Agenda and minutes

In accordance with the Council’s Constitution, Members are asked to declare any interest that they may have in any matter which is to be considered at the meeting.

There were no declarations of interest.

These reports outlined the internal audit and corporate counter fraud work (including whistleblowing) carried out for the year ended 31 March 2018.

The internal audit annual report contained the Head of Internal Audit’s Opinion based on the work undertaken in the year. This was “generally satisfactory with some improvements required”. These reports are timed to inform the Annual Governance Statement. 

Section 4 of the report showed the work conducted by internal audit during the year for and was broken down into the following sections:

·  Head of Internal Audit Opinion

·  The 2017/18 internal audit service

·  2017/18 Internal Audit work conducted

·  Progress against audit plan

·  Results of the Internal audit work

·  Internal Audit performance

There was one case where ‘no assurance’ was given in relation to the Disabled Adaptation Grants Scheme but actions for improvement were being addressed and progressed by management.

Members asked what was meant by the term “validation”. The Head of Audit stated that the internal audit process was risk-based and logged/tracked by the team. Any issues that were considered as being critical or high risk, the Internal Audit team ask for validation and evidence that the internal audit recommendations have been implemented by management in those service areas.

Members asked how the Audit Plan was created. The Head of Audit stated that it was based on levels of risk and that they meet with various senior officers in the Council to discuss the overall council-wide risks and if independent assurance in each case was needed. She also advised that she attended the Council’s Assurance Board which met on a monthly basis and is chaired by the Chief Executive.

Members asked about specific timescales on improvements in each service area audited. The Head of Audit stated that timescales depended on the recommendations and the areas of improvement required and so could vary from a period of weeks to months. Internal Audit effectively ‘closed out’ the audit and agreed an action plan with the service areas affected. The internal audit team also asked management in those areas for effective internal controls and it is an on-going continuous tracking process with updates on recommendations to management and quarterly reports to the Committee, the next one being submitted on 25 July 2018.

Members asked about the internal audit service. The Head of Audit advised that the team work hard to reach timescales and deadlines for audits and follow through any necessary recommendations and actions with management and this included monthly meetings with them and submission to the Assurance Board if necessary. It is a small team and the council uses two companies to undertake much of the audit work. The internal audit service sought continuing improvement and satisfaction surveys with clients helped with this process.

Members asked about the audit for waste collection deferred to 2018/19 and enquired why it had related to commercial waste and not all waste. The Head of Audit stated that commercial waste was a high-risk area and that as the overall plan is risk based and this  ...  view the full minutes text for item 2.

To ensure proper arrangements to administer the Council’s financial affairs, the Council has adopted key policies and a strategy to combat fraud and irregularity. These polices were approved by Cabinet and to further strengthen their importance, as part of robust governance, recommended for review annually. They had also been reviewed by the Council’s Assurance Board.

The COO advised that this suite of documents were initially agreed in 2012 but were updated annually. The documents related to:

·  Counter Fraud Strategy

·  Counter Fraud Policy including Fraud Response Plan

·  Prosecution Policy

·  Money Laundering Policy

·  Whistleblowing Policy

·  Regulation of Investigatory Powers Policy

·  Bribery Act Policy

·  Proceeds of Crime Act Policy

Members enquired how the Council’s managers and employees were made aware and kept up to date with these policies. The COO outlined that there were a number of initiatives in place depending on the areas of work affected and this included mandatory training in areas such as the General Data Protection Regulations (GDPR) which came into effect on 25 May 2018 and the training completion by employees was checked.  Briefings were also sent out via the intranet,  management briefings every two weeks, newsletters and E-learning. All of these initiatives increased awareness and managers were expected to be trained in all areas and to be aware of these and other important policies.

Members asked what action was taken in such cases of a breach in the money laundering policy. The COO stated that this would be viewed as a breach of the employee’s contract of employment and would be dealt with in line with the Council’s disciplinary procedure.

Members also enquired about the Whistleblowing Policy and the COO stated that the incidences of fraud referrals including whistleblowing were reported to the Committee as part of the internal audit quarterly report. She advised there had been some whistleblowers amongst Council employees and that the policy supported the Council’s aim that all employees should feel able to raise a concern.

Members asked about raising fraud awareness amongst the Council’s partners with specific reference to schools. The COO advised that the Council has a good working relationship with schools and they were included fully in internal audits. The Schools Forum was an important body that was able to raise issues and awareness and the Council took the issue of fraud very seriously and sought its eradication.

The Committee noted the report.

The Internal Audit Charter defined the purpose, activity and responsibility of internal audit activity and is was and presented annually for approval.  It had been updated by the Head of Audit and contains no significant changes from previously. They were compliant with the Public Sector Internal Audit Standards (PSIAS). She advised that the majority of audits were either rated as “reasonable” or “substantial”.

The Internal Audit Strategy included information about its resources, the approach to preparing the internal audit plan, approach to delivering the audit plan, quality assurance, reporting (including definitions), annual opinion, follow up findings and agreed action plans and internal audit performance monitoring.

Members noted that the quality assurance in internal audit was in accordance with the Accounts & Audit Regulations 2015 an annual review of internal audit against PSIAS would be undertaken. This would be conducted externally at least once every five years in line with PSIAS requirements. It was a requirement under these regulations. It was also noted that the results of the reviews would be reported to the Committee.

Members enquired about the internal audit plan and how it was determined which items would be included during 2018/19. The Head of Audit advised that officers provided their views on areas of risk in the Council and audits were operationally based by service block and an early view of these audits would be provided to Members in the report (quarter 1) submitted to the Committee at its meeting on 25 July 2018 and this would be part of an on-going assurance during 2018/19.

Members were particularly keen on ensuring that the IT systems update be reviewed, and the Head of Audit stated that internal audit were meeting with officers in August and assured the Committee that a detailed report was being undertaken and this would be submitted to them in due course as part of the regular quarterly internal audit reports.

Members referred to the Audit Plan 2018/19 tables provided in the report and enquired about ratings. They noted that a number of these stated “rating to be arranged” and the Head of Audit apologised and stated this was an error and the up to date version would be e-mailed to the Committee which would show the ratings in those specific cases. The correct ratings where shown in the earlier Annual report item.

Members asked about the My Place Audit for 2018/19 and Housing Services contracts, the latter was “limited assurance”. A copy of the 2016/17 Internal Audit annual report would be emailed to Members which would show comparison with that year.

Members asked how “limited assurance” audits were followed up. The Head of Audit stated that “no assurances” were followed up with another full internal audit however in terms of limited, high risk recommendations were followed up and tracked by Internal Audit.

Members asked about for an explanation of how internal audit arrived at their ratings which were critical, high, medium, low risk. The Head of Audit stated that ratings were in line with definitions provided  ...  view the full minutes text for item 4.

The Committee noted the report and agreed the following additions:

·  A report on no audit assurances – September meeting

·  An update report on the ICT Security Framework audit in relation to the Disaster Recovery Plan