Agenda and minutes

There were no declarations of interest stated.

To consider the minutes of the previous meeting(s).

Resolved:                 That the minutes of the meeting held on 14^th November 2022 be agreed as a correct record.

The Chief Internal Auditor presented the Internal Audit Update Quarter 3 covering the period of 1st October to 31st December 2022.

A neutral audit opinion had been issued over the quarter regarding the Disabled Facility Grant, meaning a number of weaknesses were identified and improvements were now required to increase the adequacy and effectiveness of the internal control framework. Four medium risks recommendations had been made regarding the management and administration of information and supporting records and documentation.

A number of audits were in progress with status ranging from preparation to fieldwork and draft. Recommendations that had been issued were also being monitored, which is an improvement from Quarter 2.

On that topic the report showed that by the end of December 2022, 329 recommendations had been made, of which 287 were implemented, which represented 87%. Of the remaining 42 recommendations, 16 were in progress and 19 had not yet received their due date for completion.

Members raised questions as follows:

-       Whether the Disabled Facility Grant was managed by a private company and if so how the Council was getting it back: the Head of Finance (S151 Officer) confirmed that it was indeed the case and that the fulfilment of the contract was being monitored, as the report showed.

-       If further information about the four headline recommendations could be provided: the Chief Internal Auditor didn’t have the information at hand but said she would circulate it.

-       High priority overdue recommendation referred to in Appendix A page 11: the Chief Internal Auditor said this was about the Council not having a formally appointed Chief Information Officer, as part of the IT governance audit.

About the latter the Head of Legal & Governance clarified that there were three overlapping roles: the Data Protection Officer already in place, the Senior Information Risk Owner, also in place with himself and the Chief Information Officer which usually seats with the head of ICT and should be resolved swiftly with a new appointment as a result of an ongoing recruitment process.

Resolved:     That the report be received.

Watch the debate here

The Head of Legal & Governance presented the Corporate Risks Management Report going straight to 2.1 and 2.2 of the report about the 9 overdue risks, which had all been reviewed and were being addressed, 2 of them having been amalgamated resulting in 7 only reassigned. Risk levels had changed for Animal Disease raised from Low 4 to Medium 7, in relation to the Avian Flu. There had been no movement in the Corporate Risk profile.

Responding to a question about 4 risks related to licensing enforcement the Head of Legal & Governance clarified that these were service level risks but were brought to the Committee to alert members of the fact they were overdue but as they were being addressed should disappear from the list, as should other overdue risks.

About the risks associated to Environmental Protection Service, Air Quality and North Staffs Local Air Quality Plan (NSLAQP) which had been overdue for a considerable amount of time, the Head of Legal & Governance confirmed that these were already being redressed.

There was a request for the Local Economic Partnership (LEP) to be circulated. The Head of Legal & Governance confirmed this would be done and even used as an example for the upcoming training scheduled with members.

Concerns were raised over the High Red 9 Financial risk rating page 28 along with the question of how the Council met the Action Plans. The Head of Finance (S151 Officer) clarified that the amount to be borrowed was over a three year period and efforts were put towards boosting the existing reserve so that this can be used in priority when available. It was suggested that the wording of the heat map be amended for consistency. The Head of Legal & Governance commented that it was about control and mitigation measures and this could be looked at more in depth during the training session.

Resolved:     (1)       That the 9 risks more than 6 months overdue for a review

be noted.

(2)         That the risks on the Corporate Risk profile be noted.

(3)         That no individual risk profiles be scrutinised at the next meeting.

(4)         That whilst the likelihood of a risk materialising may be mitigated, the likely impacts may not change, be noted.

Watch the debate here

The External Auditor reported on the Audit Findings following up on the discussions that took place at the last meeting. The queries raised regarding the Council’s plant, property and equipment as well as the pension liability had been resolved and there were no additional issues or errors needing adjustment.

Concerns were expressed over the journals user access rights and authorisations issues referred to in the Action Plan and flagged as high risk. The External Auditor commented that the first ones were about who has access and composes the journals: this needs to be done at least once a year and is relatively easy to fix. The second one relates to the good practice of having the journals to be authorised by someone separately and involves a bit more management.

The Head of Finance (S151 Officer) explained that there had been an upgrade in the system allowing the same person to write and approve the journals and so the separation of duties was not respected, however this had been corrected by the provider Civica who had put measures in place so that the same error doesn’t happen again. Members were reassured to hear the problem had been related to the system and not a person failure.

Resolved:     That the report be received.

Watch the debate here

The Public Sector Internal Audit Standards set a requirement for every internal audit service to have a review at least every five years. The first review had to take place before the 31^st March 2018 and was done in April 2017. The results were reported through the Audit & Standards Committee.

The Chief Internal Auditor reported that Business Solutions Limited had been appointed to undertake the review that was due in 2022 based on quality and cost considerations.

The review was done in November featuring interviews of the team as well as examination of reports, policies and procedures, sample of clients and questionnaires to be filled resulting in the report presented to the Committee.

The document is articulated around three sections:

-       Part one - Compliance with the Public Sector Internal Audit Standards - Findings and recommendations. On page 47 of the pack there are three levels of opinion that can be achieved. The Council achieved the highest standard i.e. “Generally Conforms”.

-       Part two - Suggestions for enhancement of internal audit services. Eleven recommendations were made, six of which being viewpoints to reflect the application of the standards, and five recommendations for consideration only. There were no recommendations about things needing to be undertaken, which demonstrated an alignment of the Council with the standards. Four suggestions were made for enhancement of the services.

-       Part three – Benchmarking. Page 97 of the pack shows how the service compares with other local authorities and the private sector. Results of the stakeholders’ feedback can be found on page 99 which confirms that the good quality of the internal audit service.

Members expressed their satisfaction over the report.

The Chair thanked the Chief Internal Auditor.

Resolved:     That the report and positive outcome be noted.

Watch the debate here

The Committee Work Plan is to be amended as follows:

-       the Annual Internal Audit Report and Annual Opinion are to be moved from the meeting of the 17^th April to the 27^th June meeting;

-       the Treasury Management Annual Report shown on the 27^th June is actually 22/23 not 21/22;

-       the NGA Benchmarking document was published last week and is to be brought to the 27^th June’s meeting.

A training session is being organised for the hour preceding the meeting scheduled on 17^th April. The different risks factors will be explained and a worked example will be presented on a screen by the Head of Legal and Governance.

Watch the debate here

There was no Urgent Business.