Agenda and minutes

Minute of Meeting of the Audit and Risk Committee held on 18 January 2016 to be approved and signed by the Chairman.  (Copy attached.)

1.1       There had been circulated copies of the Minute of 18 January 2016.

DECISION

APPROVED for signature by the Chairman.

1.2       With reference to the recommendation in paragraph 6(b) of the Minute, Mr Swann was asked to follow this matter up and report to the next meeting of the Audit and Risk Committee.

DECISION

NOTED.

Presentation by Service Director Regulatory Services on the strategic risks facing the services and the internal controls and governance in place to manage/mitigate those risks to demonstrate how risk management is embedded within services.  (Verbal presentation)

The Service Director Regulatory Services, Mr Brian Frater, was in attendance to brief the Committee on the strategic risks facing the various sections within Regulatory Services and to explain the internal controls and governance in place to manage and mitigate those risks.  Hand-outs were distributed at the meeting to supplement the presentation. Mr Frater explained that he currently managed eight areas of the service, namely Assessor and Electoral Registration; Audit and Risk; Health and Safety; Housing Strategy and Services; Legal and Licensing; Passenger Transport; Planning and Related Services; and Regulatory Services (which included Environmental Health and Trading Standards).  In his role, Mr Frater was also the Council's Senior Information Risk Owner (SIRO) and the Monitoring Officer.  Risk Registers for each of the services were developed through the Business Planning Process and were owned by Service Managers within that service.  The Registers were reviewed by the Service Director and Management Team and when necessary, risks were escalated to the Corporate Management Team (CMT).  Mr Frater referred to the key overarching issues facing Regulatory Services, namely financial pressures; unpredictability of the economy; increased demands and expectations; Government policies and legislation; and new operating models such as SB Cares and other ALEOs, Trusts etc.  A number of key risks were identified for internal facing services and these were listed as health and safety non-compliance; legislative failure; data breach (both in how the organisation handled data and in respect of ALEOs); and breaches of the Councillors' Code of Conduct.  Risks challenging the outward facing services related to failure to demonstrate continuous improvement, and in some cases this could include a Penalty Clause imposed by the Government; failure to monitor and enforce in areas such as dog control, food premises and private water supplies; and failure to inspect and maintain bridges and structures.  In terms of managing these risks, Mr Frater explained that this was achieved by effective project/programme and change management which was applied across the Council within the business planning process.  Appropriate and effective training was delivered to support this process and self-evaluation, peer review, inspections and both internal and external scrutinisation also played an important role.  Regular monitoring of performance measures was also carried out to ensure that risk was being managed effectively.  Mr Frater responded to Members' questions in relation to how the Risk Register was monitored, the way in which consistency of approach was delivered and the positive manner in which training had become embedded within services.  He advised that there were circumstances when a level of tolerance of risk was necessary and this was considered as part of the process to deliver efficiencies.  The Chairman thanked Mr Frater for his presentation.

DECISION

NOTED the presentation.

Consider a report by Chief Officer Audit & Risk on recent work carried out by Internal Audit, including the recommended audit actions agreed by Management to improve internal controls and governance arrangements, and internal audit work currently in progress.   (Copy attached)

3.1       With reference to paragraph 4 of the Minute of 18 January 2016, there had been circulated copies of a report by the Chief Officer Audit and Risk which provided details of the recent work carried out by Internal Audit, the recommended audit actions agreed by management to improve internal controls and governance arrangements and internal audit work currently in progress.  During the period 1 January to 29 February 2016, a total of six final internal audit reports had been issued.  There were 4 recommendations made (0 Priority 1 High Risk, 3 Priority 2 Medium Risk, and 1 Priority 3 Low Risk) specific to two of the reports.  Management had agreed to implement the recommendations to improve internal controls and governance arrangements.  An executive summary of the final internal audit reports issued, including audit objectives, findings, good practice, recommendations and the Chief Officer Audit and Risk’s independent and objective opinion on the adequacy of the control environment and governance arrangements within each audit area, was detailed in the Appendix to the report.  Ms Stacey advised that in addition to the Internal Audit work currently in progress, the Chief Officer Audit and Risk had also been appointed as the Chief Internal Auditor for the Health and Social Care Integration Joint Board (IJB) and would be working with the Board and its partners to support its governance.

3.2       With regard to the review of Financial Governance – Creditors Payments, Ms Stacey explained that the purpose of this was to ensure that payment processes at a Service level for both Proactis and non-Proactis source systems were accurate and appropriately authorised.  During the Audit, management had initiated a project to replace the core Financial and HR Systems by 2017.  Ms Stacey informed Members that an interim audit report had noted a lack of clarity and highlighted some inconsistency within the financial systems in relation to delegation levels of authority for approving and payment of orders and invoices.  These issues would be addressed by 31 March 2016.  Some control weaknesses had been identified within the existing systems scheduled for replacement.  The recommendations therefore focussed on the scope of the project, the inclusion of work to address these issues during the development process and the assurance that appropriate guidance and corporate policies were in place to support the new systems.  Ms Stacey advised that the Management response stated that there had to be a significant culture change around the recognition and application of financial governance across the organisation and the new system in order to resolve the weaknesses.

3.3       A review of the Council's Information Governance had been undertaken to examine the framework, roles and responsibilities, policy development and implementation in place.  Following the establishment of the Information Governance Group (IGG) and the development of the Information Governance Improvement Plan (IGIP), there had been fewer than anticipated meetings of the Group and subsequent concern that insight gained during the development of the governance framework would be lost.  It had been noted that the IGG had met  ...  view the full minutes text for item 3.

Consider the key messages from the Accounts Commission report 'Major Capital Investment in Councils – Follow-Up' which was published in January 2016. This targeted follow-up audit assesses to what extent councils have improved performance in managing their capital investment programmes and projects since the 2013 Accounts Commission report 'Major capital investment in councils' which was published together with the ‘Good practice guide’ as part of the Commission’s How Councils Work series of improvement reports for councillors and officers and the ‘Good practice checklist for project managers’. (Copy attached)

4.1       There had been circulated copies of a follow up report by Audit Scotland on major capital investment by Councils across Scotland.  It was explained that the previous audit report published in 2013 had made a number of recommendations and the current follow up report assessed the extent to which Councils had improved their performance in respect of managing their capital investment programme and projects and summarised the actions taken by Councils between 2012/13 and 2014/15.  Generally the report recognised the improvements that had been made to date and those still in progress to further develop Council strategies and plans. However, it was also recognised that additional work was required in a number of areas, as detailed in the report and appendices.  With reference to the report before the Committee, cognisance was taken of actions implemented to strengthen monitoring of capital investment programmes, the use of Accounts Commission checklists and the application of lessons learned to new capital projects.

4.2       A number of recommendations were made in the report before Committee, namely that Councils should: ensure that business cases complied with good practice and that these were monitored and reviewed for all capital projects; carry out regular post-project evaluations to establish whether planned benefits had been realised; plan for key stage project reviews to provide assurance on progress and early identification of potential problems; and sharing lessons learned both within the organisation and with other Councils.  Members noted the position within Scottish Borders Council and the areas for improvement as stated for Capital Projects within the Appendix to  item 3 Internal Audit Work 2015/16 to February 2016.  The report also identified the requirement to provide Elected Members with regular and accurate information to enable them to undertake their scrutiny role and the report went on to detail the ways in which Councils should develop their capital monitoring reporting for this purpose.  Again, Members noted that there were a number of sound examples of good practice across SBC.  Discussion followed and officers replied to Members' questions.  The Chief Financial Officer advised that the Administration Finance and Resources Working Group (AFRWG) also had a role in terms of monitoring the funding of capital investment programmes.  The Council's flood protection planning was given as a sound example of the effectiveness of monitoring and tracking of processes and it was acknowledged that information about how these internal controls were applied could be better communicated to the general public.

DECISION

NOTED the report.

Consider a report by Chief Officer Audit & Risk on the updated Internal Audit Charter for approval that defines the terms of reference for the Internal Audit function to carry out its role and to enable the Chief Officer Audit & Risk to prepare an annual internal audit opinion on the adequacy of the Council’s overall control environment. (Copy attached)

            With reference to paragraph 10 of the Minute of 23 March 2015, there had been circulated copies of a report by the Chief Officer Audit and Risk, presenting Members with the updated Internal Audit Charter for approval.  Ms Stacey advised Members that the Charter had been amended to include improvement actions identified in the PSIAS self-assessment in 2015/16; the external quality assessment carried out by Renfrewshire Council as reported to the Committee in November 2015; and corporate management changes that had affected the Audit and Risk service.

            DECISION

            AGREED to approve the updated Internal Audit Charter.

Consider a report by Chief Officer Audit & Risk on proposed strategic direction to deliver Internal Audit assurance and support services and on proposed Internal Audit programme of work 2016/17 to enable preparation of an annual internal audit opinion on the adequacy of the Council's overall control environment.  (Copy attached)

There had been circulated copies of a report by the Chief Officer Audit and Risk seeking approval for the Internal Audit Strategy and Internal Audit Plan 2016/17 to enable the preparation of the annual internal audit opinion on the adequacy of the Council's overall control environment.  Ms Stacey explained that the Internal Audit function followed the professional standards as set out in the Public Sector Internal Audit Standards (PSIAS) and required the establishment of risk-based plans to determine the priorities of internal audit activity and that these plans were capable of reflecting the changing risks and priorities within the organisation.  The Internal Audit function also included the requirement to provide senior management and Elected Members with independent and objective assurance on internal control, risk management and governance to support and improve the Council's operation.  The Internal Audit Strategy was laid out in Appendix 1 to the report and the Internal Audit Annual Plan 2016/17 was detailed in Appendix 2.  Ms Stacey explained that Internal Audit's programme of work would be scheduled in detail from the Annual Plan, with further input from Management in terms of timing and scope.  Members questioned the savings for Audit and Risk when more work has been taken on by Internal Audit in respect of SB Cares and the Health and Social Care Integration Joint Board.  Future Internal Audit Annual Plans would give consideration to these issues and to how improved delivery methods would potentially reduce the level of risk and change the way in which the Internal Audit service was provided.  Members were assured that a transparent internal audit requirement would be built into any Service Level Agreement with ALEOs.

DECISION     

AGREED to approve the Internal Audit Strategy and Internal Audit Annual Plan 2016/17.

Consider report by KPMG on how they will deliver their audit for Scottish Borders Pension Fund for the year ended 31 March 2016 including the opinions on the financial statements. (Copy attached)

            There had been circulated copies of a report by KPMG, the Council's external auditor which summarised the role of KPMG, the scope and purpose of the work to be undertaken and significant audit risks and other focus areas for consideration.  Mr Swann, KPMG's Engagement Manager summarised the findings contained in the report, advising that Materiality had been set at £470k (2% benchmark).  Three areas of significant audit risk were listed in the report: fraud risk from management override of controls; fraud risk from income recognition; the valuation of investments. The report noted that the majority of investments were currently held in listed securities and that further verification of these investments would be carried out to provide maximum assurance of their valuations.  Mr Swann answered a question in relation to the Valuation of Assets, explaining that there were various levels of valuation which could be used.

DECISION

NOTED the report.

Consider report by KPMG on interim findings from their review of Key Systems of Internal Control in connection with their audit for the year ended 31 March 2016 and associated Management Action Plan. (Copy attached)

            There had been circulated copies of an interim management report and audit status summary for the year ending 31 March 2016 by KPMG.  The report provided an update of the results of the control framework testing, overarching governance and systems controls, along with KPMG's assessment of the key risks and other focus areas for the year.  Four recommendations had been made in respect of minor observations and these related to organisational policies, bank reconciliations, journal authorisation and Financial Information System (FIS) new user forms.  Management actions had been agreed in all cases and Members were advised that the Council's Financial Regulations and associated policies and procedures would be reviewed and updated as part of the project to implement the new Business World ERP system. Mr Swann answered a question with reference to Health and Social Care Integration, and explained that there was a requirement for the Integration Joint Board to provide audited accounts.  Thiswas likely to take effect from the date that Parliament approved the Scheme of Integration.  Further information would be presented to the Committee in due course.

DECISION

NOTED the report.

Consider the key messages from the Accounts Commission report 'Procurement in Councils Impact Report' which was published in February 2016. The Impact Report explains how its audit report ‘Procurement in Councils’ published in April 2014 has been used by stakeholders including the Scottish Parliament, Scotland Excel and Councils. Both full reports are available on the Accounts Commission website. (Copy attached)

            There had been circulated copies of a report by the Accounts Commission which was published in February 2016 that explains how its audit report on "Procurement in Councils" published in April 2014 has been used by stakeholders including the Scottish Parliament, Scotland Excel and Councils. The report detailed the aims, objectives, key messages and recommendations from the original audit.  Discussion followed and Mr Swann confirmed that the regulations governing procurement within Councils had become increasingly complex, advising that Scottish Borders Council had continued to remain compliant.  A Procurement Workshop facilitated for Elected Members in September 2015 had been well received but it was noted that a number of Members had been unable to attend at that time.  It was therefore intended to repeat the workshop to give all Members an opportunity to attend. 

DECISION

NOTED the report.

Consider the overview report by the Accounts Commission published in March 2016 which draws on the findings from local government audit work in 2015, including audits of 2014/15 financial statements, Best Value, Community Planning and performance.

            There had been circulated copies of a report by the Accounts Commission published in March 2016, presenting an overview of local government in Scotland in 2016 which drews on the findings from local government audit work in 2015, including audits of 2014/15 financial statements, Best Value, Community Planning and performance.  The Chief Financial Officer summarised the report, advising that this was generally very positive whilst recognising the challenges facing Councils.  The report contained a number of key messages.  These were that: Members would be faced with increasingly difficult decisions to make about how to spend reducing budgets; Councils would need to re-evaluate options for changes in service delivery; customer satisfaction had declined in some areas of service delivery and Councils would need to consider ways to improve ratings in the face of further budget reductions; the impact of workforce reductions and the potential loss of knowledge and skills would have to be considered; the Council and partners would need to respond to the Community Empowerment (Scotland)  Act 2015, involve local communities more in the decision-making and delivery of services to meet local needs; and the skills and knowledge that Members needed to fulfil their increasingly complex role required regular updating to ensure that they were able to challenge and scrutinise decisions and performance.  A general discussion followed and Members noted that the establishment of SB Cares was included in the report as an example of a new ALEO.

DECISION

NOTED the report.

11.1     There had been circulated copies of reports by the Accounts Commission on ‘Health and Social Care Integration’ and ‘Changing Models of Health and Social Care’ which were published in December 2015 and March 2016 respectively.  The former report detailed the key messages and recommendations and noted that this was the first of three planned audits of this major reform programme.  This report noted that all integration authorities would be operational by the statutory deadline of 1 April 2016 and the required governance and management arrangements would be in place by this deadline.  Significant risks had been identified and these would need to be addressed to ensure the effective delivery of health and care services in the future.  Difficulties in agreeing budgets and uncertainty about longer term funding meant that strategic plans, with clear targets and timescales, had not yet been finalised. Other risks were contained in this report, including the different terms and conditions of service for Council and NHS staff and the recruitment and retention of GPs and care staff. The latter report assessed how NHS boards, councils and partnerships might deliver services differently in the future to meet the needs of the population. This report highlighted examples of some of the new approaches to providing health and social care aimed at shifting the balance of care from hospitals to more homely and community-based settings. It also considered some of the main challenges to delivering the transformational change needed to deliver the Scottish Government’s 2020 Vision for health and social care and actions required to address them.

            DECISION

            NOTED the reports.

11.2     There had been circulated copies of a report by the Health and Social Care Partnership Integration Joint Board Chief Financial Officer, Mr Paul McMenamin, updating Members on the progress made within the Health and Social Care Integration (H&SCI) programme to date.  The report outlined the outcome of a compliance assessment of the work undertaken within the Scottish Borders against the legislative provisions within The Public Bodies (Joint Working) Scotland Act 2014 and the subsequent recommended best practice guidance issued by the Scottish Government/Integrated Resources Advisory Group (IRAG).  Mr McMenamin explained that the shadow year for the Integration Joint Board (IJB) was approaching its end and the assessment of progress was to provide assurance over the appropriateness and comprehensiveness of the work undertaken to date and to identify where further work was required.  The report explained that the IJB would comply with the public sector good practice governance and its Scheme of Integration set out the detail of the arrangement between Scottish Borders Council and NHS Borders.  Mr McMenamin advised that there were areas of work outstanding and these, along with the work completed and in progress, were detailed in Appendix 1 to the report.  All required arrangements will have been approved/established during the first year of operation of the IJB.   Members noted that £793k of savings were still to be identified in the Financial Plan for 2016/17.  In terms of assurance of efficiency of resources,  ...  view the full minutes text for item 11.