Agenda and minutes

At this point in the meeting, Members are asked to declare:

·        any personal interests not included on the Register of Interests

·        any prejudicial interests or

·        any disclosable pecuniary interests

which they might have in respect of business on this agenda.

Members were asked to declare any personal interests not included on the Register of Interests, any prejudicial interests or any disclosable pecuniary interests which they may have in respect of business on the agenda. None were declared.

It is at this point in the meeting that members of the public who have registered their wish to speak can do so. The deadline for registering is by 5:00pm on Tuesday 18 September 2017. To register please contact the Democracy Officer for the meeting, on the details at the foot of this agenda.

Filming, Recording or Webcasting Meetings

Please note that, subject to available resources, this meeting will be filmed and webcast, or recorded, including any registered public speakers who have given their permission. This broadcast can be viewed at: http://www.york.gov.uk/webcasts.

Residents are welcome to photograph, film or record Councillors and Officers at all meetings open to the press and public. This includes the use of social media reporting, i.e. tweeting. Anyone wishing to film, record or take photos at any public meeting should contact the Democracy Officer (whose contact details are at the foot of this agenda) in advance of the meeting.

The Council’s protocol on Webcasting, Filming & Recording of Meetings ensures that these practices are carried out in a manner both respectful to the conduct of the meeting and all those present.  It can be viewed at:

http://www.york.gov.uk/download/downloads/id/11406/protocol_for_webcasting_filming_and_recording_of_council_meetings_20160809.pdf

It was reported that there had been three registrations to speak at the meeting under the Council’s Public Participation Scheme.

Michael Hammill, a resident, stated that he had spoken at the previous meeting of the Audit & Governance Committee and despite assurances that his comments had been noted, he had yet to receive a response. He expressed his opinion that the public mistrusted the Council and asked Members what action would be taken and sought assurances for himself and other York tax payers that action would be taken to dismiss Officers who, he considered, gave the Committee the ‘run-around’.

Brian Watson, Honorary Alderman and resident, spoke on the minutes of the meeting held on 26 July 2018. He stated that when discussing the LGA report he had made clear he felt the public had a right to know what was said about them in the report procured by the LGA. He stated that there was no reference to this in the minutes of that meeting and wanted this on record.

Gwen Swinburn, a resident, spoke on her ongoing concerns with the internal audits undertaken by Veritau. She stated that the internal audit service was subject to a statutory external evaluation every 5 years which are often 20 pages long containing careful process, benchmarking and analysis. She was therefore concerned that the Committee had been provided with a 1 paragraph entry on the 2017 internal audit letter stating that an external evaluation had been done in 2014. Ms Swinburn felt that the proposal to do a generic review of Veritau’s service, rather than one specific to York, was not providing the rigour that was needed. She asked that this report be referred back for process review. She also highlighted the Taxi Licensing audit and suggested this should have been graded no more than ‘limited assurance’. Finally she commented on the fact the report had been redacted, which in her opinion was to cover up staff failures.

To approve and sign the minutes of the Audit & Governance Committee meetings held on 20 June and 26 July 2018.

Members considered minutes of the meetings held on 20 June and 26 July 2018.

In respect of the meeting held on 20 June Members requested that the following amendments be made:

·        Minute Item 3.

 Para 1 – To add the sentence:

‘The Chair stated that, although Mr Laverack had withdrawn his registration to speak, he wished for it to be recorded that his complaint regarding how he had been dealt with by the Council had not been answered.’

Signature Block to read:

Councillor Steward, Vice Chair in the Chair

Councillor Williams, Committee Member in the Chair during part of the private session

[The meeting started at 5.30pm and ended at 8.50pm]

In respect of the meeting held on 26 July Members requested that the following amendments be made:

·        Minute Item 17.

Para 12 – To add the following bullet:

·        Minute Item 3.

                   Para 1 – To add the sentence:

‘The Chair stated that, although Mr Laverack had withdrawn his registration to speak, he wished for it to be recorded that his complaint regarding how he had been dealt with by the Council had not been answered.’

Signature Block to read:

Councillor Steward, Vice Chair in the Chair

Councillor Williams, Committee Member in the Chair during part of the private session

         [The meeting started at 5.30pm and ended at 8.50pm]

Members requested that the response of the Chief Executive to matters arising during discussion during agenda item 2 ‘Minutes’ at the meeting of 26 July be published online.

Councillor Steward asked for it to be recorded that, after the minutes had been contested, he was extremely disappointed that it had taken such a long time for them to be published. He also stated it was discourteous that the Chief Executive had taken two months to respond to questions asked by the Committee.

Resolved:  That;

1.   The minutes of the meetings held on 20 June and 26 July be approved and then signed by the Chair as a correct record, subject to the above amendments;

2.   That the response of the Chief Executive to matters arising during discussion under agenda item 2 ‘Minutes’ at the meeting of 26 July be published as a supplement to the online agenda for the meeting of 19 September 2018.

The paper attached at Annex A from Mazars, the Council’s external auditors, summarises the outcome of their audit of the Council’s 2017/18 annual accounts and their work on the value for money conclusion.

This report from Mazars, the Council’s external auditors, provided Members with outcome of their audit of the Council’s 2017/18 annual accounts and their work on the value for money conclusion.

It was requested that this item be deferred as auditors from Mazars were unable to attend the meeting.

Resolved:  That this item be deferred until the meeting on 5 December 2018.

Reason:     To enable Mazars auditors to present the completion report to the Committee.

This report presents Members with an update on the key corporate risks (KCRs) for City of York Council (CYC).

Members considered a report which presented an update on the key corporate risks (KCRs) for City of York Council (CYC). The Principal Accountant (Corporate Finance) attended the meeting to present the report. The Corporate Director, Children, Education & Communities was also in attendance to answer Member questions on his directorate.

With reference to KCR 4, Officers stated that population growth in the City had put pressure on services and how the Council met its statutory responsibilities. They also highlighted the changing nature of the population, particularly in relation to the complex needs of children and young people.

In response to Member questions they stated:

·        They had not been involved in the report on Brexit which was being taken to Executive on 18 October;

·        Once the Council understood how the population was changing it could deliver services in the most appropriate way, which potentially meant operating differently;

·        In relation to levels of migration referred to on page 59 of the agenda, Officers would provide the Committee with detailed figures;

·        When considering the demographic of workforce supply unable to meet workforce demand, there could be more detail around both the skills plan and the stakeholder/Officer group who were working on ways to mitigate this risk;

·        An ‘asset based approach’ meant that the Council would look at the skills and expertise in the City and give consideration to how these could be organised in a slightly different way to provide services which would increase the quality of life for the older population;

·        The Local Plan evaluation was ongoing and until that work was complete, and the plan approved, it was hard to plan additional services and infrastructure may be required;

·        This report focused on the delivery of statutory services, hence the focus on care workers. It was true that some other areas of the authority had high turnover rates. There was an issue with pay in some of these roles, given how expensive York was as a City; and

·        In the opinion of the Corporate Director the Council was an attractive employer.

Members also highlighted the following issues:

·        That, as stated at the previous meeting, some of the things listed in the report as risks – for example ‘increased ethnic diversity’– were actually positives for the City and should be worded differently; and

·        That the increase in older people was the biggest and hardest risk to mitigate, particularly given the number of older people moving to the City;

Resolved:  That Members;

1.   considered and commented upon the key corporate risks included at Annex A;

2.   considered and commented upon the information provided in relation to KCR4 Changing Demographics included at Annex B;

3.   note that the 2018/19 Monitor 3 report will include a detailed analysis of KCR5 Safeguarding.

Reason:     To provide assurance that the authority is effectively understanding and managing its key risks

This is the regular six monthly report to the committee setting out progress made by council departments in implementing actions agreed as part of internal audit work.

Members considered the regular six monthly report to the Committee setting out progress made by Council departments in implementing actions agreed as part of internal audit work. The Head of Internal Audit attended the meeting to present the report. He stated that the report detailed actions which were due for implementation in the six months to 31 July 2018. 86 actions had been followed up and the majority had either been implemented, or were redundant or superseded. There were 20 which had not been implemented and, after discussion with the relevant managers, auditors were satisfied there were valid reasons for the delays and new timescales had been agreed.

In response to Member questions he stated that:

·        In future full names of Directorates could be used in reports; and

·        Where actions were delayed and auditors had agreed new deadlines, these would be followed up again and managers would be challenged if they were not implemented by the new deadline.

There was also some discussion as to which audit reports the Committee should consider at meetings. There was a suggestion that reports which received ‘reasonable’ assurance now be considered alongside those receiving ‘limited’ and ‘no assurance’. It was agreed however that, as reports were already sent by email to the Committee, any reports which Members felt should be considered at a meeting could be raised ahead of time.

The Director of Customer and Corporate Services stated that, as the Audit & Governance committee had such a wide remit, Members could take the view that considering an audit report in detail was not their role and suggest that it be considered by a relevant scrutiny committee. This should be done at a public meeting to demonstrate that the Audit & Governance committee had fully considered the matter.

Resolved:

1.   That Members considered the progress made in implementing internal audit agreed actions;

2.   That Veritau continue to circulate audit reports to the Audit & Governance committee by email.

Reason:     To enable the committee to fulfil its role in overseeing the work of internal audit.

This report provides an update on progress made in delivering the internal audit workplan for 2018/19 and on current counter fraud activity.

Members considered an update on progress made in delivering the internal audit workplan for 2018/19 and on current counter fraud activity. The Head of Internal Audit attended the meeting to present the report. He highlighted the planned external assessment of internal audit working practices, which was required at least every 5 years.

In response to Member questions he stated that:

·        9% of the audit work plan had currently been completed, compared to 27% the previous year. This was considered ‘as expected’ because work was being completed as scheduled. Some of the audits were much larger and took more time. It could be that work scheduled during Q1 and Q2 had contained more of these large audits than in previous years;

·        It was possible to provide more detail about ‘in progress’ audits. It was however, difficult to anticipate to which Audit & Governance meetings reports may be presented to;

·        There was a requirement that internal auditors be externally assessed. Some councils commissioned external organisations to produce this and many choose to use a ‘peer review’ approach. Veritau had joined a group which represented councils with very similar shared service arrangements to Veritau. This meant there was a good understanding of operating in this way. There was no cost to the Council and Veritau would go on to assess another organisation;

·        This organisation had been selected by the S151 Officers across Veritau’s member councils and all councils had been satisfied with the choice. In CYC’s case the Deputy S151 Officer was the client as the S151 Officer was on the Veritau board;

·        The requirement for an external assessment was introduced in 2013 and Veritau’s first assessment was undertaken in 2014. Auditors were given 5 years to comply and Veritau had chosen to do this at a very early stage; many councils were only now having a first assessment;

·        There was a standard process to complete one of these assessments and this involved speaking to Officers and Chairs of Audit committees at member councils. It was a thorough and robust process, not merely a summary of internal audit arrangements;

·        The assessors on 2014 produced a report which set out recommendations and where practices met professional standards. This was reported to the Audit & Governance committee and actions were taken to address the recommendations;

·        Although there had been several chairs of the Audit & Governance committee since the last assessment, this was an assessment of internal audit practices at a point in time, and it was for the assessors to determine who they wished to speak to;

·        In relation to counter fraud work, the counter fraud team had exceeded its savings target by 28 August, however it had been a slightly unusual year with a few very good cases and this did not necessarily mean the target was too low or that this level could be sustained. The team were improving in terms of deciding which cases to pursue and services were getting better at referring possible cases of fraud;

·        Successful outcomes depended on the type  ...  view the full minutes text for item 29.

This report provides Members with updates in respect of:

·        Information governance performance

·        General Data Protection Regulation (GDPR) and Data Protection Act 2018

·        NHS Digital Information Governance toolkit – annual assessment

·        NHS Digital audit

·        Complaints

Members considered a report providing them with updates in respect of:

·        Information governance performance

·        General Data Protection Regulation (GDPR) and Data Protection Act 2018

·        NHS Digital Information Governance toolkit – annual assessment

·        NHS Digital Audit Complaints

The Information Governance & Feedback Team Manager attended the meeting to present the report and answer Member questions. She highlighted that over 90% of both FOI and EIR received a response within 20 working days, which was the Information Commissioners Office (ICO) monitoring level. There were also ongoing improvements to Subject Access Request (SAR) progress and performance. This was set against a background of increasing volume and complexity of requests.

In response to member questions she stated that:

·        The complaints report had been taken to CSMC and it had been raised there that further benchmarking figures be provided to allow Members to compare CYC’s performance to that of other Local Authorities. However, not all Councils choose to publish performance data and it could be difficult to get other councils to disclose their performance on FOI requests. She confirmed that she would try again to get other councils from across the region to agree to share data;

·        She would look into whetherhistorical data and FOI trends could be provided to the Committee to make the data more meaningful;

·        There were no internal targets, the team work towards the ICO target;

·        ICO decision notices were available on the ICO website but this could be difficult to navigate so she would look at how these could be provided as a summary report to the Committee;

·        In relation to a question on data breaches which had been reported during the Citizen Audit, she would have to take this away as she was not aware of every instance. She would respond to this query via email;

·        The ICO had found against the Council’s application of the exemption Section 14 on 3 cases. There had been 4 cases where Section 14 had been used and on one case the ICO fully agreed with the Council’s use of this section. The Deputy Chief Executive confirmed that any future response to these FOI’s would be circulated to Members;

·        In the Local Government and Social Care Ombudsman (LGSCO) annual letter there was reference to use of Section 32 notices. In last year’s annual letter the Ombudsman had expressed concern over the Council’s use of Section 32 confidentiality notices. Such notices are used when a Local Authority consider it inappropriate for data to be disclosed to third parties during the course of the LGSCO’s investigation of a complaint. CYC has previously issued these notices when there has been a short timeframe to provide a response to the LGSCO’s initial enquiries and no time to fully consider what should or should not be disclosed to a third party. A meeting had taken place with the Assistant Ombudsman responsible for York and since that time no further Section 32 notices had been issued;

·        There had been a number of potential breaches notified to the ICO. They  ...  view the full minutes text for item 30.

Members are asked to consider the future plan of reports expected to be presented to the Committee during the forthcoming year to July 2019.

Members considered the future plan of reports expected to be presented to the Committee during the forthcoming year to July 2019.

The Mazars Audit Completion Report should be considered at the December meeting.

During discussion of the Forward Plan Councillor Mason referred to an e mail he had sent to the Chair that afternoon about the accuracy of the minutes of the meeting held on 20 June knowing he would be late to the meeting.

He considered the minutes should reflect that there was a view expressed within the debate that the review of the Council’s Constitution should be considered by Audit and Governance Committee, given its governance role even though it  had been resolved that it was appropriate for it to be considered at  Customer & Corporate Services Scrutiny Management Committee (CSMC).

The Chair explained to the Committee that a clear decision had been made to pass the review of the Constitution to CSMC and therefore she had chosen not to read out Councillor Mason’s comments. No one else had raised at the time of the debate regarding the minutes, which had now been approved.

The Corporate Director of Customer & Corporate Services reminded Members that only Council could make amendments to the Constitution, on the recommendation of the Monitoring Officer. He suggested that there were several ways that the Committee could have an input into a review.

Members highlighted their concern that they had spent months requesting a review of the Constitution and therefore felt that this issue needed further debate.

They requested a report considering ways in which the Audit & Governance committee could be involved in the review of the Constitution by the Customer & Corporate Services Scrutiny Management Committee (CSMC) and the Joint Standards committee.

Resolved: That the forward plan for the period to July 2019 be

agreed, subject to the above amendment.

Reason:     To ensure the Committee receives regular reports in accordance with the functions of an effective audit committee