Issue - meetings

RISK REGISTERS UPDATE - FRCS, CHIEF EXECUTIVE, STRATEGIC RISKS

Meeting: 18/10/2018 - Audit and Risk Management Committee (Item 815)

815 INTERNAL AUDIT PROGRESS REPORT 2018/19 - 19:20 - 19:40 pdf icon PDF 335 KB

To receive a report from the Director of Finance presenting the Internal Audit Progress Report for 2018/19.

(Report No.97)

 

 

 

 

Minutes:

RECEIVED the report of the Director of Finance presenting the 2018/19 Audit & Risk Management Service progress report.

 

NOTED

 

1.    The Chair welcomed Gemma Young (Head of Internal Audit & Risk Management) to the meeting. Gemma Young is the Head of Audit & Risk Management at Waltham Forest Council and she had been asked to also become the head at Enfield Council.

2.    Gemma Young had also been asked to progress a shared service aswell and would report back to the committee as that progressed.

3.    As detailed at 3.5 (page 2) of the report, the service progress update to 30 September 2018 highlighted the following:

a.    6% of assignments were complete.

b.    18% of fieldwork in progress.

c.    34% Planning stage.

d.    12% of draft reports issued.

e.    30% had yet to be started.

            Annex1 (pages 9-10) provided more detail on the audit progress.

4.    In terms of changes to the 2018/19 internal audit plan, as detailed at 3.6 (page 3) and Annex 2 (pages 11-12) of the report. Since approved by the committee in March 2018, 19 assignments had been added and 5 deferred/cancelled.

5.    In terms of managers’ progress with implementing internal audit actions, as detailed from 3.8 (page 3) of the report and Chart 2 (page 4) of the report. The team had followed up 129 actions, 38 relating to high risks, and 91 medium rated risks. Overall, 63% of the high priority recommendations have been fully implemented with 29% of the medium risks fully implemented. These would be followed up until all implemented. Annex 3 (page 13) of the report provided more detail.

6.    In terms of Counter Fraud achievements, there is an annual target to recover 60 council properties and have recovered 42 so far to the end of September 2018. Temporary accommodation recoveries annual target is 40 and the team had recovered 16 to date. Savings made to 30 September 2018 have been £1.56m with the annual target being £2m.

7.    As detailed at Table 4 (page 5) of the report, Internal Audit Quality Assurance measures.

8.    The following questions raised in response to the progress report:

a.    At present the proposed shared service centre was an idea. It’s a plan to join up the 2 boroughs, sharing audit fraud teams and possibly a risk management service. In terms of audit and fraud, it would be beneficial to share best practise and a pool of staff. Other heads of shared services will be consulted for their views and benefits of a shared service. Gemma Young will be putting a business case together.

b.    Peter Nwosu questioned the changes to the 2018/19 internal audit plan as regards the addition of 19 assignments and how that would impact on the team’s progress bearing in mind that only 6% of assignments are at final report stage to date. Gemma Young clarified that although only 6% of assignments are at final report stage, this wasn’t unusual for this time of the year. As the team have a good relationship with  ...  view the full minutes text for item 815


Meeting: 26/07/2018 - Audit and Risk Management Committee (Item 686)

686 SERVICE DELIVERY RISK REGISTERS UPDATE - PEOPLE AND PLACE - 20:05 - 20:20 pdf icon PDF 250 KB

To receive a report from the Executive Director Resources providing a Service Delivery Risk Registers update.

(Report No.52)

(TO FOLLOW)

 

 

 

Minutes:

RECEIVED the report of the Executive Director of Resources presenting registers for the Service Delivery operating areas of People and Place Departments.

 

NOTED

 

1.    Officers from relevant service areas were in attendance to address any questions about their registers. These are Tony Theodoulou (Executive Director of People), Bindi Nagra (Director of Health and Adult Social Care) and Jayne Paterson (Regeneration & Environment).

2.    The paper provides the register for the Council Services operating areas that cover People and Place.

3.    The Register contains 21 risks as summarised in the table at pages 2-3 (Para 3.6) of the 1st To Follow Agenda. One of the risks is assessed as green, two of the risks are assessed as red and the rest are all amber.

4.    The Service Delivery Risk register is provided in Appendix 1 (page 6 onwards) of the report.

5.    Tony Theodoulou talked about the red risk within Children’s Services (PEO1819-03 – Increased Service Demand) as detailed at page 7 of the 1st to follow agenda. This was about managing increasing demand within the available budget and that is the primary risk. This was born out at the last financial year’s budget out-turn where there had been an overspend of £2.2m. It was difficult to see how that would be reduced. This risk continues to be a financial pressure despite scaling activity back to what is considered to be a safe statutory minimum. Demand is increasing in many areas and the department are struggling to meet statutory deadlines within the budget envelope.

6.    Bindi Nagra talked about the red risk within Adult Social Care (PEO1819-10 – Market Stability and Sustainability) as detailed at page 9 of the 1st to follow agenda. This risk highlights the potential challenges to the care hierarchy relating to both residential and nursing home care providers.

Enfield has 100 care homes, 14 are nursing homes and the rest are residential care homes. The council has purchased about a third of those beds and the rest of the beds have been purchased by self- funders and the Clinical Commissioning Group’s (CCQ). The council have some responsibility for the market under the Care Act.

In terms of the cost of care, the council are the lowest payers for home care and residential nursing home care. The council buys both in terms of residential, nursing and home care.

The council believes that that there is potential always for their to be an issue with any of the care providers in terms of their stability i.e. driven by their finances, by equality issues or Care Quality Commission (CQC) safeguarding issues with the suspension of placements.

Within Enfield there are 2 Four Seasons care homes which the CQC have flagged up as appears to be in financial trouble. The council has virtually purchased all the beds in both of these care homes. If either of these homes fails in some way there would be a massive impact on the council as the department would not be able to  ...  view the full minutes text for item 686


Meeting: 20/06/2018 - Audit and Risk Management Committee (Item 601)

601 RISK REGISTERS UPDATE - SERVICE ENABLING RISKS - 20:00 - 20:15 pdf icon PDF 515 KB

To receive a report from the Executive Director Resources providing a Risk Registers update.

(Report No.08)

Minutes:

RECEIVED the report of the Executive Director Resources presenting risk registers for the Service Enabling operating areas (Chief Executive’s and Resources Departments).

 

NOTED

 

1.    The risk management team are responsible for collating risk registers for the Council’s departments.

2.    The report presents risk registers for the service enabling operating area that covers the Chief Executive’s department and Resources department.  There were no risks with assessment high enough to be included on the strategic risk register.

3.    The service enabling risk register consists of 9 identified risks. None of them are high but there are 6 in the amber band and 3 in the green band.

4.    Present at this meeting are Jeremy Chambers (Chief Executive’s Department and James Rolfe (Executive Director Resources) to take any questions from the risk registers detailed in appendix 1 (from page 135 onwards).

5.     The following questions raised in response to the risk registers:

a.    Regarding the Information Security risk, councillor Laban asked if the council’s systems came under attack like the NHS did recently, what is our mechanism of back up and how did we deal with that. James Rolfe advised that it was difficult to say that every possibility was covered. If Central Government could not fully protect themselves against hackers then local authorities do not have those capabilities.

The council have in place a whole series of back up’s. The first layer of defence is the very best possible security the council could afford. This included keeping all of the council’s business systems up to date, good staff practise, good IT practise and a whole range of information governance controls that are outside of the IT environment.

The second line of defence covers data in the Cloud with Microsoft. Microsoft data centres are currently the most secure services provided. Central government use microsoft  Cloud, and their data is far more sensitive than a local authority. There are also a whole series of back up procedures and a number of IT security staff, who monitor this on an on-going basis.

The NHS had been hacked a year ago with some NHS trusts brought down and at the same time Lincolnshire County Council was frozen up aswell. Both of these hackers had also tried to get into the Council’s systems but were kept out. That is good assurance that the Council’s IT systems are as strong as they can be.

b.    Councillor Savva was given advice regarding the procedure for accessing his Council e-mails from his personal home PC.

c.    Councillor Leaver asked how officers benchmark risks, how it compares with other London Boroughs’. Christine Webster advised that an audit was undertaken by PwC last year on risk management. As part of that audit they checked that the Council’s assessment of risks was comparable with the way other councils’ do. and that the mechanism is comparable to what is used in other Councils’. James Rolfe further advised that every 2-3 years some detailed forensic accounting is done on the Councils’ financial systems  ...  view the full minutes text for item 601


Meeting: 28/09/2017 - Audit and Risk Management Committee (Item 259)

259 SERVICE DELIVERY RISK REGISTERS UPDATE - CHILDRENS SERVICES, HHASC AND REGENERATION AND ENVIRONMENT - 19:45 - 20:00 pdf icon PDF 268 KB

To receive a report from the Executive Director of Finance, Resources and Customer Services providing a Risk Registers update.

(Report No.60)

 

 

 

Additional documents:

Minutes:

RECEIVED the report of the Director of Finance, Resources & Customer Services presenting registers for the Service Delivery operating areas (Health, Housing & Adult Social Care, Children’s Services and Regeneration & Environment Departments).

 

NOTED

 

1.    Officers from relevant service areas were in attendance to address any questions about their registers.

2.    The paper provides the register for the Council Services operating areas that cover 3 departments which include HHASC, Children’s Services and Regeneration & Environment.

3.    The Register contains 22 risks as summarised in the table at pages 2-3 (Para 3.5) of the report. Since the last report on the Service Delivery risks, there have been 7 risks removed from the register and these are highlighted in grey in the 2nd table at para 3.5 of the report.

4.    The Service Delivery Risk register is provided in Appendix 1 (pages 7-11) of the report.

5.     The following questions raised in response to the risk registers:

a.    The Chair referred to the red risk (appendix 1) relating to Children’s Services (CS 003 – Increased Service demand). Clarification by Tony Theodoulou (Executive Director – Children’s Services) that this was an inherent risk. The risk assessment hadn’t been changed since the last time he had reported to this committee. Because the risk still remained and is compounded by the reducing budgets and service reductions that the department has made. This was being done as carefully as possible so as to mitigate risks.

However, there is no doubt that with a growing population, growing levels of poverty, changes to legislation such as Universal Credit, the introduction of the homelessness reduction act, there will be further demands for Children’s Services at a time of diminishing resources.

b.    The Chair noted that this risk was being kept under review and looked at every 2 months. Tony Theodoulou, clarified that as detailed in the budget monitor, this was an unavoidable pressure.

c.    Councillor Savva wanted to know what officers were most concerned with, in view of the financial cut backs. Doug Wilson (Head of Strategy & Service Development, HHASC) clarified that the picture for adult social care was very similar to that of Children’s Services, in terms of increasing numbers of people. The population is growing substantially and the department were seeing those numbers translated into people who access hospital services. This was a cost and demographic pressure.

d.    Bindi Nagra (Assistant Director – Strategy & Resources) further highlighted areas of concern regarding adult social care:

·         The market for care is very challenged although the Council has one of the largest number of residential care homes in London. Other local authorities are placing patients in Enfield at a fast rate, pushing up prices the Council has to pay, by using its capacity.

·         An underlying demographic pressure that all departments are experiencing across the Council.

·         Pressure from the NHS, which is constant throughout the year. Enfield has 2 hospital trusts operating in its patch, North Middlesex and Chase Farm. The pace at which the NHS wants Enfield to dis-charge people, not only increased  ...  view the full minutes text for item 259


Meeting: 05/07/2017 - Audit and Risk Management Committee (Item 40)

40 RISK REGISTERS UPDATE - FRCS, CHIEF EXECUTIVE, STRATEGIC RISKS - 19:35 - 19:50 pdf icon PDF 415 KB

To receive a report from the Executive Director of Finance, Resources and Customer Services providing a Risk Registers update.

(Report No.34)

 

Additional documents:

Minutes:

RECEIVED the report of the Director of Finance, Resources & Customer Services presenting registers for the Service Enabling (Chief Executive’s and Finance , Resources & Customer Services Departments) and Strategic risks.

 

NOTED

 

1.    The need to represent the risk registers for the service enabling operating area that covers the Chief Executive’s department and Finance, Resources & Customer Services and also includes the strategic risks.

2.    At para 3.5 (page 114) of the report, there was an error which should read ‘The Service Enabling risk register’. The service enabling risk register consists of 9 risks and the only changes since the last time these registers were presented is that one of the risks has been considered to be sufficiently managed and has been removed from the register.

3.    The Strategic Risk Register includes 11 risks, the majority of which has escalated from various operating risk registers. Vivian Uzoechi (Insurance & Risk manager)  highlighted the risks on the strategic risk register, 4 of the risks related  to the Corporate Landlord (page 127 of the ‘To Follow Agenda’) :

·         Physical action & monitoring

·         Awareness of current and future legislation

With 2 risks from the service delivery area.

4.    Risks from the service delivery area for Children’s Services and Housing, Health and Adult Social Care will be presented in detail at the 28 September 2017 meeting.

5.    Present at this meeting are Alison Trew (Chief Executive’s Department and James Rolfe (Executive Director – Finance, Resources & Customer Services) to take any questions from the risk registers detailed in appendix 1 ( pages 122-124 of the ‘To Follow Agenda’)

6.     The following questions raised in response to the risk registers:

a.    The Chair referred to the red risk (appendix 1) relating to Information Security (FRCS1617-7) and that it was assessed as green originally. Why did it need an audit to change the rating so dramatically to red and what had changed. Christine Webster (Head – Internal Audit & Risk Management) clarified that when the audit was done, a number of issues had been identified that needed improvement. This was about tying up the management understanding of the arrangements to what was found in the audit. This was the reason why the rating was moved to red. In the interim period there was also the cyber-attack on the NHS which also highlighted cyber security at the council, although that risk was well managed by the Council.

b.    Councillor Milne’s concern that there is a real risk that a risk assessment wasn’t carried out properly. Vivian Uzoechi’s response that with regard to risk assessments, you have to keep looking at the risk as things develop. Today it may say green because we know that nothing from the service environment has changed. However, the next day something changes and we immediately shift the rating.  This doesn’t mean the risk wasn’t assessed properly and is quite encouraging that the team are looking at the risk in respect of what is happening around us.

c.    Councillor Savva request if there would be an investigation into properties  ...  view the full minutes text for item 40