Agenda and minutes

Audit and Standards Committee
Wednesday, 12th June, 2019 10.00 am

Venue: Oak Room, County Buildings, Stafford. View directions

Contact: Tina Gould  Email: tina.gould@staffordshire.gov.uk

Items
No. Item

78.

Declarations of Interest

Minutes:

There were no declarations of interest.

79.

Minutes of the Meeting held on 11 March 2019 pdf icon PDF 95 KB

Minutes:

RESOLVED: That the Minutes of the meeting held on 11 March 2019 be confirmed and signed by the Chairman.

80.

Annual Report on Information Governance pdf icon PDF 259 KB

Report of the Director of Corporate Services

Minutes:

The Information Governance Manager (IGM) introduced the report, explaining that it was designed to give Members reassurance that the Council is complying with the relevant legislation and provide assurance for the annual governance statement. The Council is currently reviewing the Information Governance Framework and policies.   The policies were cross referenced against ISO standards for information security.

 

The IGM described how Freedom of Information and Data Protection performance were monitored, the standards and Council’s achievement against those standards.  The County Council was currently achieving 86 per cent of FOI requests answered within 20 days, but many FOIs were responded to within 5 days and this would raise the percentage to approximately 95 per cent. The benchmark set by the Information Commissioner for an acceptable service is 85%.  The IGM stated that the volume of requests gave no indication of the amount of time spent answering each request.  Some requests are complex and remained a challenge to manage in some areas with staff reductions and volumes increasing and becoming more complex.

 

With reference to Data Protection, these were mostly dealt with through the Information Governance Unit (IGU) except for Families First, who deal with their own requests, as detailed knowledge of individual cases was required.  Compliance with the statutory timescale was low in the children’s area and a post to address this had recently been advertised.  The IG team also provide advice to external organisations which brought income in to the Authority.

 

The IGM explained that work was underway to review the current Information Asset Register (IAR) to provide a more devolved, user friendly and dynamic approach.  This will put more ownership back to the service areas.  Training material will be reviewed and refreshed ready for the launch in late 2019. 

 

Information Security and Cyber continued to prove a challenge to the Council.  IGU were working proactively to protect County Council data details of which were given in the report.  There had been a spike in number of messages blocked by Distributed Denial of Service (DDoS) attacks in January 2019. Members asked if they could have further details of the geography and type of attack.  In this instance, the spike occurred before the accreditation was achieved.

 

There had been an increase in malware and it was hoped that staff training, and awareness would make staff more cautious when they receive emails that may have malicious links. Staff were being trained across service areas to manage malware.  The increase in the number of reported security incidents could be linked to staff becoming more aware.  Work was taking place with Staffordshire Police who were asking for volunteers to be cyber champions.  Staff were being trained across the service areas to act as Cyber Champions. 

 

A graph in the report showed that there had been an increase in inbound phishing reports and the number and types of security incidents reported. Ways of using Office 365 to reduce the number of incorrect enclosures were being explored. 

 

Participation in a recent multi-agency Cyber Security Incident had been  ...  view the full minutes text for item 80.

81.

Code of Corporate Governance pdf icon PDF 56 KB

Report of the Director of Corporate Services

Additional documents:

Minutes:

The interim Head of Audit and Financial Services introduced this report, explaining that the Code of Corporate Governance was one of the key documents that feed into the Annual Governance Statement that forms part of the Annual Accounts that will be presented to the Audit and Standards Committee for approval on 30 July 2019. 

 

The Code is based on the CIPFA Delivering Good Corporate Governance in Local Government Framework. This was refreshed and republished in April 2016.  Details of how the seven core principles, sub principles and the systems, policies, procedures and action plan that had been put in place to meet these was detailed in the report.  A small number of actions were outstanding and would be actively managed by the Corporate Governance Working Group and reported back to the Committee. 

 

A local government review on governance by the National Audit Office had been completed that explained how governance is being developed in local government. The Interim Head of Audit and Financial Services agreed to circulate this report to Members.

 

Note by Clerk: https://www.nao.org.uk/wp-content/uploads/2019/01/Local-authority-governance.pdf

 

RESOLVED: That the Code of Corporate Governance and Action Plan 2019/20 be approved.

82.

Internal Audit Charter 2019 pdf icon PDF 58 KB

Report of the County Treasurer

Additional documents:

Minutes:

The Interim Chief Internal Auditor introduced the report explaining that there had been a few amendments since the Charter had been last approved by the Committee in June 2018. 

 

The Internal Audit Charter set out the purpose, authority and responsibility of the internal audit activity as required by the Public Sector Internal Audit Standards (PSIAS) and the Local Government Application Note (LGAN) Standard 1000. 

 

The content of the Charter was set out in paragraph 1 (a-e) of the report. The Internal Audit Charter 2019 was detailed in Appendix 1 with key highlights marked in yellow.

 

A key development had been the merger of the Finance and Resources directorate and the Strategy, Governance and Change directorate into the Corporate Services directorate and the new role and title of the County Treasurer.  In addition, reference is now made in the Charter to development of the Continuous Controls Monitoring programme and the data utilisation strategy.  The Charter has also been expanded the responsibilities of the Audit and Standards Committee following revisions made to its Terms of Reference in December 2018.  This also included the publication of the Committee’s Annual Report of its work.  Amendments reflecting the changes were highlighted throughout the report.  The role of the Head of Internal Audit (Chief Internal Auditor) was detailed in paragraph 7 of the Charter; the role and responsibilities of the Audit and Standards Committee in paragraph 10; and the use and processing of data including privacy notices in paragraph 15. 

 

Appendix 1 of the report detailed the Financial Regulation D – Audit, Control and Irregularities and Appendix 2 gave detail of the Audit Opinions and risk ratings.

 

RESOLVED: The Committee approved the revisions to the Internal Audit Charter.

83.

Proposed Internal Audit Strategy & Plan 2019/20 pdf icon PDF 62 KB

Report of the County Treasurer

Additional documents:

Minutes:

The County Treasurer set the context for the Strategy and Plan for the proposed Internal Audit Strategy and Plan 2019/20 that is presented to the Committee on an annual basis for approval. 

 

There were three key features of the plan which were risk, and the County Treasurer stated that it was his intention to ensure that the Council could evidence risk more obviously throughout Council.  Secondly, the use of data and automation.  The development of continuous controls monitoring (CCM) presented an exciting dilemma in allowing greater accessibility.  However, cyber security presented a threat and a balanced risk must be ensured.  Finally, communication of the Plan.  Audit is an aid to management and the development of the Plan is based upon consultation with a number of senior officers.  The proposed plan had been agreed by all the Senior Leadership Team before being presented to the Committee.  The aim was to make the Plan more user friendly and add value to the operations of the Council. 

 

The interim Chief Internal Auditor explained that the Accounts and Audit (England) Regulations required authorities to have an “effective internal audit” and this was demonstrated through the establishment of a risk-based Internal Audit Plan.  The Plan was attached as Appendix A to the report.  The interim Chief Internal Auditor gave a presentation that set out how the plan had been prepared and the key highlights for the year ahead.

 

The aim of the presentation was to demonstrate to the Committee that a robust methodology (detailed in Appendix A of the Plan) had been adopted in formulating the Plan for 2019/20 and to reassure Members that the Plan focussed on the key risks facing the Council and achieved a balance between setting out the planned work for the year, but also retaining flexibility to respond to changing risks and priorities during the year.  The aim was also to provide assurance that there were sufficient resources within Internal Audit to deliver the Plan for 2019/20. 

 

The Internal Audit Strategy is a key governance document that comes to the Committee every year for endorsement.  Summary details of the internal audit strategy; consultation arrangements in formulating the plan; the risk assessment process; the key principles applied, and audit resource requirements to deliver the Plan in 2019/20 were described.  Fundamental to the Plan was consultation and the Audit Team consulted with Council managers in developing the Plan.  The Plan is owned by the whole Council.   Between January and March 2019 the Audit Managers consulted with over 60 officers within the Council on the contents of the Plan, including SLT, the Director of Corporate Services and the County Treasurer.  All high risk rated audit reviews are generally included in the Plan. However, occasionally there were other high-risk audits that are not included in the Plan.  In such cases, reliance is placed on alternative sources of assurance e.g. Peer Reviews, internal scrutiny or an inspectorate visit.  The aim was not to duplicate assurance.  As part of the Plan, the top risk  ...  view the full minutes text for item 83.

84.

Annual Audit Fees 2019-20 - Correspondence received from Ernst & Young pdf icon PDF 19 KB

Report of Ernst & Young

Minutes:

Stephen Clark, Ernst & Young referred Members to the Annual Audit Fees letter that Ernst & Young were required to provide and it detailed the Annual Audit fees for 2019/20 together with comparative figures for previous years.

 

RESOLVED: The correspondence from Ernst & Young was noted.

85.

Local Government Audit Committee Briefing Update - Quarter 1 pdf icon PDF 1011 KB

Report of Ernst & Young

Minutes:

Stephen Clark, Ernst & Young, introduced the Local Government Audit Committee Briefing for Quarter 1 2019 and drew Members attention to the report reflecting the financial pressures that local government faced as currently reported in the media.

 

RESOLVED:  The report was received.

86.

Deprivation of Liberty Safeguards pdf icon PDF 316 KB

Report of the Director of Health and Care

Additional documents:

Minutes:

The Director of Corporate Services gave the background to the complaint that had been received from the Local Government and Social Care Ombudsman (LGSCO) in respect of the Council’s approach to Deprivation of Liberty Safeguards (DoLS). 

 

The Supreme Court judgement in P v Cheshire West and Chester Council changed the definition of what constituted a deprivation of liberty and required them to adopt a different approach.  This had resulted in more cases being classified as DoLS and the Council (along with others) had not been able to deal with the increase in workload that had resulted from the need to reprioritise cases, currently categorised as High, Medium or Low priority.  The LGSCO had reviewed the Council’s prioritisation process and were unhappy with it.  The Council had entered into dialogue with the LGSCO as the Council considered the process reasonable.  No risks to individuals had been found and it was a practical approach to dealing with this whilst the legislation goes through the process of amendment.  In effect the Council had agreed to disagree with the LGSCO.  The LGSCO had found that the Council was not dealing with review of high priority cases quick enough.  They were unhappy that medium and low cases were not being reviewed.  The LGSCO did not state that the Council must change its system now but had asked the Council to review its system post legislation and produce an action with three months of the legislation coming into force.  

 

A new Mental Capacity Act had received Royal Assent in mid-May and was expected to come into force in Spring 2020.  The new regime would have a 12-month transition period.  Instead of Deprivation Liberty Standards, it would be referred to as Deprivation of Liberty Protection Safeguards.  No further guidance was available at this time.  The Director of Corporate Services reassured Members that the Council would produce an action plan in due course.  The Council had not received any complaint from an individual regarding the current regime and were not aware of anyone having an adverse reaction to the current way of working.  Finally, no local authorities were able to comply with the current legislation.

 

Members asked if we had the staff in place to deal with any possible changes.  The Director of Corporate Services responded that it would depend on whether the changes had any impact on workload.  The Council would not have any option but to comply with the new legislation and would have to find the resources to do so.  He hoped that if there were financial implications the Council would be given the funding to comply.  He added that the regime would less onerous, but it could be more onerous than the current system.  It was the Courts that had intervened previously to make the legislation more onerous.  He stressed that if we had to find the resources to comply that he would discuss this with the County Treasurer.

 

Members asked that they be kept updated on this matter and asked to  ...  view the full minutes text for item 86.

87.

Appointment of Independent Remuneration Panel Members pdf icon PDF 58 KB

Report of the Director of Corporate Services

Minutes:

The Head of Law and Democracy asked Members to appoint five members to sit on a special Panel of the Audit and Standards Committee for the purpose of recruiting Independent Remuneration Panel members.  A date for shortlisting and appointment of Members had been agreed. 

 

RESOLVED: That the Chairman identify and invite four Members to join him on the Panel. 

 

Note by Clerk: Councillors Hood, B Williams, Wilson and Woodward had agreed to join the Chairman by sitting on the Independent Remuneration Panel.

88.

Forward Plan 2019/20 pdf icon PDF 153 KB

Minutes:

The interim Head of Audit and Financial Services introduced this item drawing Members attention to items on the Forward Plan.  Discussion had taken place with the Chairman and Vice Chairman regarding the size of the agenda and it had been suggested that the agenda size and length of meetings could be reduced by circulating papers ‘for information’ outside the agenda and then asking if there were any matters arising from them in the meeting.  It was proposed that a number of items in the Forward Plan were dealt with in this way.  The Chairman added that links to supporting documents would be provided where possible.  Members asked that where links were provided that it took them to the document rather than to a website. He added that this approach would be kept under review.

 

The 9 March 2020 meeting date would be cancelled and rearranged.

 

Members requested that if the meeting was likely to extend beyond two hours this could be amended in their diaries.

 

RESOLVED:  a) The Forward Plan was received b) Officers to note the request for items to be circulated as ‘for information’ where possible c) The Scrutiny and Support Manager to send an email request to Members extending the length of meetings, where appropriate. 

89.

Internal Audit Outturn Report 2018/19 pdf icon PDF 302 KB

Report of the County Treasurer

Additional documents:

Minutes:

The interim Chief Internal Auditor introduced this report that contained the annual opinion for the year, along with the Audit Plan, from an internal audit perspective.  Internal Audit is required by professional standards to deliver an annual internal audit opinion and to report to the Committee.  This work is timed to feed into the Annual Governance Statement that would be produced in July.  The report contained the opinion; a summary of the work that supported that opinion and a statement on conformance with PSIAS and the Local Government Application Note (LGAN), highlighting any areas of non-conformance.

 

The 2018/2019 Plan was approved by this Committee on 13 June 2018.  From time to time, additional audits were added to the Plan and some were removed or deferred.  However, a target of 90% of the Audit Plan being delivered is set by the Internal Audit Service, and 96% of the Plan had been achieved. The methodology behind the setting out of an opinion was set out in the report.  For all audit work a “substantial”, “adequate” or “limited” assurance was given.  Substantial and adequate opinions were positive opinions, whilst a limited assurance was a negative opinion where improvements were needed to the control environment.  A high-level summary of the work undertaken was categorised into High Risk Auditable Areas; Main Financial Systems; Systems Audits; Compliance Reviews; Financial Management in Maintained Schools including payroll arrangements and Special Investigations/Fraud and Corruption Related Work is done.  This all culminated to give an annual assurance opinion for the year.  All Limited Assurance opinions are brought to the Audit and Standards Committee together with the Top Ten Risk Areas and Special Investigations where there was a financial loss of over £10,000.

 

This year the Top Ten Risks had focussed on the financial pressures faced by the Council and work around Care Director and support given on the Adult and Children’s Financial Services review programme.  The audit opinions were summarised on page 159 of the agenda pack.  There was one Limited Assurance review – Home and Community Care Contract Review, to be discussed later under Part II of the agenda.  Further details were given on areas for improvement in the public part of the report.  As part of the opinions, an Adequate Assurance may also contain one high level recommendation.  Further details were given of those reports relating to high risk auditable areas with an opinion of at least Adequate and where there was a high level recommendation being made. 

 

The main financial systems work was described.  With the exception of one case, all financial systems had been given Substantial Assurance.  Sales to cash was given a Limited Assurance opinion and this would be discussed further under Part II of the agenda.

 

For other assurance reviews, details were given of other Limited Assurance reviews.  Four had been shared with the Committee and a further four reviews would be shared with Members in due course.  The high-level risk areas and areas for improvement were given in paragraph 19 of the report.  ...  view the full minutes text for item 89.

90.

Exclusion of the Public

The Chairman to move:-

 

“That the public be excluded from the meeting for the following items of business which involve the likely disclosure of exempt information as defined in the paragraphs of Part 1 of Schedule 12A (as amended) of the Local Government Act 1972 as indicated below”.

 

 

PART TWO

(reports in this section are exempt)

 

Minutes:

RESOLVED – That the public be excluded from the meeting for the following items of business which involve the likely disclosure of exempt information as defined in the paragraphs of Part 1 of Schedule 12A (as amended) of the Local Government Act 1972 as indicated below.

 

­­­­­­­­­­­­­­­­­­­­­­­­

PART TWO

 

91.

Exempt minutes of the meeting held on 11 March 2019

Minutes:

(Exemption paragraph 3)

 

The exempt minutes were confirmed and signed by the Chairman.

92.

Ernst & Young Method Statement - Working with you

Report of Ernst & Young

Minutes:

(Exemption paragraph 3)

 

The Committee received an exempt report by Ernst & Young regarding Method Statement – Working with you.

93.

Sales 2 Cash - Final Audit Report 2018/19

Report of the County Treasurer

Minutes:

(Exemption paragraph 3)

 

The Committee received an exempt report,  Sales 2 Cash – Final Audit Report 2018/19 by the County Treasurer.

94.

Home and Community Care Contract - Final Audit Report 2018/19

Report of the County Treasurer

Minutes:

(Exemption paragraph 3)

 

The Committee received an exempt report by the County Treasurer on the Home and Community Care Contract – Final Audit Report 2018/19 and sought clarification regarding whether the Section 75 (mental health) had been signed.

 

 

95.

Medium Term Financial Strategy - Final Audit Report

Report of the County Treasurer

Minutes:

(Exemption paragraph 3)

 

The Committee received and noted an exempt report by the County Treasurer on the Medium Term Financial Strategy – Final Audit Report.

 

96.

Internal Audit Outturn Report 2018/19 - Counter Fraud & Corruption Work (Appendix 2)

Report of the County Treasurer

Minutes:

(Exemption paragraph 3)

 

The Committee received an exempt report by the County Treasurer on the Internal Audit Outturn Report 2018/19 – Counter Fraud & Corruption Work (Appendix 2).

 

97.

Minutes of the Standards Panel

Report of the Director of Corporate Services

Minutes:

(Exemption paragraph 1)

 

The exempt minutes of the Standards Panel were received.