Agenda and minutes

Apologies for absence were received from Councillor J Duggan and Councillor T Grogan. Councillor P Welch was in attendance as a substitute for Councillor Duggan.

A copy of the Register of Interest for each Selby District Councillor is available for inspection at www.selby.gov.uk.

Councillors should declare to the meeting any disclosable pecuniary interest in any item of business on this agenda which is not already entered in their Register of Interests.

Councillors should leave the meeting and take no part in the consideration, discussion or vote on any matter in which they have a disclosable pecuniary interest.

Councillors should also declare any other interests. Having made the declaration, provided the other interest is not a disclosable pecuniary interest, the Councillor may stay in the meeting, speak and vote on that item of business.

If in doubt, Councillors are advised to seek advice from the Monitoring Officer.

There were no disclosures of interest..

To confirm as a correct record the minutes of the Audit and Governance Committee held on 21 October 2020.

The Committee considered the minutes of the Audit and Governance Committee meeting held on 21 October 2020.

RESOLVED:

To approve the minutes of the Audit and Governance Committee meeting held on 21 October 2020.

The Chair explained that this was the final meeting for the Assistant Director, Corporate Fraud, Veritau, he was still part of the Veritau team and would retain management oversight of Counter Fraud and would therefore still be available for advice and support should the need arise.  The Chair thanked him for his support; then welcomed Daniel Clubb, who would be taking the lead on the Counter Fraud function at Selby District Council.

Members also welcomed Kirsty Bewick, Veritau who was attending for the item on Information Governance.

And finally, Members were reminded of the Redmond Review which had been mentioned at the meeting in October 2020, this had been an independent review led by Sir Tony Redmond which had examined local audit and the transparency of local authority reporting.  The Chair informed the Committee that the Government had now published its response to the review, and that a report on the findings would be presented at the next Audit and Governance meeting in April 2021.

To note the current Work Programme and consider any amendments.

The Committee considered the current Audit and Governance Work Programme.  The Democratic Services Officer informed Members that, with the approval of the Chair, the following amendments had been made to the published work programme:

• the Information Governance report had been removed from the Information Governance Annual Report 2020 and incorporated into the Head of Internal Audit Annual Report along with Internal Audit and Counter Fraud,
•  the Information Governance Annual Report 2020 was now a standalone report which provided information on Information Requests received by the Council and;
•  Veritau North Yorkshire Contract Extension had been added to the work programme as an urgent item.

Members expressed concern regarding the large number of standing items on the work programme which they felt left no time to explore other topics and agreed that they would like to see a “deep-dive” of Industrial Units added to the work programme and brought to a future meeting of the Audit and Governance Committee.

The Chief Finance Officer explained that additional Committee meetings could be scheduled into the calendar if Members felt this was appropriate, or a working group could be established to look at Industrial Units; it was further explained that the terms of reference for the Audit and Governance Committee would be checked to ensure that they were the Committee best placed to investigate the subject of Industrial Units.    

RESOLVED:

To note the Work Programme.

To note the content of the report.

The Chief Finance Officer presented the report, which provided the annual update in relation to information requests received and responded to during 2020 and explained this was the residual information after incorporation of the information governance report into the Head of Internal Audit Annual Report.

In relation to a query regarding if there was a trend in the freedom of information subjects received, the Senior Solicitor confirmed that there was not a trend in the subjects and that the Council had a robust system in place which logged and tracked all requests to ensure that they were responded to within the statutory time limits.  

RESOLVED:

                    To note the report.   

The Committee are asked to consider the report of the external auditor.

The Manager, Mazars LLP presented the report and highlighted that the External Annual Audit Letter summarised the external audit work undertaken for the year ended 31 March 2020.

The Committee’s attention was drawn to sections five and six of the report, External Auditor Fees and Forward Look, as both items were new to the report.  Members heard that there had been a significant fee increase as indicated on page 12 of the letter: the additional fee had been incurred to meet the additional work requirements involved with property valuations and pensions.

In response to a query regarding how confident the external auditors were that any arising issues were being captured, it was confirmed that officer liaison had not changed, and remote meetings were held on a regular basis with the finance team.

In relation to the revised fee for the delivery of the audit work, Members queried what additional work was required in terms of property valuations and pensions, as valuations for property, plant and equipment were provided by external experts.  The Manager, Mazars LLP confirmed that more in depth challenging and detailed conversations had taken place with the external valuers. 

RESOLVED:

To note the report.

To consider the External Audit Progress Report.

The Manager, Mazars LLP presented the report which set out a summary of external audit work completed to date on the 2019-20 financial statements along with the progress made on the 2020-21 audit work.

The Committee noted that since the last Audit and Governance Committee meeting in October 2020 work on the 2019-20 financial statements had been completed, an unqualified opinion had been issued along with a‘follow-up letter’ which concluded on all the areas of outstanding work at the time of the October 2020 Committee.  The Annual Audit Letter had also been issued as reported in the previous agenda item.  In terms of the audit for 2020-21 it was confirmed that a timetable was in place with planning work scheduled to commence shortly.

In response to a query regarding the national publication section of the report, and in particular the recommendation arising from the recent Redmond Review, that an Office of Local Audit and Regulation (OLAR) be created to manage, oversee and regulate local audit.  The Manager, Mazars LLP confirmed that the findings in the Redmond Review had been considered by the Secretary of State for Local Government, and the Chief Finance Officer informed Members that a report on the Redmond Review would be presented at the next meeting of the Audit and Governance Committee in April 2021. 

RESOLVED:

To note the report.

The Committee are asked to note the revisions to the Risk Management Strategy.

The Audit Manager, Veritau presented the report, which set out the reviewed strategy for managing risk within Selby District Council following consultation with the Leadership Team. It was last brought to the Audit and Governance Committee in January 2020.

The Committee noted that the strategy remained largely unchanged following the review, however, two amendments had been made to its structure. The first was that the text relating to critical links between the strategy and wider business processes had been moved to the section on corporate planning. The second amendment was the table detailing the recurring actions undertaken in support of the strategy had been given its own section in recognition of their importance to the successful achievement of risk management objectives; both amendments had been shown as tracked changes in Appendix 1 of the report. This included the change made to the introduction to the strategy where the Council’s refreshed strategic priorities from its 2020 – 2030 plan have been included.

In response to a query regarding what trends in risks to the Council, if any, had been identified in relation to Covid-19, the Chief Finance Officer explained that the pandemic had made a significant impact on the risks to both the Council’s financial position and with closures and backlogs to services provided to its residents, however in terms of particular trends none beyond these had been identified as the landscape was changing rapidly.

Members were informed that in terms of financial risk due to Covid-19 the Council had suffered loss of income, additional costs and delays to savings, however the government had provided local authorities with funding through the Covid Grant Scheme, and Selby District Council had substantial reserves due to strong financial management.

The Committee queried what lessons had been learned from the events of 2020, the Audit Manager informed Members that professional bodies such as the Institute of Risk Management and the Institute of Internal Auditors had started to reflect on the role that risk management had played, and ought to play, in ensuring the continued success of organisations. It was confirmed that Veritau would continue to work alongside the Council to ensure that any learning from the events of 2020 and beyond was factored into future strategy-setting and to ensure that the Council’s risk management arrangements continued to meet good practice.

The Chair queried whether at appendix 2 of the report, the political risk included Brexit, it was explained that this risk was largely associated with changes to local and national government.

Members complimented the internal auditors on the report which was felt to be very comprehensive.

RESOLVED:

To note the revisions to the Risk Management Strategy.

To note the current status of the Corporate Risk Register.

The Committee received the report, presented by the Audit Manager, Veritau who explained that this report contained the twice-yearly update on movements within the Corporate Risk Register, which was last reported to the Committee in July 2020.

The Committee was informed that there was a total of 11 risks on the Council’s Corporate Risk Register for 2020-2021, with the No Deal Brexit risk having been removed following the United Kingdom’s (UK) exit from the European Union (EU) and the signing of the EU-UK Trade and Co-operation Agreement.   It was confirmed that Brexit related risks, issues and opportunities would continue to be monitored by the Council.

Members heard that the Corporate Risk Register included four risks with a score of 12 or more (high risk) but with the exception of the No Deal Brexit risk, no risk scores had changed.

RESOLVED:

To note the current status of the Corporate Risk Register.

To provide an update on the delivery of the internal audit work plan for 2020-21.  The report also updates the Committee on counter fraud and information governance work undertaken so far in 2020-21.

The Audit Manager, Veritau presented the quarterly report which provided the Committee with an update on the delivery of the internal audit work plan for 2020-21, along with an update on the counter fraud and information governance work undertaken to date in 2020-21.  It was noted that due to Covid-19, work on the annual audit plan had been delayed therefore the report also updated Members on the plans for completion of work over the remainder of 2020-21.

The Audit Manager, Veritau pointed out that twelve 2020-21 audits were in progress with eight of these expected to be completed and reported on at the next Audit and Governance committee.  It was highlighted to the Committee that there were continued challenges due to Covid-19 and as a result fewer frontline service audits were being conducted due to capacity issues, and to minimise the impact on officers.   

In relation to monies paid on behalf of the government through the grant scheme, Members queried if Veritau had provided checks to ensure that the grants were being processed and paid according to the government guidance and if the Councils IT server network and the staff were able to manage the additional workload, it was explained that the Counter Fraud team had performed spot checks during and after the process and were confident that the process was well managed and appropriate.  The Chief Finance Officer stated that the staff had coped admirably and continued to deliver frontline services and aid the recovery.

The Counter Fraud Manager, Veritau presented the section of the report related to the Council’s counter fraud activity 2020-21 which highlighted that savings of £8k had been achieved through fraud investigation.

The Committee heard that the counter fraud team had supported the Council with Covid-19 grant payment processes and post payment assurance work was ongoing in relation to successful applications for the initial tranche of grants with no issues being identified. It was further confirmed that four grant payment investigations had been completed to date and £30k of incorrect payments had been prevented.

In terms of housing fraud, Members noted that in October 2020, a resident was issued with a caution for failing to provide correct information when declaring themselves homeless; the investigation resulted in the housing application being cancelled before a tenancy was offered.

The Information Governance Manager, Veritau drew the Committee’s attention to appendix C of the report which provided an update on Information Governance matters, to include the General Data Protection Regulation (GDPR) action plan along with data breaches.  Members were informed that a new privacy notice for the Self-Isolation Payment for Covid-19 had been finalised and published and the main Covid-19 privacy notice has also been amended to include elements of Track & Trace processing; and an overall Information Sharing Agreement (ISA) had been put in place with North Yorkshire County Council for Covid-19 related sharing.

RESOLVED:

To note progress on delivery of internal audit, counter fraud and information governance work, and the plans for work to be completed in 2020-21.  ...  view the full minutes text for item 38.

To recommend that the Executive approve a new Counter Fraud and Corruption Strategy for 2020 to 2023 and an updated Counter Fraud and Corruption Policy.In addition, the Committee is asked to comment on and note the updated Fraud Risk Assessment.

The Corporate Fraud Manager, Veritau presented the report, which updated the Committee on the Council’s Fraud and Corruption Strategy which had been refreshed in line with the new United Kingdom National Counter Fraud Strategy for local government.  The report also provided an update on progress against the actions set out in the previous strategy and presented an updated counter fraud risk assessment which reflected the current fraud risks facing the Council.  In addition, the Counter Fraud and Corruption Policy had been updated to reflect new guidance from the Attorney General.

The Corporate Fraud Manager, Veritau highlighted that the first section of the report provided Members with a wider national picture of counter fraud work, and the impact of Covid 19, Members heard that a number of authorities across the Country had fallen victim to organised crime with fraudsters attempting to divert business grants. The Committee were assured that post assurance work had been completed at Selby and no issues had been identified.

Members noted that Cyber-crime was a growing concern for local government in the United Kingdom (UK), in recent years there had been a number of attacks on UK public sector organisations, Parliament and the National Health Service and in 2019 Kaspersky had reported a 60% increase in ransomware attacks on local governments worldwide.

The Committee were informed that the Council’s Counter Fraud and Corruption Strategy 2017-19 was approved in January 2017, an updated Counter Fraud and Corruption Strategy for 2020-23 had been drafted at appendix B of the report and the committee was asked for comments ahead of approval by the Executive.  In addition, as part of the review the Council’s counter fraud policy and counter fraud risk assessment were also reviewed. The updated risk assessment was included at appendix C of the report.

RESOLVED:

i. To recommend that the Executive approve a new Counter Fraud and Corruption Strategy for 2020 to 2023 and an updated Counter Fraud and Corruption Policy.

ii. To note the updated Fraud Risk Assessment.

To review progress on the Annual Governance Statement (AGS) 2019/20 Action Plan approved in November 2020.

The Chief Finance Officer presented the report, which updated the Committee on progress on the Annual Governance Statement (AGS) 2019-20 Action Plan approved in November 2020.

Members noted that progress against the approved action plan had been made although due to the impacts of the pandemic there were some actions on-going which would be monitored by Leadership Team in order to ensure actions were delivered to the agreed revised deadlines.

In relation to non-compliance with the Payment Card Industry Data Security Standard (PCI DSS), the Committee was informed that a new income management system had been procured from Civica that would enable PCI DSS compliance. Originally it was hoped that this would be implemented by September, however, whilst the work had commenced, delays due to Covid-19 meant Civica would now be unable to complete this until July 2021.

The Committee heard that in terms of Performance Management the review of the capability/performance management policy and procedure forms, part of the Council’s plans to review and update all principal human resources policies, had been delayed due to the Covid pandemic response, and ensuring staff were safe and supported in these new working arrangements.  It was confirmed that the attendance management and disciplinary policies had now been reviewed and signed off with work on the capability/performance management policy expected to be completed by June 2021.

RESOLVED:

To note the progress made against the Action Plan for the Annual Governance Statement 2019-20.

To consider the extension of the contract for Veritau North Yorkshire and to make recommendations to the Executive.

The Committee received the report prior to consideration by the Executive.  The Chief Finance Officer explained that the current contract for assurance services between the Council and Veritau North Yorkshire Limited (VNY) was agreed in 2012. The contract was initially for seven years from 1 April 2012 to 31 March 2019 but included options to extend for three years and then a further two years.  In 2018, the Council agreed to extend the contract for three years from April 2019, this extension was due to expire on 31 March 2022.

The Committee were informed that a decision was now required whether to enter into a further extension of two years, and if so under the terms of the contract, the Council was required to notify VNY of its intention in respect of extending the contract by 31 March 2021. 

Members noted that an extension would allow the Council to consider its requirements for assurance services in the longer term once the results of the Government’s decision on Local Government Reorganisation was known.

In response to a query regarding if Selby District Council was a shareholder of VNY, it was confirmed that the Council was a shareholder, and that VNY was a subsidiary of Veritau which was owned by North Yorkshire County Council and City of York Council.

The Chief Finance Officer explained that given the uncertainty over Local Government reorganisation in North Yorkshire an extension under the terms of the current contract was considered the most practicable and no other alternative was proposed at this time, in addition, VNY offered value for money and quality performance over a breadth of service.

The Committee agreed that taking into consideration Covid-19 and the Local Government Review now was not the correct time to change internal auditors and were supportive of the proposal.

RESOLVED:

To recommend to the Executive that the Veritau North Yorkshire contract for Internal Audit, Counter Fraud, Risk Management and Information Governance services be extended for a further 2 years to 31 March 2024.