Agenda and minutes

RESOLVED that the minutes of the meeting held on 27 September 2018 be confirmed.

Please note that, in accordance with the Members' Code of Conduct, when declaring interests members must disclose the existence and nature of the interest, and whether it is a disclosable pecuniary interest (DPI) or personal and/or pecuniary.

No declarations of interest were received.

Pat Jukes, Business Manager, Corporate Policy:

a.    presented a progress update on those areas identified as ‘significant governance issues’ as set out in the 2017/ 18 Annual Governance Statement (AGS), which Audit Committee had a role to review

b.    stated that the report provided details of the monitoring arrangements for the significant internal control issues raised in the latest AGS

c.    advised that the key actions would be reviewed by the Service Manager’s Group as well as monitored by the Audit Committee

d.    reported that just one significant issue, Information Management remained which was now considered by the responsible officer to be amber;

e.    highlighted the following five areas not considered as significant issues although a retained a focus was still required, as detailed at Appendix A to the report:

·         Partnership Companies

·         Loss of Compliance to Lincoln Project Management Model

·         Western Growth Corridor

·         Use of Professional Advice

·         Responsible Officers

f.     requested that members of Audit Committee give consideration to the content of the report.

Members discussed the report in further detail and raised the following main points:

·         What was the time frame for ensuring that the contractors were applying GDPR to the same standards as the Council?

: The aim was to achieve full knowledge of the extent of changes needed by the end of the financial year in March, however, this may need to be extended further than this to achieve the changes in all contracts.

·         How many contractors were there?

There was a large number of contractors, the exact number could be circulated to Members after the meeting.

·         Was GDPR part of the new contracts?

: Yes it was included as part of all new contracts.

RESOLVED that the content of the report be noted and monitoring arrangements be continued.

Sally Brooks, Data Protection Officer :

a)    presented an update on the progress of Information Management and the continued implementation of the EU General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA)

b)    referred to Appendix A of the report and advised that the GDPR Action Plan had been amended to the Information Governance IG/GDPR Ongoing Action Plan

c)    advised that the GDPR Group were prioritising ongoing compliance including building and improving completed actions, and gave details of the following areas where a lot of work was required:

·         Training

·         Data Protection Impact Assessments (DPIA)

·         Policies, Guidance and Procedures

·         Contract Review for GDPR Clauses

·         Record of Processing Activities (ROPA)

·         Individual Rights/ Retention

d)    also discussed the project in relation to the following  

·         Senior Information Risk Officer (SIRO)

·         AGS

·         Vison 2020

e)    invited members’ questions and comments

·         Why was there no mention of financial implications in the report if there were resource issues?

: Resource issues were being raised at the moment and the GDPR Group were monitoring this closely and considering the options going forward.

Jaclyn Gibson, Chief Finance Officer added that CMT (Corporate Management Team) was not aware of any resource issues and this needed to be considered by CMT using the correct procedures.

·         Was there any opportunity for partnership working?

: There was a countywide forum involving the 7 District Councils and County Council  which met regularly and corresponded on joint issues.  There were also plans to continue to work more closely with West Lindsey District Council and North Kesteven District Council and a meeting would be held in January.

·          How did the amount of resources available compare to other Authorities?

: Data Protection Officers in other Authorities did have a Deputy Data Protection Officer to assist them and officers within the team with specific IT expertise.There was only 1 part-time Data Protection Officer who did not have a team but did have the assistance of the GDPR Group.

·         Had the Authority received any assistance from the LGA on contracts with joint suppliers?

: The LGA had provided some guidance but they had not contacted suppliers on behalf of Local Authorities in general.

RESOLVED that

1.    the report and action plan be noted

2.    the resourcing issues be raised with the Corporate Management Team

3.    an update report be brought back to the next committee meeting

John Scott, Audit Manager presented an update on all overdue recommendations over 12 months old. He advised that Matt Smith, Business Development and IT Manager was unable to attend this meeting due to unforeseen circumstances but would attend the next meeting to provide an update on IT Disaster Recovery and IT Applications.

Matt Hilllman, Maintenance Manager gave the following update on Fleet Management.

·         The process to implement the Telematics System had taken 3 years which had included a 2 year and 8 month consultation exercise with the Trade Unions.

·         Following the negotiations the Operatives were asked to vote on the Telematics System and Driver Protocol, the result of the vote was yes.

·         The proposals were then taken to the HR Trade Union Meeting, followed by Employee Joint Consultative Committee and Executive where it was approved.

·         Quotes for the telematics system had been approved by the Procurement Officer and Legal Services. 

·         The fitting of the system would commence next week and would be completed by January.

Members of the committee discussed the report in further detail and raised the following main points:

·         Was progress being made on the IT recommendations?

Some of the recommendations could not be completed quickly, however, progress was being made. Matt Smith, Business Development and IT Manager would attend the next Audit Committee to provide an update.

·         Could an Officer attend to provide an update on the progress of the Restoration of Boultham Park?

: Caroline Bird, could be asked to attend the next Audit Committee to provide an update.

RESOLVED that

1.    the report be noted.

2.    the following officers be invited to attend the next Audit Committee to provide an update:

·         Caroline Bird – Restoration of Boultham Park

·         Matt Smith - IT Disaster Recovery and IT Applications

Jaclyn Gibson, Chief Finance Officer

a.    presented a report with information regarding the reporting arrangements in relation to risk mitigation and recommendations

b.    advised on the background as detailed at paragraph 2 of the report.

c.    summarised that the Council’s Risk Management Strategy provided a framework and process that enabled the Council to manage uncertainty in a systematic, effective, consistent and efficient way.

d.     highlighted the areas where a risk register was required:

·         Strategic Risks

·         Significant Directorate Operational Risks

·         Key Projects and programmes determined by the Vision 2020 and Project Management guidance.

·         New service strategies that had a greater impact on people, finance and the Council

·         Key partnerships and contracts

e.    advised that in addition to the production of risk registers all key decisions presented to the Executive must clearly show the key risks associated with the decision, the potential impact and how these would be managed

f.     highlighted the reporting arrangements for risk registers at paragraph 3.5 of the report which were set out in the Risk Management Strategy.

g.    referred to paragraph 3.6 of the report and advised on the roles and responsibilities of the both Members and Officers as defined in the Risk Management Strategy.

h.    further added that the specific roles and responsibilities of the Audit Committee was set out in its Terms of Reference.

i.      referred to paragraph 3.8 and detailed the monitoring reports received by the Audit Committee to fulfil the requirements of the Terms of Reference.

RESOLVED that the reporting arrangements for risk mitigation and recommendations and its role in ensuring the effective operation of the risk management framework be noted.

John Scott, Audit Manager:

a.    presented the Internal Audit Progress Report to Audit Committee, incorporating the overall position reached so far and summaries of the outcome of audits completed during the period  as detailed at Appendix A

b.    highlighted that Audit Committee had the responsibility for receiving a regular progress report from Internal Audit on the delivery of the Internal Audit Plan as a key requirement of the public sector internal audit standards.

3. advised that the report covered the following main areas:

4. highlighted audits carried out in the following areas given assurances as follows:

·         Commercialisation – Substantial Assurance

·         IT Applications – Limited Assurance

·         City Lottery – Advice

5. reported on other significant work ongoing in relation to:

·         De Wint Court

·         Culture Review

·         Dynamic Planning

·         Counter Fraud

·         Northamptonshire County Council – Financial Issues

·         Private Sector Housing HMO Licensing & Hazards – Follow up

6. advised on audits currently in progress as detailed at Appendix 2 of the report and audit plan amendments approved by the Interim Chief Finance Officer at paragraph 6

7. provided performance information against targets for the 2018/19 audit year at 30 November 2018 as detailed at Appendix 4 

Members discussed the content of the report in further detail and raised the following main points:

·         Referred to Commercialisation and asked why Land Acquisition reports were considered in private at Executive when the Council should be transparent?

: Land Acquisition reports were considered in private as the reports contained sensitive information which could affect the deal that was being negotiated. All land sales were declared and the information would be in the public domain.

RESOLVED that the contents of the report and continuation of further monitoring arrangements be noted.

John Scott, Audit Manager:

a.    presented a report to review the effectiveness of internal audit benchmarking against best practice and audit standards.

b.    advised that a member/officer review group was established to review documents in detail and provide feedback to the Audit Committee.

c.    summarised the areas and suggested actions that were agreed by the review group and were subject to further consideration by Audit Committee:

·         Audit Standards Review

·         QAIP – The Quality and Improvement Plan

·         Quality Reviews

·         Performance

·         Feedback

·         Terms of Reference / Charter

·         Resources

·         Assurance Lincolnshire – Making the Most of Our Partnership

RESOLVED that the points raised from the review of effectiveness be noted.

John Scott, Audit Manager

a.    presented a review of the effectiveness of the Audit Committee benchmarking against CIPFA best practice.

b.    advised that CIPFA had recently published new guidance for public sector audit committees and it was therefore felt that it was an appropriate time to undertake a review.

c.    advised that the review was split into different areas covering:

·         Terms of reference

·         Work programme comparison to terms of reference

·         The main CIPFA self-assessment

·         Training – Core areas of knowledge and skills

·         Effectiveness of the Audit Committee (adding value section)

d.    referred to paragraph 3 of the report and advised that these areas and suggested actions were agreed by the review group and were subject to further consideration by the Audit Committee:

·         Assurance on Value for Money Arrangements

·         Ethics – Ethical Values and Engaging with Other Committees

·         Review of Governance Arrangements for Significant Partnerships

·         External Auditors Annual Assessment Review

·         Follow Up (Track) External Audit Recommendations

·         Annual Audit Committee Report – Ensure Approved via Audit Committee if Possible

·         Oversight of Other Public Reports

·         Core Knowledge and Skills

·         Understanding and ‘Promotion’ of Local Code of Corporate Governance and AGS

·         Implementation of Audit Recommendations

·         Public Interest Entity – Requirements

RESOLVED that the contents of the report be noted.

John Scott, Audit Manager:

1. presented his report on counter fraud arrangements 2018/19 6 months for members’ consideration, which covered the following main areas:

2. updated members on the key messages in relation to the LCFP, areas of progress in 2018/19, and partnership priorities for the remainder of the year as highlighted within paragraph 3 of his report

3. highlighted City of Lincoln Council activity in relation to counter fraud arrangements at paragraph 4 of the report

4.  advised that updated statistics would be circulated following the meeting.

Members of the Committee discussed in detail the contents of the report and raised the following main points:

·         Referred to the table at paragraph 4.17 of the report and asked why the levels of insurance claims were significantly higher in 2016/17 than other years?

There was a large levels of arson in 2016/17, the levels of insurance claims were currently low but would increase throughout the year.

RESOLVED that the contents of the report be noted.

John Scott, Audit Manager

a.    presented the revised Anti-Money Laundering Policy for comment prior to referral to Executive for approval.

b.    advised that the Council’s Money Laundering Policy aimed to ensure compliance with the law and manage risks appropriately around certain business transactions.

c.    explained that the policy had been updated to reflect slight changes in the regulations (2017)The Money Laundering Reporting Officer (MLRO) and deputies remained the same.

d.    advised that the limit on cash transactions, subject to approval, remained at £2,000. Amounts above this would be authorised by the MLRO (or deputy). Assistant Directors and managers authorised cash transactions up to £2,000. If there was a series of large cash payments below £2,000 these would be referred to MRLO.

e.    referred to Appendix A of the report and advised that additional guidance had been included to help support officers in managing transactions and understand the reporting process.

RESOLVED that the revised Money Laundering Policy be referred to Executive for approval.

John Scott, Audit Manager

a.    presented the revised Counter Fraud and Anti-Corruption policy/ strategy for comment prior to referral to Executive for approval.

b.    advised that the Council’s counter fraud policy/strategy was updated in 2016 to reflect the latest guidance from CIPFA (Chartered Institute for Public Finance and Accountancy) and DCLG (Department for Communities and Local Government). The 2018 review ensured the strategy was up to date and also updated the action plan.

c.    summarised Annex A of the report and highlighted the changes to the roles and responsibilities.

d.    advised that the policy/strategy reflected the limited resources available to the Council risks/actions aimed to maximise efficiency and effectiveness where possible.

RESOLVED that the revised Counter Fraud Strategy be referred to Executive for approval.

John Scott, Audit Manager

a.    presented the Audit Committee with its 2018/19 work programme

b.    invited members’ questions and comments.

RESOLVED that the 2018/19 work programme be noted.