Agenda and minutes

Venue: Bromley Civic Centre

Contact: Steve Wood  020 8313 4316

Items
No. Item

106.

APOLOGIES FOR ABSENCE AND NOTIFICATION OF SUBSTITUTE MEMBERS

Minutes:

It was noted that this was the first meeting of the new committee as a full committee in its own right and not as a sub-committee.

 

Apologies were received from Councillor Michael Tickner. Councillor Dr Sunil Gupta attended as the substitute for Councillor Tickner. Councillor Robert Evans (Vice-Chairman) chaired the meeting in the absence of Councillor Tickner. 

 

It was noted that the planned visit of committee members to visit the Internal Audit Team would be deferred to September. 

107.

DECLARATIONS OF INTEREST

Minutes:

There were no declarations of interest.

108.

CONFIRMATION OF THE PART 1 MINUTES OF THE MEETING HELD ON 2nd MARCH 2022 pdf icon PDF 352 KB

Minutes:

The minutes of the meeting held on 2nd March 2022 were agreed and signed as a correct record.

109.

QUESTIONS FROM THE PUBLIC

In accordance with the Council’s Constitution, questions that are not specific to reports on the agenda must have been received in writing 10 working days before the date of the meeting.  These questions should have been received by 5pm on 16th June.

 

Questions specifically concerning reports on the agenda should be received within two working days of the publication date of the agenda.  Please ensure that questions specifically regarding reports on the agenda are received by the Democratic Services Team by 5pm on 24th June .

 

Minutes:

No questions from the public were received.

110.

QUESTIONS FROM COUNCILLORS

In accordance with the Council’s Constitution, questions that are not specific to reports on the agenda must have been received in writing 10 working days before the date of the meeting.  These questions should have been received by 5pm on 16th June.

 

Questions specifically concerning reports on the agenda should be received within two working days of the publication date of the agenda.  Please ensure that questions specifically regarding reports on the agenda are received by the Democratic Services Team by 5pm on 24th June .

 

Minutes:

No questions from Councillors were received.

111.

QUESTIONS ON THE AUDIT REPORTS PUBLISHED ON THE COUNCIL WEBSITE

The following audit reports have been published on the Council website:

 

1 Community Infrastructure Levy(Cil) 2021-2022

2 Payroll (Tax)

3 Review Of Appointeeship And Deputyship

4 Review Of Building Control

5 Review Of Contract Monitoring Of Environmental Services

Contracts:2021--2022 62)

6 Review Of Planning Applications (Pre-Application Advice Service)

7 Review Of Special Educational Needs Placements And Transition

Process

8 Value Added Tax (Vat) Arrangements 2021-22

 

The link to the reports is:

 

Agenda for Information Briefings on Thursday 30 June 2022, 7.00 pm (bromley.gov.uk)

 

 

 

 

 

Minutes:

No questions were received concerning the audit reports that had been published on the Council website.

112.

MATTERS OUTSTANDING FROM THE LAST MEETING pdf icon PDF 452 KB

Minutes:

CSD22077

 

The Chairman commented that most of the matters that had arisen previously now appeared to be closed.

 

It was noted that the Head of Audit and Assurance would be monitoring the progress made concerning the recommendation to HR that if managers failed to deal with recommendations that had been identified by the Internal Audit Team, then this could be noted in the manager’s Annual Performance Review. An update would be provided at a future meeting.  

 

The Chairman asked for an update concerning the report that was due to go to the General Purposes and Licencing Committee to look at ways of formalising a new and more effective policy for dealing with Freedom of Information requests. The Head of Audit and Assurance said that this report had been delayed due to long term sickness within the Information Governance Team. It was anticipated that the report would be presented to the General Purposes and Licencing Committee in September. The Chairman made the observation that this matter was taking a long time to be dealt with.

 

A Member expressed the view that many Freedom of Information requests arose because questions being asked by the public were not being answered. If these questions were answered in a timely manner, then they would not result in Freedom of Information requests, which was an extra burden on the Council.

 

RESOLVED that:

 

1) An update concerning the recommendation to HR that if managers failed to deal with recommendations from Internal Audit then this should be reflected in the manager’s appraisal be brought to a future meeting of the Audit and Risk Management Committee.

 

 

 

113.

ANNUAL INTERNAL AUDIT REPORT 2021/22 pdf icon PDF 701 KB

Additional documents:

Minutes:

FSD22042

 

The Head of Audit and Assurance presented the Annual Internal Audit Report for 2021/2022. Members were asked to note the report, together with the Head  of Audit and Assurance’s opinion for 2021/2022 on the overall systems of risk management, governance and control.

 

The Head of Audit and Assurance stated that her opinion of the Council’s systems of risk management governance and control was ‘Reasonable’. The report broke down and mapped the data in various ways.

 

The Head of Audit and Assurance said that upon examination of the Risk Registers and ‘Making Bromley Even Better’ ambitions, it was clear that some areas had received more coverage than others. The areas not covered as well would be the focus of internal audit and the internal audit plan for 2022/2023.

 

The second part of the report concerned internal audit itself, as Internal Audit was required to have a quality assurance improvement programme. The reason for the improvement programme was to provide assurance to members of the Audit and Risk Management Committee that the information being provided by Internal Audit was reliable. It was a requirement of professional standards that every five years there had to be an external quality assessment of the service. The last one was undertaken about 2015/2016, so an assessment was overdue.

 

The Head of Audit and Assurance explained that the independent external quality assessment had to be undertaken by someone who was suitably qualified and had relevant experience. It would mean that Bromley’s Internal Audit Team would be assessed against all the relevant professional standards. This was due to take place in July and the outcome would be reported to the next meeting of the Committee. The Head of Audit and Assurance had undertaken her own assessment in the meantime and had assessed the Service as being 75% fully compliant and 25% partially compliant. She had drafted an action plan to address these gaps which was provided as an appendix to the report. This would be updated until the relevant actions were closed. The Chairman wondered if the Head of Audit and Assurance had enough staff to deal with these action plans, as well as the normal internal audits. The Head of Audit and Assurance responded and said most of the actions would be for her to undertake as Head of Service.

 

A Member raised the issue of some staff not being confident in auditing IT risks. The report had mentioned further training as a possible solution, but the Member wondered if what was required was a recruitment issue and that it may be prudent to hire an IT auditor. The Head of Audit and Assurance  commented that it was always difficult to retain staff like this, as once trained up, they often got better offers elsewhere. 

 

A discussion took place with respect to SEN placements. Internal Audit had assessed how the Council could achieve the best value for money in this regard, whilst maintaining its statutory duties. The Council was currently experiencing a £5m overspend in this  ...  view the full minutes text for item 113.

114.

ANNUAL GOVERNANCE STATEMENT 2021--2022 pdf icon PDF 293 KB

Additional documents:

Minutes:

FSD22043

 

It was explained that the Annual Governance Statement was something that was required by the Accounts and Audit Regulations. Although the statement was coordinated by Internal Audit, it was not the responsibility of Internal Audit to write the report. The report was written and owned by senior management and would be signed off by the Chief Executive and the Leader of the Council. However, it was a statutory requirement that it needed to be presented to the Audit and Risk Management Committee for scrutiny before being signed off. A Member expressed the view that although it was clear that good governance was required, ‘over governance’ could be detrimental as there was a danger that innovation may be stifled. 

 

The policy with respect to whistle blowing was discussed. It was explained that individuals could approach the Chairman and Vice-Chairman of the Audit and Risk Management Committee in confidence. It was noted that a policy for whistle blowing was already in place. When an independent member was appointed to the committee he or she could also be a useful channel for the reporting of whistle blowing issues. The Head of Audit and Assurance stated that the policy was due for revision and details of any revision would be reported back to the next meeting of the committee.

 

A Member expressed concern that the whistle blowing policy should be clearly communicated, so that it was obvious to individuals how they could report any issues that they felt needed to be reported. It was mentioned that some companies also used anonymous help lines for this. A Member commented that the Council already had a policy in place and perhaps it would be a good idea if this policy could be recirculated. A Member stated that as well as having a policy in place, what was also important was the investigation process itself--in other words how the investigation was conducted and who conducted the investigation. It was explained that Internal Audit would not be able to provide any assurance with respect to the policy as they owned it. For that reason, any assurance work would need to be out-sourced.  

 

Members looked at the decision-making structure and it was noted that there was still reference to the previous Audit Sub-Committee which was now no longer in existence. This would be revised going forward. The Chairman noted that some amendments had been made to the procurement process and he asked if further clarification regarding this could be provided in due course.

 

RESOLVED that:

1) The Annual Governance Statement, attached as Appendix A, be noted.

2) The 2021/22 Annual Governance Statement be agreed subject to any changes made as a result of any comments or suggestions from the Audit and Risk Management Committee, and any further minor updates required prior to the publication of the Statement of Accounts 2021/22. 

 

 

115.

INTERNAL AUDIT AND FRAUD PROGRESS REPORT pdf icon PDF 424 KB

Additional documents:

Minutes:

FSD22044

 

The new Head of Facilities Management provided an update on the issues concerning the changeover switches and UPS which provided a back-up energy supply to the data centre if there was a power outage. Previously, the switch over mechanism had not been working and so this was a risk.

 

It was confirmed that new switches and a hire UPS had been installed. However, during this process an additional problem had been identified in that the switches still failed to change over to place the load on the generator. The initial assessment was that this could be related to the voltage optimizer installation. This was because when this had been installed previously, modifications appeared to have been done to the cabling which had been preventing the switchover to the emergency power supply. New cabling was therefore required to be installed. This work had been planned over a three day period and 80% of the work could be undertaken without a power shutdown. The plan was for a review of the system work to be undertaken over the weekend following the meeting and also to look at increasing the capacity of the hire UPS.

 

This work would extend the time available before manual intervention was required to switch on the main generator. It was anticipated that by Christmas time, the work would be completed in its entirety, and that manual intervention would not be required for the generator to take the building load once work was completed.

 

The Chairman stated that the Committee wanted the work completed and the safeguards put in as soon as possible. The New Head of Facilities Management commented that after the work was completed, it may be prudent to think about an extra generator.

 

The report listed the audits that had been agreed should take place, together with progress against those audits. Work had been delayed, as there were two members of the Internal Audit Team that were on long term sick leave. The Head of Audit and Assurance said that she was not overly concerned about this, as extra resource could be brought in from Mazars if required. She said that one audit had been fully completed and a grant claim had been signed off. Advisory work had been undertaken in several areas, including ‘Homes for Ukraine’ and the Energy Rebate. The report also detailed the results of follow up work on P2 and P3 recommendations.

 

A discussion took place concerning the IT Asset Register, Data Assets and GDPR. The Head of Audit and Assurance said that the audit of the IT Asset Register needed more follow up work and so had not been closed off yet.

 

An update was provided on Counter Fraud Activity, much of which had been undertaken by the Royal Borough of Greenwich. Much of this work was in connection with Blue Badge Fraud. The Head of Audit and Assurance stated that going forward it was her desire that counter fraud work would be more pro—active instead of just reactive. The  ...  view the full minutes text for item 115.

116.

RISK MANAGEMENT pdf icon PDF 215 KB

Additional documents:

Minutes:

FSD22045

 

The Head of Audit and Assurance introduced the Risk Management Report which provided Members with the most recent iterations of the corporate and departmental risk registers for review and comment. The Committee was asked to note the risk registers and to comment on any matters arising.

 

It was noted that the various risk registers went to the appropriate scrutiny committees as well. Ideally, they would go to the Audit and Risk Management Committee first. The Chairman suggested that the Committee focus on the Corporate Risk Register.  He suggested that if any Member had concerns about any other risk items that were not on the Corporate Risk Register, that they address it with the Chairman of the relevant scrutiny committee.

 

The point was made that as the risk registers went to this committee and also to other PDS committees, it would be prudent to consider how duplication of scrutiny could be avoided. It was suggested that on the night members focus on the ‘red’ risks that were likely to be audited by the Internal Audit Team.

 

A Member expressed the view that with respect to high red risks, the risk owners should be asked to attend the committee and explain how they would be addressing those risks.

 

It was suggested that rather than the Committee have to wade through all of the Risk Registers, that an alternative simplified document be produced. This could be a ‘heat map’ document that would highlight the most significant risks, especially if the risks had failed mitigation or controls.

 

The Head of Audit and Assurance felt that the idea of a ‘heat map’ was a good one. She felt that the Corporate Risk Register should be looked at in its entirety. She also felt that it was reasonable to ask risk owners to attend the Committee if necessary. It was suggested that ‘heat maps’ be used on a trial basis for the next couple of committee meetings.

 

A discussion took place as to how new risks could be added to the Risk Register and it was pointed out that members of the Audit and Risk Management Committee could raise potential new risks if they wished. It was noted that the Corporate Risk Register was owned by the Chief Executive and that the other Risk Registers were owned by Chief Officers.

 

RESOLVED that

 

1) The Risk Management Report be noted

 

2) For the next couple of committee meetings, a ‘Heat Map’ document would be produced that would summarise the main ‘red’ risks. The Corporate Risk Register would continue to  be looked at in its entirety.

 

 

 

117.

CONTRACT PROCEDURE RULES: BI-ANNUAL REPORT ON EXTENSIONS, EXEMPTIONS, VARIATIONS AND WAIVERS pdf icon PDF 211 KB

Additional documents:

Minutes:

FSD22041

 

The Chairman noted two contract extensions with respect to Extra Care Housing, one for £3.9m and one for £3.5m. The Head of Audit and Assurance said that she would speak to the Assistant Director of Governance and Contracts to obtain more information regarding these contract extensions.

 

A Member asked why this report was being presented to the Audit and Risk Management Committee. It was explained that any waivers/extensions where the value was greater than £50k, had to be scrutinised by the Audit and Risk Management Committee. Exceptions to the Contract Procedure rules needed to be reported.

 

A Member asked for more information on the York Rise contract which had over-run by £2.8m.   

 

RESOLVED that

 

1) The report be noted.

 

2) The Head of Audit and Assurance would report back concerning those contract extensions/overspends that had been highlighted by Members. 

 

 

118.

EXTERNAL AUDIT AND FINANCIAL REPORTING UPDATE pdf icon PDF 469 KB

Minutes:

FSD22054

 

The External Audit and Financial reporting update was presented to the Committee by the Head of Corporate Finance and Accounting. The Chairman explained that when the Audit Sub-Committee was still a sub-committee of the GP&L Committee, then decisions with respect to external audit were referred to the General Purposes and Licencing Committee. Now that the Audit and Risk Management Committee was a full committee in its own right, this was no longer the case.

 

The Head of Corporate Finance and Accounting explained that after the Audit Commission was de-commissioned, its work was taken over by four main bodies:

 

1)  PSAA (Public Sector Audit Appointments)

2)  Institute of Chartered Accountants

3)  Financial Reporting Council

4)  The National Audit Office

 

It was now the responsibility of the PSAA to appoint the external auditors for local authorities and to set the fees. Shortly, LBB would be notified of which organisation would be appointed as its next external auditor to replace Ernst and Young. It was noted that as a result of notable audit failures (for example Carillion), the Financial Reporting Council had now instructed external auditors that their audit work should be more rigorous, so the work of external audit was now a more extensive exercise than was the case in the past.

 

Reference was made to the Government review of external audit, which was the Redmond Review. One of the recommendations of the review which would directly affect the Council was that there would now be a requirement to appoint at least one, if not two independent members to the Audit and Risk Management Committee. The Council would be responsible for the recruitment of independent members. An explanation was provided regarding how the fees of external auditors was calculated.

 

A Member noted that the last set of accounts that was fully signed off was for 2018/19. She commented that this seemed to be rather an old set of accounts and wondered if this was a Bromley problem, or if it was a problem across the sector. The Head of Corporate Finance and Accounting answered and said that it was a sector problem. The next set of accounts to be signed off would be 2019-2020, they were nearly ready to be signed off and it was anticipated that they would be signed off by the end of September 2022.

 

Members were briefed concerning the valuation of property assets which was undertaken by professional valuers and this was something that would be scrutinised in depth by external auditors. It was noted that no penalty existed if the publication of accounts was delayed, although it could result in reputational damage to the Council. 

 

 

A discussion took place regarding objections to the accounts. These had been received from the same individual over a period of three years; 2016/2017; 2017/2018 and 2018/2019. For the period from 2016 to 2018, the objections had been dealt with and no wrong doing was found on behalf of the Council. The audit of the accounts for 2018/2019 had been  ...  view the full minutes text for item 118.

119.

LOCAL GOVERNMENT ACT 1972 AS AMENDED BY THE LOCAL GOVERNMENT (ACCESS TO INFORMATION) (VARIATION) ORDER 2006 AND THE FREEDOM OF INFORMATION ACT 2000

  The Chairman to move that the Press and public be excluded during consideration of the item of business listed below as it is likely in view of the nature of the business to be transacted or the nature of the proceedings that if members of the Press and public were present there would be disclosure to them of exempt information.

Minutes:

RESOLVED that the press and public be excluded during consideration of the items of business listed below as it was likely in view of the nature of the business to be transacted or the nature of the proceedings, that if members of the press and public were present, there would be disclosure to them of exempt information.

120.

ANNUAL INTERNAL AUDIT REPORT 2021/22--PART 2

Minutes:

FSD22042

 

Members discussed and noted the Part 2 (Confidential) version of the Annual Internal Audit Report for 2021/22.

121.

EXEMPT MINUTES OF THE MEETING HELD ON 2nd MARCH 2022

Minutes:

Members noted and agreed the Part 2 minutes of the meeting that had been held on 2nd March 2022.

 

The minutes were agreed and signed as a correct record.