Venue: Committee Room 4, The Courts, Carlisle, CA3 8NA. View directions
Contact: Jackie Currie Email: firstname.lastname@example.org
APOLOGIES FOR ABSENCE
To receive any apologies for absence
Apologies for absence were received from Mr SB Collins.
To note any changes to the membership of the Committee
Ms C McCarron Holmes had replaced Mr K Hamilton and Mr A McGuckin had replaced Mr DE Southward on the Audit and Assurance Committee. These were permanent changes and the Chair welcomed them to the Committee.
DISCLOSURES OF INTEREST
Members are invited to disclose any disclosable pecuniary interest they have in any item on the agenda which comprises
1 Details of any employment, office, trade, profession or vocation carried on for profit or gain.
2 Details of any payment or provision of any other financial benefit (other than from the authority) made or provided within the relevant period in respect of any expenses incurred by you in carrying out duties as a member, or towards your election expenses. (This includes any payment or financial benefit from a trade union within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992.
3 Details of any contract which is made between you (or a body in which you have a beneficial interest) and the authority
(a) Under which goods or services are to be provided or works are to be executed; and
(b) Which has not been fully discharged.
4 Details of any beneficial interest in land which is within the area of the authority.
5 Details of any licence (alone or jointly with others) to occupy land in the area of the authority for a month or longer.
6 Details of any tenancy where (to your knowledge)
(a) The landlord is the authority; and
(b) The tenant is a body in which you have a beneficial interest.
7 Details of any beneficial interest in securities of a body where
(a) That body (to your knowledge) has a place of business or land in the area of the authority; and
(b) Either –
(i) The total nominal value of the securities exceeds £25,000 or one hundredth of the total issued share capital of that body; or
(ii) If that share capital of that body is of more than one class, the total nominal value of the shares of any one class in which the relevant person has a beneficial interest exceeds one hundredth of the total issued share capital of that class.
In addition, you must also disclose other non-pecuniary interests set out in the Code of Conduct where these have not already been registered.
A “disclosable pecuniary interest” is an interest of a councillor or their partner (which means spouse or civil partner, a person with whom they are living as husband or wife, or a person with whom they are living as if they are civil partners).
There were no disclosures of interest made on this occasion.
EXCLUSION OF PRESS AND PUBLIC
To consider whether the press and public should be excluded from the meeting during consideration of any item on the agenda.
RESOLVED that, the press and public be not excluded from the meeting during consideration of any items of business on the agenda.
However, the Chair advised that with reference to Agenda Item No 6 – Deep Dive Significant Contracts, that as a result of the information to be discussed and the open nature of questions that may be posed by members of the Committee, there may be a need for the meeting to move to exclude the press and public for some of the debate.
To confirm as a correct record the minutes of the meeting of the Committee held on 20 March 2018 (copy enclosed).
RESOLVED that, the minutes of the previous meeting held on Tuesday 20 March 2018 be agreed as a true and accurate record.
In relation to the Children Looked After Strategy the Chair asked the Executive Director – Corporate, Customer and Community Services to check whether the strategy had been circulated to all members, and to re-circulate if necessary (Action: DR).
DEEP DIVE - SIGNIFICANT CONTRACTS
To receive a presentation from the Executive Director – Corporate, Customer and Community Services (copy to follow)
Members received a joint presentation from the Executive Director – Corporate, Customer and Community Services, the Executive Director – Economy and Infrastructure, the Assistant Director – Highways and Transport and the Senior Manager – Commissioning.
The presentation sought to provide assurance to the Audit and Assurance Committee on the effective arrangements for contract management, appropriate risk management and the control environment surrounding significant contracts.
For the purpose of this presentation ‘significant’ contracts were deemed to be those which were critical to the Council’s business objectives, financial stability and/or reputation, such as: contracts critical to the council’s delivery of statutory duties; contracts that posed significant risk (reputation and/or financial) and/or would have significant impact in the event of a relationship breakdown or supplier failure; or contracts that, in the context of the directorate budget and its ordinary contracts, were of significant value.
The four contracts being considered by members as part of this deep dive were:-
· Connect (CNDR)
· Residential care contract
· Extra care housing contract
The focus of the presentation for each of these contract was:-
· Annual contract value
· Robust contract documentation
· Strong contract management
· Effective performance information and risk management
· Robust relationship management
· Legal Issues/advice
With reference to the CNDR contract one of the members asked if the lessons learned from the Amey contract had been taken into account when the County Council entered into the contract with Connect.
The Assistant Director – Highways and Transport said the establishment of the Connect contract pre dated the issues that arose from the Amey contract. However, due diligence had been applied to the Connect contract before it was established.
The Director of Finance reminded members that this was a PFI scheme, which in itself meant that the DfT and the Treasury had applied additional rigour to the process.
One of the members asked if there were any provisions included in the Connect contract which allowed for changes to be made without penalty.
The Assistant Director said there were mechanisms in place to allow both parties to make changes to the contract on a ‘routine’ level, but significant changes would require changes to the contract agreement which may incur significant costs.
Members were aware that the care market was extremely complex, and the recruitment and retention of staff in this sector was particularly difficult to manage, especially when competing against private sector organisations. One of the members asked if the council carried out any monitoring against its competitors, and wondered if the recruitment market had stabilised.
The Senior Manager – Commissioning informed the Committee that the County Council had recently reviewed the Independent Care Framework. The new framework allowed the council to commission a more sustainable range of care and support, with providers who were continually striving to improve quality and choice in order to meet the needs of the market. 92% of providers had now signed up to this framework which had helped to stabilise the market but the recruitment and retention of staff was difficult to manage. However, the council ... view the full minutes text for item 6.
To consider a report from the Executive Director – Corporate, Customer and Community Services (copy enclosed)
Members considered a report from the Executive Director – Corporate, Customer and Community Services which provided them with an update on progress with the 2017/18 corporate risks for the fourth quarter to 31 March 2018.
Members noted that all of the corporate risks had been reviewed and approved by the Corporate Governance Group, Corporate Management Team, Directorate Management Teams and individual risk owners.
The Assistant Director – Organisational Change updated members on the following:-
· Notable Risk Management Activity in Quarter 4 & planned for Quarter 1:
A range of improvement activities had been undertaken during Quarter 4 aimed at further strengthening the Council’s approach to risk management.
· Review of Performance & Risk Management Framework, including Internal Audit Action Plan
The work to review the Performance and Risk Management Framework (PRMF) had progressed with the new framework aligning to the 2018-2022 Council Plan agreed by Full Council on 15 February 2018.
The new P&RMF would include consideration of an action plan to address the Performance and Risk management actions from the Internal Audit Action Plan ensuring that a consistent approach was embedded across the Council regarding Performance & Risk Management arrangements.
This new approach would include the introduction of newly developed Guidance for Developing and Managing Non-Strategic or Operational Policies and Procedures which had been approved by CMT in January 2018 and was produced in response to concerns raised in the Internal Audit Annual Report with regard to the development, approval and maintenance of policies, procedures and other guiding documents.
· Amey Lessons Learned Report & Action Plan
The Lessons Learned actions relating specifically to risk management arrangements were progressing well in line with the action plan agreed with Members;
In March 2018, Elected Members took part in two training workshops; firstly a Risk Management Training session delivered by Zurich Municipal followed by a Contract Management Training session delivered by the Senior Manager Procurement and Contract Management.
· Review and refresh of Corporate Risks for 2018/19.
In February 2018, a Risk Management workshop took place at Extended Leadership Team to review the Council’s current risk management approach and to identify opportunities to strengthen arrangements at both a Strategic and Operational level. These findings had been collated and a further action plan developed.
A further workshop with Extended Leadership Team to refresh the Corporate Risk Register for 2018/19, in line with the new Council Plan Delivery Plan and Extended Leadership Team reshaping took place on 2 May 2018 and the outcomes were being developed further with each of the new areas of responsibility within Directorates in order to refresh Strategic & Operational risks for 2018/19.
Once the Council Plan Delivery Plan 2018-2022 and Performance & Risk Management Framework had been considered by Cabinet and the Strategic & Operational risks had been refreshed, then a workshop would be held with elected members of the Audit & Assurance Committee in July 2018. This was AGREED.
· Implementation of the new General Data Protection Regulations
The new General Data Protection Regulations (GDPR) came into force on 25 May 2018. The Council put in place ... view the full minutes text for item 7.
To consider a report from the Executive Director – Corporate, Customer and Community Services (copy enclosed)
The Audit and Assurance Committee considered a report from the Executive Director – Corporate, Customer and Community Services which gave a progress update on the 2017/18 Action Plan.
At the last meeting of the Audit and Assurance Committee on 20 March, members received an update on issues relating to Children’s Services Leadership and Governance.
Following the Ofsted re-inspection in November 2017, the inspectors had reported that: “all local authority services for children in Cumbria had significantly improved and overall effectiveness now required improvement to be good”.
As the Directions Notice had been lifted and plans continued to be in place to manage the improvement journey, members of the Committee agreed the associated Governance Issue be closed. No update on this matter had therefore been included in this report.
An update was provided on the significant governance issue relating to the Amey litigation case and the Lessons Learned Action Plan agreed by the Audit and Assurance Committee on 12 September 2017. It was agreed then that progress would be reported quarterly to the Committee as part of the reporting of progress on the AGS Action Plan. The third progress update to Audit and Assurance Committee on this aspect of the Action Plan was presented as Appendix 1 to this report.
Based on current reporting, all actions had either been delivered on time or were on track to be delivered as per the dates outlined in the Action Plan. Routine progress reporting to ensure the strengthened arrangements were embedded will continue through CMT and to Elected Members during 2018/19.
The Executive Director asked members to note that the action under the ‘Effective Contract Management’ for existing significant contracts to be reviewed, had been postponed to allow for a 12 month period to elapse before the review was carried out. Members noted this.
RESOLVED that, members note the progress made and the prospects for addressing the issues set out in the 2017/18 Annual Governance Statement Action Plan presented in Appendix 1 of the report.
To consider a report from the Executive Director – Corporate, Customer and Community Services (copy enclosed)
Members considered a report from the Executive Director – Corporate, Customer and Community Services, which provided them with an update relating to the responsibilities of the Cumbria County Council Senior Information Risk Officer (SIRO) and outlined activity and performance related to information governance. It provided an update on information risks, how risks were managed, the governance processes in place; what was going well; and where improvements were required.
ICT security and cyber security risks continued to present an increasing challenge to all organisations locally, nationally and internationally and the Council was no different. Arrangements to manage these risks were contained within the report with a summary included to list actions already undertaken and further activity planned to maintain and strengthen defences and enhance corporate resilience.
Performance in relation to information requests processed under for example Freedom of Information and General Data Protection Regulation (GDPR) legislation was also summarised in the report and whilst the Council had made performance improvements over the previous year, this would continue to be an area of focus as additional improvement was required during 2018/19.
National introduction of the new General Data Protection Regulations (GDPR) was implemented on 25 May 2018, which provided individuals with additional rights in respect of their data. This included for example greater rights, a ‘privacy by design’ approach and shorter timescales to be provided with responses to requests for their data and reporting requirements of any data breaches to the Information Commissioner Office (ICO).
The Senior Information Risk Owner (SIRO) Annual Report reflected the Council’s information governance work undertaken during 2017-18, and provided assurance that personal data was held securely; information was disseminated effectively and provided an overview of key performance indicators relating to the Council’s processing of information requests within the necessary legal frameworks.
Members again raised their concerns about staff and elected members not engaging in GDPR training. The Assistant Director reassured members that he noted this.
RESOLVED that, members note the content of the 2017-18 SIRO Annual report attached as Appendix 1 of the report;
To consider a report from the Monitoring Officer (copy enclosed)
The Monitoring Officer presented a report which detailed the County Council’s Whistleblowing Policy and Speak Up arrangements. The Monitoring Officer asked members to note that, as a policy which was included in the Council’s Constitution, the Whistleblowing Policy required adoption by full Council.
Effective whistleblowing arrangements are an important part of good governance, ensuring that concerns can be raised in a safe environment and that matters raised are dealt with effectively.
The implementation of a Speak Up Policy was identified as an action in the Amey vs Cumbria County Council Lessons Learned action plan approved in September 2017. Following consultation with the Trade Unions, it had been agreed that ‘Speak Up’ would not be a formal policy but rather an articulation of the commitment from the organisation to ensure that there was a route for raising concerns when the Whistleblowing Policy does not apply.
The purpose of ‘Speak Up’ was to provide avenues for concerns to be raised with line managers or named contacts for an initial discussion and possible signposting to other Council policies and procedures if appropriate. It was considered that ‘Speak Up’ should assist in building a culture where speaking up was the expected behaviour from all staff, Members, partners etc.
The approval of ‘Speak Up’ would fall within officer delegations and was therefore provided to the Committee for information and consultation only.
Alongside ‘Speak Up’, the opportunity had been taken to review the existing Whistleblowing Policy to limit duplication and ensure continued compliance with the requirements of the Public Interest Disclosure Act 1998 (PIDA) which provided protections for those raising concerns in certain circumstances.
One of the members questioned why the speak up was not being developed as a formal policy. The Monitoring Officer explained that this was done on the advice of the Trade Unions.
Members asked officers to make changes to the wording in paragraphs 2.2.2, 2.6.1 and 2.6.2 (c) of Appendix 2 ‘Speak Up’ and the Monitoring Officer AGREED to look at this (Action: IP).
(1) members RECOMMEND to County Council the approval of the draft Whistleblowing Policy;
(2) members note the aspiration to embed ‘Speak Up’ in the organisation and note the draft document;
(3) The Monitoring Officer to look at the wording in Appendix 2 paragraphs 2.2.2., 2.6.1 and 2.6.2 (c)
To consider a report from the Director of Finance (Section 151 Officer) (copy enclosed)
The Audit and Assurance Committee considered a report from the Director of Finance (Section 151 Officer) which provided a review of the work of the Audit and Assurance Committee against the core functions of an audit committee as defined within the CIPFA Position Statement on Audit Committees 2013.
The Audit and Assurance Committee had pursued its vigorous work programme throughout 2017/18, building on its activities in recent years.
During 2017/18 the committee held four meetings and at the meeting held on 12 September 2017, the committee received a report of the findings of the Lessons Learned Review of the Amey vs Cumbria County Council litigation. Also presented to Audit & Assurance Committee was the Chief Executive’s response to the report and a detailed action plan to address the issues identified within the report.
The Committee had received updates on the progress being made with delivery of the action plan at each subsequent meeting during the year as part of its regular reports on the Annual Governance Statement Action Plan.
At its meeting on 25 September 2017, the Committee received the Annual Governance Statement for 2016/17 and action plan for 2017/18. The action plan set out the actions required to address the two significant governance issues:
• Children’s Services Ofsted Inspection Outcomes
• Amey vs Cumbria County Council litigation
The Committee received updates on the action plan at its meetings in January and March and took assurance that good progress had been made on each of these issues. The Children’s Services governance issue had since been resolved.
The Committee continued to take a keen interest in the arrangements for effective risk management. The corporate risk register had continued to be a significant item on the committee’s agendas and assurances sought that the risk management arrangements in place are both robust and effective.
The Committee had also continued to receive regular progress reports on the work of Internal Audit and had sought assurances that audit recommendations had been implemented on a timely basis.
The Audit and Assurance Committee approved the internal audit charter, a key document required by the Public Sector Internal Audit Standards (PSIAS), which sets out the purpose, authority and responsibility of Internal Audit and ensures its independence.
Other reports considered by the Committee included:-
• External Quality Assessment of Internal Audit
• Annual Statement of Accounts
• The appointment of the Council’s external auditor from 2018/19
RESOLVED that, members note the update and confirm the assessment of conformance with the core functions of an audit committee per the 2013 CIPFA Guidance as set out at Appendix 1 of the report
To consider a report from the Acting Group Audit Manager (copy enclosed)
Members had before them a report from the Acting Group Audit Manager which provided a summary of the outcomes of the work of Internal Audit for 2017/18 and included the Head of Internal Audit’s opinion on the effectiveness of the Council’s arrangements for governance, risk management and internal control in accordance with the requirements of the Public Sector Internal Audit Standards (PSIAS)
The Acting Group Audit Manager took members through the report, and highlighted the following key points:-
• The annual opinion of the head of internal audit: based on the work undertaken by internal audit during 2017/18. The Group Audit Manager was able to provide reasonable assurance over the effectiveness of the Council’s arrangements for governance, risk management and internal control. This compared positively to the partial assurance opinion in 2016/17.
• Overall, 59% of Risk Based Audits resulted in Reasonable or Substantial assurance, with 41% resulting in Partial or Limited assurance. This showed an improvement on 2016/17 outcomes where only 27% resulted in Reasonable or Substantial assurance and 73% Partial or Limited assurance.
• Similar themes had arisen across a number of audit reviews to those in 2016/17 and management had taken action to improve arrangements for these areas – risk management; performance management; and policies and procedures.
• The work of internal audit was considered to have provided an appropriate level of coverage across the council to provide the opinion, except for Health Care and Communities Directorate where only one risk-based audit had been finalised. The low level of coverage in this Directorate does not however prevent the overall opinion being concluded. Sufficient audit work was planned for 2018/19.
• There have been no threats to internal audit’s independence in the year to which this opinion related.
The annual opinion from the designated Head of Internal Audit was a requirement of the PSIAS which stated that the “chief audit executive must deliver an annual internal audit opinion and report that could be used by the organisation to inform its governance statement.”
The Group Audit Manager was satisfied that sufficient audit work had been undertaken to allow an opinion to be provided except for Health Care and Communities Directorate where only one risk-based audit had been finalised. The newly appointed Executive Director – People had expressed his commitment to ensuring improved engagement in this area in order that sufficient audit work was completed in 2018/19.
The Audit Opinion statements available using the agreed Internal Audit reporting methodology were:
• Substantial Assurance
• Reasonable Assurance
• Partial Assurance
• Limited Assurance
The opinion of the Group Audit Manager was that reasonable assurance could be given over the adequacy and effectiveness of the systems for governance, risk management and internal control operated by the council in 2017/18.
This opinion was founded on the work undertaken by internal audit during the year which was based on the audit plan approved by Audit & Assurance Committee in March 2017.
The Acting Group Audit Manager then took members through the internal audit coverage and ... view the full minutes text for item 12.
To consider a report from Grant Thornton (copy enclosed)
The letter from Grant Thornton which outlined the planned audit fee for 2018/19 was considered by the Committee.
The Audit Manager from Grant Thornton confirmed that the fees would be reduced by 23 percent from the fees applicable for 2017/18, and that there would be no change to the overall work programme for audits of local government audited bodies for 2018/19.
Members asked whether the reduction in fees was likely to have any unintended consequences on the ability of Grant Thornton to deliver their audit work in future. Grant Thornton confirmed that the changes were in relation to the methodologies used to conduct the audits which had resulted in efficiencies being realised.
RESOLVED that, the planned audit fee for 2018/19 be noted.
To note the Forward Plan for the Audit and Assurance Committee and agree any additional items (copy enclosed).
The updated Forward Plan was noted.
DATE & TIME OF NEXT MEETING
The next meeting will be held on 27 July 2018 at Cumbria House at 10.30am
The next meeting of the Audit and Assurance Committee will be held on 27 July 2018 at Cumbria House, Carlisle at 10.30am