Agenda and minutes

At this point in the meeting, Members are asked to declare:

·        any personal interests not included on the Register of Interests

·        any prejudicial interests or

·        any disclosable pecuniary interests

which they might have in respect of business on this agenda.

DecDMembers were asked to declare any personal interests, not included on the Register of Interests, or any prejudicial or disclosable pecuniary interests which they may have in respect of business on the agenda. None were declared.

It is at this point in the meeting that members of the public who have registered their wish to speak can do so. The deadline for registering is by 5:00pm on Tuesday, 10 April 2018.

To register, please contact the Democracy Officer for the meeting on the details at the foot of this agenda.

Filming, Recording or Webcasting Meetings

Please note this meeting will be filmed and webcast and that includes any registered public speakers who have given their permission.  This broadcast can be viewed at: http://www.york.gov.uk/webcasts.

Residents are welcome to photograph, film or record Councillors and Officers at all meetings open to the press and public. This includes the use of social media reporting, i.e. tweeting.  Anyone wishing to film, record or take photos at any public meeting should contact the Democracy Officer (whose contact details are at the foot of this agenda) in advance of the meeting.

The Council’s protocol on Webcasting, Filming & Recording of Meetings ensures that these practices are carried out in a manner both respectful to the conduct of the meeting and all those present.  It can be viewed at:

http://www.york.gov.uk/download/downloads/id/11406/protocol_for_webcasting_filming_and_recording_of_council_meetings_20160809.pdf

It was reported that there had been one registration to speak at the meeting under the Council’s Public Participation Scheme on general matters within the remit of the Audit & Governance Committee (A&G).

Gwen Swinburn spoke in relation to her concerns about the A&G Committee report titled Observation and Learning from the Local Government Association (LGA) Peer Review at Agenda Item 3. She also expressed disappointment that the redacted report contained only five out twelve recommendations included in the full version of that document.

The report is provided for the Committee members to consider the elements of learning identified through the external LGA peer review. 

Members considered a Committee report providing elements of learning identified through the external LGA peer review relating to future conduct of the A&G Committee.

Prior to discussion of the report, the Chair confirmed that a request to view a full (unredacted) version of the appended LGA Peer Review Report had been received from the cross-party representation of the Committee so that the Committee could fulfil its function in considering the recommendations in the A&G Committee report. Members were advised that the full Peer Review Report contained confidential information relating to HR and Member conduct issues that had already been considered and concluded upon in separate processes by their Member colleagues. It was clarified that the Officers had included a redacted Peer Review Report within the open Agenda Item 3 to be as transparent as legally possible. The Chief Executive Officer (CEO) added that a separate report about wider culture and obligations of Members and Officers in terms of how the Committees were run would be presented at one of the future Group Leaders’ meeting.

The following two options were presented to the Committee:

·        Option 1: deferring the item and discussing the full report in private during one of the following Audit & Governance (A&G) Committee’s meetings;

·        Option 2: accepting the recommendations of the report and requesting additional information on wider cultural issues discussed in the report.

During debate, Members agreed that full recommendations should be presented on a confidential basis to the Committee so that it could fulfil its role, particularly because it was challenging to review the report and lessons learned if nine out of twelve recommendations had been removed or redacted. The Deputy Monitoring Officer confirmed that Members were entitled to see the full unredacted report in a private session. Members were reminded that the Peer Review Report contained confidential information that must not be disclosed further.

Members agreed that, in order to consider the report, an extraordinary A&G Committee meeting in private should be organised.

Cllr Lisle moved and Cllr Kramm seconded a motion to defer the item and discuss the full report in private during an extraordinary A&G Committee’s meeting. Upon being put to vote, it was then

Resolved:                     (a) That a full, unredacted version of the LGA peer review report be brought to the Committee in a private session.

                                      (b) That an extraordinary A&G Committee meeting be organised before 27 June 2018, in order to enable the Committee to discuss the report.

Reason:                        To enable Members to consider the recommendations within the Committee Report at Agenda Item 3 having regard to the full version of the LGA Peer Review Report whilst maintaining the required confidentiality.

The purpose of this paper is to present Audit & Governance Committee (A&G) with an update on the key corporate risks (KCRs) for City of York Council (CYC), which are included at Annex A. A detailed analysis of KCR2 (Governance) is included at Annex B.

Members considered a paper presenting the Committee with an update on the key corporate risks (KCRs) for City of York Council (CYC), which were included at Annex A, together with a detailed analysis of KCR2: Governance, included at Annex B. The Principal Accountant, Information Governance & Feedback Team Manager and Head of ICT were in attendance to answer potential questions.

In response to Members’ queries, the following was noted:

·        KCR6: Health and Wellbeing risk mitigation was, to some extent,  dependent on external partners but the risk was managed accordingly;

·        moving to the 100% retention of business rates did not result with risk being higher than in previous years;

·        a number of processes were in place to ensure that any new software packages were thoroughly tested before being implemented in the organisation.

Members discussed the CYC’s transition to the General Data Protection Regulation (GDPR) with the enforcement date of 25 May 2018. It was confirmed that the new legislation required that evidence of meeting data protection requirements be collected, which raised the compliance standards. Members were reassured that there had been no significant changes in relation to data protection compliance at the individual level and that additional support such as introduction of a brand-new toolkit would be provided to meet any outstanding requirements. It was confirmed that all Members and CYC employees would have an opportunity to complete either a paper or an on-line data protection training and that systems were put into place to ensure that everyone completed it. The Officers added that it was unlikely that any large organisation would be fully compliant with GDPR by 25 May 2018; nonetheless, CYC was not complacent on that matter and was underway with administration of new resources, training and processes to implement GDPR. Following on Members’ questions, it was explained that, depending on the nature of potential data protection breach committed by Councillors, the breach could be investigated by CYC. Finally, it was confirmed that restrictions to the system access were not currently in place for anyone who would not complete the training.

The Officers confirmed that the internal policy on Information Systems’ Security & Acceptable Use was in place to protect the organisation and its employees from compromising integrity and security of the ICT systems. Members requested that the policy be circulated to the Committee.

Consideration was given to making a careful distinction between ‘probable’ and ‘possible’ when assessing risks in the KCR Register as well as to making any changes in future updates more (physically) visible.

Resolved:                     (a) That the key corporate risks included at Annex A be considered and commented upon; 

(b) That the information provided in relation to KCR2: Governance included at Annex B be considered and commented upon;

(c) That the fact that the 2018/19 monitor 1 report will include a detailed analysis of KCR3: Effective and Strong Partnerships be noted;

(d) That feedback on any further information that the Committee wishes to see on future committee agendas be provided;

(e) That the internal policy on the  ...  view the full minutes text for item 58.

The paper attached at Annex A from Mazars, the Council’s external auditors, reports on progress in delivering their responsibilities as auditors.

Members considered a report from Mazars, the Council’s external auditors, detailing the progress made in delivering their responsibilities. Jon Leece, Mazars’ Senior Manager, and Gareth Davies, Mazars’ Partner and Engagement Lead, attended the meeting to summarise the report and answer Members’ questions.

The following was highlighted:

·        the quality of the Council’s account had been commented on favourably in recent years;

·        there was little control over external bodies in relation to health scrutiny but this was something over which CYC had little influence;

·        the key points to note on Northampton County Council S114 Notice case were loss of control over financial strategy as well as increased reliance on using reserves and capital disposals;

·        CYC’s financial sustainability / reserve position was deemed relatively strong compared with other authorities and arrangements for measuring related risks were robust.

Resolved:                     That the matters set out in the progress report presented by Mazars be noted.

Reason:                        To ensure Members are aware of Mazars’ progress in delivering their responsibilities as external auditors.

The paper attached at Annex A from Mazars, the Council’s external auditors, summarises their audit approach, highlights significant areas of key judgements and provides details of the audit team.

A paper from Mazars, the Council’s external auditors, highlighting the audit approach and significant areas of key judgements and details of the audit team, was presented to Members. Jon Leece, Mazars’ Senior Manager, and Gareth Davies, Mazars’ Partner and Engagement Lead, attended the meeting to summarise the report and answer Members’ questions. It was confirmed that CYC had adequate arrangements to ensure it took properly informed decisions and deployed resources to achieve planned and sustainable outcomes for taxpayers and local people.

Members discussed the initial materiality thresholds highlighted in the report and whether lower thresholds should be exerted. Most Members agreed that the overall materiality figure of 2% and calculation of triviality were proportionate with the size of the organisation and, therefore, not a concern.

Resolved:                     That the matters set out in the report presented by Mazars be noted.

Reason:                        To ensure Members are aware of Mazars’ progress in delivering their responsibilities as external auditors.

This report seeks the Committee’s approval for the planned programme of internal audit work to be undertaken in 2018/19. It also includes details of the planned programme of counter fraud work.

Members considered a report seeking Committee’s approval for the planned programme of internal audit work to be undertaken in 2018/19. This also included details of the planned programme of counter fraud work. The Head of Internal Audit was in attendance to answer potential queries. It was explained that the total planned days for both the internal audit and the counter fraud plans were reduced due to the budget cuts (equivalent of £30k) and that both plans were subject to change according to any future or potential risks.

Members discussed whether the number of days devoted to the internal audit of Scrutiny (n = 20) was not excessive. Members felt that auditing Scrutiny would not bring effective outcomes and that the resources devoted to auditing it could be used elsewhere. Some Members suggested that the days allocated to Scrutiny could be used for auditing its broad functions, taking into account the recent restructure of the Economic Development and Transport Policy and Scrutiny Committee. Overall, Members recommended the re-assessment of allocation of the number of days in Scrutiny. The following suggestions were noted:

·        looking at how much the Council insured and at the balance between different types of insurance (i.e. increasing the number of days in Insurance);

·        auditing types of legal advice used in order to secure the best value for money.

One Member queried the effectiveness of reviewing strategic arrangements for assessing housing need given the undergoing changes in methodology for its assessment.

It was also clarified that:

·        due to its complexity, the ICT asset management was separated from the overall asset management;

·        overtime holiday and absence recording in the internal system had been audited thoroughly in previous years; for this reason, no days were allocated to it in the current audit plan;

·        project management had not been audited recently; for this reason, the allocation of days for project management was 50.

Resolved:                     That the 2018/19 internal audit plan be approved and the proposed counter fraud plan be noted.

Reason:                        In accordance with the Committee’s responsibility for overseeing the work of internal audit and the counter fraud service.

This report provides an update on progress made in delivering the internal audit workplan for 2017/18 and on current counter fraud activity.

A report providing an update on progress made in delivering the internal audit workplan for 2017/18 and on current counter fraud activity was presented to Members. The Head of Internal Audit was in attendance to answer potential queries. It was confirmed that the investigations by benefit fraud had been transferred to the Department of Work and Pensions.

Some Members queried whether, given the fact that the level-of-savings targets had been exceeded, some of that pot could be allocated within the internal audit plan or counter fraud plan. It was, however, acknowledged that this would be hard to quantify given the plans’ focus on high-value activities.

Some Members stated that more could be done to improve performance management and information security checks. However, it was also admitted that the shift in culture and behaviour was a long-term process.

The following was then suggested:

·        if there were contrasting opinions that had been provided within any of the sections audited, those opinions could be separated to enable Members to see the differences in assurance;

·        in addition to charts showing the types under investigation by number of cases, charts illustrating them by value should be included in the future reports.

Resolved:                     That the progress made in delivering the 2017/18 internal audit work programme and current counter fraud activity be noted.

Reason:                        To enable Members to consider the implications of audit and fraud findings.

This is the regular six monthly report to the Committee setting out progress made by council departments in implementing actions agreed as part of internal audit work.

Members considered a regular six-monthly report to the Committee setting out progress made by council departments in implementing actions agreed as part of internal audit work. The Head of Internal Audit was in attendance to answer potential queries.

It was brought to Members’ attention at that point that the Health & Safety Follow Up Report presented at the meeting of 07 February contained actions that had not been completed for at least six years (i.e. lone working, Legionella and asbestos’ monitoring and mapping). It was suggested that a separate discussion on that issue be held outside the meeting.

In response to a Member’s question, it was confirmed that the quality of records’ management varied between departments. It was suggested that a mapping exercise identifying best practice as well as departments struggling with records’ management be undertaken.

The Officer stated that he would submit a written answer to a Member’s question about the asset disposals i.e. why the audit had been judged as ‘inconclusive’ and what the reason for the delay was.

Resolved:                     (a) That the progress made in implementing internal audit agreed actions be considered.

(b) That a written answer to the query relating to asset disposals and the reason for the delay be submitted to all Members.

Reason:                        To enable Members to fulfil their role in providing independent assurance on the Council’s control environment.

This paper presents the future plan of reports expected to be presented to the Committee during the forthcoming year to February 2019.

Members considered the plan of reports expected to be presented to the Committee over the forthcoming year. Members requested that an additional progress report on information governance and data protection be added to either September’s or December’s meeting.

Resolved:                     (a) That the Committee’s forward plan for the period up to February 2019, with appropriate amendments as resolved at Item 57 of these minutes (Agenda Item 3), be noted.

(b) That an additional progress report on information governance and data protection be added to either September’s or December’s meeting.

Reason:                        (a) To ensure the Committee receives regular reports in accordance with the functions of an effective audit committee.

          (b) To ensure the Committee can seek assurances on any aspect of the Council’s internal control environment in accordance with its roles and responsibilities.