Agenda and minutes

The Chair expressed sadness at the recent death of Councillor Trefor Lloyd Hughes, MBE, a member of the committee, and noted that he would be greatly missed. On behalf of the committee’s members he offered deepest condolences to Councillor Hughes’s family and friends. The Chair also noted the appointment of Councillor Gwilym O. Jones who was rejoining the committee. Although unable to be present due to prior commitments, Councillor Gwilym O. Jones was welcomed back as member of the committee.

The apologies for absence were presented and were noted.

To receive any declaration of interest by any Member or Officer in respect of any item of business.

No declaration of interest was received.

To present the minutes of the previous meetings of the Governance and Audit Committee held on the following dates –

·      30 September 2025

·      23 October 2025 (extraordinary)

The minutes of the previous meetings of the Governance and Audit Committee held on the following dates were presented and were confirmed as correct:-

·      30 September 2025

·      13 October 2025 (extraordinary)

To present the report of the Head of Audit and Risk.

The report of the Head of Audit and Risk incorporating the committee action log was presented for consideration. The report updated the Committee on the status and progress of the actions and decisions it had agreed upon.

The Head of Audit and Risk confirmed that actions 16, 19, 20, 25, 28, 30, 31 and 32 had been completed. She provided an update on the position with regard to action 30 as recorded in the log.

It was resolved to note the actions detailed in the action log table and to confirm that the Committee is content that the actions have been implemented to its satisfaction.

To present the report of the Director of Function (Council Business)/ Monitoring Officer.

The report of the Director of Function (Council Business)/Monitoring Officer providing information on service complaints for the period 1 April 2024 to 31 March 2025 was presented for the committee’s consideration. The report also included reference to Whistleblowing disclosures and Code of Conduct complaints during the period and  incorporated the Public Services Ombudsman for Wales’s (PSOW) Annual Letter for 2024/25.

The Director of Function (Council Business)/Monitoring Officer presented an overview of the report and highlighted the key points. Services agreed with the data presented and accepted the analysis. Training for Complaints Officers was delivered with the PSOW during the year and the Council’s Complaints Policy was updated to clarify the Stage 1 and Stage 2 process and remove the “concerns” element.

The Highways and Property Service had experienced an increase in complaints with likely underreporting in quarters 1 and 2. While Housing Services had seen a reduction in complaint numbers, a high proportion were upheld and underreporting was again likely in first two quarters. In the  Leisure Service, 93% of complaints were upheld, which is attributed to service requests being recorded as stage 1 complaints. The Head of Service has accepted this and staff have received additional training. Planning and Waste services  recorded a high level of performance, with no concerns in any service regarding late responses.

Complaints against the Council to the PSOW reduced in 2024/25 and included a significant reduction in issues relating to complaints handling. The PSOW’s Annual Letter highlighted the need to notify the PSOW  when implementing PSOW recommendations and to do so within the timescale set by the PSOW. Failure to do so in two cases in 2024/25 involving six recommendations resulted in recommendations which were actioned being recorded as non-compliance.

The Head of Highways, Waste and Property reported with regard to the increase in complaints against the Highways and Property Services. He noted that many were business as usual enquiries escalated as complaints when the response was not accepted. Given the operational nature of the service, a high volume of such cases is expected. He advised that staff require further CRM training, as use of the system has led to increased reporting and highlighted the need to distinguish between complaints and business as usual enquiries. He referred to the most common areas of complaint for the service and outlined the mitigating circumstances. He noted that improved CRM use will support timely and consistent logging of complaints, differentiation between complaints and routine enquiries along with more effective monitoring by managers. He confirmed that the issues identified are being considered at the service’s corporate team meetings which oversee complaint trends and response times.

It was resolved to endorse the recommendations of the report, namely –

·      To implement as soon as possible –

·         The introduction of the Power BI dashboard for Heads of Service and Directors in relation to complaints about their service

·         Training for complaints officers, and their deputies on customer care and qualities/diversity

·         Update guidance on effective complaint handing

·      Having considered the Annual Letter from  ...  view the full minutes text for item 5.

To present the report of the Director of Function (Council Business)/ Monitoring Officer.

The report of the Director of Function (Council Business)/Monitoring Officer which provided the Senior Information Risk Owner’s view of the main Information Governance issues for the period 1 April 2024 to 31 March 2025 and current risks was presented for the committee’s consideration.

The Director of Function (Council Business)/Monitoring Officer presented an overview of the report and highlighted the key points. The overall figures for data breaches remains consistently low  which may indicate a lack of awareness of what constitutes a data breach resulting in matters that should be reported to the Interim Data Protect Officer being overlooked. Training needs to be refreshed and policies updated.

Although there are areas of good practice, the Council’s overall Freedom of Information Act request compliance rates remain low and always below the minimum requirements expected by the Information Commissioner (target 90%).This may be linked to an absence of current  publication schemes within services. Regular publication of information can reduce the burden of FOI requests on services by allowing exemptions to be applied for material that is already publicly available.

The level of corporate support for information governance is low compared to that in other local authorities. The Corporate Data Protection Officer role has remained vacant for an extended period despite several recruitment attempts, and it continues to be filled on an interim basis. The current interim officer has reviewed the Council’s position and produced a draft work programme. While full delivery of the programme depends on capacity, priority actions have been identified and are reflected in the report’s recommendations. An application for funding for a paralegal post has been submitted to allow the Corporate Data Protection Officer to focus on policy, strategy and training.

The FOIA related CRM project has finished, and a new broader project has commenced which will still allow use of the documentation already created along with several work streams in a more comprehensive information governance system.

In reviewing the report, the committee noted the position with regard to FOIA compliance and the failure over a 10 year period to meet the Information Commissioner’s 90% target. Members requested clarification of the process for dealing with FOIA requests within services.

The Director of Function (Council Business)/Monitoring Officer explained that capacity is an issue and is limited because FOIA and data management officers within services also deal with complaints alongside their day to day duties, with only one central corporate officer post supporting all services. Further work with services will help identify barriers and target intervention and training, but each service will need to determine whether it has the resources to support the work.

She further advised the committee that following discussion with the Chief Executive, she wished to offer an amendment to recommendation 2.3 of the report to read “that the quarterly Key Performance Indicators figures are amended so that they include compliance rates of individual services and this data is reported quarterly to the Leadership Team so that the Chief Executive can meet with any services that are under-performing in  ...  view the full minutes text for item 6.

To present the report of the Director of Function (Council Business)/ Monitoring Officer.

The report of the Director of Function (Council Business)/Monitoring Officer which sought the committee’s view on the proposed amendment to the Council’s Constitution to provide for the final approval of the Council’s Annual Accounts by the Governance and Audit Committee in place of the Council was presented for consideration.

The Director of Function (Council Business)/Monitoring Officer presented the report and outlined the rationale for the proposal which was to improve efficiency, to support  Audit Wales’s intention to bring forward the 2025/26 audit timetable for local government to 30 September 2026; to avoid the need to reschedule the September Full Council meeting or convene an extraordinary meeting if approval was to remain with the Council, and to align the Council’s arrangements with those of principal councils in Wales. It was confirmed that no party would be disadvantaged by the proposed change.

Members sought assurance that the committee would receive the final accounts in sufficient time for review if it became the approving body. A query was also raised regarding whether the change would apply to the Annual Governance Statement (AGS).

The Director of Function (Resources)/Section 151 Officer confirmed that the committee would continue to review the draft accounts in July and that removing the Full Council from the final stage will create additional time to present the final accounts to the committee. Assurance was given that the Finance service would endeavour to present the final accounts in a timely manner.

The Director of Function (Council Business)/Monitoring Officer advised that instructions regarding the AGS were received after the report had been drafted and midway in the consultation on the proposed change. As the AGS has a different process and justification, any change to its approval arrangements would require a separate report to Full Council. The Interim Deputy Monitoring Officer will seek instructions on this matter should the Full Council approve the proposed change to the accounts approval process.

Carwyn Rees, Audit Wales Performance Audit Manager noted that approval of the final accounts by the Governance and Audit Committee is now a common practice among councils in Wales. He added that publication of the draft accounts in June provides sufficient time for elected members and members of the public to raise any issues before final approval in September.

It was resolved to support the proposed amendment to the Council’s Constitution to provide for the final approval of the Council’s Annual Accounts by the Governance and Audit Committee in place of the Council.

To present the report of the Head of Audit and Risk.

The report of the Head of Audit and Risk providing an update as at 21 November, 2025 on the audits completed since the previous update as at 30 September 2025 was presented for the committee’s consideration. The report also set out the current workload of Internal Audit and its priorities for the short to medium term going forward. Members of the committee were provided under separate cover with copies of the assurance reports finalised in the period in relation to Performance Management (Reasonable Assurance) and Secondary Schools ICT Security (Limited Assurance).

The Head of Audit and Risk presented the report and summarised the two assurance reviews completed in the period, highlighting the issues identified. In relation to the Limited Assurance review, she reported that the Council has launched several initiatives and established a project team to address the risks raised. An action plan has been agreed with management and schools. All actions are scheduled for completion by July 2026 with Internal Audit to conduct a follow-up review in April 2026 and report progress to the committee’s July 2026 meeting. Due to the nature of the concerns raised by the audit, the limited assurance report will need to be discussed in private session, subject to the appropriate public interest test. The committee agreed that the Secondary Schools ICT Security (Limited Assurance) report and action plan be considered in detail at the July 2026 meeting following Internal Audit’s progress review and requested that the Council’s Chief Digital Officer attend.

The Director of Education, Skills and Young People confirmed that work to implement the audit recommendations is ongoing in partnership between the Learning Service, the ICT service and secondary schools, with several actions already completed. A fuller update will be provided to the committee’s July 2026 meeting as agreed.

In the subsequent discussion the committee raised the following matters  –

·      Members questioned whether the Council’s performance management framework could be considered effective and proactive given the audit findings, particularly the limited assurance in relation to data quality at both service and corporate levels, posing risks to the accuracy of reported outcomes.

The Head of Audit and Risk reaffirmed that internal audit views the framework as effective overall and well embedded across the organisation with the main issue being the inconsistency of performance management across services.

The Strategic Performance and Projects Manager added that the audit supports this view stating that the Performance Management team works closely with services on business planning and monitoring. The Corporate Scorecard has been reviewed for 2025/26 to better align with the Council’s strategic objectives and is monitored regularly. Accepting that improvements can be made in data management and analysis, he considered the  core processes to be thorough and sound.

·      Members also asked whether the number of major and moderate issues identified in the Performance Management and Secondary Schools ICT Security audits should be a cause for concern, and whether any of the schools ICT security issues might be critical.

The Head of Audit and Risk explained that one  ...  view the full minutes text for item 8.

To present the report of the Head of Audit and Risk.

The report of the Head of Audit and Risk incorporating the Council’s Risk Management Policy Statement and Risk Management Guidance updated as of December 2025 was presented for the committee’s consideration.

The Head of Audit and Risk outlined the proposed changes to the Council’s risk management framework and updated the committee on ongoing work with Zurich Risk Solutions, who have been commissioned to work with the Council on a wholescale review of its approach to managing risk. She highlighted the amendments to the Risk Management Policy Statement and Guidance and confirmed that the updated strategic risk register will be presented to the committee in February, 2026.

It was resolved to note the work currently being undertaken as part of the wholescale review of the risk management framework and the strategic risk register.

To present the report of the Director of Function (Resources)/Section 151 Officer.

The report of the Director of Function (Resources)/Section 151 Officer which set out the Council’s performance in relation to the 2025/26 treasury management strategy at the mid-year point was presented for the committee’s consideration.

The Director of Function provided an overview of the report which included progress on the capital budget for 2025/26, the Council’s borrowing position and forecast to March 2026 and investment income as of 30 September 2025 with the projected position for 2025/26.Table 5 of the report outlined the current forecasted position against the treasury management indicators and limits. It was confirmed that the Council’s treasury management performance remains consistent with the Council’s low risk, low return investment strategy and a planned approach to borrowing designed to minimise interest charges. A minor technical breach of treasury management practice was noted at paragraph 8 of the report when a call account briefly exceeded the limits set by the treasury management strategy due to interest being credited to the account. The issue was corrected with no loss to the Council.

In response to a question about the likelihood of fully spending the capital budget by year end with 33% of the annual budget spent at the halfway point, the Section 151 Officer advised that forecasts are based on assessments provided by project officers responsible for each scheme. He noted that progress and expenditure can be affected by various factors and confirmed that the Council will seek to ensure sufficient expenditure to meet grant conditions or otherwise request approval to carry funding forward into the next financial year.

It was resolved to note the contents of the Treasury Management Mid-Year Review report 2025/26 and to forward the report to the Executive without further comment.

To present the report of the Head of Profession (HR) and Transformation.

The report of the Head of Profession (HR) and Transformation which summarised the Council’s response to external audit reports and associated recommendations published by regulators was presented for the committee’s consideration. The report also provided  updates on the work the Council has undertaken since the last monitoring report was presented to the committee in December 2024.

The Strategic Performance and Projects Manager confirmed that the majority of recommendations have been implemented or are on track, with an explanation and progress update provided where a delay has occurred. In  response to a previous suggestion that  timelines be attached to recommendations, he advised that this would be difficult as many of the recommendations are national and authorities may choose to implement only those that are relevant to local circumstances, some of which may already be in operation within services.

It was resolved to note the report and to accept the responses and updates as an accurate reflection of the Council’s work against the related recommendations.

To present the report of Audit Wales.

A briefing note by Audit Wales which provided an update on the latest NFI 2024/25 exercise at national level as of 31 July 2025 was presented for the committee’s consideration. The briefing note also included local information about the number of data matches identified for the Isle of Anglesey County Council with further analysis of these data matches by fraud risk score set out in Appendix 2.

The Head of Audit and Risk presented the report highlighting the main points and noting that Audit Wales encourages those charged with governance to seek further local detail from lead officers. This information was provided to the committee through the NFI Outcomes report 2024/25 presented at the 30 September 2025 meeting which found that the systems of internal control in place particularly around housing tenants/waiting lists, payroll and procurement are robust. A managed, bulk review of Council Tax Single Person Discounts (CTSPD) is planned before the end of 2025/26, using an external provider.

The committee queried the classification of all 5,000 plus CTSPD 5,000 data matches as high risk, given that single occupancy status is dynamic and can change daily. Members also asked about the success rate in recovering discounts claimed fraudulently or in error.

Carwyn Rees Audit Wales Performance Audit Manager explained that CTSPD is considered a high risk area based on historical findings although not all matches indicate an issue.

The Director of Function (Resources)/Section 151 Officer outlined the mechanisms  available to the Council to recover ineligible or fraudulent discounts and emphasised that many of the matches will be genuine. He also noted that the report reflects the position at a particular point in time and that the data is reviewed and updated daily. He confirmed that the Council is in the process of engaging a third party to review CTSPDs, although some factors have delayed progress.

In response to a further question by the committee regarding the value of the report in identifying financial loss, Carwyn Rees, Audit Wales stated that its purpose is to raise  awareness and prompt further investigation. A national report drawing on all local findings will be issued in autumn 2026.

It was resolved to note the Audit Wales briefing note and to take assurance that the Council, taking account of the need to prioritise its resources, is seeking to actively embrace opportunities provided by the NFI to use data analytics to strengthen both the prevention and detection of fraud.

To present the report of Audit Wales together with the management response.

The report of Audit Wales on the findings of its examination of how well the Council manages its reserves and balances was presented for the committee’s consideration.

Carwyn Rees, Audit Wales Performance Audit Manager confirmed that the report was positive concluding that the Council manages its reserves effectively and reviews them regularly. However, the Council would benefit from establishing formal protocols for their use and replenishment as well as  criteria to determine when and how reserves should be established. One recommendation is made to strengthen these arrangements. Management has accepted the recommendation and confirms planned actions and a timetable for implementation.

It was resolved to note the report and to take assurance that the management response form confirms the steps taken by the Council to address the recommendations.

To present the report of Audit Wales together with the management response.

The report of Audit Wales on the findings of its examination of the Council’s arrangements for commissioning services was presented for the committee’s consideration.

The Strategic Performance and Projects Manager presented the Audit Wales report which concludes that overall, the Council is not able to demonstrate that it routinely secures value for money through its commissioned services. Three services where the Council has taken the decision to commission services externally were reviewed as part of the audit  – waste management and street cleaning, young people’s homelessness service, and school transport (buses). Those services disagreed with the audit findings stating that processes are in place to review arrangements and monitor contracts regularly to ensure value for money. Although feedback was provided to Audit Wales, the comments were not accepted.

Lora Williams, Audit Wales confirmed that all feedback from local authorities on draft reports is considered by Audit Wales. The review was undertaken at each council in Wales and a summary of national findings will be available in January 2026.

During discussion, the committee’s members raised concerns that the audit’s evidence base was insufficient to support an overall conclusion on the Council’s commissioning arrangements and that the three services selected were not representative of the Council’s wider range of contracts. Some members therefore felt unable to accept the findings. Concern was also expressed that the Council’s feedback had not been incorporated in the report.

Lora Williams noted that only two local authorities had commented on the size of the sample. She explained that the audit assessed corporate commissioning arrangements; therefore even with a larger sample, if one service followed local service standards rather than corporate ones the overall conclusion would remain that the council does not have corporate  commissioning arrangements that are recognised as best practice and ensure value for money. She added that the three services were selected in consultation with the Council

and that Audit Wales follows international auditing standards in conducting its audits which require consideration, but not acceptance of the audited body’s views.

The committee asked whether any internal audit processes could provide assurance. The Head of Audit and Risk advised that although the 2025/26 internal audit plan does not include a review of commissioning arrangements, such an audit could be considered for the 2026/27 plan if requested.

The Director of Function (Resources)/Section 151 Officer noted that despite disagreement about the sample size, management has considered the report and recommendations, provided a response and is progressing the associated actions. He outlined the current procurement position and confirmed that a procurement strategy has been adopted but a permanent procurement manager is yet to be appointed with the post currently being filled on an interim basis. The vacancy has been advertised, and once in post, the manager will develop a process to evaluate the Council’s compliance with procurement legislation with the findings to be reported to the committee for assurance.

It was resolved that the committee was unable to accept the conclusions of the Audit Wales report but noted and  ...  view the full minutes text for item 14.

To present the report of the Head of Audit and Risk.

The report of the Head of Audit and Risk incorporating the committee’s Forward Work Programme for 2025/26 updated to reflect the most recent changes, was presented for the committee’s consideration.

It was resolved to confirm  the Forward Work Programme for 2025/26 as meeting the committee’s responsibilities in accordance with its terms of reference.