Agenda and minutes

The Chairman welcomed those present to the meeting and introduced Mr Michael Middlemiss, the external member of the Audit and Scrutiny Committee.

DECISION

NOTED.

Minute of Meeting of the Audit and Scrutiny Committee held on 25 September 2017  to be approved and signed by the Chairman. (Copy attached.)

There had been circulated copies of the Minute of 25 September 2017. 

DECISION

APPROVED for signature by the Chairman.

Ms Stacey explained that there was provision in the Scheme of Administration for three non-voting external members to be appointed to the Audit and Scrutiny Committee duringconsideration of Audit matters only.  Currently, there were two vacancies with Mr Middlemiss holding the third appointment.  The appointments were for a three year term and it was agreed that this be included for discussion at the next meeting of the Committee.

DECISION

AGREED that the appointment of external members to the Audit and Scrutiny Committee be considered at the next meeting of the Committee.

Presentation by Service Director Assets & Infrastructure on the strategic risks facing the service and the internal controls and governance in place to manage/mitigate those risks to demonstrate how risk management is embedded within services.(Verbal presentation.)

4.1       The Chairman welcomed Mr Martin Joyce, Service Director Assets and Infrastructure to the meeting.  Mr Joyce explained that included within Assets and Infrastructure were Service Risk Registers for Catering; Cleaning/Facilities; Capital Projects; Design Services (Engineering and Architecture); Environment; Estates; Fleet; Property; Roads; and Waste.  These Registers had been developed through the Business Planning Process and were owned by the Service Managers.  Reviews were carried out by the Service Director and the Management Team and risks were escalated to the Corporate Management Team as necessary.  There were a number of key overarching issues affecting the service including – financial pressures and the requirement for increased efficiency; time/cost/quality/inflation; increased demands and expectations; Government Policies and Legislation; Change Management; staffing resources; and a historical lack of investment.  There were also a number of key risks facing the service.  From an internal perspective, these included Health and Safety; Legislative Failure; Data Breach; Breach of Codes of Conduct; and non-compliance with policies/procedures; and SOs.  Mr Joyce advised that there were a number of external risks, namely Third Party failures involving contractors and design teams; contract management of projects; failure to inspect and maintain assets such as buildings, bridges and roads; and statutory/legislative compliance.  Mr Joyce reported that a range of measures in place to manage these risks such as effective project and programme and change management; change control and financial monitoring; the development of KPIs and inclusion of risk and regular monitoring as a key aspect of Business Planning; training, self-evaluation, peer review, inspections and scrutiny.  As part of his presentation, Mr Joyce gave examples of the Risk Registers for Hawick FPS and Jedburgh ICC.

4.2       In response to questions, Mr Joyce advised that in terms of Fleet, two names were required on the operating license.  A member of staff was currently acting up to this role on an interim basis to fill a vacancy as the Council had been unsuccessful in recruiting to the post.  This approach would increase team resilience and go some way to improving succession planning.  Mr Joyce confirmed that Health and Safety data was being transferred to LEXI and that measures such as the wearing of body cameras were in place to address operational risk.  Members were advised that following an incident in Liberton when a wall collapsed, SBC inspected every freestanding wall within the Council Estate, including boundary and retaining walls and went on to explain that 20% of property was inspected year on year, allowing the service to respond further if required.  Mr Joyce explained that in terms of project management, Tier 1 referred to the main contractor and Tiers 2 and 3 related to sub-contractors or so forth down the supply chain.  Mr Joyce clarified which organisations were responsible for buildings, depending on whether the building was shared or how it was operated and confirmed that SBC could provide specific expertise should this be required.  Managing Risk was monitored regularly and Mr Joyce gave examples of the scope and competency of Risk Registers across the service.  ...  view the full minutes text for item 4.

Consider a report by Chief Officer Audit & Risk on findings from recent work carried out by Internal Audit, including the recommended audit actions agreed by Management to improve internal controls and governance arrangements, and other work in progress to deliver the approved Internal Audit Annual Plan 2017/18.   (Copy attached)

5.1       With reference to paragraph 6 of the Minute of 25 September 2017, there had been circulated copies of a report by the Chief Officer Audit and Risk which provided details of the recent work carried out by Internal Audit and the recommended audit actions agreed by Management to improve internal controls and governance arrangements.   The work Internal Audit had carried out during the period 1 September to 27 October 2017 was detailed in the report attached to the Agenda.  It was noted that during the period, a total of four final Internal Audit reports were issued. There was one recommendation made and this has been accepted by Management for implementation. An Executive Summary of the final Internal Audit reports issued, including audit objective, findings, good practice, recommendations (where appropriate) and the Chief Officer Audit and Risk’s independent and objective opinion on the adequacy of the control environment and governance arrangements within each audit area, was included in Appendix 1 to the report.  The SBC Internal Audit function conformed to the professional standards as set out in Public Sector Internal Audit Standards (PSIAS) effective 1 April 2013 including the production of this report to communicate the results of the reviews.

5.2       Reference was made to the Internal Audit Final Assurance Reports detailed in the Appendix to the report.  Members were advised that, in terms of the Implementation of the Community Empowerment (Scotland) Act 2015, finalised Local Outcomes Improvement Plans and Locality Plans for the five localities in the Scottish Borders area had been due for publication on 1 October 2017.  This deadline had not been met as the Community Planning Strategic Board had not, at that time, approved the final version of the Community Plan.  With reference to the Revenues (Council Tax) Assurance Report, one recommendation had been made that Management should re-evaluate the introduction of periodic reviews of claims for Single Occupancy Discount and to ensure that appropriate anti-fraud measures were in place.  The LEADER and European Maritime and Fisheries Fund (EMFF) review was assessed for compliance with the requirements of the new Service Level Agreement (SLA) and EC Regulations for the Programme for the period 2014 – 2018.  Members were informed that there was now financial risk on Scottish Borders Council due to the potential for disallowance and fines and that the scale of exposure to financial risk would be included in a report to Council in February 2018. 

DECISION:

NOTED:

(a)     the final assurance reports issued in the period from 1 September to 27 October 2017 associated with the delivery of the approved Internal Audit Annual Plan 2017/18;

(b)     the Internal Audit consultancy and other work undertaken in this period; and

(c)     the assurance provided on internal controls and governance arrangements in place for the areas covered by this Internal Audit work.

Consider a report by Chief Officer Audit & Risk on the status of the implementation by Management of audit recommendations made and agreed in Internal Audit reports during 2017/18 and previous years (Copy attached)

            There had been circulated copies of a report by the Chief Officer Audit and Risk providing an update and overview to the Committee on the status and implementation by Management of audit recommendations previously agreed in Internal Audit reports.  Information relating to Internal Audit recommendations which had not yet been fully implemented was detailed in the Appendix to the report and Members noted that the completion dates for a number of these had been extended.  Discussion followed and Ms Stacey advised that recommendations were now assigned more realistic timescales for completion.  There were two overdue recommendations relating to Roads Management and Mr Joyce advised that these were linked to the ongoing Roads Review and changes in senior management personnel.  Work was now in progress to consolidate ICT and improve processes and reporting.  With regard to the Road Maintenance Manual, Mr Joyce confirmed that a draft Manual had been developed and he would arrange for an interim update to be provided to Members.  Ms Stacey answered questions relating to the format of the Appendix and advised that, with regard to the delay in implementation of recommendations relating to Corporate and Social Work Complaints, the original due date had been over-ambitious but Officers were now more confident that the new date was achievable.

DECISION

ACKNOWLEDGED satisfaction with the progress made by Management in implementing audit recommendations.

Consider a report by Chief Officer Audit & Risk on progress Internal Audit has made during the first half of the year towards completing the Annual Plan 2017/18 and an outline of performance.  (Copy attached)

With reference to the Minute of the Audit and Risk Committee of 28 March 2017, there had been circulated copies of a report and Appendix by the Chief Officer Audit and Risk informing the Committee of progress made towards completing the Internal Audit Plan for 2017/18 up to 30 September 2017.  The report summarised the statutory obligations for Internal Audit and requirements of the Public Sector Internal Audit Standards and explained the Objectives of Internal Audit were set out in its Charter and formed part of Scottish Borders Council system of Corporate Governance.  Ms Stacey reported that good progress had been made during the first six months of the year and that Internal Audit was on target to complete its Annual Plan 2017/18.  This was the first mid-term report that had been presented to the new Audit and Scrutiny Committee since the Local Government elections in May 2017 and Ms Stacey explained the format of the Appendix.  With regard to Financial Governance, the Payroll, Sales to Cash, Procure to Pay and Record to Report audit headings in this category were now processes within the Business World ERP system and would in future be included in integrated reviews.  The work would be carried out in stages and presented back to the Committee in due course.  Ms Stacey introduced Ms Diane Cockburn who had taken up post as Internal Auditor and explained that recent changes in staffing now meant that Internal Audit resources were in place to deliver the Internal Audit Annual Plan 2017/18 in full.  With reference to new General Data Protection Regulations (GDPR) that came into effect in May 2018, Ms Stacey confirmed that the Council’s Information Governance Group (IGG) met regularly and had agreed to the setting up of a Project Group to consider GDPR issues.  Ms Stacey responded to further questions raised by Members.

DECISION

(a)       APPROVED the progress made by Internal Audit in completing the Internal Audit Annual Plan 2017/18.

(b)          ACKNOWLEDGED that it was satisfied with the performance of the Internal Audit service.

Consider mid-term report by Chief Financial Officer on the Council’s Treasury Management activities undertaken during first half of financial year 2017/18 for review and scrutiny prior to Council approval.   (Copy attached.)

            There had been circulated copies of a report by the Chief Financial Officer presenting the mid-year report of treasury management activities for 2017/18 to Audit and Scrutiny Committee in line with the requirements of the CIPFA Code of Practice including Prudential and Treasury Management Indicators.  The report was required as part of the Council’s Treasury management regime and indicated that Treasury activity during the six months to 30 September 2017 had been undertaken in full compliance of the Treasury and Strategy.  The Appendix to the report contained an analysis of the performance against targets and proposed revised estimates of the indicators in light of the 2016/17 outturn and experience during 2017 to date.  An additional financial indicator had been included in Annex A of the Appendix under Affordability Indicator (PI-3) to show the Ratio of Financing Costs to Net Revenues including PPP financing and repayment costs.  Members requested clarification on a number of points contained in the Appendix and these were answered by officers.  

DECISION

(a)        NOTED that treasury management activity in the six months to 30 September 2017 was carried out in compliance with the approved Treasury Management Strategy and Policy.

(b)       AGREED that the Mid-Year Treasury Management Report 2017/18, as detailed in the Appendix to the report, be presented to Council for approval of the revised indicators.