Agenda and minutes

The Chair welcomed all those present to the meeting and extended a particular welcome to her first meeting to Clare Edge of Deloitte as the Council’s new financial auditors.

To receive any declaration of interest by any Member or Officer in respect of any item of business.

No declaration of interest was received.

To submit the minutes of the previous meetings of the Audit and Governance Committee held on the following dates –

·        8 December, 2015

·        18 February, 2016 (extraordinary)

The minutes of the previous meeting of the Audit and Governance Committee held on 8 December, 2015 and the extraordinary meeting held on 18 February, 2016 were submitted and confirmed as correct.

Arising on the minutes of the meeting held on 8 December, 2015 –

With regard to the Food Standards Agency Audit, the Head of Resources and Section 151 Officer confirmed that the Action Plan to address issues arising from the audit is being monitored and that the Audit and Governance Committee will be provided with an update on progress in due course.

To present the report of the Health and Social Care Impact Officer.

The Committee considered the report and sought clarification of the following issues relating to its proposed role with regard to partnerships –

•           The Committee noted that in order to be able to fulfil the expectations in providing assurance that key partnerships are  managing risks, it needs to be provided with high level information and analysis regarding the performance of the principal corporate partnerships so that it can identify the risks they are facing and be satisfied that they are being managed appropriately.

The Committee was informed that consideration will be given to the information that needs to be provided to the Committee to equip and enable it to formulate an opinion and provide assurance that the risks in relation to partnerships are being managed, and information about the performance of the partnerships at a high level is an essential part of that process.

•           The Committee noted that as well as monitoring the risk related issues affecting partnerships, it needs to be assured that working in partnership is providing added value to the Council and that partnerships are also delivering value for money to the Island’s residents and ratepayers.

The Committee was informed that Added Value and Value for Money are two of a number of criteria considered by the Council when deciding whether or not to work in partnership and in evaluating partnership effectiveness as set out in the Partnerships Policy document. Scrutiny has a clear role in assessing the added value which partnerships bring to the Council and the roles of the Audit and Scrutiny committees need to be clearly defined and a balance struck between their respective responsibilities. Discussions are taking place as to how the outcome of scrutiny work can be fed through to the Audit Committee to ensure it has all the information it requires to come to a view on assurance.

•           The Committee sought an explanation of the separation of partnerships into private, public and voluntary and it was suggested that arrangements entered into with the private or independent sector are typically contractual or based on a service level agreement which may or may not involve the concept of a partnership. The Committee highlighted the potential for ambiguity in this respect and it noted, and it was accepted,  that the distinction needs to be made in the policy.(Mr Richard Barker declared a personal  interest as  a trustee of an independent sector organisation)

•           That with regard to partnerships adhering to Council policies, the Committee noted that the policy document is not clear as to how adherence will be monitored and it suggested that there needs to be a mechanism for ensuring that partnerships have regard to the Council’s principal policies as non-compliance by partner organisations could hold a reputational risk for the Council.

The Committee was informed that details of the monitoring of partnerships including having due regard to the Council’s principal policies would form part of another partnerships work stream and details would be available over the coming months.

It  ...  view the full minutes text for item 3.

To present the report of the Head of Council Business.

The report of the Head of Council Business/Monitoring Officers outlining progress with regard to responding to the Enforcement Notice issued by the Information Commissioner’s Office (ICO) in October, 2015 and the issues highlighted therein.

The Head of Council Business reported that the nine recommendations set out in the ICO’s Enforcement Notice are set out in Appendix 1 to the report. These are now the subject of a third Action Plan (the previous two having been formulated in response to the ICO’s audit of the Council’s arrangements for data protection in 2012 and the subsequent re-audit in 2014) devised by the Corporate Information Governance Board (CIGB) and are being implemented by a sub-group of the CIGB. Of the nine actions specified, actions 1, 2, 3, 5, 6 and 9 have been completed. The Officer updated the Committee on the status of those actions that remain partially completed as follows –

•           Action No 4 (Policies including the Records Management Policy are being read, understood and completed with by all). In order to secure this level of assessment, the Council has tendered, procured and signed up to a new policy system with RSM which is currently undergoing a design phase. The timetable for the system’s implementation is being devised and is expected to be agreed by the end of March, 2016.

•           Action No 7 (Physical access rights are revoked promptly when staff leave and periodically reviewed to ensure appropriate controls remain in place). The Council’s Transformation Team is engaged in various pieces of business processes re-engineering as part of its remit and is currently undertaking a piece of work for the CIGB that will produce an outcome on this matter. Negotiations are being held with Northgate, the HR ICT system with a view to implementing a new process by September that will provide the necessary level of assurance.

•           Action No 8 (The lack of adequate storage solutions for manual records is addressed). The Council has almost fully addressed this issue with the Finance and Housing Services being the only two services now holding a significant volume of manual records outside the Council’s Headquarters but not yet in archive storage. Both services are reporting back to the CIGB in April on their individual plans for fully addressing the issue.

The Committee noted the update and was satisfied that progress in addressing the issues arising has, and is being made. The Committee sought clarification of the ICO’s response to the Action Plan formulated and the progress as evidenced. The Head of Council Business said that although the Council has provided the ICO with a copy of the Action Plan showing the status of each action and the current position, it has not responded formally to that document but has indicated that the Council’s level of compliance will be assessed in the light of any future data security incidents.

It was resolved to note the update and the progress made.

NO FURTHER ACTION ENSUING

To present an oral update with regard to ICT Disaster Recovery and Business Continuity.

•           Business Continuity

The Internal Audit Manager reported that an audit of Business Continuity was undertaken earlier in the financial year and a report issued in August which resulted in an overall Limited Assurance opinion with five High Category and two Medium category recommendations being issued. She referred to the audit’s main findings and the weaknesses identified. The Officer confirmed that a follow up audit had confirmed that the two High Level recommendations have been implemented and the remaining five are in the process of being actioned. The findings of the follow-up work and a re-assessment of the controls now support a Reasonable Assurance Opinion.

The Head of Democratic Services elaborated on the specific actions that have been taken to rectify the weaknesses highlighted by the audit review as well as those actions in progress.

The Committee welcomed the progress made and the momentum now generated and it sought confirmation of a timeline for completing and bringing to fruition all the work streams reported upon. Given that this is recognised as a high priority area, the Committee also requested a further update report later in the year to show the extent of progress on the programme of actions.

The Head of Democratic Services said that it is intended to report back to the Senior Leadership Team in June; Business Continuity Plans are not static and are reviewed at service level in order to ensure they remain relevant and up to date in the context of the environment in which they operate.

It was resolved to note the position and the information presented.

ACTION ENSUING: The Committee to be provided with a further update report on Business Continuity later in the year to provide assurance of progress on the issues identified and completion of actions being taken.

•           ICT Disaster Recovery

The Internal Audit Manager reported that an audit review of ICT Disaster Recovery resulted in a Minimal Assurance opinion along with 13 recommendations of which 8 were High category recommendations and 3 Medium Category recommendations. The Officer referred to the audit’s main findings and the weaknesses identified.  The follow up work assessed that 5 of the High Category recommendations had been implemented; 3 partially implemented and 5 not implemented .The findings of the follow-up work and a re-assessment of the controls now support a Reasonable Assurance Opinion.

The ICT Business Continuity and Support Manager confirmed that most of the outstanding actions were addressed with the procurement of a back-up system. This will be set up within the Council’s Headquarters pending the identification and availability of a suitable off-site location at which point the back-up hardware will be re-located off-site thereby allowing the Council to run key services from an off-site location in the event that the Headquarters cannot be occupied. The Officer confirmed that as an identified corporate priority, this will be treated as such and resources prioritised to its implementation.

It was resolved to note the position and the information presented.

NO FURTHER ACTION ENSUING

·        To present the External Audit Performance Work Programme Update

·        To present Anglesey’s Financial Resilience Assessment Report

·        To present the Grants Certification and Returns report (Copy to follow)

A report on the status of projects under the External Audit Performance Work Programme encompassing Local Government Studies, National Value for Money Studies and regulatory work activity was presented and was noted by the Committee. Mr Andy Bruce, WAO updated the Committee on movement on individual pieces of work since last reported and confirmed that he would continue to endeavour to draw out areas of relevance and/or interest to local government within the national studies.

With reference to the follow up on national recommendations as part of the evaluation pf progress on recommendations at each council, the Committee noted in this context that it would be helpful for assurance purposes if it was in possession of a schedule of all internal audit recommendations and/or matters raised by the Committee so they can be monitored periodically to ensure they do not fall by the wayside. The Head of Resources and Section 151 Officer confirmed that there is a system for logging Internal Audit recommendations which provides management with reminders of the need to implement them, and consideration is also being given to extending that system to include other non-internal audit recommendations. The Officer said that he would provide the Committee with a formal report at its next meeting.

ACTION ENSUING: Head of Resources and Section 151 Officer to report to the next meeting on the system for logging Internal Audit recommendations and its proposed  development to include other recommendations.

•           The report of the Head of Resources and Section 151 Officer incorporating the Wales Audit Office Financial Resilience Assessment of the Isle of Anglesey County Council encompassing the three elements of financial planning, financial control and financial governance was presented for the Committee’s consideration. The report was accepted and was noted by the Committee.

Mr Andy Bruce said that the report found that whilst the Council faces some significant financial challenges, its current arrangements for achieving financial resilience are appropriate and continuing to improve. Additionally the risk to the Council’s delivery of its financial plan for each of the three elements assessed (as noted above) is rated as low.

NO FURTHER ACTION ENSUING

•           It was resolved that consideration of grant certification and returns be deferred to the next meeting.

To present the report of the Head of Resources and Section 151.

The report of the Head of Resources and Section 151 Officer setting out the grants which require Internal Audit certification and External Audit review along with the details of the work which Internal Audit is required to undertake for the grant to be certified was presented for the Committee’s information and was accepted and was noted by the Committee.

NO FURTHER ACTION ENSUING

To present the Internal Audit Progress report.

The report of the Head of Internal Audit on the work of the Internal Audit service during the period from 1 April, 2015 to 31 December, 2015 was presented for the Committee’s consideration. The report provided information about the nature of the work undertaken during the period and the results thereof including  the audit opinion and recommendations pertaining to each area reviewed; audits resulting in Limited Assurance opinion; audit follow- ups and recommendation tracking along with a schedule of outstanding High and Medium recommendations.

The Audit Manager reported that an analysis of the Internal Audit Service’s performance for the period from 1 April to 31 December, 2015 demonstrates that performance levels are more or less on target. However, the ability of the service to achieve the 2015/16 Operational Plan will be dependent on the level of demand for audit resources in respect of referrals, unplanned work prior to the year end and sickness absence levels. The Officer updated the Committee with regard to the staffing position and said that up to December, 2015, 101 days had been lost to sickness absence and, because of a vacancy within the team there were 135 unfilled audit days making a total of 236 days or 20% of the resources available for the 2015/16 audit plan. However, the Officer confirmed that she remained confident that the service would be able to deliver 60% of the Audit Plan by the end of the month.

The Head of Resources and Section 151 Officer said that the delivery of the audit service is dependent on the availability of staff and that the Audit Manager is endeavouring to manage the team to improve the situation. A trainee accountant has been assigned to the service on a temporary basis to provide an additional resource. The Finance Service has received confirmation by the Audit Manager that the Internal Audit Service is able to provide the necessary level of coverage to provide assurance with regard to the audit of the Authority’s key financial systems; what is being lost at present is the added value the Internal Audit service is able to bring to other areas of the Council with the service being restricted instead to concentrating on the core deliverables. Looking forward over the next 3 years the Internal Audit Service in line with many other services, will  be reviewed to  determine how the service is to be delivered in future.

The Head of Internal Audit said that a number of factors had made it a challenging year for the service. There are increasing pressures on the service which management need to recognise as regards their impact on staff. The primary task at present is to ensure that Internal Audit can provide the necessary assurance based on the work undertaken; the Officer said he was confident that that would be the case.

The Committee considered the report and highlighted the following issues –

•           The Committee noted the Internal Audit staff position in the context of the delivery of the audit  ...  view the full minutes text for item 8.

To present the report of the Internal Audit Manager.

The report of the Head of Internal Audit incorporating the Internal Audit Strategy 2016/17 to 2018/19 and Annual Plan for 2016/17 was presented for the Committee’s consideration and endorsement.

The Audit Manager reported on the Internal Audit Strategy and Annual Plan as set out under Appendix A to the report and referred to supporting Appendices B to E detailing the Annual Plan for 216/17, a Strategic Plan for the period 2016 to 2019, an analysis of Internal Audit resources and the performance targets in respect of 2016/17.

The Head of Resources and Section 151 Officer confirmed that he was satisfied that the Plan meets with the Finance Service’s needs with regard to providing assurance about the key financial systems  and in targeting high risk areas.

The Committee sought clarification whether the performance target of 85% for the implementation of High and Medium category recommendations at follow up audit for 2016/17 is achievable given that actual performance has been well below that level in the past two years. The Audit Manager said that as of 22 February this year the implementation rate had risen to 76% and that she was confident that the target will be met.

It was resolved –

•           To approve the Internal Audit Strategy and Annual Plan for 2016/17.

•           To approve the Internal Audit Service’s performance targets for 2016/17.

NO FUTHER ACTION ENSUING

To present the report of the Head of Resources and Section 151 Officer.

The report of the Head of Resources and Section 151 Officer incorporating the treasury management mid-year review report for 2015/16 was presented and was accepted and was noted by the Committee.

NO FURTHER ACTION ENSUING

To present the Committee’s Annual Report for 2015/16 prior to its submission to the County Council in May, 2016.

The Annual Report of the Audit and Governance Committee for the 2015/16 municipal year was presented for the Committee’s endorsement prior to its submission to the Full Council in May, 2016.

The Committee noted the report and suggested that it presented a not to be missed opportunity to highlight performance across Council services with regard to implementing or not implementing Internal Audit recommendations. It was proposed and accepted that a provision to that effect be made within the report.

It was resolved to accept the Annual Report for 2015/16 for submission to the Full Council in May, 2016, subject to the inclusion of a provision to highlight performance across Council services with regard to implementing or not implementing Internal Audit recommendations.