Agenda and minutes

At this point Members are asked to declare any personal or prejudicial interests they may have in the business on this agenda.

Members were invited to declare at this point in the meeting any personal or prejudicial interests they might have in the business on the agenda. 

Councillor Pierce declared a personal, non-prejudicial interest in agenda item 6 (Audit and Fraud Mid-Term Monitor), in relation to the mention of Derwent Infant School in Annex 1 to this item, as a governor of that school.

To approve and sign the minutes of the meeting of the Audit & Governance Committee held on 24 September 2007.

RESOLVED: That the minutes of the Audit and Governance Committee meeting held on 24 September 2007 be approved and signed by the Chair as a correct record.

At this point in the meeting members of the public who have registered their wish to speak regarding an item on the agenda or an issue within the Panel’s remit can do so. Anyone who wishes to register or requires further information is requested to contact the Democracy Officer on the contact details listed at the foot of this agenda. The deadline for registering is Monday, 14 January 2008, at 5:00 pm.

It was reported that there had been no registrations to speak at the meeting under the Council’s Public Participation Scheme.

This report invites Members to note and comment upon progress made in relation to recommendations arising from the Audit Commission follow-up inspection in August 2007, which assessed the Council’s arrangements for embedding its priorities.

Note: the agenda for this meeting was re-published on-line on 9 January 2008 to include a revised version of Annex B to the above item.

Members considered a report which outlined progress to date on the recommendations made by the Audit Commission after their August 2007 follow-up inspection of the Council’s arrangements for embedding its priorities.

The updated recommendations of the Audit Commission, with Officers’ initial comments in response and progress to date, were attached as Annex A to the report and summarised in paragraph 4.  Significant progress had been made towards fulfilling the recommendations, and in particular:

• Clear responsibility had been defined for elements of the refreshed Corporate Strategy
• Action plans for priorities had been updated and agreed
• A small number of measures to track progress had been agreed
• Core processes had been further developed to ensure that the actions of the Council were driven by the Corporate Strategy.

Further improvements were planned for the next few months to ensure that the Corporate Strategy was further embedded, in line with the Audit Commission’s recommendations.

Members commented that there were weaknesses in some areas in terms of applying the Council’s policies ‘on the ground’, particularly when working with external agencies.  Officers confirmed that progress had been made in ensuring that partners were aware of the Council’s priorities.

RESOLVED: (i)         That the progress made against each of the recommendations be noted.

                        (ii)        That a further progress report on the targets in the action plan be brought to the Committee’s meeting in June 2008.¹

REASON:      To ensure that the Council’s response to the Audit Commission’s recommendations is properly monitored.

This report provides an update on the progress made so far this year in completing the work set out in the annual external audit & inspection plan for 2007/08, as approved by Members in June 2007.

Members considered a report which provided an update on progress to date in completing the work set out in the annual external audit and inspection plan for 2007/08, as approved by the Committee in June 2007.  The report was presented at the meeting by the District Audit Manager.

A schedule of the principal areas of review and key products due to be delivered in 2007/08 was attached as Annex A to the report.  These included items outstanding from the 2006/07 audit plan as well as new work from the 2007/08 plan.  It was noted that an unqualified opinion had been given on the financial statements and on the Best Value Performance Plan.  An unqualified VFM statement had also been given and a score of 3 (Good) awarded on the CPA Use of Resources assessment, an improvement on last year’s score of 2.

The fees for the 2007/08 audit had been specified as: £197k for core audit costs; £126k inspection costs and £50k grant claims.  There were no significant variations on budget to report.  However, it was noted that the corporate grant claim budget might overspend at year end and that fees for audit would increase significantly from 2008/09 onwards to reflect additional work arising from a change in the audit and inspection regime.

Members commented on the clarity of the information provided in tabular format in Annex A and thanked the District Audit Manager for attending.

RESOLVED: That the contents of the report be noted.

REASON:      To ensure the effective client management of the external audit and inspection service.

This report provides details of the progress made in delivering the internal audit and fraud work plan for 2007/08.

Members considered a report which detailed progress made in delivering the Council internal audit and fraud work plan for 2007/08.

Two of the priorities for the service were to deliver at least 90% of the Audit Plan and to ensure that Internal Audit continued to retain its ‘managed audit’ status with the Audit Commission.  Internal Audit had successfully delivered 92% of the 2006/07 Audit Plan and it was anticipated that the 90% target would be achieved on the 2008/9 Plan.  Details of audits completed and reports issued were set out in Annex 1 to the report.  Variations made to the Plan and approved by the Assistant Director to date, in order to accommodate a shortfall in resources and take account of changes to priorities, were detailed in Annex 2.

Counter fraud work had been undertaken in accordance with the approved Counter Fraud Activity Plan.  A summary of the work completed was attached as Annex 3 to the report and details of investigations undertaken and prosecutions and sanctions achieved were set out in Annex 4.

Members commented in particular on two areas identified as ‘weak’ in the audit reports at Annex 1.  These were: the lack of progress made by departments in developing continuity plans (Business Continuity 2006/07) and delays in carrying out Criminal Records Bureau (CRB) checks on all staff employed to work with young people (Youth Services 2007/08). 

RESOLVED: (i)         That the results of the audit and fraud work undertaken to date in 2007/08 be noted.

                        (ii)        That Members’ concern at the lack of progress by departments in developing business continuity plans be noted.

                        (iii)       That a report be brought to the next meeting of the Committee outlining progress made towards completing CRB checks for relevant Council staff and clarifying the Council’s corporate policy on CRB checks.¹

REASON:      To enable Members to consider and monitor the delivery of the Internal Audit Plan.

This report invites Members to note and contribute to the annual review and update of the internal audit risk assessment and five year strategic audit plan

Members considered a report which invited them to note and contribute to the annual review and update of the Council’s internal audit risk assessment and five year strategic audit plan.

A copy of the latest version of the five-year Strategic Audit Plan, updated with the risk score for each ‘auditable’ area, was attached as Annex 2 to the report.  Details of the criteria used to categorise the risks were set out in Annex 1.  It was noted that, due to the current shortfall in audit resources, many medium or low risk areas were not being reviewed as frequently as required. 

The annual review process, which was the starting point for preparing the 2008/09 Audit Plan, was now under way.  Members’ views were sought as to the accuracy of the outcome of the risk assessment process and whether any other areas should be subject to audit review.

Officers responded to Members’ queries and concerns on specific aspects of the criteria in Annex 1 and the scores in Annex 2.  In relation to the criteria on pupil numbers, it was noted that although the likelihood of risk might be higher in smaller schools due to lower staff numbers, the impact would be higher in large schools.  In relation to the score on Section 106 agreements (ref. No. 510), the results of a recent audit of the collection and use of S106 payments would be brought to Members in June.  It was noted that sickness monitoring, this was now being audited yearly due to Members’ concerns in this area.

RESOLVED: That the existing audit risk assessment and strategic plan be noted and that Members’ comments be taken into account when preparing the 2008/09 Audit Plan.¹

REASON:      To ensure that scarce audit resources are used effectively.

This report advises Members of the progress made in developing City of York Council’s shared audit and fraud service with North Yorkshire County Council.

Members considered a report which advised them of progress made in developing the shared audit and fraud service between City of York Council (CYC) and North Yorkshire County Council (NYCC)

Phase 1 of the shared service had commenced on 1 October 2007.  Interim shared management arrangements were in place, with the CYC Audit and Fraud Manager assuming overall management responsibility across both teams.  NYCC was providing £32k to fund this management support.  A Project Board had been established to direct and co-ordinate the development and delivery of the service.  Staff groups were continuing to operate from their existing office locations and had remained on their current terms and conditions except for a minor restructure to reflect changed management responsibilities and establish a local ‘site’ manager. 

Work was now ongoing to evaluate detailed business options for the long term organisational structure of the service, including analysis of baseline financial and benchmarking information.  Progress had also been made to integrate working practices and systems across both teams.  Staff and key stakeholders were being kept updated on progress with the projects.  Details of the options appraisal, and the business case for the preferred option, would be reported to Members by March 2008, with full implementation expected by March 2009.  It was noted that the report would go initially to the Executive Member for Corporate Services and Advisory Panel, then to the April meeting of Audit and Governance Committee.¹

RESOLVED: That the progress made in developing the shared service initiative with North Yorkshire County Council for the provision of audit and fraud services be noted.

REASON:      To enable Members to consider the progress made with this shared service project.

This report advises Members of the findings of follow up testing undertaken by Internal Audit on the Council’s car parking arrangements and associated controls, together with the actions taken by management to address the outstanding issues.

Members considered a report which presented the findings of follow-up testing undertaken by Internal Audit on the Council’s car parking arrangements and associated controls, together with the actions taken by management to address the outstanding issues.

The Audit Commission’s Annual Governance report for 2006/07 had identified the two control issues that had remained unresolved by City Strategy following the 2004/05 audit, namely:

• No formal reconciliation between income recorded by each car park machine and income counted and banked
• No control to ensure that all boxes collected from machines were delivered to the cashiers.

Members had requested a report on progress made to address these issues.

The findings of Internal Audit set out in paragraphs 9 to 18 of the report.  With regard to income reconciliation, the City Strategy Finance Team had been trialling a reconciliation of the daily car park machine reports against the income on the ledger since November 2007.  This would continue in the future, supported by information provided by the new Parkeon system.  With regard to cash boxes, information on the number of boxes collected during the day was now being supplied to the Chief Cashier using the Parkeon system.  Internal Audit had also recommended that receipts for depositing cash boxes be signed by both the Cash Collectors and the member of Cashiers staff who received them and that reports listing the value of cash collected from each machine be retained for at least six years.

Officers confirmed that a further report would be brought to the Committee, probably in April, to confirm that the recommended controls were in place and operating effectively.¹

RESOLVED: That the initial findings and recommendations of the follow up review carried out by Internal Audit, and the actions taken by Parking Management to address the identified control issues, be noted.

REASON:      To enable Members to monitor the adequacy and effectiveness of the Council’s control environment.

This report introduces the Annual Governance Statement (AGS), which replaces the Statement on Internal Control (SIC), advises of the changes resulting from this new statutory requirement and seeks approval for a proposed process and timetable for completion of the 2007/08 AGS.

Members considered a report which introduced the Annual Governance Statement (AGS), replacing the Statement of Internal Control (SIC), explained the associated changes and sought approval for a proposed process and timetable for completion of the 2007/08 AGS.

New guidance published recently by CIPFA/SOLACE, entitled ‘Delivering Good Governance in Local Government Framework’, set out the six core principles of governance which authorities were required to adopt.  It also introduced a requirement to prepare an AGS instead of an SIC, from 2007/08 onwards.  To enable preparation of the AGS, a number of changes would be needed to the existing SIC processes.  Details of these proposed changes were set out in paragraph 12 of the report.  A proposed timetable for the 2007/08 AGS, culminating in the completion of final amendments by 13 June 2008 prior to its receipt by Audit and Governance Committee, was set out in paragraph 14.

It was noted that Internal Audit was currently undertaking a follow up exercise to identify progress made in addressing the significant control issues identified in the 2006/07 SIC, a copy of which was attached as Annex 1.  Results of this review would be reported to the Committee in April 2008.

RESOLVED: (i)         That the new statutory requirement for the Council to produce an Annual Governance Statement and to publish this as part of the 2007/08 Statement of Accounts be noted.

                        (ii)        That the proposed process and timetable for completion of the 2007/08 AGS be agreed.

REASON:      To ensure that the Council complies with relevant legislation.

This report asks Members to consider and comment upon a draft risk management User Guide, draft key risk monitor and draft detailed risk register report, including controls and actions used in managing corporate risks.  

Note: Annex A to this item has been made available on-line and copied separately, to Committee Members only.  Copies may be obtained on request from Democratic Services, if required (contact details are at the foot of this agenda).

Members considered a report which asked them to comment upon a draft Risk Management User Guide, key risk monitor and risk register report, including controls and actions used in managing corporate risks.

Although the Council’s framework for risk management had been in development since the 2001/02 Best Value review, progress had been slow until recently due to limited resources.  Additional capacity since October 2007 had enabled further work to be undertaken, including development of a draft User Guide, attached as Annex A to the report.  This was a comprehensive document, which provided detailed guidance for all Officers and Members with responsibility for managing risk. 

Following their work on identifying key corporate risks, Corporate Management Team (CMT) had requested a quarterly monitoring report on progress in managing and mitigating these.  A draft of the format that could be used for this monitor was attached as Annex B.  Information being collected as part of the management and monitoring of these key risks was being transferred into the ‘Magique’ system to create a comprehensive overview and provide a proper management tool for action planning.  Details of the information currently held in Magique were attached as Annex C.  A further document, indicating how more detailed information on the trend of significant risks could be extracted from the system, was circulated at the meeting and is attached as Annex 1 to these minutes.

In response to Members’ questions and comments on Annex B, Officers confirmed that they had been experiencing difficulties in obtaining clear information from action owners within departments.  This would be addressed by Corporate Management Team adopting a monitoring role.  The purpose of the risk register was to create a focus for recording risks, but details of individual risks could be supplied on request.

RESOLVED: That the draft risk management user guide at Annex A, the draft monitoring report at Annex B, the draft Magique report at Annex C and the additional information provided at the meeting be noted.

REASON:      To help deliver a more consistent and well understood approach to risk management across the Council and to provide a clear focus on managing the key threats to the Council and the action being taken to manage them.

This report asks Members to note and comment upon a medium term strategy to improve information governance in response to certain external imperatives and internal pressures.

Members considered a report which asked them to note and comment upon a medium term strategy to improve information governance in response to certain external imperatives and internal pressures.

A copy of the draft strategy, which had been approved by CMT on 5 December 2007, was attached as Annex A to the report.  Its main elements included:

• A project to reduce the volume of paper records before the move to Hungate
• Increasing the use of DMS, to manage information actively
• Review of the information governance policy framework
• A policy on contributing to the historic archive.

It was noted that revisions to the data protection and other corporate policies required Member approval and would be reported for formal decision in due course.  Other elements of the strategy were essentially operational.  An indicative action plan would be prepared in the coming weeks.  The execution of the strategy would be managed and co-ordinated by the Information Management Officer, with policies being presented to Members at an early stage, followed by detailed implementation within services.

Members endorsed in particular the need to ensure the security of data, in the light of recent data losses by government departments.  They accepted the need to reduce the amount of ‘hard copy’ data retained by the Council, due to the cost implications of storing such data after the move to Hungate.  However, procedures should be in place to ensure that important data was scanned and retained electronically prior to disposal of hard copies.  

RESOLVED: (i)         That the strategy attached as Annex A be noted and that Officers take note of Members’ comments thereon.

                        (ii)        That the consideration of a revised data protection and information sharing policy in the Forward Plan be noted.

                        (iii)       That the consideration of progress against the strategy, to be included in the Forward Plan, be noted.

REASON:      To enable Members to inform, and monitor progress on, the medium term strategy.