Agenda and minutes

Audit and Risk Management Committee - Thursday, 12th January, 2017 7.15 pm

Venue: Conference Room, Civic Centre, Silver Street, Enfield, EN1 3XA. View directions

Contact: Metin Halil 

No. Item




Councillor Maguire (Chair) welcomed everyone to the meeting.


Apologies for absence were received from Councillor Doris Jiagge, Chaitali Roy (Independent Member) and David Eagles (BDO).


There was no private meeting between Members and BDO (External Audit), before the start of the scheduled Committee meeting.


There were two private meetings before the start of the scheduled Committee meeting:


·         Briefing regarding actions to enable the earlier closure of the annual accounts presented by Roy Baker ( Assistant Head of Finance).

·         Treasury Management training presented by Cagdas Canbolat ( Finance Manager).





Members of the Committee are invited to identify any disclosable pecuniary, other pecuniary or non - pecuniary interests relevant to items on the agenda.



There were no declarations of interest.




1.    Under this item, the Chair drew Members attention to a report which is going to Full Council, titled ‘Changes to Arrangements for the Appointment of External Auditors’, which had been tabled for Members’ information only.

2.    The report was presented by Christine Webster (Head – Internal Audit & Risk Management):

a.    The Local Audit and Accountability Act 2014 had put an end to the Audit Commission and the regulations associated with that. The Act provides for the appointment, by the Secretary of State, a ‘sector led body’ to be the appointed person for the subsequent appointment of the external auditors. That legislation requires or allows the Council to appoint itself new external auditors for the audit of the yearly accounts from 2018/19 onwards.

b.    Under the legislation, the Council has 3 options and the report presents these 3 options. The regulations require the options to be approved by Full Council with the report going to Council by 25 January 2017.

c.    The three options are as follows:

·         Option 1: Make a stand alone appointment – The Council can appoint its own local Auditor, but in order to do that they would have to set up a panel of Auditors which needs to be composed of Independent Members. The Council would not be able to have a majority of any of their elected Members. There would also be a cost to setting this up, including running and maintaining this set up.

·         Option 2: Set up a Joint Auditor/local joint procurement arrangements - To join with other local authorities and jointly appoint an auditor. This would require local authorities to jointly put together an auditor panel. This would again involve a shared cost and may lead to complications if the preferred auditor  was providing any other services at any of the local authorities due to conflict of interests.

·         Option 3:  Opt in to a sector led body (SLB) – To follow a sector led approach, which has already been appointed by the DCLG. The body is called the Public Sector Audit Appointments Ltd (PSAA) who is the agent with the LGA. They will then take on that role of identifying which auditors are available to be appointed and then to appoint them. James Rolfe (Executive Finance Director) had recommended that the Council should go with the 3rd shared option.

3.    The following issues and comments raised in response to the report:

a.    James Rolfe clarified his rationale for the 3rd option recommendation. The pool of auditors the Council would use as its external auditor, are really the same external auditors which ever procurement route the Council uses to get there. The only real issue is - what is the most efficient way to obtain the Audit services from a creditable Audit body. This would be option 3 and to go with the arrangements the Local Government Association (LGA) are procuring. There would be no other benefits for the Council to  ...  view the full minutes text for item 312.



To receive a report from the Director of Finance, Resources and Customer Services providing a Risk Registers update.

(Report No.188)



Additional documents:


RECEIVED the report of the Executive Director of Finance, Resources & Customer Services (No.188) presenting a summary of registers for strategic risks and the Service Enabling, Customer Gateway & Business Intelligence operating risks (Service Enabling).




1.    The report was introduced by Vivian Uzoechi (Insurance & Risk Manager).

2.    The report presented a summary of registers for strategic risks and the Service Enabling, Customer Gateway & Business Intelligence operating risks (Service Enabling).

3.    The table at 3.6 (page 2) of the report details a summary of the risks and current assessment including a heat map which shows the number of risks that are either green, amber or red.

4.    Appendix 1 (pages 7 – 11) of the report details the summary of the risk registers of the service enabling areas.

5.    Appendix 2 (pages 13 – 15) of the report details the Strategic Risk Register which mainly covers the red risks or high risks that have been escalated from each department.

6.    Paragraph 3.11 (page 3) of the report details a summary of the high level risks of the Strategic Risk Registers. The red risks shown at 3.11 relate to Health, Housing & Adult Social Care and Children’s Services and a detailed report will be coming to the March 2017 Committee meeting.

7.    Representatives from the Chief Executive’s Department (Julie Mimnagh – Head of Human Resources Operations) and James Rolfe (Executive Director – Finance, Resources & Customer Services) were present at the meeting to take any questions from members regarding risks.

8.    The following issues raised in response to the report:

a.    With regards to the Service Enabling Register (page 7 – 11) the ‘current assessment’ heat maps indicate where the risks are by the insertion of a circle. Councillor Neville wanted to ensure that not many circles should appear in the red areas of the register. James Rolfe clarified that the aim was to achieve no circles in red areas, minimise the number of circles in amber areas and the strategic goal would be the green areas. What was important were the actions taken to deal with risks.

b.    Councillor Hayward requested an explanation for the term ‘Power BI’ shown at Appendix 1 (page 10) of the report. James Rolfe clarified that the Council had pooled all of its performance management teams into 2 teams (hubs). One team does data reporting relating to legal requirements surrounding performance data which has to be submitted to Central Government. The other team performs the overall Council wide planning and performance management.

Across the council there is a range of business systems that produce performance management reports and will remain due to the needs of that particular service i.e. housing benefit system to administer housing benefit. Power BI extracts data out of these department systems and produces consolidated reports automatically and accurately in a way that staff can easily interpret and understand. Work is now being done, using Power BI implementation, to ensure that all statutory reports across the Council are automated for performance reporting. Enfield were one  ...  view the full minutes text for item 313.



To receive a report from the Director of Finance, Resources & Customer Services providing an update on the Anti-Money Laundering Policy and Counter Fraud Strategy.

(Report No.186)



Additional documents:


RECEIVED a report from the Director of Finance, Resources & Customer Services (Report No.186) providing an update on the refreshed Anti-Money Laundering Policy and Guidance.




1.    The report was introduced by Christine Webster (Head – Internal Audit & Risk Management).

2.    The Counter Fraud Strategy would not be heard today, only the Anti-Money Laundering Policy & Guidance.

3.    The Council’s anti-money laundering policy was last presented to the Audit & Risk Management Committee in 2015 and was timely to review and refresh the policy. The policy had been reviewed and updated, just in terms of name changes. There had not been any other changes.

4.    The key thing to be aware of is that the Council is required to have an anti-money laundering policy so as to enable it to comply with legislation.

5.    The Money Laundering Reporting Officer (MLRO) is Christine Webster and deputy MLRO is Bob Cundick (Housing Investigations Manager) and all suspicions should be reported to Christine Webster who will take appropriate action.

6.    In addition, the department prefers to try to ensure that relevant business within the Council is aware of risk, the processes that they should go through to reduce that risk and that they are properly trained. There had been a large programme of training people over the last couple of years.

7.    The following issues raised by Members in response to the report:

a.    Councillor Neville enquired about the level of cash that people could pay in. Christine Webster clarified that £12k (15,000 Euros) can be undertaken as a one off transaction as detailed at 7.2 (page 28) of the report. Any suspicious payments, even lower than £12k, can still be investigated. The main area of concern for the Council are property sales particularly right to buy transactions.

b.    Councillor Savva enquired whether it was more difficult to investigate Housing benefit Fraud than money laundering. Christine Webster clarified that Housing benefit fraud involved more low level values. There were a number of controls in place to combat right to buy cases and many had been prevented.


AGREED to note the updated anti-money laundering policy and guidance for its implementation.





To receive the report of the Director of Finance, Resources & Customer Services summarising the work that the Internal Audit and Risk Management Service (ARMS) has completed for the period 1 April 2016 to 22 December 2016.

(Report No.187)



Additional documents:


RECEIVED the report of the Executive Director of Finance, Resources & Customer Services (No.187) summarising the work of the Internal Audit & Risk Management Service for the period between 1 April and 22 December 2016.




  1. During the review period, the Internal Audit Team had commenced 61 reviews (87% of the current plan), of which 16 (23%) had been completed. Since the Committee approved the plan on 3 March 2016, Internal Audit had changed the plan and added 15 further audits and 19 reviews had been deferred or cancelled. Details of this can be found at Appendix 1 (page 41 & 42) of the report.
  2. Since the last Audit & Risk Management Committee, one completed audit had resulted in limited assurance for St. Ignatius School, with 1 high risk finding, as detailed at Table 2 (Page 35) of the report.
  3. Sections 3.7 – 3.9 (page 35) of the report, details managers progress with implementing internal audit recommendations. As summarised in Chart 1 (Page 36), Christine Webster (Head of Internal Audit & Risk Management) was pleased to report that results have been improving since the last report and overall 61% of high priority recommendations had now been fully implemented and 69% of medium priority recommendations had also been fully implemented. The remaining recommendations had all been progressed which meant that the risks had all been mitigated to a certain extent but not fully mitigated. The department were still following up on those. Many of the officers had submitted revised timescales of those actions.
  4. James Rolfe (Executive Director of Finance, Resources & Customer Services) was present if Members wished to ask any questions regarding the progress of any outstanding actions in FRCS.
  5. Counter Fraud achievements are summarised in Table 3 (Page 36) of the report, in terms of the benefits of the service. Further details of the service are shown at Table 4 (Page 37) which highlights how savings can be analysed with savings actually received by the Council as opposed to those recovered for the Department of Works & Pensions (DWP) regarding housing benefit.
  6. The Quality Assurance table detailed at 3.16 of the report shows that the department are complying with its performance indicators.
  7. The following issues raised in response to the report:

a.    Section 3.12 (Page 37) of the report mentioned that there had been 3 whistle blowing allegations received and investigated since April 2016. Christine Webster would provide a summary of what the outcomes were for these at the end of the municipal year.

b.    Councillor Neville enquired why Children’s Services had only implemented 35% of high risk recommendations whereas double that figure had been achieved for the medium priority risks. Christine Webster clarified that some of the high risk recommendations related to IT issues. There had been some delays in implementing IT solutions.

c.    Councillor Neville questioned Appendix 1 (page 41) under the ‘Various’ area and why audits for Temporary Accommodation and Meridian Water had been removed from the 2016/17 Internal Audit Plan. Christine Webster clarified that audits’ shown under ‘Various’ are being reduced as  ...  view the full minutes text for item 315.



To receive a report from the Director – Children’s Services providing an Update on IT developments for supporting work with families with No Recourse to Public Funds (NRPF).

(Report N0.185)


RECEIVED the report of the Executive Director of Children’s Services summarising an update on IT developments for supporting work with families with No Recourse to Public Funds (NRPF).




1.    The report was introduced by Anne Stoker (Assistant Director – Children’s Social Care & Principal Social Worker).

2.    The report related to IT developments to support the work stream relating to families with no recourse to Public Funds (NRPF).

3.    The Internal Audit review in 15/16 had led to red risks around how able the section was to manage and evidence  circumstance changes  for families with NRPF, ensuring that the section are monitoring and tracking their financial monitoring.

4.    There are 2 strands to the IT development for families with NRPF where significant development had been made:

a.    Developing a bespoke IT solution within the electronic case management system that is used within Children’s Services (Liquid Logic LL). This enables officers, from the moment a family with NRPF presents itself at the door, to log everything from the initial assessment through to human rights assessments, ongoing financial assessments, etc.

Changes have been made to how the section responds to families with NRPF. There is now an agency team working within the Assessment Hub including a social worker, fraud officer working alongside the Homeless and Immigration team and housing officers. This is a much better way to approach and support families with NRPF.

The electronic case management system is expected to go live by 1 February 2017.

b.    An electronic financial module has been identified called ContrOCC. It is linked to Liquid Logic and is a purchase ordering and payments system for children’s social care. This links the authorising and evidencing of payments to the case file showing a clear audit trail of agreed expenditure in line with assessment of need. With regards to the financial element, the section was looking to be up and running by September 2017.

Significant progress had been made in both of these areas of IT development.

5.    The following issues raised in response to the report:

a.    The Chair enquired if all of the mentioned systems were compatible. Anne Stoker clarified that it was only one system which is Liquid Logic (LL).  ContrOCC would be the company supporting the service. The actual solution is a LL solution contracted through LL. ContrOCC would be working with the service. This was the preferred provider which will also be proposed in their DAR report.

b.    There were 3 backup systems in place should the Liquid Logic application go down. Extended off site back up of the case management system has to be in place because of Children’s Social Care.

c.    Councillor Neville enquired if Anne Stoker was satisfied with these IT systems and if they would be similar systems to other London boroughs all doing the same function. Anne Stoker clarified that there were around 2 to 3 different IT systems for Social Care departments across the country. Many use Liquid Logic but many authorities don’t. The finance  ...  view the full minutes text for item 316.



To receive a report from the Director – Regeneration and Environment providing an update on Gas Safety compliance in PSL properties.

(Report No.171)


Additional documents:


RECEIVED the report of the Executive Director of Regeneration & Environment outlining progress made relating to gas safety compliance in PSL properties.




1.    The report updates the progress made since the internal audit where a critical risk was identified relating to gas safety compliance in PSL properties and also updates progress made since the Council Housing Team took over gas compliance from the Assessment Hub who were undertaking these checks.

2.    Since the critical finding, a compliance team was set up within Council Housing team. The team started to look and co-ordinate inspections around gas safety for council housing, Housing Gateway and non-council housing stock - PSL, PLA & NPLA.

3.    A lot of progress had been made since the audit and the team have now met all the audit findings. An action plan is in place to look at the audit findings to see how improvements can be made.

4.    Tenants are duty bound to grant access to contractors and the Council also instructs its own contractors and charges the landlord for this service.

5.    In some cases, small amounts of money needs to put into tenants meters so as to allow gas safety inspections to take place for boilers and cookers.

6.    The appendix report attached to the report was based on figures up to 15 December 2016 and gas compliance was at 91%. But as of today, gas compliance is at 99% for PSL properties.

7.    The compliance team would also undertake Housing Gateway and Council Housing inspections which are currently being undertaken by the Assessment Hub. Both of those are at 100%.

8.    The following issues raised in response to the report:

a.    The Chair commented that this was about the renewal of gas safety certificates. Sarah Carter (Head – Strategic Housing Review & Development) clarified that before a property is taken from a landlord, the service make sure a CP12 (certificate) is in place. It’s about the renewal of the CP12 once expired. The landlord should provide the CP12 to the service or the team provides the service to the landlord for a fee.

b.    Councillor Savva stated that many surrounding boroughs had a landlords register and that Enfield should do the same.

c.    Councillor Neville referred to the fact that according to the 15 December 2016 figures, there were 44 outstanding cases of gas safety certificates for PSL properties. Had these properties now been inspected and not at risk? Sarah Carter clarified that there were problems with access to these properties and that it was the landlords’ responsibility to provide certificates. Under the lease terms there are powers’ of entry which can be used. The unit had only taken this task on since August 2016, but have been informed by Legal Services that the Council has rights under the lease to enable the unit to gain access.

d.    Since the PSL gas servicing improvement plan had been produced thigs had moved on and Sarah Carter would forward an updated information appendix to all members.

ACTION: Metin  ...  view the full minutes text for item 317.



To receive a report from the Director – Finance, Resources & Customer Services providing an update on the Business Continuity and Disaster Recovery Position.




RECEIVED the report of the Executive Director of Finance, Resources & Customer Services providing an update on the IT Disaster Recovery Provision.




1.    As reported at the 29 September 2016 Committee meeting, a new Disaster Recovery (DR) system was now in place after considerable testing.

2.    Some issues arising from the testing had been remediated. Of the required tasks 26 were completed successfully, 5 partially completed, 5 were removed from the scope and 2 could not be completed.

3.    There was now a working disaster recovery facility, however, there was still a gap. The gap now is that business expectations of DR was now higher than what the actual recovery is. Meaning that IT cannot recover as quickly as achieved in the Business Impact Plan timescale as detailed at 3.5 (page 10) of the report.

4.    As part of this work, there was a large move to ‘Cloud’ services presently which involves moving all Council services from DR.

5.    The following issues raised in response to the report:

a.    The 5 tasks that had been removed from the scope were parts of services that were no longer in use but were still showing on the DR plan.

b.    It was taking 3-4 days to recover larger systems rather than 4 hours because of old technology previously set up by Serco which was tape based. Data is copied to tapes and there is a limit as to how fast data can be obtained. The Cloud did not use tapes. There had never been a DR in Enfield and the red audit risk findings were low probability events.

c.    Currently, 52 services had been moved to the Cloud successfully. The section had also built a lot of infrastructure which they could migrate data to. Currently there were 150 servers migrated to the cloud equating to a quarter of the Council’s servers. Cloud migration was due to be completed by Mid October 2017.

6.    The Chair Thanked Steve Durbin (Interim Head of IT) for his briefing paper.


AGREED to note the update on the Council’s IT Disaster Recovery Provision.




To receive from BDO (External Auditors) the Certification Work Report 2015/16 relating to grants, subsidy and the return of financial information.  




RECEIVED from BDO (External Auditors) the external audit Certification Work Report 2015/16 to 31 March 2016, relating to details of grant claims and returns, Action Plan and fees.




1.    BDO had certified one claim, the Housing Benefit subsidy claim for 2015/16 relating to expenditure of £313.7 million.

2.    Whilst this was a qualified claim, the audit findings were very minimal given the extent of the activities undertaken. As detailed on page 62 (3rd paragraph) where an error is found there is a requirement in 5 areas of 40+ testing to be undertaken. One error had been found relating to an overpayment of housing benefit totalling £1,603 which is a small figure compared to the total claims of £313.7 million.

3.    The second evidence of work that BDO look at is the way the housing benefit system is set up and to see if it meets the requirements of the Department of Works & Pensions (DWP). Two minor issues were found but they did not have any impact on the claims that were used.

4.     The third evidence of work related to the compilation of the claim form itself as detailed on page 62 (6th paragraph) of the report. Some elements of the form had some offsetting entries.

5.    BDO had now submitted their report to the DWP and the Council were awaiting to hear the outcome of that.

6.    The Chair thanked BDO for their report.



AGREED that the Grant Claims and Returns Certification Works Report 2015/16 and update paper be noted and endorsed by the Committee.





EXTERNAL AUDIT PROGRESS REPORT - BDO - 20:55 - 21:10 pdf icon PDF 77 KB

To receive from BDO (external auditors) a progress report on the external audit.



RECEIVED from BDO (external auditors) the Audit Progress Report to 4 January 2017.


1.    This was the progress report of the audit for 2015/16.

2.    The Housing Benefit work, as reported previously, had now been completed.

3.    The outstanding items were effectively the Audit Certificate, as detailed on page 17 of the (main agenda) report. This work had been held up by objections to the 2015/16 Statement of accounts. An additional resource was being drafted in to move this work forward and BDO were hoping to complete this work by the end of March 2017.

4.    The Chair thanked Andrew Barnes (BDO) for his report.


AGREED to note the progress report on the external audit to 4 January 2017. 




MINUTES - 21:10 - 21:15 pdf icon PDF 183 KB

Audit & Risk Management Committee


a.         To receive and agree the minutes of the Audit Committee meeting held on Tuesday 1 November 2016, as a correct record.


b.         To note the update on actions identified at the last meeting.



Additional documents:


NOTED the progress update on actions identified at previous meetings.


AGREED that the minutes of the Audit & Risk Management Committee held on Tuesday 1 November 2016 be approved and signed as a correct record.




AUDIT & RISK MANAGEMENT COMMITTEE WORK PROGRAMME 2016/17 - 21:15 - 21:20 pdf icon PDF 176 KB

The Committee is asked to agree the Work Programme put forward for the 2016/17 municipal year along with the timetabling of each issue on the Work Programme.



RECEIVED and noted the Committee’s updated work programme for 2016-17.




1.    The Counter Fraud Strategy would now be heard at the 7 March 2017 committee meeting.

2.    There would be a private meeting between BDO and members of the committee ahead of the scheduled meeting on the 7 March 2017. Meeting invites would be sent to members in due course.

ACTION: Metin Halil  (Committee Administrator).




To Note the dates of future meetings:


Tuesday 7 March 2017



(All meetings to commence at 7.00pm unless otherwise agreed.)



NOTED the dates of future meetings:


Tuesday 7 March 2017



(All meetings to commence at 7.00pm unless otherwise agreed.)