Agenda and draft minutes

Audit and Assurance Committee
Thursday, 17th September, 2020 10.30 am

Contact: Daniel Hamilton  Email: daniel.hamilton@cumbria.gov.uk

Items
No. Item

63.

APOLOGIES FOR ABSENCE

To receive any apologies for absence

Minutes:

Apologies were received from Mr Frank Cassidy.

64.

MEMBERSHIP

To note any changes to the membership of the Committee

 

 

Minutes:

Members were then informed that Mr Frank Morgan would be substituting for Mr Frank Cassidy for this meeting only.

 

65.

DISCLOSURES OF INTEREST

Members are invited to disclose any disclosable pecuniary interest they have in any item on the agenda which comprises

 

1          Details of any employment, office, trade, profession or vocation carried on for            profit or gain.

 

2          Details of any payment or provision of any other financial benefit (other than from the authority) made or provided within the relevant period in respect of any expenses incurred by you in carrying out duties as a member, or towards your election expenses.  (This includes any payment or financial benefit from a trade union within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992.

 

3          Details of any contract which is made between you (or a body in which you have a beneficial interest) and the authority

 

(a)       Under which goods or services are to be provided or works are to be executed; and

 

            (b)       Which has not been fully discharged.

 

4          Details of any beneficial interest in land which is within the area of the authority. 

 

5          Details of any licence (alone or jointly with others) to occupy land in the area of the authority for a month or longer. 

 

6          Details of any tenancy where (to your knowledge)

 

            (a)       The landlord is the authority; and

 

            (b)       The tenant is a body in which you have a beneficial                                                         interest.

 

7          Details of any beneficial interest in securities of a body where

 

(a)       That body (to your knowledge) has a place of business or land in the    area of the authority; and

 

 

(b)       Either –

 

(i)      The total nominal value of the securities exceeds £25,000 or one            hundredth of the total issued share capital of that body; or

 

(ii)     If that share capital of that body is of more than one class, the total nominal value of the shares of any one class in which the relevant person has a beneficial interest exceeds one hundredth of the total issued share capital of that class.

In addition, you must also disclose other non-pecuniary interests set out in the Code of Conduct where these have not already been registered.

 

Note

 

A “disclosable pecuniary interest” is an interest of a councillor or their partner (which means spouse or civil partner, a person with whom they are living as husband or wife, or a person with whom they are living as if they are civil partners).

Minutes:

There were no disclosures made on this occasion.

66.

EXCLUSION OF PRESS AND PUBLIC

To consider whether the press and public should be excluded from the meeting during consideration of any item on the agenda.

Minutes:

There were no items on the agenda which required the exclusion of press and public.

67.

MINUTES pdf icon PDF 123 KB

To confirm as a correct record the minutes of the meeting of the Committee held on 29 July 2020 (copy enclosed).

Minutes:

RESOLVED that,     the minutes of the meeting held on 29 July 2020 be agreed as a correct record and signed by the Chair.

 

68.

Internal Audit Progress Report to 31 July pdf icon PDF 186 KB

To consider a report from the Director of Finance (s151 Officer).

Minutes:

Members considered a report from the Group Audit Manager which summarised the work of Internal Audit in the four months to 31 July 2020.

 

The Group Audit Manager began by explaining to members that Internal Audit had not yet completed any risk based assurance work for 2020/21 but a number of reviews were in progress. This reflected the fact that because of COVID-19 efforts had to be refocused in the first three months of 2020/21 on getting sufficient coverage to give the 2019/20 Head of Internal Audit Opinion and were therefore later in commencing the 2020/21 work

 

The Group Audit Manager highlighted that as of 31 July 2020 three audits had been completed in respect of the 2020/21 audit plan. These included one piece of consultancy and advisory work focused on improving and enhancing current arrangements for the procurement of Personal Protection Equipment (PPE), and two audit reviews which had been progressed and had been included in the Head of Internal Audit Opinion 2019/20.

 

Members were reminded of the support provided to the wider Council by Internal Audit which included the provision of administrative support for the 2019/20 Annual Governance Statement, and to the Multi Agency Information Cell, as well as the Group Audit Manager representing the Finance Directorate on Silver Command during the COVID-19 outbreak. It was reiterated that the valuable role they had played in supporting the wider council did not impact the independence of Internal Audit.

 

The Group Audit Manager reported some positive feedback on the National Fraud Initiative (NFI) work where the Council’s approach to dealing with NFI matches for Blue Badge Parking Permits was used as a case study in the NFI national report published in July 2020.

 

As of July 31 2020 there were four reviews at draft report stage. One of those reviews was the follow up review of ICT Projects which would contribute to the assurance rating for 2020/21 and which the Group Audit Manager was pleased to report had moved to ‘Reasonable’ assurance.  

 

The overall position on plan progress for 2020/21 showed members that the re-assessed plan included 51 reviews with 4 (8%) completed to at least draft stage with a further 11 (22%) having started / fieldwork stage.

 

The Group Audit Manager gave assurance to members that despite the impact the COVID-19 outbreak had on the delivery of work much had been done in response to it. This included agreeing a revised timetable of audit reviews so that the work was spread across the remainder of the year and across directorates.

 

The Chartered Institute of Internal Auditors had recognised that the impact of the COVID-19 outbreak would continue to be felt during 2020/21 and the challenges and potential impact this could have on delivering the Head of Internal Audit Opinion for 2020/21. The Group Audit Manager explained that he would continue to monitor progress on the delivery of the 2020/21 audit plan and would provide the Committee with an update at its meeting on 23 November 2020.

 

The Chair highlighted  ...  view the full minutes text for item 68.

69.

Senior Information Risk Owner (SIRO) and Information Governance Annual Report

To consider a report from the Chief Legal Officer (Monitoring Officer).

Additional documents:

Minutes:

Members considered a report from the Executive Director – Corporate, Customer and Community Services which provided an update relating to the responsibilities of the Cumbria County Council Senior Information Risk Owner (SIRO) and outlines the activity and performance related to information governance over the year 2019/20.

 

The Executive Director – Corporate, Customer and Community Services summarised the Council’s information governance work undertaken in the year 2019-20, and provided assurance that personal data was held securely; that information was disseminated effectively and that performance indicators were in place to monitor the Council’s processing of information requests within the necessary legal frameworks. It was explained to members that the report also contained an action plan to help minimise risk in regard to data security and information governance.

The Council’s SIRO was supported via the Corporate Governance Group (CGG), a strategic group that maintained oversight of information governance for the Council. In addition the SIRO explained the role of the SIRO Performance Group which monitors Information Governance actions and performance and promotes best practice.

In relation to data breaches the Executive Director- Corporate, Customer and Community Services explained that the Senior Information Risk Owner (SIRO) Group met on a weekly basis to consider all breaches or near misses and to decide whether the incident should be referred to the Information Commissioner’s Office (ICO).  A total of eight cases were referred to the ICO in 2019-20.  All these cases had since been closed by the ICO without any fines being applied.

 

During2019-20 theCouncilreceived 1487requestsforinformation underthe Freedomof InformationAct and the Environmental Information Regulations.  Thisrepresentsa 5% decrease in requests compared with2018-19 figure. The Council responded to 72% (1070) requests within the statutory time limit of 20 working days which represents a slight increase in performance compared with 2018-19 (71%). Members were given assurance that a project group had been established to implement service improvements with the aim of improving response time.

 

During2019-20 the demand for Subject Access requests had continued to increase substantially. There had been a 79% increase in requests over the year. This substantial increase in demand proved challenging in terms of maintaining the performance target. Based on the service review undertaken earlier in the year a decision had been made regarding the processing and handling of requests which would increase capacity to help deal with this increased demand.

 

Members raised concerns regarding the security of the Windows operating systems and asked if consideration was given to using an alternative platform. The Executive Director -  ...  view the full minutes text for item 69.

70.

Local Government and Social Care Ombudsman – Annual Review Letter

To consider a report from the Chief Legal Officer (Monitoring Officer).

Additional documents:

Minutes:

Members had before them a report from the Chief Legal Officer (Monitoring Officer) which provided them with information relating to complaints made to the Local Government & Social Care Ombudsman (LG&SCO) regarding Cumbria County Council for the year ended March 2020.

 

The report is provided annually to assure members that the learning from the LG&SCO’s feedback is taken forward within the organisation, and therefore that any further risk is mitigated. The Chief Legal Office (Monitoring Officer) explained that in the context of the amount of contact the Council has with customers, the number of referrals to the Ombudsman is minimal and she reminded members that of the referrals made only a proportion are upheld.

 

In the year 2019/20, there were 70 complaints or enquiries received by the LG&SCO. However, decisions were made by the LG&SCO for 64 cases as the figures included some decisions made on cases that were received by the LG&SCO in the previous year.  Of the 64 decisions considered by the LG&SCO in 2019/20, detailed investigations were carried out for 16 cases. Of the 16 cases investigated, 12 cases (75%) were upheld finding some fault with the Council’s handling of the complaint; with 4 cases (25%) not upheld.

 

Whilst fewer cases were subject to a detailed investigation than 2018/19 (19) the number of cases ‘upheld’ has remained static.  However, it must be noted that of the 12 complaints upheld, 3 were found to have been satisfactorily resolved by the Council before the LG&SCO involvement. Where the LG&SCO made recommendations to remedy complaints in respect of 2019/20 these recommendations were implemented by the Council in all cases. This represented a compliance rate by the Council of 100%.

 

The Chief Legal Officer explained to members that the LG&SCO was keen to support councils in resolving issues and had commenced a pilot initiative during 2019/20.  Cumbria County Council put itself forward to be part of the pilot exercise and was accepted. The LG&SCO’s training coordinator began working with the Council in October 2019 and offered support with the Council’s complaint handling and how it responds to the LG&SCO investigations. The Chief Legal Officer (Monitoring Officer) informed members that there had been a well-received session that took place between LG&SCO and the Council’s Extended Leadership Team in September 2020.

 

The Chair emphasised the importance of learning and was pleased to receive the update on the pilot training initiative which was one of a number of things which reflected a trajectory of improvement. It was AGREED that a link to the LG&SCO interactive performance map be shared with members of the Committee. 

 

Members sought clarification that changes were being made to improve the perceived delay in some responses. The Chief Legal Officer (Monitoring Officer) explained that in some cases delays had occurred due to processes that were in place to ensure the best possible response was given. In one notable case a delay had occurred due to structural issues and  ...  view the full minutes text for item 70.

71.

Quarter 1 – Corporate Risk Report pdf icon PDF 155 KB

To consider a report from the Director of Finance (s151 Officer).

Additional documents:

Minutes:

Members considered a report from the Director of Finance (s151 Officer) which provided members with a refreshed Corporate Risk Register for 2020/21 and a progress update on these corporate risks for the first quarter to 30 June 2020.

 

At the start of each Financial Year, corporate risks are required to be reviewed and refreshed to ensure they continue to be relevant to the operating environment of the Council for the subsequent 12 month period. The Senior Risk Officer informed members that there were 12 corporate risks at the end of 2019/20 and 12 corporate risks still at the beginning of 2020/21. At Quarter 1 there were 8 high rated risks and 4 medium rated risks, one additional high rated risk than at the end of 2019/20.

 

Of the 12 corporate risks which were currently on the Quarter 1 risk register, 7 risks had rolled forward with unchanged risk descriptions and 3 risks had been reworded and reflect some elements of the previous risks. There were also 2 new risks and one risk that had been removed and would be managed at a Directorate level.

 

The Senior Risk Officer explained that the reporting template format remained the same as last year, but that the opportunity had been taken to reduce the content of the register by providing more focus on the key risk controls that were employed to help manage the risks.

 

During the first quarter of the year 2020/21 the Council experienced the greatest impact of COVID-19 organisationally and operationally and much of the increased levels of uncertainly and change seen in the annual refresh of the corporate risks related to the secondary impacts of COVID-19, this had been felt most acutely within People Directorate. In relation to this, the Senior Risk Officer explained the three reworded risks which had been reshaped due to an expected increase in demand within Children’s Services and the Health & Social Care system as well as changes in types and volumes of demand within the care market.

 

The first of the new risks also related to COVID-19, this time in relation to the potential failure of the Cumbria COVID-19 Local Outbreak Control Plan. This new corporate risk has been developed to mitigate the possibility of the plan failing to prevent or reduce the extent and severity of COVID-19 outbreaks that would ultimately result in the return to increased lockdown restrictions.

 

The second new risk considered the Impact on Council Services of exiting the Brexit transition period without a trade deal.The Corporate Management Team (CMT) decided to escalate this risk which had previously been reported as an emerging risk and reconsidered the timing of the risk in relation to the Council’s capacity to manage competing priorities during the winter period. The Senior Risk Officer highlighted the importance of recognising that the response to COVID-19 and the recovery from it has added a further layer of uncertainty that would impact many of the Corporate risks.

 

Finally, there remained in place one notable emerging risk for the  ...  view the full minutes text for item 71.

72.

DEEP DIVE RISK ANALYSIS

To receive a presentation from the Assistant Director without Portfolio.

 

Not dispatched with the agenda.

Minutes:

Members received a presentation on the corporate risk; The Impact of COVID-19 on the delivery of Council Services. The presentation was delivered by the Assistant Director – Economy and Environment and considered the following areas:-

 

  • Approach to managing Risk
  • Incident Response and Recovery
  • Governance and Decision Making
  • Council Services
  • Council Workforce
  • Council ICT and Premises
  • Conclusion

 

Members asked about the process of capturing the lessons learned from the COVID-19 response and noted that in some places the ways of working had changed for the better.

 

The Assistant Director – Economy and Environment stated that the massive impact of COVID-19 had led to high levels of innovation and agreed that it was very important to embed the positive outcomes where they apply. He explained that there was a structure within Local Resilience Forum whereby the Council and partners regularly map out the lessons learned. Members were informed that internally all directorates were looking at how they deliver key services and were aware of areas where improvements could be implemented in a ‘business as usual’ environment. The example of transport was given to illustrate the positive impact new ways of working could have on the Council’s carbon footprint.

 

The Executive Director - Corporate, Customer and Community Services added that the directorate was looking to progress an accelerated digital offer due to the positive outcomes of their work around providing a digital library service and Track and Trace.

 

The Engagement Lead – Grant Thornton brought members attention to the £6 billion figure that the Local Government Association had estimated had been the impact on Local Authorities as a result of COVID-19. The future impact, he said, was still to be determined but he highlighted the importance of investing in new ways of working and provision.

 

The Assistant Director – Economy and Environment agreed and described the significance of the Council’s place based leadership and the role played in joining up complex systems and making sure communities were resilient. The digital strategy in conjunction with the Borderlands Digital Deal presented real opportunities as did the Council’s role in economic leadership alongside the Cumbria LEP.

 

The Director of Finance (S151 Officer) addressed the £6 billion impact on Local Authorities by stating that it had been widely discussed that despite the significant funding provided by Central Government there was indeed a gap in funding still. The financial position of the Council has been reported to Cabinet during the period. Members were informed that it was expected that the government would be announcing a Comprehensive Spending Review (CSR) shortly and this would set out funding for local government along with other government departments for at least a three year period. There had been much lobbying by the local government sector nationally in advance of CSR and it was expected that this would recognise the significant role the Council had played in supporting other bodies such as the NHS. The Director of Finance (s151 Officer) then reminded members that the Quarter 1 Budget Monitoring report for the September  ...  view the full minutes text for item 72.

73.

(GRANT THORNTON ITEMS)

73a

External Audit - Audit Plan Cumbria County Council 2019/20 pdf icon PDF 479 KB

Minutes:

Members considered the External Audit – Audit Plan for 2019/20 which provided an overview of the planned scope and timing of the statutory audit of Cumbria County Council.

 

The Engagement Lead – Grant Thornton began by drawing member’s attention to the significant risks. It was explained that the Valuation of the pension fund net liability risk and the Valuation of Land and Buildings risk were both areas of significant estimation which therefore carry a higher level of audit risk. COVID-19 was identified as a significant risk specifically in that the circumstances had an impact on the production and audit of the financial statements for the year ended 31 March 2020. But also, because the resulting volatility of financial and property markets would increase the uncertainty of assumptions made regarding the valuation of land and buildings and of the pension fund.

 

The Engagement Lead identified the Council’s Medium Term Financial Plan (MTFP) as an area which would be considered as part of their work on the Value for Money Conclusion. The Council’s MTFP covers the 5 year period 2020-2025 and features a budget gap of £26.3m for the last three years, with work ongoing to identify future savings. The Engagement Lead – Grant Thornton highlighted there would be greater focus on the robustness of savings plans.

 

An update was then provided on the audit fee position and detailed reasoning was provided for the increase in audit fees. Member’s attention was drawn to the materiality of Council financial statements for the year’s audit which was £12.396m significantly lower than the previous year of £15.405m. This was due the profile of local audits in view of the increased regulatory scrutiny following external reviews such as those led by Sir John Kingman and Sir Tony Redmond.

 

The Director of Finance (s151 Officer) reminded members that at the 29 July 2020 meeting of the Audit and Assurance Committee a report was considered which detailed the audit planning work and processes. This had led to a productive discussion about the Valuation of Land and Buildings risk and the implications it had. With regards to the Valuation of the pension fund net liability risk it was explained that a review of the actuaries employer contribution estimates had been built into the process of valuation to mitigate the risk.

 

The March committee papers which were considered at the July 2020 meeting also set out the Council’s response to the audit recommendation regarding journals and system controls. The Director of Finance (s151 Officer) then explained the modifications to be made to the MTFP due to the change in national and local circumstances since its publication in February 2020. The changes would be reflected in the updated version of the MTFP which would be published in 2021. The Council’s financial statements would be brought in full to the November meeting, but a draft audit findings report for LGPS Pension fund had been shared already with the Council’s Pension’s Committee and so the Director of Finance (s151 Officer) asked the Audit  ...  view the full minutes text for item 73a

74.

External Audit - Fees letter 2019/20 pdf icon PDF 444 KB

Minutes:

Members had before them the updated Fees Letter which provided further information on additional proposed works. The Audit and Assurance Committee had previously discussed the increased regulatory focus facing all audit suppliers and the impact this would have on the scope of the work for 2019/20 and beyond.

 

The Chair asked for clarification regarding the pension fund and the review of significant assumptions applied by the actuary and it was confirmed that this additional assessment was to bring the audit plan in line with new regulation.

 

75.

External Audit Progress and Update Report 2019/20 pdf icon PDF 639 KB

Minutes:

Members considered the External Audit Progress and Update Report which provided an update on the Financial Report Council (FRC) review and the additional work carried out around COVID-19 impact on Local Government.

 

The FRC review was a review of Grant Thornton’s external audit of the Council’s accounts 2018/19 and the Value for Money aspect of the audit service. The Engagement Lead explained the scoring system used by the FRC and was pleased to report that the FRC was satisfied that Grant Thornton displayed sufficient evidence to meet the Value for Money criteria and it was awarded a 2A score. The second aspect, the Financial Statements review resulted in the recommendation ‘improvements required’, scoring a 2B. This was mainly due to the valuation of Property, Plant and Equipment (PPE), where the FRC considered that more work should done in this to reassess the estimations used. The Engagement Lead explained to members that Grant Thornton accepted the recommendations and that scope existed to improve in each area.

 

The Audit Manager – Grant Thornton introduced the sector update which provided an up to date summary of emerging national issues and developments and which also described the impact and potential opportunities arising from COVID-19. In addition to the report presented members a discussion took place regarding the Place Based Recovery report written in conjunction with the County Councils Network (CCN) and which specifically mapped the impact on County Councils. The Director of Finance (s151 Officer) added in relation to the CCN report that through the Society of County Treasurers the Council had actively contributed to the report. It was AGREED that a link to the Place Based Recovery report and to related news articles but circulated to the Committee.

 

The Chair was pleased to see that key risks identified in the Grant Thornton Place Based Recovery report were the same risks identified as part of the Council’s Corporate Risk Register and commented that this should give members assurance that risks were being addressed.

 

76.

FORWARD PLAN - AUDIT AND ASSURANCE COMMITTEE pdf icon PDF 50 KB

To note the Forward Plan for the Audit and Assurance Committee and agree any additional items (copy enclosed).

Minutes:

It was AGREED that the Draft Annual Treasury Management Strategy Statement be brought forward from the January 2021 meeting to the November 2020 meeting.

 

It was AGREED that an item on the Redmond Review be added to the Forward Plan as an item for the January 2021 meeting. Further to that, it was AGREED that a training session on the Redmond Review be held for members and Senior Officers in conjunction with Grant Thornton prior to the January meeting.

77.

DATE & TIME OF NEXT MEETING

The next meeting will be held on 23 November 2020 the venue is to be confirmed.

 

Minutes:

The next meeting of the Audit and Assurance Committee is due to take place on 23 November 2020 via Microsoft Teams.