO) about how the council responded to requests for information or protected personal information.  This number was higher than the previous reporting year where there were eight referrals but was within the normal reporting levels/business parameters. In addition, the council self-reported four issues to the ICO. The findings were included in the report.

 

Members also heard that compliance with national cyber security standards was maintained and externally certified with no serious cyber related breaches occurring in the last year.  The key highlights were also included within the report.

 

Resolved – That after consideration of the report and discussion on its content, Annual Information Governance update provided the committee with sufficient assurance on the council’s Information Governance arrangements.

821.

Audit Progress Report - Report of Forvis Mazars pdf icon PDF 580 KB

Minutes:

The Chair welcomed a representative of the council’s External Auditors Forvis Mazars to the meeting and invited them to present the council’s audit progress report for November 2024.  The report provided the committee with an update on progress in delivering Forvis Mazars responsibilities as the council’s external auditors and also included, at Section 2, a summary of recent reports and publications.

 

Following the verbal presentation, the Chair facilitated a discussion between Panel Members and the council’s External Auditors.

 

Resolved – That the audit progress report for November 2024 be received with thanks.

822.

Internal Audit Plan 2024-25 Update pdf icon PDF 116 KB

Additional documents:

Minutes:

The Director: Transformation and Outcomes circulated a report that updated the committee on the Internal Audit Plan 2024-25.

 

Members heard that at the meeting of the Audit Committee held on 10 April 2024, the Head of Audit and Assurance presented the Internal Audit Plan 2024-25.  The report provided an outline of the audit priorities and activities for 2024-25, how it would be delivered and resourced, a commentary on the methodology for its compilation, and assurance on compliance with auditing standards.

 

The plan was subject to regular review and amendment to take account of changes in the council’s risk profiles and priorities, and the level of audit resources available.

 

At the meeting held on 10 July 2024, members were informed that the number of days allocated to the plan had been reduced to 1025 planned days to deliver the plan by May 2025.

 

The committee was informed that due to resource difficulties since 2023-24, delivery of the plan had been challenging.  The report included the mitigation that had been put in place to overcome the challenges.

 

The Director added that at this time the planned days to be delivered remained unchanged.  However, the resources required to ensure that sufficient work was conducted to provide a reliable risk-based, code complaint opinion would be subject to continuous review.  Any significant changes to the plan would be presented to future meetings, with the Interim Audit Report scheduled to be presented to the Committee in January 2025.

 

As of 31 October 2024, 17 reports had been issued, including those assignments which were started as part of the previous audit plan and were attached to the report as an appendix.

 

One report was scored as “limited” assurance. The ICT audit of Business Continuity and Disaster Recovery contained recommendations that the current Business Impact Assessment process should be completed, the plans updated, and the restarting of the exercise plans.

 

Contained within the report were tables that showed the progress in the delivery of the 2024-25 audit plan up to 30 September 2024, as well as the completion of 2023-24 assignments carried forward from 30 June 2024.

 

Resolved – (a) That the progress in delivering the Internal Audit Plan up to 31 October 2024, as well as the audit work completed since the previous meeting of this Committee be noted, and (b) that the Director: Transformation and Outcomes be invited to attend the next meeting, to update the committee on the progress made in addressing the limited assurance following the Business Continuity and Disaster Recovery audit.

823.

Counter Fraud Progress Report pdf icon PDF 88 KB

Additional documents:

Minutes:

The Director: Transformation and Outcomes submitted a report that informed the committee of key issues arising from counter fraud work.

 

The Council’s framework to combat fraud, corruption and misappropriation was approved by Audit Committee in September 2021.  The framework followed national guidance as laid out in the document ‘Fighting Fraud and Corruption Locally -a strategy for the 2020’s’, and was based upon the key principles of:

 

·        Govern

·        Acknowledge and understand

·        Prevent and detect

·        Pursue

·        Protect

 

Attached to the report as an appendix was an update on the work conducted in each of these areas and demonstrated the council’s continuing commitment to minimise the risk of fraud.

 

The report contained the key counter fraud updates for members information.

 

Resolved – (a) That after consideration of the report and discussion on its content, the Counter Fraud Progress Report provided the committee with sufficient assurance on the adequacy of the council’s counter fraud arrangements, and (b) that the Director draft a fraud plan for 2025-26 for consideration by the committee.

824.

Any other items which the chairman decides are urgent by reasons of special circumstances which must be specified.

Minutes:

The Chair informed the committee that at its meeting on 12 July 2023, members agreed to commence the recruitment process for an Independent Person.  Having reviewed the job description and personal specification, the Chair respectfully requested that members attend a private meeting to discuss the requirements/expertise that was required from applicants to enhance the committee.

 

This matter was considered urgent due to the need to advertise and appoint an Independent Person. 

 

The Chair then facilitated a discussion on his suggestion.

 

Resolved – That the Chair invite all members to a Microsoft Teams meeting to discuss the requirements of the Independent Person.

825.

Exclusion of press and public

Minutes:

Resolved - That the public be excluded from the meeting for consideration of the following item (Minute 826 refers) on the grounds that it involves the likely disclosure of exempt information as defined in Paragraph 3 of Part 1 of Schedule 12A of the Local Government Act 1972 (as amended).

826.

Questions to the council's External Auditors and Head of Internal Audit and Assurance

Minutes:

The committee had no questions for the council’s External Auditors or Head of Internal Audit and Assurance.