The Chair welcomed everyone to the meeting, which was being broadcast live online. Committee members confirmed their presence. Apologies for absence were received from Councillor Lappage

The Committee held a minute’s silence as a tribute to Councillor Chris Bond who had passed away recently.

Members of the Committee are invited to identify any disclosable pecuniary, other pecuniary or non-pecuniary interests relevant to the items on the agenda.

There were no declarations of interest.

Audit & Risk Management Committee

To receive and agree the minutes of the Audit & Risk Management Committee meeting held on the 5 March 2020.

AGREED that the minutes of the Audit & Risk Management Committee meeting dated 5 March 2020 be approved.

To receive a report from BDO ( External Auditors) presenting the external audit progress and fees update. This report is not attached to this agenda and will be circulated ‘to follow’.

                                                                                                            To follow

David Eagles from BDO (external auditors) introduced the report on the external audit progress and fees update.

NOTED:

1.    The main purpose of the report is to provide an update of where BDO are with the current external audit of the main council and the pension fund; and to update on the fees position for the last couple of years.

2.    The main audit progress is at an early stage with the main part starting early August. The national context is that the MHCLG have put the accounts preparation deadline back to the end of August and the publications deadline back to the end of November. The council is ahead of the revised deadlines and is aiming for September publication.

3.    Extensive work has been undertaken on valuations particularly on HRA beacons which was an issue on last year’s audit. BDO have started early on this to provide lead time for valuers to respond and resolve queries that will be raised.

4.    On the valuations that have come through BDO are not only looking the valuations as end of year was March 2020 but also revisiting the position as at the end of March 2019. This is to provide more information to further improve the robustness of positions. This is ongoing at present

5.    The Pension fund audit commenced slightly earlier. This is ongoing and a fair bit of progress has been made. This year this has included additional work on what the actuary does in terms of membership data cleansing. Every three years the actuary undertakes an extensive exercise to strip out potential anomalies in the data sets they have for different types of members. So that the calculation of estimated liabilities is as accurate as possible. BDO as part of their work this year are looking at this data cleansing exercise undertaken by the actuary and this work is progressing well.

6.    Overall the external audit is on track at present with the caveat being what comes out of the valuations work that is currently being looked at. Regular updates with officers are taking place to keep on track with the audit.

7.    There was an additional £55,900 added to the costs of the 2018/19 Audit. There was a detailed analysis undertaken and a summary with the key elements are included in the agenda paper. The majority of this amount relates to additional work on valuations.

8.    The 2019/20 fee position reflects in their work programme differences of approach. This is based upon quality reviews that have been feedback in terms of different ways of looking at valuations and pensions. This also includes a significant raising of the bar by FRC meaning the grades which BDO are required to achieve have been increased. This creates movement in terms of what needs to be done so the work programme and resource supply have changed.

9.    To provide transparency these have been broken down in the report to areas where a change in approach is a recurring change and those  ...  view the full minutes text for item 4.

To receive a report from the Executive Director Resources. The report is not attached to this agenda and will be circulated ‘to follow’.

                                                                                                                        To follow

Gareth Robinson, Head of Corporate Finance introduced the accounts and apologised for the lateness of these papers. He offered a separate formal or informal session to discuss the accounts to committee members should they require this.

NOTED:

1.    The Council have a statutory responsibility to produce accounts and have them audited by two clear deadlines. This year due to Covid 19 the dates for completion have been extended for sign off the draft accounts from 31 May to 30 September and the final accounts from 31 July to 30 November.

2.    The council always intending to have the accounts finalised before this date. Last year accounts were significantly extended due to major challenges relating to the HRA valuations and problems with the underlying production statement of accounts.

3.    The statement of accounts is four main statements from page 20 onwards in the actual statement of accounts.

4.    The balance sheet itself records the councils financial position showing what the council owes and is owed by organisations.

5.    The key point to review is council’s net assets or equity which is £428m at the end of 2019/20. This is what the Council itself is worth, albeit. that some of the assets are valued in a non-commercial manner but value in use.

6.    The comprehensive Income and Expenditure Statement is broadly equivalent to a profit and loss statement in the private sector. This records the income and expenditure in year. It is worth noting that the total income and expenditure shown at the bottom of the page shows the movement between the net equity or net assets between the years. This was £79m for 2019/20.

7.    The Movement in Reserves Statement records the details of the difference reserves areas in accordance with statute, this is really important to local government. It includes the usable reserves capital adjustment account, valuation reserve, pension reserve and collect fund reserve, etc. It is often referred to the triple lock. The Movement in Reserve Statement, the Comprehensive Income & Expenditure Statement (CIES) and Balance Sheet. They must all tally up perfectly.

8.    Following these statements and the note of the accounts is the Collection Fund which is how we record council tax and business rates, housing revenue account and group accounts as the council has four companies at present plus a dormant one. The pension fund is at the end

9.    As BDO referred last year there were some major problems with the account production and had concerns about the HRA dwellings. This caused the council to take a major overall of all its processes which identified historic weaknesses. There is a new CIPFA asset register, reviewing all the data, checking for existence, the classifications and asset lives. This involved cross checking with third party independent sources in property, housing and the land registry. This is industry standard for local government accounting.

10.The accounts previously were not consistent, now all entries are entered the ledger. Previously lots of entries had been recorded on an Excel spreadsheet and  ...  view the full minutes text for item 5.

To receive the draft Annual Governance Statement 2019/20.

Jeremy Chambers, Director of Law and Governance presented the Annual Governance Statement.

NOTED

1.    This Annual Governance Statement is required to be completed each year. The committee’s attention is drawn to the areas of significant change, the actions taken to improve governance during 19/20 and the areas of focus for 20/21 detailed in the report.

2.    The areas of focus for 20/21 are Information Governance risks including cyber security which is high on the list (covered next on the agenda); Improving and enhancing customer access to services; continued need to ensure high standards of health and safety; and to ensure that our business continuity plans are fit for purpose.

3.    The biggest areas are the ongoing impact of council’s response to Covid 19, this is under constant review by the Council, Cabinet, Senior Management team and Departmental Management teams to ensure that there are financial and governance arrangements in place.

4.    The Council will also be looking at demand led services which have the higher cost impact on the Council.

5.    The impact of the implementation of Universal Credit is to be reviewed.

6.    The Impact of a no deal exit from the European Union. The Director of Law and Governance is the senior point of contact for the Government. The Brexit Panel is chaired by Cllr Barnes. The Council is preparing itself reviewing all the options in terms of the impact on the community should the UK leave on the 31 December without a deal in place with the European Union. The Council is working on the basis of the highest risk, worst case scenario which is a no deal at the end of the transition period.

7.    When these risks are collated for the Annual Governance Statement, they are sent around the senior management team and discussed at the Assurance Board to identify a list of areas that we believe are our areas of real concern that we need to monitor closely.

8.    The conclusion of the Annual Governance Statement, which is signed off by the Leader of the Council and the Chief Executive is that we are satisfied that we have the appropriate governance arrangements in place. Over the next year we will take steps to address the matters raised tonight and to further enhance our government arrangements

Questions, queries and comments raised:

·         On the Risk Management Strategy on Meridian Water risks it did not have a risk pandemic flu. In the report it says that we have robust Annual Governance Statement and all the decisions were done correctly, all in public and all properly. It was believed that one meeting of the Planning Committee was not held in public. It was also queried why the Brexit panel is not a public meeting. Officers responded in terms of Planning Committee query more information was requested. The Brexit Panel has one member who chairs this. The rest of the attendees are officers of the council and representatives of partner agencies. It is lawful in terms of governance for  ...  view the full minutes text for item 6.

To receive a report from the Executive Director, Resources.

Kieran Murphy, Fay Hammond and Martin Sanders introduced this report.

Noted

1.    A similar report had gone to a previous meeting of the Audit & Risk Committee. This report has been refreshed and brought back.

2.    Kieron Murphy has joined the Local authority this year as the Director of Data, Digital and Technology and his title reflects how important cyber security is. One of the top objectives in this role is to move Enfield’s cyber security and data assurance to a better setting. The Council now has a very clear plan of action against each of the risk items. These have been ranked, including targeting to individuals and to specific dates. All risks will be reported to the Assurance Board to ensure that progress has been made.

3.    Since the last report some risks have been addressed; a phishing test (rogue email) in July was sent to test the council’s cyber compliance. This has generated action points amongst them the need for more cyber security training for both public and officers.

4.    This report builds on the previous report and considers not just cyber security, but also looks at how we train people and the tools used. The purpose of the report is to recognise some key proposals. The appendix to the report details the types of risks and threats and how the council deals with them.

5.    The Council would like to adopt and work towards the National Cyber Security Standards. The key risks will be reviewed through a remediation programme which will be brought back to a future Committee meeting.

6.    Security roles are to be bought under the remit of the Director of Data, Digital and Technology, some roles at present are spread across the Council.

7.    The reason for this proposal is that there are some existing assurance risks and will always exist because of the use IT and cyber tools. A number of these risks and threats have risen due to the substantial increase in remote working. These increased threats have become more sophisticated and are not perpetrated by individuals but by criminal organisations. The council wants to ensure that the existing tools we have are being used fully and that the processes are robust.

8.    The local authority must maintain statutory compliance including everything from taking payments through to how it communicates with other public organisations.

9.    There is a need to raise awareness that the Council as a whole is aware of risks and threats and that it has the tools to deal with them.

10.The National Cyber Centre is promoted by the
Cabinet office and the Local Government Committee. Enfield was not previously using these standards, instead they were using other organisations.

11.Prior to Covid 19, research from companies such as Mimecast had indicated a 140% increase in phishing (clicking on links), email spoofs (pretending there are from somewhere else), ransomware attacks (where you have to pay to release your software).Over 40% of small and medium firms had a security incident  ...  view the full minutes text for item 7.

To receive a report from Gemma Young, Head of Internal Audit and Risk Management. The report is not attached to this agenda and will be circulated to follow.

                                                                                                            To follow

This was introduced by Gemma Young, Head of Internal Audit and Risk Management

NOTED

1.    The Public Sector Internal Audit standards require the Head of Internal Audit to give an annual audit opinion of the council’s governance, risk management and internal control. This year’s opinion is limited assurance.

2.    There are four categories of assurance that can be given; substantial, reasonable, limited and no assurance.

3.    The reasons behind this rating are as follows. This year there were 44 pieces of work undertaken by the internal audit team which gave an assurance rating. There were 32 audits were targeted at key Corporate Services and 12 of these received a negative audit opinion (limited or no assurance). There were 12 schools’ audits and of these 8 received a negative assurance opinion. It is clear that as a Council it is the schools that are pushing us into that limited range.

4.    In terms of actions, there were 161 actions recommended in audit reports across the year for corporate audits and 183 actions recommended for schools. The reason why schools’ audits have disproportionally more actions is that the audit looks at a broader scope area for schools so it is natural that there would be more actions recommended. Overall there were 344 more actions recommended by internal audit.

5.    Part of the opinion is based on the timely implementation of agreed audit actions.

6.    As at year end 31 March, 73% of corporate high-risk actions have been implemented and 44% of corporate medium risks implemented rising to 100% for high risk and 85% for medium risk by the 15th of July. For schools, at year end, 59% high risk actions and 75% medium risk actions had been implemented, rising to 82% for high risk and 78%for medium risk by the 15 July.

7.    In terms of why the council has received a negative overall assurance opinion for this year, it should be noted that this year audit has targeted the extremely high-risk areas. Although the plan is for the Head of internal Audit and Risk Management alone to decide, there is close working with the Assurance Board and Executive Directors are asked to identify their high-risk areas.

8.    Another reason for the limited assurance category is that the style of audit has changed from continuous monitoring for key financial systems which is essentially the same tests repeated again and again. This has now changed to proper deep reviews of the key financial systems and this has uncovered some issues that need to be resolved.

9.    There have been some areas where assurances can be obtained externally such as the good overall rating for the Ofsted report, positive LGA review of the Early Years’ service, the Grant Thornton financial resilience review, the adoption of the 10 year capital programme, the treasury management strategy, the introduction of a new risk management framework and improved transparency in financial reporting.

Questions, comments and queries:

·         In response to a query on why there is no assurance for  ...  view the full minutes text for item 8.

To receive a report from Gemma Young, Head of Internal Audit and Risk Management.

This was introduced by Gemma Young, Head of Internal Audit and Risk Management

NOTED:

·         This has already been partially covered under the previous item.

·         Page 49 provides information on the details of the themes found in the school’s audits.

·         Appendix 1 to the report is the letter aimed at Headteachers and school governors to provide them with a summary of what has been found.

AGREED to note the 2019/20 School Audit Annual Report.

To receive a report from Gemma Young, Head of Internal Audit and Risk Management.

This was introduced by Gemma Young, Head of Internal Audit and Risk Management

NOTED:

·         This is the 2020/21 Audit plan which is outlined in Appendix A.  This includes school’s financial management which will be cross cutting. In terms of the other cross cutting audits there is Procurement Social Value, Climate Change, Adult Social Care and financial assessments. Then it is broken down by directorate and detailed in the report.

·         In terms of the Schools audit plan this includes schools that we have not looked at for a while or where we have concerns

AGREED to note the 2020/21 Audit Plan

To receive a report from Gemma Young, Head of Internal Audit and Risk Management.

This was introduced by Gemma Young, Head of Internal Audit and Risk Management

NOTED:

1.    The report covers April 2019 to March 2020.

2.    Audit have supported council housing and temporary accommodation teams to recover 100 properties over the course of a year

3.    Audit have identified overpayments and potential savings of over £3.11m this includes things such as fraudulently claimed right to buy discounts, claims for support provided by the no recourse to public funds team, council tax and housing benefits.

4.    The Council has levied 12 financial penalties totalling £9k for council tax support offences.

5.    Page 88 breaks down counter fraud savings analysis and page 89 details category recovery and general investigation details can be found on pages 90-91

6.    The Counter Fraud team promoted International Fraud Awareness week last November.

7.    Whistle Blowing policy has been promoted in Staff Matters and in discussion with HR on further ways to promote the policy.

Questions, comments and queries:

·      The annual target how is it decided, and will it change. The Committee was advised that generally, this target increases every year. However, this year it will remain unchanged. So far this year six properties have already been recovered, may not recover the property target this year. We have already saved well over a million on the business rates grants. That is not included in this report but will be in the next report. The business rates grants include both mandatory scheme and discretionary scheme. The local authority checked and vetted each application received to try to ensure that all grants paid out were genuine. We have either denied or recovered over a million pounds worth of these monies.

AGREED to note the Counter Fraud Service Annual Report 2019/20

To receive a report from Gemma Young, Head of Internal Audit and Risk Management.

This was introduced by Gemma Young, Head of Internal Audit and Risk Management

NOTED:

1.    The annual operating plan now includes business rate grants

2.    Following a query on how the Council make sure business grants are used appropriately. The committee was advised that Local authorities are not required to determine how the monies are used just that the businesses are deserving of the grant and qualify for it. There has been a huge amount of work already on pre award checking. Central government is now requiring us to do post award checking. The Council is now looking at whether the business is going concern. Businesses cannot receive state aid if they are non-liquid

3.    On what basis will businesses have to pay back. The audit team are identifying businesses that may have to pay the money back. There are around 35 cases in the borough. Discussions will need to take place with the Executive Director Resources to agree what the approach should be, and advice will be sought from the legal team. This will be determined once the full details are available

AGREED to note the Counter Fraud Strategy, including the counter Fraud, Bribery and Corruption Policy Statement, and the associated 2020/21 Operating Plan.

To receive a report from Gemma Young, Head of Internal Audit and Risk Management.

This was introduced by Gemma Young, Head of Internal Audit and Risk Management

NOTED:

1.    This is a refresh of the risk framework. The Council had an internal audit of risk management which came back as limited and one of the recommendations was that we needed a better framework and an improved strategy.

2.    The risk maturity ratings are detailed on the bottom of page 137. We are currently Level 2 developing we are aiming to be level 3 proficient but are not consistent enough at present this needs more embedding.

3.    The risk appetite is detailed on page 139 and this will be the approach for the next couple of years if members approve.

AGREED to approve the updated Risk Management Strategy and 2020-21 Risk Operating Plan

To receive a report from Gemma Young, Head of Internal Audit and Risk Management.

This was introduced by Gemma Young, Head of Internal Audit and Risk Management

NOTED

1.    This item comes to the Committee each meeting to review or comment upon. There have been no addition or subtractions to this document, however some items have moved from medium to high risk:

2.    The items that have moved to high risk are; failure to maximise income (increase due to Covid); Fraud/ Corruption (this always increases in a crisis); Information Governance and loss of IT (as a result of increased remote working) and Health & Safety (relating to Covid).

3.    Brexit has separate risk register and came to committee in March and Covid 19 is in the overall risk register

4.    Committee members were asked whether they wished anything to be added.

Questions, comments and queries:

·         Members felt that Climate Change was a gap and should be included. This issue will be taken to the Assurance Board and the Executive Management team and bought back to the next meeting of the Committee.

AGREED to note the Corporate Risk Register

To receive a report from Gemma Young, Head of Internal Audit and Risk Management.

This was introduced by Gemma Young, Head of Internal Audit and Risk Management

NOTED

1.    This is a culmination of the work of the Council’s Silver Command Group and the Covid Recovery working group, which is chaired by the Executive Director of Place. There is a good mix of operational and strategic risk covering the key areas.

2.    Members are invited to comment or identify gaps in the register.

Questions, comments and queries:

·         How often are the risks reviewed, noted that mental health for employees has gone from High to medium. Anxiety may increase as people return to their normal work location. What support is in place? The Committee was advised that initially there was a fear that the isolation would bring on huge waves of mental health problems, but this hasn’t materialised. However, as people return to their normal place of work there maybe rises of mental health disorders. This will be reviewed by the Silver Group who meet weekly and review risks and it was confirmed that the Director of HR is on this group.

·         The risk of a second wave is not listed as a separate risk, felt there is a real risk of a second wave should this not be separate risk. Officers advised that this will be taken to Silver Group and reported back to the committee at the next meeting.

AGREED to note the Covid 19 Risk Register.

To receive a verbal update from Jeremy Chambers, Director of Law and Governance.

Jeremy Chambers, Director of Law or Governance advised that appropriate training will be arranged for the Committee immediately before the next meeting.

The Committee is asked to agree the Work Programme put forward for 2020/21.

The Chair requested officers provide an email update on Brokerage and that a full report comes to the next meeting.  Several other amendments were also requested as follows: the Covid 19 Risk Register, the final Statement of Accounts, the response on recording Climate as a risk within the Corporate Risk Register all to October’s meeting and the Treasury Strategy to November’s meeting. A revised work programme will be circulated.

To note the dates of future meetings as follows:

·         Thursday 15 October 2020 7:00pm

·         Thursday 26 November 2020, 7:00pm

·         Thursday 14 January 2020, 7:00pm

·         Thursday 4 March 2020, 7:00pm

·         Thursday 22 April 2020, 7:00pm

The dates of future meetings were noted.