Agenda and minutes

Apologies were received from Councillor Harman.

There were no declarations of interest.

To approve the minutes of the last meeting held on 15 January 2014.

The minutes of the last meeting were approved and signed as a correct record.

These must be received no later than 12 noon on the fourth working day before the date of the meeting

There were no public questions.

Report of Head of Audit Cotswold, Rob Milford

Ian Watkins, Principal Auditor, Audit Cotswolds introduced the item in the absence of Rob Milford, Audit Partnership Manager. He highlighted the work Internal Audit had undertaken since the last meeting as outlined in section 3.2 of the report and referred to the executive summary of the Bridging the Gap Corporate Strategy Report at Appendix 1 which was work in progress.

The Principal Auditor explained that there was one GOSS report showing the core financials and Audit Cotswolds would be looking at GO specific work with separate assurance ratings for each area which would then feedback to the client group. He also informed that the Chief Executive had commissioned Grant Thornton to undertake a piece of work on the Art Gallery and Museum outturn.

A member felt that in terms of the audit of GOSS as a whole this work should be fed back to the JMLG in order to have a Member view. The Director Resources agreed to take this forward.

RESOLVED

To note the report.

Report of Customer Services Group Manager, Forest of Dean, Andy Barge,

Giles Rothwell, ICT Shared Services Operations Manager, was introduced to the Committee.

The Chair reminded Members that at the last meeting of the Audit Committee on 15 January 2014 they had received a mid-year review of progress against the Significant Issues Action Plan. This report was in response to their request for further assurance with regard to ICT business continuity arrangements and testing.

In response to a question the ICT Operations Manager confirmed that there were referencing environments for all of the council’s virtualised services. He explained that it was now necessary for business users to undertake the testing themselves.

In response to a question on the four tiers of recovery in terms of the large gap between tier 1 and tier 2, the Corporate Governance, Risk and Compliance Officer explained that these had been established in May 2012. He referred to the power outages in February 2014 whereby users had experienced no disruption. Should there be a major incident such as a power outage for a five day period there would be a redeployment of staff to the Forest of Dean and priority systems would be run on a skeleton basis as determined by the business continuity team. Other systems would come in over a period of time and this was a documented process.

When asked whether a service level agreement existed between CBC and ICT Shared Services the Corporate Governance, Risk and Compliance Officer stated that a business continuity protocol had been established for all GOSS partners and the JMLG had been involved in the decision making process for this. The Director Resources added that a service catalogue had been created when Cheltenham had originally hosted the Agresso system on behalf of GOSS. All councils in GOSS were required to sign a new general disaster recovery plan and there was now an action for this to be renewed.

Members felt that an annual review of ICT Business Continuity should be programmed in to provide Audit Committee with an assurance. In response the Director Resources made reference to the SWAP discussion in the JMLG whereby Cheltenham was looking at the service continuity plan in terms of the tiering system and the critical people involved. In addition Ubico and the forthcoming Leisure and Culture Trust had to be included. It was agreed by JMLG that these plans should be refreshed so that assurance could be given that disaster recovery arrangements were satisfactory for all clients.

In response to a comment that there should be a faster acceleration process particularly in terms of systems relating to benefits and council tax, the ICT Operations Manager said that this depended on the level of investment. It was possible to have duplicate environments in geographically separate locations but it was a question of the business defining the need to continue operating weighed against the cost of delivering this.

Members were reminded that the major investment in ICT was being rolled out and there had also been staffing issues within the service so it  ...  view the full minutes text for item 6.

Report of the Head of Audit Cotswolds, Rob Milford

Ian Watkins, Principal Auditor, Audit Cotswolds, introduced the report which outlined the work planned by Audit Cotswolds, and which was a key component of the Council’s governance framework and an assurance source supporting the Annual Governance Statement, which formed part of the statutory accounting standards.

When asked what the objective was of Audit reviewing the performance arrangements at employee level, the Principal Auditor explained that the purpose was to ensure that the performance measures looked reasonable and measurable and that they contributed to improving the process. He added that Internal Audit was expanding beyond its traditional remit but concern was expressed by Members that this type of investigation appeared not to have a final end point and therefore may not actually achieve anything. The Auditor then explained that the Audit partnership was bringing forward ideas in terms of best practice in order to help and assist management to achieve their objectives and when outsourcing it was important that good quality instruction was given in the quality and quantity desired.

The Corporate Governance, Risk and Compliance Officer, explained that the role of the Commissioning team was to monitor client and contract commissioning arrangements, working alongside partner organisations.

When asked to comment on the internal auditor function, the external auditors, Grant Thornton acknowledged that the remit of the internal function had expanded from the focus being on the core financial system to more risk management and performance management activities. He stated that there were examples of this being undertaken elsewhere. He referred to the value for money work Grant Thornton undertook which covered economy, efficiency and effectiveness which all interlinked with the corporate strategy. They would look at specific examples in order to ensure that the same quality of service was being provided for a lower cost. It was obviously not possible to pick up everything; therefore there could be a role for internal audit in performance management, recognising the work that was already being carried out on governance and core financial systems.

In response to a question on fraud reporting and counter fraud advice the Auditor explained that the focus of this work was on housing fraud and was not restricted to the financial aspects but general fraud issues.

A question was raised with regard to social networking and whether, in terms of recruitment, the council looked at the social networking of applicants. In addition it was asked whether the council took a detailed look at accounts held by Council employees. In response the Auditor explained that a social media policy did exist. Internal Audit was not directly involved but they would seek assurances should ICT complaints come forward. The Corporate Governance, Risk and Compliance Officer added that the use of social networking formed part of the Employee Code of Conduct. Members believed this should cover what is reasonable for an employee to communicate in a personal capacity.

RESOLVED

That the Internal Audit Plan for 2014/15 be approved.

Report of Director of Resources, Mark Sheldon

The Corporate Governance, Risk and Compliance Officer introduced the annual report of the Council’s risk management activities. He explained that the Senior Leadership Team (SLT) reviewed risks in line with the Risk Management Policy on a monthly basis and copies of the risk management report were submitted to Cabinet Members also on a monthly basis so that they had the opportunity to discuss risks with those concerned. Audit Committee Members were also asked to consider the current risk register, an updated version of which was tabled. Reference was made to the corporate risk profile which demonstrated the risk appetite for the authority. The vast majority of risks fell within the amber category. This scorecard included criteria to guide officers and members and the scoring of each risk could be challenged by Cabinet Members at any time.

The Director Resources highlighted to Members that the Risk Management Policy and scorecard had been reviewed as a result of the discussions on the PSN issues and in so doing it was hoped that any ambiguity in the scoring had now been removed.

In response to a question on why the number of risks in the month of December were low, the Corporate Governance, Risk and Compliance Officer explained that this was due to the reporting mechanism as in December there had been no meeting of SLT. He also added that the risk management awareness on line learning module would be updated for the purposes of training newly elected members following the May elections.

The Chair thanked officers for the report and believed that it was useful for the committee to see the risk register periodically.

RESOLVED

To endorse the risk management work undertaken during 2013/14

Report of Corporate Governance, Risk and Compliance Officer, Bryan Parsons

The Corporate Governance, Risk and Compliance Officer introduced the report and reminded members that they had considered the methodology for carrying out the review for the Risk Management Policy for 2014/15. The review had now been completed and the results of a questionnaire sent to all Members, SLT and Managers, collated. The policy document attached to the report included the suggestions submitted.

Members discussed the revised policy and pointed out the following :

• The change in the definition of “almost impossible” to “negligible” had not been changed to match the definition in the scorecard
• The column “Action” should be amended to read “Action in response to risk levels”
• Terminology throughout the document should be more consistent

RESOLVED

To approve the Risk Management Policy for 2014

Report of Corporate Governance, Risk and Compliance Officer, Bryan Parsons

The Corporate Governance, Risk and Compliance Officer introduced the report that the Council was required to review the Code of Corporate Governance, based on a SOLACE and CIPFA model, on a regular basis to ensure that it remained up to date and relevant. This year the review had been undertaken by the Corporate Governance Group.

A discussion ensued on Principle 5 and in particular the section on encouraging new members of the authority. The Corporate Governance, Risk and Compliance Officer explained that as part of the transparency agenda the profile of Councillors could be raised in the community more. The Chair added that when looking at the code of corporate governance the focus of Audit Committee should be to ensure that members were in the best place to carry out their governance responsibilities. It was important that the two columns were aligned in this respect. He highlighted that it was the role of the partnership team to encourage communities to engage and generate interest in council business.

The Cabinet Member Corporate Services wished to inform the committee that he had contacted the Democratic Services Manager to investigate ways of attracting more public participation in order to encourage people to become local councillors. The discussions were not advanced but it was recognised that more could be done and that representatives of political parties had a role to play. Members acknowledged that there was a lack of diversity in elected members and good corporate governance would be to have a better cross section. They recognised the role of political parties in the process but it was also important that council business was more easily understood by the public. An example was given of the involvement of young people at senior schools in mock trials to encourage them to consider being a magistrate. This had been successful and involved volunteers and officers. Members recognised there was a resource issue but suggested that the work of other authorities, such as Cornwall, were looked at in this regard.

The Chair thanked Members for their useful comments and suggested that at outturn Cabinet Members should be asked to consider funding a one off event about local engagement/democracy which could add to the good governance of the Council.

RESOLVED

To approve the use of the Local Code of Corporate Governance during 2014-15.

Report of Grant Thornton

Peter Smith, Audit Manager, Grant Thornton, introduced the report on progress made by the external auditors in delivering its responsibilities to the Council. This included work on auditing the accounts and value for money. Sufficient work had been undertaken for the Audit Plan to be brought to the committee which detailed the results of the interim work. In terms of emerging issues, officers had commented on challenge questions posed by the auditors. Clarification had been sought from Cipfa on how to take Property, Plant and Equipment Valuations forward .

Peter Smith also brought to members’ attention two documents published by Grant Thornton- a guide to key financial principal statements and Working in Tandem, a report on alternative forms of service delivery in terms of risk leadership and public communication. A copy of both documents would be made available in the Members Room.

The Chair thanked officers who had provided a management response to the challenge questions. A question was raised on why, in the context of council tax localisation, there was no corporate risk assessment of housing benefit. In response the Director Resources explained that as the cycle moved on this was taken off the corporate risk register.

RESOLVED

To note the report

Report of Grant Thornton

Peter Barber, Engagement Lead, Grant Thornton, introduced the Audit Plan and explained that there were 3 main challenge areas set out in the plan covering, financial pressures, delivery of service redesign and town centre development. He outlined the key developments which were relevant to the council and the audit and the approach taken to the audit. Other risks identified were also referred to. The scope of the audit also covered Group accounts. The findings of the interim audit work were laid down in the report and there were no specific concerns.

When asked by the Chair whether risk based auditing was used on group accounts, Peter Smith, Audit Manager, explained that there was a statutory process for auditing group accounts. A formal statement from the auditors was sent directly to the bodies concerned requesting certain information such as planning and risks so there was an assurance that their audit could be relied upon. He explained further that the audit was targeted so there was a focus on particular items which had a bearing on the Councils group accounts. For example Ubico had specific procedures in specific areas whereas Gloucestershire Airport was less significant in terms of both the value and the impact of the accounts and the risks.  The auditors also ensured that the body itself was audited by professional auditors.

RESOLVED

To note the report.

The work plan was noted.

Members gave a vote of thanks to the outgoing Chairman, Councillor Paul Massey, for his most valuable and professional contributions to the work of the Audit Committee.

Date of next meeting: 18 June 2014

18 June 2014