Agenda and minutes

Audit and Risk Management Committee - Thursday, 11th January, 2018 7.30 pm

Venue: Conference Room, Civic Centre, Silver Street, Enfield, EN1 3XA. View directions

Contact: Metin Halil 

No. Item




Councillor Maguire (Chair) welcomed everyone to the meeting.

Councillor Maguire also welcomed new members of the Audit & Risk Management Committee, Councillor Ertan Hurer and Peter Nwosu (Independent Person).


Apologies for absence were received from Councillors Doris Jiagge, Toby Simon, Ian Davis (Chief Exexcutive), Jeremy Chambers (Director of Law & Governance), Bindi Nagra (Director of Adult Social Care), Doug Wilson (Head – Strategy & Service Development), Madeleine Forster (Interim AD of Council Housing and Regulatory Services) and David Eagles (BDO).


There was a private meeting between Members and BDO (External Audit), before the start of the scheduled Committee meeting at 06:45pm in Room 6.





Members of the Committee are invited to identify any disclosable pecuniary, other pecuniary or non - pecuniary interests relevant to items on the agenda.


There were no declarations of interest.



To note the recommendation to Full Council that Mr Peter Nwosu will be the Audit & Risk Management Committee Independent Person.



The Chair welcomed Mr Peter Nwosu to the meeting as the Audit Committee Independent Person.

The Committee will be recommending the appointment of Mr Peter Nwosu at Full Council.



BDO - CERTIFICATION REPORT - 07:35 - 07:45 pdf icon PDF 3 MB

To receive from BDO (external auditors) the Certification Report.





RECEIVED from BDO (External Auditors) the external audit Certification Work Report 2016/17 to 31 March 2017, relating to details of grant claims and returns, Action Plan and fees.




1.    This was BDO’s annual report to the Committee about the outcomes of their Certification work.

2.    As detailed at page 5 of the report, the report outlines the findings on the work of the Housing Benefit subsidy claim. One major finding from this work is detailed in the last paragraph on the left hand column on page 5 of the report. This was a human error that occurred by the benefits team. The team had not applied the correct cut-off date to the claim that they had prepared. The team had included a week’s worth of benefits that should have been purported in the 2017/18 period and will be. The £1.3m amendment was made to the claim in respect of this. That money would come back to the Council as part of the 2017/18 budget and was not lost.

3.    Findings of BDO’s further detailed elements of their work, is outlined on page 6 of the report. They had found a number of small areas where the processing staff had made mistakes with information that had been input into the benefits system. The system was correctly set up using all the correct software requirements to process the cases. Conclusions of this work are outlined in the right hand column on page 6 of the report. These were the key findings from the benefits work which was done and completed in line with the DWP deadline.

4.    The second piece of work BDO undertook is detailed at page 7 of the report – ‘Pooling of Housing Capital Receipts’, where the Government takes a cut of council sold assets (housing) receipts that the Council had received. DCLG (Department of Communities & Local Government) asked BDO to look at the Council’s correct recording of sales relating to council houses and to report accurately to them about when they are to receive their share of those receipts.

BDO had also identified one error in respect of this particular reserve that fed into the value that had to be reported. The figure of £1.6m should have been input but actually £600k was included by the team.

5.    The final piece of work carried out by BDO related to the GLA Procedural Compliance, as detailed at page 7 of the report. This is where the Council has bid for and successfully received funding from the Mayor’s Housing Covenant (scheme regarding homes for Londoners), as detailed at page 7 of the report. BDO had now been through this and there were 2 exceptions that they were required to report to the GLA. No action was taken by the GLA and these exceptions are detailed by 2 bullet points at page 7 of the report.

6.    The following statements, questions and responses raised in response to the report:

a.    James Rolfe, in response to the reported overpayments (page 6  ...  view the full minutes text for item 430.


BDO - PROGRESS REPORT - 07:45 - 07:55 pdf icon PDF 82 KB

To receive from BDO (external auditors) a progress report on the external audit to 31 December 2017.




RECEIVED from BDO (external auditors) the Audit Progress Report to 31 December 2017.


1.    This was the progress report of the audit for 2016/17.

2.    As detailed at page 16 of the report, there is an outstanding item against the Whole of Government (WGA) work. The work had been completed and was awaiting David Eagles (BDO) to sign it off either way.

3.    In respect of the Audit Certificate (as detailed at page 18 of the report), there are still ongoing objections work that needs to be resolved before BDO can issue their Audit Certificate.

4.    BDO are currently working on the 2017/18 Statement of Accounts and the Pension Fund Accounts. They had made an early start on these so that the faster close deadline requirements can be met. These are the end of July 2018 for the Audit and the end of May 2018 for the finance team.

5.    This year’s audit had been re-engineered so that BDO are auditing in 2 batches. The finance team had given reports and information up to the end of November 2017 which equates to the 1st 8 months of the financial year. These are being audited now over the next few weeks. BDO would then come back and do the last 4 months to the financial year end, in time to achieve the July 2018 deadline.

6.    The following questions and responses raised in response to the report:

a.    BDO would be aiming hard to try and complete the objections to the 2016/17 accounts and to close these down by end of January 2018. The objections were being investigated at present.

b.    The Chair asked about the earlier completion date for the 2017/18 accounts and if BDO were confident that they would reach the July 2018 deadline. Andrew Barnes (BDO) clarified that they were engaging with finance officers in a different way and that they would be doing their very best to achieve the earlier close down date. BDO have had a head start and 2/3 of the work had already been completed and are in a stronger position. James Rolfe further clarified that the project management activity had already been started and officers are engaging with BDO, commissioning valuations and monitoring deadlines and timescales.

c.    The Chair questioned what had happened with the valuations information for the 2016/17 accounts and that the valuations contract had been sub-contracted out. Was there anything the Council could do about that and was there now more control as regards sub-contracting. James Rolfe clarified that officers are working closely with the valuer’s, as it has been sub-contracted again, due to different types of property valuations. Officers are seeing valuer’s, partners and senior partners on a regular basis to make sure they are fully aware of the need to receive valuations information on time.

The valuations were about receiving them in on time including the supporting information. The contract is sub-contracted because of lack of expertise with some of the valuations.

d.    Councillor  ...  view the full minutes text for item 431.



To receive a report from the Executive Director of Finance, Resources & Customer Services providing a report on the Information Governance Board Annual Performance 2017/18 and Update on the GDPR.

(Report No.132)






Additional documents:


RECEIVED the report of the Executive Director of Finance, Resources & Customer Services providing  updates on the work of the Information Governance Board (IGB), changes to data protection rights and obligations introduced by the General Data Protection Regulation (GDPR), the NHS digital audit, the internal review of the National Audit Office Guidance regarding Cyber and Information Security Risk Guidance and any Data Protection breaches or ICO referrals for 2017/18.




1.    Jayne Middleton-Albooye (Head of Legal Services) presented the report as the Chair of the Information Governance Board.

2.    This update report to the Committee concerns the changes that are to be bought in by the General Data Protection Regulations (GDPR) which is coming in on 25 May 2019. The changes are detailed at paragraph 3 (pages 2-4) of the report.

3.    The work of the Information Governance Board (IGB) is detailed at pages 4-5 of the report, which highlights the preparation work for the GDPR and the work that they have done for an audit by NHS Digital at the end of November 2017.

4.    Data Protection breaches and FOIA referrals are detailed at page 5 of the report.

5.    The National Audit Office guidance is detailed at pages 5-6, which had been requested by the Audit & Risk Management Committee.

6.    The IGB meets monthly and the new membership had met 4 times. There are sub-working groups and an implementation working group. Attached at Appendix 1 (pages 9-12) of the report is an implementation plan which Steve Durbin (IT Capital Programme & Security Consultant) could answer any questions on.

7.    The Board had already approved and reviewed all the policies the Council need to have in place to be GDPR compliant. The Board had also looked at the privacy statement and also had approved that.

8.    The NHS Digital Audit, detailed at page 5 of the report, took place at the end of November 2017. The draft report of the audit was still in progress and Jayne Middleton-Albooye intends to bring the report to a later Committee meeting to provide details of the Audit.

ACTION – Jayne Middleton-Albooye (Head – Legal Services)

9.    The NAO guidelines were issued very recently and are an attempt to provide a view on high level cyber security from an audit perspective. These were reviewed in the light of what the team are currently doing and they tried to give a readiness assessment of them. There was a couple of amber ratings in areas the team already knew about. The audit reports on most of those amber areas and most things were in the green. The Council are well covered on mostly everything and there was nothing new in them or surprising. It was nice to have a consistent set of guidelines the team could follow going forward.

10. The following comments and questions made in response to the report:

a.    The guidelines also suggested that if the Council would still be dealing with the European Union, in light of Brexit, then they would still be  ...  view the full minutes text for item 432.



To receive the report of the Executive Director of Finance, Resources & Customer Services providing a Risk registers update for Children’s Services, HHASC, Regeneration & Environment.

(Report No.130)



RECEIVED the report of the Director of Finance, Resources & Customer Services presenting registers for the Service Delivery operating areas (Health, Housing & Adult Social Care, Children’s Services and Regeneration & Environment Departments).




1.    Officers from relevant service areas were in attendance to address any questions about their registers.

2.    The paper provides the register for the Council Services operating areas that cover 3 departments which include HHASC, Children’s Services and Regeneration & Environment.

3.    The Chair asked relevant service officers to go through each of their respective risks and to explain how they are being managed.

4.    Tony Theodoulou (Executive Director of Children’s Services) clarified the following:

a.    CS 1718 -02 Missing Children – A few years ago, the department would identify children going missing from home because they were unhappy about issues going on at home. The department were now seeing young people missing from home in relation to the trafficking of drugs. It had been identified that approximately 30 young people are regularly going missing because they are selling drugs in other parts of the country. As a response to this, the department were putting in additional resources into its missing persons team as have the Police (additional Police Officers), focussing on who is most at risk of being exploited in this was and the department’s response to them. This is an area where the risk rating may increase the next time Tony Theodoulou reviews them.

b.    CS 1718-03 Increased Service demand – This was one area, despite the mitigations in place, continues to be red due to uncontrollable issues. Tony Theodoulou provided an example of this regarding a recent murder in Cheshunt (December 2017), whereby 5 Enfield residents were arrested in connection with the murder. The residents were all 14 or 15 years of age and had been remanded to secure accommodation until their Old Bailey trial date in May 2018. If these young people stay in secure remand between December 2017 and May 2018, that would cost the local authority approximately £0.5m.

c.    CS 1718-04 Changes in policy & associated legislation – There would soon be new duties towards care leavers due to newly passed legislation. This meant that the departments duties towards care leavers would be extended to leavers aged 25 from currently aged 21. The risk is that the department have had no clarification about the new burdens funding, which should come with these new duties. There will also be additional resources required, additional staffing, additional commissioning budgets, etc. The department were still waiting for this. This was an example of how new legislation can impact on this work.

d.    CS 1718-05 Negative Inspection outcomes – From January 2018, OFSTED are introducing a new Inspection Framework. They tend to change the inspection framework every 3 years and the department will be inspected in the next 3 years under this new framework. The department had participated in a pilot inspection in April 2017, which resulted in a positive and re-assuring outcome.

5.    Jon Newton (Head of Service –  ...  view the full minutes text for item 433.


SCRUTINY OF RIPA STATISTICS - 08:30 - 08:45 pdf icon PDF 150 KB

To receive a report from the Executive Director of Finance, Resources & Customer Services providing an update on any recent applications, the recent Inspection by the Office of Surveillance Commissioners and a review of the new version of the Council’s Policy and Procedure Document.


(Report No.131)




Additional documents:


RECEIVED a report from the Executive Director of Finance, Resources and Customer Services requiring the Audit Committee to receive an internal quarterly report from the Monitoring Officer on the use of RIPA within the Council and to note that there have been no applications since the last report.

Including, the Inspection by the Office of Surveillance Commissioners (OSC on the 27th September 2017 and a revised version of the Council’s policy and Procedure Document.


NOTED that


1.    During the monitoring period covered by the report and since the last Audit Committee meeting, there had not been any new RIPA applications.

2.    The report refers to the inspection that took place by the Office of Surveillance Commissioners (OSC) on the 27th September 2017, who are now called the Investigatory powers Commissioners Office (IPCO).

3.    The IPCO spoke to all officers who undertake Covert Surveillance and those who are part of the governance structure. As a result there are a few changes to the policy and procedure document which are very minor.

4.    As detailed at 3.12 (page 17) of the report, the summary of the inspection and the report was generally positive and the IPCO felt that staff had a very good understanding of RIPA procedure and policy. All recommendations from the last inspection had been dealt with. There were only 2 recommendations and these are detailed at 3.12 (page 17) of the report as A & B.

5.    The Committee were asked to approve changes, as detailed at 3.20 – 3.23(page 31) of the report. The policy would not need to go to Council, just on an annual basis, the Committee to review the policy.


AGREED to note that the Office of Surveillance Commissioners has undertaken a periodic inspection of the Council RIPA procedures and the approval of the new version of the Council’s Policy, which has been amended to incorporate the IPCO’s recommendation.





To receive the report of the Executive Director of Finance, Resources & Customer Services providing a report on the Anti-Money Laundering Policy and Guidance.

(Report No.128)



RECEIVED a report from the Director of Finance, Resources & Customer Services (Report No.128) providing an update on the refreshed Anti-Money Laundering Policy and Guidance.




1.    The report was introduced by Christine Webster (Head – Internal Audit & Risk Management).

2.    In June 2017, the European Union’s updating of policies and procedures fourth money laundering directive was implemented via the Money Laundering Regulations 2017. These require some significant changes including updating of policies and procedures and more onerous due diligence procedures for relevant services. In particular, the Council’s trading companies which undertake regulated services, and are obliged to comply with the regulations.

3.    The key changes to the policy are detailed at 3.4 (page 66) of the report. One of the most significant changes is that the Council are required to have a senior person appointed, responsible for compliance with the regulations and it has been agreed James Rolfe will be the compliance officer.

4.    The policy detailed at Appendix A (pages 71-73) of the report outlines the Council’s and its subsidiary companies’ responsibility to comply with the money laundering regulations, and replaces the previous policy that was issued in January 2017.

5.    The guidance detailed at Appendix B (pages 75-79) of the report, provides advice to enable employees, members and contractors to comply with the requirements of the policy. With directions to facilitate reporting of money laundering suspicions. The Monitoring Officer is Chistine Webster.

6.    The following issues raised by Members in response to the report:

a.    In reply to Councillor Dogan’s enquiry about whether staff are regularly trained in relation to money laundering, Christine Webster confirmed that there is a fraud awareness programme and the section have included money laundering as part of that.


AGREED to note the updated anti-money laundering policy and guidance for its implementation.



2017/18 INTERNAL AUDIT SERVICE PROGRESS REPORT - 08:55 - 09:05 pdf icon PDF 453 KB

To receive the report of the Executive Director of Finance, Resources & Customer Services summarising the work that the Internal Audit and Risk Management Service (ARMS) has completed for the period 1 April 2017 to 20 December  2017.

(Report No.129)





RECEIVED the report of the Director of Finance, Resources & Customer Services (No.129) summarising the work of the Internal Audit & Risk Management Service for the period between 1 April and 20 December 2017.




  1. Results of Counter Fraud activity are summarised in Tables 2 & 3 (page 87). For housing recoveries the department were slightly behind target for this time of year. However, temporary accommodation recoveries were above target and have achieved overall 60 out of 100 total recoveries.
  2. In terms of savings, the department were over the total target and details for these are set out at table 3 (page 87) of the report.
  3. The insurance and risk management service has continued to ensure that risk registers are produced and challenged. There was presentation of the service risk registers earlier on in the meeting.
  4. In terms of quality assurance, table 4 (page 88) of the report, summarises how the team are progressing against its own internal targets. The team are on track with all those shown in table 4 except the ‘response from managers on draft reports’. This was skewed by the team issuing draft reports before the summer holidays, at schools mainly. The schools didn’t respond to the team till they returned from the holidays.
  5. The following issues raised in response to the report:

a.    The Chair was still dis-appointed with ‘managers progress with implementing internal audit recommendations’. Overall, 46% of the high priority recommendations and 42% of the medium priority actions had been fully implemented. This was not good enough and the Chair didn’t want the committee to note this in the recommendations, the committee wanted it recorded that they are dis-appointed with managers’ progress on this matter.

b.    Councillor Hurer required clarity on the Council Housing recoveries target figure detailed at table 2 (page 87) of the report. Was the figure of 75, by way of admission, that the team recognise there are more houses to recover but have not been found or is the annual target figure (75) based on a historical figure and the achieved figure (32) was all the team had found. Christine Webster clarified that the team assume that there are still houses that need to be recovered. The team had achieved 75 recoveries in the past and that is why the figure of 75 had been set. The team had also suffered in through the year as they had not had a full complement of investigators.

The team also relied on the neighbourhood’s team to refer to them. The team did not receive these early on in the year, partly because they were focussing on their reaction after the Grenfell disaster.

c.    Peter Nwosu (Independent Member) asked what the process was for following up on the actions for managers to implement internal audit recommendations.

  1. The Chair thanked Christine Webster for her report.


AGREED to note the progress made in delivering the Audit and Risk Management Service’s 2017/18 work plan and the outcomes achieved and to note managers’ progress with the implementation of  ...  view the full minutes text for item 436.


MINUTES pdf icon PDF 204 KB

Audit & Risk Management Committee


a.         To receive and agree the minutes of the Audit Committee meeting held on Thursday 28 September 2017, as a correct record.



b.         To note the update on actions identified at the last meeting.



Additional documents:


NOTED the progress update on actions identified at previous meetings.


AGREED that the minutes of the Audit & Risk Management Committee held on Wednesday 1 November 2017 be approved and signed as a correct record.







The Committee is asked to agree the Work Programme put forward for the 2017/18 municipal year along with the timetabling of each issue on the Work Programme.



RECEIVED and noted the Committee’s updated work programme for 2017-18.




To Note the dates of future meetings:


Thursday 11 January 2018 – 07:30pm

Wednesday 7 March 2018



(All meetings to commence at 7.00pm unless otherwise agreed.)



NOTED the dates of future meetings:


Wednesday 7 March 2018



(All meetings to commence at 7.00pm unless otherwise agreed.)