Agenda and minutes

A number of council meetings are live-streamed.

All meetings are also uploaded after the event onto the our webcasting site.

Venue: Committee Room 1, Council Offices, Llangefni. View directions

Contact: Ann Holmes 

Items
No. Item

1.

Declaration of Interest

To receive any declaration of interest by any Member of Officer in respect of any item of business.

Minutes:

No declaration of interest was received.

2.

Minutes of the Previous Meeting pdf icon PDF 283 KB

To present the minutes of the previous meeting of the Audit and Governance Committee held on 24 July, 2018.

Minutes:

The minutes of the previous meeting of the Audit and Governance Committee held on 24th July, 2018, were presented and were confirmed as correct.

 

The Chair thanked Mr Dilwyn Evans for chairing the Committee’s meeting above in his and the Vice-Chair’s absence.

 

3.

Information Governance - Annual Report of the Senior Information Risk Owner (SIRO) pdf icon PDF 907 KB

To present the report of the Head of Function (Council Business)/Monitoring Officer.

Minutes:

The report of the Senior Information Risk Owner (SIRO) which provided an analysis of the key information governance (IG) issues for the period from 1 April, 2017 to 31 March, 2018 was presented for the Committee’s consideration. The report also provided an update on the Council’s progress with its GDPR Implementation Plan covering the period from 25 May, 2018 to 31 July, 2018.

 

The Corporate Information Governance Manager reported that the report provides an overview of the Council’s compliance with legal requirements in handling corporate information including compliance with the Data Protection Act, 1998; the Freedom of Information Act, 2000 and the Regulation of Investigatory Powers Act, 2000 (Surveillance) and the relevant codes of practice. The report also includes assurance of on-going improvement in managing risks to information during 2017-18 and identified future plans. It sets out the Council’s contact with external regulators and provides information about security incidents, breaches of confidentiality or “near misses” during the relevant period. He highlighted the main points as follows –

 

           That non-compliance with data protection legislation is likely to be the primary information risk for the Council. Consequently, much progress has been made to develop awareness about personal data risks in order to introduce mechanisms to manage the risk in accordance with best practice and in anticipation of data protection reform. Additionally, the Council has identified risks around personal data in its corporate and service risk registers

           The Council recognises that there are number of risks to the security of information as listed in the report and that harm and distress to individual(s), financial penalties, enforcement actions, adverse publicity and loss of confidence in the Council are also risks associated with its personal data assets. Therefore, as well as technical and physical measures to protect the Council’s information, a range of technical and organisational safeguards are in place against information risks; these range from suitable IG policies and procedures and encrypted ICT equipment to data protection training , IG KPIs and procedures for recording data security incidents and learning therefrom.

           That with regard to the General Data Protection Regulation (GDPR), Section 5.1 of the report outlines progress to 31 March, 2018 i.e. the period covered by the SIRO’s report which saw the development of the Council’s plans to implement the GDPR and also the subsequent work undertaken since 31 March, 2018 up to 31 July 2018 to implement GDPR including the 5 stage implementation plan. The Officer confirmed that all the requirements under each of the 5 stages have been met. In relation to training under Stage 5 of the process, the report shows the take-up to 31 July, 2018 of the e-learning module introduced in May, 2018 by each the Council’s services.  As at 31 July, a total of 747 staff or 43%, had completed the module. Evidence of training in combination with evidence of policy acceptance provides measurable assurance for the Council.

           That Policy Acceptance is a safeguard for the Council because it provides evidence that staff  ...  view the full minutes text for item 3.

4.

Policy Acceptance - Year 1 Compliance Data pdf icon PDF 751 KB

To present the report of the Head of Function (Council Business)/Monitoring Officer.

Minutes:

The report of the Head of Function (Council Business)/Monitoring Officer outlining the compliance levels for all services apart from the Learning Service for policy acceptance requirements based on information available as at 24 July, 2018, was presented for the Committee’s consideration.

 

The Corporate Information Governance Manager reported that the Council’s policy management system – the Policy Portal – was made available to staff as an electronic library in November, 2016.Policy acceptance requirements began on 24 April, 2017. The Policy Portal provides the Senior Information Risk Owner with assurance that key Information Governance policies are being read, understood and formally accepted by individual members of staff.

 

The Officer referred to the following key points in relation to Year 1 compliance levels –

 

           That 7 policies – Clear Desk Policy; Records Management Policy; Data Classification Policy; Managing Absence Policy; Display Screen Equipment Policy; Health and Safety - Roles and Responsibilities, and the Welsh Language Standards – were first subject to the click and accept system between April, 2017 and June, 2018 as determined by the Council’s SLT.

           Details of compliance levels for the seven policies for all services apart from the Learning Service are provided in Appendix 1 to the report. A decision was taken in April, 2017 not to include the Learning Service as the service’s IT group contained school-based staff for whom the process was not relevant. This issue has since been addressed and the Learning Service was first included in the corporate process in July, 2018 when the Council’s Data Protection Policy was made available for acceptance. The first seven policies referred to will be assigned gradually to the Learning Service over the coming months.

           Compliance reports on a service by service basis are submitted to the SLT at the end of the 6 week acceptance period assigned for each policy. All policies remain available for acceptance after the closing dates so that users who have not completed a policy on time are able to catch up.

           As at 24 July, 2018 average compliance levels for all policies across the Council was 95%, compared with an average of 79% at the end of the 6 week acceptance period set for each policy. All services have attained high levels of compliance apart from Adults’ Services where a number of staff do not have an Active Directory account which is an issue.

           Compliance in Children’s Services - which was identified as an issue by the Audit Committee at its September meeting - has improved significantly with an average rate of 99% as at 24 July compared with an average of 57% at the end of the six-week acceptance periods. Adults’ Services attained an average compliance rate of 78% as at 24 July, 2018 which whilst lagging behind other services, is an improvement on the 63% compliance average at the end of the 6 week acceptance period set for each policy.

           The Policy Portal relies on the Council’s Active Directory (AD) which now includes around 1000  ...  view the full minutes text for item 4.

5.

Annual Report: Concerns, Complaints and Whistleblowing 2017/18 pdf icon PDF 393 KB

To present the report of the Head of Function (Council Business)/Monitoring Officer.

Minutes:

The report of the Head of Function (Council Business)/Monitoring Officer providing information on issues arising under the Council’s Concerns and Complaints Policy for the period 1 April, 2017 to 31 March, 2018 was presented for the Committee’s consideration. The report also included Social Services complaints but only those where the complainant was not a service user. Service user complaints are dealt with under the Social Services Representations and Complaints Procedure and are reported annually to the Corporate Scrutiny Committee.

 

The Corporate Information Governance Manager reported that during the period of the report, 112 concerns were received and 72 complaints were made. Of the 72 complaints, 1 complaint was withdrawn prior to investigation (Housing) so 71 complaints were investigated and formal responses sent. An analysis of concerns and complaints by service is provided in section 8 of the report. The overall rate of responses to complaints issued within the specified time limit (20 working days) was 92%. Of the 71 complaints dealt with during the period, 17 were upheld in full, 6 were partly upheld and 48 were not upheld. Nine complaints were escalated to the Public Services Ombudsman for Wales; 8 of these were rejected and 1 resolved by early resolution. Each of the 9 complaints escalated to the Ombudsman had been through the internal process. No formal language related complaints were received during the year. Neither were any whistleblowing disclosure received during 2017/8 and there were no outstanding matters from 2016/17.

 

The Officer highlighted that the Concerns and Complaints Policy places an emphasis on learning lessons from complaints thereby improving services. Enclosure 1 to the report seeks to explain what lessons have been learnt and any practice which has evolved as a consequence.

 

The Committee considered the information presented and whilst it noted that the number of complaints was reasonable given the increasing financial constraints within which services are operating making complaints more rather than less likely, it noted also that no whistleblowing disclosures were reported with no outstanding matters from 2016/17. The Committee sought clarification of whether this pattern is replicated in other authorities or whether it signifies that whistleblowing procedures are not sufficiently documented and/or communicated throughout the Authority and are therefore not understood.

 

The Corporate Information Governance Manager said that he did not have benchmarking data in relation to whistleblowing disclosures; the absence of any such disclosures in 2017/18 may be an anomaly but is more likely to be continuation of the pattern in previous years wherein the number of whistleblowing disclosures has not been high. 

 

It was resolved –

 

           To accept the report as providing reasonable assurance that the Council is compliant with the processes required under its Concerns and Complaints Policy and Whistleblowing Policy/Guidance.

           To endorse the main messages from the Lessons Learnt Table at Enclosure 1 of the report, namely -

 

           That the Audit and Governance Committee reminds all Heads of Service that the Customer Care Charter must be followed when dealing with the public at all times and to  ...  view the full minutes text for item 5.

6.

Internal Audit Progress Update pdf icon PDF 956 KB

To present the report of the Head of Audit and Risk.

Minutes:

The report of the Head of Internal Audit and Risk which provided an update on Internal Audit’s latest progress with regard to service delivery, assurance provision, and reviews completed was presented for the Committee’s consideration.

 

The Head of Audit and Risk reported as follows –

 

           That four Internal Audit reports were finalised during the period three of which resulted in a Substantial Assurance rating – these were in relation to the Education Improvement Grant 2017/18; Pupil Development Grant 2017/18 and Highways Maintenance Contract Monitoring. The fourth review relating to the School Uniform Grant 2017/18 produced a Reasonable Assurance rating. Although one moderate risk was raised on the Highways Maintenance Contract Monitoring review relating to the need to maintain a contract register, overall the controls in place to monitor highway maintenance contracts were deemed to be effective thereby providing substantial assurance.

           That six reports with a Limited Assurance rating are scheduled for a follow-up review as detailed in paragraph 16 of the report. Four Follow-up reviews are currently underway – Sundry Debtors; Child Care Court Orders under the PLO; Corporate Procurement Framework and the Council’s Preparation for GDPR – these have a planned reporting date of the Audit Committee’s December meeting.

           That a detailed report of all outstanding recommendations and issues/risks is provided separately on the agenda.

           That progress has been slow in delivering the Internal Audit Operational Plan for 2018/19 due mainly to two vacancies and a long-term sickness absence. However, two new Senior Internal Auditors have recently commenced in post meaning that for the first time since August, 2017 the Internal Audit Service is fully staffed.

           That as well as undertaking follow-up work, the Service is engaged in a Primary Schools Thematic Review primarily focused on income collection as well as work in relation to the Gypsies and Travellers (Requirements of the Housing (Wales) Act 2014. In addition, the Service is involved in the National Fraud Initiative biennial exercise and is providing data for the data matching exercise; it also will shortly be commencing work on the cyber security review.

           That the Internal Audit Operational Plan 2018/19 will be updated to reflect the Senior Leadership Team’s latest review of the Corporate Risk Register which took place on 10 September; the updated version will be presented to the Committee’s December meeting.

           That in order to ensure objectivity and independence, the Risk Management audit will be undertaken by the Council’s Insurers in the form of an independent health check as it would not be appropriate for the Internal Audit Service to conduct the audit given the Head of Audit’s oversight responsibility for Risk Management.

           That there is currently a resource shortfall of 77 days on the Operational Plan – however it is anticipated that the recent review of the Corporate Risk Register and the de-escalation of specific risks will result in changes to the Plan with some reviews being taken out thereby reducing the commitments and bringing the shortfall down.

 

The Committee noted  ...  view the full minutes text for item 6.

7.

Outstanding Internal Audit Recommendations pdf icon PDF 861 KB

To present the report of the Head of Audit and Risk.

Minutes:

The report of the Head of Audit and Risk on the status and detail of the outstanding risks that the Internal Audit Service has raised was presented for the Committee’s consideration.

 

The Head of Audit and Risk reported as follows –

 

           That the Council is steadily improving its performance in implementing recommendations/ addressing risks with the overall implementation percentage currently standing at 93%.

           That as at 3 September, 2018 the Council had outstanding recommendations/risks and issues with a target implementation date of 31 August, 2018 as summarised in Table 4.1 of the report and elaborated upon in Appendix A.

           That the two red risks outstanding relate to Child Care Court Orders under the Public Law Outline – specifically the conduct of support worker visits, and the Corporate Procurement Framework – Corporate Compliance (Housing Service). With regard to the former, the Internal Audit Service has concluded that although the relevant visits may have been undertaken, they were not recorded as such. However, preliminary testing has evidenced that this risk has now been addressed. Work remains to be done in relation to the Corporate Procurement Framework and the follow-up audit is still ongoing. In order to enable the Committee to obtain an appreciation of the scale of the undertaking, and the materiality of the issues involved, Internal Audit will report to the Committee’s December meeting on the outcome of data analytical work it is carrying out as part of the follow- up audit.

           That the Internal Audit Service will be better placed to report on the 8 unimplemented Amber risks to the Committee’s December meeting.

 

It was resolved to note the Council’s progress to date in addressing the outstanding Internal Audit recommendations and risks raised since 1 April, 2014.

 

NO ADDITIONAL ACTION WAS PROPOSED

8.

Statement of the Accounts 2017/18 and ISA 260 Report pdf icon PDF 2 MB

·        To present the Statement of the Accounts 2017/18.

 

·        To present the report of External Audit on the Financial Statements.

 

Additional documents:

Minutes:

8.1       The report of the Head of Function (Resources)/Section 151 Officer incorporating the Final Statement of Accounts for 2017/18 following audit was presented for the Committee’s consideration.

 

The Head of Function (Resources)/Section 151 Officer reported that the statutory deadline for the completion of the 2017/18 audited accounts has again been met. Improvements which the audit process identified last year have been made and are continuing. All issues that have arisen throughout the audit were dealt with promptly and in a satisfactory manner.

The Officer said that all amendments to the draft accounts which have been agreed as requiring restatement by Deloitte as the Council’s financial auditors have been processed and are contained within the Statement of Accounts. The significant amendments required to the draft statement have been largely confined to the following –

 

           Incorrect reconciliation of overpaid Housing Benefits recorded on the Housing Benefits system to the Council’s ledger over the last three years, which resulted in an under recognition of revenue.

           Incorrect percentages were initially used in the internal valuer’s report that led to an incorrect calculation of fixed asset revaluation amounts.

           Following a review of the treatment of the earmarked reserve for the Penhesgyn Waste Landfill site, it was identified that this meets the criteria for a provision, therefore a provision has been charged to the Comprehensive Income and Expenditure Statement. The earmarked reserve has been released.

 

The Head of Function (Resources)/Section 151 Officer referred to the two misstatements which Management has decided not to correct as detailed in Appendix 3 to the External Auditor’s report, the one in relation to the treatment within the draft accounts of a contribution of £3.66m made by the Council to the Gwynedd Pension Fund to cover the fixed element of the employer contributions for the 3 year period 2017/18 to 2019/20 and the other in relation to the treatment of a refund of approximately £0.8m from HMRC for VAT paid on Leisure Services dating back to 2012.

 

The Officer said that the sum paid to the Gwynedd Pension Fund was treated as an advance payment but, after seeing how the Actuary in reviewing the Pension Fund had accounted for the payment, it became apparent that the Authority’s treatment was incorrect. The auditors having taken advice from the Wales Audit Office have concluded that the payment should be recognised in full in the year of payment i.e. 2017/18 and charged to the general fund. However, as this would have the effect of reducing the general fund balance, Management has decided not to take this course and instead a negative reserve has been created which has the effect of reducing the earmarked, instead of the general reserve balance. The difference in treatment being a difference in classification has no effect on the total useable reserves figure. The auditors have explained the different approaches in their report.

 

With regard to the second uncorrected misstatement the Authority has received a refund of approximately £800k from HMRC for VAT paid on leisure service  ...  view the full minutes text for item 8.

9.

Review of the Audit and Governance Committee's Terms of Reference pdf icon PDF 511 KB

To present the report of the Head of Audit and Risk.

Minutes:

The report of the Head of Audit and Risk incorporating the Committee’s revised draft Terms of Reference was presented for the Committee’s consideration and endorsement.

 

The Head of Audit and Risk reported as follows –

 

           That there have been a number of significant developments in governance and audit practice since the Committee’s Terms of Reference were last reviewed in February, 2015 including the introduction of the new Delivering Good Governance in Local Government Framework (CIPFA/Solace, 2016).

           That CIPFA’s guidance represents best practice for audit committees in local authorities throughout the UK. It published its new guidance in May, 2018 which was discussed by members of this Committee at a workshop held on 13 June, 2018.

           That the revised guidance updates the core functions of the audit committee in relation to governance, risk management, internal control and audit. CIPFA has also updated the audit committee role in relation to counter-fraud to reflect the Code of Practice on Managing the Risk of Fraud and Corruption. The guidance continues to include a strong focus on the factors that support improvement which include the knowledge and skills that audit committee members require as well as areas where the committee can add value.

           That the guidance has mostly been incorporated into the terms of reference apart from the requirement that Full Council approves the appointment of the Lay Members. The Head of Function (Resources)/Section 151 Officer was concerned that due to  committee scheduling, a delay in the appointment of the Lay Members until the Full Council meeting would also delay the Audit and Governance Committee with implications for meeting the deadline for reporting and approving the draft Statement of Accounts. The previous provision that Lay Members be approved by the Audit and Governance Committee therefore remains.

           That in developing the terms of reference, account has been taken of specific regulations and guidance appropriate for the Council. Consultation has been undertaken with the Head of Function (Resources)/Section 151 Officer, the Head of Function (Council Business)/Monitoring Officer and the remainder of the Senior Leadership Team. The Committee’s two Lay Members were also consulted.

 

It was resolved to endorse the Audit and Governance Committee’s revised Terms of Reference as presented and to recommend the same to the Executive.

 

NO ADDITIONAL ACTION WAS PROPOSED

10.

External Audit:The Service User Perspective - the Welsh Housing Quality Standard - IOACC pdf icon PDF 624 KB

To present the report of External Audit.

Minutes:

The report of External Audit on the outcome of its review of Anglesey’s Council House tenants’ experiences in relation to the delivery of the Welsh Housing Quality Standard (WHQS) was presented for the Committee’s consideration.

 

Mr Gwilym Bury, Wales Audit Office reported on the main issues as follows –

 

           In 2017/8, the Wales Audit Office completed work to understand the “service user perspective” at every Council within Wales. A broadly similar approach was followed at each council, although the specific focus and approach to the work was agreed with each council individually. In the Isle of Anglesey County Council, the Housing Service was reviewed and in particular, tenants’ engagement with and degree of choice experienced in delivering the Welsh Housing Quality Standard (WHQS) and their view on the quality of the service they receive from the Council.

           That for the purpose of the review, the auditors spoke to a sample of 119 tenants via a doorstep survey. Although it was not possible to talk to everyone, engaging with a sample of service users helped gain a better understanding of their perspective. In addition, a focus group with the Môn Tenants and Officers Voice Group was held and most of the Council’s housing estates were visited.

           Overall the review found that most of the Council tenants who the auditors spoke to were satisfied with the quality of the service, but they were less involved in service design than they have been, and the Council has not always evaluated the impact of changes to the service. This conclusion was reached because –

 

           Before 2015, the Council effectively involved tenants in service design on WHQS, but tenant involvement has declined since.

           Most Council tenants are satisfied with the quality of the service although 37% of the tenants felt they had problems with damp and condensation in their home. The Wales Audit Office has conducted a similar survey in the last 12 months at all 11 councils in Wales which retained their housing stock and this is one of the highest recorded percentages of tenant reporting problems with damp and condensation in their homes.

           Tenants can access the services they need but the Council has not always evaluated changes it has made to access models and service standards for sheltered housing. Many of the sheltered housing tenants whom the auditors spoke to said that they value the housing service and are happy in their homes. However, they feel that although they are informed of changes, the level of service has declined and their views are not always listened to. The tenants approached regretted the withdrawal of the dedicated site-based warden service and some felt lonely and isolated as a result. At two schemes visited, the arrangements for the fire-alarm service in which wardens used to play a role in checking and resetting alarms is a concern to some tenants. The auditors were told that alarms are sometimes taking over an hour to be reset by some external contractors  ...  view the full minutes text for item 10.

11.

External Audit: Isle of Anglesey Annual Improvement Report 2017/18 pdf icon PDF 443 KB

To present the report of External Audit.

Minutes:

The report of External Audit summarising the audit and assessment work undertaken and reported during 2017/18 in relation to the Council including the conclusions and proposals for improvement for each report issued was presented for the Committee’s consideration.

 

Mr Gwilym Bury, Wales Audit Office confirmed that based on and limited to the work carried out by the WAO and relevant regulators, the Auditor General for Wales believes that the Council is likely to comply with the requirements of the Local Government Measure (2009) during 2018/19 in relation to making arrangements to secure  continuous improvement. No reviews of the Council by Estyn or the Care Inspectorate Wales have taken place during the time period covered by the report.

 

It was resolved to accept External Audit’s Annual Improvement Report 2017/18 for the Isle of Anglesey County Council and to note the contents.

 

NO ADDITIONAL ACTION WAS PROPOSED

12.

Internal Audit Charter pdf icon PDF 660 KB

To present the report of the Head of Audit and Risk.

Minutes:

The report of the Head of Audit and Risk incorporating an updated Internal Audit Charter was presented for the Committee’s consideration and approval.

 

The Head of Audit and Risk reported that although the Audit Charter is not due for full formal review until April, 2020, a review conducted to ensure its continued appropriateness has identified the two following minor changes –

 

           Paragraph 10 first bullet - to include Lay Members in accordance with the equal status afforded to Lay Members in the Committee’s updated Terms of Reference.

           Paragraph 11 – to correct an error in the date of the regulations and to update for new legislation as detailed in the report.

 

It was resolved to approve the amendments to the Internal Audit Charter as presented.

 

NO ADDITIONAL ACTION WAS PROPOSED

13.

Forward Work Programme pdf icon PDF 346 KB

To present the report of the Head of Audit and Risk.

Minutes:

The Committee’s Forward Work Programme was presented for review and comment.

 

The Head of Audit and Risk reported that as a result of the changes to the Committee’s Terms of Reference the Committee’s Work Programme is likely to expand meaning that it will also change in the future.

 

It was resolved to accept the Forward Work Programme as presented without amendment.

 

NO ADDITIONAL ACTION WAS PROPOSED

14.

Exclusion of Press and Public pdf icon PDF 120 KB

To consider adopting the following –

 

“Under Section 100 (A) (4) of the Local Government Act 1972, to exclude the press and public from the meeting during the discussion on the following item on the grounds that it may involve the disclosure of exempt information as defined in Schedule 12A of the said Act and in the attached Public Interest Test.”

 

 

Minutes:

It was resolved Under Section 100 (A)(4) of the Local Government Act 1972 to exclude the press and public from the meeting during the discussion on the following item on the grounds that it involved the disclosure of exempt information as defined in Schedule 12A of the said Act and in the Public Interest Test presented.

15.

Corporate Risk Register

To present the report of the Head of Audit and Risk.

Minutes:

The report of the Head of Audit and Risk incorporating the revised Corporate Risk Register was presented for the Committee’s consideration.

 

The Risk and Insurance Manager reported that the Corporate Risk Register was reviewed by the Senior Leadership Team on 10 September, 2018 and has been updated to reflect their comments and opinions at that meeting. Since the Corporate Risk Register was last presented to the Audit and Governance Committee, the 4Risk software has been procured as a means to improve the recording and monitoring of risks throughout the Council. The migration to the 4Risk system has resulted in changes to the risk references of some risks.

 

The Officer highlighted the changes in the updated Register as follows –

 

           Risk YM35 has been removed from the Register on the basis that the risk has materialised and is now considered an issue as opposed to a risk.

           Five risks (YM20, YM23, YM26, YM29 and YM33) have been de-escalated because the likelihood of occurrence and/or impact have reduced.

           Two new risks (YM38 and YM39) have been added to the Register.

           The top red risks to the Council are the three risks identified in paragraph 12 of the report.

 

The Committee considered the information presented and made points as follows –

 

           The Committee noted that Risk YM11 is classified as C1 in terms of inherent risk, and that the introduction of risk controls has seemingly had no impact on YM11’s residual risk status which remains unchanged at C1. The Committee noted further that implementing the risk controls might have been expected to result in downgrading the residual risk status of YM11.

 

The Risk and Insurance Manager clarified that YM11 is a risk for which controls are in place which had they not been put into effect would likely mean the inherent risk level would have to be upgraded.

 

           The Committee noted that the use of a combination of letters and numerals to classify risks can be confusing.

 

The Committee was informed that the criteria for designating risks have been approved by the Senior Leadership Team which takes the view that by using both letters and numerals the likelihood of a risk materialising (letter - with A denoting the highest probability) as well as the impact if it does (numeral - with 1 denoting the greatest impact) can be conveyed simultaneously.

 

It was resolved to note the contents of the report and that the Committee takes assurance that the risks to the Council’s aims and objectives are being recognised and managed by the Senior Leadership Team.

 

NO ADDITIONAL ACTION WAS PROPOSED.