To approve as a correct record the minutes of the meeting of the Audit Committee held on 9 January 2017 (copy attached). 

RESOLVED

that the minutes of the meeting of the Audit Committee held on 9 January 2017 be confirmed and signed by the Chairman as a correct record.

To receive from Members any declarations of interest.

None.

To receive any announcements from the Chairman and any matters of communication.

The following announcements and communications were made:

·         Clint Horne was welcomed to the meeting as the Council’s new Head of Internal Audit and Risk.

·         Ernst & Young LLP was not represented at the meeting because the company had no reports for consideration.  The Chairman reminded Members that Ernst & Young had presented its Audit Plan to the January meeting, which was in advance of its usual timetable.

·         Members were reminded of the presence of an exempt appendix for item 7 on the agenda.

·         all attendees were asked to silence their mobile telephones.

·         the Committee’s attention was drawn to unsubstantiated allegations of fraud within the Council.  The allegations could be found on a social media (Facebook) site.  Although a Member had requested that any evidence be submitted to the Council so that it could be investigated nothing had been forthcoming.

To receive petitions from members of the public in accordance with the Public Participation Procedure as set out in Annex 2 of Part A4 of the Constitution.

No petitions were received from members of the public in accordance with the Public Participation Procedure as set out in Annex 2 of Part A4 of the Constitution.

To receive any questions, statements or deputations from members of the public in accordance with the Public Participation Procedure as set out in Annex 1 of Part A4 of the Constitution.

No questions, statements or deputations were received from members of the public in accordance with the Public Participation Procedure as set out in Annex 1 of Part A4 of the Constitution.

To consider an update on the operation of the current Risk Based Verification (RBV) Policy and seek approval for the proposed Policy for 2017/18.

The Committee considered a report which provided an update on the operation of the current Risk Based Verification (RBV) Policy and sought the Committee’s approval of a new Policy for the coming year.  A copy of the proposed Housing Benefit and Local Council Tax Support Verification Policy 2017/18 was attached as an exempt document at Appendix A to the report.

Points and comments included:

·         it took, on average, 30 days to process a new claim although a low risk case could be processed in approximately a week.  Delays were sometimes experienced because claimants failed to submit the required supporting papers.  The Head of Revenues and Benefits added that the processing time had been adversely impacted over the last year because of IT related issues and the departure of a large number of staff, though the latter had been replaced and the new employees were undergoing training.

·         the number of new claims being made on-line was approximately 35%.  Discussions were being held with the Communications Team regarding further publicising the on-line benefits claim form following the implementation of the customer portal and e-billing/e-benefit notifications in the first Quarter of the 2017/18 financial year.

·         the recovery of overpayments was increasing.  Whilst the cost of the Revenue and Benefits Team had not reduced its efficiency had improved considerably.

·         the Department of Works and Pensions (DWP) had assumed responsibility for all welfare benefit fraud investigations since March 2016.  As such the Head of Revenues and Benefits was not aware of investigation outcomes since that date and he was therefore unable to compare outcomes over recent timeframes.

RESOLVED

that the proposed Housing Benefit and Local Council Tax Support (Risk Based) Verification Policy 2017/18, as attached at exempt Appendix A to the report of the Director of Resources, be approved and adopted.

(Note: Minute AUD/16/58 below also refers).

To consider an update on current plans for dealing with disaster recovery (DR) and the changing nature DR.

The Committee considered a report which updated members on the updated plan for ICT disaster recovery (DR) and set out how changes in external hosting arrangements were impacting on DR planning.

Points and comments included:

·         as more applications were moved to externally hosted sites the dependency on the on-site DR process was being reduced.  Although the migration to externally hosted data services brought with it new challenges it eased those that would have been faced through an internal systems loss.

·         whilst acknowledging that there were good reasons to move to cloud based services a Member stated that these suffered from regular malicious attacks by hackers. In response the Operations and Network Manager advised that companies such as Microsoft were fully aware of this issue and their software complied with the latest protocols.

·         a request from a Member for clarification on the security definition used for the Luton and Hoddesdon datacentres.  In response the Operations and Network Manager explained that both datacentres were rated as Tier 3; Tier 1 being the least secure and Tier 4 the most secure.

·         the Operations and Network Manager stated that there had been no full scale testing of the DR plan because of the impact on the Council.  Instead, unit testing was carried out on a regular basis.  In response to a Member’s query the Operations and Network Manager stated that he was not aware of any specific attacks on the Council’s internal systems.

NOTED

the report setting out the updated ICT Disaster Recovery Plan.

To consider the updated Local Code of Corporate Governance.

The Committee considered a report setting out the updated Local Code of Corporate Governance and sought approval for its adoption and publication.

Points and comments included:

·         in April 2016 the Chartered Institute of Public Finance and Accountancy (CIPFA) had revised its framework and guidance (‘Delivering Good Governance in Local Government’) so the opportunity had been taken to review the Council’s own Local Code of Corporate Governance and align it with that of CIPFA.

·         the Committee’s attention was drawn to a reference in Appendix A of the Council’s Local Code to the ‘County Council’.  The Head of Internal Audit and Risk undertook to amend this error.

·         CIPFA was challenged by professional bodies if it was perceived as failing to act in the wider interest of local authorities.  CIPFA itself was unable to impose sanctions on errant authorities but, through its close working with the Department for Communities and Local Government (DCLG), the latter would do so if necessary.

·         the Council already periodically assessed itself against its own Local Code and would now do so on an annual basis as required under the CIPFA framework and guidance.

RESOLVED

1          that the revised Local Code of Corporate Governance, as attached at Appendix A to the report of the Director of Resources, be approved and adopted subject to the correction of any typographical errors:

2          that, following correction, the revised Local Code of Corporate Governance be published on the Council’s website.

To consider the updated risk based Internal Audit Plan for 2017-19.

The Committee considered a report which set out the revisions to the 2017-19 Internal Audit Plan.

Points and comments included:

·         a query from a Member regarding the resourcing of the Internal Audit team given the workload scheduled over the next two years.  In response the Director of Resources explained that a contingency element was included within the Plan and he was confident that the team was adequately staffed, subject to filling the vacancy arising from an internal promotion.

·         a query by the Chairman on the possibility of linking risks to the Internal Audit Plan.  The Director of Resources responded that this was possible though some strategic risks were beyond the Council’s control.

·         reference by a Member to the closure of the Ampthill branch of the NatWest Bank on 10 June 2017.  Discussion took place on the impact on the Council given that this was the ‘corporate bank’ and used by the Authority for cash transfers.  Possible alternatives were suggested.  The Director of Resources advised that the level of cash transferred by the Council was declining.

RESOLVED

that the revised 2017-19 Internal Audit Plan, as set out at Appendix A to the report of the Director of Resources, be approved.

To consider an overview of the Council’s risk position as at March 2017.

The Committee considered a report which provided an overview of the Council’s risk position as at March 2017.

Points and comments included:

·         a suggestion by a Member that the forthcoming General Data Protection Regulations be included as a risk.  The Regulations, which provided a new European Union data protection framework, had been adopted in 2016 but did not apply until 2018.  They had wide ranging implications for the Council.

·         concern from a Member on a reduction in the quality of life for local residents as a result of a number factors including a reduction in air quality, increasing noise levels, pressure on education and health care provision, saturation of the transport infrastructure, the growth in residential development and an increase in population levels.  He suggested that these issues be considered together as a single strategic risk.  The Director of Resources undertook to consider this request at the time of the next review of the Strategic Risk Register.

NOTED

the strategic and operational risks facing Central Bedfordshire Council as set out in the risk Register Dashboard attached at Appendix A to the report of the Director of Resources.

To consider an update on the progress of work by Internal Audit for 2016/17.

The Committee considered a report outlining the progress made on Internal Audit work against the 2016/17 Internal Audit Plan up to the end of February 2017.

Points and comments included:

·         from 1 April 2018 the Sector-Led Body arrangement with Public Sector Audit Appointments Ltd (PSAA Ltd) would not oversee or appoint auditors for local authorities’ Housing Benefit Certification work.  From that date the Department of Work and Pensions (DWP) would assume responsibility for issuing guidance and providing support for the assurance process but not the appointment of auditors on behalf of local authorities which would have to make their own arrangements.  The DWP guidance was due to be published shortly.

·         Internal Audit work with regard to a review of Section 106 Agreements had been deferred pending the outcome of an external review which, amongst other issues, would cover the ‘trigger points’ for the payment Section 106 funds to the local authority.  The review was scheduled to be considered by Corporate Management Team in June or July 2017.

·         the reason for the issue of a Limited Opinion for the Council’s residential care homes would be checked, though the Director of Resources reminded Members that this was the first review since the care homes had been brought back under the Council’s direct control.

·         in future, when carrying out its assurance audits for Children’s Services,  Internal Audit would be adopting a risk based approach and targeting particular maintained schools where there were known to be budgetary issues.

NOTED

the progress made against the 2016/17 Internal Audit Plan.

To consider a summary of high priority recommendations arising from Internal Audit reports together with the progress made in their implementation.

The Committee considered a report which summarised the high priority recommendations arising from Internal Audit Reports and the progress made in implementing them.

Points and comments included:

·         the outstanding recommendations relating to IT Disaster Recovery had already been considered in a separate update on this agenda.

NOTED

the report setting out the high priority recommendations arising from Internal Audit reports and the progress made in implementing the recommendations to date.

(Note:  Minute AUD/16/51 above also refers).

To consider the Audit Committee’s work programme.

Members considered a report which set out the Committee’s work programme for the last part of the 2016/17 municipal year and the proposed content for the first two meetings in the 2017/18 municipal year.

RESOLVED

that the proposed Audit Committee work programme for the first two meetings in the 2017/18 municipal year, as attached at Appendix A of the report of the Committee Services Manager and Committee Services Officer, be approved subject to the following amendments to the reports scheduled to be considered on 29 June 2017:

a          delete ‘Annual Governance Statement 2015/16 (MC)’ and insert ‘Annual Governance Statement 2016/17 (MD)’

b          delete ‘2015/16 Internal Audit Annual Audit Opinion (CH)’ and insert ‘2016/17 Internal Audit Annual Audit Opinion (CH)’

To receive the exempt appendix.

Minute AUD/16/50 above refers.