Agenda and minutes

Audit and Risk Management Committee
Tuesday, 1st November, 2016 7.00 pm

Venue: Conference Room, Civic Centre, Silver Street, Enfield, EN1 3XA. View directions

Contact: Metin Halil 

Items
No. Item

212.

WELCOME AND APOLOGIES FOR ABSENCE - 19:00 - 19:05

Minutes:

Councillor Maguire (Chair) welcomed everyone to the meeting.

 

Apologies for absence were received from Chaitali Roy (Independent Member) and David Eagles (BDO).

 

There was a private meeting between Members and BDO (External Audit), before the start of the scheduled Committee meeting.

 

The Chair said that at the start of each Audit & Risk Management Committee meeting there would be a 15 minute private meeting with the External Auditors (BDO) from 19:00pm to 19:15pm.

 

213.

DECLARATION OF INTEREST - 19:05 - 19:10

Members of the Committee are invited to identify any disclosable pecuniary, other pecuniary or non - pecuniary interests relevant to items on the agenda.

Minutes:

There were no declarations of interest.

214.

BDO - ANNUAL AUDIT LETTER 2015/16 - 19:10 - 19:25 pdf icon PDF 564 KB

To receive from BDO (external auditors) the Annual Audit Letter summarising the key issues arising from the work carried out by BDO during the 2015/16 audit.

 

Minutes:

RECEIVED from BDO (external auditors) the Annual Audit Letter 2014/15.

 

 

NOTED

 

1.            The report was introduced by Andrew Barnes (BDO), highlighting the following:

 

a.    The Audit Letter summarised the key findings arising from the work that BDO have carried out in respect of the financial year ended 2015/16. The report was a user friendly version, presented at the last committee meeting, showing the results of BDO’s audit. The report was in a revised format so as to make it more accessible to the public.

b.    There was one new issue, which had arisen since the completion of BDO’s audit work, detailed on page 8 of the report referring to the whole of government accounts. The finance team had to produce a different formatted version of the 2015/16 Statement of Accounts to submit to central government for consolidation into the overall national government set of accounts. BDO had completed audit work on this issue by 21 October 2016 and had submitted this work to the National Audit Office so they could carry out audit work on the whole of government accounts.

BDO were able to give clear opinion that the data collection sources produced by the finance team was consistent with the financial statements.

c.    Following amendments to the Data Collection Tool (DCT) BDO concluded that the DCT was consistent with the audited statutory accounts. The only issue was that there were two counter party transaction balances that the Council had not fully analysed against the counter party identifiers in the DCT.

d.    The Chair asked if BDO were unable to provide a certificate of closure until the objections to the accounts have been resolved? Andrew Barnes clarified that more information had now been received from the Council and David Eagles (BDO) was now working through those and BDO would have a decision on this by the next Audit & Risk Management Committee in January 2017.

 

2.    The Chair thanked Andrew Barnes for his report.

 

 

AGREED that the Annual Audit Letter 2015/16 be noted and approved.

 

215.

2016/17 AUDIT & RISK MANAGEMENT SERVICE PROGRESS REPORT - 19:25 - 19:40 pdf icon PDF 612 KB

To receive the report of the Director of Finance, Resources & Customer Services summarising the work that the Internal Audit and Risk Management Service (ARMS) has completed for the period 1 April 2016 to 31 October  2016.

(Report No.126)

 

 

 

Minutes:

RECEIVED the report of the Director of Finance, Resources & Customer Services (No.126) summarising the work of the Internal Audit & Risk Management Service for the period between 1 April and 17 October 2016.

 

NOTED

 

  1. During the review period, the Internal Audit Team had commenced 42 reviews (60% of the current plan), of which 5 (7%) had been completed. Since the Committee approved the plan on 3 March 2016, Internal Audit had changed the plan and added 8 further audits and 9 had been cancelled. Details of this can be found at appendix 2 (page 12 & 13) of the report.
  2. One completed audit had resulted in limited assurance for Russet House School, who had 2 high risk findings, as detailed at 3.6 (page 3) of the report, relating to their purchase process and their use of commercial cards. Both of which would result in the perpetration of fraud if controls are not managed.
  3. With managers’ progress in implementing recommendations, the overall summary is that 36% of high priority recommendations had been fully implemented. By the time of writing this report, that had now increased to 41%. 55% of medium priority recommendations had been fully implemented now improved to 57%. These results (chart 1) are shown by department on page 4 of the report. The green bands represent the percentage of recommendations that have been fully implemented in each of the departments.
  4. At the committee meeting held on 29 September 2016, there was a request for representatives from departments to be invited to subsequent committee meetings to provide progress updates on the implementation of high priority risk recommendations that have been progressed but not yet fully implemented by the target date. At the same meeting, members agreed to invite Directors to attend a meeting to answer questions about their risk registers. The team have now produced a timetable for them to attend for risk registers, as detailed at table 2 (page 4) of the report. Christine Webster (Head – Internal Audit & Risk Management) proposed that officers from the same departments attend at the same time to answer any questions.
  5. The Counter Fraud Team’s work is summarised in Table 2 (page 5) of the report. The team had recovered 20 Council Houses and 1 temporary accommodation property. Savings from frauds prevented amounted to £572k against a target of £950k. As detailed at 3.12 (page 5) of the report, the recoveries and savings are estimated at £942.5k (by 30 September 2016) which already exceeds the total annual cost for the service of £448.2k.
  6. The Insurance and Risk Management Service has also continued to actively engage with Directors. Vivian Uzoechi (Insurance & Risk Manager) would be presenting the next report about work the service is doing.
  7. Table 3 (page 6) of the report highlights the achievements of the Internal Audit team against targets for 2016/17 to 17 October 2016.
  8. The following issues raised in response to the report:

a.    The Chair re-iterated her concerns about the low implementation of management recommendations and asked if anything further could  ...  view the full minutes text for item 215.

216.

CORPORATE RISK MANAGEMENT STRATEGY - 19:40 - 19:55 pdf icon PDF 552 KB

To receive the report of the Director of Finance, Resources & Customer Services providing a summary of the Council’s Corporate Risk Management Strategy.

(Report No.127)

 

 

 

Minutes:

RECEIVED the report of the Director of Finance, Resources & Customer Services (No.127) presenting a refreshed Corporate Risk Management Strategy for the Council.

 

NOTED

 

1.    The strategy was last approved in October 2015 and a review of the report and changes to it are detailed at 3.3 (page 16) of the report in the form of a table.

2.    The changes include the following:

·         The change of name from Departmental Risk Registers to Operational Risk Registers.

·         The name change of Audit committee to the Audit & Risk Management Committee.

·         Reviewing and reporting frequency, as detailed within the table at 3.3 (page 16) of the report.

3.    The refreshed strategy is detailed at Appendix 1 (pages 19-36) of the report.

4.    The Chair clarified that this was a straight forward report, the changes had already been agreed and now refreshed into the strategy.

5.    The Chair thanked Vivian Uzoechi (Insurance Risk Manager) for her report.

 

AGREED to note the refreshed Corporate Risk Management Strategy.

 

 

217.

BDO PROGRESS REPORT - 24 October 2016 - 19:55 - 20:10 pdf icon PDF 79 KB

To receive from BDO (external auditors) a progress report on the external audit to 24 October 2016.

 

Minutes:

RECEIVED from BDO (external auditors) the Audit Progress Report to 24 October 2016.

 

1.    This report highlighted where BDO were in the Audit Cycle.

2.    In order to track progress, BDO have greyed out items (within the report) to show where work has been completed and previously reported to Committee. The items remaining in white are items which are still being worked on, as detailed at page 5 of the report:

·         The Housing Benefit subsidy claim is ongoing and BDO were confident to complete this work by the end of the month.

·         The Audit Certificate is to be left open pending completion of work on the objections to the 2015/16 Accounts.

3.    Once the Housing Benefit work is finished, BDO would bring a report to the next Audit & Risk Management Committee with the outcomes from that. This work would also be included in the BDO Grants Report, the deadline of which is the end of February 2017, but will be bought to the 12 January 2017 meeting.

4.    The Chair thanked Andrew Barnes (BDO) for his report.

 

AGREED to note the progress report on the external audit to 24 October 2016. 

 

 

218.

2016/17 INFORMATION GOVERNANCE MID - YEAR REVIEW UPDATE - 20:10 - 20:25 pdf icon PDF 378 KB

To receive a report from the Director of Finance, Resources & Customer Services providing a mid – year review update on the Council’s progress in implementing its Information Governance Work Programme 2016/17.

 

Minutes:

RECEIVED the report of the Director of Finance, Resources & Customer Services providing a mid-year review update on the Council’s progress in implementing its Information Governance Work Programme 2016/17

 

NOTED

 

1.    The report was presented by Rocco Labellarte (Assistant Director – ICT) highlighting the following:

a.    The briefing note provided an update to the Committee on the work of the Information Governance Board, the Council’s performance on Freedom of Information Act and Data Protection Act requests, security incidents and complaints that have been referred to the Information Commissioners Office (ICO).

b.    The report sets out the priorities of the Information Governance Board (IGB) and the actions that have been taken and the Information Governance risks facing the authority.

c.    Details of the update are presented at pages 7-16 of the report.

2.    The following issues raised in response to the report:

a.    There had been a text error at 2.1.2 (page 7) of the report and the second line should read - July 2016.

b.    In terms of ICO complaints, based on the previous 5 Council’s Rocco Labellarte has worked with, it was not unusual for Councils to receive 12 complaints per half year. Very few of these are upheld. Issues would arise where there has been a data breach, particularly in Adults and Children’s Services. More often it’s about people leaving papers on trains which leads to action from the ICO. Overall, there had been 5 complaints to the ICO, 3 were concerned with SAR’s where the Council struggled to deliver these within 40 days, leaving 2 complaints regarding FOI’s which is very low for a Council.

c.    The IGB were working closely with Central Government and the Foreign Office to identify where the threats are as regards cyber security.

d.    Councillor Neville sought clarity regarding the actual number of FOI’s received in 2016/17 as detailed at 2.2 of the report.

e.    Councillor Jemal further questioned how subject access requests (SAR) are dealt with to warrant the 40 day deadline. Rocco Labellarte clarified that a SAR request involves an individual wanting to know all information held by the Council on that person. Several systems would have to be searched to access that data correctly. If this process is not done correctly, it can lead to a tribunal. The tribunal would then demand that the Council provide all the SAR information immediately. It could lead to a breach of court if everything is not supplied.

f.     The average cost of answering an individual FOI request was approximately £200 which equates to approximately £150k - £200k per year.

3.    The Chair Thanked Rocco Labellarte for his update report.

 

AGREED that Audit Committee note the progress being made on information governance and the risks facing the authority.

 

 

219.

MANAGING THE SAVINGS - 20:25 - 20:40 pdf icon PDF 189 KB

To receive the report of the Director of Finance, Resources & Customer Services providing a Savings Monitor Update Report.

(Report No.128)

 

 

 

Minutes:

RECEIVED the report of the Director of Finance, Resources & Customer Services (No.128) presenting an overview of the savings monitoring process undertaken in determining the progress in achieving the savings.

 

NOTED

 

1.    The report was presented by Isabel Brittain (Assistant Director – Corporate Finance). At the last Committee meeting, Members had requested a status report of where the Council savings were for 2016/17.

2.    The finance team had spoken to each of the directorates to go through their proposed savings. Approximately £13m worth of savings had been identified across the whole year for each of the service areas.

3.    As detailed at the appendix on page 21 of the report, the team had rag rated each individual element in each directorate. The majority of those savings were deliverable and have been rag rated as green. A few of the savings, detailed at page 21-22 of the report, have been rag rated as amber and red. The application of SFA grant in skills for work service (page 21) is a small saving, rag rated as amber, due to the amount of income coming into that service and that the saving cannot be achieved within Environment and Regeneration.

4.    The remaining red and amber rated savings are detailed on page 22 of the report. The two red categories listed are concerned with the provision of transport across the organisation. One of those is within the Adult Social care sector and the other one is within the Children’s care sector. These are two high pressure areas and is very difficult to achieve savings within these areas.

5.    Many of the pressures in the 2016/17 budget are to do with demographics and the increase in children coming into Enfield, the ability to provide services for them and high need adults. So the high risk areas are those rag rated in red and where the Council are having to provide a service, the cost of that service is increasing and the Council are unable to contain those costs.

6.    The following issues raised in response to the report:

a.    Councillor Neville’s concern in terms of the numbers of children and people who are arriving in the borough with no recourse to public funds. This was being replicated in a number of other London Borough’s. As members, one of the things that should be done was to have a cross party agreement to actually lobby Central government because this was beyond the powers of the Local Authority to do.

b.    Councillor Neville asked what the position about savings earmarked for 2015/16 was and if that was now fully accomplished. Isabel Brittain clarified that mostly that was the case.  The report sets out the savings for 2016/17 and are on the whole achieving that.

c.    Councillors Neville and Savva agreed that there should be a cross party lobbying of Central Government relating to damping. Not all 32 London Boroughs’ are affected and was about getting London Council’s onside by making joint submissions to the relevant Government Departments.

d.  ...  view the full minutes text for item 219.

220.

RIPA UPDATE - 20:40 - 20:50

To receive a report from the Director of Finance, Resources & Customer Services providing a verbal update on the use of RIPA to ensure that it is being used in accordance with the law.

 

Minutes:

RECEIVED a report from the Director of Finance, Resources and Customer Services requiring the Audit Committee to receive an internal quarterly report  from the Monitoring Officer on the use of RIPA within the Council and to note that there have been no applications since the last report.

 

NOTED that

 

·         During the monitoring period covered by the report and since the last Audit Committee meeting, there had not been any new RIPA applications.

 

AGREED to note the requirements under the Audit Committee to receive quarterly reports from the Monitoring Officer on the use of RIPA within the Council and to note that there had been no further applications since the last report for Directed Surveillance and Cover Human Intelligence Source [CHIS].

 

 

221.

MINUTES - 20:50 - 20:55 pdf icon PDF 224 KB

Audit & Risk Management Committee

 

a.         To receive and agree the minutes of the Audit Committee meeting held on Thursday 29 September 2016, as a correct record.

 

b.         To note the update on actions identified at the last meeting.

 

 

Additional documents:

Minutes:

NOTED the progress update on actions identified at previous meetings.

 

AGREED that the minutes of the Audit & Risk Management Committee held on Thursday 29 September 2016 be approved and signed as a correct record.

 

 

222.

AUDIT & RISK MANAGEMENT COMMITTEE WORK PROGRAMME 2016/17 - 20:55 - 21:00 pdf icon PDF 175 KB

The Committee is asked to agree the Work Programme put forward for the 2016/17 municipal year along with the timetabling of each issue on the Work Programme.

 

Minutes:

RECEIVED and noted the Committee’s updated work programme for 2016-17.

 

NOTED

 

1.    An updated version of the Work Programme was e-mailed to Members along with the second ‘to follow’ agenda.

223.

DATES OF FUTURE MEETINGS

To Note the dates of future meetings:

 

Thursday 12 January 2017

Tuesday 7 March 2017

 

 

(All meetings to commence at 7.00pm unless otherwise agreed.)

 

Minutes:

NOTED the dates of future meetings:

 

Thursday 12 January 2017

Tuesday 7 March 2017

 

 

(All meetings to commence at 7.00pm unless otherwise agreed.)

 

NOTED

 

1.    The next meeting of the Audit & Risk Management Committee will be on Thursday 12 January 2016.

2.    Councillor Maguire (Chair) proposed to have a training session 30 minutes before the Committee meeting starts, which Members had agreed to. The Training event will start at 06:30pm – 07:00pm. There would also be a private meeting between Members and BDO (External Audit) at 07:00pm – 07:15pm. The administrator for the committee will be sending out electronic invites to members for both of these private sessions.

ACTION: Metin Halil (Committee Administrator)

3.    This would be Isabel Brittain’s last Committee meeting as she was leaving the Council. The Committee wished to record their thanks to Isabel for all her hard work, helpfulness and support over the years and wished her well for the future.