Agenda and minutes

At this point in the meeting, Members are asked to declare:

·        any personal interests not included on the Register of Interests

·        any prejudicial interests or

·        any disclosable pecuniary interests

which they might have in respect of business on this agenda.

Members were asked to declare any personal interests not included on the Register of Interests, any prejudicial interests or any disclosable pecuniary interests which they may have in respect of business on the agenda. None were declared.

It is at this point in the meeting that members of the public who have registered their wish to speak can do so. The deadline for registering is 5:00pm on Tuesday 4 December 2018.

To register please contact the Democracy Officer for the meeting, on the details at the foot of this agenda.

Filming, Recording or Webcasting Meetings

Please note that, subject to available resources, this meeting will be filmed and webcast, or recorded, including any registered public speakers who have given their permission. This broadcast can be viewed at: http://www.york.gov.uk/webcasts.

Residents are welcome to photograph, film or record Councillors and Officers at all meetings open to the press and public. This includes the use of social media reporting, i.e. tweeting. Anyone wishing to film, record or take photos at any public meeting should contact the Democracy Officer (whose contact details are at the foot of this agenda) in advance of the meeting.

The Council’s protocol on Webcasting, Filming & Recording of Meetings ensures that these practices are carried out in a manner both respectful to the conduct of the meeting and all those present.  It can be viewed at:

http://www.york.gov.uk/download/downloads/id/11406/protocol_for_webcasting_filming_and_recording_of_council_meetings_20160809.pdf

It was reported that there had been two registrations to speak at the meeting under the Council’s Public Participation Scheme.

Gwen Swinburn, a resident, spoke on Agenda Item 9, Information Governance and Complaints, and the recent inclusion of select ICO decisions. She stated that FOI’s she had submitted were not vexatious, but an attempt to improve governance issues within CYC. She also referred to recent ICO decisions which had found against the Council and had not been shared with the Committee. Ms Swinburn stated that she felt this was a manipulation of the narrative by Officers and was an example of wider cultural issues, which reflected badly on CYC.

Councillor Mark Warters also spoke in relation to the item on Information Governance and Complaints, and in particular on FOI requests made by Members. He stated that he had put in 7 FOI requests over the previous year, all of which he felt he should have been able to get answers to, as a Member, without having to go through the FOI system. He suggested that the figures in the report being considered by Members did not reflect reality.

To approve and sign the minutes of the meeting of the Audit & Governance Committee held on 19 September 2018.

Resolved:  That the minutes of the meeting held on 19 September 2018 be approved and then signed by the Chair as a correct record.

This paper presents the Committee with an update on the Key Corporate Risks (KCRs) for City of York Council. This includes a detailed analysis of KCR5 (Safeguarding) at Annex B.

Members considered an update on the Key Corporate Risks (KCRs) for City of York Council. This included a detailed analysis of KCR5 (Safeguarding). The Principal Accountant attended the meeting to present the report, along with the Assistant Director Education & Skills and Joint Commissioning Programme Director who were present to answer questions on KCR 5 (Safeguarding).

In response to Member questions they stated:

·        A ‘no-deal’ Brexit was not a KCR itself but an addition to financial risk. This may be added in future or covered as part of the budget strategy;

·        There were a number of scorecards, linked to the KPI machine. These were reported to the Executive Member and the Children, Education & Communities Policy & Scrutiny Committee;

·        Some Local Authorities ‘over check’ staff and certain people no longer needed a DBS, for example those who were in schools but always escorted by an adult. Job descriptions were kept up to date so that only those staff who needed them as part of their role were checked;

·        CYC was an Early Adopter in engaging schools with the new Safeguarding Children Partnership. Officers were building good relationships with academies and independent schools to ensure that new arrangements were effective;

·        The risk from the changes to Safeguarding Boards had been addressed by minimising the changes taking place. Outstanding aspects of the previous board had not been changed and sub-committees had been sharpened up;

·        York Health and Care Place Based Improvement Partnership was a recent addition to bring together agencies to address older people’s care and support needs;

·        Safeguarding referrals from schools came from the LA designated officer. Some would cross borders and it would be dealt with by the Local Authority in the incident location, not the home location. However, there was a duty responsibility to share information;

·        Statutory frameworks allowed for the sharing of information in such circumstances. As with Adult Social Care there was an obligation to share necessary information;

·        In relation to KCR 12 (Major Incidents) Executive had approved funds to be used for City Centre Access Measures and it was agreed the relevant Officer would provide the Committee with an update on both this and Christmas safety issues; and

·        In relation to KCR 4 (Changing Demographics) lots of work had already been done on the demographic demand of the student population. This allowed CYC and the CCG to consider the impact of student health needs on services accessed by other residents.

Resolved:  That Members;

1. considered and commented upon the key corporate risks included at Annex A;

2. considered and commented upon the information provided in relation to KCR5 Safeguarding included at Annex B;

3. note that the 2018/19 Monitor 4 report will include a detailed analysis of KCR6 Health and Wellbeing.

Reason:     To provide assurance that the authority is effectively understanding and managing its key risks

The paper attached at Annex A from Mazars, the Council’s external auditors, summarises the outcome of their audit of the Council’s 2017/18 annual accounts and their work on the value for money conclusion.

Members considered a paper from Mazars, the Council’s external auditors, summarising the outcome of their audit of the Council’s 2017/18 annual accounts and their work on the value for moneyconclusion. The Senior Manager and Key Audit Partner, Mazars, attended the meeting to present the report and answer Members questions.

They stated that this report drew heavily on work which had been presented to the Committee as part of the Audit Completion report. They highlighted that they had issues an unqualified opinion on the Councils financial statements for 2017/18 and on the Value for Money Conclusion. They also stated they were working through correspondence from residents, and hoped to report back to the Committee in the New Year.

In response to questions from Members they stated:

·        Questions raised by the public in relation to the accounts were on a broad range of issues, some more complex than others. However, a decision was made early on that none of these had a material impact on the Value for Money conclusion or unqualified position;

·        There were no areas of risk identified which would be reported to the Council;

·        Data used for the VFM conclusion was not included in the report. They highlighted that they would only look in detail at areas where they had identified a significant risk and there had been none identified in their VFM conclusion;

·        In all material respects the Council had arrangements in place to deliver services efficiently and effectively; and

·        Benchmarking information was less readily available now but they would be willing to share a ‘nearest neighbour’ comparison with the Committee.

Resolved:  That Members note the matters set out in the Annual Audit report presented by Mazars.

Reason:     To ensure Members are aware of Mazar’s progress in delivering their responsibilities as external auditors.

The paper attached at Annex A from Mazars, the Council’s external auditors, reports on progress in delivering their responsibilities as auditors.

Members considered a report from Mazars on their progress in delivering their responsibilities asauditors. The Senior Manager and Key Audit Partner, Mazars, attended the meeting to present the report and answer Member questions.

They stated this was a shorter report as they were between audit years. An audit plan would be presented at a future meeting of the Committee. They also highlighted that Mazars were the only firm that had been consistently rated ‘green’ independently by Public Sector Audit Appointments Ltd.

Resolved:  That Members note the matters set out in the Progress report presented by Mazars.

Reason:     To ensure Members are aware of Mazars progress in delivering their responsibilities as external auditors.

Attached at Annex 1 is the Treasury Management Mid Year Review and Prudential Indicators 2018/19 report presented to November Executive. This information provides Members with an update of treasury management activity for the first six months of 2018/19.

Members considered the Treasury Management Mid Year Review and Prudential Indicators 2018/19 report, which was presented to November Executive. This information provided Members with an update of on treasury management activity for the first six months of 2018/19. The Finance & Procurement Manager attended the meeting to present the report and answer Member questions.

In response to Member questions they stated:

·        The 50 year Public Works Loan Borrowing Rate was lower than the 25 year rate as this was the way the PWLB worked and CYC were just provided with the rates;

·        PFI was not always negative, all PFI was individual. One of CYC’s PFI schools had recently become an academy so the figures would be slightly different in the coming year;

·        Not all of Capital expenditure was financed by borrowing so this would be included in the budget monitoring papers and budget strategy which were considered by Executive;

·        Financial institutions were often slow to increase the rate of return following a change of interest rate. CYC could do slightly better with cash flow planning in terms of the Capital Programme and increasing returns and work was being dome done on this. Officers would look for benchmarking data from other Local Authorities and circulate this to the Committee;

·        The LOBO loan which was redeemed early was due to a change in business direction of the lender and was financially advantageous to CYC;

·        In relation to external debt, the gross debt figure was the amount held in external loans, the net was this amount less cash balances held. The prudential code required the indicator to be calculated in this way. The drop from £85.9 million in 2018/19 to £20 million in 19/20 was planned expenditure, it was not expected that cash would just sit in the account. It was noted that this was an estimate of future years and therefore could change depending on the progress made with individual capital schemes; and

·        The level of slippage expected at Monitor 3 was similar to previous year. Some work needed to be done on more accurately profiling the Capital Programme over a five year period and challenging slippage.

Resolved:  That Members note the Treasury Management Mid year Review and Prudential Indicators 2018/19.

Reason:     That those responsible for scrutiny and governance arrangements are updated on a regular basis to ensure that those implementing policies and executing transactions have properly fulfilled their responsibilities with regard to delegation and reporting.

This report provides an update on progress made in delivering the internal audit workplan for 2018/19 and on current counter fraud activity.

Members considered a report providing an update on progress made in delivering the internal audit work plan for 2018/19 and on current counter fraud activity. The Head of Internal Audit attended the meeting to present the report and answer Member questions.

They stated that the external assessment discussed in the report was undertaken every five years and involved an external assessor reviewing internal audit working practices. This had been completed and the report would be presented the next Committee meeting. Confirmation had been received that Veritau ‘generally conform’ with public sector internal audit standards.

In response to Member questions they stated:

·        They would expect that the March 2019 Audit on ICT & Cyber Security would cover the recent data breaches, however they were awaiting the results of the ICO investigation and work done by the data protection team. It would be helpful to consider those findings in order to give the Committee assurances around the actions to be taken;

·        The previous audit on arrangements around Cyber Security was given substantial assurance. This would not have looked at every app and system but at high level arrangements;

·        When areas are audited follow ups are always undertaken. Where there are any issues of non-compliance they are raised with senior managers and if Veritau then had concerns they would be raised at this Committee. It was often the case that Veritau were satisfied that there was a genuine reason for actions not being completed on time and a revised target date would be set. If it did not seem the issue was being addressed in a timely manner then the issue would be escalated;

·        The sickness absence report to Executive was not an just audit issue but a wider issue as to how CYC had dealt with sickness;

·        At this point in the year 15% of the audit plan for the year was complete. This was based on audits completed and reports already drafted. This figure changed yearly as there was always a mix of audits, which also differed in length and complexity. They were still on track to complete the plan by the end of the year; and

·        The plan was always to deliver 100%, but 93% is was the target they are were judged on. There are also some factors outside of their control.

Members expressed concern over detail contained in the report ‘Overtime 2017 – 2018’, particularly on the working time directive and potential timesheet fraud. It was agreed this would be considered in more detail at this committee or Customer and Corporate Scrutiny Management Committee (CSMC), this would be discussed with the relevant Chairs and added to the work plan.

Resolved:  

1.   That Members are asked to note the progress made in delivering the 2018/19 internal audit work programme, and current counter fraud activity.

2.   That the Internal Audit Report ‘Overtime 2017 – 2018’ be given further consideration at either Audit & Governance Committee or Customer and Corporate Services Scrutiny Management Committee (CSMC) in relation to:

a.   The working time directive  ...  view the full minutes text for item 39.

This report provides Members with updates in respect of:

·        Information governance

·        ICO decision notices

·        Use of FOI Act exemptions including section 14

·        Personal data breach

·        LGSCO Complaints

Members considered a report providing them with updates in respect of:

·        Information governance

·        ICO decision notices

·        Use of FOI Act exemptions including section 14

·        Personal data breach

·         LGSCO Complaints

The Information Governance and Feedback Team Manager attended the meeting to present the report and answer Member questions. It was highlighted that the performance figures contained in the report were also subject to Internal Audit reporting and a further report on those would be coming to this Committee as part of the Veritau Internal Audit report. They stated that we received a high volume of FOI and EIR requests compared to other Councils.

In response to Member questions they stated:

·        CYC differentiate between FOI and EIR requests, which not all Councils do. There is some interpretation as to which Act requests should be considered under, but York had qualified practitioners within the team to deal with these in the most appropriate manner;

·        A request by a Councillor for information is first determined in respect of the purpose for the request. If the information cannot lawfully be released to the Member in that capacity, then the request can be considered under the FOI Act. If the information was released to the Member through the FOI process (and therefore it was being released into the public domain), the law would determine whether exemptions applied. The number of FOIs submitted by Councillors was very low. The exact number would be distributed to the Committee following the meeting;

·        Within the FOI act, if an ordinary question was asked which could be dealt with immediately (within 5 working days) that is how it would be dealt with. It was only where it may take longer than 5 days to provide the requested information, or there may be exemptions to apply that this would be treated as an FOI;

·        FOIs were never ignored, they were replied with the appropriate exemption, as necessary;

·        FOI responses were published in full on the CYC website which was over and above the legal requirement;

·        Service areas who were subject to repeat requests were advised to publish information, as appropriate, to try and limit the number of requests received;

·        If the information requested in an FOI was already publicly available the Council would signpost this;

·        Many of the FOIs received were sent to several Councils at the same time, which had a bigger impact on the figures of smaller Councils;

·        It was always the aim to respond in time, the 90% response rate was partially due to the complexity of some requests meaning that gathering the information took longer; and

·        FOIs came from a mixture of customers – media, researchers, residents, businesses etc;

In response to further questions on the data breach which had recently affected the One Planet York App they stated:

·        The breach was immediately investigated and the app was switched off to protect personal data;

·        The individual who reported the breach was contacted and the ICO were made aware;

·        The breach was of information held on a standalone database  ...  view the full minutes text for item 40.

This report seeks the Committee’s view on the Draft Executive Report, attached at Annex A, regarding the new internal audit services contract for the period 2020-30.

Members received a report which sought the Committee’s view on a Draft Executive Report, regarding the new internal audit services contractfor the period 2020-30. The CYC S151 Officer and Head of Internal Audit left the room during this item.

The Finance & Procurement Manager presented the report and stated current contract arrangements would end in March 2020 and a decision around awarding a new contract would be made by Executive. However, it was considered appropriate for this Committee to scrutinise the draft report in order that its comments could be incorporated into the final version.

In response to Member questions they stated:

·        The external assessment of Veritau would be reported to the Committee;

·        A judgement had been made about including enough detail on the cost implications of not awarding the contract to Veritau without ‘scaremongering’;

·        The vast majority of Councils had a Head of Internal Audit who was a Council employed Officer, reporting to the S151 Officer. There were now an increasing number of shared services like this one. Officers would research this after the meeting and share their findings with the Committee;

·        An external review of the service had taken place in 2014 with a positive outcome;

·        There were not a significant number of internal audit providers with experience of local government as it was generally done in house. This made market testing and benchmarking challenging;

·        The reasons for setting up the company remained valid, particularly economies of scale and access to specialist audit skills; and

·        Internal Audit was an important source of information for the S151 officer and provides provided the assurance necessary for the Director to discharge their statutory duties, which included ensuring the provision of an effective internal audit function. Separation was maintained by having a separate officer as the contract manager. 

Members felt that they did not have enough information to make informed comments and asked Officers to bring the report back to the next meeting of this Committee. Some Members stated they had issues with the close relationship between CYC Veritau. They also expressed some concern around the governance of Internal Audit and the role of the S151 officer. 

They asked for the following additional information:

·        The costs/implications of not renewing this contract;

·        Market testing;

·        Benchmarking information;

·        The external assessment report;

·        Detail of usual contract lengths for similar services; and

·        Timescales

Resolved:  That the report be brought back to this Committee on 6 February, to include the detail agreed above.

Reason:     To seek the views of Audit & Governance Committee on the proposal to provide a value for money internal audit and counter fraud function to the Council.

This paper presents the future plan of reports expected to be presented to the Committee during the forthcoming year to September 2019.

Members considered the future plan of reports expected to be presented to the Committee during the forthcoming year to September 2019.

·        That the item ‘Internal Audit Service Contract’ be brought back the meeting in February following additional work as agreed at this meeting;

·        That the outcome of the Veritau External Assessment be brought to the first available meeting

·        That the Veritau Internal Audit Report ‘Overtime 2017 – 2018’ (agenda item 8 – additional documents) be given further consideration at either Audit & Governance Committee or Customer and Corporate Services Scrutiny Management Committee (CSMC) in relation to:

1.   The working time directive

2.   Potential timesheet fraud

Resolved:  That the forward plan for the period to September 2019 be agreed, subject to the above amendments.

Reason:     To ensure the Committee receives regular reports in accordance with the functions of an effective audit committee