Agenda and draft minutes

There had been circulated copies of the Minutes of the Meetings held on 23 November 2022 and 12 December 2022.

DECISION

(a)       AGREED to approve the Minute of the Meeting held on 23 November 2022 for signature by the Chair; and,

(b)       AGREED to approve the Minute of the Meeting held on 12 December 2022 for signature by the Chair.

Consider update on Audit Committee actions.  (Copy attached.)

2.1       There had been circulated copies of the Audit Committee Action Tracker which was presented by the Chief Officer Audit and Risk.

2.2       With reference to paragraph 7 of the Minute of the Meeting of Audit and Scrutiny Committee held on 22 November 2021, two of four Internal Audit actions were implemented which related to software upgrade including data migration and refreshing of the business continuity policy.  Two actions remained related to resources and training, and to the programme of testing.  The action related to the Business Continuity Framework would remain on the action tracker until the completion of the two remaining Internal Audit actions.

2.3       With reference to paragraph 13 of the Minute of the Meeting of Audit and Scrutiny Committee held on 27 June 2022, the Audit Committee Skills and Knowledge Development Session had been delivered on 2 February 2023 and there was a Development Session scheduled on Annual Audit Committee Self-Assessment.  The Chief Officer Audit and Risk advised that further development sessions for 2023 would be scheduled and that a proposal would be presented to the Audit Committee for its next meeting.

2.4       With reference to paragraph 3 of the Minute of the Meeting held on 12 September 2022, a further update on progress on remaining audit actions for the Learning and Disability Service was scheduled for the March meeting of Audit Committee.

2.5       With reference to paragraph 6 of the Minute of the Meeting held on 12 September 2022, the Chief Officer Audit and Risk advised that reports were presented in the business of the meeting on Counter Fraud Controls Assessment and an update on progress on National Fraud Initiative and the actions would be marked as complete.

2.6       With reference to paragraph 4.4 of the Minute of the Meeting held on 23 November 2022, discussions had taken place with officers in the Corporate Performance team and a report on progress of actions in the external audit report 2021-22 on the Best Value Action Plan would be presented at the next meeting of the Audit Committee.

DECISION

(a)       AGREED:

(i)        that a schedule of further Audit Committee Development Sessions for 2023/24 be prepared;

(ii)       that the action related to Audit Scotland National Fraud Report 2022 be marked complete; and

(b)       NOTED progress on the action tracker.

Consider presentation on corporate risks by Chief Executive.

3.1       The Chair introduced Chief Executive to give a presentation on corporate risks.  Mr Robertson presented with a slide outlining the organisational structure and its directorships.  SBC managed approximately 5,500 staff, a revenue budget of £344 million, a capital plan of £500 million, and 137 discrete functions within the structure.  The risk management landscape covered the following areas:

·                Environmental (geography, rurality and energy risks)

·                Legal (statutory obligations, current and future legislation)

·                Technological (new and emerging technologies, and cyber-security)

·                Social (demographics, poverty levels, and public health and wellbeing)

·                Economical and financial climate (market conditions and funding)

·                Political (government policies, international disruption)

3.2       Mr Robertson explained that Risk Management was not a one off process but was a continuous exercise which reflected that business priorities were subject to change and that risks, their internal controls and their mitigation actions changed also.  A Corporate Risk Register was reviewed quarterly by the Council Management Team where ‘red’ category risks were reviewed quarterly, ‘amber’ risks were reviewed every six months and ‘green’ risks were reviewed annually.  All Corporate and Service Risk Registers were recorded on the Pentana System to enable reporting.  Mr Robertson presented slides from the Risk Register to demonstrate how they were monitored, the description of risks, the risk owner and the last review dates.  Further Corporate Risk presentations were to be given to Audit Committee with regards to Property, Capital Projects, Climate Change, and Children and Young People and Adults at Risk of Harm.  Mr Robertson presented a detailed insight into Corporate Risk 032 Climate Change under Outcome One: Clean, Green Future.  The insight showed how the risk was managed, who managed the risk and the approach for how the risk was to be managed.  The Climate Change risk was assessed as a ‘red’ risk.  Further detailed insights were provided into Corporate Risk 019 Children and Young People/Learners Placement under Outcome Two: Fulfilling our Potential which was assessed as a ‘red’ risk; Corporate Risk 027 Capital Project under Outcome Three: Strong, Inclusive Economy, Transport and Infrastructure assessed as an ‘amber’ risk; Corporate Risk 030 Stakeholder Engagement under Outcome Four: Empowered, Vibrant Communities assessed as an ‘amber’ risk; and Corporate Risk 016 Insufficient Resources for the Delivery of the Commissioning Plan under Outcome Five: Good Health and Wellbeing assessed as an ‘amber’ risk.  Mr Robertson advised that the development of the National Care Service for Scotland provided uncertainty and had been identified as a new risk for SBC.  Corporate Risk 022 Corporate Change and Transformation under Outcome Six: Working Together Improving Lives was presented which was assessed as an ‘amber’ risk. 

3.3       Members thanked the Chief Executive for the presentation who answered questions on the Corporate Risk Register.  Mr Robertson explained that where risks presented did not have a named ‘Assigned To’ person, the risk reverted to being the named director as ‘Risk Owner’.  Some risks identified by SBC had limited actions that SBC could take based on resources or scope of the Council.  The Chief Officer Audit and Risk provided further explanation  ...  view the full minutes text for item 3.

Consider report by Acting Chief Financial Officer.  (To follow.)

There had been circulated copies of a report by Acting Chief Financial Officer that presented the proposed Treasury Management Strategy for 2023/24 for consideration prior to Council approval.  The Treasury Management Strategy was the framework which ensured that the Council operated within prudent, affordable limits in compliance with the CIPFA Code.  The Strategy for 2023-24 which was to be submitted to Council on 23 February 2023 was included in Appendix 1 of the report and reflected the impact of the Administration’s draft Financial Plans for 2023-24 onwards on the prudential and treasury indicators for the Council.  The Acting Chief Financial Officer advised that a significant change from 2022-23 strategy was an increase in the Capital Financing Requirement (CFR) of £29.093m as a result of reprofiling of the debt liability repayments of the Council’s PPP contracts as at 1 April 2023.  The increase in the CFR would continue to be reduced by the revised repayments after each Service Concession Arrangement contract had expired until the end of the revised period.  The proposed adjustments to the accounting treatment associated with the PPP contracts had flowed to the treasury management strategy presented to the Committee.  The Acting Chief Financial Officer presented the report and answered Members’ questions.  Explanations of the calculation of debt limits was provided.   The debt limit provided was underpinned by calculations worked with the SBC debt advisors and the operational boundaries were self-regulated.  SBC treasury advisors, Link, provide support to ensure compliance with regulations accounting practices related to the indicators contained within the strategy.  It was suggested that written confirmation from the SBC treasury advisors that there was compliance procedures were in place and were adhered to.

DECISION

AGREED to RECOMMEND to COUNCIL the draft Treasury Management Strategy for 2023/24 for approval.

Consider report by Chief Officer Audit and Risk.  (Copy attached.)

There had been circulated copies of a report by Chief Officer Audit and Risk that presented the findings and necessary actions arising from the Integrity Group’s assessment of counter fraud controls.  The Council was committed to minimising the risk of loss due to fraud, theft, corruption or crime and to taking appropriate action against those who attempted to defraud the Council, whether from within the authority or from outside.  Tackling fraud was not a one-off exercise, but a continuous process across all parts of the Council because the service delivery processes it underpinned were continuous.  Tackling fraud was an integral part of good governance within the Council, to safeguard the Council’s resources for delivery of services, as part of protecting the public purse.  The primary responsibility for the prevention, detection and investigation of fraud rested with Management, supported by the Integrity Group, whose purpose was to improve the Council’s resilience to fraud, theft, corruption, and crime.  One way it could achieve that was self-assessing of the Council’s arrangements against best practice and agreeing any appropriate actions to continuously improve the arrangements in place.  Part of the Audit Committee’s role was to oversee the framework of internal financial control which included the assessment of fraud risks and to monitor counter fraud strategy, actions and resources.  Assurances about the effectiveness of the Council’s existing systems and arrangements for the prevention, detection and investigation of fraud could be taken from the outcomes contained within the report.  The Chief Officer Audit and Risk referred to the Cyber Security Maturity Assessment undertaken that has delivered recommendations on how to enhance and increase the effectiveness of current controls and identify areas where resilience against persistent threats could be improved. Members discussed the role of the Integrity Group in assessing emergent risks including working from home.  The Chief Officer Audit and Risk referred to previous reports from Audit Scotland that covered emergent risks related to arrangements made during the Covid-19 pandemic and that the Integrity Group had reviewed relevant arrangements and presented assurance reports to the Audit Committee.

DECISION

(a)       NOTED the findings from the Integrity Group’s assessment of counter fraud controls 2022/23 in response to fraud risks; and,

(b)       AGREED to endorse the ongoing Management actions to enhance the Council’s resilience to fraud, as summarised in the Action Plans set out in Appendices 1 and 2 of the report.

Consider report by Chief Officer Audit and Risk.  (Copy attached.)

There had been circulated copies of a report by Chief Officer Audit and Risk that presented the outcomes of the completion of the self-appraisal checklist by the Integrity Group, as part of the Council’s participation in the National Fraud Initiative (NFI) 2022-2023 Exercise.  The Council was committed to minimising the risk of loss due to fraud, theft, corruption or crime and to taking appropriate action against those who attempt to defraud the Council, whether from within the authority or from outside.  The primary responsibility for the prevention, detection and investigation of fraud rested with Management, supported by the Integrity Group.  Part of the Audit Committee’s role was to oversee the framework of internal financial control which included the assessment of fraud risks and to monitor counter fraud strategy, actions and resources.  Assurances about the planning and initial preparations for the Council’s participation in the National Fraud Initiative (NFI) 2022-2023 Exercise could be taken from the Actions and Self-Appraisal contained within the report.  The Chief Officer Audit & Risk highlighted that the remaining questions on the Self-Appraisal would be completed and reviewed by the Integrity Group in alignment with the phases within the timetable of the National Fraud Initiative 2022-2023 exercise. The Chair expressed gratitude for progress made on the National Fraud initiative.

DECISION

NOTED:

(a)       the Progress Update by the Integrity Group on Management Actions in response to the Recommendations arising from the ‘National Fraud Initiative in Scotland 2022’, as summarised in the Action Plan set out in Appendix 1 of the report; and,

(b)       the outcomes of the completion of the Self-Appraisal Checklist by the Integrity Group as part of the Council’s participation in the National Fraud Initiative 2022-2023 Exercise, as set out in Appendix 2 of the report.

Consider report by Chief Officer Audit and Risk.  (Copy attached.)

7.1       There had been circulated copies of a report by Chief Officer Audit and Risk that provided members of the Audit Committee with details of the recent work carried out by Internal Audit and the recommended audit actions agreed by Management to improve internal controls and governance arrangements.  The work Internal Audit had carried out in the period from 1 November to 31 December 2022 associated with the delivery of the approved Internal Audit Annual Plan 2022-23 was detailed in the report.  A total of 5 final Internal Audit reports had been issued.  There were 9 recommendations made associated with 4 of the reports (3 Medium-rated; 6 Low-rated).  An Executive Summary of the final Internal Audit assurance reports issued, including audit objective, findings, good practice, recommendations (where appropriate) and the Chief Officer Audit and Risk’s independent and objective opinion on the adequacy of the control environment and governance arrangements within each audit area, was shown in Appendix 1 of the report.  The SBC Internal Audit function conformed to the professional standards as set out in Public Sector Internal Audit Standards (PSIAS) (2017) which included the production of the report to communicate the results of the reviews.

MEMBER

Councillor Robson joined the meeting during discussion of the item.

7.2       The Chief Officer Audit and Risk summarised the report and answered Members’ questions.  Ms Culley, Senior Internal Auditor, explained that ParentPay reimbursement related to the reimbursement of service charges being made to school accounts.  With regards to succession planning in aging workforce, the Chief Officer Audit and Risk advised that this common issue was being raised as part of regular conversations with the Director People Performance and Change.  With regards to best value in respect of passenger transport procurement, the Chief Officer Audit and Risk advised that a multi-faceted approach was taken to best value which included community benefit, sustainable and secure provision which was taken into account.

DECISION

NOTED:

(a)       the Executive Summaries of the final Internal Audit assurance reports issued in the period from 1 November to 31 December 2022 associated with the delivery of the approved Internal Audit Annual Plan 2022-23;

(b)       the Internal Audit Consultancy and Other Work carried out in accordance with the approved Internal Audit Charter; and,

(c)       the assurance provided on internal controls and governance arrangements in place for the areas covered by this Internal Audit work.