Agenda and minutes

You are invited to declare any registerable or non-registerable interests in matters appearing on the agenda, and the nature of that interest. You are also invited to disclose any dispensation in relation to any registerable or non-registerable interests that have been granted in respect of any matters appearing on the agenda.

You are also requested to complete the Declarations of Interests card available at the meeting and return it to the Democratic Support Officer before leaving the meeting.

There were no declarations of interest reported.

To confirm the minutes of the meeting held on 27 March 2019.

Resolved that, subject to the following amendment, the minutes of the meeting held on the 27 March 2019 be confirmed as a correct record and signed by the Chair:

“Minute AC38/03/19 Proposed Audit Committee Work Programme 2019/20

The final paragraph was amended to read:

“Reference was made to the proposals for the annual review of the effectiveness of the Committee which was scheduled to be reported to the Committee at its July meeting.  It was suggested that it might be helpful for a system to be put in place which would allow members to privately feed their views on the authority and the controls in place to the external auditor. It was also suggested that further information be provided to members on the suggested process.”

To receive a presentation which sets out the current position in relation to the closedown of the Authority’s accounts.

Consideration was given to a presentation which set out the current position in relation to the closedown of the authority’s accounts for the 2018/19 year.  It was explained that although the process had been challenging and there were still some items to be finalised the Head of Resources expected to be in a position to publish the accounts on Friday.

The presentation provided details of the Income and Expenditure Statement along with the current Balance Sheet as they currently stood and a number of items were highlighted for members’ information.

Resolved that the presentation be noted.

To give consideration to a report which advises the Committee of the outcome of the review of the Authority’s systems of internal control as presented in the Annual Governance Statement which will assist it to consider the effectiveness of the Authority’s arrangements for the governance of its affairs, including arrangements for management of risks and systems for internal control.

The Committee was presented with the Annual Governance Statement (AGS) which contained the outcome of the review of the Authority’s systems of internal control and explained how it delivered good governance and reviewed the effectiveness of those arrangements. The statement complied with the required regulations and was based on the governance framework which had been produced by the Chartered Institute of Public

Finance and Accountancy (CIPFA) in association with the Society of Local Authority Chief Executives (SOLACE). The Chief Executive, Director of Public Health and each Head of Service had been involved in populating the Annual Governance Statement with the evidence supporting how the principles had been met within the Authority.  Having reviewed the evidence, the Senior Leadership Team had taken the view that, as a whole, the governance arrangements in operation during 2018/19 were adequate.

A number of areas had been identified which required continuous monitoring to ensure that they did not become significant governance issues in the future.  These included:

• A risk that the Authority would not be able to protect its housing assets and services to tenants as a result of changes to government policy on welfare reform which had resulted in reduced income to the Housing Revenue Account;
• A risk that the roll out of Universal Credit could impact on residents’ finances and also the Housing Revenue Account as a result of increased rent arrears;
• A risk that the Efficiency Savings Programme if not properly implemented could result in the Authority not being able to deliver improved services and meet the increased demand for the Authority’s services;
• A risk that existing budget monitoring does not fully align with the efficiency programme
• A risk that the impact of the development of the Integrated Care System (ICS) across the North East and North Cumbria and the Integrated Care Partnerships (ICP’s), which have replaced the former Sustainability and Transformation Plans, have on the Local Authority in relation to the financial implication of the plans and the ability to deliver services for residents;
• Changes to the business rates scheme which allowed local authorities to retain 100% of business rates in their area. Whilst this had the potential to give authorities greater ability to plan for the long term with more financial independence there were added risks including a lack of business growth, the closure of a major business and the cost of appeals. It was noted that measures were in place to provide timely support to businesses and to mitigate the risk;

·      The risk that should the policies and procedures in place fail to ensure that sensitive data is secure and managed appropriately then the Authority could face fines under the Data Protection Act 2018 as well as compensation claims.

·      A need to ensure that governance arrangements for the partnerships were in place to ensure that services were delivered to a satisfactory level whilst delivering value for money and taking account of changes to staffing in both the partners and the

Authority;

·           The decision to leave the European Union had  ...  view the full minutes text for item AC4/19

To give consideration to a report which provides an update on progress made in relation to the audit of the Authority to date.

Consideration was given to a report which set out the progress being made by the external auditor in relation to its work on the Authority’s accounts.  It was explained that EY had completed its interim audit and had confirmed that group accounts were not required.  

Resolved that the report be noted

To give consideration to a report which provides the Committee with a final monitoring statement in respect of the 2018/19 Strategic Audit Plan.

Consideration was given to a report which presented the final monitoring statement in respect of the Strategic Audit Plan for 2018/19. The original plan had been presented to the Audit Committee in March 2018.

It was reported that 82% of the audit assignments programmed during 2018/19 had been either completed or were significantly underway. The reasons for the variation in the planned coverage had been as a result of the deployment of a Senior Auditor on a non-audit roll for part of the year and the difficulties in recruiting to some new posts within the shared internal audit and risk management service. It was explained that the majority of the audits which had not yet commenced had been included in the 2019 Strategic Audit Plan.

Resolved that the Strategic Audit Plan 2018/19 monitoring statement be noted

To give consideration to a report which advised the Committee of the key outcomes from Internal Audit reports issued between November 2018 and April 2019.

Consideration was given to a report which set out the key outcomes of internal audit reports issued between November 2018 and March 2019. It was noted that, based on the outcomes of the audits undertaken, the Authority’s framework of governance, risk management and control was considered to be satisfactory overall.

For each of the reports issued the main points of concern were outlined together with the progress made or action taken to address those concerns. In addition the report also outlined examples of good practice.

Clarification was sought in relation to the following:

·         How often checks were made to confirm that the proposed management actions identified following the completion of an audit were actually completed?  It was explained that previously all actions were checked to ensure compliance but now the approach had been changed to concentrate only on medium and high risk items.  It was also acknowledged that further work was required;

·         A number of systems, such as the Ash Debtors System and Liquidlogic, were not supported by the Authority’s disaster recovery site.  It was explained that the Senior Leadership Team were currently looking at the Authority’s systems for disaster recovery.  It was suggested that a report be presented to a future meeting of the Committee which set out the plan for the removal of the risk;

·         The risk associated with some members of the Engie Finance Team having end to end privileges in relation to several payment systems.  It was explained that although it had been classed as a medium risk there was no evidence that anything untoward had occurred.  It was also explained that the system was in the process of being amended to remove the potential risk;

·         The systems in place to update access to ICT systems when people start working for or leave the Authority.  Reference was made to the templates in place which set out what happened when someone leaves the Authority including for example in relation to IT security.  It was explained that there were policies in place and if these were not followed the matter was referred to the appropriate Head of Service.  It was also explained that there had been a lot of work undertaken in relation to starters and leavers. It was suggested that a review of previous reports might be helpful in identifying any patterns or trends. 

It was suggested that managers be reminded that the Audit Committee regularly reviewed audit reports in relation to their service area.  It was also suggested that a report be presented to the Authority’s Senior Leadership Team which provided a picture of the frequency at which the same issues occurred following audit investigations.       

The Chief Internal Auditor advised members that future reports would be amended to highlight where action had been taken.

Resolved that (1) the opinion of the Chief Internal Auditor, that the framework of governance, risk management and control was satisfactory overall, be noted; and

(2) The key findings, good practice identified and the management action taken in response to  ...  view the full minutes text for item AC7/19

To give consideration to a report which sets out the Chief Internal Auditor’s annual opinion on the overall adequacy and effectiveness of the organisation’s framework of governance, risk management and control, in accordance with the Public Sector Internal Audit Standards.

Consideration was given to a report which set out the key outcomes of internal audit reports issued between November 2018 and March 2019. It was noted that, based on the outcomes of the audits undertaken, the Authority’s framework of governance, risk management and control was considered to be satisfactory overall.

For each of the reports issued the main points of concern were outlined together with the progress made or action taken to address those concerns. In addition the report also outlined examples of good practice.

Clarification was sought in relation to the following:

·         How often checks were made to confirm that the proposed management actions identified following the completion of an audit were actually completed?  It was explained that previously all actions were checked to ensure compliance but now the approach had been changed to concentrate only on medium and high risk items.  It was also acknowledged that further work was required;

·         A number of systems, such as the Ash Debtors System and Liquidlogic, were not supported by the Authority’s disaster recovery site.  It was explained that the Senior Leadership Team were currently looking at the Authority’s systems for disaster recovery.  It was suggested that a report be presented to a future meeting of the Committee which set out the plan for the removal of the risk;

·         The risk associated with some members of the Engie Finance Team having end to end privileges in relation to several payment systems.  It was explained that although it had been classed as a medium risk there was no evidence that anything untoward had occurred.  It was also explained that the system was in the process of being amended to remove the potential risk;

·         The systems in place to update access to ICT systems when people start working for or leave the Authority.  Reference was made to the templates in place which set out what happened when someone leaves the Authority including for example in relation to IT security.  It was explained that there were policies in place and if these were not followed the matter was referred to the appropriate Head of Service.  It was also explained that there had been a lot of work undertaken in relation to starters and leavers. It was suggested that a review of previous reports might be helpful in identifying any patterns or trends. 

It was suggested that managers be reminded that the Audit Committee regularly reviewed audit reports in relation to their service area.  It was also suggested that a report be presented to the Authority’s Senior Leadership Team which provided a picture of the frequency at which the same issues occurred following audit investigations.       

The Chief Internal Auditor advised members that future reports would be amended to highlight where action had been taken.

Resolved that (1) the opinion of the Chief Internal Auditor, that the framework of governance, risk management and control was satisfactory overall, be noted; and

(2) The key findings, good practice identified and the management action taken in response to  ...  view the full minutes text for item AC8/19

The Committee will be requested to pass the following resolution:

Resolved that under Section 100A (4) of the Local Government Act 1972 (as amended) and having applied a public interest test as defined in Part 2 of Schedule 12A of the Act, the press and public be excluded from the meeting for the following item of business on the grounds that it involves the likely disclosure of exempt information as defined in Paragraph 3 of Part 1 of Schedule 12A to the Act.

Resolved that under Section 100A (4) of the Local Government Act 1972 (as amended) and having applied a public interest test as defined in Part 2 of Schedule 12A of the Act, the press and public be excluded from the meeting for the following item of business on the grounds that it involves the likely disclosure of exempt information as defined in Paragraph 3 of Part 1 of Schedule 12A to the Act.

To consider a report which sets out the corporate risk which have been identified for monitoring and management by the Authority’s Senior Leadership Team

Consideration was given to a report which outlined the corporate risks that had been identified for monitoring and management by the Council’s Senior Leadership Team, as of 17 April 2019. The report provided detailed information on each of the corporate risks including the cause of the risk, the consequences if the risk were to materialise, the existing and new controls in place to address the risks and an assessment of their likelihood and potential impact.

Resolved that the report be noted