Agenda and minutes

Governance, Risk and Audit Committee - Tuesday, 3rd December, 2019 2.00 pm

Venue: Council Chamber - Council Offices. View directions

Contact: Matt Stembrowicz  Email: matthew.stembrowicz@north-norfolk.gov.uk

Items
No. Item

23.

TO RECEIVE APOLOGIES FOR ABSENCE

Minutes:

None received.

24.

SUBSTITUTES

Minutes:

None.

25.

PUBLIC QUESTIONS

To receive public questions, if any.

Minutes:

None received.

26.

ITEMS OF URGENT BUSINESS

To determine any items of business which the Chairman decides should be considered as a matter of urgency pursuant to section 100B(4)(b) of the Local Government Act 1972.

Minutes:

None.

27.

DECLARATIONS OF INTEREST

Members are asked at this stage to declare any interests that they may have in any of the following items on the agenda. The code of conduct for Members requires that declarations include the nature of the interest and whether it is a disclosable pecuniary interest.

Minutes:

None.

28.

MINUTES pdf icon PDF 293 KB

To approve as a correct record, the minutes of the meeting of the Governance, Risk & Audit Committee held on 10th September 2019.

Minutes:

The minutes of the meeting held on 10th September were approved as a correct record and signed by the Chairman.

29.

Progress Report on Internal Audit Activity: 30 August 2019 to 21 November 2019 pdf icon PDF 10 KB

Progress Report on Internal Audit Activity: 30 August 2019 to 21 November 2019

 

Summary:

 

This report examines the progress made between 30 august 2019 to 21 November 2019 in relation to delivery of the annual internal audit plan for 2019/20.

Conclusions:

Progress in relation to delivery of the internal audit plan is line with expectations; and positive assurance has been awarded in the audit reviews finalised in this period.

Recommendations:

It is recommended that the Committee notes the outcomes of the assurance audit completed between 30 August 2019 to 21 November 2019.

 

 

All

All

Contact Officer, telephone number, and e?mail:

Faye Haywood, Internal Audit Manager for North Norfolk DC

01508 533873,

fhaywood@s-norfolk.gov.uk

 

Additional documents:

Minutes:

The Internal Audit Manager introduced the report which covered the period from 30 August to 21 November 2019. She drew Members’ attention to section 2.1 which highlighted two additional audits – for the Sheringham Leisure Centre and the Egmere Business Zone. Both had come forward at the request of the Chairman.

 

Regarding the progress made in delivering the agreed audit work (section 3 of the report), the Internal Audit Manager said that quarters 1 and 2 were both on track.

 

She then referred to the outcomes from the individual audits that had been undertaken. Coastal Management had received substantial assurance with no recommendations. Section 106 Agreements had received a ‘reasonable’ assurance with 5 ‘important’ recommendations made. The positive findings recognised that a complete list of S106 agreements since 2009 had been produced to ensure that a full record was on the new system from the date of its implementation.  In addition, all necessary consultations were now being conducted for new S106 agreements with other Council departments and third parties.

30.

Follow-up on Internal Audit Recommendations 1 April to 21 November 2019 pdf icon PDF 10 KB

Follow Up on Internal Audit Recommendations 1 April to 21 November 2019

 

Summary:

 

This report provides an overview of progress made in implementing agreed audit recommendations due for completion between 1 april to 21 november 2019.

Conclusions:

Good progress continues to be made in addressing audit recommendations with a high percentage of these being actioned by management.

Recommendations:

It is recommended that the Committee notes management action taken to date regarding the delivery of audit recommendations.

All

 

All

Contact Officer, telephone number, and e?mail:

Faye Haywood, Internal Audit Manager for North Norfolk DC

01508 533873,

fhaywood@s-norfolk.gov.uk

 

Additional documents:

Minutes:

The Internal Audit Manager introduced this item. She explained that this was the first follow-up for the current financial year – covering progress made on the implementation of agreed audit recommendations due for completion between 1st April to 21st November 2019. She said that there were six outstanding recommendations for 2018/19 – three were important and three needed attention. She referred Members to the update from the Head of Environmental Health which outlined how he intended to address the recommendations relating to his service area. He had outlined that his priority had been the procurement process around the waste and related services contract and this had taken up a significant amount of his time over a prolonged period. In addition, two key members of his team had left the Authority, reducing his capacity further.

 

1.    Cllr S Penfold asked whether this was a typical number of historic recommendations. The Internal Audit Manager replied that across the consortium she would expect that some would be closed off by year end, however, generally there would be an explanation as to why there was a delay if they were not.

2.    Cllr C Cushing queried the meaning of Priority 2 as a recommendation. Internal Audit Manager explained that it meant ‘Important’, with Priority three meaning ‘needs attention’. Cllr Cushing went onto say that he was concerned that the important recommendations were being allowed to drift for 2 years. He referred to the deadlines of one month for Priority 1, three months for Priority 2 and six months for Priority 3, saying that, in practice, they did not seem to apply. He requested an update to ensure that Members were aware of anything that was outstanding. He then asked whether the due date was amended to reflect missed target dates. The Internal Audit Manager confirmed that it was and this was captured in the ‘Revised due date’ column.

3.    The Chairman queried whether the original deadlines were actually achievable. The Internal Audit Manager replied that they always worked with managers to try and ensure that they were achievable. The Monitoring Officer added that the targets were set with service managers. As there were currently several outstanding recommendations then they would be escalated to Strategic Leadership Team (SLT) so that they could pick up any issues with the relevant service managers.

4.    The Chairman made reference to the additional information provided in relation to the Environmental Heath outstanding recommendations. He said that it was not helpful to receive it on the day of the meeting. He accepted that there were valid reasons on this occasion but Members needed time to read and absorb the content.

 

It was proposed by Cllr J Rest, seconded by Cllr J Toye and

 

RESOLVED

 

To refer all outstanding audit recommendations to SLT for action with a request that progress is reported back to the Committee.

31.

Civil Contingencies Update - 2019 pdf icon PDF 439 KB

To receive the annual Civil Contingencies Update.

Minutes:

The Resilience Manager introduced this item. She said that the last 12 months had been very busy with 16 recorded incidents compared to two the previous year.

 

She explained that the Council was working with partners in the Norfolk Resilience Forum to help plan for a no-deal exit from the EU. Most of the planning was sensitive so she advised that any questions relating to this should be directed to herself.

 

The Resilience Manager then outlined the business continuity incidents from the previous 12 months, highlighting the media response to the sand martins netting as a particularly challenging incident.

 

She then spoke about business continuity management arrangements and the introduction of new more user-friendly templates for Business Impact Analysis (BIA) and Business Continuity Plan documents. The BIA template would be introduced by the end of March 2020, with the Corporate Business Continuity Plan being revised based on the data from the BIAs.

 

The Resilience Manager then outlined emergency planning incidents from the previous 12 months. She explained that staffing issues within the Environment Agency were having a knock-on effect causing issues for flood wardens and local communities. A session was being planned with other local authorities and community representatives to address concerns.

 

She concluded by saying that there was a resource issue in the Civil Contingencies team and this meant that it was less strategic than she would like. It was hoped that this could be addressed by providing a development opportunity within the team.

 

1.    The Chairman asked for more information on the proposed session regarding the Environment Agency. The Resilience Manager explained that it would involve flood forecasting and talking through models. It was hoped that it could take place before the December high tides but this was looking unlikely. The purpose of it was to increase partners’ confidence levels. She confirmed that it was open to members to attend.

2.    Cllr N Dixon asked the following in relation to the IT disruption at the Council offices in June 2019; was she satisfied with the adequacy of the action plan?, had the action plan been shared with the Governance, Risk & Audit Committee (GRAC) at all? And were there plans to include a process or mechanism to notify members of future IT problems – for example, by text message? The Resilience Manager replied that she was satisfied with the action plan. She had prepared it with input from the Head of IT & Business Transformation. The action plan had not been shared with GRAC and she was not sure who had signed it off. The Internal Audit Manager added that a business continuity audit was planned for Q4 and the action plan would be picked up as part of this process. In response to the last question regarding notifying members, the Resilience Manager confirmed that she would notify the Democratic Services Manager and that the IT department were looking at an NNDC wide option – such as WhatsApp groups.

3.    The Chairman asked when the Resilience Manager saw the report  ...  view the full minutes text for item 31.

32.

Corporate Risk Register pdf icon PDF 138 KB

Summary:

 

Following discussion at the last Governance, Risk and Audit Committee on 10 September 2019, an update paper has been provided in relation to the Corporate Risk Register (CRR). The last update to the Risk Management Policy and Framework was approved by the Governance, Risk and Audit Committee (GRAC) in March 2018. The documents are reviewed every two years with the next scheduled update due for March 2020. This policy sets the framework for the Council’s Corporate Risk Register (CRR) which monitors and tracks the Council’s most significant risks. This report is to provide Members with an update in relation to the Corporate Risk Register. 

 

Conclusions:

 

The changes which have been made to the register and those proposed for future action will help to improve the monitoring and ownership of the corporate risk register and the actions contained therein.

 

Recommendations:

 

Members are asked to note the report, the improvements made and the proposed improvements to be considered as part of the update process for the CRR in March 2020.

 

Cabinet Member(s)

Ward(s) affected

All

All

 

Contact Officer, telephone number and email:

Duncan Ellis, 01263 516330, Duncan.ellis@north-norfolk.gov.uk

Additional documents:

Minutes:

The Head of Finance introduced this item. He said that it was a short update report in response to issues raised at the last meeting. He said that the last update to the Risk Management Policy & Framework was approved by GRAC in March 2018, with the next one scheduled for March 2020. The policy set the framework for the Council’s Corporate Risk Register which monitored and tracked the Council’s most significant risks. Following the introduction of governance improvements, the risk register was now a standing item on Strategic Leadership Team (SLT) agendas and reported every quarter. He said that historic data had been cleaned up and only the last 12 months was presented now.

 

Regarding project risks, the Head of Finance said that consideration needed to be given as to how to feed these into the Corporate Risk Register (CRR). He added that they would be reported but as a separate register. In addition, the Corporate Plan would also drive some of the items in the CRR. The Council’s new performance system, InPhase, would be beneficial for reporting on risk as it would allow for the tracking of ‘live’ data.  He went onto say that the Council’s risk appetite and tolerance had never been explored with Members. It was intended to discuss this with the Chairman of GRAC, Overview and Scrutiny Committee and Cabinet members to agree where the Council was comfortable as an authority. 

 

The Head of Finance concluded by saying that an audit of risk management was scheduled for Q4. It was intended that the draft improvements to the Risk Management Policy and Framework would be written and then audited so that improvements could be built in. GRAC could also feed into the development of the policy.

 

1.    The Chairman asked whether income from the New Homes Bonus (NHB) could help with the Sheringham Leisure Centre (Splash) costs. The Head of Finance replied that a £1m gap was still forecast.

2.    Cllr N Dixon said that he welcomed the review of risk appetite. He said that he would like to see a risk recognition process included, adding that it was important that there was an appreciation of the bigger picture otherwise everything ‘downstream’ would be awry. He went onto say that the risk register should be a dynamic document and there was a need to be able to track whether mitigation measures were effective.

3.    Cllr C Cushing asked who updated the risk register and how frequently. The Head of Finance replied that he updated it, with individual officers updating via InPhase. He said that he updated it as soon as he was aware of a risk and reported when appropriate. He confirmed that SLT were the risk owners. The Monitoring Officer added that the CRR covered high level risks, with lower level risks being allocated to individual officers. InPhase would allow for the ‘drilling down’ from strategic to operational level. Responsibility for risk was a Cabinet function so it would come to GRAC first then Cabinet.  ...  view the full minutes text for item 32.

33.

Annual Accounts Update

Verbal update to be provided on the current status of the Annual Accounts sign-off.

Minutes:

The Head of Finance introduced this item. He explained that the accounts had not yet been signed off by the External Auditors, EY. The Council was now entering into the budget setting process and EY had advised that the statutory deadline for the signing off of the accounts was in fact a ‘guideline’. He said that next year the Committee needed to consider the concerns regarding capacity at EY, adding that it was a timing issue not cash impact on council tax payers. He went onto say that if the Council’s investments were showing a ‘paper’ loss then that must be reflected and the Council must show how they would provide and demonstrate that there was a reserve available. He said that he had requested legal opinion to support this position and had been invited to meet with the auditors in mid-January. However, it was likely that there would be similar challenges next year.

34.

GOVERNANCE, RISK AND AUDIT COMMITTEE UPDATE AND ACTION LIST pdf icon PDF 100 KB

To monitor progress on items requiring action from the previous meeting, including progress on implementation of audit recommendations.

Minutes:

The Committee noted the update and action list.

35.

GOVERNANCE, RISK AND AUDIT COMMITTEE WORK PROGRAMME pdf icon PDF 221 KB

To review the Governance, Risk & Audit Committee Work Programme.

Minutes:

The Internal Audit Manager sought the Committee’s views on how to approach the self-assessment in March. It was agreed that there would be a training session for committee members to be held as part of a working lunch ahead of the March meeting.

 

 

36.

EXCLUSION OF THE PRESS AND PUBLIC

To pass the following resolution, if necessary:

 

“That under section 100A(4) of the Local Government Act 1972 the press and public be excluded from the meeting for the following items of business on the grounds that they involve the likely disclosure of exempt information as defined in part 1 of schedule 12A (as amended) to the Act.”

37.

Confidential Investigation

Members to consider the content of the confidential briefing note and consider any necessary recommendations.

Minutes:

The Internal Audit Manager introduced this item. She explained that Members had been provided with a briefing note rather than the full report which had been provided to senior management. She outlined the process that had been undertaken and referred Members to page 62 which explained that the investigation had not established whether the money in question had been lost or stolen and for this reason no fraud or corruption had been found. The Monitoring Officer added that SLT would consider the full report at their next meeting. She confirmed that the matter had been reported to the Police. She suggested that SLT provided a response to the investigation report and this was then reported back to GRAC. She added that SLT had not had an opportunity to discuss any actions arising from the investigation yet and it might be useful for the committee to have sight of the management response before they consider the matter fully.

 

1.    The Chairman said that it appeared to be an issue of procedures and controls and what could be learned going forwards.

2.    Cllr J Stenton and Cllr Cushing sought clarity on whether the Council should continue to collect payments from the public in cash. The Internal Audit Manager replied that payments for council tax and planning applications were still paid for in cash sometimes and it was accepted that there was a risk to doing so. SLT would consider whether cash payments should continue. The investigation had shown that accounting records were accurate. The discrepancy had been picked up through the reconciliation process – as expected. The Monitoring Officer said that people still wanted to pay in cash and it was important that a full range of payment options was available. She said that it was not possible to completely eliminate an issue such as this from happening again.

3.    Cllr Dixon said that he was concerned that the Council operated a system which meant that it could be exposed to the possibility of money going astray. There should be an audit trail in place to track and identify where money was in the system.

 

The Chairman said that this must have caused huge anxiety for the staff involved and it needed to be handled carefully.