Agenda and draft minutes

To receive apologies for absence.

Apologies for absence were received from Cllr Maxine Gale.

To confirm the Minutes of the Meeting held on 25 March 2024 and published on the Council’s website.

The minutes of the meeting held on 25 March 2024 were agreed as a corrct record.

To receive from Members, declarations of interests in relation to any items included on the Agenda for this meeting, in accordance with the Waverley Code of Local Government Conduct.

There were no declarations of interst submitted for this meeting.

The Chairman to respond to any questions received from members of the public of which notice has been duly given in accordance with Procedure Rule 10.

The deadline for receipt of questions is 5pm on Monday 10 June 2024.

There were none.

The Chairman to respond to any questions received from Members in accordance with Procedure Rule 11.

The deadline for receipt of questions is 5pm on Monday 10 June 2024.

There were none.

Waverley Borough Council encourages staff and others to report any cases of suspected wrongdoing or misconduct, illegal acts, or failure to act within the Council, as part of its commitment to act with integrity and openness in the best interest of its residents and communities. To govern any such disclosures, the Council has a Whistleblowing Policy.

The Whistleblowing Policy has been reviewed and updated.

Reccomendation

The Audit and Risk Committee is recommended:

To adopt the proposed revised Whistleblowing Policy, as set out in Appendix 1 to this report.

Rochelle Tapping, Borough Solicitor and Deputy Monitoring Officer (Interim), outlined the report and policy set out in the agenda.

It was highlighted that the existing Whistleblowing Policy was adopted in 2019 and has now been reviewed and updated.  A further review will be carried out in June 20206.

The new policy would encourage staff to report wrongdoing and tries to align with Guildford Brough Council as far as it is appropriate to do so, whilst accepting there are local differences.

Members considered the documents and made the following comments and recommendations:

·         Section 17 (page 14 of the agenda pack) had a list of contact points outside the Council  - Officers were asked why these did not contain contact details (tel. No or email) as the previous policy had? It was explained this was to avoid issues with changing personnel or details.

·         Members asked if there were any significant differences with Guildford policy. Officers would circulate this information offline.

·         It was noted that in the previous policy an external legal officer could consider a whistleblowing report. Officers advised this was still possible and was set out in section 17.

·         The Chair felt the last paragraph of section 8 should be toned down as whistleblowers may not be comfortable speaking to their senior managers. It was agreed that ‘as applicable’ would be added.

·         It was felt that bullet point 4 of section 8 should include ‘promptly’.

·         Officers pointed out that an example of the reports to Audit and Risk were outline in the next agenda item.

·         Members asked how many whistleblowing reports were made last year. Officers advised this was outlined in the next agenda item.

 Decision

The Audit and Risk Committee AGREED to adopt the revised Whistleblowing Policy subject to the addition of the comments and amendments of the Committee.

This report presents the annual whistleblowing report of the Council as a new report to the Audit and Risk Committee to improve transparency and accountability. The report summarises the whistleblowing activity over the last year and analyses the effectiveness of the Council’s system.

The Annual Whistleblowing Register has been redacted and is attached in Appendix 1.

Recommendation

The Audit and Risk Committee is asked to recommend:

That the Council approves:

·         To review the contents of the Annual Whistleblowing report to satisfy themselves that the governance arrangements are operating effectively;

·         To make any recommendations for improvement; and

·         To review the Whistleblowing Register on an annual basis.

Rochelle Tapping outlined the report set out in the agenda advsing that sections had been redacted for confidentiality.

There had been two whistleblowing reports submitted in 2023/24 and the details and outcomes were set out in the report.

Members asked if the reports were against the same person and/or if they were reported by the same person? Members were advised an additional column would be included to indicate this.

Officers were also asked to include an indicative timeline for conclusion of investigations.

Officers were asked where this report was taken to and was advised that Audit and Risk were the only committee to receive it unless it was a very serious incident when it would be taken to full council.

Decision

The Audit and Risk Committee were satisfied that the governance arrangements for whistleblowing appeared to be working effectively and approved the report subject to the comments made.

The report provides an update to the Committee on the work being completed in investigating fraud, primarily focusing on Housing Tenancy Fraud.

Recommendation

It is recommended that the Audit Committee notes the outcomes of the fraud investigation activity.

Jose Ribeiro, Fraud Investigation Officer, outlined the overview of Waverley’s fraud investigation activity for Q1 of 204-25 (1 April-6 June 2024).

Members questioned the drop in cases referred from 2021-22 and were advised that the drop was due to not investigating mutual exchanges anymore as they were not viable to investigate and were done by the Housing Officers when applications were received.

Jose was asked what positive outcomes meant? He advised this was where properties were recovered or applications were cancelled.

The Chair thanked Jose for the work carried out.

Decision

The Audit and Risk Committee NOTED the results of the anti-fraud activity and investigation.

To receive a verbal update from Robin Taylor and John Formby on staffing turnover and potential HR risks.

Robin Taylor, Assistant Director of Organisational Development, and Jon Formby, HR Manager outlined the report set out in the agenda. The request for this report had come from a query by Cllr Beaman on the large turnover of staff in the planning department in the last year.

The members asked if the figures quoted included external contractors and was advised it did. The Committee welcomed the report and asked what percentage of leavers complete the leavers feedback. It was agreed this would be circulated off-line. Members asked why the feedback was voluntary and not mandatory. Officers advised it was difficult to make this compulsory but they would look at other local authorities to see if they make it compulsory or not.

Officers were asked if many exit interviews were carried out? They were advised these were carried out by the line manager or HR.

The Chair acknowledged that this report would normally under the remit of Overview and Scrutiny and emphasised that the Audit and Risk Committee did not want to cross over into their remit but welcomed the report when looking at risk.

Officers were asked what engagement was made with senior management regarding feedback.  It was highlighted the report was taken to CMB if issues are raised that need to be considered by Directors and the CEO.  In addition monthly meetings were held between Robin Taylor and Pedro Wrobel.

Decision

The Audit and Risk Committee NOTED the report.

Post Meeting Update

Jon Formby confirmed:

-          In the last financial year 28 of 64 leavers completed the exit survey

-          We do not have a figure for how many leavers had a follow up exit interview as these are not arranged centrally through HR and are carried out by the line managers normally at request of the leaver, but we will review this process going forward.

-          I have also contacted Councils across Surrey this morning to follow up on the request to look at whether the Leaver Survey/Interview should be a compulsory process and so will look at how this is approached in other local authorities and also more generally in organisations.

Robin Taylor to update the Audit and Risk Committee on progress with the Corporate Risk Register

Grace da Costa, Graduate Management Trainee -Business Transformation Team, outlined the report circulated with the agenda.  She advised that officers had mapped and identified key corporate risks which have been reported to Corporate Management Board on the 23 April and updates would continue on a monthly basis.

A Risk Management Group would be set up to measure the performance of the framework and will have met by the time of the next Audit and Risk Committee in September.

Cllr Baker-Lomax asked if, considering Guildford BC were under investigation and an officer was currently on gardening leave should we not have a section on risk of the collaboration?

The Chair suggested that an informal meeting be held to do a deep dive of the risk register and raise suggestions with officers.

Robin Taylor advised that the risk register was still a work in progress and it would be coming back to the committee when it was more complete. An informal session could then be arranged.

It was suggested that reporting on the register should be more frequently than 6 monthly. Robin Taylor explained that there was a sub-committee concentrating on the risk register ‘live’ so reporting to this committee would be a snapshot.

The Chair noted that the recommendation was for the committee to note the framework but it was felt that as this was a significant step forward that the committee should endorse it.

The committee welcomed what was in the report but asked for more information on what we ‘have’ done and not just what we ‘will’ do.  The committee also asked for officers to give more urgency to this work as it was valuable for the committee members to see what will be on the Risk Register as soon as it is available.. 

Officers were asked who owns the risk register?  It was explained that each authority owns the register as a document and a named officer would be responsible for each individual risk.

Decision

The Audit and Risk Committee ENDORSED the progress made on the Risk Management Framework and Risk Register and the next steps were AGREED.

In September 2023 the Audit & Risk Committee have approved the inclusion of this annual report (AUD26/23) as part of their ongoing work programme at June cycle of meetings ((2022-23 Annual IDM Report - Annexe 1 Final.pdf (waverley.gov.uk). This decision has marked the beginning of a new chapter with a strong recognition that information and data is one of our key corporate assets, and therefore we must ensure robust governance is put in place and active management practices are

embedded throughout the organisation. The purpose of this report is to reflect the journey taken in 2023/24 to improve our information and data management (IDM) practices across the organisation and inform about the next planned steps.

Recommendation

The Audit & Risk Committee is asked to:

note the report and pass on their comments and observations back to the officers, the senior management team and the portfolio holders as appropriate

Nora Copping, Information Manager, outlined the Annual IDM Report explaining that there had been no major changes to the structure of the report from last year.

It was outlined that the new structure was set out in the report on page 87 of the agenda pack.

Members noted the drop in data breaches and asked how officers were sure this was a real drop and not just lack of reporting.  It was highlighted that a number of mandatory e-learning courses had been sent out which had educated officers.

The Committee also asked if these breaches could be broken down into minor, Major and ACO levels.

Officers were asked what reassurances there were that service areas were responding in an adequate time? This would be responded to off-line.

The chair asked if this was dovetailing with Guildford BC or standalone and were advised officers were regularly meeting with Guildford officers and were working towards a PSN compliance and certification and the adoption of the Cyber Assessment Framework for Local Government.

Officers were asked if, when sharing data across authorities, security arrangements were acceptable and were reassured we were sharing best practices and assessing risks in sharing.

Decision:

The Audit and risk Committee NOTED the Annual IDM Report

This report provides the Southern Internal Audit Partnership proposal to transition to a quarterly approach to internal audit planning through 2024-25 and to adopt this methodology in full for future plans.

Appendix 1 presents the proposed retrospective Internal Audit Plan for Quarter 1 and the proposed Quarter 2 for 2024-25 in accordance with the requirements of the Public Sector Internal Audit Standards.

Iona Bond, Southern Internal Audit Partnership, set out the progress of the Internal Audit Report and the proposed new reporting structure. It was highlighted that in the March of each year the committee receives the proposed Annual Audit  Plan, however, since Southern Internal Audit Partnership took over the work of internal audit for Waverley they have reflected on the viability of producing the plan.  The increasing number of changes were causing operational issues therefore it was proposed to move to quarterly plans. The Committee were asked to consider this proposal and comment.

The Committee welcomed the proposal.

Members then considered the Q1 and Q2 reports and asked about the scope of the car parking audit and whether this was PCN’s only?  It was confirmed that PCN’s were the only area in the scope at present but could be expanded if required.  It was noted that there was a Car Parking Strategy EWG set up looking at other areas of car parking.

Decision

The Audit and Risk Committee APPROVED the new proposal for quarterly reporting.

To receive an update from Mavis Amouzou-Akue on the current position regarding Grant Thornton signing off the accounts.

Mavis Amouzou-Akue, Financial Services Manager and Deputy S151 Officer, updated the committee on the progress of the sign off for the financial statement. She explained that until the investigation of Guildford BC is completed the   financial statement could not be signed off as we share a senior management team.

The committee were assured the financial statement was ready for completion and would be signed off as soon as possible.

Cllr Barker-Lomax emphasised that this was another example of a risk due to the collaboration.

The Committee NOTED the update.

The Financial Procedure Rules and Contract Procedure Rules provide the framework for managing the Council’s financial affairs. They apply to every Member and Officer and anyone acting on its behalf. All decision makers need to ensure that they have the authority under the Constitution to make a decision, and that they are also authorised under these Rules to incur the financial consequences of every decision that they make.

The Chair, Cllr Julian Spence, declined to consider the Financial Procedure Rules document as it had no covering report identifying the purpose of the document, background and what was expected of the Committee.

A discussion was had as to whether the covering report and document could be circulated to the committee ‘off-line’ for comments and approval OR if an additional meeting would need to be scheduled to consider the document. This would be clarified with the Monitoring Officer.

Post Committee update:

An Extraordinary meeting will be held on 8 July 2024 to discuss this item.

To consider the Draft AGS 2023-24 (6.6.24) ( a copy of the draft AGS (18.3.24) is attached for information) and enable the Committee to raise any potential emerging governance issues that may need to be addressed.

Recommendation

The Committee is invited to raise any potential emerging governance issues for consideration.

Mavis Amouzou-Akue, Financial Services Manager and Deputy S151 Officer, introduced the Annual Governance Statement and advised that it had been revised following the comments made by the committee at the March meeting.

The chair asked if the SOLACE report was available for the committee to view and was advised this could be circulated.

It was highlighted that the last sentence of the third paragraph of section 7 - Managing key risks did not reflect the Audit and Risk Committee and asked for it to be removed.

The Committee were asked to pass any further comments to Mavis Amouzou-Akue and the Chair.

The Committee’s annual recurrent work programme is attached.  The work programme details regular items, but other items can be submitted to each meeting on an ad hoc basis or at the request of the Committee.

Recommendation

The Audit Committee is invited to note its recurrent annual work programme and consider any revisions necessary.

The Audit Committee Recurrent Annual Work Programme was noted.

To consider the following recommendation on the motion of the Chairman:

Recommendation

That pursuant to Procedure Rule 20 and in accordance with Section 100A(4) of the Local Government Act 1972, the press and public be excluded from the meeting during consideration of the following item(s) on the grounds that it is likely, in view of the nature of the business to be transacted or the nature of the proceedings, that if members of the public were present during the item(s), there would be disclosure to them of exempt information (as defined by Section 1001 of the Act) of the description specified in the appropriate paragraph(s) of the revised Part 1 of Schedule 12A to the Local Government Act 1972 (to be identified at the meeting).

There were no items to discuss in exempt session so the Chair closed the meeting.