Agenda and draft minutes

Apologies were received from Cllr Ruth McGregor.

Councillor Simon Fawthrop declared an interest in that he was a member of the LBB Pension Committee.   

The minutes of the meeting held on 8^th March 2023 (excluding those containing exempt information) were agreed and signed as a correct record.   

The Chairman welcomed the two new Independent Co-opted Members to the Committee.

The Chairman referred to recommendation 2.1 of the report and said that the term ‘municipal year’ should be replaced with ‘immediate effect’.

The Committee decided that the appointment term should be for four years. 

RESOLVED that:

1) Theresa Farr and Grieg Allen be appointed as non-voting Co-opted members of the Audit and Risk Management Committee with immediate effect, for the consideration of Part 1 (public) and Part 2 (confidential) reports.

2) The Independent Members be appointed for a four year term.

In accordance with the Council’s Constitution, questions that are not specific to reports on the agenda must have been received in writing 10 working days before the date of the meeting. 

Questions specifically concerning reports on the agenda should be received within two working days of the publication date of the agenda.  Please ensure that questions specifically regarding reports on the agenda are received by the Democratic Services Team by 5pm on Wednesday 28^th June.

Two oral questions were received from Cllr Jeremy Adams along with one written question. The questions and responses are appended to the minutes.  

CSD23094

The Chairman drew attention to minute 147 pertaining to the recommendation to be made to the Environment and Community Servicers PDS Committee to consider reinstating the previous practise of confiscating Blue Badges. The Chairman was informed that this request was awaiting a response. The Chairman stated that if no response was received by the next meeting, then relevant officers should be asked to attend the Committee to explain why.

It was noted that with respect to Edgebury School, progress had been made in response to previous recommendations from Internal Audit and so the high priority recommendation had been closed.

A Member referred to a recent data breach with respect to the PSPO (Public Spaces Protection Order) regarding the control of dogs.  He felt that in view of the recent data protection breach, from a risk management perspective he would appreciate having a report/discussion from the Assistant Director for IT at the next committee meeting concerning how many breaches LBB had seen recently and the risk mitigation measures the Council were taking to reduce the risk of further breaches. 

RESOLVED that:

1) If there was no response concerning the matter of referring the confiscation of Blue Badges to the ECS PDS Committee, then a relevant officer should be asked to attend the Committee to explain why this was the case.

2) An update from the Assistant Director for IT concerning data breaches be provided to Members at the next meeting. 

Post Meeting Note:

( A report discussing the matter regarding Blue Badges was scrutinised at ECS PDS on 7^th September. It was decided that the process adopted since 2020 for enforcing against Blue Badge mis-use should be retained). 

Post Meeting Note:

It was agreed that as a Data Breeches Audit report would be ready in time for the next committee meeting, that this should be expedited and scrutinised first, before a decision was made concerning whether or not the Assistant Director for IT should be asked to attend the Committee).    

Questions specifically concerning the published internal audit reports should be received within two working days of the publication date of the reports.  Please ensure that questions specifically regarding the published internal audit reports are received by the Democratic Services Team by 5pm on Wednesday 28^th June.

The link to the published internal audit reports is:

Internal Audit Reports   

INTERNAL AUDIT REPORTS

1. Housing Schemes (Governance of Partnerships)

2. Quality of Placements (External): Children’s Social Care

3. Adult Social Care Residential Placements

4. Appraisals

5. Complaints (2022/23)

6. Virtual School

7. Referral and Assessment ASC

8. Revenue Budget Monitoring (2022/23)

9. Sickness Management

10. HMO Licensing (2022/23)

A Member had submitted questions regarding one of the internal audit reports that had been published on the web. As these questions were detailed and numerous, they were subsequently re-submitted by the Member directly to the relevant officer who in this case was the Director of Adult Social Care. It was felt that there was a gap in the constitution regarding how these sort of questions should be dealt with and processed.

The Member expressed the view that the questions that he had raised should either be directed to Head of Audit and Assurance or to the relevant Director, rather than the Chairman of the Committee. He said that there was nothing currently in the constitution that allowed questions in that way. The view was expressed that clarity and a process was required to determine how questions pertaining to the internal audit reports published on the web should be dealt with. 

RESOLVED that the Internal Audit Redacted Reports published on the Council website be noted.

FSD23046

This report was presented to the Committee by the Head of Corporate Finance and Accounting. Following the conclusion of the 2019/20 accounts, the report provided the auditors reports and an update on the production of the draft accounts for the subsequent financial years.

It was noted that audit of the 2019/20 accounts had been completed. However the completion certificate could not be issued until the objections regarding the accounts for 2018/19 had been concluded.

The Head of Corporate Finance and Accounting explained that an experienced interim former Chief Accountant had been brought in to review and update the 2020/21 and 2021/22 accounts. In the meantime, staff were still working on the initial draft of the 2022/23 accounts. The report stated that the 2020/21 draft accounts would be published on the Council's website around mid-July, but this was now more likely to be the end of July.

The Head of Corporate Finance and Accounting said that going forward, there would be weekly meetings arranged with the external auditors. The Chairman said that Ernst & Young (E&Y) would be attending the next meeting, so the Committee could monitor progress. A Member asked what assurances could be provided that going forward there would not be further delays in the finalising of the Council’s accounts. The Head of Corporate Finance and Accounting responded and said that he was confident that the draft 2020/21 accounts would be completed by the end of July. However, he was not in a position to form an opinion concerning how long the auditing of future accounts would take. This was because the Council was reliant on Ernst & Young in this regard.

It was suggested that what was required was a mutually agreed action plan between the Council and E&Y, which would agree agenda items and timescales. This was something that had not yet been formalised. It was further suggested that the Council keep a record of delays. Consideration could be given to requesting a rotation of E&Y staff. The Head of Corporate Finance and Accounting said that there would now be a designated staff member who would be responsible for co-ordinating responses to E&Y.

It was recommended by an Independent Member that a report should be provided to the next meeting that would provide a clear line of sight concerning proposed actions and timescales for both parties. The Chairman wondered why the objections to the 2018/19 accounts were taking so long to deal with. He wondered if this was normal. An Independent Member asked if the question could be regarded as a ‘nuisance’ question? It was noted that while this matter was ongoing, the Council would be incurring increased costs and officer time. The Chairman stated that he (and the Vice Chairman) had spoken directly with the objector. The objector had submitted objections totalling 300 pages. 

The draft 2020/21 accounts had not yet been published; once they were, this would give the objector a further opportunity to submit new objections. A Member suggested that it  ...  view the full minutes text for item 8.

FSD23031

This report was written by the Head of Audit and Assurance to provide her annual opinion for 2022/23 on the Council’s overall system for risk management, governance and control.

Internal Audit had requested that three items for audit be deferred to the 23/24 financial year. These were:

·  Social Care System—Implementation Review

·  Staff Well Being

·  Parking Income 

A Member expressed disappointment that the audit of the Social Care Implementation Review had been delayed. Regarding the Staff Well Being Audit, a Member felt that as recruitment and retention had been flagged on the Risk Register, the review should take place without waiting for accreditation. The Head of Audit and Assurance said that an audit of Recruitment and Retention was planned for the current financial year. A Member expressed disappointment concerning the delayed audit of Assistive Technology. It was explained that this was a consultancy matter and the department concerned had stated that at this time they did not require any consultancy advice from Internal Audit. This meant that this audit had been cancelled rather than delayed. With respect to Parking Income, this audit would be limited purely to income and financial matters and would not be looking at any issues concerning the implementation of RingGo.

The timing of the release of the individual audit reports was discussed. A Member said that to have to read numerous and quite often many substantial reports a short time before meetings was difficult for Members. He supported the idea that had been suggested by an Independent Member that reports be ‘drip-fed’ to Members before the publication of the redacted reports on the web. This would give Members more time to prepare. The Chairman asked if this could be looked into.

(Post Meeting Note: The issue regarding the publication of Internal Audit Redacted Reports has been looked into. There is no reason why all the reports have to be disseminated in one large bundle just before agenda publication. They could for example be sent out at intervals in smaller bundles). 

Members discussed issues concerning policies and procedures that had not been updated for some time and expressed some concern regarding this. It was suggested that consideration be given whereby portfolios/departments would report to Members those policies or procedures that had not been updated for some time. A Member asked if completion rates for data protection training were increasing. He felt that if they were not, this was a developmental issue that should be escalated. The Head of Audit and Assurance responded that the Priority 1 recommendation that had previously existed for cyber security training had now been closed off--because  as of the 1st of June, the completion rate was 90%.  This seemed to be an issue with mandatory training in general. It was mentioned that issues concerning the completion of mandatory training may be something that could be raised with the Director of HR. It was agreed that this would be one of the issues that could be raised with the Director of HR when  ...  view the full minutes text for item 9.

FSD23029

Members noted that the Accounts and Audit Regulations 2015, required the Council to conduct at least annually, a review of the effectiveness of its system of internal control and to approve an Annual Governance Statement, (AGS).

A Member queried why (if the Annual Governance Statement was to be signed off by the Chief Executive and the Leader), the scrutiny of the AGS may be better placed with the Executive or with the Executive, Resources & Contracts PDS Committee. It was noted that according to CIPFA guidance, The Head of Audit and Assurance (HAA) should not be compiling the Annual Governance Statement. The HAA commented that there was no obvious officer to compile the report. In mitigation, it was the case that regarding most of the AGS, it was drafted by various officers who wrote different sections of the Statement. Audit Committee scrutiny of the AGS provided objectivity to the process.

The Vice Chairman drew attention to the section of the statement which commented on the evaluation and supporting of staff performance. He noted that previously it had been commented that 25% of staff had not received appraisals in the past 12 months which he felt was appalling. He felt that a representative from HR should be asked to comment on this. The Chairman felt it would be a good idea to ask a representative from HR to attend the committee to explain what sanctions would be levelled against managers that failed to undertake appraisals. A Member commented that a staff member would not be able to get a merit award if there was not an appraisal to back it up. He also felt that HR should be asked to attend to explain why this was the case.

A Member commented that the next time the AGS was reported on, it would be useful to have an ‘at a glance’ update of what had changed since the previous year. 

RESOLVED that: 

1) The Audit and Risk Management Committee notes and agrees the 2022/23 Annual Governance Statement, subject to any changes made after scrutiny by the Audit and Risk Management Committee, and any further minor updates required prior to the publication of the statement of accounts for 2022/23.

2) A representative from HR be asked to attend the next meeting to provide an update concerning the appraisal process.

FSD23042

This report was presented to the Committee to provide an update on counter fraud activity and outcomes for the 2022/23 financial year.

A Member enquired if the Council was experiencing increased levels of attempted cyber fraud activity. The Head of Audit and Assurance responded that the Assistant Director for IT was best placed to answer that question although she was personally not aware of any increased online fraud activity.

A Member commented that in his position as the Chairman of Executive, Resources & Contracts PDS Committee, it had been reported to him by the Assistant Director of IT that there had been an increase in the attempted  number of cyber-attacks. Reference was made to joint working with the DWP and it was felt that this working relationship was improving and that the DWP were becoming more proactive in terms of joint working arrangements. The success of the partnership agreement with the London Borough of Greenwich in relation to fraud detection and prosecution was also noted. An Independent Member commented that it would be good to have more focus on not just fraud detection and prosecution, but also on fraud prevention.

RESOLVED that the Counter Fraud Progress Report be noted.

FSD23030

Members noted that the scoring for Health & Safety risk related to fire had reduced on the Corporate Risk Register and a Member asked if this should be the case given that fire warden and first aid cover would be spread more thinly when the Council occupied two buildings. He said that he would be interested to hear the Director of HR’s reasoning for this. 

Regarding the presentation of the Risk Registers, it was suggested that the format be changed and that focus in terms of presentation be on those risks that were the most critical and what was going to be done (and when) to mitigate those risks. There was currently no time-frame for actions/mitigations on the Risk Registers. It was suggested that it would be helpful to clarify why certain risks were particularly relevant/significant. It was felt that the reporting format should be changed to make the Risk Registers more readable.

The Vice Chairman felt that the Committee did not have enough time to scrutinise the Risk Registers in detail and that this should be primarily the responsibility of the relevant PDS Committee. However, he had observed that in some of the committees that he had sat on, the Risk Register had only been considered as an ‘information item’ on the agenda and no questions had been asked. He felt that it should be the case that in all scrutiny committees, the Risk Register should be given proper attention and should not be reduced to an information item. The Chairman agreed with this and asked if the Committee Clerk could feed this back via the appropriate channels.

A Member suggested that the reporting format be changed to focus on the ‘red’ risks. Another Member said that there needed to be a review of the governance and quality assurance process for the reporting of risks and that information should be provided regarding dates, times and next steps.

RESOLVED that: 

1) The Risk Management report be noted.

2) A recommendation be made that Risk Registers should no longer be placed on agendas as ‘Information Items’, but should be allocated to agendas as standard full agenda items.

3) Reporting should be undertaken regarding ‘Red Risks’. 

Post Meeting Note:

The Committee Clerk has informed Democratic Services Officers of the recommendations of the Committee concerning Risk Registers and they will feed these recommendations back to the Chairmen of PDS Committees). 

RESOLVED that the press and public be excluded during consideration of the items of business listed below as it was likely in view of the nature of the business to be transacted or the nature of the proceedings, that if members of the press and public were present, there would be disclosure to them of exempt information.

The exempt minutes of the meeting that was held on 8^th March were agreed and signed as a correct record.  

Members noted the Part 2 (Confidential) Appendix F to the Annual Internal Audit Report. As this was a confidential report, the minutes are recorded in the Part 2 (Confidential) minutes.