Agenda and minutes

Hybrid Meeting - Council Offices, Llangefni/Virtually via Zoom, Governance and Audit Committee - Wednesday, 28th September, 2022 1.00 pm

A number of council meetings are live-streamed.

All meetings are also uploaded after the event onto the our webcasting site.

Venue: Committee Room 1 - Council Offices and virtually via Zoom

Contact: Ann Holmes 01248 752518 

Items
No. Item

1.

Declaration of Interest

To receive any declaration of interest by any Member or Officer in respect of any item of business.

Minutes:

Mr William Parry declared a personal interest with regard to item 10 on the agenda stating that some of the clients he dealt with in his day to day employment may be in receipt of funds from the Council or elsewhere.

 

2.

Minutes of the Previous Meeting pdf icon PDF 313 KB

To present the minutes of the previous meeting of the Governance and Audit Committee held on 26 July, 2022.

Minutes:

The minutes of the previous meeting of the Governance and Audit Committee held on 26 July, 2022 were presented and were confirmed as correct.

 

3.

Annual Report: Concerns and Complaints 2021/22 pdf icon PDF 488 KB

To present the report of the Director of Function (Council Business)/ Monitoring Officer.

Minutes:

The report of the Head of Function (Council Business)/Monitoring Officer setting out issues arising under the Council’s Concerns and Complaints Policy for the period 1 April, 2021 to 31 March, 2022 was presented for the Committee’s consideration. The report included Social Services complaints but only those where the complainant is not a service user. Social Services user complaints are dealt with separately under the Social Services Policy – Representations and Complaints Procedure for Children and Adults which are reported to the Social Services Improvement Panel.

 

In response to points raised by the Committee on the contents of the report, the Director of Function (Council Business) /Monitoring Officer –

 

·      Confirmed that the pattern and number of complaints is constant and show signs of returning to a pre Covid position, the pandemic having impacted significantly on Council activity over the course of two years.

·      Clarified that the Public Services Ombudsman for Wales does write to complainants when their complaints are not deemed to reach the threshold for investigation. Usually in such cases, the PSOW is satisfied with the Council’s formal response and own investigation. Both the PSOW and Council websites explain how to make a complaint and what can and cannot be looked at by the Ombudsman.

·      Explained with regard to lack of communication being a common theme of complaints and the need to remind services of the importance of timely communication, that under new arrangements with the PSOW which will apply to next year’s report, the same level of data that is currently being collected for complaints will be collected and reported both to the PSOW and on the Council’s website in relation to expressions of concern potentially making available a richer and more comprehensive stream of information thereby  providing services with a greater opportunity for learning. A change in terminology is also proposed involving the introduction of a three stage process where stage once covers the current expression of concern, stage two will be the formal complaint and stage 3 will be the escalation of a complaint to the PSOW the intention being to clarify and to obtain a greater level of information from the process. The changes will be shared with services and training will be provided.

·      Advised that although the Council’s performance as regards complaint handling is no longer benchmarked against that of other councils in Wales, when that was the case Anglesey Council was close to the top of the national performance table in terms of service delivery. The newly appointed PSOW in a meeting with the Council’s Chief Executive expressed satisfaction with the way the Council manages complaints and the number it receives and no issues were raised. The Official from the PSOW’s Office who delivered training on complaints to members of this Committee did refer to the expressions of concern data which under a new PSOW requirement it is necessary to publish. The Council will be capturing and reporting on this data next year.

·      Advised that as in many other councils, complaints against aspects of  ...  view the full minutes text for item 3.

4.

Public Services Ombudsman for Wales: Annual Letter 2021/22 pdf icon PDF 538 KB

To present the report of the Director of Function (Council Business)/ Monitoring Officer.

 

Minutes:

The report of the Director of Function (Council Business)/Monitoring Officer incorporating the Annual Letter from the Public Services Ombudsman for Wales (PSOW) 2021/22 was presented for the Committee’s consideration. Since 2006, the PSOW has published an annual report on the work undertaken by his/her office over the previous twelve months. The PSOW also publishes a separate annual summary of performance for each council under the cover of an annual letter and makes specific requests regarding the reporting of the letter including that it be presented to the Executive and the Governance and Audit Committee to assist members in the scrutiny of the Council’s performance and that their feedback be shared with the PSOW’s office.

 

It was resolved –

 

·      To note and accept the Annual Letter from the Public Services Ombudsman for Wales (PSOW) 2021/22 without further comment.

·      To authorise the Director of Function (Council Business)/Monitoring Officer to write to the PSOW to confirm that the Governance and Audit Committee has given formal consideration to her Annual Letter and to provide reassurance that the Council will continue to monitor complaints and thereby provide Members with the information required to scrutinise the Council’s performance.

 

5.

Corporate Health and Safety Annual Report 2021/22 pdf icon PDF 832 KB

To present the report of the Head of Regulation and Economic Development.

 

Minutes:

The report of the Head of Regulation and Economic Development incorporating the Corporate Health and Safety Annual Report for 2021/22 was presented for the Committee’s consideration.

 

The Principal Corporate Health and Safety Advisor advised that the report is a statement of the Council’s health and safety performance during 2021/22 and that a corporate Health and Safety Action Plan is also currently being implemented by the Council. The evidence provided by the report shows that the Council is providing appropriate standards of health and safety.

 

In considering the report, the Committee made the following points –

 

·      While welcoming the information with regard to attendance at training sessions, it was suggested that it would be useful for future Health and Safety Annual Reports if the data could include the number people attending as a percentage of the number who would be expected to attend and,

·      That it would also be helpful if it were easier to draw any emerging trends, patterns and/or learning points from the information presented e.g. the referrals to HSE under RIDDOR requirements at section 9 of the report.

 

The Principal Corporate Health and Safety Advisor advised that information provided by HR and Training shows that the Covid pandemic affected in-person training due to the restrictions that were in place at the time. While training courses are on the increase it is expected that a greater level of recovery in attendance at training sessions will be reflected in next year’s annual report. With regard to RIDDOR, the Officer confirmed that the HSE took no follow-up action in relation to the RIDDOR incidents reported. In terms of there being any emerging areas requiring additional preventative action, the Corporate Health and Safety Advisor said that figures remain below pre-Covid levels as the Council continues to come out of the pandemic; although next year’s report is expected to provide a truer reflection of the health and safety position, the pandemic may have led to some behavioural changes including increased awareness of health and safety.

 

It was resolved to accept the Corporate Health and Safety report for 2021/22 and to endorse the recommendations therein.

 

Recommended Action – That future Corporate Health and Safety Annual reports include data on the number of people expected to attend individual training sessions as well as the number actually attending.

 

6.

Counter Fraud, Bribery and Corruption Annual Report 2021/22 pdf icon PDF 671 KB

To present the report of the Head of Audit and Risk.

Minutes:

The report of the Head of Audit and Risk incorporating the Counter Fraud, Bribery and Corruption Annual Report 2021/22 was presented for the Committee’s consideration. The report set out the activity carried out during 2021/22 to minimise the risk of fraud, bribery and corruption within and against the Council and highlighted some of the current and emerging areas of fraud risk including those related to the Covid-19 pandemic.

 

In response to questions by the Committee on the contents of the report, the Head of Audit and Risk advised –

 

·                That while the Council is committed to preventing and identifying fraud and has the policies and procedures in place to help it do so, it is not possible to provide absolute assurance across all the Council’s activities that fraud is not taking place. Councils are at constant risk of fraud and regardless of prevention measures many councils will at some time experience fraud losses. The Council should continue to improve fraud awareness among staff ensuring that all staff complete the appropriate training.

·                With regard to using technology to tackle fraud, the Council participates in a data matching exercise with the National Fraud Initiative whereby records are compared to identify potentially fraudulent claims and payments. In respect of insurance the Director of Function(Resources)/Section 151 Officer advised that the Council employs an external company which is involved in sharing information across the sector meaning that suspicious or recurrent claims are identified.

·                While external audit in auditing the Council’s financial statements, assesses the risk of the potential override of controls by management, the main tool of fraud prevention is the Council’s system of internal control.

·                That the Council Tax Single Person Discount is the main fraud risk area for the Council. The Director of Function (Resources)/Section 151 Officer advised that the Council engages an external company to periodically check properties where a Single Person Discount applies against other databases to identify any anomalies and/or errors. Where such anomalies are found, the Single Persons Discount claimant will be informed that the discount is being cancelled unless they can provide evidence that they are living alone.

 

The Committee noted the lack of up to date regional and local data about the extent of fraud and the main sectors in which it is being perpetrated as unhelpful.

 

It was resolved to accept the Annual Counter Fraud, Bribery and Corruption Report for 2021 and to note the activity carried out during the year to minimise the risk of fraud, bribery and corruption occulting within and against the Council.

 

7.

Annual Review of Treasury Management 2021/22 pdf icon PDF 658 KB

To present the report of the Director of Function (Resources)/Section 151 Officer.

 

Minutes:

The report of the Director of Function (Resources)/Section 151 Officer incorporating a review of treasury management activity in 2021/22 was presented for the Committee’s consideration.

 

The Director of Function (Resources)/Section 151 Officer summarised the main outcomes as in the 2021/22 financial year with reference to the following –

 

·      External factors including the economic context, interest rate performance and the impact of Covd-19.

·      Internal factors including the performance of capital expenditure, the impact on the reserves and cash balances, risk appetite to investments, the borrowing taken by the Council and the impact on the Capital Financing Requirement.

·      The Treasury Management Strategy in 2021/22

·      Controlling Treasury Management through Prudential Indicators and how these are managed

·      Comparison of actual Prudential Indicators with the forecast at the beginning of the year

·      Prospects for 2022/23 and beyond.

 

In considering the report the Committee discussed capital expenditure and the underspend on the capital budget; the Director of Function (Resources) clarified the factors involved the main one being the significant underspend on the Housing Revenue Account due to the reasons outlined. In response to a question about maintaining the Council’s purchasing power he clarified how the Council’s contracts position particularly its larger revenue contracts can work in the Council’s favour in protecting it from inflation but only if the inflation element is short-term since most of the contracts are reviewed annually. If inflation remains high when contracts are reviewed and/or renewed then the Council will be vulnerable to higher prices. In terms of increasing yield through investment, the Director of Function (Resources) advised that with interest rates on an upward course, then opportunities for increasing return on investments are likely to be greater this year and the additional income will go some  way to offset rising prices.

 

It was resolved –

 

·                To note that the outturn figures in the report will remain provisional until the audit of the 2021/22 Statement of Accounts is completed and signed off; any resulting significant adjustments to the figures included in the report will be reported as appropriate.

·                To note the provisional 2021/22 prudential and treasury indicators set out in the report.

·                To note the annual treasury management report for 2021/22 and forward the report to the Executive without further comment.

 

8.

Internal Audit Update pdf icon PDF 524 KB

To present the report of the Head of Audit and Risk.

Minutes:

The report of the Head of Audit and Risk providing an update as of 31 August, 2022 on the audits completed since the previous update to the Committee in June, 2022 was presented for the Committee’s consideration. The report also set out the current workload of Internal Audit and its priorities for the short to medium term going forward. Members of the Committee were provided with copies of the four pieces of assurance work completed in the period in relation to Managing the Risk of Fraud and Corruption in Procurement (Reasonable Assurance); Direct Payments (Reasonable Assurance) and IT Service Continuity (Phishing) – First Follow Up (Reasonable Assurance) and IT Vulnerability Management (Limited Assurance) under separate cover.

 

The Committee discussed the Limited Assurance Review in connection with IT Vulnerability Management and raised questions about the timescale for migrating devices to Microsoft Endpoint/Azure which would address some of the issues raised by the review. The Committee in noting that progress was judged to be slow and that significant risks exist in the interim raised some concern on this basis.

 

The IT Team Manager explained the issues involved in the migration process and confirmed that the 30 September, 2023 deadline for the task reflects what is deemed to be an accurate timeline to complete the work. While it is expected that the bulk of the work will be completed in advance of the deadline there remain some business areas which have legacy software applications that are dependent on historic deployment methods that cannot be replicated. Although the implementation date could be longer in those circumstances it applies to a small proportion of users where there is a need to complete software upgrades or migration works. Work is ongoing with those business areas and suppliers to identify solutions as well as to establish what conversion rate can be achieved when a structured plan is in place. Work has also been undertaken to put arrangements in place to ensure that changes are formally recorded and they will include a digital process which escalates changes on the basis of risk. Any change categorised as significant with a risk to core systems will be referred to a change board within the IT section.

 

The Committee was also assured in the context of the ICT Service Continuity (Phishing) First Follow-Up review that cyber awareness training is being refreshed to keep pace with increasingly sophisticated cyber-attacks, and that the current training course is in the process of being renewed and will require staff to demonstrate their learning via a quiz which will provide information around pass rates and thresholds. A new training programme is also being procured to improve awareness and recognition of phishing attacks.

 

It was resolved to accept the report and to note Internal Audit’s assurance provision and priorities going forward.

 

Recommended action – the Committee to be provided with an update at its February, 2023 meeting, on progress with implementing the IT Vulnerability Management Action Plan.

 

9.

Outstanding Issues and Risks pdf icon PDF 596 KB

To present the report of the Head of Audit and Risk.

Minutes:

The report of the Head of Audit and Risk providing an update on the status of outstanding issues/risks that Internal Audit has raised was presented for the Committee’s consideration.

 

The Principal Internal Auditor presented the report and provided an overview of its contents.

 

It was resolved –

 

  • To note the Council’s progress in addressing the outstanding Internal Audit Issues/Risks.
  • To support the proposal that action owners of major or amber rated issues/risks that are still not resolved 12 months after the original target date has passed, be asked to attend the Governance and Audit Committee to provide information on the reason for the delay in addressing the issue/risk.

 

10.

External Audit:Direct Payments for Adult Social Care pdf icon PDF 2 MB

·                    To present the report of Audit Wales.

 

·                    To present the report of the Director of Social Services.

Additional documents:

Minutes:

·                The report of the Auditor General for Wales with regard to Direct Payments for Adult Social Care was presented for the Committee’s consideration. The report looked at how local authorities in Wales provide direct payment services to adults, examining their impact and value for money and makes ten recommendations for improvement

 

·                The report of the Director of Social Services setting out the Social Services’ response to the Auditor General’s report was presented for the Committee’s consideration and assurance. The response took the form of an Action Plan which addressed each of the recommendations of the Auditor General’s report individually.

 

The Head of Adults’ Services confirmed that the Service recognises the advantages of Direct Payments in providing service users with choice, variety and opportunity and in offering flexibility in terms of who service users choose to employ and what task they employ them for.  A dedicated Officer has been employed to promote their take up and 239 have done so to date. Since the Auditor General’s report was published, Anglesey has increased its hourly personal assistance rate to £13.10 which is below the rate it would pay were the service to be commissioned externally meaning that as well as being advantageous to the individual, the Direct Payments scheme is also cost-effective for the Authority. Direct Payments policy, guidance material and website have recently been reviewed with a view to ensuring that Direct Payments are offered as an option alongside other choices and not simply when other choices are unavailable.

 

In response to questions by the Committee about the Direct Payments scheme and how it works, the Head of Adults’ Services confirmed that Anglesey’s hourly rate is around mid-level in comparison with other local authorities in Wales. The Officer advised that a third sector organisation - North Wales Advice and Advocacy has been commissioned to provide support and guidance for service users with administering Direct Payments and he clarified what this entails. Whilst individuals may wish to administrate the payments themselves they are encouraged to do so through North Wales Advice and Advocacy as this offers safeguards and an element of protection. Although it is thought that there is potential to extend the Direct Payments scheme further it is anticipated that take up will eventually level off as the scheme is not suitable for all clients.

 

It was resolved –

 

·                To note the report of the Auditor General for Wales in respect of Direct Payments for Adult Social Care.

·                To acknowledge the Social Services response to the Auditor General for Wales’s report arising from its national study of Direct Payments for Adult Social Care and

·                To confirm that the Committee is reassured by the Service’s response in the form of the Action Plan to the national study of Direct Payments for Adult Social Care.

 

11.

External Audit: Audit Wales Programme and Timetable - Quarter 1 2022/23 Update pdf icon PDF 215 KB

To present the report of Audit Wales.

Minutes:

The report of Audit Wales on its Work Programme and Timetable as of 30 June, 2022 was presented for the Committee’s information. The report provided an update on the progress and status of Audit Wales’ financial and performance audit work comprising of both planned and published studies and included the work of Estyn and Care Inspectorate Wales.

 

In response to a question regarding the audit of the financial statements and whether there might be any issues which might delay the completion of the audit by the end of November deadline, Ms Yvonne Thomas Financial Audit Lead, Audit Wales confirmed that the audit is ongoing and that a significant part of the work has been completed. While no issues have been identified to date some amendments have been highlighted; once the amended accounts are received by Audit Wales together with valuation information that the Council is providing which it is understood is imminent there should not be a delay in completing the audit. However, a potential issue has arisen in relation to the treatment of infrastructure assets and how these are audited – further guidance and confirmation of the final position on this matter are awaited.

 

The Director of Function (Resources)/Section 151 Officer advised that having agreed with Audit Wales that those areas of the accounts that can be audited be prioritised, there are two issues that are affecting all councils in Wales and most in England which relate to –

 

·                     The valuation of property, plant and equipment. Due to increasing property prices and because not all property is valued annually, concerns have been raised that the value of property may therefore be materially understated on local authority balance sheets. The Council is having to undertake further work to show that the value of its property is not understated or if it is, by how much. While discussions between Audit Wales and CIPFA regarding how councils can demonstrate this have caused some delay, Anglesey has decided to carry out a desktop valuation which is in the process of being completed following which the information will be submitted to the auditors.

·                     The treatment of infrastructure assets which includes roads and bridges. These have historically been valued on the balance sheet according to the expenditure on them and are depreciated over time. An issue has been raised in relation to how councils show that when part of an infrastructure asset is replaced the value of the original asset has been depreciated to zero in the accounts. Although that is the assumption, councils are being asked to provide supporting evidence which is information many councils do not hold as they do not record expenditure/value of assets in this way.

 

Discussions between the relevant accounting bodies to find a way forward with regard to the 2021/22 accounts (and in the case of some local authorities in England with regard to the 2020/21 accounts where this remains the outstanding issue preventing sign off) are ongoing and may delay the conclusion of the audit of accounts process.  ...  view the full minutes text for item 11.

12.

Review of Forward Work Programme pdf icon PDF 257 KB

To present the report of the Head of Audit and Risk.

Minutes:

The report of the Head of Audit and Risk incorporating the Committee’s Forward Work Programme and Training Programme for 2022/23 was presented for the Committee’s consideration.

 

The Head of Audit and Risk highlighted that the Work Programme as presented does not reflect the addition of a meeting on 23 November 2022 to consider the Final Annual Governance Statement 2021/22 and Final Statement of the Accounts 2021/22.

 

It was resolved to accept the Forward Work Programme as meeting the Committee’s responsibilities in accordance with the terms of reference with the addition of the 23 November, 2022 meeting.

 

13.

Exclusion of the Press and Public pdf icon PDF 297 KB

To consider adopting of the following:-

 

“Under Section 100(A)(4) of the Local Government Act 1972, to exclude the press and public from the meeting during the discussion on the following item on the grounds that it may involve the disclosure of exempt information as defined in Schedule 12A of the said Act and in the attached Public Interest Test”.

 

Minutes:

It was considered and resolved -

 

“Under Section 100 (A) (4) of the Local Government Act 1972, to exclude the press and public from the meeting during the discussion on the following item on the grounds that it involved the disclosure of exempt information as defined in Schedule 12A of the said Act and in the Public Interest Test presented.”

 

14.

Cyber Security Annual Report 2022

To present the report of the Head of Profession (HR) and Transformation.

 

Minutes:

The Cyber Security Annual Report 2022 was presented for the Committee’s consideration.

 

The report outlined in general terms the common cyber threats that face the Council along with some of the mitigating controls and operational controls that the Council has in place to detect and prevent malicious activity. The Committee was advised that the IT Department has been implementing new technologies to aid the early detection of vulnerabilities and intrusive events. Updates to policies and procedures have also been taking place during 2021/22 which will help strengthen the investigative process when responding to incidents as will the new Incident Response Policy.

 

It was resolved to accept the report as providing assurance tht the Council has reasonable measures in place to manage cyber threats to an acceptable level.

 

15.

Exclusion of the Press and Public pdf icon PDF 116 KB

To consider adopting of the following:-

 

“Under Section 100(A)(4) of the Local Government Act 1972, to exclude the press and public from the meeting during the discussion on the following item on the grounds that it may involve the disclosure of exempt information as defined in Schedule 12A of the said Act and in the attached Public Interest Test”.

 

 

Minutes:

It was considered and resolved -

 

“Under Section 100 (A) (4) of the Local Government Act 1972, to exclude the press and public from the meeting during the discussion on the following item on the grounds that it involved the disclosure of exempt information as defined in Schedule 12A of the said Act and in the Public Interest Test presented.”

 

16.

Strategic Risk Register Update

To present the report of the Head of Audit and Risk.

Minutes:

The report of the Head of Audit and Risk incorporating the Strategic Risk Register was presented for the Committee’s consideration. The Committee was advised that no new risks have been identified and no risks have been closed since the strategic risk register was last presented to the Committee. The report highlighted three risks where changes have been made in terms of probability and impact following a review by the Strategic Leadership Team with the risk level having been revised accordingly due to factors in the economic environment and the robustness of existing mitigation measures. The report also identified the top (red/critical) residual strategic risks to the Council.

 

The Committee discussed the seven red/critical residual risks on the Risk Register regarding which some concern was expressed. It was asked whether these risks required extra management or actions to bring the rating down or whether the rating had been set higher than it should be. The Committee was advised that all the risks on the Risk Register have been assessed by the Leadership Team against the risk scoring matrix which sets the Council’s risk appetite. While the seven red/critical residual risks can be grouped into three essential themes covering the economy, information technology and physical assets, it is more helpful for Internal Audit purposes if they are identified separately.

 

The Committee accepted that some of the red/critical residual risks by their nature will always exist because being linked to people, assets, information technology and the wider economy they are a permanent part of the Council’s business and day to day operations. It might be the case therefore that the Council has to live with these risks but having been identified and assessed and regularly monitored, they can be managed to an acceptable level.

 

(As the meeting had now been in progress for three hours, in accordance with the requirements of para. 4.1.10 of the Constitution the Chair asked the Members present whether they wished the meeting to continue. A majority of those Members present voted for the meeting to continue).

 

It was resolved to note the amendments made in relation to the Strategic Risk Register and to take assurance that the Leadership Team has recognised and is managing the risks to the achievement of the Council’s priorities.