Agenda and minutes

To receive any declaration of interest by any Member or Officer in respect of any item of business.

No declaration of interest was received.

To present the minutes of the previous meeting of the Governance and Audit Committee held on 8 February 2024.

The minutes of the previous meeting of the Governance and Audit Committee held on 8 February 2024 were presented and were confirmed as correct.

Arising thereon – The Head of Audit and Risk informed the Committee with reference to item 5 (Corporate Health and Safety Annual Report 2022/23) that having asked the Risk and Insurance Manager to undertake an analysis of insurance claims against the increase in slips and falls she could confirm that there was no correlation between the number of insurance claims and an increase in the number slips and falls.

To present the report of the Head of Audit and Risk.

The report of the Head of Audit and Risk incorporating CIPFA’s review of the operation of the Governance and Audit Committee was presented for the Committee’s consideration. The report set out the outcome of a piece of work which the Governance and Audit Committee of the Isle of Anglesey County Council commissioned CIPFA to undertake to fulfil the requirements of CIPFA’s Position Statement: Audit Committees in Local Authorities and Police 2022 which recommends that audit committees evaluate their impact and identify areas for improvement.

The Head of Audit and Risk provided an overview of the report highlighting the conclusions of the review and the areas identified for improvement and she outlined the contents of the action plan formulated to address the recommendations made by the review.

Points of discussion by the Committee –

·      The value of producing an action log in tabular form following each meeting utilising the 4action tracking system deployed by Internal Audit to enable the Committee to monitor the progress and completion of the actions/decisions it has agreed upon. The Head of Audit and Risk confirmed that she would be producing an action log for each meeting.

·      Some disparity between the use of terminology in the English and Welsh versions of the review report were noted which could create confusion/misunderstanding especially where a Welsh term has dual meaning as in “cynghorwyr” meaning councillors and/or advisors. The Head of Audit and Risk confirmed that the Welsh translation had been arranged by CIPFA and undertaken externally to the Council’s own translation service.

·      That the review is predominantly focused on processes and practice and does not make substantive reference to the Committee’s impact or effect. The Committee noted that it would have been helpful had the review included more in the way of feedback on the Committee’s performance from management especially as the personnel interviewed had included senior and key officers.

·      That it might also have been useful had CIPFA attended more meetings of the Governance and Audit Committee to gain a fuller appreciation of the Committee in operation as well as the CIPFA representative and report author being in attendance for the presentation of the review report.

·      Whether areas within the Committee’s terms of reference identified as implicit should be made explicit. It was noted that the review refers to six annual reports having been presented to the Committee that were not explicitly on the terms of reference and clarification of the reasoning for their having been brought to the Committee was sought.

·      That when setting the agenda consideration be given to differentiating between items requiring a decision/resolution and those to be noted as information as well to the number of items for information only. Items should also be appropriate and within the Committee’s remit.

·      The ways in which the Committee can improve its effectiveness and output and become more proactive rather than reactive. Suggestions were made about reports needing to be clear regarding their purpose and the expectations of the Governance and Audit Committee in terms of the  ...  view the full minutes text for item 3.

To present the report of the Head of Audit and Risk.

The report of the Head of Audit and Risk providing an update as at 31 March, 2024 on the audits completed since the previous update as at 31 January 2024 was presented for the Committee’s consideration. The report also set out the current workload of Internal Audit and its priorities for the short to medium term going forward. Members of the Committee were provided under separate cover with copies of the four internal audit reports finalised since the last update in relation to Galw Gofal (Partnership Governance) (First Follow-Up) (Reasonable Assurance); IT Audit – Corporate Access Management (Reasonable Assurance); Recovery of Council Tax, Non-Domestic Rates and Sundry Debts (First Follow-Up) (Limited Assurance) and the Administration of Disabled Facilities Grants (Limited Assurance). The two Limited Assurance reports were accompanied by action plans to address the issues/risks raised by the internal audit review.

The report was presented by the Head of Audit and Risk who provided an overview of the contents.

The Director of Function (Resources)/Section 151 Officer provided the background to the Limited Assurance report in relation to the recovery of Council Tax, Non-Domestic Rates and Sundry Debts and outlined the factors which had impacted on the debt situation and explained the measures being taken to improve the position and the effectiveness of income collection and debt recovery. Further details were provided by the Revenue and Benefits Service Manager.

The Head of Housing Services provided contextual information with regard to the Limited Assurance report in relation to the Administration of Disabled Facilities Grants and he referred to increasing demand not being matched by additional resources as challenges with the administration and delivery of DFGs. The Service accepts the report and action plan and is committed to addressing the issues raised within the allotted timescale of 1 July 2024.

Points of discussion by the Committee –

·      That it would have been helpful had the audit follow up report included contextual information in relation to Council Tax, Non-Domestic Rates and Sundry Debts to help members get to the nub of the matter in respect of outstanding debt and how to tackle it. It was noted that the report does not reference any of the challenges, mitigating factors and actions taken as described by the Section 151 Officer in his presentation of the background, to address issues and improve the situation. The Committee further noted that where assurance is limited, members need to be able to focus attention on areas where actions can have an effect rather than on areas where the prospect of improvement is limited as in the recovery of certain debts especially social care debts. Adopting a project management methodology was suggested.

·      That it would also be helpful if the Committee was apprised of the total sum of non-recoverable debt so that it could make recommendations for a way forward.

·      Whether there is a formula for determining when the pursuit of debt becomes uneconomical.

·      Whether the application process for business rates relief is too complicated and a disincentive to apply.

·      The  ...  view the full minutes text for item 4.

To present the report of the Head of Audit and Risk.

The report of the Head of Audit and Risk setting out the outstanding actions across the Council as at 31 March 2024 was presented for the Committee’s consideration. A detailed status update of the five outstanding “major” rated issues/risks was provided at Appendix 1 to the report.

The Principal Auditor updated the Committee on current performance and the status of the outstanding actions which Internal Audit has raised as illustrated by the graphs in the report and she confirmed that Internal Audit endeavours to pursue all outstanding actions to ensure their completion.

It was resolved to accept the report and the Council’s progress in addressing outstanding Internal Audit issues/risks as satisfactory.

To present the report of the Head of Audit and Risk.

The report of the Head of Audit and Risk incorporating the Internal Audit Strategy for 2024/25 was presented for the Committee’s consideration.

The Head of Audit and Risk presented the report and strategy as risk based with resources directed to the highest areas of risk in line with the strategic risk register (Details of proposed audits were set out in Appendix A to the strategy).Whilst the strategy has been set in consultation with the Director of Function (Resources)/Section 151 Officer and Heads of Service, Internal Audit will continue to engage with senior management over the course of the plan to ensure the service remains up to date and responsive to any emerging issues and concerns.

Points of discussion by the Committee –

·      In light of the two vacancies within the Internal Audit service, whether there is appropriate reconciliation between the work planned and the resources available and whether the balance between in-house and third-party resources meets the requirements given that there is only one scheduled audit requiring external commissioned expertise in relation to cyber security.

·      Recruitment arrangements and succession planning within the Internal Audit Service. Some concern was expressed regarding the implications for the future of the service and the development of the next generation of internal auditors if entry into the service at Anglesey is at senior level.

·      Whether introducing a system of auditor- accountant rotation might be helpful in addressing internal audit recruitment challenges.

·      Given that one of the stated objectives of the Internal Audit Service is to provide effective challenge and act as a catalyst for positive change and continual improvement, there is no reference in the planned work to how this objective will be delivered or the role   Internal Audit might have in providing independent input into service transformation and change.

·      The propriety of the Committee escalating recruitment and resource issues for management/Executive attention.

The Committee was advised as follows –

·      That the Internal Audit Service does have recourse to an external auditor who undertakes some of the complex strategic risk register audits in addition to the inhouse Principal and Senior Auditors. The proposed internal audit coverage also includes non-strategic risk areas which are detailed under the category of other audit work.

·      That regarding staffing and recruitment, the Internal Audit function has changed considerably in recent years and as resources have reduced the ways in which internal audit works have had to change to ensure the organisation obtains the best value from those limited resources which is a trend that is being replicated across services. Lower level/scale posts are therefore becoming obsolete because the work carried out at this level does not add value to the organisation.

·      That there may be greater opportunities in larger internal audit teams for graduate trainees to gain shadowing experience but for Anglesey’s Internal Audit Service it is more effective, efficient, and better value for money to commission skilled and experienced auditors from outside the organisation to supplement existing inhouse resources where required. Additionally, external audit provides an assessment of the  ...  view the full minutes text for item 6.

To present the report of the Head of Audit and Risk.

The report of the Head of Audit and Risk incorporating the Internal Audit Charter was presented for the Committee’s consideration.

The Head of Audit and Risk presented the report and she highlighted amendments to the Charter since it was last reviewed and approved by the Committee in December 2022 and the basis for them.

It was resolved to note the review and to approve the amendments to the Internal Audit Charter as detailed in the report.

To present the report of the Head of Profession (HR) and Transformation.

The report of the Head of Profession (HR) and Transformation setting out the Council’s response to recognised national reports and associated recommendations published by regulators was presented for the Committee’s consideration. The report also updated the Committee on the work which the Council has undertaken over the past 15 months in addition to that presented to the Committee on 8 December 2022. The report sought to provide assurance that the national recommendations attached to national reports have been given due attention by the Council and that relevant recommendations are being implemented in a meaningful way.

Points of discussion by the Committee with regard to the form and content of the report –

·      A reduction in the amount of narrative, context, and level of detail would make the report more accessible

·      That the focus should be on actions/recommendations outstanding, any barriers to completion and the risk to the Council from non-implementation

·      That the date of the national report/publication be included

·      That the RAG status of actions be noted

The Head of Audit and Risk advised that she had been liaising with the Corporate Planning, Performance and Programme Manager with a view to incorporating the recommendations/ actions arising from national reports within the 4action tracking system, and she suggested that it might be helpful if a report on the lines of the Internal Audit Outstanding Risks/Issues report could be produced for the national reviews and their recommendations for the future.

It was resolved –

·      To accept the report and updates as an accurate reflection of the County Council’s annual update against the related recommendations

·      To agree that the reports recommended for removal within the green table no longer need to be listed in future reports.

Additional action agreed – That the format and content of future reports regarding national reviews and their related recommendations be amended as suggested.

To present the report of Audit Wales.

The report of Audit Wales which provided an update on progress against its financial and performance audit work programmes as at 31 December 2023 was presented for the Committee’s information.

Mr Alan Hughes, Audit Wales Performance Audit Lead brought the Committee up to date on the latest status of Audit Wales’s financial and performance audit work.

The Committee requested that for the future, reports by Audit Wales be accompanied by a covering report setting out the purpose of each report and the expectations on the Committee in considering it.

It was resolved to note the Audit Wales Work Programme and Timetable update.

Additional action agreed – that report by Audit Wales be accompanied in future by a covering report setting out the purpose of each report and the expectations on the Committee in considering it.

To present the report of Audit Wales.

The report of Audit Wales summarising the work completed in relation to the Isle of Anglesey County Council since the last Annual Audit Summary which was issued in March 2023 was presented for the Committee’s information.

The report was presented by Mr Alan Hughes, Audit Wales’s Performance Audit Lead who highlighted Anglesey’s demographics particularly an ageing population as a significant consideration in future service planning and decision making.

It was resolved to note the Annual Audit Summary 2023 for the Isle of Anglesey.

Additional Action Agreed – as for item 9

To present the report of the Head of Audit and Risk.

The report of the Head of Audit and Risk incorporating the Committee’s Forward Work Programme and Training Programme for 2023/24 was presented for the Committee’s consideration. Changes to the scheduling of reports were highlighted by the Head of Audit and Risk and were noted by Members.

It was resolved -

·      To accept the Forward Work Programme 2023/24 as meeting the Committee’s responsibilities in accordance with its terms of reference.

·      To note the changes to the dates on which reports will be submitted.

To consider adoption of the following:-

“Under Section 100(A)(4) of the Local Government Act 1972, to exclude the press and public from the meeting during the discussion on the following item on the grounds that it may involve the disclosure of exempt information as defined in Schedule 12A of the said Act and in the attached Public Interest Test”.

It was considered and resolved Under Section 100(A)(4) of the Local Government Act 1972, to exclude the press and public from the meeting during the discussion on the following item on the grounds that it involved the disclosure of exempt information as defined in Schedule 12A of the said Act and in the Public Interest Test presented.

To present the report of the Head of Profession (HR) and Transformation.

The report of the Head of Profession (HR) and Transformation incorporating the Annual Cyber Security Report 2023/24 was presented for the Committee’s consideration. The report outlined some of the challenges in cyber security experiences in 2023/24 and how those were overcome, the common cyber threats that face the Council and the mitigating and operational controls in place to detect and prevent malicious activity.

The report was presented by the IT Team Manager who provided an overview of the contents.

Points of discussion by the Committee –

·      That it would be helpful for Members to be informed in future reports of any successful penetrations against the Council’s IT/cyber security defences and how they were dealt with and the measures taken.

·      The role of software owners in providing alert mechanisms

·      The implications of the growth of Artificial Intelligence

The Committee was advised that a draft outline policy on the usage of Artificial Intelligence is in preparation and will address the approach to be taken, the risks involved and mitigation measures to be applied.

It was resolved to accept the Annual Cyber Security Report for 2023/24.

Additional action agreed – that the Annual Cyber Security Report in future include instances (if any) where the Council’s IT/cyber security defences have been penetrated and the remedial actions taken.

Following the conclusion of the formal committee meeting, a private meeting between members of the Governance and Audit Committee, external audit and internal audit took place with no officers present.