Agenda and draft minutes

There were no apologies for absence received.

RESOLVED that the minutes of the meeting held on 9^th January 2024 (circulated previously) be approved as a correct record and signed by the Chair.

The Chair welcomed the new Auditors and the Co-opted Independent Member of the Committee.

The Chair advised those present that the annual survey for the Governance Committee would be issued soon, and requested that it was completed promptly to enable the results to be collated and presented at the next meeting.

Please telephone the Corporate and Community Services team to prepare a form for your signature before the meeting. Interests must be re-declared when the item is called. A declaration of interest under the Code of Conduct will be a Disclosable Pecuniary Interest, an Other Registrable Interest or a Non-Registrable Interest.  If the item directly relates to your interest you must declare the interest and leave the room for the item, save in the case of Other Registrable Interests or Non-Registrable Interests where you may first speak on the item as a member of the public if provision has been made for the public to speak.  If the matter does not directly relate to your interest but still affects it then you must consider whether you are affected to a greater extent than most people and whether a reasonable person would consider your judgement to be clouded, if you are then you must leave the room for the item (although you may speak as a member of the public if provision has been made for the public to speak) or, if you are not, then you can declare the interest but still take part).

There were no declarations of interest declared.

The Chair welcomed the new External Auditors (Bishop Fleming) to the Committee and invited them to introduce themselves.

The Auditors provided a brief summary of their background, experience, and their role within Bishop Fleming.

The Public Sector Audit Director (AW) advised that Bishop Fleming predominately covered the South West of England.   She acknowledged the nationwide shortage of auditors and the issues regarding unfinished audits across the UK. She was confident that Bishop Fleming would meet the audit requirements with their resources.

The Director of Resources and Deputy Chief Executive confirmed that meetings had taken place with the auditors and that the works/dates had been programmed.

Emergency Planning Officer to report. 

The Committee received an update on Business Continuity from the Emergency Planning Officer.

The Emergency Planning Officer gave an overview of the subject; advising it was the process for assessing the risks faced by the organisation, and analysing the impacts they may have on day to day operations. Business Continuity Management was about identifying what parts of the business it could not afford to lose, such as premises, staff or information and putting the necessary plans and mitigations in place so if the worst happens it could maintain essential services.

The Emergency Planning Officer advised:

·       Exercising and testing was a vital element of the business continuity management life cycle as it ensures our arrangements were validated.

·       Last year SMT signed off the exercise and testing strategy which outlined the frequency of exercises and types of exercises that would be completed across the organisation.

·       In addition to exercising, the Council had recently procured organisational resilience training for all managers. This was a key recommendation following the exercises. This training was currently being installed, ready to be rolled-out.

·       There were a range of plans in place to help the council respond to a business interruption or incident. These included the Business Continuity Implementation Plan, the Business Continuity Policy and Service Resumption Plans. There were also specific risk plans such as the Fuel Shortage Plan (which outlined the council’s response to a fuel shortage)

·       There were supporting plans such as the crisis communications framework which was currently in development with the communications team.

·       There were two outstanding recommendations for emergency planning. One was awaiting an output from the Local Resilience Forum, and the other was for the training to resume for Councillors. This training would be scheduled for any who had not yet received it.

·       So in terms of next steps,

o   All services would be moved across to the new service resumption templates.

o   The service resumption plans would need to be validated through an annual exercise to ensure they were accurate, reliable and workable.

o   All managers were required to complete the business continuity training. 

o   A joint Cyber and business continuity exercise was being considered for 2024. 

·       The National Security Risk assessment was released by government at the end of 2023. The local resilience forum, which was a multi-agency group of emergency services; local authorities and other responders have assessed this and developed a more localised community risk register. The next steps were to assess these risks and ensure the plans currently in place were appropriate and where further mitigation may be needed look to introduce a new specific risk plan.

In response to questions from the Committee the Director of Resources and Deputy Chief Executive confirmed that:

·       The ICT team carried out continual testing of their back-up systems.

·       Procedures were in place to support organisations (including zoos) during times of hardship – such as support through the licencing team and the previous financial assistance provided in the form of business grants during the pandemic.

·       National protocols were in  ...  view the full minutes text for item 71.

Report by Devon Audit Partnership (attached).

The Committee considered a report by Devon Audit Partnership regarding the Internal Audit Progress Report (circulated previously).

The Internal Auditor advised the Committee that;

·       The overall opinion was that of Reasonable Assurance.

·       Within the report, three audits were ‘reasonable assurance’ – these were Harbour Management, Vehicle Maintenance, and Climate Change.

·       Building Control Partnership report was limited assurance. This was a joint partnership with Mid Devon District Council. There had been an issue in recruitment of Building Control Officers which was having an impact on the organisation.

·       It had been agreed to defer two audits (Procurement and Food Safety) due to insufficient resources being available.

In response to questions from the Committee, the Senior Solicitor and Monitoring Officer confirmed that he thought the Councillors had now all received their Harbour training, but this would be checked and confirmed to the Chair as the data was not available at the meeting.

The Internal Auditor confirmed (in relation to the Harbour Management audit) that;

·       The Development Strategy for the harbour had covered the period 2012-2026, and a business plan created in November 2019 covered 2020-2023 which now needed to be updated or re-issued.

·       The information available on the Council’s website in relation to the harbour was of a low-level.

·       Performance measure indicators could be set once it had been decided what these should be – and what the aims were- e.g. in terms of visitor numbers/targets.

In response to questions from the Committee. The Director of Resources and Deputy Chief Executive advised that;

·       There had been a number of vacant posts within Building Control at the time of the audit, but now five of those seven posts had been filled. There was now only one agency staff member in that team. He also noted that market share had increased from 75% to 80% in quarter 3 (of 2023/34).

·       The partnership had now been in place for 5-6 years and would be reviewed during 2024 and assessed to determine whether any changes were required. The sharing of resources did provide benefit on paper. The costs were currently split at 60%/40% with NDC covering the 60%.

The Internal Auditor confirmed that the Building Control Partnership audit would be followed-up in 2024-25.

RESOLVED that the Internal Audit Progress Report be noted

Report by Devon Audit Partnership (attached).

The Committee considered a report by Devon Audit Partnership regarding the Internal Audit Charter and Strategy (circulated previously).

RESOLVED that the Internal Audit Charter and Strategy be approved.

Report by Devon Audit Partnership (attached).

The Committee considered a report by Devon Audit Partnership regarding the Internal Audit Plan Report 2024-25 (circulated previously).

The Internal Auditor advised that the Internal Audit Plan Report 2024-25 detailed the audits proposed for the next four years: 2024-25, 2025-26, 2026-27 and 2027-28, along with the dates when each had previously been undertaken.

The plan was based on 247 days’ work (an increase on the prior year). 

In response to questions from the Committee, the auditor advised that there was an element of flexibility to the plan and audits could change their priority. He advised that District Councils had more clarity about which audits were required in comparison to larger, County Councils.

The Director of Resources and Deputy Chief Executive confirmed that the draft audit plan had been considered by the Senior Management team (SMT).  A further 7 days were available as a contingency plan.

RESOLVED that the Internal Audit Plan 2024-45 be approved.

Report by Devon Audit Partnership (attached).

The Committee considered a report by Devon Audit Partnership regarding the Internal Audit Annual Counter Fraud Resilience Report (circulated previously).

The Internal Auditor (KJ) advised the Committee:

·       The Chartered Institute of Public Finance and Accountancy (CIPFA) reported that Local Authorities needed to respond to an ever-increasing threat from fraud, and that the DWP had used the CIPFA framework to drive their agenda across their partnerships.

·       NDC complied in almost all areas of counter-fraud ‘best-practice’. Further work in awareness training and the exchange of knowledge between DAP and NDC would add further value to counter fraud resilience.

·       The National Fraud Initiative (NFI) exercise 2023-24 (the matching of data between public and private sector bodies to detect and prevent fraud) was nearing completion and results had been issued. The DAP were working with officers and targeted those areas of highest risk. Departments completing those matches do so to ensure their data management was compliant with the Data Protection Act 2018. This covers data minimisation, accuracy, and data retention periods.

·       Government reports regarding serious fraud indicate that likelihood of being a victim of fraud was increasing in society and it was clear that fraud activity had been increasing for some time.

·       The DAP were available should any officers require advice and/or assistance with any issues.

·       Looking at risk assessments it was clear that there had been good work undertaken by officers in looking to identify and reduce fraud.

·       On the whole the report findings were that the authority had a ‘good bill of health’ and good work was being done.

RESOLVED that the Internal Audit Annual Counter Fraud Resilience Report be noted.

Report by Bishop Fleming (attached).

The Committee considered a report by Bishop Fleming regarding the External Audit Plan 2023-24 (circulated previously).

The External Auditor (AW) confirmed:

·       Nationally there were 771 outstanding audits. There was a large backlog due to issues regarding recruitment across the industry. Much discussion had taken place over the past 12-18mths with regards to a solution.

·       There were potential changes to the CIPFA code with regards to the valuation of property, plant and equipment. This could have an impact on audits during 2023-24.

·       NDC was in a positive situation as was not one included in the number of authorities affected by the backlog.

The External Auditor (CM) confirmed:

·       The high-level audit timetable had been agreed with the NDC management.

·       The report set out the areas of audit work, risks, and confirmed the independence of Bishop Fleming as the auditors for NDC.

In response to a question from the committee, the External Auditor (CM) advised that the ‘value for money’ arrangements were included in the planned works.

RESOLVED that External Audit Plan 2023-24 report be noted.

Report by the Senior Solicitor and Monitoring Officer (attached).

The Committee considered a report by the Senior Solicitor and Monitoring Officer regarding the update on the Conduct of Investigations (circulated previously).

The Senior Solicitor and Monitoring Officer advised the Committee there had been no investigations since the last report.

RESOLVED that the Update Report on the Conduct of Investigations be noted.

To consider the report by the Chair (attached).

The Committee considered the Half Yearly Report of the Chair of the Governance Committee (circulated previously).

RESOLVED  that the Half Yearly Report of the Chair of the Governance Committee be noted and proceed to Council for consideration.

Report by the Chief Executive (attached).

The Committee considered the Audit Recommendation Tracker report by the Chief Executive in respect of actions taken to address internal and external audit recommendations (circulated previously).

The Committee noted the following updates:

·       There were 19 live audit reports – as listed in table A.

·       9 recommendations had been included in table B  (recommendations completed since the last meeting of the Governance Committee)

·       Table C detailed 7 recommendations for which time extensions were being requested.  Of those, any relating to Emergency Planning were discussed under item 7 of the agenda, and the ICT recommendations were 95% complete and required a short extension to 31 March 2024

The Director of Resources and Deputy Chief Executive explained that:

·       22 EM 12 - The Property team had been busy dealing with some large-scale projects (Future High Street Fund etc.) and were only required a short extension to enable them to complete the global list of survey requirements. The condition surveys that then followed would eventually then feed into the new Asset system software.

·       22 PO 07 – A car-parking strategy was being developed to enable their use to be maximised. A report outlining this strategy would be considered at Strategy and Resources Committee in May/June 2024.

·       Appendix E had previously shown 16 audits; now just one remained outstanding. 21 AG 13 was at 85% completion and would be completed by 30^th September 2024.

RESOLVED:

(a)           that the time extensions requested in the Audit Recommendation Tracker be approved; and

(b)           that the number of any previous extension requests be added to the report in the future; and

(c)           that the Audit Recommendation Tracker be noted.

To consider the Work Programme 2024-2025 (attached).

The Committee considered the work programme for 2024-25 (circulated previously).

                        RESOLVED:

a)    that the item ‘Letter of Representation be moved from 23 Sept 2024 to 12 Nov 2024, and

b)    that the work programme for 2024-25 be noted.

Report by Head of Governance (attached).

The Committee considered the Summary of the Risks Identified under the Corporate Risk Register report by the Head of Governance (circulated previously).

The Head of Governance confirmed that the risks identified would be considered in greater detail under agenda item 19 of this agenda.

Item 19 was classified as restricted and would be discussed following the exclusion of Public and Press.

RECOMMENDED:

(a)       That, under Section 100A(4) of the Local Government Act 1972, the public and press be excluded from the meeting for the following item as it involves the likely disclosure of exempt information as defined by Paragraph 3 of Part 1 of the Schedule 12A of the Act (as amended from time to time), namely information relating to the financial or business affairs of any particular person (including the authority holding that information).

(b)       That all documents and reports relating to the item be confirmed as “Not for Publication”.

RESOLVED:

a)    That, under Section 100A (4) of the Local Government Act 1972, the public and press be excluded from the meeting for the following items as it involved the likely disclosure of exempt information as defined in Paragraph 3 of Part 1 of the Schedule 12A of the Act (as amended from time to time), namely information relating to the financial business affairs of any particular person (including the authority holding that information).

b)    That, all documents and reports relating to the item be confirmed as “Not for Publication”.

RESOLVED that it being 8:14 pm the meeting adjourn for five minutes for a comfort break.

RESOLVED that it being 8:19 pm, the meeting now re-convene.

Head of Governance to report.

The Committee considered the Corporate Risk register report by the Chief Executive (circulated previously).

The Head of Governance advised the Committee that:

·       The corporate risk group (CORGI) had met on 21^st February, to review and update the corporate risk register. Whilst there had been no changes to the scores, each risk had an updated note for review

·       With the permission of the chair, it had been agreed to report only those corporate risks above the risk toleration line i.e. scoring more than a six on the risk matrix on page 122.

·       The Business Continuity risk had been covered on this agenda with Cyber and Temporary Accommodation covered at previous committee meetings. It was planned that an update on staff recruitment and retention would be provided at the September committee meeting.

The Director of Resources and Deputy Chief Executive confirmed that the risk of Cyber Security would be a potential risk for all organisations and would be classed as a ‘high risk’ due to the continual changes and advances in technology and the skills of potential ‘hackers’.

RESOLVED that the Corporate Risk Register be noted.