Agenda and draft minutes

Audit Committee
Wednesday, 5 December 2018 6.30 p.m.

Venue: District Council Chamber, South Lakeland House, Kendal. View directions

Contact: Inge Booth 

Items
No. Item

AUD/26

Chairman's Announcement

Minutes:

The Chairman referred to the recent passing of Councillor Ian Stewart, Vice-Chairman of the Audit Committee, and paid tribute to his work and commitment to the Audit Committee over several years.

AUD/27

Minutes pdf icon PDF 150 KB

To authorise the Chairman to sign, as a correct record, the minutes of the meeting of the Committee held on 19 September 2018 (copy attached).

Minutes:

RESOLVED – That the Chairman be authorised to sign, as a correct record, the minutes of the meeting of the Committee held on 19 September 2018.

AUD/28

Declarations of Interest

To receive declarations by Members of interests in respect of items on this Agenda.

 

Members are reminded that, in accordance with the revised Code of Conduct, they are required to declare any disclosable pecuniary interests or other registrable interests which have not already been declared in the Council’s Register of Interests.  (It is a criminal offence not to declare a disclosable pecuniary interest either in the Register or at the meeting.)

 

Members may, however, also decide, in the interests of clarity and transparency, to declare at this point in the meeting, any such disclosable pecuniary interests which they have already declared in the Register, as well as any other registrable or other interests.

 

If a Member requires advice on any item involving a possible declaration of interest which could affect his/her ability to speak and/or vote, he/she is advised to contact the Monitoring Officer at least 24 hours in advance of the meeting.

Minutes:

RESOLVED – That it be noted that no declarations of interest were raised.

AUD/29

Local Government Act 1972 - Excluded Items

To consider whether the items, if any, in Part II of the Agenda should be considered in the presence of the press and public.

Minutes:

RESOLVED – That the item in Part II of the Agenda be dealt with following the exclusion of the press and public.

AUD/30

Risk Management Update pdf icon PDF 90 KB

To consider the Strategic Risk Register.

Additional documents:

Minutes:

The Performance and Risk Officer presented the Strategic Risk Register (Quarter 2) 2018 which outlined all of those risks above and below the line of risk tolerance. Mitigations designed to reduce the risks in terms of likelihood or impact or both were listed against each risk above the line of tolerance.  The Strategic Risk Register was reviewed by Senior Management Team each quarter as part of the Council’s quarterly performance monitoring and reporting arrangements and that review had informed this report.

 

The Performance and Risk Officer drew attention to the fact that over 73% of the Strategic Risks were now positioned below the level of risk tolerance which demonstrated the effective mitigation and regular review of the risks.

 

At its meeting on 25 July 2018, the Audit Committee had suggested that the Strategic Risk ‘Medium Term Financial Plan’ may have a higher impact than indicated on the risk matrix due to future uncertainty over Government spending reviews.  Officers had subsequently undertaken a review of the risk and it had been decided that the matrix position for likelihood and impact was appropriate.

 

Since the meeting of the Audit Committee on 25 July 2018, one new Strategic Risk has been added to the Register.  This new risk was ‘Business Continuity: Flu Pandemic - Loss of people, skills and supply chain disruption.’  Flu Pandemic was listed in the National Risk Register and the Cumbria Community Risk Register.

 

A separate item on the Agenda, Customer Connect Programme Management, included information on Customer Connect risks.

 

The Performance and Risk Officer referred to Risks 6, 9, 14 and 15, which were currently positioned above the line of appetite, and drew attention to the mitigations in place to manage them.  In response to a query with regard to the position below tolerance of Risk 5 (Impact of the Welfare Reform on Communities) and concern expressed given the potential adverse impact of Universal Credit, he undertook to carry out an early review of the risk.

 

RESOLVED – That the Strategic Risk Register, as at Appendix 1 to the report, be noted.

AUD/31

Implementation of General Data Protection Regulations and Data Protection Act 2018 pdf icon PDF 193 KB

To consider an update on the introduction of the General Data Protection Regulation and Data Protection Act 2018 across the Council.

Minutes:

The Principal Performance and Intelligence Officer informed Members that the Data Protection Act 2018 (DPA) covered the use of personal data within the scope of the General Data Protection Regulation (GDPR) and beyond it.  Amongst other provisions, it repealed and replaced the Data Protection Act 1998, incorporated the GDPR into UK law, laid the ground for the free-flow of data between the United Kingdom and the European Union after Brexit, set out permitted exemptions under the GDPR and set out the duties and powers of the UK's Information Commissioner’s Office (ICO).

 

With administrative fines under the new DPA now having an upper limit of 20 million Euros, it was crucial that the Council was compliant with the GDPR/ DPA, as it had been under the Data Protection Act 1998.  The report sets out the work undertaken to prepare for and implement GDPR across the Council.

 

The General Data Protection Regulations Project Initiation Document had been presented to Audit Committee on 6 December 2017 and set out the scope, objectives, outcomes and deliverables of the project.

 

The Information Governance Board, as outlined in the General Data Protection Regulations Project Initiation Document, had been established to ensure senior leadership, drive and accountability.

 

The current Principal Performance and Intelligence Officer had been appointed as the Council’s Organisational Data Protection Officer.  He had qualified as a General Data Protection Regulation Practitioner.

 

A number of activities were in operation to ensure continued compliance with the law, details of which were provided within the report.

 

A number of documents, some of which were named within the report, had been formally reviewed by the Management Team and/or Cabinet (where appropriate) to assist Members, Officers, and members of the public.

 

The Council’s Information Asset Register was complete and had been published on the Council’s SharePoint site.  The Council’s Register of Processing Activity, in accordance with Article 30 of the GDPR, was complete and had been published on the Council’s dedicated Data Protection SharePoint page.

 

An Information Asset Register (IAR) was a simple way to help the Council understand and manage its information assets and the risks to them.  It was important to know and fully understand what information the Council held in order to protect it.

 

In support of the Council’s IAR, the Information Handling and Classification Protocol was in place and would be applied in accordance with the overall GDPR/DPA 2018 implementation.

 

A generic corporate Privacy Notice had been published on the Council’s website covering all services provided by the Councils.  Alongside this Privacy Notice, service specific Privacy Notices for every service were being added.  Privacy Notices advised the Council’s customers what information about them was collected, when it was collected, how it was used, how long it was kept and whether it was shared, and with whom.  The Notices also set out peoples’ rights under GDPR and DPA 2018.  Publication of Privacy Notices was an ongoing task, and the Notices published to date could be found on the Council’s website.

 

A Data Protection Impact Assessment (DPIA)  ...  view the full minutes text for item AUD/31

AUD/32

Press and Public

Minutes:

RESOLVED – That, under Section 100(A)(4) of the Local Government Act 1972, the press and public be excluded from the meeting for the following item of business on the grounds that it involves the likely disclosure of exempt information as defined in Part 1 of Schedule 12 A of the Act as amended by the Local Government (Access to Information) (Variation) Order 2006 by virtue of the Paragraph indicated.

AUD/33

Customer Connect Programme Management

Further to AUD (2018/19), to consider an update on the management of the Customer Connect Programme.

Minutes:

Further to AUD/13 (2018/19), the Assistant Director Performance and Innovation, the Senior Responsible Officer and Senior Lead for the Customer Connect Programme, and the Projects and Innovation Officer, acting as Customer Connect Programme Officer, provided a further update on the management of the Customer Connect Programme and, specifically, the Programme’s risks and programme spend against budget.

 

The Customer Connect Programme Officer presented a live version of the risk register which contained the most up to date information.

 

Both officers responded to queries raised by Members of the Committee.

 

RESOLVED – That the following be noted:-

 

(1)        the Programme Management Workbook at Appendix 1 to the report, including:-

 

           summary page;

           risk heat map;

           risk log;

           issue log;

           dependency log;

           change log; and

           product log; and

 

(2)        the monthly Programme Overview of Spend against the approved budget at Appendix 2 to the report.

AUD/34

Re-admission of Press and Public

Minutes:

RESOLVED – That the press and public be re-admitted to the meeting.

AUD/35

Audit Committee 2018/19 Work Programme pdf icon PDF 100 KB

To consider progress against the Committee’s 2018/19 Work Programme.

Minutes:

The Financial Services Manager advised that there had been no changes to the Work Programme since the last meeting, however, that she intended to update the name of the Lead Officer for External Audit to reflect that there had been a change in Grant Thornton’s Engagement Lead from John Farrer to Gareth Kelly.

 

RESOLVED – That progress against the 2018/19 Work Programme be noted.

AUD/36

External Auditor's Progress Report and Update pdf icon PDF 608 KB

To consider a summary of the External Auditor’s progress to date and emerging issues and developments that may be relevant to the Council.

Minutes:

Gareth Kelly, External Audit, presented a report providing the Committee with a summary of the progress made by Grant Thornton in delivering their responsibilities as the Council’s External Auditors as of November 2018.  The report also included details of emerging national issues and developments that might be relevant to the Council.

 

In presenting the report, Mr Kelly indicated that External Audit had now concluded the certification work for the 2018/19 claim, in line with the November deadline.  Planning processes had commenced for the 2018/19 financial year audit.  He also drew particular attention to Grant Thornton’s recent report on latest trends in local authority trading companies which, he felt, provided practical information.

 

RESOLVED – That the progress made by External Auditors be noted.

AUD/37

Internal Audit Progress Report 2018/19 pdf icon PDF 98 KB

To consider progress achieved in 2018 in delivering the Internal Audit Plan, including one final Internal Audit Report and an update on progress achieved in implementing recommendations from previous internal audit reviews.

Additional documents:

Minutes:

Peter Harrison, Internal Audit, introduced the Internal Audit Progress Report 2018/19. The report provided a summary of the progress against the Internal Audit Annual Plan as at 20 November 2018.

 

Following the Internal Audit Plan’s approval by Committee in April 2018, five assurance reviews had been finalised and the report contained the executive summary of the one which had been completed since the last meeting, Business Continuity.  It had been intended that three other reports would be presented to this meeting of the Committee and reasons for the delay were provided.  These reports on Use of Agency, Interim and Casual Workers; Health and Safety – Property Risks; and Cyber Security, would now be presented to the Committee in April 2019.  There had been no changes proposed to the Annual Plan, however, the proposed audit of additional DFG monies had been cancelled, as the Council had not drawn down any grant.

 

Mr Harrison presented the executive summary relating to the review of Business Continuity which had resulted in an assessment of substantial assurance, no action points having been identified.  The overall conclusion was that the Council had robust Business Continuity arrangements in place to prevent or minimise the time that the public were separated from critical services.  The Chairman commended the assessment of substantial assurance, as this was an area which had been of concern for a number of years.

 

Internal Audit had also assessed the extent to which previous internal audit recommendations had been implemented. The report showed that 16 recommendations were yet to be implemented.  Nine were on target and there were seven in progress where the original target dates had not been met.  11 recommendations had been implemented and were now considered closed.

 

RESOLVED – That the following be noted:-

 

(1)        the progress achieved in 2018/19 in delivering the Audit Plan and the outcomes of completed audit reviews, as set out in Appendix 1 to the report;

 

(2)        the attached audit report, as set out in Appendix 2 to the report; and

 

(3)        the status of outstanding recommendations contained within the follow up report, as set out in Appendix 3 to the report.

AUD/38

Accounting Policies 2018/19 pdf icon PDF 90 KB

To consider the accounting policies or the 2018/19 financial year to be used in the preparation of the Statement of Accounts for the financial year ending 31 March 2019.

Additional documents:

Minutes:

The Chief Accountant presented a report outlining proposed accounting policies to be adopted for the 2018/19 financial year and to be used in the preparation of the Statement of Accounts for the financial year ending 31 March 2018.  These had been prepared in line with the Chartered Institute of Public Finance and Accountancy’s (CIPFA) Code of Practice on Local Authority Accounting in the UK 2018/19 (the Code).

 

The Chief Accountant explained that the CIPFA Code of Practice on Local Authority Accounting provided a definition of accounting policies which, essentially, set out that accounting policies should be the cornerstone of good financial control and should explain how an organisation applied accounting standards and legislation.  He went on to explain that, whilst there was little discretion in which accounting policies to adopt, there was some flexibility in the accounting methods that could be followed.

 

There had been substantial changes to the 2018/19 CIPFA Code of Practice on Local Authority Accounting which had come into effect for financial years beginning 1 April 2018.  These changes were in the areas of Revenue recognition and Financial Instruments due to the adoption, by the Code, of International Financial Reporting Standard (IFRS) 15 - Revenue from Contracts with Customers and IFRS 9 - Financial Instruments.  The adoption of these new IFRSs in the 2018/19 Code constituted a change in accounting policy which would normally require restatement of the previous year’s accounts, but the Code contained provisions for transitional arrangements which only required adjustments to 1 April 2018 opening balances rather than full prior-year restatement.

 

As a result of the adoption of IFRSs 15 and 9 in the 2018/19 Code, the Council’s own Accounting Policies for 2018/19, presented at Appendix 1 to the report, had been updated to ensure they remained in line with the 2018/19 Code requirements, and details of the changes were provided.

 

At the time of writing the report, the Ministry for Housing, Communities and Local Government had just published the results of a consultation on a statutory override for Local Government in relation to accounting for IFRS 9.  This meant that some charges to the accounts as a result of adopting IFRS 9 should be statutorily reversed.  Because of this consultation outcome, CIPFA had delayed publication of the CIPFA’s Code of Practice on Local Authority Accounting in the UK 2018/19 Guidance Notes for Practitioners.  Therefore, the Council’s current accounting policy was based on the original legislation and draft guidance.  Once published, should the new legislation and guidance require any change to the Council’s accounting policies, a further report would be brought to a future meeting of the Audit Committee.

 

It was good practice to consider and adopt the accounting policies in advance of the production and approval of the draft accounts.  By statute, preparation of draft accounts had come forward to 31 May following the relevant year end, for financial years 2017/18 onwards.  At the same time, the audited statements needed to be published by 31 July following the relevant financial year end; the  ...  view the full minutes text for item AUD/38

AUD/39

Review of Constitution pdf icon PDF 86 KB

To consider the results of the annual review of the Council’s Constitution for consideration by the Audit Committee.

Additional documents:

Minutes:

The Audit Committee’s Contribution to the Review of the Constitution was presented by the Financial Services Manager.  The review concentrated on the areas of the Constitution with a direct impact on the financial controls of the Council contained within the Financial Procedure Rules and the Contract Procedure Rules and fed into the Monitoring Officer’s annual review of the Constitution.

 

The review had identified a number of changes which were highlighted within the appendices to the report, namely:-

 

·         to extend the current virement rules for revenue budgets to capital programme and reserves;

·         to clarify terminology and update references to other documents;

·         to propose more delegation around the use of reserves.  Under the current arrangements approval to use reserves is needed from Council as part of the final accounts process but there is not a Council meeting between the finalisation of the reserve movements and the approval of the accounts by Audit Committee;

·         to clarify that the Monitoring Officer can agree it is not expedient to comply with certain contract requirements, such as signing under seal or the use of Council policies.  This reflects the growing use of framework agreements where the terms and conditions to be used have already been agreed and will give the Council appropriate protection; and

·         to remove references to paper tenders: all tender documents are now submitted electronically.

 

The changes proposed would apply from the date of Council approval for the remainder of the current financial year and subsequent years.

 

Further amendment of the Constitution would be required to reflect changes to the Leadership structure and other changes to job titles.  These changes would be included in the Monitoring Officer’s review of the Constitution and would not be separately reviewed by Audit Committee before submission to Council.

 

RESOLVED – That the proposals for amendments to the Constitution, as set out within the appendices to the report, be recommended to Council for approval.

AUD/40

Audit Committee Risk Register pdf icon PDF 84 KB

To consider the updated Audit Committee Risk Register.

Additional documents:

Minutes:

The updated Audit Committee Risk Register was presented by the Financial Services Manager.  The Risk Register had last been reviewed by the Committee on 25 July 2018 and the recommendations from that meeting had been included within the update.  The Financial Services Manager had not identified any further proposals for change.

 

RESOLVED – That the updated Audit Committee Risk Register be noted.

AUD/41

Review of Local Code of Governance pdf icon PDF 89 KB

To consider the results of the review of the Council’s Local Code of Governance.

Additional documents:

Minutes:

The review of the Local Code of Governance was presented by the Financial Services Manager.

 

Under the Accounts and Audit Regulations (2015), the Council was required to review the effectiveness of the system of internal control annually and report this through an Annual Governance Statement. The Chartered Institute of Public Finance and Accountancy (CIPFA) had published a revised version of their governance framework for local authorities. This counted as proper practice and was to be applied for financial years from 1 April 2016 onwards. The new framework had been re-arranged from the previous framework’s six principles to seven, in line with CIPFA’s broader International Framework: Good Governance in the Public Sector (2014).

 

The Local Code approved in December 2015 and Annual Governance Statement (AGS) had been prepared under the new framework for 2016/17 and 2017/18.  During 2017/18 the Council’s internal auditors had undertaken a review of the Local Code and had concluded that there was reasonable assurance but that the existing procedures could be streamlined.  The recommendations had been:-

 

·         To evidence greater alignment with the Guidance, self-assessment be made against each of the Guidance's suggested Examples of Behaviours and Actions, rather than (or as well as) against the adopted sub-principles of its Local Code.

·         The Responsible Officer for each adopted sub-principle in the Local Code be referenced in all cases to the Officer's post, rather than to the Officer's name or a reference to the Constitution.

·         The spreadsheet that is used to evidence compliance with the Local Code be updated to reflect the proposed changes to the Local Code that were presented to the Audit Committee and subsequently to Council in December 2017.

·         The mapping of the Guidance behaviours and actions that demonstrate good governance in practice be mapped only to sub-principles in the Local Code that pertain to the same principle to which the behaviour and action relate.

·         Each line in the Guidance's list of examples of systems, processes, documentation and other evidence demonstrating compliance be mapped to a referenced sub-principle, rather than being marked as duplicate.

 

The first three recommendations had been implemented in the AGS for 2017/18.  The last two recommendations required changes to the Local Code of Governance itself.

 

There had been one action added to the Local Code:-

 

·         D14 - Consider social value when preparing service plans, considering procurement and commissioning and monitoring performance.

 

References to local area agreements had been removed and references to standards and guidance had been updated.  The majority of amendments were to include behaviours and actions under all principles to which they applied.  As a result some behaviours and actions were duplicated.

 

Appendix 3 to the report showed the CIPFA principles, sub-principles, example behaviours and actions that demonstrate good governance in practice and examples from the CIPFA guidance with the Local Code reference for each.

 

An action plan to address areas for improvement in the Council’s governance arrangements had been presented as part of the approved 2017/18 AGS.  This had been presented to Audit Committee on 25 July 2018.  Appendix  ...  view the full minutes text for item AUD/41

AUD/42

Review of Effectiveness of Audit Committee pdf icon PDF 87 KB

To consider the results of the annual review of the Audit Committee’s effectiveness.

Additional documents:

Minutes:

The Financial Services Manager reported that the annual review of the Audit Committee’s effectiveness had been carried out using principles established by the Chartered Institute of Public Finance and Accountancy (CIPFA).

 

Members were informed that CIPFA had published updated Practical Guidance for Local Authority and Police Audit Committees in 2018, which included the suggestion that a lay or independent member should be included in Audit Committees, although this was not a requirement.

 

The conclusion of the review, which used a questionnaire approach shown at Appendix 1 to the report, was that the Committee could demonstrate that it had been established in accordance with best practice and that it continued to operate effectively, whilst operating without an independent member.  The Committee needed to be alert to any changes in its membership and the expertise of its Members so that suitable training could be arranged and Appendix 2 to the report included a skills framework.

 

CIPFA’s Practical Guidance also included suggested terms of reference for audit committees and it was pointed out that the Committee’s Terms of Reference had been revised in December 2014 to reflect this.  The Practical Guidance also included possible wider functions of an audit committee:-

 

·         considering governance, risk or control matters at the request of other committees or statutory officers;

·         working with local standards committees to support ethical values and reviewing the arrangements to support those values; and

·         reviewing and monitoring treasury management arrangements in accordance with the CIPFA Treasury Management Code of Practice.

 

Audit Committee did support some work of the Standards Committee to support ethical values, particularly around reviewing whistleblowing arrangements.  For South Lakeland District Council, the treasury management scrutiny function was carried out by the Overview and Scrutiny Committee.  The Terms of Reference did not refer to requests for consideration of matters from other committees or statutory officers: any such proposals needed to be considered on a case-by-case basis, bearing in mind the need to maintain the independence of the Audit Committee.

 

Members discussed the suitability of seeking an independent member to sit on the Committee.  Both Gareth Kelly, External Audit, and Peter Harrison, Internal Audit, were of the opinion that this was not necessary in the context of local government.  The Committee did not feel it appropriate at this time to make such an appointment, however, suggested that the matter be kept under review.

 

RESOLVED – That

 

(1)        the review, and its conclusion that the Audit Committee is operating effectively in all material aspects, be approved;

 

(2)        an independent member be not sought for the Audit Committee at this time; and

 

(3)        the skills framework for members of the Audit Committee, as at Appendix 2 to the report, be noted.

AUD/43

Other Significant Financial Issues

To receive a verbal update from the Assistant Director Resources (Section 151 Officer) on any other significant financial issues.

Minutes:

The Assistant Director Resources (Section 151 Officer) drew attention to the fact that the 2019/20 to 2023/24 Draft Budget was due to be considered by Council at its meeting on 18 December 2018.  She referred to the fact that the Local Government finance settlement had been delayed due to discussions on Brexit, however, advised that a verbal update would be incorporated at the meeting, as necessary.

 

RESOLVED – That the verbal update be noted.