Agenda and minutes

Audit and Governance Committee - Friday 20 January 2017 10.00 am

Venue: Cabinet Suite - Shire Hall, Gloucester. View directions

Contact: Andrea Griffiths 01452 324206 

Items
No. Item

1.

Declarations of Interest

Minutes:

Councillor Parsons declared he was a member of Cotswold District Council, GFirst and a member of the Pensions Committee. 

 

 

2.

Minutes pdf icon PDF 126 KB

To approve the minutes of the previous meeting.

Additional documents:

Minutes:

All matters arising had been dealt with and communicated to members of the committee.

 

Resolved

 

That the minutes of the meeting held on the 16th September 2016 be approved as a correct record and signed by the Chairman. 

 

 

3.

Grant Thornton Annual Audit Letter pdf icon PDF 444 KB

Minutes:

Terry Tobin, Grant Thornton presented the report in detail.  The report summarised the findings from the 2015/16 audit, which was undertaken by Grant Thornton.  It included key messages arising from the audit of the Council’s financial statements and the results of the work that had been undertaken to assess the Council’s arrangements to secure value for money in its use of resources. 

 

Members were informed that Highways Network Assets have been delayed by a year, it was explained that this was a national decision and was subject to a robust conversation.  Officers explained that GCC was well placed with this piece of work, as they had been working on the issues for some time.   Terry confirmed that the Chief Internal Auditor (CIA) had also undertaken a piece of work on this area too.  The committee appreciated the considerable efforts officers had made, in relation to asset classification.  Members requested, if possible that a draft balance sheet be produced over the summer 2017, so they could see the potential impact the Highways Network Asset would have in relation to the accounts. 

 

Members reiterated that Highways were assets of the Authority, however it was not possible to buy or sell them.  It was explained that the valuation officers made, was based on a technical model and consultants were also used to ensure the asset valuation was accurate.  In response to a question, it was explained that it was not known at this stage how the level of deterioration would impact on the accounts and should reflect the state of the road. 

 

The CIA explained that Internal Audit had undertaken a Highways Network Asset valuation consultancy review.   It was confirmed that good systems and processes were in place in accordance with the code of practice. 

 

In response to a question concerning the Section 75 agreement, The Director of Strategic Finance explained that the pooled budget was reviewed annually as the budget tended to fluctuate and was signed off by herself and The Commissioning Director for Adults and their equivalent positions at the CCG. 

 

Some members felt that accountability was difficult to understand and it was essential to be clear on what the outcome was primarily.  It was explained that ideally a whole funded approach was required, however the reality was that this was more difficult, as the funding streams were different.  Members noted that the CCG and GCC were actively trying to align the strategic intent and the Director of Integration Kim Forey, was now in post to manage the situation. 

 

It was noted that the fee charged for the audit was £98,010.  Members were reassured that the financial statements were brought to the attention of the relevant bodies and any views were shared with stakeholders. 

 

Resolved

 

THAT the report be noted.

4.

Grant Thornton Audit Progress Report pdf icon PDF 10 MB

Minutes:

Terry Tobin presented the report, which detailed the progress Grant Thornton had made in delivering their responsibilities as the external auditors.  It was noted that Grant Thornton had devised the plan in association with the Authority.  Members were informed that accounting, audit and emerging issues would be flagged up as part of the regular report.  Members were informed that internal and external auditors met on a regular basis to discuss any issues that may arise.  In response to a question relating to Governance it was noted that Internal Audit’s role was to provide an objective opinion on the effectiveness of the control environment, comprising, risk management, control and governance.

 

Members reiterated their request to have the accounts earlier this year, to allow more time to review the accounts in advance of the September committee meeting.   Officers explained that bringing the closure of accounts forward would improve the situation, and that the Director of Strategic Finance would ensure, where possible, that the accounts and supporting narrative would be produced earlier in the process to allow members to have sufficient time to comment. 

 

Terry informed the committee that earlier audit testing was already taking place, to assist Grant Thornton and the Authority during the main part of the audit. It was suggested that in the future perhaps a section on value for money, fraud and decision making would be useful in the document to aid the discussion.

 

The committee referred to the Audit Committee Effectiveness Review section of the report, many members felt that a presentation on this area would be most beneficial to the committee. 

 

Members were informed that copies of Grant Thornton publications, such as joint ventures, etc, could be accessed via the website: www.grant.thornton.co.uk/en/insights   

 

Councillors discussed Integrated Reporting (on page 48 of the report) and welcomed the concept, as concerns were raised over joint ventures, boards and the need to retain accountability.  The Director of Strategic Finance explained that GCC was very clear over the accountable body arrangements and ensured that each party had separate duties.  In terms of GCC there were different roles, these were noted as accountable body and for some schemes “scheme promoter”.

 

Members felt that democratic governance issues required due consideration and requested that in the new Council, the Audit and Governance Committee could undertake a deep dive into integrated reporting, financial and governance arrangements in relation to the GCC shareholder role.  The committee was informed that Councillor Theodoulou as the cabinet portfolio holder undertook the shareholder responsibility in relation to UBICO.  Members felt this was an important role, which all Councillors should be made aware of at full Council. 

 

Members were reminded that they should never join a board without fully understanding their role and responsibilities.  It was explained that officers took the accountable body role very seriously and if they had any concerns they requested Internal Audit to investigate the role and procedures in place before any agreement was signed as a precautionary measure. 

 

In response to a question, concerning the Local Enterprise  ...  view the full minutes text for item 4.

5.

Joint Working agreement between Internal and External Audit pdf icon PDF 137 KB

Minutes:

Terry Tobin, Grant Thornton presented the report which summarised how Internal and External Audit worked closely together. It was noted that the Internal Audit Team at GCC was very good and the service was a credit to the CIA. 

 

Resolved

 

That the report be noted.

6.

Treasury Management Strategy pdf icon PDF 384 KB

Minutes:

Paul Blacker, Head of Financial Management presented the proposed Treasury Management Strategy Statement and Investment Strategy for 2017/18, which met the CIPFA Code of Practice, and governed how the Authority undertook Treasury Management activities.  It was noted that the Committee was required to consider, comment and recommend the new Treasury Management Strategy to Council for approval. 

 

It was noted that the strategy will be approved by full Council as part of the Medium Term Financial Strategy (MTFS) and was being submitted to the Audit and Governance Committee in accordance with its terms of reference to regularly monitor the Council’s Treasury Management policy and practices.

 

It was noted that the Audit and Governance Committee undertook a detailed Treasury Management training session in December 2016, which was well attended.  Therefore, the following key changes to the report, as agreed with Arlingclose the Treasury Management Advisors were highlighted:

-           The lowest risk category approved for use had been raised from BBB to BBB+

-           For non-specified investment limits, total long term investment is proposed to be increased from £120M to £200M, to enable the Council to take advantage of secured investments which were normally available at maturity levels greater than 1 year.

-           Increase the investment limit per broker from £75M to £100M due to current limitations on investment custody arrangements.

-           Money Market Funds limit to be increased from £100M to £150M to provide greater flexibility in maintaining liquidity funds.

 

In response to a question, it was explained that finance officers had quarterly meetings with Arlingclose and if there was any volatility it would be reported back to the Committee.  Members noted that an update report was presented to the committee at its October meeting.  The committee felt reassured by these actions. 

 

Resolved

 

That the Treasury Management Strategy Statement and Investment Strategy 2017/18 be commended for approval by Council.  

7.

Annual Governance Statement Improvement Plan 2015/16 pdf icon PDF 47 KB

Additional documents:

Minutes:

Theresa Mortimer, Chief Internal Auditor (CIA) presented the report.  The report provided assurance to the Audit and Governance Committee that the improvement actions identified as part of the annual review of the governance arrangements operating within GCC had been/were being addressed.  It was recommended that the Committee reviewed and considered the actions taken to address the governance improvement areas identified.

 

Overall, the CIA confirmed that actions had been or were being addressed. It was noted that page 84 of the action plan referred to the revised Annual Governance Statement (AGS) assurance framework which was currently being developed and would apply to the 2016/2017 AGS being presented to the Committee in July 2017.

 

Members were informed that the action relating to the counter fraud arrangements had been completed and as a result the revised fraud polices were being presented to the Committee later as part of the agenda.

 

Resolved

 

That the report be noted. 

8.

Risk Management Policy Statement and Strategy 2017/18 pdf icon PDF 92 KB

Additional documents:

Minutes:

 Theresa Mortimer, Chief Internal Auditor (CIA) presented the report in detail.  The proposed Risk Management Policy Statement and Strategy, reflected national good practice/standards and aligned with the Council’s operating model. 

 

The CIA explained that it has always been important for GCC to identify and manage its risks.   Identifying risks enabled the Council to effectively manage strategic decision making, service planning and delivery to safeguard the wellbeing of our stakeholders and increased the likelihood of us achieving our outcomes.

 

Taking into account the overall future strategic direction of the Council, its structure and its services, it is now deemed an appropriate time to refresh and reaffirm our Risk Management Policy Statement and Strategy, to ensure that the Council’s risk and assurance framework continues to build on our existing successes. This should enable the Council to effectively manage the potential opportunities and threats, thus improving service delivery to our communities.

 

The CIA advised members that there were only very minor changes to the strategy such as renaming service areas e.g. Performance and Improvement, deleting reference to a delivery board and reflecting up to date legislation such as the Accounts and Audit regulations 2015. It was noted that the general principles of how risked was managed within the Council had not changed.

 

It was noted that Internal Audit provided an opinion of the effectiveness of risk management arrangements when undertaking individual audit assignments which provided the Committee with reasonable assurance that risk was being managed effectively across the Council.

 

During the discussion, members requested to know if managers were required to sign a statement confirming they had read and understood the Risk Management Strategy.  The CIA explained that it would have to be a corporate decision to make it a mandatory function.  It was suggested that this could be delivered as an online exercise and the policy would have to be read and accepted online.  Some members felt that when things went wrong, staff could say they weren’t aware of the policy and hadn’t read it.  Therefore, they should be made to read the policy and sign off on it, in an effort to mitigate the risk. 

 

The CIA informed the Committee that as part of the Annual Governance Statement assurance framework, Directors/Heads of Service were asked to complete an assurance statement which included awareness of and applied the principles of the Risk Management Strategy and the Anti-Fraud Policies, etc.  If they answered no, or partial to any of the questions, the necessary training was provided.  Members were satisfied with the response and the approach. 

 

A discussion took place relating to risk monitoring and reporting arrangements, it was reiterated that risk monitoring and reporting were integral to the corporate performance management and monitoring arrangements and was within the Overview Scrutiny Management Committee (OSMC) remit.  The Council’s strategic risks were reported on a quarterly basis to OSMC and provided to the Audit and Governance Committee as part of the Annual Report on Risk Management Activity.

 

The CIA explained that a virtual risk management group  ...  view the full minutes text for item 8.

9.

Internal Audit Activity Progress Report 2016/17 pdf icon PDF 47 KB

Additional documents:

Minutes:

Theresa Mortimer, Chief Internal Auditor presented the report which informed members on the progress of the internal audit activity in relation to the 2016/2017 Internal Audit Plan and provided a progress report on those audits undertaken during the period October – December 2016, including the opinions provided on risk and control.

 

The Committee welcomed the report which provided the relevant risk and control assurance opinions in relation to the audit activity during the above period.  The report included a graphical summary that highlighted the opinions provided during this period, which showed an overall satisfactory and above rating of 82% on control and 86% on risk. Members’ attention was drawn to the fact that 18% of the opinions on control were limited. Officers explained that this may be due to transformational change, whilst focusing audit activity on the key risks of the Council and as a result of specific requests from Directors, who requested areas to be reviewed where issues had arisen or where independent assurance was required.

 

The CIA informed the committee that all 30 recommendations made by Internal Audit to improve the control environment during this period, had been accepted by management. 

 

The CIA highlighted two key points, which related to:

           the one exempt limited assurance report which would be discussed in the exempt section of the meeting; and

           Page 134 (of the report) which related to the review of the effectiveness of the systems and processes in place to value the Highways Network Asset, ready for the future inclusion within the statement of accounts.

 

The Committee discussed the progress report in detail, and were informed that Internal Audit also carries out consultancy work as well as assurance activity. Whilst consultancy work provides a conclusion on the control environment, a formal assurance opinion would not be provided. However, if there were any significant control weaknesses identified and subsequent recommendations made as part of the consulting activity, an audit would be undertaken to provide the assurance that the recommendations made and agreed with management have been addressed. At this stage an assurance opinion would be provided.  Members were reassured by the processes in place.

 

Resolved

 

That the report be noted. 

10.

Internal Audit Charter 2016/18 pdf icon PDF 63 KB

Additional documents:

Minutes:

Theresa Mortimer, the Chief Internal Auditor (CIA) explained the purpose of this report was to inform members of revisions to the Public Sector Internal Audit Standards (PSIAS) which were effective from 1st April 2016. It was noted that the key changes had been highlighted in italics within the report.  Members were informed that the changes related to the new mission statement and the revised core principles which underpinned the delivery of the mission statement.

 

The committee discussed the charter in detail and members’ attention was drawn to the Mission Statement and Core Principles (on page 146 of the report).  The CIA was pleased to report that “Be Insightful, proactive and future focused” had now been included as a core principle and explained the importance of this principle in terms of the Audit Service. 

 

Members appreciated the report and felt that many services were demand led and questioned the impact on these services.  In response to a question, The Director of Finance explained some strategic risks were on held on the strategic risk register.  In addition, she explained that the specific reserves were detailed within the Medium Term Financial Strategy (MTFS) and as such these reserves were deemed to be reasonable.  It was noted that GCC was investing in Adult & Child Social Care, however the individual scrutiny committees and the Overview Scrutiny Management Committee would closely monitor and challenge the budget and the performance. 

 

A discussion took place relating to the role of the Section 151 Officer, some members felt the role should be clearly documented within the Charter.  The CIA explained that the Charter was a high level strategic document defining the role, purpose and authority of the Internal Audit Function with the role of the S151 Officer and Corporate Management Team depicted within the report.  In addition, the Annual Governance Statement (AGS) contained a section on the roles of the Section 151 Officer and the Monitoring Officer.  Members requested that this point be given more thought and officers agreed to take away this point and discuss in more detail. 

 

The Director of Finance suggested that it would be beneficial to provide members of the committee with a chart, detailing the appropriate governance roles and responsibilities. The Committee welcomed this approach and requested that the document be made publicly available.   

 

Resolved

 

That the Committee formally approved the Internal Audit Charter and its adoption. 

11.

Anti Fraud and Corruption Policy Statement and Strategy 2017/19 pdf icon PDF 54 KB

Additional documents:

Minutes:

Theresa Mortimer, Chief Internal Auditor, presented the report.  The committee was asked to consider and comment on the revised Council’s Anti-Fraud and Corruption Policy Statement and Strategy 2017/19, which included the Anti Bribery Policy and Anti Money Laundering Policy and the Confidential Reporting Procedure (Whistleblowing policy) and recommend its approval to cabinet. 

 

To put the strategy and policies into context and in order to respond and protect the public purse, the CIA referred members to the proposed Anti-Fraud and Corruption Policy Statement which stated that fraud costs the UK economy billions of pounds with fraud risk significantly rising within the public sector.

 

The CIA explained that the policies and strategy had been rewritten to ensure adherence with relevant legislation and was based on three key themes: Acknowledge, Prevent and Pursue and adheres to the new Local Government Counter Fraud and Corruption Strategy 2016 - 2019: Fighting Fraud and Corruption Locally, which was supported by the Chartered Institute of Public Finance and Accountancy (CIPFA) Counter Fraud Centre.

 

Members were reminded that the Audit and Governance Committee’s role was to provide independent assurance on the adequacy of the Council’s Anti-Fraud and Corruption response and framework.

 

Members welcomed the report and requested to know if the communications plan included an online approach.  The Committee felt that culturally, the principle of Anti-Fraud should be disseminated to all staff.  Officers explained that the communications plan was yet to be confirmed, pending Cabinet’s approval but the points raised would be given due consideration.  The Committee requested to be kept appraised of the situation.  It was suggested that the Anti-Fraud Policies should be included within the new member induction programme. 

 

The CIA informed the Committee that once the policies had been approved, she proposed that the policies were disseminated to Members and Officers via a communications plan to help reaffirm GCC’s anti-fraud culture and objectives.

 

Resolved

 

That the report be recommended to Cabinet for approval and once approved be disseminated to managers in accordance with a Communications Plan.

12.

Internal Audit limited assurance reports pdf icon PDF 71 KB

Reports back on action requested following on from Internal Audit limited assurance reports:

·         Data Storage – Structures

·         Direct Payments - Children

Additional documents:

Minutes:

Data Storage Structures - Andy Gilbert, Head of ICT presented the report in detail.  The committee was informed that the ICT service continually strived to maintain a balance between security and usability to support business users.  The Audit had identified a number of improvement actions and Members were advised of the actions taken to date and proposed within the report. 

 

In response to a question, it was explained that super user privileges enabled the user to have elevated access rights to key council information and systems.  Mr Gilbert explained that a procedure was now in place and monthly ICT risk management meetings occurred with Sopra Steria (outsourced ICT managed service provider) to monitor and control these elevated access rights.  All ICT risks are presented to Directors at the established ICT Governance Board. The committee was advised that Jane Burns, in her role as the Senior Information Risk Owner (SIRO), was also a member of the ICT Governance Board and closely monitored the information security risks.    

 

Members were informed that a report outlining a solution to address the huge quantities of electronic data at the council was due to be presented to CoMT for its approval in early February 2017, this report would outline the issues, timescales and costs involved in addressing the problems. 

 

In response to a question, the committee noted that the churn of staff presented the biggest problem to the Authority.  Mr Gilbert advised the committee that when a member of staff was due to the leave the Authority, ICT were notified by the BSC of the end date.  The network account of the leaver is then disabled and they would no longer be able to access the system after that date. 

 

The issue of backing up to tape was raised and it was noted that a disc to disc back up solution had now been implemented.   It was explained that the Authority had migrated to a dedicated and secure data centre and was in the process of transferring the remaining servers.  

 

The CIA added that a follow up review would take place in 2017/18.  Members felt some assurance by these actions. 

 

Resolved

 

That the report be noted. 

 

Direct Payments - Amanda Henderson, Lead Manager for Children with Disabilities presented the report in detail.

 

It was explained that a direct payment was money given to parents/carers of young people so that services and/or equipment could be purchased to meet their assessed needs, instead of the Authority providing the support through its own commissioned services.    As this allowed carers, parents and young people greater choice and flexibility in obtaining individual services.  Officers explained that the direct payment scheme an account held by the parents, where by the paperwork could be requested as per the policy to be checked, reviewed and raised with Audit if necessary. 

 

Members were informed that the direct payments team worked with parents and carers to identify and refresh what the payment could be used for.  As in some cases where anomalies had been found, a  ...  view the full minutes text for item 12.

13.

Exclusion of the Press and Public

THAT in accordance with Section 100 A (4) of the Local Government Act 1972 the public be excluded from the meeting for the business specified in agenda item 14because it is likely that if members of the public were present there would be disclosure to them of exempt information as defined in paragraph 3 and 7 of Part 1 of Schedule 12 A to the Act and the public interest in withholding the information outweighs the public interest in disclosing the information to the public    

 

Minutes:

THAT in accordance with Section 100 A (4) of the Local Government Act 1972 the public be excluded from the meeting for the business specified in minute 12 because it is likely that if members of the public were present there would be disclosure to them of exempt information as defined in paragraph 3 of Part 1 of Schedule 12 A to the Act and the public interest in withholding the information outweighs the public interest in disclosing the information to the public.

14.

Exempt Limited Assurance Internal Audit report

Minutes:

The committee received and discussed the report in detail.

 

Resolved

 

That the report be noted.