Agenda and minutes

Venue: Pittville Room - Municipal Offices. View directions

Contact: Saira Malin, Democracy Officer 

No. Item



Councillor Hay (Chair)


Councillor Hay had given his apologies.  Councillor Harvey, as Deputy Chair would take the chair in his place but was running a little late; so the committee nominated Councillor Payne to take the chair until he arrived.  Councillor Harvey arrived at 6:15pm. 


Declarations of interest


No interests were declared.


Minutes of the last meeting pdf icon PDF 83 KB

10 January 2018


The minutes of the last meeting had been circulated with the agenda.


Upon a vote it was unanimously


RESOLVED that the minutes of the meeting held on the 10 January 2018 be agreed and signed as an accurate record.


Public Questions

These must be received no later than 12 noon on the fourth working day before the date of the meeting


None had been received.


general data protection regulation policy pdf icon PDF 96 KB

Corporate Governance, Risk and Compliance Officer


Additional documents:


The Corporate Governance, Risk and Compliance Officer introduced the General Data Protection (GDPR) Policy, as circulated with the agenda.  He explained that the existing data Protection Act 1998 would be replaced by new legislation on the 25 May 2018 and the committee were asked to recommend that Cabinet approve the new policy.  It was also recommended that the Borough Solicitor be designated as the Data Protection Officer and the Shared Service arrangement between Cheltenham Borough Council, Gloucester City Council and One Legal (Tewkesbury Borough Council) be varied.  


The Corporate Governance, Risk and Compliance Officer responded to member questions: 


  • Data sharing was not an issue assuming people were advised that their data would be shared and assuming a data sharing agreement was in place.  Data audits had been undertaken across the council, of all data collected, with many sharing agreements already in place, and where they were not, discussions were ongoing to ensure that they were put in place.
  • There were instances where residents could ask that their details not be shared and consideration was being given to how long details of objectors to planning applications, for example, were retained.  Privacy notices would set out why data was being processed, who it would be shared with and how long the data would be retained.  

·         As part of the member training that had been provided it had been made evident that members needed to clear about in which role they were collecting data, as a ward, borough or party representative. 

·         Registration with the Information Commissioner was members’ responsibility with the council having no power to force members to do this, though it was highlighted that they were putting themselves at risk by not doing so.  Democratic Services were supporting members’ with the process (and covering the fee) this year.  All members had been invited to visit Democratic Services to complete the online registration and thus far only two had done so.  Democratic Services would be arranging a drop-in session prior to and immediately after the next Council meeting.

·         A project team had been set-up to deliver compliance and that project had a long list of risks, which included IT risks.  The policy tabled with the committee was a different matter.  Members were reminded that each project had a risk register which was managed by the project team, but should a risk score 16 or more, it was automatically added to the Corporate Risk Register and monitored and reviewed by the Senior Leadership Team and Cabinet members.  IT had a Divisional Risk Register and PSN compliance formed part of this.

·         Admittedly, PSN required an annual return to ensure compliance, which he assumed parts of the NHS had completed.  He wouldn’t comment on how it had therefore been possible for hackers to get into their systems. 

·         Members were reminded that as part of Publica a joint PSN return was made, rather than one for each of the partner councils. 

·         He was not able to confirm whether or not the company that undertook penetrative testing  ...  view the full minutes text for item 5.


Annual review of risk management policy pdf icon PDF 107 KB

Corporate Governance, Risk and Compliance Officer

Additional documents:


The Corporate Governance, Risk and Compliance Officer introduced the Annual Risk Management report and policy.  He reminded the committee that each year the policy was tabled for approval and the report summarised risk management activities since March 2017.  The South West Audit Partnership had reviewed Risk Management processes and had made a recommendation regarding Project Managers’ assurance, which was addressed immediately, with no other amendments required.  With the commencement of the cemetery and crematorium project, he felt members could be reassured that lessons had been learned after the last major projects which encountered problems.


The Corporate Governance, Risk and Compliance Officer gave the following responses to member questions:


·         Corporate Health and Safety was something very different to Corporate Risk Management.  If however a missing was identified and a risk was added to the Corporate Risk Register, then the policy would be updated to reflect this.  

·         He was aware that there were processes and safety measures in place with regard to ensuring the safety of taxi marshals but he didn’t have detailed knowledge of what these included.  He would refer this to the Licensing Team for a response to members outside of the meeting.

·         The cem and crem project was only chosen for review by SWAP as it represented the largest capital project of the council at this time but it was stressed that the same processes were in place for all projects.  


The Corporate Governance, Risk and Compliance Officer advised the committee that this would be the last meeting he would attend as he was due to commence flexible retirement in the summer, after which his role would focus on DEPLO only, and took the opportunity to thank the committee for their support over the years.  On behalf of the committee, the Chair wished the officer all the best and thanked him for his hard work and dedication to his role in support for the committee. 


Upon a vote it was unanimously


RESOLVED that the Risk Management Policy for 2018-19, at Appendix 2, be approved.


Audit Committee update pdf icon PDF 682 KB

Grant Thornton


Barrie Morris of Grant Thornton (GT) introduced the Audit Committee update which detailed progress at April 2018.  GT had started planning the 2017-18 financial statements audit, Value for Money (VfM) work had been undertaken, with details included in the audit plan (the next item on the agenda) and the VfM conclusion would be tabled with the committee in July.  He highlighted that GT had completed a high level review of Internal Audit arrangements and had concluded that they provided an independent and satisfactory service to the council, contributing to an effective internal control environment.  From Page 73 onwards sector updates detailed emerging national issues and developments, which could be of interest to members. 


There were no comments or questions.


No decision was required.


Audit Plan pdf icon PDF 470 KB

Grant Thornton


Sophie Morgan-Bower, of Grant Thornton, introduced the External Audit Plan which set out the planned scope and timing of the statutory audit by Grant Thornton.  Members were referred to pages 89 to 91 which detailed the significant risks that had been identified.  She highlighted that the risk of fraudulent transactions being included in the revenue cycle had been rebutted.  The risk of management override of controls was a presumed risk that was present in all entities and therefore a non-rebuttable risk.  Property, plant and equipment and investment property represented the largest of the council’s assets and the valuation of these assets was therefore identified as a risk requiring special audit consideration and was an area of particular focus for Grant Thornton.     The valuation of pension fund net liability represented the largest liability to the council and therefore Grant Thornton would be looking closely at any assumptions being made.  Page 92 outlined other risks which had been identified which were not significant but were slightly elevated and she highlighted the LGPS up-front payment, though this related to the disclosure associated with the payment, rather than the payment itself. 


Barrie Morris of Grant Thornton referred members to Page 99 which detailed a disclosure made by GT about a potential breach of the ethical standards in connection with a contractor who was engaged with the firm (GT) and who was also the Chair of Publica Group (Support) Limited.  The Ethical Standards does not allow a member of staff to take a role as an officer or member of board of directors in an entity where an audit client holds more than 20% of the voting rights.  As soon as the breach was identified, GT notified the Public Sector Audit Appointments Ltd (PSAA) as well as the Director of Finance for each of the Councils and the contractor concerned.  The contractor’s engagement with GT was terminated, with immediate effect, as soon as the breach was identified and no members of the audit team had any involvement with the contractor concerned and were unaware of his relationship with GT.  Barrie explained that this was highly unusual and suggested that the reason the issue had arisen was that the definition of people had changed earlier in the year.  He gave assurances that arrangements had been strengthened and reassured members that responsibility for this lay with Grant Thornton and not the Council.  A member commented that the individual should have, themselves, declared a conflict of interest. 


Finally, Barrie highlighted the non-audit services, which were of such low value, they did not undermine their independence. 


In response to member question Barrie explained that work relating to Publica Group Support Ltd would be twofold.  Firstly GT would review the Council’s treatment of Publica in the accounts of the council and given that CBC had limited involvement this would be less than partners, but discussions were ongoing with the Section 151 Officer and Deputy Section 151 Officer.  Secondly and in terms of VfM, GT would check that governance arrangements  ...  view the full minutes text for item 8.


Internal Audit annual plan 2018-19 and Internal Audit Charter pdf icon PDF 115 KB

Internal Audit

Additional documents:


The Assistant Director for the South West Audit Partnership (SWAP) introduced the Annual Internal Audit Plan 2018-19 and Internal Audit Charter 2018-19, which had been combined as both were tabled for approval.  She explained that the Audit Plan 2018-19 listed the risk based assurance and consultancy work planned for the year head, and whilst it outlined the preferred programme of work, it was meant to be flexible to allow for any emerging issues throughout the year.  The charter set out how the Internal Audit service would operate and formed part of the requirements for the Public Sector Internal Audit Standards, and would be tabled with the Internal Audit Annual Plan each year.


The Assistant Director gave the following responses to member questions:


  • A decision was required on which of the four ICT Audits listed (Cybersecurity, Physical Networks / Network Access, Software / Hardware management, and Members’ ICT) would be undertaken in 2018-19. 
  • It was likely that a staff survey would form part of the Corporate Culture review, but this had not yet been finalised, as the review was not scheduled until the final quarter. 


There were no further comments or questions.


Upon a vote it was unanimously


RESOLVED that the Internal Audit Plan 2018-19 and Internal Audit Charter 2018-19 be approved.


Internal audit monitoring report pdf icon PDF 77 KB

Internal Audit

Additional documents:


The Assistant Director of the South West Audit Partnership (SWAP) introduced the Internal Audit Monitoring Report, which was designed to give through the year comment and assurances on the control environment and outlined progress against the 2017-18 plan.  She noted that since the publication of the report, the team had issued two final reports: Council Tax and NNDR. 


The Assistant Director provided the following responses to member questions:


  • Work had commenced on all items on the 2017-18 plan, with many of those marked as ‘in progress’ simply waiting for a management response, with the AGS and accounts work due for completion by the 31 May.  It was noted that work had already started on the 2018-19 plan and therefore, at this stage, there were no concerns regarding deliverability. 
  • In terms of the opinions relating to Ubico (no assurance and partial assurance), recommendations had been made and an independent consultant had been appointed and would report back on the issue soon.  The Assistant Director would report back details of any progress at the next meeting.


There were no further comments or questions.  


Upon a vote it was unanimously


RESOLVED that the monitoring report be noted.


Annual Governance Statement pdf icon PDF 76 KB

Internal Audit

Additional documents:


The Assistant Director for SWAP introduced the Draft Annual Governance Statement (AGS), which had been published separately to the agenda.  The Deputy Section 151 Officer confirmed that the AGS would form part of the final accounts which would be tabled for approval by the committee in July. 


There were no comments or questions. 


Upon a vote it was unanimously


RESOLVED that the draft Annual Governance Statement be noted.


Counter Fraud Update and Regulation of Investigatory Powers Act 2000 Update pdf icon PDF 93 KB

Counter Fraud


The Counter Fraud Manager introduced the Counter Fraud Unit Report and Regulation of Investigatory Powers Act 2000 (RIPA) update, as circulated with the agenda.  She first talked through the work plan and results, noting that at the end of the first year there was an underspend and as such £2248 would be returned to Cheltenham Borough Council.  In addition to working directly for the partner Council’s, the unit had grown and now provided support to other public sector bodies including: Cheltenham Borough Homes, Gloucester City Homes, Places for People, Bromford Housing and Ubico, as well as Publica.  The work plan for 2018-19 was still being developed and would be circulated in due course, but the unit would be drawing on some of the objectives within the Home Office Anti Corruption Strategy, concentrating on promoting integrity across the public sector and reducing corruption within procurement. 


Paragraph 1.7 of the report outlined how the team had supported the Council between October 2017 and March 2018, in undertaking the investigation of alleged fraud and abuse in relation to the Council Tax Reduction Scheme (Council Tax Support), National Non-Domestic Rates (Business rates) and Council Tax liabilities and detailed some of the results that had been achieved.  She noted that, in recognition that it was more beneficial to join up as a county: county-wide bids had been submitted for pilot schemes for joint benefit investigations with DWP and business rates pilot work with NFI.  It was also noted that work relating to empty residential properties was more to do with prevention and that the review of holiday lets had generated £1400, which had paid for the cost of the work, which was a positive result.  CBC enforcement teams were proactive but the unit were offering support and expertise in terms of criminal cases.  The unit were also currently running staff awareness sessions across the partner authorities and would be circulating the slides to members in due course. 


Counter Fraud Manager gave the following responses to member questions:


·         Much of the data matching that the unit undertook had exemptions applied relating to the prevention of crime and this would continue to be the case.  Privacy Impact Assessments were being undertaken when necessary and because it was a newly formed team, a retention schedule was being currently being developed which should be easy to implement. 

·         The number of individuals on the housing waiting list had reduced because the more robust checks had identified individuals that should not have been on the list, which in turn, mean that CBH were able to house those that were legitimately on the list, more quickly.  Making false statements on a housing application did constitute fraud but there was a decision to be made about the cost and reputational risk of pursuing all of these.  The initial check had removed approximately 50 individuals.   

·         Licensing was a consideration in relation to feedback or checking where investigation cases warranted it. 

·         Right to Buy prevention checks were robust and necessary as successful RTBs  ...  view the full minutes text for item 12.


review of draft accounting policies pdf icon PDF 94 KB


Additional documents:


The Deputy Section 151 Officer introduced the draft accounting policies, as circulated with the agenda.  She explained that Grant Thornton had recommended that these be tabled with the committee ahead of approval of the final audited 2017-18 Statement of Accounts which was scheduled for July.  There were no material changes, however, in line with the requirement to declutter the statement of accounts two accounting policies had been removed from the draft notes to the statements, as they were no longer considered relevant to the council’s current operations or financial activities: Acquisitions and discontinued operations and; Foreign currency translation.  She noted that these would be reviewed and included in accounting policies in future years if appropriate.  It was also noted that a new group accounting policy note in respect of Publica had not yet been finalised, as confirmation on the requirement for Group status was pending.


In response to a member question the Deputy Section 151 Officer gave the example of Icelandic Banks where foreign currency translation had previously applied but was no longer applicable. 


There were no further comments or questions. 


Upon a vote it was unanimously


RESOLVED that the draft accounting policies be noted.


Work Programme pdf icon PDF 53 KB


The work programme had been circulated with the agenda. 


The Democracy Officer noted that it had been suggested at a recent meeting of the Overview and Scrutiny Committee that the Audit Committee may wish to review the success of the governance arrangements for the leisure@ refurbishment programme, as it represented a new approach to project management for this council.  The committee agreed and this would be added to the work plan for a time after the project was due to be completed (start of July 2018). 


Councillor Willingham reiterated his request that ‘Information Security’ be added to the work plan as a standing item.  Officers would contact IT to establish a timely date for any such item.


Any other item the chairman determines to be urgent and requires a decision


There were no urgent items requiring a decision but as Chair, Councillor Harvey took the opportunity to thank retiring members of the committee and any members that were not re-elected in May.  He paid particular thanks to Councillor Hay, who would be retiring and would be sadly missed as Chairman of this committee. 


Date of next meeting

25 July 2018


The next meeting was scheduled for the 25 July 2018.