Agenda and minutes

To confirm the Minutes of the last meeting of the Audit Committee held on 15 November 2016 (to be laid on the table half an hour before the meeting).

The Minutes of the meeting of the Audit Committee held on 15 November 2016 were confirmed as a correct record and signed.

To receive apologies for absence from Members.

Apologies for absence were received from Cllrs Nick Holder and David Round.

To receive from Members, declarations of interests in relation to any items included on the Agenda for this meeting, in accordance with the Waverley Code of Local Government Conduct.

There were no disclosures of interest received from Members.

The Chairman to respond to any questions received from members of the public of which notice has been duly given in accordance with Procedure Rule 10.

The deadline for receipt of questions for this agenda is 5pm on Tuesday 14 March 2017.

There were no questions from members of the public.

There were no matters falling within this category.

The background papers relating to the following items are as set out in the reports included in the original agenda papers.

Iain Murray and Sophia Brown, from external auditors Grant Thornton, introduced the Committee to its certification work for the Housing Benefit Subsidy return for the year 2015/16.

They explained that they were required to certify certain claims and returns submitted by Waverley. The only claim requiring auditor certification for 2015/16 was the Council’s claim for housing benefit subsidy, and the report summarised the outcomes of this work.

As part of their work, Grant Thornton had identified a small number of low value individual errors regarding claimants’ Housing Benefit calculations including incorrect entry of earned income values, incorrect entry of rent values and incorrect application of Local Housing Authority rates.

These errors triggered a requirement for Grant Thornton to undertake further testing before determining whether they were able to adjust and/or issue a qualification. The outcome was that the 2015/16 claim was amended prior to certification, with the impact of the amendments being to reduce the total subsidy claimed by a net £119. The number of errors was similar to previous years, and there was nothing of significance or cause for concern.

Iain Murray explained that the nature of this certification work was heavily prescribed by the Department of Work & Pensions (DWP), and there was no threshold of materiality; therefore a qualification letter had been sent to the DWP.

The Committee asked about the possible causes of the errors. The Strategic Director of Finance & Resources, responded that these related to the classification of data, and there was a subjective element to the interpretation of guidance that could lead to data entry errors. Regular quality checks were conducted within the department, and the total value of the errors were relatively small in the context of the overall claim of £29.6m.

Iain Murray explained that the additional sampling work undertaken would have an impact on the final fee, and this had been agreed with the Head of Finance.

RESOLVED that the Certification report for 2015/16 be noted.

Grant Thornton to present the Committee with

i.          the Certification report for 2015/16; and

ii.         the External Audit Plan for 2016/17, as attached.

The Committee was presented with the latest draft version of the Grant Thornton External Audit Plan for the Council for 2016/17 which gave an overview of the planned scope and timing of the audit.

Iain Murray drew the Committee’s attention to the business context for the audit plan (developments, key challenges and financial reporting changes); materiality thresholds, which remained the same as for 2015/16; significant risks, as defined by professional standards; other financial risks (key areas of outgoings, valuation of fixed assets and pension liability, changes to the presentation of the accounts); Value for Money considerations; and the independence check.

In completing his summary of the Plan, Iain Murray advised the Committee that a family member of a Waverley councillor was employed by Grant Thornton; however, that employee had not, and would not, work on the Waverley Audit, and had no access to the Waverly audit files.

Cllr Hyman expressed a concern that the risk identified in relation to development and regeneration and the response, on pages 4 and 14 of the External Audit Plan, relied on information provided by the Council, and he felt that there were additional issues that Grant Thornton should be aware of including the validity of the planning consent for the Brightwells development.

Iain Murray responded that the role of the External Auditors was to assess how the Council identified and managed risks in relation to policy decisions, and they were not qualified to assess if the planning consent was valid.

The Chairman pointed out that Cllr Hyman’s views were different to those of the Council, and suggested that he could forward a letter to the External Auditors if Cllr Hyman wrote to him setting out his concerns.

With regards to the Local Plan, Iain Murray explained that in contrast to the previous two years, significant progress had been made with the submission of the Draft Local Plan for examination. It was felt that the key issue now was the decision in relation to the Dunsfold Park planning application, which had been called-in. The statement of risks in relation to the Local Plan and Dunsfold Park could be re-visited if circumstances changed during the course of the audit process, but the Audit Plan represented the view as at the time  of writing.

In response to questions from the Committee, Iain Murray confirmed that the External Audit Plan was in  line with the requirements of the Local Audit and Accountability Act 2014 and in accordance with the National Audit Office Code of Practice 2015. The Value for Money conclusion was based on criteria set out in National Audit Office guidance for 2016/17 issued in November 2016.

Cllr Hyman advised that Waverley’s Opposition Group had concerns in relation to performance against the sub-criteria detailed on page 12 of the Audit Plan.

With regard to the audit timeline, the Chairman noted that it was very tight, and it was important that the Committee had the report on the final accounts in time to review them thoroughly before the  ...  view the full minutes text for item 45.

The Audit Committee’s terms of reference include provision for the Committee to comment on the progress made in the achievement of the Internal Audit Plan. An update on the current position of the reviews for 2016/17 is presented.

Recommendation

It is recommended that the Committee notes

1.         the progress of the Internal Audit Plan 2016/17, as attached at Annexe 1; and

2.         endorses the proposed deferrals shown in yellow to be carried out in 2017/18.

The Internal Audit Client Manager presented an update on the current status of the reviews scheduled in the Internal Audit Plan for 2016/17. A number of audits were due to start imminently, and these would be concluded in 2017/18. Two projects – Approval of Invoices on Agresso, and Data Protection – totalling 16 audit days, would not commence in the current year and it was proposed that these be deferred to 2017/18.

The audit review in relation to the approval of invoices between Orchard and Agresso had been delayed due to the implementation of the Agresso upgrade having been delayed as a result of the departure of the system administrator. This post had now been filled.

The Committee RESOLVED to note the progress of the Internal Audit Plan for 2016/17, and endorsed the deferral to 2017/18 of the audit reviews on the Approval of Invoices on Agresso, and Data Protection.

To inform the Audit Committee of Senior Management’s progress in implementing the recommendations raised by the Internal Audit following a review in their service areas. This report will enable the Committee to consider what action is required in respect of those that are overdue or appear likely to be implemented later than target date.

Recommendation

It is recommended that the Audit Committee:

1.         considers the information contained in Annexe 1 and identifies any action it wishes to be taken; and

2.         agrees any appropriate implementation dates for the recommendations listed in Annexe 2 with the appropriate Head of Service justification.

The Committee received the report outlining the progress that had been made on the implementation of internal audit recommendations. The Internal Audit Client Manager advised the Committee that since the agenda was issued there had been some further progress on implementation:

·         IA16/17.003 (Job Description) – the Head of Finance had confirmed that the action to update the job description would be complete by 31 March 2017.

·         IA17/11.008 (DBS clearance) – this recommendation had been issued in connection with Management of Contractors by Housing, and action had been taken in Housing to ensure that staffing updates were covered at all contractor monitoring meetings. However, this was also a corporate issue and the Property Services Manager had recommended that additional contract requirements for appropriate safeguarding provisions to Waverley’s requirements be included in the current revision of the Council’s Contract Procurement Rules. Accordingly, the deadline for this action had been extended to 30 April 2017.

·         IA17/12.003 and IA17/12.008 – these recommendations had now been implemented.

The Head of Policy & Governance had asked that due date for five recommendations from the Information Security Governance audit review be extended to 1 July 2017, as resource constraints and competing urgent legal instructions had prevented the work to be completed.

The Committee was very disappointed that these recommendations had not been progressed further, and that the Council was potentially exposed to risk through the lack of up to date policies and procedures. The Committee was particularly unhappy about agreeing to extend the deadline for the Information Security Group to meet (IA16/22.007), as this should have been relatively simple to achieve.

The Committee RESOLVED to extend the deadline for recommendations IA16/22.001, 002, 003, and 004 to 1 July 2017. However, the Committee agreed to extend the deadline for IA16/22.007 only until 30 April 2017.

The Committee asked the Strategic Director of Finance & Resources to impress on the Head of Policy & Governance the strength of the Audit Committee’s concern that this action had not been completed, and that he and the Borough Solicitor would be asked to attend the next meeting of the Audit Committee if the actions remained outstanding at that time.

The Committee’s terms of reference include provision for the Committee to comment on the attached Internal Audit Plan for 2017-2018. This report presents the Draft Internal Audit Plan for 2017-18 and the Committee is invited to comment before the Plan is adopted. The plan has been drawn up by the Internal Audit Client Manager through consultation with Heads of Service Team and Management Board and completing a risk assessment of the audit universe of the council’s activities.

Recommendation

The Audit Committee is invited to comment on and approve the draft Internal Audit Plan for 2017-2018, as attached in Annexe 1.

The Internal Audit Client Manager introduced the draft Internal Audit Plan for 2017/18, which had been prepared with reference to the Internal Audit Risk Assessment, as well as assessing the current control environment, operational risk register and through consultation with Heads of Service.

The Plan proposed to allocate 230 days to the contractor RSM for 2017/18, the same as currently. This gave coverage to the key known issues facing Waverley in the coming 12 months, with a 21-day contingency to address issues that might arise during the year.

The Chairman reminded the Committee that they had explored the wider audit universe previously, and made suggestions for risk areas to be included in the Plan.

With regard to the proposed audit of Tree Management, the Committee asked that this include lease conditions where the Council has leased land to third parties.

The Committee RESOLVED to approve the draft Internal Audit Plan for 2017/18.

To obtain Committee endorsement of the revised policies enabling these to be published on the website and cascaded to all members of staff, members, partners, the Council’s suppliers, thus reinforcing Waverley’s stance of zero tolerance to Fraud and Corruption. 

Recommendation

It is recommended that the Committee:

1)         endorses the revised policy; and

2)         instructs that officers cascade using suitable media to publicise these documents to the appropriate recipients.

The Committee received the revised Anti-Fraud and Corruption Policy, and the subsidiary policies, which had been reviewed  in the light of the Committee’s comments at the November 2016 meeting.

Cllr Hyman expressed concern that complaints involving Members could be relayed verbally and did not have to be put in writing. Cllr Hyman also asked how the external auditors might be called upon to carry out an independent investigation into fraud, corruption or bribery.

The Chairman advised that the procedures in relation to complaints involving Members were set out in the Code of Conduct, and the Anti-Fraud and Corruption Policy merely reflected the Code. And, anyone could make representations to the external auditors if they felt that there was something that needed to be investigated.

The Chairman thanked the Internal Audit Client Manager for her work to bring together the Committee’s comments on the various policies following the November Committee meeting.

The Committee RESOLVED to endorse the revised policies and asked that these be published on Waverley’s website and cascaded to staff, Members and Council suppliers to reinforce Waverley’s stance of zero tolerance to fraud and corruption.

The report provides an update to the Committee on the progress made by Waverley Borough Council officers on the work being completed in investigating all types of fraud, primarily focusing on Housing Tenancy fraud, supported by the Surrey Counter Fraud Partnership.  

Recommendation

That the Audit Committee notes:

1.         the success of the investigation activity and the results achieved; and

2.         the Council’s participation in the data matching exercises and the work to be completed to assist in identifying fraudulent activities throughout the council’s services.

The Committee received an update on the fraud investigations being undertaken in relation to Housing Tenancy Fraud.

In the 9 months to 31 December 2016, 10 council properties had been relinquished and made available to be re-let to tenants on the waiting list. Based on Audit Commission notional figures this represented a nominal financial saving of £591,745, although the value to Waverley of retaining 10 council properties was much higher.

The Committee discussed the progress summary of data matches identified through the National Fraud Initiative (NFI), shown in Annexe 2 of the report, and the Strategic Director of Finance & Resources explained how the data was used to investigate possible incidences of fraud.

The Committee RESOLVED to note the success of the fraud investigation activity and the outcomes achieved, and encouraged officers to publicise this positive news widely.

Recommendation

The Committee is invited to note the recurrent annual work programme, attached and the revised date of the July Audit Committee from 4 July to 24 July 2017.

The Committee reviewed the Work Programme that set out the items of business scheduled for meetings in 2017/18, and which took account of the accelerated financial close arrangements required under the Local Audit and Accountability Act 2014.

The Committee noted that the meeting scheduled for 4 July 2017 would be too early to receive the final statement of accounts from the External Auditors, and it was proposed to move this committee meeting back to 24 July 2017.

Noting that the July committee meeting would need to focus on reviewing the final accounts and supporting reports, it was agreed that items that were not time-critical (Review of Audit Committee’s Terms of Reference, Internal Audit Charter, Annual Internal Audit Report) should be held over to the September meeting.

The Committee RESOLVED to note the revised date for the July meeting, and the changes agreed to the forward work programme.

To consider the following recommendation on the motion of the Chairman:

Recommendation

That pursuant to Procedure Rule 20 and in accordance with Section 100A(4) of the Local Government Act 1972, the press and public be excluded from the meeting during consideration of the following item(s) on the grounds that it is likely, in view of the nature of the business to be transacted or the nature of the proceedings, that if members of the public were present during the item(s), there would be disclosure to them of exempt information (as defined by Section 1001 of the Act) of the description specified in the appropriate paragraph(s) of the revised Part 1 of Schedule 12A to the Local Government Act 1972 (to be identified at the meeting).

At 8.53pm, the Committee RESOLVED that pursuant to Procedure Rule 20 and in accordance with Section 100A (4) of the Local Government Act 1972, the press and public be excluded from the meeting during consideration of the following item on the grounds that it is likely in view of the nature of the business to be transacted or the nature of proceedings, that if members of the public were present during the item there would be disclosure to them of exempt information (as defined by Section 100I of the Act) as specified in Paragraph 3 of the revised Part 1 of Schedule 12A  to the Local Government Act 1972, namely:

Information relating to the financial or business affairs of any particular person (including the authority holding that information).

To receive an update from officers on progress made since the last meeting of the Committee.

The Chairman reminded the Committee that they had considered the Risk Management Policy and Corporate Risk Register at the meeting in November 2016, and had agreed to revisit this matter at the March meeting following an informal risk workshop with Zurich Municipal in January 2017.

The Committee had met with Zurich to understand the methodology for producing the corporate risk register, and had heard from the Strategic Director of Finance & Resources and the Risk & Insurance Officer about how the register was updated.

Cllr Hyman advised that from a residents’ perspective there was a perception that risks were not assessed at a practical level. However, as a member of the Audit Committee he could now see that there was no substantive problem, but he did have concerns about policy gaps in key areas leading to risk exposure for the Council.

The Committee discussed the specific role of the Audit Committee in reviewing the risk register, and agreed that their purpose was to seek assurance that there were arrangements in place to identify and assess risks, and that these were working effectively. It was not the Audit Committee’s role to make a quantitative or qualitative assessment of risks, or to question the quality of decision-making; the Overview and Scrutiny Committees had the remit to do this.

The Committee discussed whether there was a strong risk management culture across all levels of staff. The Strategic Director of Finance & Resources advised that whilst the external auditors did not form a specific view on the risk culture in the organisation, the Strategic Review undertaken by Cratus had looked at the risk culture: they had concluded that the officer team was too risk averse, and too focussed on keeping Waverley safe.

Cllr Hesse referred to his work on the Overview & Scrutiny review of the Leisure Centre contract management: conversations with Places for People managers at Waverley’s leisure centres led him to understand that they had a strong understanding of their risk management system. In contrast, he had not got the same sense of understanding from Waverley officers working on the contract client management.

The Strategic Director of Finance & Resources and the Internal Audit Client Manager advised that they felt that colleagues did have good risk awareness, although they might not articulate that understanding in risk management terms.

The Chairman agreed that there was not one ‘right’ approach to risk management, and Waverley’s arrangements could still be adequate whilst being different to those that members were familiar with in a different context. His perception was that this was the case.

Cllr Band agreed that his experience as Finance Portfolio Holder was that risk had been discussed in project management meetings, and he was confident that this was still happening, although it might not be in the way that Cllr Hesse would expect it to be discussed.

The Committee concluded that Waverley had the essential elements of a risk management system, and that Members might have to accept that it looked different to other arrangements with which they  ...  view the full minutes text for item 53.