Venue: Council Chamber - South Kesteven House, St. Peter's Hill, Grantham. NG31 6PZ. View directions
Contact: Email: Democracy@southkesteven.gov.uk
Apologies for absence
An apology for absence was received from Councillor Jacky Smith.
Disclosure of interests
Members are asked to disclose any interests in matters for consideration at the meeting.
No interests were disclosed.
Minutes of the meeting held on 26 January 2022 PDF 164 KB
A query was raised regarding the External Audit Plan item and why it had been removed from the Work Programme for the meeting on 16 March 2022.
The Head of Finance & ICT confirmed that the planning audit would not commence until 28 March 2022. External Audit would then be able to produce the External Audit Plan which should commence during August 2022. This item would be brought back to the Committee at a later date, prior to August 2022.
The Chairman highlighted that a member of the public had queried what action had been taken around the counter fraud framework and the recent fuel theft.
The Governance and Risk Officer clarified that the actions raised from the investigating officer had now been implemented:
· Maximum limits on the frequency of refuelling had been set.
· Fuel management and monitoring had been tightened up on with an expected miles per gallon range set for vehicles. Any vehicles that fell outside the parameter were being flagged up on the system.
· Random physical spot checks would take place to verify the vehicle mileage. Anti-siphoning devices had been fitted to all vehicles.
· Additional CCTV cameras had been installed to cover fuel tanks.
· Targeted staff communications at the time of investigation.
· All actions had been followed up twice to check on implementation.
· The action involving the Police was ongoing, a further update would be brought back to the Committee.
The minutes of the meeting held on 26 January 2022 were proposed, seconded and AGREED as a correct record.
Updates from previous meeting PDF 73 KB
To consider updates on Actions agreed at the meeting held on 26 January 2022.
A query was raised regarding the action relating to the ‘propeller’ screenshots that had been provided to the Committee and whether they were available for the public domain.
The Deputy Monitoring Officer confirmed that the paperwork provided to the Committee was for information only. It was noted that further clarification would be sought from the Assistant Director of Housing as to whether the screenshots were suitable for the public domain, if so, they could then be published.
The Head of Finance & ICT provided an update of an action relating to Annual Refresher training on Governance & Audit Committee along with Local Government Finance. It was confirmed the training had been booked for Monday 9 May 2022 which was due to take place in person with an external trainer.
Internal Audit Progress Report PDF 727 KB
The internal audit plan for 2021/22 was approved by the Governance and Audit Committee at the 18 March 2021 meeting. This report provides an update on progress against that plan and summarises the results of our work.
A report was presented to the Committee by the Internal Auditor to provide the progress against the plan and feedback any findings from finalised audits since the last meeting.
The Auditor confirmed that all reviews had been completed and finalised in alignment with the audit plan for the year. Since the previous meeting, the final two reports had been completed. It was reported that there had been one change in the plan since the previous meeting due to timings.
The Auditor reported that Continuous Assurance 4 had tested ten key controls. As part of this, three areas of non-compliance were raised against the ten controls resulting in three low management actions:
· Planning Applications – Management would ensure all extensions, where decisions were to exceed their initial determination time, were documented on email and attached to the document management system.
· Housing Repairs Management would formally document repair timeframes via internal documentation such as a Repairs Policy.
· IT Access Controls – Management would ensure that access to systems was actively disabled within 30 days of an employee leaving the Council.
The following points were raised during discussion:
• A Member raised concern on the low figure of representative samples of ten and how the samples were selected, whether it was randomly generated or chosen.
· Concern was expressed in relation to the ten samples and how many the total number of samples were out of and whether it was representative.
The Auditor confirmed that ten samples were agreed with management at the start of each assurance review for each of the controls. The samples were selected by internal audit independently, a full report was provided from the system of all completed repairs within the period, sample tests were then carried out via the system.
One Member raised a query regarding the number of housing jobs currently available.
Further clarification was sought relating to IT access controls and whether the Council leaver had access to the software in the first instance or if the Council was unable to disable the access following them leaving.
The Auditor confirmed that in an instance, the individual never had access to the active directory. It was also noted that the number of housing jobs was not available at the time of the meeting.
The following further queries relating to the report were raised:
· How many planning applications were dealt with in the statutory period and how many were not determined within the statutory period.
· Whether the failure in housing repairs had been brought up by internal audit or through a different source.
· Why the implementation date of 31 May 2022 and the risk of housing actions being low.
· Further concern of a Council leaver still having access to a finance system after leaving the authority
The Auditor reported that the information could be provided on how many applications were within the statutory period, however, the sample testing would still be ten.
It was confirmed that a housing compliance audit was conducted at the beginning of the year ... view the full minutes text for item 69.
Internal Audit Follow Up Report PDF 155 KB
We have undertaken a review to follow up on progress made to implement the previously agreed management actions.
The Auditor informed the Committee that the report was the final follow up for the year and included 15 management actions relating to the secure remote working audit and the street scene stock control audit.
From the review, a reasonable progress positive opinion had been issued. Of the 15 management actions, eight had been implemented or superseded in full, leaving seven management actions as ongoing and were evidenced towards completion. It was confirmed that new actions and dates had been agreed with management. Upon finalising the report, an update on three actions was provided from management in relation to street scene where it was confirmed that these had now been implemented.
Queries were raised regarding a management action relating to IT:
· Whether the review of current IT policies would still be seen as low, due to recent events in Ukraine.
· Whether the Cyber Security Centre would be an appropriate third party to support the Cyber Incident Policy or a different recommended third party.
· Whether training around Cyber Security for staff included Elected Members.
· Whether the management action relating to annual phishing exercise could be revisited.
The Auditor confirmed that the assessment of the management actions in the report were completed in December 2021. It was reported that any outstanding actions would be followed up by the new internal auditors.
A further query was raised on the flexibility and the ability to move management actions through the process quickly, especially in relation to cyber security.
The Head of Finance & ICT confirmed that the Council had successfully secured funding to improve cyber resilience across the Council. It was reported that Microsoft provided weekly security updates and weaknesses to the Council, which were then implemented to maintain secure systems.
One Member expressed concern over five out of the 20 actions having no evidence provided and therefore, were excluded from the findings. A further concern was raised over one in three of the recommended actions from the Auditors being completed, and whether this was reasonable progress.
The Auditors outlined that the progress had been included on Appendix A of the report, where the Council’s progress was in line with RSM standards. It was further confirmed that some original priorities had been reduced from medium down to low based on the actions that had already been taken by management. The Committee were assured that reasonable was the right result based on this follow up review.
The Head of Finance & ICT noted that some actions had not yet reached completion date at the time of the Audit, therefore the actions were not expected to be fully completed.
Assurance was sought around level of priority of fuel theft and that it was no longer identified as a weakness.
That the Governance and Audit Committee noted the Internal Audit Follow Up Report.
Draft Internal Audit Annual Report 2021-22 PDF 173 KB
In accordance with the terms of reference of the Committee one of the key areas for the Committee is to monitor the audit activity on behalf of the Council. This includes receiving the annual report and opinion from the Head of Internal Audit.
The Head of Finance & ICT presented the report that outlined the Draft Internal Audit Annual Report and annual opinion. A summary of audits was provided by assurance levels between 2020/21 and 2021/22 to evidence that significant improvements had been made. As of 2021/22, it was reported that there were no minimal assurance reports, a reduction in the number of partial assurance reports and an increase in the number of substantial assurance reports.
It was further confirmed that all audit actions identified were actively monitored by use of hosted software (4action). The system allows the responsible Officers to manage implementation plans alongside agreed time scales and enabled the Council to ensure all actions were monitored.
RSM then presented their Draft Internal Audit Annual Report. The Auditors highlighted key elements included within the report:
· Weaknesses had been identified within the framework of governance risk and internal control.
· The Overall framework could become inadequate and ineffective.
· Internal Audit work was undertaken during 2021/22, therefore was affected by the disruptions of the pandemic.
· The Auditors opinion was not only informed by the work undertaken during the year, but also interactions with management and attendance at Committee meetings.
· During 2021/22, 73 management actions were raised. Compared to 112 actions that were raised and agreed with management during 2020/21.
· Improvement had been seen in the overall control framework based on the areas reviewed in the year.
· In terms of previous implementation of internal audit management actions, management had made reasonable progress in three of the reviews but little progress in one of the follow-up reviews.
· No work or activity had been undertaken during 2021/22 that would require declaration on conflicts of interests from RSM.
· RSM’s latest external quality assurance review had been undertaken and completed in December 2021 which concluded that RSM generally conformed (highest rating) to the requirements of the IIA Standards, other professional standards and code of ethics.
· The report would remain in draft until the end of the financial year at which point a final would be issued subject to further amendments.
Clarification was sought on the overall opinion received, due to weaknesses in the framework and governance (third category out of four, with no improvement since the last draft).
The Auditor confirmed that several discussions had taken place internally. The annual conclusions would go through a second partner review process to ensure they agreed with the assertions in the annual reports. It was noted that the annual opinion was borderline to the next bracket. On reflection, RSM had issued two partial assurance conclusions and a number of internal audit actions had not been implemented. Therefore, the overall framework still required work undertaken to remain effective.
It was advised that RSM would review and reconsider the annual report if there were any significant changes in terms of the overall framework up until the end of the financial year.
One Member queried whether RSM would be attending any future meetings.
RSM confirmed that this would be their last meeting, however if management requested their ... view the full minutes text for item 71.
Internal Audit Draft Plan 2022 - 23 PDF 206 KB
This report sets out the Internal Audit Plan as at 1 April 2022. The plan details the activities to be audited and the indicative scope for each audit.
Assurance Lincolnshire introduced themselves as the Council’s new Internal Auditors, who would work in partnership to deliver the internal audit plan. It was reported that a workshop would be available to Members to gain knowledge around Assurance Lincolnshire’s way of working and answer questions raised around the ease of reading reports. It was noted that the Head of Internal Audit and their opinion were independent and should be maintained.
It was confirmed that Assurance Lincolnshire would start working with the Council from 1 April 2022. The draft plan was an indicative plan brought together from discussions with the Council’s senior leadership team and the review of the strategic risk register.
Further points were made regarding the report from Assurance Lincolnshire:
· The plan would cover 2022/23.
· The plan would seek to provide assurance within the agreed resources.
· The plan would be flexible to reflect any changing needs and new risks or priorities.
· The focus would be around significance, sensitivity, and level of assurance.
· The plan would be 142 days and would focus on the key areas:
- Key control testing within financial governance
- Risk management, good governance and decision making, health and safety and programme management within governance and risk.
- Critical activities within housing void management, housing income management and HRA building programme.
- Cyber security.
A query was raised on the effectiveness of scrutiny within governance and decision making and whether it would be auditable through the draft plan. A further question was raised on EnvironmentSK Ltd in relation to grounds maintenance and whether the Council were making an income from the company. It was suggested that the Committee could consider discussing EnvironmentSK Ltd at a later meeting.
Reassurance was requested on the procurement process of the refurbishment of a leisure centre and whether this would be included within internal audit.
Assurance Lincolnshire reported that the role of the Committee was to consider governance and risk control. It was confirmed that as part of the internal audit plan, commercial activities were explored and a report had been produced by the Council’s outgoing internal auditors, therefore this was not included. It was noted that areas could be revisited for the plan.
It was confirmed that the area around decision-making would cover scrutiny and Assurance Lincolnshire could place level at any leverage assurance around the effectiveness of the previous review undertaken.
It was reported that large projects would be covered within programme management which would include the refurbishment of the leisure centre.
The Monitoring Officer provided assurance to the Committee that all works undertaken would be governed by contract procedure rules and financial regulations.
The Chairman raised a question on the timescales around the work within the draft plan.
Assurance Lincolnshire reported that they would work closely with the Council’s Governance and Risk Officer and management to provide a schedule on the timescales around undertaking the work, alongside meeting KPIs around timings.
It was suggested that accountable managers should attend Committee meetings to ensure relevant questions around progress and low ... view the full minutes text for item 72.
Statement of Accounting Policies PDF 160 KB
In line with the Committee’s terms of reference it is a requirement that the proposed policies are reported prior to the production of the Statement of Accounts.
The Head of Finance & ICT presented the report that outlined the annual review of the Council’s accounting policies prior to the preparation of the statement of accounts. It was confirmed that there had been no significant changes to the CIPFA Code of Practice, the accounting policies used to produce the 2021 accounts remained unchanged. It was further reported that the publication date for the draft 2021/22 statement of accounts would be 31 July 2022.
It was expected that the publication date for 2022/23 statement of accounts would be moved to the 31 May 2023, for each following year. Members were assured that the team would be working towards preparing a draft set of accounts for 31 May this year to prepare for the new deadline in 2023.
1. That the Governance and Audit Committee approve the Statement of Accounting Policies, as set out in Appendix A to the report to be used in the production of the 2021/22 financial statements.
2. That the Governance and Audit Committee notes the proposed dates for the publication of the draft and final audited accounts.
Work Programme 2021 - 2022 PDF 113 KB
To consider the Committee’s Work Programme for 2021 – 2022.
The Committee noted the Work Programme for 2021 – 2022.
Any other business, which the chairman, by reasons of special circumstances, decides is urgent.
There were no other items of business.
Close of meeting
The Chairman closed the meeting at 15:31.