Agenda and draft minutes

RESOLVED that the minutes of the meeting held on 19 March 2024 be confirmed and signed by the Chair as a true record.

Councillor Pat Vaughan declared a Personal Interest with regard to the agenda item titled 'Statement of Accounts 2023/24'. His Granddaughter worked in the Finance Department at City of Lincoln Council.

Michelle Hoyles, Business Manager Corporate Policy and Transformation:

1. presented a report to inform Audit Committee that the Annual Governance Statement (AGS) had been prepared, a copy of which was attached at Appendix A of the report

2. explained that as required by statute the AGS would be appended to the Council’s Statement of Accounts

3. advised that no new significant issues had been identified for inclusion in the AGS 2023/24, and as such the document concluded that governance arrangements at City of Lincoln Council remained effective

4. explained that during the annual review, six governance issues, whilst not meeting the threshold to be ‘significant’ were identified for monitoring over the coming year in order that they could be addressed. These related to the following areas:

·       Contract Management

·       IT Asset Management

·       Lincoln Project Management Model

·       Use of Support Services

·       Capacity of frontline support services and recruitment challenges

·       Lincoln Performance Management Framework

e.    advised that the new RAG rating for the seven CIPFA core principals were detailed in part 2 of the AGS

f.      referred to part 3 of the AGS and advised that there was one action which related to Lincoln Project Management Model, on the basis that the other five governance issues proposed for monitoring already had actions in place through other mechanisms

7. invited members questions and comments.

Question: With reference to core principle E in relation to staff retention and recruitment, which areas of the Council were most affected?

Response: It was mainly professional services or technical areas that were affected for example, Audit, Legal, Finance and Building Control. Recruitment had recently improved in some areas.

Question: Would the AGS report need updating due to the recent recruitment of the Principal Auditor?
Response: The report would not be updated as it was prepared at a point in time for the previous Audit Committee which was cancelled due to the pre-election period because of the General Election.

RESOLVED that the contents of the Annual Governance Statement 2023/24 be noted and incorporated into the Council’s draft Statement of Accounts.

RESOLVED that the order of business be changed to run as follows:

• Information Governance Statement
• Risk Management
• Exclusion of Press and Public
• Information Governance Statement – Appendix A
• Risk Management - Appendix B
• Inclusion of Press and Public
• The agenda to continue unchanged from Item 4 onwards

Sally Brooks, Data Protection Officer:

a.    presented a report to update Audit Committee on progress made with Information Governance monitoring the Council’s compliance with data protection legislation including the General Data Protection Regulation, the Data Protection Act 2018 and the Freedom of Information Act 2000

b.    highlighted that update reports were submitted to Audit Committee on a bi-annual basis. The last report was provided on 12 December 2023

c.    provided details of the following key areas:

·         Data Protection Training (Risk 1)

·         Data Protection Reform ( Risk 3- Policies and Procedures)

·         Retention and Disposal of Personal Data ( Risk 5)

·         Data Subject’s Rights (Risk 8)

·         Freedom of Information Requests

·         Annual Governance Statement (AGS)

d.    invited members questions and comments.

Question: Was the Freedom of Information service a cost to the Council and if so, how much did it cost?

Response: Freedom of Information was a statutory duty and there was a cost associated with resource and staffing. There was not a specific budget as it  was included as part of employees day to day job role. A log was kept on how much staff time was spent on freedom of information requests, however, this was not equated to how much it cost.

Question: How would AI be used throughout the Council and what was the timeline for having AI policies in place?

Response: AI would be a useful tool across many areas of the Council. There was a tool within the Office 365 suite that could be used in the future, but this would not be authorised until the policies were implemented by the Council. There was a lot of  ongoing research into AI to ensure that it could be used and that the policies in place were effective.

RESOLVED that the content of the report be noted.

Jaclyn Gibson, Chief Finance Officer:

1. reported on the risk management framework adopted by the Council and risk management activity during the last 12 months

2. advised that the Council’s Risk Management Strategy was presented for members information, had recently been reviewed based on a risk appetite methodology approach to the management of the Council’s risks, to reflect the environment in which it operated

3. explained that the Strategic Risk Register for 2023/24 was initially formulated by the Corporate Leadership Team and presented to Executive and Performance Scrutiny Committee. The initial register contained 14 risks, which remained constant throughout 2023/24 as detailed at paragraph 4.2 of the report

4. outlined the framework of the risk management strategy in further detail, covering the following main topic areas:

5. reported that there was an audit scheduled to be completed in 2024/25 in quarter 2 with the following scope:

6. requested members consideration on the content of the report.

RESOLVED that the risk management framework adopted by the Council and the risk management activity undertaken during the year be noted.

You are asked to resolve that the press and public be excluded from the meeting during the consideration of the following item(s) because it is likely that if members of the press or public were present, there would be disclosure of ‘exempt information’

RESOLVED that the press and public be excluded from the meeting during consideration of the following item(s) of business because it was likely that if members of the public were present there would be a disclosure to them of ‘exempt information’ as defined by Section 100I and Schedule 12A to the Local Government Act 1972.

Minute number 5  included details of the discussion associated with this item.

(Only Appendix A Information Governance Risk Register was contained here as exempt information.)

RESOLVED that Appendix A (Exempt Information) be accepted.

Only Appendix B Strategic Risk Register was contained here as exempt information.

RESOLVED that Appendix B (Exempt Information) be accepted.

RESOLVED that the press and public be included back into the meeting.

Amanda Stanislawski, Audit Manager:

1. presented the Internal Audit Progress Report to Audit Committee, incorporating the overall position reached so far and summaries of the outcome of audits completed against the audit plan up to 15 May 2024, as detailed at Appendix A

2. highlighted that Audit Committee held the responsibility for receiving a regular progress report from Internal Audit on the delivery of the Internal Audit Plan as a key requirement of public sector internal audit standards

3. detailed the content of the report covering the following main areas:

4. updated that an Auditor and a Principal Auditor had been recruited to the team

5. invited members’ questions and comments:

Question: With reference to the Contract Management audit, were Officers satisfied that the actions had been undertaken?

Response: Yes, Officers were satisfied that the actions were being undertaken.

Question: Referred to the IT Asset Management audit and commented that some of the key observations overlapped with the IT Cyber Security audit for example mobile phones had been identified within the Asset Management audit as a significant risk so if mobile phones were not adequately secure then this increased the risk of cyber security attacks.

Response: The Asset Management audit was a specific audit with a narrow scope looking purely at the management of IT assets including inventories and security. The Cyber Security audit looked at the wider aspects of cyber security covering governance, training, network and risk. Whilst it did include some aspects of device management it was purely from a cyber security angle.

Question: Did Officers require any support from the Audit Committee?

Response: No support was required at present.

Question: Had guidance been produced on what constituted as a high risk contract?

Response: Yes, a process had been developed and was being rolled out across the Council.

Question: Was it possible that when staff left the authority that assets were not being returned?

Response: There was a process in place for staff leaving the authority but this was an issue across the authority and was being addressed.

Question: Were the actions within the staff recruitment, selection and retention audit being implemented?

Response: Yes, most had been implemented and were making good progress.

RESOLVED that the report be accepted.

Amanda Stanislawski, Audit Manager:

a.    presented an update to Audit Committee on outstanding agreed actions

b.    referred to Appendix A attached to the report which provided details of relevant audits, outstanding recommendations, agreed actions and the current position/explanation from the Service Manager

c.    explained that within the report there were currently 1 High action and 35 Medium actions remaining to be implemented, there were no overdue actions for limited or low reports

d.    advised that there were 3 reports where the actions had all been implemented. These were Housing Benefit Subsidy, NNDR and Treasury Management

e.    invited members questions and comments.

Question: The chasing up of outstanding actions was time consuming for Audit staff. In cases where no progress was being made, would it be appropriate to request that the Service Manager attend Audit Committee to answer why the outstanding issues had not been implemented?

Response: This could be an option for those that had not responded to requests by the Audit Team. It could be raised with the Chair when the report was being prepared for the next meeting.

Comment: Concerned that some of the outstanding actions were long overdue.

Response: There were valid reasons for why the outstanding actions were overdue.

The Chair suggested that the Service Manager for Housing Allocations and Homelessness be invited to attend a future meeting of Audit Committee if the outstanding recommendations had not been addressed before hand.

RESOLVED that

1.    updates on Audit Recommendations report be noted.

2.    the Service Manager for Housing Allocations and Homelessness be invited to attend a future meeting of Audit Committee if the outstanding recommendations had not been addressed before hand.

Amanda Stanislawski, Audit Manager:

a.    presented the Annual Internal Audit Report to the Audit Committee for comments

b.    explained that the purpose of the Annual Internal Audit Report as outlined at Appendix A was to provide a summary of Internal Audit work undertaken during 2023/24, timed to support the Annual Governance Statement by providing an opinion on the organisation’s governance, risk management and internal control environment

c.    highlighted that:

·         The three areas, Governance, Risk, Internal Control and Financial Control, where there had been the highest level of assurance had been provided. They were working well having no concerns that significantly affected the governance framework and successful delivery of the Council priorities.

·         Internal control was assessed as performing adequately – some improvements were identified over the Council’s Governance, Risk and Control Framework. This was due to a number of factors which included there being two Limited Assurance reports and resource capacity which could have an impact on the internal control environment

d.    explained that there had been no restrictions on the scope of the work to be undertaken; the reduction in time due to vacancies within the team throughout the year had been covered through the employment of consultants and removal of items from the plan

e.    advised that the performance of the Internal Audit Service remained good with 87% of the revised plan being completed and a high level of customer satisfaction. Performance had been impacted due to capacity in some areas including audit span and the ability to chase management responses.

f.     invited members questions and comments.

Question: Some audits had been removed from the plan due to the capacity within the Audit team. Would these be looked at for future audits?

Response: Yes, they would be risk assessed and prioritised and would be included in the audit plan if necessary.

Question: Now that the Audit Team was fully staff, would the whole audit plan be covered?

Response: Yes, subject to no further changes within the Team.

Question: Only 30% of management responses were received within 10 days. Therefore responses were not being received. Was it time consuming for the Audit Team to chase responses?

Response: The delay in responses was due to staff capacity across the authority. The Audit Team would have more time to chase responses now that it was fully staffed.

RESOLVED that the contents of the report and appendices be noted.

Amanda Stanislawski, Audit Manager:

a.    presented a report to update Audit Committee on the performance against the 2023/24 Counter Fraud Work Plan and the outcomes of pro-active fraud work and investigations

b.    summarised the number of fraud cases during 2023/24 compared to the previous year and advised that overall, there had been a general increase in cases this year

c.    gave an overview of the progress that had been made against completing the actions within the Counter Fraud Action Plan as detailed at paragraph 3.2 of the report

d.    advised that the fraud risk register contained 24 risks, none were red, 12 were amber and 12 were green. The highest rated were IT/Data/ Cyber Fraud and Council Tax

e.    invited members questions and comments.

Question: When would the Fraud Training for members take place?

Response: It was scheduled for October 2024.

Question: Why had there been an increase in most cases this year?

Response: There had been an improvement in data sources available which allowed for better data matching.

Question: Why had whistleblowing decreased? Were staff concerned about reporting?

Response: Whistleblowing related to reports from the public for example reporting single person discount claims. This needed re- categorising within the report.

RESOLVED that the contents of the report be noted.

Amanda Stanislawski, Audit Manager:

a.    presented a report to update Audit Committee on the performance against the 2023/24 Counter Fraud Work Plan including the outcomes of pro-active fraud work and investigations and the fraud risk register

b.    summarised the number of fraud cases during 2023/24 compared to the previous year and advised that overall, there had been an increase in most cases this year. Details were provided at paragraph 3.1 of the  report

c.     gave an overview of the progress that had been made against completing the actions within the Counter Fraud Action Plan as detailed at paragraph 3.2 of the report

d.    further updated members on the following areas of work that were still in progress. These included Single Person Discount Rolling Review, Self Assessment against the Counter Fraud Strategy and Counter Fraud Training

e.    invited members questions and comments.

RESOLVED that the contents of the report be noted.

Jaclyn Gibson, Chief Finance Officer updated that since the publication of the Audit Agenda there had been a change in Government and work could not be continued on this until the new Government announced their policy. It was still useful to provide the following information to committee:

a.    presented the Audit Committee with a summary of the recent consultation undertaken by the Department for Levelling Up, Housing and Communities (DLUHC) for addressing the Local Audit backlog in England

b.    detailed the background to the local audit back log and advised that a consultation and proposal was issued on 8 February 2024 to clear the audit backlog for English councils. The General Election was called before the results of the consultation were released

c.     gave an overview of the proposed package of measures within the consultation as detailed at paragraph 3 of the report

d.    advised that the Council was in a favourable position compared to many other authorities as all financial accounts up to and including 2022/23 had been completed by external audit and it had received a positive value for money statement up to 2022/23

e.    invited members questions and comments.

RESOLVED that the Addressing the Local Audit Backlog in England consultation and the potential implications for the Council be noted.

Jaclyn Gibson, Chief Finance Officer:

1. presented the draft Statement of Accounts for the financial year which ended 31 March 2024, together with a short summary of the key issues reflected in the statutory financial statements for scrutiny

2. highlighted the summary of key issues within the below areas in the Financial Statements:

·       The Comprehensive Income and Expenditure Statement

·       The Balance Sheet

·       Cross Cutting Key Issues

3. recommended that Audit Committee scrutinise the draft Statement of Accounts

4. invited members questions and comments.

Comment: The Council’s financial position looked positive.

Response: Yes, the Council performed well in 2023/24. There was a contribution to the reserves and an underspend on both the Housing Revenue Account and General Fund. However, it was uncertain times at present and Officers remained cautious.

Question: What assets were disposed of apart from Right to Buys?

Response: It was only Right to Buys disposed of in 2023/24, there were no other sale of assets that year.

Question: How were the inconsistencies with the use of Lincoln Project Management Model on projects being addressed?

Response: The project governance arrangements would be reviewed and updated, to ensure that all projects were being implemented in full accordance with the Lincoln Project Management Model (LPMM) and that use of the LPMM was consistent.  The LPMM would be reviewed over the coming year.

RESOLVED that the Statement of Accounts be received and comments made by the Committee be noted.

Rashpal Khangura, KMPG, External Audit:

a.    presented a report to receive and comment upon the External Audit Value for Money Risk Assessment for the year ending 31 March 2024, which assessed whether there were any significant weaknesses in the Council’s arrangements to secure Value for Money

b.    outlined the risk assessment processes which included obtaining an understanding of the key processes that the Council had in place, including financial management, risk management and partnership working arrangements

c.     explained that KPMG had evaluated the design controls in place for a number of the Council’s systems, reviewed reports from external organisations and internal audit and performed inquiries of management

d.    advised that no significant risk had been identified for any of the relevant domains of Financial Sustainability, Governance and Improving economy, efficiency and effectiveness

e.    invited members questions and comments.

RESOLVED that the content of the Draft Value for Money Risk Assessment be noted.

Jaclyn Gibson, Chief Finance Officer:

a.    presented a report to inform members of the Audit Committee on the work programme for 2024/25 as detailed at Appendix B of the report

b.    referred to paragraph 3 of the report which highlighted the changes to the work programme

c.    advised that the Audit Committee Terms of Reference was attached at Appendix A of the report for information

d.    updated that two Independent Members would formally be appointed to the Audit Committee at Council on 16 July 2024 and would be in attendance at the September Audit Committee

e.    invited members questions and comments.

Question: Would the Audit Committee’s Terms of Reference be updated to reflect the changes to the membership of the committee?

Response: The Terms of Reference had been updated and would be agreed at Council on 16 July 2024.

RESOLVED that the contents of the Audit Committee work programme 2024/25 be noted.