Agenda and draft minutes

Apologies were received from Councillors Haywood, Moore and Patrinos.

RESOLVED that the minutes of the meeting held on 8^th January 2019 (circulated previously) be approved as a correct record and signed by the Chairman.

The Committee confirmed that purdah commenced on 18^th March 2019 and discussed its implications and the origin of the term.

(Please complete the form provided at the meeting or telephone Member Services to prepare a form for your signature before the meeting.  Interests must be re-declared when the item is called, and Councillors must leave the room if necessary.)

No declarations of interest were received

Report by Chair of the Audit Committee (attached).

The Committee considered the Half Yearly Report of the Chairman of the Audit Committee (circulated previously).

RESOLVED    that the report be noted and proceed to Council for consideration.

Report by the Head of Corporate and Community Services (attached).

The Committee considered a report by the Head of Corporate and Community Services regarding the Review of the Committee’s Terms of Reference (circulated previously). 

The Head of Corporate and Community presented the report to the Committee and confirmed that this was an annual report and that the terms were unchanged from the previous year.  He advised that if the new Constitution was adopted then the terms of reference would be reviewed.

RESOLVED    that the Review of the Committee’s Terms of Reference be noted.

Report by the Head of Corporate and Community Services (attached).

The Committee considered a report by the Head of Corporate and Community Services regarding the Review of the Governance arrangements (tabled). 

The Head of Corporate and Community Services presented the Committee with an overview of the Review of the Governance arrangements.

He explained the background of the proposed Governance changes. In summary:

• Prior to 2000 all Councils operated in the same way.  Decisions were taken by Councillors sitting on Committees or by Officers under delegated powers. Decisions by Committee tended to be ratified by Council prior to implementation. There was no scrutiny of decisions.
• The Local Government Act of 2000 separated powers into Council and Executive powers. There had been four governance options (unless the Council had less than 85,000 electorate, in which case they only had one choice). There was a requirement for a cross party Overview and Scrutiny Committee to scrutinise Executive.
• Local Government and Public Involvement in Health Act 2007: removed Council Manager Model and introduced the ‘Strong Leader’ model – which the Council currently used.

The Committee discussed the current Council Structure and the Head of Corporate and Community Services confirmed that a cross party working group had examined the available options. They have considered each option against a set criteria. This was based on:

• No extra costs
• No extra meetings
• Wider member involvement
• Ownership of decision making
• Resilience to political change
• Based on Corporate Priorities
• Increased accessibility for the public etc
• Speed of decision making.

He added that:

• The report of the Cross Party Working Group’s findings had been presented to Full Council on 25^th February 2019 and would be taken to Council for final approval in April 2019.
• The recommendation of the Working group was that the Authority adopt a Committee Structure (to replace the existing Executive model) with Committees having delegated decision with only statutory issues taken to Full Council (Budget. Policy framework etc).
• The main changes would be that the Committees would be politically balanced and the Leader would be re-elected each year.
• If a new structure was adopted any further change would be prohibited for five years.
• Local Authorities had been given the opportunity to change their structures via the Localism Act of 2011. It gave them the powers to re-look at the arrangements made in 2007.
• The Committee system was “inherently more democratic, with more Councillors directly involved in decision making”.

The Chief Executive advised that he had experienced the governance arrangements in place prior to the current Executive structure, he was aware it had worked well previously although the Executive Structure had been designed to address the issue of decisions having to be made by a number of committees. This could be slow, and could often lead to each committee having to meet monthly in order to make decisions by set deadlines.  If delegated powers were in place it removed the need to go through multiple cycles.  He felt that Committees worked more effectively when the room was evenly split across political parties because it reduced the  ...  view the full minutes text for item 57.

Report by the Head of Resources (Excerpt of Statement of Accounts 2018/19 attached).

The Committee considered a report by the Head of Resources regarding Major Changes to Accounting Policies Management Procedures (circulated previously).

The Head of Resources advised the Committee that the accounting policies would be included within the Statement of Accounts. He advised the Committee of the main changes to the accounting policies.  Alongside a few updates to the financial year mentioned within the report, the main changes were with reference to ‘Financial Assets’.  These were due to changes in the methods of measurement and terminology used.  The report detailed the methods of measurement, amortised cost and fair value.

RESOLVED    that the Major Changes to Accounting Policies Management Procedures be approved.

Report by MAZARS Public Sector Internal Audit Limited (attached).

The Committee considered a report by MAZARS Public Sector Internal Audit Limited regarding the Draft Operational Internal Audit Plan (circulated previously).

The Internal Auditor (MT) advised that the Draft Operational Internal Audit Plan was based on:

• Schedule B of Mazars LLP proposal dated 26 February 2016
• Review of the strategic and departmental risk registers
• Meetings with the Head of Resources
• Review of key performance indicators (KPIs)
• Their assessment of emerging and known risks in the public sector, and
• Review of their previous internal audit coverage.

He advised the Committee that the plan was based on 220 days’ work (as previously).  As a result of discussions with the Senior Management Team (SMT) a further two audits had been identified. These were listed in the plan as:

• Audit: Human Resources, (planned for quarter three), and
• Audit: Performance Management, (planned for quarter three).

The Committee discussed the methods used to identify additional audits.

The Internal Auditors explained that they did not solely choose from the risks identified as high risk on the Corporate Risk Register, but worked with SMT and considered those risks which may not have had assurances elsewhere.

The Head of Resources confirmed that the audit plan covered a five year period, therefore some Audits may be performed annually whilst others may be less frequent within the time frame.

RESOLVED that the Draft Operational Internal Audit Plan be approved.

Report by MAZARS Public Sector Internal Audit Limited (attached).

The Committee considered a report by MAZARS Public Sector Internal Audit Limited regarding the Internal Audit progress report for 2018/19 (circulated previously).

The Committee was advised of the following in relation to the Internal Audit Progress Report 2018/19:

·         Three audits had been finalised since the last meeting.

·         77% of the audits had now been completed

·         The Council Tax / National Non-Domestic Rates (NNDR) audit had been completed, with one ‘priority three’ recommendation. That recommendation was in relation to the review of the ‘single person discounts’ through the National Fraud Initiative (NFI).

·         The GDPR audit had been completed, with one ‘priority two’ and five ‘priority three’ recommendations.

The Head of Resources advised the Committee that the Email audit had also been completed.  The BIS Manager had been invited to attend the Committee to provide additional information.

The BIS Manager advised that following the recommendations of the audit, works were ongoing to rectify issues. 

• Three recommendations had been issued regarding the email policy.  The ‘Office 365’ cloud solution was being rolled out across the authority.  Training had been arranged for staff and Councillors.  New Councillors appointed after the elections would also receive training.
• The Email, Internet and Acceptable Usage Policy would need to be updated as the secure email system (GCSX) would no longer be available from March 2019.  This would be completed by May 2019 with assistance from HR.
• Cloud storage would be utilised in future but retention periods for email would need to be reassessed as changes to GDPR to prevent sensitive and confidential information being stored as emails. 
• The Authority would not be increasing the storage size of email mail-boxes, but would be looking to reduce the size over a period of time.  It was hoped this would encourage users to reassess what information/email they kept in line with their service area retention schedules.
• The auditors had identified an issue regarding access requests and changes to mailboxes.  It was suggested that any requests for access to mailboxes of third parties be provided alongside justification for the access and a time limitation set.

In response to a question from the Committee, the BIS Manager confirmed that although the Authority’s email were archived, they were accessible via a request to the ICT staff only when absolutely necessary (with a business justification).

RESOLVED that the Internal Audit Progress report for 2018/19 be noted.

Report by Grant Thornton (attached).

The Committee considered a report by Grant Thornton regarding the External Audit Plan 2018/19 (circulated previously).

The External Auditor (GD) highlighted the following:

• Materiality level had been determined to be £1.153m for the Authority, which equated to 2% of the prior year’s gross expenditure for the year.  This would be revised in May once the Statement of Accounts was available.
• They were obliged to report uncorrected omissions other than those classed as ‘clearly trivial’. That level had been set at £0.058m.
• They assessed the land valuation estimation techniques; the valuation method used to assess the pension fund liability and challenged the Actuary Assessment.
• The Audit fee (as set by Public Sector Audit) was £36,499.
• The fee for the Housing Benefit grant audit was estimated at £21,253. This figure would be reviewed on an ongoing basis.  This work would be in a non-advisory capacity.

RESOLVED that the External Audit Plan for 2018/19 be noted.

Report by Grant Thornton (attached).

The Committee considered a report by Grant Thornton regarding the External Audit Progress report and Sector Update (circulated previously).

The External Auditor (MB) confirmed:

·         The interim audit would commence in April 2019

·         North Devon Council (NDC) had opted in to the Public Sector Audit Appointments (PSAA) Appointing Person Scheme which started in 2018/19.  The PSAA had appointed Grant Thornton as the Auditors. The PSAA monitored the work of Grant Thornton.

·         In the autumn the PSAA would issue the Authority with a survey to assess the works to date.  The External Auditors would work with the Authority beforehand to ensure the survey is tailored to meet the Authority’s requirements.

The External Auditor explained that the report contained articles in relation to the Sector Update, Public Sector Audit Appointments, Brexit and CIPFA Financial Resilience Index Plans.  He recommended that the report on the Expectations Gap by the Institute of Chartered Accountants in England and Wales (ICEAW) be read, along with the associated reports available online. This was the first report by the ICEAW and it fully explained the Audit function.

In response to a question from the Committee, the External Auditor (GD) confirmed that the biggest challenges faced by Auditors were the need to remain independent whilst also being the ‘critical friend’ to Authorities (there was a need to assist without overstepping the boundaries), and the challenges from Audit Committees themselves.

RESOLVED that the External Audit Progress Report and Sector Update be noted.

Report by Head of Corporate and Community Services (attached).

The Committee considered the Audit Recommendation Tracker report by the Head of Corporate and Community in respect of actions taken to address internal and external audit recommendations (circulated previously).

The Committee noted the following updates:

·         No recommendations had been included in table B  (recommendations completed since the last meeting of the Audit Committee)

·         Table C detailed six recommendations for which time extensions were being requested.  Four had requests for extensions to the end of March 2019, therefore they would be completed by the time of the next meeting.

·         The oldest recommendation in table C (15HN CBL 01) had a request for an extension to the end of December 2019.  This had been requested as the team had experienced changes to staffing and were currently reorganising the works.

·         Table D detailed five outstanding recommendations.

·         The recommendations in Table E (Annual Governance Statement) could not be completed until others had been finished.

·         Recommendation 16 C & CE02 would be finalised following the changes to the Constitution if approved by Full Council.  This would then be completed prior to the next meeting.

·         The oldest recommendation in table C (15HN CBL 01) had a request for an extension to the end of December 2019. 

RESOLVED:

(a)          that that the extensions to time scales requested in the Audit Recommendation Tracker be approved; and

(b)          that the Audit Recommendation Tracker be noted.

To consider the work programme (attached).

The Committee considered the draft work programme for 2019/20 (circulated previously).

                        RESOLVED:

a)    that the following Internal Audit agenda item be moved at the request of the Internal Auditors: Internal Audit Annual Report from July to June 2019.

b)    That the work programme for 2019/20 be noted.

65.                   EXCLUSION OF PUBLIC AND PRESS AND RESTRICTION OF DOCUMENTS

RESOLVED:

a)    That, under Section 100A(4) of the Local Government Act 1972, the public and press be excluded from the meeting for the following item as it involved the likely disclosure of exempt information as defined by Paragraph 3 of Schedule 12A of the Act (as amended from time to time), namely information relating to the financial or business affairs of any particular person (including the authority holding that information).

b)    That all documents and reports relating to the item be confirmed as “Not for Publication”.

Report by Head of Corporate and Community Services (attached).

The Committee considered the Corporate Risk register report by the Head of Corporate and Community (circulated previously).

The Head of Resources advised the Committee that each department had updated their associated risks.  Each was shown with updated notes.

The Chair thanked the Head of Resources, and those staff, for providing the updated information.

In response to questions from the Committee, the Head of Resources confirmed that:

• Since the Community Safety and Protection Officer had left the Authority, her work was being covered by other officers within the Environmental Health and Housing team.  Risks would be identified in the Business Continuity Plan.

The Chief Executive confirmed that there would be further progress on the Business Continuity Plan within the next two weeks. This work was being carried out by Environmental Health and Housing for approval SMT.

In response to a question from the Committee the Chief Executive confirmed that his major concern, of those identified risks, was the possibility of cyber-attack.  He felt that the possibility was more ‘when’ it would happen rather than ‘if’. The industry had changed and technology was always evolving and only so much could be done to mitigate it.

The BIS Manager confirmed that the ICT Audit had taken place last year.  Every resulting recommendation was being actioned. The Authority had firewalls and anti-virus software and constantly reviewed the provisions in place.  She noted that many problems had been due to user error, from, for example, users opening suspicious emails, or visiting unsafe websites.   The Authority had cyber insurance and the services of forensic ICT specialists should an attack be experienced.

The Chief Executive explained that the restrictions on activity by Councillors from their own equipment (phones, PCs etc) was in an attempt to reduce such risks. More control and security measures could be implemented on Council-owned equipment.  The reasons for such restrictions should be emphasised to the Members.

The Chair emphasised the need for the Councillors to receive full training for the use of their iPads once issued, in order to be able to identify and avoid pitfalls such as suspect emails.

In response to a question from the Committee the External Auditor (GD) confirmed that Grant Thornton had measures in place as part of their own risk assessment.  If the Authority were to suffer an attack, Grant Thornton would be on hand to assist and also to identify how and why it happened, and how it could be prevented from reoccurring.

The Head of Resources added that the Internal Auditors had their own ICT specialists who performed the ICT audits. Their experience and knowledge was of benefit to the Authority.

RESOLVED    that the Corporate Risk Register be noted.