Agenda and minutes

No apologies for absence were received.

The Chairman declared an interest as a former Governor of St Olave’s School.

Councillor Allatt declared an interest as a former employee of Capita, in addition to being a current shareholder.   

Councillor Owen referred to certain matters that he had raised with the Head of Audit prior to the meeting of the Audit Sub-Committee. It was agreed that the Head of Audit would meet outside of the current meeting to discuss these matters with the Monitoring Officer.

RESOLVED that the minutes of the meeting held on 7^th March (excluding exempt information) are agreed and signed as a correct record.

In accordance with the Council’s Constitution, questions to this Committee must be received in writing 4 working days before the date of the meeting.  Therefore please ensure questions are received by the Democratic Services Team by 5pm on Friday 18^th May 2018.

No questions were received.

CSD 18074

The updates concerning insurance cover for cyber-attacks and the objection to the accounts were noted. Members were briefed that LBB’s current insurers were developing a policy, and that LBB would be going to market to assess the different insurance options that were available to cover against cyber-attacks in the future.

RESOLVED that the Matters Arising report is noted. 

No questions were received concerning the audit reports published on the web.

FSD 18037

The Internal Audit Progress report was written by David Hogan, Head of Audit.

The report had been drafted to update Members of recent audit activity across the Council and provided an update on matters that had arisen since the last meeting of the Committee. The Committee was asked to note the report and to comment on matters arising, as well as noting the list of internal audit reports published on the Council’s web site. Members were also being asked to approve the nomination for Auditor of the Year and to note the latest position on the Council’s Departmental and Corporate Risk Registers.

The Head of Audit briefed Members around the Priority 1 (P1) update for document storage and retention. It had been mentioned previously that this matter was directly related to the Civic Centre Accommodation Strategy. It was noted that the brief for the Instruction and Intention to Tender for a Multi-Disciplinary Consultancy Evaluation for the Civic Centre Strategy referenced the need to move to a paper light environment, and it was expected that the consultants would be appointed in quarter 2 of 2018.

It was noted that 20 Bromley officers had been emailed and reminded to confirm the destruction of 904 boxes held by TNT. Some officers were planning to visit the storage site during the summer when work levels had decreased. It was clarified that the storage site was based in Essex. The Chairman enquired how the costs for the storage were apportioned, and the Head of Audit responded that he presumed that the costs would be recharged to the various departments. Ms Pilkington informed the Committee that the cost of storing the 904 boxes was in the region of £2k per annum. 

Members were told that going forward (and especially with the current GDPR initiatives) there would be a requirement for a twofold focus. One would be concerning the destruction of existing boxes, and the other focus would be on reducing the volume of stored data. The P1 recommendation remained outstanding.

With respect to the Review of Waivers, Members heard that both P1 recommendations were being progressed as part of the electronic authorisation process, and that this was connected to the development of the Contracts Database. (CDB).  In the meantime, paper authorisation forms were being used. Although the recommendations were in progress, they remained open. It was expected that the renewal reminders being generated from the Contracts Database would reduce the number of waivers requested.

Members were appraised concerning the Reablement Service. They were informed that as the service had remained in-house, the P1 recommendation relating to the use of the Outcome Management Tool had been re-instated. The P1 recommendation relating to key performance data had only been partially implemented. It was clarified that the ‘target of 65%’ related to time actually spent with clients.

A brief update was provided concerning the Contributions Policy. It had previously been the case that users of the Reablement Service were not being charged for cancelled calls where sufficient  ...  view the full minutes text for item 7.

FSD 18035

The Annual Internal Audit Report was written by David Hogan, Head of Audit.

The report updated the Committee concerning the Internal Audit activity for 2017/2018.

Members were asked to note the report and the Head of Audit’s opinion on the soundness of the internal control environment within the London Borough of Bromley. The report was intended to assist the Council in meeting the requirements of the Accounts and Audit Regulations 2015. The Committee noted that fundamental aspects of the Internal Audit reviews were to assess the effectiveness of controls in place to mitigate against associated risks.

Members were informed that the 2017/2018 Internal Audit Plan had identified a total of 70 separate tasks, not including schools. Additionally, 19 audits had been carried forward from the previous year. The Head of Audit explained to Members that achievement of the 2017/2018 plan had been affected by several factors. In terms of resources for 2017/2018, the total number of days lost because of sickness and an unfilled vacancy, was 149. Resultantly, additional resources were procured from Mazars. Summaries were provided of work days allocated to Departments, and a summary of work that had been undertaken.

The Head of Audit explained the Assurance Levels used, and their definition. The Committee heard that in June 2017, 35 Priority 1 recommendations had been reported to the Audit Sub Committee, and at the time of writing the report, 31 had been implemented.

Members were provided with an interesting update concerning risk registers. It was noted that Zurich had been commissioned to undertake a check and challenge process on the risk registers for LBB’s three Directorates. The results of this process were reported back to the Directorate Management Teams, and this had resulted in updated risk registers being produced. The findings were also reported to the Corporate Leadership Team and it was agreed that the same challenge and scoring should be undertaken for corporate risks.

The Head of Audit explained that all internal audit arrangements were subject to a thorough internal review of quality; this was to ensure that the quality of the work was in line with the expectations of the Public Sector Internal Audit Standards (PSIAS). 

It was noted that under the requirements of the PSIAS, there was a need for an external quality assessment of the internal audit service every five years. This had been undertaken in March 2016, and it was concluded that the section generally conformed to the required standards.

The Head of Audit briefed the Committee that the commercial software used by Internal Audit had no longer been supported from February 2017, and so an alternative had been required. A decision was made to develop new systems in house (by Internal Audit) using MS Word and Excel. The decision to develop systems in house had resulted in savings for the Council. 

Members were briefed that the annual assessment was based on work reported to the Audit Committee between April 2017 and the date of the report. The assurance activity undertaken  ...  view the full minutes text for item 8.

FSD 18036

The Annual Governance Statement report was prepared and presented by David Hogan—Head of Audit.

The report was required because the Accounts and Audit Regulations 2015 required that a local authority undertake a review at least annually of the effectiveness of its system of internal control. This statement would be included with the published accounts. In England, the statement was the Annual Governance Statement. It was also included in the relevant CIPFA Code of Practice.

The report asked Members to comment and agree the Annual Governance Statement.

The Head of Audit outlined the sources of assurance that had to be relied upon when the AGS was being prepared. These sources included responsible directors and managers in the Council, as well as external auditors, other review agencies and inspectorates. The Head of Audit opinion also formed a key part of the review.

The annual review had identified several areas where further work was required to monitor how the key risks facing the Council were being managed, or where further work was required to improve systems. The first area identified was that of Finance and it was noted that in the future significant challenges would exist in trying to reconcile budget savings with the maintenance of front line services.

Members were appraised that contract issues had been identified over the last two years which had highlighted the need for stronger control and better management oversight.

Also identified was the need to effectively use performance management information and improve quality assurance arrangements.

The Committee noted that the Council’s Code of Corporate Governance had not been updated to reflect the 2016 CIPFA guidance.

Members were appraised that significant changes were required so that the Council would be compliant with the General Data Protection Regulations 2016 (GDPR) which would be introduced from May 25^th. Penalties for non-compliance could be severe.

Finally, the Head of Audit reminded Members that as part of the conclusion process in finalising the AGS, it was important that the Audit Sub-Committee provided robust independent consideration, challenge and ultimately—approval of the document. Once agreed by Internal Audit, the Annual Governance Statement would be signed by the Leader and by the Chief Executive. 

RESOLVED that the Annual Governance Statement for 2017/18 is approved. 

RESOLVED that the press and public be excluded during consideration of the items of business listed below as it was likely in view of the nature of the business to be transacted or the nature of the proceedings, that if members of the press and public were present, there would be disclosure to them of exempt information.

FSD 18038

The Fraud, Investigations and Internal Audit Exempt Items report was written and presented by David Hogan, Head of Audit.

The report informed Members of recent Internal Audit activity concerning fraud and investigations across the Council and provided updates on matters arising from previous Audit Sub Committee meetings.  The report provided updates on previously reported cases, and expanded on new cases of interest and detailed cases on the fraud risk register. It also provided information on reports which were exempt from publication.

Members were asked to note and comment on the contents of the report.

The full minutes have been published internally as an ‘exempt information’ item.

The exempt minutes of the meeting held on 7^th March 2018 were agreed and signed as a correct record.

The Chairman referred to a previous response letter that he had received from the DWP with respect to the Single Fraud Investigation Service. The Chairman’s response had been delayed due to Purdah. The Chairman stated that his follow up response letter to the DWP would be circulated to members of the Audit Sub-Committee via the Committee Clerk. Members would be asked for their views before the final response was sent to the DWP by the Chairman.    

The Audit Sub Committee will meet next on 25^th September 2018

The date of the next meeting of the Audit Sub Committee was confirmed as 25^th September 2018.