Agenda and minutes

To receive any declaration of interest by any member or officer in respect of any item of business.

No declaration of interest was received.

To present the minutes of the previous meeting of the Audit and Governance Committee held on 6^th December, 2016.

The minutes of the previous meeting of the Audit and Governance Committee held on 6th December, 2016 were presented and confirmed as correct.

Arising thereon –

The Internal Audit Manager informed the Committee that Mr Ivan Butler, Denbighshire County Council’s Head of Internal Audit has commenced work on conducting the peer assessment of Anglesey’s Internal Audit Service in accordance with the Public Sector Internal Audit Standards. The standards require that an external assessment of the Internal Audit Service must take place at least once every 5 years by a qualified, independent assessor or assessment team from outside the organisation. It is planned to report on the outcome of the assessment to the Committee’s next meeting at the end of March.

To present the report of the Chief Public Protection Officer on the follow up to the Food Standards Agency audit of the Food and Feed Law Enforcement Service on the Isle of Anglesey.

The report of the Chief Public Protection Officer regarding the Food Standards Agency’s revisit to Anglesey on the 15th and 16th September, 2016, to follow up on the progress made subsequent to the Agency’s original audit of the Authority’s Food and Feed Service in July, 2014 was presented for the Committee’s consideration.

The Chief Public Protection Officer said that he had reported previously to the Audit and Governance Committee in September 2015 on the Action Plan and progress that followed the Food Standards Agency’s original audit that took place in July, 2014. A number of findings were reported upon following the audit which gave rise to 40 recommendations by the Food Standards Agency’s Audit team. The main findings of the original audit are summarised in section 2.1 of the report .The recommendations were responded to by way of an Action Plan detailing how each recommendation would be addressed. The FSA Audit team revisited the Authority in September, 2016 in order to formally assess progress against the full report; this involved an on-site visit and subsequent report which took the form of an updated Action Plan. The follow up report shows that good progress has been made on the majority of the actions agreed with 22 being completed and 10 deemed to have made good progress. Only 4 have been designated as being of limited progress and there were none showing as no action; 4 items were untested as no activity in that area of work had taken place. The 4 items which require the most attention are listed in paragraph 3.3 of the report and include the further development of the Service Delivery Plan. The Service anticipates being able to meet all the actions by April, 2017. The lack of staffing resources to meet the target numbers of Food Hygiene and Food Standards inspections remains a concern against the decreasing Public Protection service budget. The staffing shortfall and the implications with regard to addressing a backlog of inspections are referred to in paragraphs 2.3 to 2.6 of the report. The enforcement of Feed Controls is now being delivered collaboratively across North Wales and meets the recommendations identified by the FSA report. The FSA does not plan to return to the Authority to specifically check on the remaining actions, they will be picked up in the course of any visits they may make to the Authority in future.

The Committee considered the report and made the following points –

•           The Committee acknowledged the progress that had been had been made in addressing the majority of the Food Standards Agency’s recommendations and congratulated the Service thereon.

•           The Committee noted the length of time between the original FSA audit and the Agency’s re-visit to check on implementation and verify progress. The Committee suggested that where issues have been identified, the regulatory follow up needs to happen more promptly to ensure there has been appropriate action and compliance.

•           The Committee noted that the adequacy of staff resources remains an issue which  ...  view the full minutes text for item 3.

To present the report of the Internal Audit Manager.

The report of the Internal Audit Manager on the Internal Audit Service’s performance to date relative to the 2016/17 Audit Plan was presented for the Committee’s consideration.

The Internal Audit Manager reported as follows –

•           The report analyses the performance of the Internal Audit Service for the period from 1 April, 2016 to 31 December, 2016 and is supported by Appendices A to G which detail progress against performance targets for 2016/17 and the work undertaken by the Service during this period.

•           The amount of work allocated to work in progress during 2016/17 to the end of December, 2016 accounts for 111.55 days and will be met from closure of previous year’s work contingency.

•           The schedule of performance targets for the period ending 31 December, 2016 at Appendix A shows that 56.06% of planned audits have been completed up to 31 December, 2016 against an annual target of 80%.

•           There were 2 additional unplanned audits performed during the period from 1 April to 31 December, 2016 amounting to 10.36 days work as documented at Appendix B.

•           A summary of all audit assignments completed during the year to date including work in progress from 2015/16 is provided at Appendix D. Two of the planned audits completed since 1 September 2016 are assessed as not providing positive levels of assurance. The Child Care Court Orders under the Public Law and the Extra Care Housing Commissioning Arrangement were both assessed as providing Limited Assurance. Details of the audits are summarised in Appendix D to the report.

•           The percentage rate for the implementation of internal audit recommendations as at 31 December, 2016 was 82%.A graph showing the breakdown of recommendation implementation by service is provided in Table 2. Those recommendations outstanding as at 31 December, 2016 are listed in Appendix E.

•           A schedule of the 10 follow up audits conducted during the period from 1 April to 31 December, 2016 is provided at Appendix F. This shows the number of recommendations accepted and subsequently implemented by management in each area along with a revised audit opinion regarding the adequacy of the internal control environment.

•           A summary of special investigations undertaken by Internal Audit during the period is given in Appendix G; these amount to 141.08 days.

•           Sickness absence accounted for 5 days absence up to the period ending 31 December, 2016 against an annual target of 45 days.

•           An analysis of the Service’s performance in the period in question demonstrates that performance levels are on target. However, the ability of the service to achieve the Operational Plan will be dependent on the level of demand for audit resources in respect of referrals, unplanned work prior to the year end and sickness absence levels.

The Committee considered the information presented and made the following points –

•           The Committee noted with regard to the Council’s management and assurance processes and controls for Corporate Safeguarding (Appendix D) that this area which has been assessed as providing  ...  view the full minutes text for item 4.

To present the report of the Internal Audit Manager.

The report of the Internal Audit Manager providing a further update on the Business Continuity and ICT Disaster Recovery audits with regard to progress on addressing the issues identified and completing the actions recommended as part of the audits was presented for the Committee’s consideration. Details of the Business Continuity and ICT Disaster Recovery second follow up audits were summarised in Appendices A and B to the report respectively.

The Internal Audit Manager reported as follows –

•           Business Continuity Arrangements Second Follow-up – as detailed in paragraph 2 of  Appendix A, the second follow up review identified that the two high rated recommendations outstanding at the time of the last review have been implemented in full. The remaining high rated recommendation relating to the need for building recovery management arrangements to be included in the Corporate Business Continuity Plan is assessed as partly implemented. As not yet fully implemented, the recommendation has been reiterated. The medium rated recommendation relating to training requirements to support the implementation of the Business Continuity Plan is assessed as fully implemented. In relation to the remaining medium rated recommendation that Services should ensure that business continuity and emergency planning arrangements are up to date and operational and that they are included within Service Delivery Plans, not all services have included Business Continuity within service plans and as such this part of the recommendation is therefore reiterated. Based on the findings of the second follow up review, it is assessed that the Council has demonstrated good progress in implementing the actions agreed to address the audit recommendations and that the level of assurance now provided in this area is Substantial. 

•           ICT Disaster Recovery Follow-up - as detailed in paragraph 2 of Appendix B, the second follow up review identified that one high rated recommendation relating to the need to produce, adopt and implement a comprehensive ICT Disaster Recovery Plan has been assessed as implemented for the purpose of the review. A second high rated recommendation has been assessed as having been implemented in the main part while with regard to the third high rated recommendation, there remains a need to incorporate testing of the system and data backups by services in the ICT Disaster Recovery Plan.  In relation to the remaining high rated recommendation in respect of formally documenting the responsibility for maintenance and monitoring of the environmental control and fire suppression systems within the data centres, a new recommendation has been made to the effect that responsibility for  managing and maintenance of the UPS and air conditioning system within ICT Data Centre is transferred to Property Services to be incorporated into the Buildings Management Plan. Based on the findings of the second follow up review, it is assessed that the Council has demonstrated reasonable progress in implementing the actions agreed to address the audit recommendations and that the level of assurance now provided in this area is Reasonable. 

The Committee noted that the two areas referred to have been the subject of the  ...  view the full minutes text for item 5.

To present the Committee’s Forward Work Programme (as presented to the previous meeting).

The Committee’s Forward Work Programme as presented to the 6th December, 2016 meeting was re-presented for review and update.

The Committee noted the following as additional items for inclusion in the Work Programme either as matters arising from the Committee’s business at this meeting, or otherwise as matters requiring consideration  –

•           The External Audit Plan 2017 to be presented to the Committee in March, 2017

•           The follow up audit report with regard to Corporate Safeguarding to be presented to the Committee in June, 2017

•           The final update on ICT Disaster Recovery to be presented to the Committee also in June, 2017.

It was resolved to accept the Forward Work Programme with the inclusion of the additional items as noted above.

NO FURTHER ACTION ENSUING