Agenda and draft minutes

Governance Committee - Tuesday, 8th June, 2021 6.30 pm

Venue: Barum Room - Brynsworthy. View directions

Contact: Corporate and Community Services  01271 388253

Note: From the 7 May 2021, the law requires all councils to hold formal meetings in person. The Council is also required to follow Government guidance and ensure that all venues used are Covid secure and that all appropriate measures are put in place. There are 6 spaces available for members of the public to attend. If you would like to book a place, please contact Corporate and Community Services by 12noon on Friday 4th June 2021 by telephoning 01271 388253 or emailing member.services@northdevon.gov.uk. For track and trace purposes you will be required to provide your name, address and contact telephone number. This data will be held by the Council for 21 days.  

Items
No. Item

1.

Apologies for absence

Minutes:

There were no apologies for absence received.

 

2.

To approve as a correct record the minutes of the meeting held on 9th March 2021 pdf icon PDF 260 KB

Minutes:

RESOLVED that the minutes of the meeting held on 9th March 2021 (circulated previously) be approved as a correct record and signed by the Chair.

 

3.

Items brought forward which in the opinion of the Chair should be considered by the meeting as a matter of urgency.

Minutes:

The Chair expressed his thanks on behalf of the Committee, for work and contribution from the Auditor, David Curnow, who was due to retire shortly.

 

The Committee agreed to change the order of the agenda and consider items 20, 21 and 22 before item 6 on the agenda.

4.

Declarations of Interests.

(Please complete the form provided at the meeting or telephone Corporate and Community Services to prepare a form for your signature before the meeting. Interests must be re-declared when the item is called, and Councillors must leave the room if necessary.)

Minutes:

There were no declarations of interest announced.

 

5.

Exclusion of Public and Press and Restriction of Documents

RECOMMENDED:

 

(a)      That, under Section 100A(4) of the Local Government Act 1972, the public and press be excluded from the meeting for the following items as they involve the likely disclosure of exempt information as defined by Paragraph 3 of Part 1 of the Schedule 12A of the Act (as amended from time to time), namely information relating to the financial or business affairs of any particular person (including the authority holding that information).

 

(b)      That all documents and reports relating to the items be confirmed as “Not for Publication”.

Minutes:

RESOLVED:

 

(a)  That, under Section 100A (4) of the Local Government Act 1972, the public and press be excluded from the meeting for the following item as it involved the likely disclosure of exempt information as defined in Paragraph 3 of Part 1 of the Schedule 12A of the Act (as amended from time to time), namely information relating to the financial or business affairs of any particular person (including the authority holding that information).

 

(b)  That, all documents and reports relating to the item be confirmed as “Not for Publication”.

 

 

6.

Internal Audit - Cyber Security - Malware and Ransomware

Report by Devon Audit Partnership (DAP) (attached).

Minutes:

The Committee considered the Internal Audit Cyber Security, Malware and Ransomware Report by the DAP (circulated previously).

 

Internal Audit advised that the Team from One West had delivered the report in partnership with the DAP. He had not been surprised with the opinion of ‘Limited Assurance’ as the area was one of high risk.

 

The representative from One West (TR) advised that:

 

·         The focus of the work had been Malware and Ransomware, and was based on the National Cyber Security Centre’s (NCSC) 10-Step guidance.

·         The risks assessed were:

o   Disruption of network operation or information systems.

o   Information and data being intercepted and disclosed or stolen.

o   Malware damage to backup copies of data preventing recovery.

·         Credit should be given to the Business Information Systems Manager and Senior ICT and Project Support Officer for their continued hard work.

 

In response to a question from the Chair, Internal Auditor (TR) advised that although a Multi-factor authentication (MFA) was recommended it was not agreed upon as the Microsoft 365 included an MFA element and the Authority was not able to use AAD authentication for on-premise login.

 

In response to questions from the Committee, the Business Information Systems Manager advised that it was possible to forward emails, however, personal phones would be classed as unmanaged devices.  Options had been considered, such as purchasing all Members an iPhone, but that there would be associated costs in the region of £7k. After consultation with Members iPads had been chosen for them for Council business. This included authentication, security measures and procedures.  Council emails and agendas would continue to be accessed via the iPads. Councillor Bushell escalated this query to the Internal Auditors.

 

The Internal Auditor (DC) confirmed that the use of unmanaged devices on a network could be a risk to security.

 

In response to questions from the Committee, the Chief Executive advised that any future changes to the current system (using iPads) could have cost implications.

 

The Head of Resources advised the Committee that there was no requirement to provide an IT Trainer post at the Authority as this was more efficiently covered through the use of online training as and when required.

 

The Business Information Systems Manager advised that the new payroll / HR system would enable targeted training and education sessions to be delivered direct to the users.

 

RESOLVED that the Internal Audit Cyber-Security, Malware and Ransomware report be noted.

 

7.

Internal Audit - Parking Operations Report

Report by Devon Audit Partnership (DAP) (attached).

 

Minutes:

The Committee considered the Internal Audit Parking Operations Report by the DAP (circulated previously).

 

The Internal Auditor (PM) advised that:

 

·         The review had included a review of the Health and Safety measures in place to protect staff during the pandemic. The overall systems in place had been found to be effective.

·         There had been a possible lack of continuity due to staffing changes within the team.

·         The review had focussed on penalty notices and collection rates.

·         Regular reports had now been requested from the contractor which would assist with the monitoring of the systems but it was felt that a suite of management reports would need to be developed.

 

The Head of Resources advised that:

 

·         There was now a new online system for customers to use to buy and renew permits. Any members of the public who had difficulty with the system could call customer services, or the parking team, for assistance.

·         A regular report would be provided in relation to the Fixed Penalty Notices: number issues, recovery rates, age of debts, etc.

 

Councillor Phillips noted that he had used the system and found it to take ten days to complete the process. He felt the system would need to be adapted to enable older users to access it easier, as he had not found it to be easy to use.

 

The Chair suggested that a user group could have been created to test the system prior to purchase.

 

RESOLVED that the Internal Audit Parking Operations Report be noted.

 

8.

Internal Audit - Business Continuity Report

Report by Devon Audit Partnership (DAP) (attached).

 

Minutes:

The Committee considered the Internal Audit Business Continuity Report by the DAP (circulated previously).

 

The Internal Auditor (PM) advised that:

 

·         This was an update of the 2019 report within which Business Continuity had been considered a red risk. The report set the focus and direction for the Authority going forward.

·         Work had been completed with the Service Manager (Public Protection) to identify the six priorities within the report which would then be completed within the next five months.

·         The Authority had programmed the outstanding works into an action plan, with a target completion date of October 2021 for the first phase.

 

The Graduate Emergency Planning Officer confirmed that the majority of the Audit recommendations as identified in 2019 had now been met and, despite Covid-19, the Authority had been able to ensure the continuation of services. A documented control process had been created to ensure the continual monitoring of the procedures now implemented.

 

RESOLVED that the Internal Audit - Business Continuity Report be noted.

 

9.

Re-admittance of Public and Press

Minutes:

RESOLVED that the Public and Press be re-admitted to the meeting.

 

10.

Internal Audit Annual Report pdf icon PDF 1 MB

Report by Devon Audit Partnership (DAP) (attached).

 

Minutes:

The Committee considered a report by Devon Audit Partnership regarding the Internal Audit Plan Report 2020-21 (circulated previously).

 

The Internal Auditor (DC) advised the Committee that:

 

·         The opinion of Internal Audit was that of “Reasonable Assurance”.

·         To support the overall opinion of “Reasonable Assurance” they provided a Reasonable assurance rating on 9 of the 14 audits (with 2 substantial and 3 limited opinions).

·         The statement of opinion was underpinned by:

o   Internal Control Framework

o   Risk Management

o   Governance Arrangements

o   And Performance Management

·         The ICT Cyber Security audit crossed all areas of the Authority’s work.

·         92% of the audits in the revised plan for the year had been delivered. The remaining audits had either been cancelled, deferred by the client, or rolled over into 2021/22.

·         The summary of audits delivered since March 2021 was provided in appendix 1.

·         The Assurance Map in appendix 2 showed the current status of each audit.

·         The reports on some audits had been delayed due to issues presented by staff working remotely.

·         In relation to other Authorities, it was difficult to compare performance, but the DAP was satisfied that the audits were ‘on track’ and they were generally happy with progress.

 

In response to questions from the Committee, the Head of Resources confirmed that:

 

·         Information could be extracted from the audits that cover specific business elements.

 

RESOLVED that the Internal Audit Annual Report 2020-21 be approved.

 

11.

External Audit - Audit Plan pdf icon PDF 4 MB

Report by Grant Thornton (attached).

 

Minutes:

The Committee considered a report by Grant Thornton regarding the External Audit – Audit Plan (circulated previously).

 

The External Auditor (PB) highlighted the following:

 

·         The plan had been completed slightly later than planned although the planning had now been completed along with the interim works.

·         The Audits had determined that the materiality to be £1.1m for the Authority which equated to 2% of the prior year’s gross expenditure for the year.

·         Focus was to be made on the areas of greatest risk. These were the same as the previous year with one exception – that was the New payroll system / transfer of data.

·         Following a new Code of Audit Practice from the National Audit Office (NAO) there were three main changes to the Value for Money (VfM) work:

o   A new set of criteria

o   More extensive reporting

o   The replacement of the binary (qualified/unqualified) approach to the VfM conclusions.

·         From 2022/2023 onwards there would be an increase in uncertainty as gaps in funding were experienced.

·         The proposed fee for the Audit had increased by £15,500. This included £9,000 for the additional works required on the VfM under the new NAO code, and £6,500 due to the revised audit standards required (as covered by appendix 1 of the report).

 

The Head of Resources confirmed that there had been additional works required of the Auditors hence the increased fees.  The Public Sector Audit Appointments (PSAA) would have to approve the fees.

 

                        RESOLVED that the External Audit – Audit Plan be noted.

 

12.

External Audit - Informing the Audit Risk Assessment pdf icon PDF 358 KB

Report by Grant Thornton (attached).

 

 

Minutes:

The Committee considered a report by Grant Thornton – Informing the Risk Assessment (circulated previously).

 

The External Auditor (PB) confirmed that:

 

·         The report had been created jointly with NDC.

·         It covered accounting estimates in greater detail with more emphasis on management responses and best practice.

·         It had been presented to the Committee to enable the inclusion of any addition comments provided by the Members and also to seek formal, minuted agreement of the report.

 

RESOLVED that the Informing the Audit Risk Report be noted.

 

13.

Annual Review of the Committee's Effectiveness pdf icon PDF 401 KB

Head of Resources to report (appendix attached).

 

 

 

Minutes:

The Head of Resources confirmed that

 

·       The paper questionnaire had been replaced with an online survey which could be used each year.

·       Not all of the Committee Members had completed the survey.

·       The responses would be used to identify training need.

·       Details of any appropriate training course would be circulated to the Members.

 

Councillor Bushell was not happy that he could not see the responses of the other Committee Members in the report. 

 

RESOLVED:

 

a)    That the full appendices of response comments be brought back to the next Committee Meeting for further consideration.

 

b)    That the report be noted.

 

 

 

14.

Local Government Association's Model Code of Conduct pdf icon PDF 200 KB

Report by the Monitoring Officer (attached).

 

 

Additional documents:

Minutes:

The Committee considered the report of the Monitoring Officer as to the Local Government Association’s Model Code of Conduct (circulated previously).

 

The Monitoring Officer advised that:

 

·         The Model Code provided a template for all Councils to use and amend as required.

·         The aim was to achieve a standard format for the Code of Conduct across all Councils. The new Code was not a major departure from the Authority’s existing Code of Conduct.

·         If the code was breached it would usually be a matter for the Monitoring Officer, although the Constitution did allow for any cases to be presented to the Governance Committee.

 

RECOMMENDED that the Model Code of Conduct proceed to Full Council for consideration.

 

15.

Procedure for the Conduct of Investigations pdf icon PDF 203 KB

Report by the Monitoring Officer (attached).

 

 

Additional documents:

Minutes:

The Committee considered the Procedure for the Conduct of Investigations report (as per the Anti-Fraud, Corruption and Bribery Policy and Strategy) by the Monitoring Officer (circulated previously).

 

The Committee were advised that:

 

·         The report sought to address two recommendations made in the NDDC Fraud and Bribery Audit Final Report (2018/2019) which had not been fully addressed:

o   Recommendation 4 of the report: that documented procedures should be compiled.

o   Recommendation 5: that periodic reports should be produced for Senior Management and Members.

·         Any fraudulent activity identified would be notified to the police by the Chief Executive or Monitoring Officer.

 

RESOLVED that

 

a)    The procedural document for the investigation of suspected fraudulent occurrences be approved, as set out in Appendix A, and

b)    That an additional paragraph entitled “Periodic reporting of irregularities to Senior Management and Members” be added to the AFCBPS as set out in Appendix B.

 

16.

Anti-Money Laundering Policy pdf icon PDF 240 KB

Report by the Head of Resources (attached).

 

Minutes:

The Committee considered the Anti-Money Laundering Policy by the Head of Resources (circulated previously).

 

The Head of Resources advised the Committee that the update to the policy was found on section 2.1 (highlighted in red)

 

RECOMMENDED that the Anti-Money Laundering Policy be noted and proceed to Council for consideration.

 

17.

Whistle-Blowing Policy pdf icon PDF 269 KB

Report by the Head of Resources (attached).

 

Minutes:

The Committee considered the Whistle-Blowing Policy by the Head of Resources (circulated previously).

 

The Head of Resources advised the Committee that the updates to the policy were found on page 153 of the agenda (highlighted in red). These were the help-line website address and contact details.

 

RECOMMENDED that the Whistle-Blowing Policy be noted and proceed to Council for consideration.

 

18.

Anti-Fraud, Bribery and Corruption Policy pdf icon PDF 294 KB

Report by the Head of Resources (attached).

 

Minutes:

The Committee considered the Anti-Fraud, Bribery and Corruption Policy by the Head of Resources and the DAP (circulated previously).

 

The Head of Resources advised the Committee that the updates to the policy were required following the review of the existing policy. There had been two recommended strategies following that review. These were the updated reporting mechanism and an explanation of the policy and how it covered the Authority and its partners.

 

RECOMMENDED that the Anti-Fraud, Bribery and Corruption Policy be noted and proceed to Council for consideration.

 

19.

Counter Fraud Strategy and Response Plan pdf icon PDF 293 KB

Report by the Head of Resources (attached).

 

Minutes:

The Committee considered the Counter Fraud Strategy and Response Plan by the Head of Resources and the DAP (circulated previously).

 

The Head of Resources advised the Committee that;

 

·       The Counter Fraud Strategy and Response Plan complemented the Anti-Fraud, Bribery and Corruption Policy.

·       The Authority’s commitments were set out within the plan along with the proposed measures.

 

The Internal Auditor (PM) advised that the next stage would be for the Auditors to work alongside the Head of Resources to set targeted reviews for 2022-2023.

 

RESOLVED that the Counter Fraud Strategy and Response Plan be noted.

 

 

20.

Compensation Payments made under Delegated Powers pdf icon PDF 47 KB

Report by the Customer and Corporate Services Manager (attached).

 

 

Additional documents:

Minutes:

The Committee considered a report by the Customer and Corporate Communications Manager (circulated previously) in relation to Compensation Payments Made under Delegated Powers.

 

The Chief Executive advised the Committee of the following in relation to the report:

 

·       A total of £595.08 had been paid out to nine customers.  Eight were in relation to Operational Services and one for Housing Benefit.

·       The Housing Benefit compensation payment was for £300 (over 50% of the total) following an ombudsman complaint where it was deemed that incorrect advice had been given to a customer.

 

The Chief Executive confirmed that this was an annual report as there were only a few compensation payments made. Details of complaints were covered by the AGS.

 

RESOLVED that the Compensation Payments Made under Delegated Powers report be noted.

 

21.

Audit Recommendation Tracker pdf icon PDF 479 KB

Report by the Chief Executive (attached).

Plus an additional report by the Internal Audit (attached).

 

Additional documents:

Minutes:

The Committee considered the Audit Recommendation Tracker report by the Chief Executive in respect of actions taken to address internal and external audit recommendations (circulated previously).

 

The Committee noted the following updates:

 

·       13 recommendations had been included in table B  (recommendations completed since the last meeting of the Governance Committee)

·       Table C detailed 8 recommendations for which time extensions were being requested. The Tracker had been updated with a more comprehensive set of notes.

·       There were a few recommendations with zero, or low percentage complete figures.  It was noted that these were low priority recommendations which would be followed up as part of a further DAP audit.

 

Councillor Walker passed on her congratulations to the SMT and staff for managing to reduce the list of recommendations requiring extensions considering the demands on the Authority over the past 18 months.

 

RESOLVED:

 

(a)           that the time extensions requested in the Audit Recommendation Tracker be approved; and

 

(b)           that the Audit Recommendation Tracker be noted.

 

22.

Work Programme 2021-22 pdf icon PDF 342 KB

To discuss the Work Programme 2021-22 (attached).

 

Minutes:

The Committee considered the work programme for 2021/22 (circulated previously).

 

                     RESOLVED that the work programme for 2021/22 be noted.