Agenda and minutes

Audit and Standards Committee
Monday, 12th March, 2018 10.00 am

Venue: Oak Room, County Buildings, Stafford. View directions

Contact: Tina Gould  Email: tina.gould@staffordshire.gov.uk

Items
No. Item

2.

Declarations of Interest

Minutes:

There were no declarations of interest.

3.

Minutes of the Meeting held on 12 December 2017 pdf icon PDF 130 KB

Minutes:

The minutes of the meeting held on 12 December 2017 were approved as a correct record.

4.

Annual Information Governance Statement pdf icon PDF 819 KB

Report of the Head of Business Support

Minutes:

The Head of Business Support gave a presentation on the Annual Report on Information Governance explaining that information governance is the way in which the County Council handles its information, in particular sensitive information relating to its residents and employees. It provides a framework to ensure that personal information is dealt with legally, securely, efficiently and effectively, in order to deliver the best possible service. 

It also offers Council employees a clear structure to deal consistently with the many different rules and regulations about how information is handled, including but not exclusively those set out in various Acts such as:

 

      Data Protection Act 1998

      Freedom Of Information Act 2000

      Environmental Information regulations 2004.

 

Key highlights in 2017 included compliance with legislation and mandatory inspections.  Acknowledging that there had been an increase in attacks and incidents, mirroring the national picture, the Council had technical safeguards in place.  All Members and staff were urged to remain vigilant.  Sixty eight per cent of staff had completed mandatory training as of 28 February.

 

In terms of relevant information security statistics, Symantec Email Gateway handled 24,104,353 incoming messages of which 55% contained single or multiple threats and were blocked. 80,000 emails are blocked before they are received by employees.  There has been a spike in the number of inbound phishing reports; this follows a national trend.

 

In regard to Incident Statistics (electronic and paper) there has also been a spike. This may be due to the fact that staff are now more aware of reporting procedures.  A large proportion of incidents are internal, for example emails being sent to the wrong person.  The Council’s target is to reduce the figure by 25 per cent once all mandatory training has been completed.  Following an internal audit inspection, the Information Governance Unit had been advised to change some of the categories against which they recorded incidents.

 

This year General Data Protection Regulations (GDPR) comes into force on 25 May.  Mandatory cyber security training has been available for all Members and staff.  A one day exercise is being held on cyber security.  The transparency pages on the intranet are being updated in time for the Peer Review in September.

 

With reference to “the benchmark set by the Information Commissioner for an acceptable service is 85% of requests answered in 20 days” Members remarked that the public expect the local authority to respond to such requests within 28 days and may not appreciate that the Information Commissioner has set a lower standard.  Members asked why it took over a year for Information Requests to be made available (Appendix A of the report) and also requested details of the totals in the diagrams in Appendices C and D of the presentation.  The Business Support Manager stated that the information requests referred to in Appendix A should state “January 2017 – December 2017.  Further information would be forwarded to Members in regard to the information in Appendices C and D of the report.

 

In regard to the changes  ...  view the full minutes text for item 4.

5.

Review of Effectiveness of Internal Audit and Audit and Standards Committee

5a

Internal Audit - External Quality Assessment pdf icon PDF 266 KB

Report of the Director of Finance and Resources

Additional documents:

Minutes:

The Head of Audit and Financial Services summarised the results of the recent external quality assessment review undertaken in January 2018 by Ray Gard, on behalf of the Chartered Institute of Public Finance and Accountancy (CIPFA).  It is a requirement of the Public Sector Internal Audit Standards (PSIAS) that an external assessment of the internal audit function is carried out every five years.  The draft report summarised the key findings of this assessment.  The conclusion and opinion of the assessment was that the Council’s Internal Audit Service is a competent, professional, well-qualified and respected service that is continually looking for ways to improve its overall efficiency and effectiveness.  The Service Generally Conforms to the requirement of PSIAS.  No areas of non-compliance or partial compliance with the standards were identified. Some minor observations, one recommendation and some suggestions were identified that should be addressed and these are detailed on pages 47- 50 of the report and will be considered for inclusion in the 2018/19 development plan.

 

Members asked for an explanation of the difference between recommendations and suggestions. A recommendation specifically refers to an issue in the standards that must be addressed.  A suggestion is something on which the Audit Service could improve.

 

Members welcomed the report and the suggestions contained therein and the follow up responses.

5b

Review of the Effectiveness of the Audit and Standards Committee pdf icon PDF 344 KB

Report of the Director of Finance and Resources

Additional documents:

Minutes:

The Head of Audit and Financial Services summarised the results of the recent Review of the Effectiveness of the Audit and Standards Committee against recommended practice contained within CIPFA’s Publication – Practical Guidance for Local Authorities and Police 2013 edition.

 

Members had participated in a workshop on 12 February and a summary of the outcomes of their deliberations are given in Appendix 1 of the report.

Appendix 2 summarised the assessment key and Appendix 3 summarised the overall assessment against a list of areas where the Audit and Standards Committee could add value by supporting improvement.

 

Members welcomed the report and asked for details of the next steps in terms of improving on this report, with particular reference to benchmarking.  The Chairman stated that the Service should periodically benchmark against other local authorities.  He had discussed risk management and the risk register in detail with the Assessor.  He considered that there was some room for improvement in this area.  The Head of Audit and Financial Services said that the Council subscribed to the Better Governance Forum and she would investigate if there was any relevant information that could be circulated to Members.

 

RESOLVED:  a) The Committee noted the information contained in the report.

b) that the Head of Audit and Financial Services would investigate if there was any relevant information on the Better Governance Forum on benchmarking that could be shared with Members.

6.

Annual Report of the Management of Complaints made under the Members' Code of Conduct pdf icon PDF 215 KB

Report of the Director of Strategy, Governance and Change

Minutes:

The Head of Law and Democracy introduced this report stating that she was pleased to report that there had been no formal complaints dealt with under the Standards Regime and she hoped that this standard would be maintained. 

 

She was saddened to report that Mr Charles Mitchell, one of two independent persons who had supported the County in this regard for many years had passed away early in December 2017, and she wished to place on public record her appreciation for his help and support.

 

Two new Independent Persons have been appointed to the Independent Persons Panel – Mr Tom Roach and Mrs Christina Robotham.

 

Although there were no formal complaints there have been two enquiries about the timescale within which Members can be expected to respond to queries from constituents.  It was acknowledged that sometimes it could take time to gather information to respond to queries, particularly as new Members are trying to identify who to get in touch with for information.  

 

Members were reminded that the Member:Officer protocol stated that Officers should respond to Members’ queries in two working days.  Officers were encouraged to keep in touch with Members if there were delays in answering their queries and to go to their buddy or Community Partnership Officer if they had any issues or concerns regarding who to contact.

 

In regard to a second enquiry regarding schemes funded from Members’ Divisional Highways Budgets. Members considered that it would be helpful to receive some further advice on how the DHP could be spent by Members, in particular opportunities for pooling Budgets as Budgets had been reduced over the years.  It was agreed to ask the Community Infrastructure Manager to share with Members best practice advice on how to spend their Divisional Highways Budgets.

 

RESOLVED:  a) The Committee noted the report;

b) That the Community Infrastructure Manager be asked to share with Members best practice on how to spend their Divisional Highways Budgets.

7.

External Audit Plan 2017-18 pdf icon PDF 5 MB

Report of Ernst and Young

Minutes:

Mark Surridge on behalf of Ernst and Young summarised the Audit Planning Report for the year ended 31 March 2018. 

 

Ernst & Young confirmed that they were independent auditors and saw no potential impairment to their objectivity.

 

In terms of the overview of the 2017/18 audit strategy,  by way of explanation and reassurance “risk of fraud in revenue and expenditure recognition” and “misstatements due to fraud or error” are mandatory risks and are applied to any organisation of any size i.e. they do not imply that Ernst and Young have any specific concerns in regard to Staffordshire County Council, but the statements reflect their professional scepticism.

 

“The valuation of land and buildings” remains a significant risk because of the significant proportion of the Council’s total assets and the rolling valuation process incorporates significant judgements, which if inappropriate could result in a material misstatement.  “The valuation of LGPS ( Local Government Pension Scheme) also remainsa significant risk because of the size of net pension liability and the estimation of the defined benefit obligations is sensitive to a range of assumptions.  This area continues to be an area of audit focus.

 

There are three new risks identified in the strategy -   the introduction of the new General Ledger System; the implementation of the new Payroll System and the 2016 financial statement audit of Entrust Support Service Ltd that had resulted in a £44m impairment of goodwill. 

 

The Deputy Director of Finance explained that the Council was unable to reflect its share in the 2016/17 statements, as the information was not available in time.   In the view of the opinion of Ernst & Young a prior period adjustment is now required to be made in the 2017/18 financial statements.  Members noted that potential revenue from digital platforms had been revised and consequently this resulted in a £44m impairment of goodwill.  They were concerned that the initial calculations provided indicated that the Council’s investment will reduce by £22.2m from £23.3m down to £1.1m.  Members asked how this situation had arisen, what it meant in terms of profitability of Entrust and the significance of this to Members. 

 

The Deputy Director of Finance stated that this was a bookkeeping entry in the Council’s accounts and made no difference to Entrust’s profitability today.  It reflected the Council’s share of investment in Entrust four years ago based on a set of assumptions on the company at this time.  At the point of acquiring the company there were certain assumptions regarding future growth and these had not materialised. From the Council’s point of view this generated a cash payment which the Council spent on protecting our services based on assumptions at that time.  As Entrust has progressed the amount of growth outside Staffordshire has not been as predicted.  It is therefore reasonable and prudent to adjust the valuation of the company by adjusting those values.  It could be debated whether this adjustment should have taken place incrementally, or in one go, as Entrust had done, late in their accounting year in  ...  view the full minutes text for item 7.

8.

Pension Fund External Audit Plan - 2017 -18 pdf icon PDF 5 MB

Report of Ernst & Young

Minutes:

Caroline Davies, on behalf of Ernst & Young, summarised the key messages in the Pension Fund External Audit Plan report.  The main risks were identified in the report and categorised as ‘New’, ‘Increased Risk’; ‘No change in risk or focus’ or ‘Decreased Risk’.

 

There has been a change in personnel in the Audit Team this year from Richard Page to Suresh Patel.  As the Engagement Lead. He will continue to be supported by Caroline Davies.

 

In regard to the materiality, this has been set at £91.8m which represents an increase in the materiality to 2 per cent of the prior year’s net assets this year. This means that Ernst & Young will continue to report all uncorrected misstatements relating to the primary statements greater than £4.6m but there may be items that fall outside the scope of Ernst & Young.  This will be reassessed throughout the audit process.

 

The audit risks were summarised as detailed in pages 120-121 of the report. The significant risks were identified as Mis-statements due to fraud or error, the new General Ledger System and Valuation of unquoted investments.  Full details of the risks were detailed in the report and the actions that Ernst & Young would be taking to mitigate against those risks.

 

The net assets of the fund as at 31 March 2017 were £4,590m of which £91.8m were planning materiality; £68.9m performance materiality and £4.6m audit differences.

 

Members referred to the New General Ledger System that had been identified as a significant risk and asked for further detail on how assurance would be carried out.  Mark Surridge responded that Ernst & Young had continued dialogue with the Internal Audit Team on the planned work on the system migration and would do their own independent work in conjunction with IT Risk Assurance specialists to review the Council’s approach and execution of the transfer of data to the new system.

Members asked for further detail on the risk of the valuation of unquoted investments and were informed by the Head of Audit and Financial Management that these investments are regularly reviewed and will be considered as part of the 2018/19 Audit Plan.  Members asked if they could have a further paper on pooled investment vehicles and limited partnerships and the impact that this could have on the Fund.  The Chairman, mindful of recent staffing changes in the Pensions team, asked if the team was now sufficiently resourced.  It was agreed that the Chairman write to the Cabinet Member for Finance to seek reassurance that the Pensions Fund is sufficiently supported to ensure that it is being administered properly.

 

RESOLVED:  a) That the Committee add to their Forward Plan a paper on the Pensions Fund’s unquoted pooled investment vehicles and limited partnerships;

 

b)  that the Chairman write to the Cabinet Member for Finance regarding staffing resources in the Pensions Team.

9.

Local Government Sector Update Report pdf icon PDF 843 KB

Report of Ernst and Young

Minutes:

Mark Surridge, Ernst & Young, introduced their sector briefing that updated the public sector on the work of Ernst & Young in the local government sector on the audits that they undertake. 

 

There were no questions from Members.

 

RESOLVED: a) That the briefing be received.

10.

Work Programme 2017-18 pdf icon PDF 289 KB

Minutes:

The Chairman drew Members’ attention to size of the Work Programme and asked if Members preferred to have longer or additional meetings.  Following discussion Members asked if a further meeting could be added in May 2018.

 

Members asked if they could receive a report on SAP and were informed that this would be included in the Internal Audit Outturn Report 2017-2018.

 

RESOLVED: That the Work Programme be received;

 

b)  a further meeting be added to the Work Programme in May 2018.

11.

Exclusion of the Public

The Chairman to move:-

 

“That the public be excluded from the meeting for the following items of business which involve the likely disclosure of exempt information as defined in the paragraphs of Part 1 of Schedule 12A (as amended) of the Local Government Act 1972 as indicated below”.

 

 

PART TWO

(reports in this section are exempt)

 

Minutes:

The public were excluded from the meeting for the following items of business which involve the likely disclosure of exempt information as defined in the paragraphs of Part 1 of Schedule 12A (as amended) of the Local Government Act 1972.

12.

Cyber Essentials - Limited Assurance Review - Update (exemption paragraph 3)

Presentation on update against recommendations by Interim Head of ICT

Minutes:

(Exemption paragraph 3)

13.

Internal Audit Report - Limited Assurance Review - Fairer Charging and Welfare Benefits (exemption paragraph 3)

Report of the Head of Audit and Financial Management

Minutes:

(Exemption paragraph 3)