Agenda and minutes

Governance, Risk and Audit Committee - Tuesday, 14th June, 2022 2.00 pm

Venue: Council Chamber - Council Offices. View directions

Contact: Matt Stembrowicz  Email: matthew.stembrowicz@north-norfolk.gov.uk

Items
No. Item

24.

TO RECEIVE APOLOGIES FOR ABSENCE

Minutes:

Apologies were received from Cllr P Fisher.

25.

SUBSTITUTES

Minutes:

Cllr L Withington for Cllr P Fisher.

26.

PUBLIC QUESTIONS

To receive public questions, if any.

Minutes:

None received.

27.

ITEMS OF URGENT BUSINESS

To determine any items of business which the Chairman decides should be considered as a matter of urgency pursuant to section 100B(4)(b) of the Local Government Act 1972.

Minutes:

None received.

28.

DECLARATIONS OF INTEREST pdf icon PDF 721 KB

Members are asked at this stage to declare any interests that they may have in any of the following items on the agenda. The code of conduct for Members requires that declarations include the nature of the interest and whether it is a disclosable pecuniary interest.

Minutes:

None declared.

29.

MINUTES pdf icon PDF 224 KB

To approve as a correct record, the minutes of the meeting of the Governance, Risk & Audit Committee held on 8th March 2022, and 26th April 2022.

Additional documents:

Minutes:

Minutes of the meeting held on 8th March 2022 were approved as a correct record and signed by the Chairman, subject to amendment to show Cllr S Penfold as present at the meeting.

 

Minutes of the meeting held on 26th April 2022 were approved as a correct record and signed by the Chairman.

30.

Progress Report on Internal Audit Activity: 26 February 2022 to 6 June 2022 pdf icon PDF 10 KB

Summary:

This report examines the progress made between 26 February 2022 to 6 June 2022 in relation to delivery of the annual internal audit plan for 2021/22.

Conclusions:

The report contains a final update on progress against the Internal Audit Plan for 2021/22.

Recommendations:

It is recommended that the Committee notes internal audit progress within the period covered by the report. 

 

 

All

All

Contact Officer, telephone number, and e?mail:

Faye Haywood

 

01508 533873

 

faye.haywood@southnorfolkandbroadland.gov.uk

 

Additional documents:

Minutes:

The IAM introduced the report and informed Members that 150 days of programmed work had been completed. She added that one audit report was still in draft, though there was no reason to expect that the assurance gradings or recommendations would change following response from management. It was noted that appendix 1 provided an overview of all assurance gradings, with executive summaries provided in appendix 2. The IAM stated that the one limited assurance grading had been given across the Consortium and related to the Counter-fraud and Corruption audit, which had been undertaken as a result of new guidance issued.

 

Questions and Discussion

 

       i.          Cllr C Cushing asked for clarification of the precise risks that the Committee and Council should focus on addressing. The IAM replied that this would apply to the wider framework for Counter-fraud and Corruption, covering all types of risk to consider whether the necessary policies were in place and training was adequate. She added that the audit suggested that the Council could be more proactive in seeking to address these issues. Cllr C Cushing followed-up by asking whether a simple tightening up of policies and procedures would mitigate the risks, or whether there were more specific actions that should be taken. The IAM replied that actions would be based on the updated guidance to provide greater oversight of the risk associated with fraud and corruption.

 

      ii.          The Chairman referred to the limited assurance and asked whether the IAM would be comfortable improving the assurance grading, once the necessary actions were complete. The IAM confirmed that subject to a follow-up procedure and evidence of the recommendations being implemented, she would be comfortable to improve the assurance grading, relative to the actions taken.

 

     iii.          The IAM reported that the Waste Management audit had also been completed, with a reasonable assurance grading and three important recommendations raised. She added that whilst the Consortium did not cover KLWNBC, information had been sought to provide assurance on the partnership working arrangements. ICT Change Control and Patch Management work has also resulted in two important recommendations, which related to standardisation of policies and procedures, and ensuring that changes were documented.

 

    iv.          The IAM reported that annual key controls work had been completed which highlighted a theme amongst reconciliations, which management had agreed to address.

 

      v.          It was reported that the draft assurance review of the Environmental Charter had shown very promising work with input from external consultants, which would be shared across the Consortium as best practice. The IAM suggested that a project board should be established to monitor key milestones.

 

    vi.          The Chairman referred to seeking assurances from Serco to ensure contractual compliance, and noted that the Overview & Scrutiny Committee had made similar recommendations, which suggested the issue was being given significant attention. He noted that there were no substantive assurances given throughout the year, and asked whether this should be a goal of management. The IAM replied that whilst management should aspire to receive substantial assurances, some areas audited would  ...  view the full minutes text for item 30.

31.

Annual Report and Opinion 2021/22 pdf icon PDF 213 KB

Summary:

This report concludes on the internal audit activity undertaken during 2021/22, it provides an annual opinion concerning the organisation’s framework of governance, risk management and control and concludes on the effectiveness of internal audit and provides key information for the annual governance statement. 

Conclusions:

On the basis of Internal Audit work performed during 2021/22, the Head of Internal Audit is able to give a reasonable (positive) opinion on the framework of governance, risk management and control overall at North Norfolk District Council.

 

Recommendations:

 

1.    Receive and consider the contents of the Annual Report and Opinion of the Head of Internal Audit.

2.    Note that a reasonable audit opinion has been given in relation to the framework of governance, risk management and control for the year ended 31 March 2022.

3.    Note that the opinions expressed together with significant matters arising from internal audit work and contained within this report should be given due consideration, when developing and reviewing the Council’s Annual Governance Statement for 2021/22.

4.    Note the conclusions of the Review of the Effectiveness of Internal Audit.

 

 

All

All

Contact Officer, telephone number, and e?mail:

Faye Haywood, Head of Internal Audit

01508533873, faye.haywood@southnorfolkandbroadland.gov.uk

 

 

 

 

 

Additional documents:

Minutes:

The IAM introduced the report and informed Members that it included a summary of the assurance gradings provided for all audits throughout the year, and the number of audit recommendations implemented. She added that the overall opinion was reasonable, based on thirteen of fourteen audits completed throughout the year which was a positive assurance grading. It was noted that three audits had received a substantial assurance rating for Accounts Receivable, Accounts Services and Customer Services. The IAM reported that one limited assurance grading had been given for Counter-fraud and Corruption, with recommendations listed in the Annual Governance Statement until complete. She added that a summary of follow-ups had been included for outstanding audit recommendations, alongside the quality assurance and improvement programme, to assess how effective the audit function had been. The IAM noted that whilst the service had struggled at times to deliver the planned audit work in line with KPIs, they had recovered by year end, and the procurement exercise for the next contract had just been completed, with timeliness KPIs strengthened. It was noted that several previously outstanding audit recommendations had now been completed, though work remained on those relating to S106 agreements.

 

Questions and Discussion

 

       i.          Cllr S Penfold referred to the assurance chart in appendix 2 and asked why areas such as corporate health and safety or economic growth had no data recorded. The IAM replied that these areas still represented part of the control framework, and they would be covered within the next three years, with priority determined by risk. Cllr S Penfold stated that there were a number of risks facing the economy and sought assurances that these would be taken into account. It was confirmed that economic growth was due for consideration in the year ahead.

 

      ii.          Cllr A Brown noted that Community Infrastructure Levies were mentioned in the report, though the Council did not operate any, to which the IAM replied that she would remove reference in future reports.

 

     iii.          The recommendations were proposed by Cllr L Withington and seconded by Cllr S Penfold.

 

RESOLVED

 

1.       Receive and consider the contents of the Annual Report and Opinion of the Head of Internal Audit.

 

2.       Note that a reasonable audit opinion has been given in relation to the framework of governance, risk management and control for the year ended 31 March 2022.

 

3.       Note that the opinions expressed together with significant matters arising from internal audit work and contained within this report should be given due consideration, when developing and reviewing the Council’s Annual Governance Statement for 2021/22.

 

4.       Note the conclusions of the Review of the Effectiveness of Internal Audit.

 

32.

LOCAL CODE OF CORPORATE GOVERNANCE AND ANNUAL GOVERNANCE STATEMENT (AGS) 2021/22 pdf icon PDF 250 KB

Summary:

 

The Corporate Governance framework is made up of the systems and processes, culture and values by which an organisation is directed and controlled. For local authorities this includes how a Council relates to the community it serves. The Local Code of Corporate Governance is a public statement of the ways in which the Council will achieve good corporate governance. This is based on the development of the Delivering Good Governance in Local Government: Framework’ (2016)produced by the Chartered Institute of Public Finance and Accountancy (CIPFA) and the Society of Local Authority Chief Executives (SOLACE) and focusses on the seven core principles and sub-principles of good governance. The Annual Governance Statement (AGS) is prepared following a review of all the evidence available to the Council in seeking compliance with its Local Code. An Internal Audit review of the AGS was completed in January 2022 and achieved a ‘reasonable’ assurance level, the recommendations from that audit have been incorporated into the 2021/22 Statement. As with last year, both of these documents have been considered in light of the ongoing Covid-19 pandemic.

 

Conclusions:

 

The arrangements set out in the Local Code of Corporate Governance and the Annual Governance Statement (AGS) will allow the Council to move ahead with its corporate planning processes confident that it can address the issues of governance and risk.

 

Recommendations:

 

Members are asked to review and approve the Annual Governance Statement (AGS) along with the updated Local Code of Corporate Governance.

 

Cabinet Member(s)

 

Ward(s) affected

Cllr Eric Seward

All

Contact Officer, telephone number and email:

Cara Jordan, 01263 516373, cara.jordan@north-norfolk.gov.uk

 

 

 

 

Additional documents:

Minutes:

The CE introduced the report and informed Members that it represented good practice, and noted that the statement that would be signed by himself and the Council Leader. He added that the report had been prepared by Assistant Directors, Directors and himself, by forming statements in response to a series of pre-prepared questions on how the Council responded to key risks and issues identified by Internal Audit such as counter-fraud and corruption.

 

Questions and Discussion

 

       i.          Cllr S Penfold noted that the population in the appendix had been given as an approximate figure and asked if this could be provided in full. The CE confirmed that he would seek to provide accurate figures in future reports once the new census information was available.

 

      ii.          Cllr L Withington thanked officers for the report and suggested that it was helpful to understand how the Council sought to mitigate risks.

 

     iii.          The recommendation was proposed by Cllr P Butikofer and seconded by Cllr H Blathwayt.

 

RESOLVED

 

1.     To review and approve the Annual Governance Statement (AGS) along with the updated Local Code of Corporate Governance.

33.

UPDATED FRAUD POLICY AND FRAUD RISK ASSESSMENT pdf icon PDF 137 KB

 

Summary:

 

The assurance review of Counter Fraud and Corruption (NN/22/04) was completed in March 2022 by Internal Audit and was given a ‘limited assurance’ level, although it should be noted that this was the same position across the whole audit consortium.

 

The main reason for this is that since resources previously allocated for the detection of fraud (2 x FTEs) were transferred to the DWP in April 2015 the Council has not had a dedicated fraud resource to lead on this area of work and whilst all officers have a responsibility to try to detect and mitigate fraud the Council no longer has any dedicated staffing to give this area the focus it requires.

 

The audit report made a number of recommendations designed to help strengthen the Council’s approach to fraud and corruption.

 

The purpose of this report is to consider the recommendations contained within the audit report and make Members aware of the current fraud trends affecting the public sector. The report also contains the Council’s fraud risk assessment that has been undertaken and the update to the Anti-fraud and Corruption Policy.

 

Conclusions:

 

It is clear that there are improvements which can be made in relation to increasing fraud awareness across the Council. A number of improvements have been recommended as part of the fraud assessment process contained within this report. Implementation of the recommendations and improvements proposed will help address the issues identified within the recent audit.

 

Recommendations:

 

The committee is requested to;

 

1.            Approve updated Fraud and Anti-Corruption Policy;

2.            Note the associated Fraud Risk Assessment for 2021/22;

3.            Note the recommended improvement actions; and

4.            Note the progress on the audit actions.

 

Cabinet Member(s)

 

Ward(s) affected

Cllr Eric Seward

All

 

Additional documents:

Minutes:

The CE introduced the item and informed Members that the Policy had been updated as a result of audit recommendations related to the limited assurance ratings given across the Consortium. He added that the authority would reflect upon both internal and external sources of potential fraud, including benefits payments, sole occupancy Council Tax discounts, Covid grant payments, hardship payments, and the conduct of officers in relation to the receipt of gifts, expenses and/or relationships. It was noted that awareness of potential risks had been addressed, and mitigation measures were in place through the Whistleblowing Policy and National Fraud Initiative. The CE stated that resourcing of mitigation measures had been discussed, though staff were trained to identify fraud, and whilst management were confident that the authority was not exposed to significant risk, further robust training would be arranged for all Revenues, Benefits and People Services staff. It was noted that managers would be asked to give greater consideration to risks of potential fraud, with action taken where necessary, alongside continued data sharing with the National Fraud Initiative. The CE stated that CLT would continue to monitor potential fraud risks, instigate additional training, and review the situation on an annual basis to assess whether any further resource was required, which Internal Audit considered acceptable. On internal fraud risks, it was reported that the payroll system had been strengthened, and the MO maintained a register of gifts and hospitality for staff and elected Members. The CE noted that a corporate Counter-Fraud Awareness Action Plan was included in appendix 3 with a summary of risks and actions, alongside a risk assessment with a RAG rating system.

 

Questions and Discussion

 

       i.          Cllr C Cushing asked whether any engagement had taken place with other authorities in the area to find learning opportunities. The CE replied that the Consortium had established that there were learning opportunities and improvements that could be made, and conversations had taken place prior to Covid-19 on the possibility of a creating a combined anti-fraud team to cover all authorities. He added that this had not been pursued as a result of Covid-19, but could be reconsidered in the future. Cllr C Cushing referenced comments in the report on robust training, and asked whether annual training was provided to update and maintain existing knowledge. The CE replied that Revenues and Benefits were two of the largest teams at the Council, and there was therefore a degree of staff turnover that required training to be provided as part of the induction process. He added that refresher training had not been provided recently as a result of Covid-19, though the HR Manager had been asked to address this by the year-end.

 

      ii.          Cllr S Penfold referred to risk categories and asked how the RAG ratings had been determined, and whether they were based on previous instances of fraud, the likeliness of fraud, or the level of impact. The CE confirmed that it was a combination of all factors that had been used to determine the  ...  view the full minutes text for item 33.

34.

Corporate Risk Register pdf icon PDF 1 MB

To review and note the corporate risk register.

Minutes:

The CE introduced the report and informed Members that it covered risks facing the authority at a local, national and global level. He added that there were significant issues such as the war in Ukraine, which had a substantial impact on global fuel prices, food supplies and living costs. It was noted that there was also significant inflation within the UK that was impacting industries such as construction and utilities, whilst interest rates were also rising, which could provide a limited increase on investment returns. The CE noted that other issues identified included County Deals, the Levelling-up agenda, increased service pressures for additional grant schemes, and unknown factors arising from existing major projects such as the North Walsham Heritage Action Zone Scheme.

 

Questions and Discussion

 

       i.          Cllr C Cushing referred to the loss of information status risk that had a target of 2 and score of 16, and asked why there was such a high likelihood of the risk occurring, and what mitigation measures had been put in place. The PPMO replied that a target of 2 was a default, though this could be raised if not possible. She added that the risk of cyber attack had increased considerably within the last six months, and the target may need to be adjusted. Cllr C Cushing asked what measures were being taken to avert this risk, to which the CE replied that he would request a written response from the relevant Assistant Director. Cllr C Cushing referred to nutrient neutrality risks and asked whether officers had anything to add, given its impact on the authority. The CE replied that it was a very significant concern, with 72 authorities now subject to the restrictions as advised by Natural England. He added that whilst concerns on water quality were genuine, the lack of engagement with authorities prior to introducing the restrictions raised significant concerns that had been communicated to Government. It was noted that the restrictions would have an impact on housing delivery and could also impact the Council’s five year land supply, in advance of submitting the Local Plan for review. The CE noted that the Council were working with consultants to develop a response, with mitigation measures hopefully in place by the year-end, though this was not guaranteed.

 

      ii.          In response to a question from the Chairman, the PPMO stated that the IT Team responded robustly to all cybercrime guidance released by Government, in response to all emerging risks. The Chairman referred to the production of an Asset Management Plan which appeared incomplete, and it was confirmed that this would be followed-up with the appropriate officer.

 

     iii.          Cllr H Blathwayt referred to interest rate rises and asked whether the Council would be in any way exposed to these increases. The CE replied that the Council would not be exposed to risk on the same scale as Central Government, but he would seek confirmation from the Finance Team.

 

    iv.          Cllr A Brown referred to nutrient neutrality issues, and informed Members that the  ...  view the full minutes text for item 34.

35.

Procurement Exemptions Register pdf icon PDF 27 KB

To review and note the procurement exemptions register.

Minutes:

The MO introduced the item and informed Members that there were eight exemptions granted within the last quarter, which were detailed on p217.

 

Questions and Discussion

 

Cllr E Seward referred to the purchase of stone for Church Approach in North Walsham and informed Members that it was now installed, and buying the materials early had saved the Council thousands of pounds.

 

RESOLVED

 

To review and note the Procurement Exemptions Register.

36.

GOVERNANCE, RISK AND AUDIT COMMITTEE UPDATE AND ACTION LIST pdf icon PDF 107 KB

To monitor progress on items requiring action from the previous meeting, including progress on implementation of audit recommendations.

Minutes:

The Chairman introduced the item and stated that in the absence of the DSGOS there were no queries to raise.

 

RESOLVED

 

To note the update.

37.

GOVERNANCE, RISK AND AUDIT COMMITTEE WORK PROGRAMME pdf icon PDF 238 KB

To review the Governance, Risk & Audit Committee Work Programme.

Minutes:

The Chairman noted that the next scheduled meeting of GRAC was on 12th July, though this would remain open until business was confirmed. The DSM stated that she would advise accordingly if the meeting was changed. She added that the External Audit Letter listed as TBC on the Work Programme remained outstanding, as EY had advised that the infrastructure asset values issue had not been resolved. The CE noted that this was an issue at a national level, which for North Norfolk related to the repair and maintenance of coastal defences and the extent to which they had deteriorated and been devalued.

 

RESOLVED

 

To note the Work Programme.

38.

EXCLUSION OF THE PRESS AND PUBLIC

To pass the following resolution, if necessary:

 

“That under Section 100A(4) of the Local Government Act 1972 the press and public be excluded from the meeting for the following items of business on the grounds that they involve the likely disclosure of exempt information as defined in paragraph _ of Part I of Schedule 12A (as amended) to the Act.”