To approve as a correct record the minutes of the meeting of the Audit Committee held on 27 June 2016 (copy attached). 

RESOLVED

that the minutes of the meeting of the Audit Committee held on 27 June 2016 be confirmed and signed by the Chairman as a correct record.

To receive from Members any declarations of interest.

To receive any announcements from the Chairman and any matters of communication.

The Chairman reminded Members that they should turn their mobile devices off.  He then apologised to Members for the need to distribute so many of the reports at both relatively short notice and as supplements.  This was due to the fact that the external audit was still continuing and Members were being presented with the most up to date information.

To receive petitions from members of the public in accordance with the Public Participation Procedure as set out in Annex 2 of Part A4 of the Constitution.

No petitions were received from members of the public in accordance with the Public Participation Procedure as set out in Annex 2 of Part A4 of the Constitution.

To receive any questions, statements or deputations from members of the public in accordance with the Public Participation Procedure as set out in Annex 1 of Part A4 of the Constitution.

No questions, statements or deputations were received from members of the public in accordance with the Public Participation Procedure as set out in Annex 1 of Part A4 of the Constitution.

To consider a report from Ernst & Young LLP which sets out the outcomes from the external audit of the Council’s 2015/16 financial statements and the conclusion of work to review the Council’s arrangements for securing value for money in the use of its resources.  The report also sets out Ernst and Young’s proposed audit opinion, key findings and any recommendations to consider prior to the approval of the 2015/16 accounts.

Members considered the External Audit Results Report for the year ended 31 March 2016 from Ernst & Young LLP.  The report informed the Committee of the work carried out by the Company in order to discharge its statutory audit responsibilities together with any governance issues identified.  The report summarised the findings from the substantially completed 2015/16 audit and also included the messages arising from the audit of the Council’s financial statements and the results of the work Ernst & Young had undertaken to assess the Council’s arrangements to secure value for money in the use of its resources.

The Ernst & Young Executive Director first apologised for the delay in the issue of the report but explained that this had occurred because he wanted to ensure that the Committee received the most up to date information.  He then stated that, since the issue of the report, most of the outstanding areas of work had been completed.  He expressed his thanks to the Council’s officers for their full co-operation and assistance during the auditing process.  The Executive Director stated that, subject to final checks, Ernst & Young would be issuing an unqualified opinion on the Council’s financial statements and, in addition, had concluded that the Council had put in place proper arrangements to secure value for money in its use of resources.  He added that the audit of the Whole of Government Accounts (WGA) was the only area of work still outstanding.  The procedures required by the National Audit Office (NAO) for the WGA were in progress and would be finished before the deadline of 21 October 2016.

The Ernst & Young Executive Director stated that he would wish to discuss the timetabling of future audits to ensure that forthcoming changes were met.  He then worked through the External Audit Results Report referring to particular issues for Members’ information, in particular the Better Care Fund and Private Finance Initiative (PFI) Liability.  The meeting noted that the Head of Financial Control would also be referring to these issues in item 8 (Statement of Accounts).

(Note: Minute AUD/16/23 below refers).

NOTED

the External Audit Results Report from Ernst & Young LLP setting out the results of its 2015/16 audit.

To present for approval the 2015/16 Statement of Accounts for Central Bedfordshire Council and the letter of representation to the external auditors.

The Committee considered a report by the Chief Finance Officer which presented the 2015/16 Statement of Accounts for approval.  A copy of this document was attached at Appendix A to the Chief Finance Officer’s report.  In addition a schedule of changes to the Statement of Accounts certified by the Chief Finance Officer on 28 June 2016 was attached at Appendix B and a draft Letter of Representation 2015/16 was attached at Appendix C to the report.  Last, a schedule of additional changes to the Statement of Accounts, also marked as Appendix B, was circulated at the meeting.  The amendments in both Appendices B were mainly classification or typographical corrections and had no impact on the General Fund balance being essentially presentational.  A copy of the appendix circulated at the meeting is attached at Appendix A to these minutes.

The Committee was aware that the annual accounts had to be published with the audit opinion and certificate by no later than 30 September following the end of the financial year.  The accounts first needed to be approved by Members so approval was required at this meeting of the Audit Committee.  In addition, auditing standards required an authority’s external auditor, in this case Ernst & Young LLP, to obtain appropriate written representation from the Council about the financial statements and governance arrangements.  As a result the Committee was also asked to approve a draft letter of representation to Ernst & Young.  A copy of the letter was attached at Appendix C to the Chief Finance Officer’s report.

For Members’ benefit the Head of Financial Control worked through the annual accounts document.  He made particular reference to two specific areas of interest, the first being the Council’s outstanding Private Finance Initiative (PFI) liability arising from its schools PFI contract.  He explained the background to this matter, some of which was set out within the Statement, and how, following a query from Ernst & Young a revised accounting model would be applied from the 2016/17 financial year.

The Head of Financial Control next turned to the Better Care Fund, introduced from April 2015, which represented the second area of interest.  He again provided Members with information in addition to that set out within the report, the meeting noting that the Fund aimed to increase the integration of the local authority and health sectors through pooled budget arrangements.  In Central Bedfordshire’s case this was with the NHS Bedfordshire Clinical Commissioning Group (CCG).  The accounts had been amended following the external audit to clarify that the substance of the Fund’s operation during 2015/16 was a partnership rather than a pooled budget arrangement.  The presentation in the Council’s accounts was now consistent with the CCG’s accounts.

RESOLVED

1          that the 2015/16 Statement of Accounts for Central Bedfordshire Council, as set out at Appendix A to the report of the Chief Finance Officer and incorporating those amendments set out in the two schedules of changes at Appendices B, be approved;

2          that the Annual Governance Statement for 2015/16, previously approved at  ...  view the full minutes text for item 23.

To consider an update setting out the progress made in the development and approval of an IT Disaster Recovery Plan.

The Committee considered a report by the Chief Information Officer which introduced the current plans for the recovery of the Council’s IT operations after a major outage at one of the Council’s two Data Centres.  A copy of the ICT Disaster Recovery Plan (DRP), which was an updated version of the original DRP from 2014, was attached at Appendix A to the report.  The meeting was aware that the report had been submitted to the Committee as a result of a request made at the last meeting (minute AUD/16/15 refers).

In addition the report advised the Committee of future trends and subsequent changes in disaster recovery planning.  Specific reference was made to a strategy to move the Council’s data centres to the Cloud; an approach reflected across the UK in both the private and public sector.  Further, the Council’s existing data centres required substantial investment to ensure that they could continue to provide a good service and their small size made it difficult to achieve high level efficiencies.

The meeting noted the advantages of moving to the Cloud.  Members also noted that plans were now in place to begin the migration and training for ICT staff was underway.  Full migrations could take place in 2017.

Discussion followed during which some concern was expressed at the security aspects of Cloud hosting, reference being made to the hacking of large, well known organisations and how cyber criminals were drawn to attacking such bodies.  Concern was also raised by the Head of Internal Audit and Risk that a number of wider issues relating to ICT Disaster Recovery remained outstanding.

It was noted that, in view of forthcoming changes to the DRP environment, the Chief Information Officer had indicated in his report that he would provide an update to the Committee during the first quarter of 2017.

(Note: Minutes AUD/16/27 and 28 below also refer).

NOTED

1          the updated ICT Disaster Recovery Plan;

2          the ongoing work within the ICT with regard to the movement of the Council’s data centres to the Cloud and the related impact on disaster recovery planning.

To consider an overview of the Council’s risk position as at August 2016.       

The Committee considered a report which provided an overview of the Council’s risk position as at August 2016.

The Head of Internal Audit and Risk introduced the report, which included a Risk Register Dashboard attached at Appendix A to the report.  The Committee’s attention was drawn to the strategic and operational risk registers and discussion took place on any changes which had taken place since the last meeting.  A Member referred to Operational Risk reference SUC030007 (Traffic accidents causing damage to network) and commented that environmental risks such as flooding could have an impact as detrimental to the network as traffic accidents.  In response the Head of Internal Audit and Risk acknowledged this possibility and undertook to advise the operational area.  A Member referred to Operational Risk reference CHS0005 (Failure to retain and recruit staff within Children’s Services) and queried how long this issue was likely to remain on the register given the significant improvements which had taken place.  In reply the Chief Finance Officer informed the meeting that, given the improvements which had occurred, it had already been decided that this matter was no longer a strategic risk.  The Head of Internal Audit and Risk stressed, however, that this was subject to the improvement in the recruitment and retention of staff being maintained.

Further discussion followed during which the Head of Internal Audit and Risk made reference to the section within the report on the outcome and possible impact on the Council of the recent EU Referendum.   She stated that the issues raised would be taken into account when reviewing and updating the risk registers.

NOTED

the strategic and operational risks facing Central Bedfordshire Council as set out in the Risk Register Dashboard attached at Appendix A to the report of the Chief Finance Officer.

To consider an update on the progress of work by Internal Audit for 2015/16.

The Committee considered a report outlining the progress made on Internal Audit work against the 2016/17 Audit Plan up to the end of August 2016.

The following matters were considered:

·         Background

·         Fundamental System Audits

·         Other Audit Work

·         Schools

·         Revisions to the Public Sector Internal Audit Standards

·         Other Matters of Interest

·         Performance Management

The Head of Internal Audit and Risk introduced the report and highlighted matters of particular interest.  She made reference to the finalisation of an audit on the use of Purchasing cards by staff; the audit revealing that VAT was not always being claimed back when possible.  In connection with this subject the Head of Financial Control advised the meeting that approximately 140 cards were in use.  The issue of the cards was strictly controlled and many were only used infrequently or in an emergency.

The Vice-Chairman referred to the Internal Audit Plan 2016/17 attached at Appendix A to the report and to the work being undertaken by officers in connection with Section 106 Agreements.  He expressed concern that some major developers were failing to fulfil their obligations under the Agreements and the Council was failing to enforce them.  As a result there had been a drift in favour of the developers to the financial detriment of the Council.

A Member referred to the rolling programme of school audit visits and queried the level of Internal Audit resources allocated to this task.  In response the Head of Internal Audit and Risk explained that this had been reduced a few years ago as a result of the growing number of schools converting to Academies though the level of resources allocated had since remained consistent.  The Chief Finance Officer stated that the opportunity of selling Internal Audit services had been investigated but there had been little interest shown.  Further, a change in legislation prevented Academies from being charged for Responsible Officer services.

With regard to a query by the Member regarding the time allocated to carry out audits in schools in comparison to other councils the Head of Internal Audit and Risk stated that this varied and that some councils did not undertake this function.  The Chief Finance Officer added that the Council took a risk based approach and that those schools without financial concerns may not be audited for a considerable period.

NOTED

the progress made against the 2016/17 Internal Audit Plan.

To consider a summary of high priority recommendations arising from Internal Audit reports together with the progress made in their implementation.

The Committee considered a report which summarised the high priority recommendations arising from Internal Audit Reports and the progress made in implementing them.

Whilst recognising that an update had been provided to the meeting on aspects of the development and approval of an IT Disaster and Recovery Plan (minute AUD/16/24 above refers) the Head of Internal Audit and Risk stressed the need for the wider issues relating to IT Disaster Recovery to be addressed before the high priority recommendation relating to the Plan could be considered implemented.

(Note: Minute AUD/16/28 below also refers).

NOTED

the report setting out the high priority recommendations arising from Internal Audit reports and the progress made in implementing the recommendations to date.

To consider the Audit Committee’s work programme.

Members considered a report which set out the Committee’s proposed work programme for the 2016/17 municipal year.  The meeting was aware that an update on the implementation of the IT Disaster Recovery Plan was due to be submitted to the Committee during the first quarter of 2017 (minute AUD/16/24 and 27 above also refer).  Given the proximity of the 9 January 2017 meeting and the large number of items already scheduled to be considered on that date it was felt that the update should be considered by the Committee at its meeting on 3 April 2017.

RESOLVED

that the proposed Audit Committee work programme for the 2016/17 municipal year, as attached at Appendix A of the report of the Committee Services Manager and Committee Services Officer, be approved subject to including the submission of an update on the development and approval of an IT Disaster Recovery Plan to the meeting on 3 April 2017.