Agenda and draft minutes

Apologies were received from Cllr Julie Ireland.

Councillor Fawthrop declared an interest in that his wife worked for the Council’s Human Resources Department. 

The minutes of the meeting held on 4^th July 2023 were agreed and signed as a correct record. 

In accordance with the Council’s Constitution, questions that are not specific to reports on the agenda must have been received in writing, 10 working days before the date of the meeting. The deadline for receipt of these questions by Democratic Services was 5pm on 24^th October.  

Questions specifically concerning reports on the agenda should be received within two working days of the publication date of the agenda.  Please ensure that questions specifically regarding reports on the agenda are received by the Democratic Services Team by 5pm on 1^st November. Questions can be emailed direct to the Committee Clerk at stephen.wood@bromley.gov.uk

No questions were received.

The link to the published Internal Audit reports is:

Internal Audit Reports  

No questions had been received regarding the Internal Audit Redacted Reports published on the Council website.

CSD23134

The matters arising were addressed by verbal updates later in the meeting.

RESOLVED that the Matters Arising Report be noted. 

The Director of Human Resources attended the meeting virtually to update the Committee regarding issues that had been experienced with the completion of mandatory training and appraisals. The Chairman asked if sanctions had been used with respect to those staff who had failed, or refused to complete mandatory training courses. The Director responded that the final take up of the cyber security course had been in the region of 90% and so sanctions had not been required. He said that he preferred to encourage staff to take up the training courses and that enforcement should be a last resort. A discussion took place around mandatory and non-mandatory courses and the Director expressed the view that just because a course had been designated as non-mandatory, it did not mean that it was any less important than a mandatory course.

A Member asked for a list of non-mandatory courses to be provided to the Committee. The Chairman felt that this was not appropriate and that if such a request was made, it should be directed to the GP&L Committee. The Member responded that he would write to the Director post meeting. 

A Member commented that although the final take up of the cyber security training had been good at 90%, it had taken a long time to get to that position and he asked how this would be remediated going forward, and how many staff had some sort of action taken against them. The Director responded that the numbers had been achieved through a process of encouragement which had meant that no one had been required to be sanctioned.  The Head of Audit and Assurance stated that she was satisfied that in view of a 90% completion rate, the risk had been mitigated, but it would be a matter that would be kept under review. The Assistant Director for IT pointed out that in terms of reporting, the numbers of staff completing compulsory training courses was being reported to COE  (Officers’ Executive Group) and to the Corporate Leadership Team. 

The Vice Chairman raised the matter of appraisals, and expressed concern that 25% of staff were not getting an annual appraisal which he regarded as key in monitoring staff progress. The Director explained that whilst appraisals were important, this was just one way in which staff progress could be monitored. He felt that it was more important to have regular staff feedback. He said that staff needed more regular feedback than 6 monthly appraisals. He stated that it was possible for staff to be recommended for reward based on evidence other than formal appraisals. A  Member expressed the view that Appraisals were a key factor in performance management. She said that Appraisals were important as they were documented and asked what training was given to managers with respect to undertaking appraisals. She expressed the view that the conducting of annual appraisals should be a matter that managers should be held accountable for and that relevant training should be provided. The Director said  ...  view the full minutes text for item 22.

The Assistant Director for IT attended the meeting to update the Committee with respect to data protection breaches. He drew the Committee's attention to the fact that the Internal Audit Redacted Report concerning data breaches had not identified any priority one recommendations. The Assistant Director for IT  was asked if he was satisfied that all data breaches were being reported to him in a timely manner. In response the Assistant Director stated that he was confident of being informed of internal data breaches in a timely manner.

The Assistant Director stated that data breach statistics were being reported to CLT (Corporate Leadership Team) and COE (Chief Officers’ Group).  It was intended that the Data Loss Prevention Tool in the Council's Microsoft Office suite would be activated, and new stealth policies were being written into the Council's firewalls. It was noted that data breach reporting was written into LBB contracts, and the time frames for reporting data breaches were specified by the Information Commissioner’s Office (ICO). In the last 12 months there had been 45 data breaches of which three had been reported to the ICO. A log of data breaches could be made available if required.

A Member asked if Councillors would be provided with  security breach training. The Assistant Director for IT responded that this was a matter that was being looked into by the Director of Corporate Services and Governance. It was suggested that this was a matter that could be referred to the Standards Committee as it dealt with Member training, and that the Director of Corporate Services and Governance should be informed of the referral.

RESOLVED that the update from the Assistant Director for IT be noted and that the request for the provision of security breach training for Members be referred to the Standards Committee. 

FSD23067

The report was presented to the Committee to provide details of the 2020/21 External Audit Plan for the LBB Pension Fund.

The report was introduced by the LBB Head of Corporate Finance and Accounting and Adrian Balmer attended virtually on behalf of Ernst and Young. Mr Balmer stated that the report was straightforward and one of the main things for the Committee to do was to understand and agree the materiality levels. The Chairman commented that he believed that the LBB Pension Fund was in the region of 110% funded, and therefore found it a bit of a contradiction that there was a risk that the Fund may not meet its obligations. The Head of Corporate Finance and Accounting commented that the External Auditors had to take a longer term view as normal practice, and there were other risks that needed to be considered for example potential volatility as a result of the relatively high weighting of equities. At the moment the risk situation appeared stable.

A Member commented that it was rather late in the day to be looking at an audit plan that was for 2020/21. She wondered if the External Auditors would ever catch up. Mr Balmer responded that everything was being done to catch up as soon as possible and weekly meetings were taking place between Ernst and Young, the LBB Finance Team and external valuers. The Chairman asked if there was anything that LBB could do to streamline the process and also reduce  fees. Mr Balmer answered that E&Y were encouraged by the actions being taken by the LBB Director of Finance and that there was now currently active engagement taking place between the External Auditors and the LBB Finance Team. He said that there were no significant areas of concern that needed flagging currently.

A Member noted that less liquid assets comprised a total of approximately 1/3 of total assets and he asked if this was a normal ratio. The response to this was affirmative.

RESOLVED that:

1) The Audit and Risk Management Committee note the 2020/21 Pension Fund Audit Plan from Ernst and Young.

2) The Audit and Risk Management Committee confirmed its understanding of, and its agreement to the materiality and reporting levels as outlined in the report.

The update from the External Auditor regarding the progress of the 2020/2021 audit of the main accounts, was also provided by Mr Adrian Balmer. It was noted that the 2020/2021 draft accounts had been published in August 2023. Satisfactory progress was being made, enough resources were being allocated, and weekly meetings were taking place. There would be a further update on progress at the March Committee.

The Vice Chairman enquired that if similar objections were raised to those that had been raised previously, would the External Auditor need to start all over again, or could they refer back to work that they had already undertaken regarding that specific objection. Mr Balmer clarified that if work had been previously undertaken on an objection that was re-raised, E&Y could indeed refer back to work that they had previously undertaken.  A Member asked if the External Auditor was now content with the responsiveness of the Council's Finance Team.  Mr Balmer responded that in the past the LBB Finance Team was (in the view of Ernst & Young) lean, but now they had seen additional resources coming into the Finance Team along with regular meetings. A significant help had been the appointment of a dedicated Pension Fund Accountant; this had freed up the rest of the LBB Finance Team to focus on the main Council accounts.

RESOLVED that the update regarding the 2020/21 main Council accounts be noted. 

FSD23063

The Internal Audit Fraud Progress Report was presented by the LBB Head of Audit and Assurance. The report provided an update on internal audit activity and outcomes in the 2023/24 financial year. The report also provided an update on counter fraud activity for the first half of 2023/24.

It was noted that 12 audits had been fully completed. All outstanding priority one recommendations had been followed up. Follow up work had also been undertaken on priority two and priority three recommendations. The Head of Audit and Assurance said that not as much progress had been made with the Internal Audit Plan as she would have liked, due to staffing issues. She had a member of staff on long term sick leave, other staff doing reduced hours, a member of staff on secondment and it was also noted that another member of staff had tended his resignation. Some work had been required to be contracted out. A Member asked what was being done to replace members of staff who were either leaving or on secondment.  The Head of Audit and Assurance responded that she did have a plan in place, but did not necessarily wish to replace like for like. She wanted to look at her structure first and decide what sort of structure she would like to use going forward and then get approval for that new structure. In the meantime, there would be some reliance on contractual resource. It was noted that recruitment for internal auditors was difficult across London and the southeast. A discussion took place with respect to co-sourcing.

The Head of Audit and Assurance drew the Committee's attention to the section of the report which noted the work undertaken by the Royal Borough of Greenwich Fraud Team. They were responsible for the investigation of all allegations of fraud, and maintained the Fraud Register. It was pointed out that in October 2023, the Greenwich Fraud Team had won the Institute of Revenues Rating and Valuations award in the category of ‘protecting the public purse’ for their work across the Royal Borough of Greenwich and also their work across the London Borough of Bromley. The report noted that the criteria for the award was evidence of high performance that had secured a measurable impact on fraud prevention or detection.

The Chairman highlighted section 3.44 of the report where it was noted that the Institute of Internal Auditors would be launching a revised set of professional standards before the end of the financial year. The Head of Audit and Assurance commented that as a member of the Chartered Institute of Internal Auditors, she would have a professional obligation to follow the new Standards and she anticipated that the changes would be significant. She also advised that the Council had an obligation under the Accounts and Audit Regulations to undertake Internal Audit following public sector internal auditing standards and guidance.

The Vice Chairman expressed concern at the results of the Domiciliary Care Audit. He was concerned to note that  ...  view the full minutes text for item 26.

FSD23065

The Internal Audit Plan covered the period of November 2023 to March 2024 and was presented by the Head of Audit and Assurance. The paper presented the Audit Plan for approval. The Audit Plan explained the risk based planning process and the underlying assumptions behind the resource assessment used to produce it.

A Member suggested that if there was a problem with resourcing, then it may be prudent to delay the audit of the Drug and Alcohol Partnership, as this was a new contract. He was, however, keen that the Temporary Accommodation Audit take place promptly, as this was an area that was costing the Council a lot of money. The Member suggested looking at the performance management of the Tree Planting Contract as he believed that there were issues with that contract. He also pointed out what he termed as a ‘disconnect’ between the Licensing and Planning Departments in that there were car washes in the borough that had been licensed, but were operating without planning permission. It was noted that with respect to temporary accommodation, pro-active counter fraud work was being undertaken. With respect to the Drug and Alcohol Partnership, the Head of Audit and Assurance stated that the initial audit would not be focusing on the contract, but rather on matters of governance. 

RESOLVED that;

The Internal Audit Plan, November 2023 to March 2024 be approved.

FSD23064

Members were pleased to note the revised format of the Risk Register Report. It was now easier to understand the details pertaining to ‘red’ risks as a detailed commentary had been provided in ‘Appendix C’ to the report in response to a request from Members. It was noted that the matter of Temporary Accommodation was a high risk that was being monitored. A Member enquired about the Council’s ‘appetite’ for Risk. The Head of Audit and Assurance responded that a re-review of the Council’s Risk Strategy was required. She was hoping to do this soon, but the officer who would normally deal with this matter was on long term sick leave. 

RESOLVED that the Risk Management update be noted.

RESOLVED that the press and public be excluded during consideration of the items of business listed below as it was likely in view of the nature of the business to be transacted or the nature of the proceedings, that if members of the press and public were present, there would be disclosure to them of exempt information.

The exempt minutes of the meeting that was held on 4^th July 2023 were agreed and signed as a correct record.