Audit Committee – 12 January 2009
Chair: Councillor Whiteley
Venue: Pittwood House, Scunthorpe
Time: 10.00 am
1. Substitutions (if any).
2. Declarations of Personal or Personal and Prejudicial Interests (if any).
3. To take the minutes of the meeting held on 30 September 2008 as a correct record and authorise the chair to sign.
4. Review of Quality Data – Report of the Chief Executive.
5. Internal Audit and Risk Management Progress Report.
6. External Audit Review of Internal Audit.
7. Use of Resources 2009 Update.
8. Strategic Risk Controls.
9. Member Training Update. (verbal)
10. Any other items which the chair decides are urgent by reasons of special circumstances which must be specified.
Note: Reports are by the Service Director Finance unless otherwise stated.
PRESENT: Councillor Whiteley in the chair
Councillors Wilson (vice-chair), Cawsey, T. Foster and Vickers
Councillor Wells attended the meeting in accordance with Procedure Rule 37b
Also in attendance were representatives of the Audit Commission (the council’s external auditors).
The committee met at Pittwood House, Scunthorpe.
92 DECLARATIONS OF PERSONAL OR PERSONAL AND PREJUDICIAL INTERESTS – There were no declarations of personal or personal and prejudicial interests made at the meeting.
93 MINUTES – Resolved – That the minutes of the proceedings of the meeting held on 30 September 2008, having been printed and circulated amongst the members be taken as read and correctly recorded and be signed by the chair.
94 (63) REVIEW OF DATA QUALITY – The Chief Executive referred to minute 59 and submitted a report informing the committee of North Lincolnshire Council’s current position with regards to Data Quality, and sought approval of an action plan which set out a preferred option to review and continue improving the council’s data quality performance in accordance with Audit Commission recommendations and guidance. The action plan was attached as appendix 2 of the report.
The report reminded members that the council each year was subject to an audit of its data quality procedure by its external auditors (the Audit Commission) as part of the Comprehensive Performance Assessment framework. The three-stage methodology and 1-4 levels of scoring of the assessment were also identified.
After the 2006/7 review and assessment the council was considered to be ‘performing well’, following improvements in data quality arrangements. The Audit Commission had now completed the 2007/8 review and had judged the council to be ‘performing well’, with the aim of moving towards ‘performing strongly’ – well above minimum requirements by the time of the 2009/2010 review. The external auditors also made several recommendations in their report, which was attached as appendix 1. These had been incorporated into a corresponding action plan for 2008/2009, attached at appendix 2 of the report.
Having taken into consideration the external auditor’s recommendations, the Chief Executive in his report described two options for reviewing and improving the council’s data quality performance further. Option 2 was his preferred option, as detailed in paragraph 4.2 of the report and identified in the action plan which set out the steps to make further improvements.
Resolved – That the preferred option 2, as detailed in paragraph 4.2 of the report and identified in the action plan at appendix 2, be approved and adopted.
95 (64) INTERNAL AUDIT AND RISK MANAGEMENT PROGRESS REPORT – Further to minute 86, the Service Director Finance submitted a report updating the committee of key issues arising from Internal Audit and Risk Management work. Regular reporting of this work provided supporting evidence for the approval of the council’s Governance Statement and was recognised as good practice through the Comprehensive Area Assessment (CAA) Use of Resources criteria.
The Service Director in his report addressed and commented upon the following –
- Internal Audit has continued to work closely and with external audit, with successful outcomes following additional testing on specific performance management data, and a testing approach in relation to fundamental financial systems been agreed;
- Following the Icelandic banking crisis a review of Treasury Management arrangements has been concluded. The outcome of the review showed that investments were made properly, were in line with the council’s Treasury Management Policy and appropriate action had been taken to recover these investments and identify contingencies to cover any potential losses. The investment portfolio had been reviewed to restrict investments to United Kingdom clearing banks and implement group limits to be adhered to under current economic conditions. This recognised the risk associated with investments in different banks under the same ownership. Also, external audit endorsed this view and were satisfied that appropriate action had been taken under the circumstances;
- Good progress had been made in respect of significant control issues identified in the Annual Governance Statement. The outcome of work undertaken would be reported to the committee’s next meeting in April 2009;
- Unsatisfactory progress made by some North Lincolnshire primary schools submitting Financial Management in Schools (FMSiS) self assessments by the agreed timetable and the implications of this. 44 primary schools were due to submit their assessments during the two years ending on 31 March 2009, but to date only 22 had done so. Head Teachers would be reminded of the need to submit their self-assessments on time, and a report prepared by Children’s Services summarising the position would be submitted to the Schools Forum on 21 January 2009;
- Progress being made on the counter fraud assessment action plan agreed at the September 2008 meeting of the committee (minute 88 refers)
- A project plan for the implementation of the new audit management system had been developed and work was ongoing to configure and populate the system;
- Strategic risk position statements had been reviewed (minute 98 refers)and operational risk registers were being updated;
- A public liability claim was successfully defended saving the council £27k. A failure to educate claim had been dropped which should also save the council £40-£50k in damages;
- Training for members on Governance and Counter Fraud arrangements held in November 2008 had been well received and would be offered again in February 2009, and
- An assessment of the Comprehensive Area Assessment – Use of Resources had been carried out for the criteria on Internal Control. This showed the framework was challenging but did not introduce much new criteria placing a strong emphasis on compliance with arrangements already in place.
Resolved – That the progress report be noted.
96 (65) EXTERNAL AUDIT REVIEW OF INTERNAL AUDIT – The Service Director Finance submitted a report which considered the External Audit (Audit Commission) review of Internal Audit.
The report explained that under the requirements of the International Standard on Auditing (ISA (610)) External Audit were required to review the Internal Audit function. The review considered whether Internal Audit complied with the required professional standards and whether External Audit could place reliance on Internal Audit work for their own audit responsibilities. Proper internal audit practices were defined in CIPFA’s Code of Practice for Internal Audit in Local Government in the UK 2006. Under the Accounts and Audit Regulations (2003) Internal Audit must comply with the Code’s requirements.
The Audit commission’s report on the review was attached as appendix A to the report. It concluded that the council’s Internal Audit function had met the requirements of all standards set out within the above Code, and External Audit could rely on Internal Audit’s work for their audit responsibilities. Some opportunities for improvement were identified in appendix 2 of the Audit Commission’s report. This included ensuring that the impact and mitigation of control failures on financial statements and risks relating to fraud and error were clear on all reports and in audit files. Reasons for control failures were clearly documented in all cases.
Resolved – (a) That External Audit’s report be noted, and (b) that updates on progress made against the action plan be reported at future meetings of the committee.
97 (66) USE OF RESOURCES 2009 UPDATE – Further to minute 85, the Service Director Finance submitted a further report on the new Use of Resources judgement which together with Managing Performance, formed the organisational assessment in the new Comprehensive Area Assessment (CAA). The report provided the committee with an evaluation of how the council would measure against tougher benchmarks identified, and what action needed to be taken to meet at least a score of 2, ‘minimum requirements, performing adequately’.
To ensure that external auditors could meet tighter deadlines for making their judgement the assessment would begin in January 2009 (before the council could put in place all of its improvements for 2008/09), with a later refresh. A self-assessment was not required, but auditors would indicate new information or evidence they required to form a judgement. This ostensibly would reduce the inspection burden on councils. The new approach was more judgement based, but crucially the scored judgements on the Key Lines of Enquiry (KLOE) were not open to challenge. There may be an arrangement for requesting a review of the overall score, but it was difficult to see how the combination of fixed KLOE scores could lead to alternative overall scores.
The Service Director referring to minute 85, explained that the Audit Commission had now issued KLOE guidance on the characteristics of performance for level 2 and level 3 within the CAA. An analysis had been undertaken of the council’s likely performance under this assessment. This indicated that there were some areas that needed further development to meet the required standards which included:
- Systems needed to be developed to manage better and inform our use of natural resources;
- Issues on data security needed to be resolved, in particular the introduction of a security policy and completion of the Government Connect project;
- The council was able to deliver efficiencies in line with the target of £3.25m in 2008/09 but needed to take decisive action to achieve the balance of our savings target of around £10m in the next two years;
- There needed to be clear and consistent linkages between the Strategic Plan and all other council strategies in terms of policy, finance, etc;
- Several aspects of the management of partnerships needed to be developed further, such as data quality, risk, governance and financial monitoring;
- The council’s complaints policy needed to be reaffirmed, and
- A commissioning strategy needed to be developed.
Action plans had been produced to address the above needs.
Resolved – That the report be noted.
98 (67) STRATEGIC RISK CONTROLS – The Service Director Finance submitted a report which informed the committee of the outcome of a review of the adequacy of the council’s strategic risk controls and research into best practice undertaken to ensure all relevant risks had been considered. Strategic risks were defined as ‘those risks, which would significantly impair the achievement of the council’s principal aims and objectives, core service delivery and overall probity’
The report explained that 19 strategic risks had been identified and developed by the council’s Strategic Risk Management Group (SRMG), each having an assigned lead officer (Chief Executive, Service Director or Strategy Development Manager). A position statement was also prepared for each risk showing the triggers and consequences, current controls and control improvements planned. These were reviewed regularly.
Appendix A to the report showed an evaluation of the residual risk after controls had been applied to all strategic risks based on likelihood and impact scoring (high = 3, low = 1). This provided an overall score for each risk illustrated using ‘traffic light’ indicators (red = high risk, green = low risk). The adequacy of controls identified to manage risks had also been evaluated using the same ‘traffic light’ indicators. The analysis showed that the council had adequate controls in place to manage all its strategic risks (either good or satisfactory) apart from ‘Serious breach of information integrity, confidentiality and availability’. This strategic risk had been evaluated as amber/red (satisfactory/inadequate). Many of the related issues identified would be addressed as part of Government Connect implementation and a comprehensive action plan in place.
The Service Director also stated that ALARM (the National Forum for Risk Management in the Public Sector) commissioned extensive benchmarking surveys. His report identified results and a comparison between the last two surveys carried out. The top risks shown in the survey were included in the council’s strategic risk register, indicating that the register was comprehensive and considered all appropriate risks expected to be faced by a single tier authority.
Resolved – (a)That the evaluation of the council’s Strategic Risk Register be noted, and (b) that further progress report be submitted to the next meeting of this committee.
99 MEMBER TRAINING – UPDATE – Further to minute 91, the Service Director Finance updated the committee informing it that a further a half day training event on ‘Governance and counter-fraud’ had been arranged for all members of the council on 2 February, 2009. He also requested that members of the committee give consideration to any relevant training needs that they may have, so that they could be built into the member development programme for 2009/10. The Service Director, together with representatives of the external auditors present at the meeting, suggested that further training on the council’s final accounts could be arranged for members of the committee if so desired.
Resolved – (a) That the position be noted, and (b) that the above proposed training on the council’s final accounts be arranged for the committee, to be delivered jointly by the Service Director Finance and the council’s external auditors.