Agenda and minutes

Audit and Risk Management Committee - Monday, 21st June, 2021 4.00 pm

Venue: Council Chamber, Fenland Hall, County Road, March

Contact: Jo Goodrum  Member Services and Governance Officer

Items
No. Item

ARMC9/21

Appointment of Chairman for the Municipal Year

Minutes:

It was proposed by Councillor Mrs French, seconded by Councillor Tierney and resolved that Councillor Kim French be elected as the Chairman of the Audit and Risk Management Committee for the Municipal Year.

 

ARMC10/21

Appointment of Vice Chairman for the Municipal Year

Minutes:

It was proposed by Councillor Booth, seconded by Councillor Mrs French and resolved that Councillor Mrs Davis be elected as the Vice Chairman of the Audit and Risk Management Committee for the Municipal Year.

 

ARMC11/21

Previous Minutes. pdf icon PDF 201 KB

To confirm the minutes of the meeting of 1 February 2021.

Minutes:

The minutes of the last meeting held on 1 February 2021 were approved and signed as a true and accurate record.

 

Councillor Kim French stated that she would like it noted that, as part of the workplan, there will be some planned training for committee members prior to the September meeting.

 

ARMC12/21

External Audit Plan 2020/21 pdf icon PDF 5 MB

Report Attached

Minutes:

Members considered the External Audit Plan for 2020/21 presented by Mark Hodgson from Ernst &Young (EY).

 

Members asked questions, made comments and received responses as follows:

 

·         Councillor Booth referred to the report highlighting and identifing the audit risks associated with the Council’s work and projects and expressed the opinion that with regard to the new commercial investment initiative that the Council is embarking on, he did not feel that the element of work was adequately captured within the risks shown. Mark Hodgson stated that consideration was given last year to the arrangements as part of the setting up of that entity under the value for money conclusion and the governance structure around it and as part of last year’s audit is was concluded that there were no issues to bring to members attention. He added that in terms of this year’s audit, it would become an audit issue where the transactions of the subsidiary company reached such a level where they needed to be consolidated into the Council’s accounts and based on the information up until the 31 March 2021 that level had not been reached and, therefore, does not appear as an audit risk in 2020/2021. Mark Hodgson stated that this is reviewed and as the level of transactions increases it may then be noted as a group audit risk. Councillor Booth stated that it is, therefore, likely that in a years’ time it will be included within the list of risks and Mark Hodgson stated that considering the trajectory of the transactions that is the potential.

·         Councillor Booth stated that concerns have been raised regarding the structure of the newly formed Audit and Risk Management Committee following the decommissioning of the Corporate Governance Committee and he asked Mark Hodgson to clarify that, as there will be potentially a decision making body that will report into the committee, would the governance arrangements form part of his audit work and would an audit opinion be provided on its suitability. Mark Hodgson stated that it will form part of the deliberations for the value for money conclusion and a risk assessment will be brought back to a future committee meeting. He added that one aspect underpinning that value for money conclusion and the criteria for it will be the arrangements for an Audit Committee against how the Council’s committee has been set up and whether it is appropriate and in line with good practice and standing guidance for the sector.

·         Councillor Booth asked whether assurances would be given with regard to resourcing and asked that, if there are going to be changes, the information is communicated to the Finance Team. Mark Hodgson stated that there are no plans to come onto site due to Covid restrictions and the audit will be carried out remotely in the same way as it was completed in 2019/20. He added that it has been discussed and agreed with Peter Catchpole, the Section 151 Officer, an appropriate timescale, which is agreeable to all parties and there  ...  view the full minutes text for item ARMC12/21

ARMC13/21

Risk Based Internal Audit Plan 2021/22 pdf icon PDF 324 KB

To consider the Internal Audit Plan and the areas for audit review and the availability of internal audit resources.

Minutes:

Members considered the Risk Based Internal Audit Plan 21-22 presented by the Internal Audit Manager, Kathy Woodward.

 

Members asked questions, made comments and received responses as follows:

 

·         Councillor Booth stated that he appreciates that last year was a difficult year for certain aspects of audit work to be undertaken due to the other priorities that the Council had to deal with and asked Kathy Woodward whether the audit work that was carried out had raised any concerns and topics of audit work that needed to be carried forward into this year’s plan and whether she was confident that the aspects of audit work had been sufficiently captured in the plan before the committee. Kathy Woodward agreed that last year was very challenging and stated that the areas that were able to be covered last year were topics that were considered to be of particular high risk and an adopted approach was undertaken where emerging risks were looked at and things that were associated with work around the Covid pandemic responses. She added that there were no areas of high risk that were not looked at in 2021 and she is confident that the work that was carried out last year and the additional work that was carried out specifically with regard to consultancy engagements that were not specifically on the Audit Plan have left the Council in a good enough position where she was still able to provide an audit opinion on last year and support the work on the current year’s Audit Plan.

·         Councillor Booth stated there has been much debate with regard to the Local Authority Trading Company and the potential risks that it poses to the Council and he added that the allocation in the plan of 10 days to the audit work associated to that topic, in his opinion, is not enough time, bearing in mind the complex investment strategies that could be pursued, and as it is a new area it may take time to understand the subject matter and, therefore, in his view, the time allocated should be increased. Kathy Woodward stated that with any new item that comes onto the Audit Plan it must be based somewhere and any high-risk topic is allocated 10 to 12 days which are incorporated into the plan. She added that there are contingency days available and the Audit Plan is flexible and more time can be allocated if necessary. She agreed that it is a high risk area due to the fact that it is new topic and the high sums of money involved, but is comfortable that the plan can be reviewed and days reallocated if deemed necessary. Councillor Booth stated that in the past additional capacity for extra work has been discussed and the contingencies have been very tight with regards to timescales in the plan versus the resources available and he added that the plan does need to be flexible so that it can be changed if the situation changes.

·         Councillor Booth stated that  ...  view the full minutes text for item ARMC13/21

ARMC14/21

Internal Audit Charter pdf icon PDF 268 KB

To consider the Internal Audit Charter.

Minutes:

Members considered the Internal Audit Charter presented by the Internal Audit Manager, Kathy Woodward.

 

Members asked questions, made comments and received responses as follows:

 

·         Councillor Booth asked for clarification that when the next external peer review takes place, they also review the Internal Audit Charter. Kathy Woodward confirmed that when the external assessment takes place, they look at the Council’s Charter and they use the Public Sector Internal Audit Standards and the Local Government Application notes to ensure compliance.

 

The Committee considered and approved the Internal Audit Charter.

ARMC15/21

Regulation of Investigatory Powers Act (RIPA) - Update pdf icon PDF 409 KB

This report gives Members an update on the Council’s use of the Regulation of Investigatory Powers Act 2000 (RIPA). This is a regular update that advises Members about the Council’s use of RIPA. The Council’s current RIPA Policy is attached to this report as an Annex for information.

 

To update members in relation to the outcome of the external inspection of the Council’s RIPA policy and procedures which were assessed by the Investigatory Powers Commissioner's Office (IPCO) earlier this year. Inspections take place every three years, the previous review took place during 2018.

Minutes:

Members considered the Regulation of Investigatory Powers Act update presented by the Head of Transformation, Customer Services and Democracy, Anna Goodall.

 

Members asked questions, made comments and received responses as follows:

 

·         Councillor Tierney stated that the report speaks very well of the Council, by virtue of the fact that the powers have had to be used rarely and the fact that the gravity of their use is understood. He added that it is pleasing to see that the Council does not overuse or intend to overuse the powers the act provides, like other local authorities. He added that the additional reporting with regards to data is also an excellent idea and the privacy of our resident’s data is as important as the ability of the Council keeping things under control.

·         Councillor Booth stated that he agrees with comments made by Councillor Tierney, however, he queried whether the powers could be used more when the Council is dealing with cases of fly tipping which could lead to prosecutions.

·         Anna Goodall stated that there have been some very notable and successful prosecutions with regard to fly tipping over recent years, where RIPA has not had to be used and instead information of the potential perpetrator was found within the contents of the fly tipped waste. She added that the successful prosecution of the individuals, also acts as a deterrent to others who may consider fly tipping inappropriately and whilst the issue of fly tipping is taken very seriously, it is also vital that the use of RIPA is used as necessary in proportionate means whilst still being able to successfully address other illegal activity through fly tipping.

·         Councillor Booth stated that there are regular fly tipping hotspots in his ward and by having cameras in place to catch those individuals responsible, in his opinion, is not misuse of the powers in those circumstances.

 

The Committee agreed to note the report.

ARMC16/21

Corporate Risk Register Review pdf icon PDF 602 KB

To provide an update to the Audit and Risk Management Committee on the Council’s Corporate Risk Register

Minutes:

Members considered the Corporate Risk Register review report presented by the Head of Human Resources and Organisational Development, Sam Anthony.

 

Members asked questions, made comments and received responses as follows:

 

·         Councillor Booth questioned whether the risk associated with the failure of contractors and the risk ratings of what the inherent risk is as opposed to the current risk could be reviewed. He stated that he had made the observation previously that the two ratings were the same and, in his opinion, with all the actions that are in place he felt the rating should be lower. Sam Anthony agreed to review the document and feed back to Councillor Booth.

·         Councillor Wicks stated that he notices that there is no risk listed with regard to a malicious attack on the computer system and asked whether it is something that should be considered? Sam Anthony stated that cybercrime is listed on the document, failure of ICT systems is risk 4 and breach of ICT security is item 6, both of which cover malicious attacks and cybercrime events. Councillor Wicks asked whether the scoring is high enough to mitigate such risks and Sam Anthony stated that the ICT team have considered the scores and the additional actions that have been put in place and they feel that the score ratings are accurate, however, she will ask them to revisit the document to make sure.

 

The Committee agreed the Corporate Risk Register’s latest update.

ARMC17/21

Revised Whistleblowing Policy pdf icon PDF 280 KB

To provide an update to the Audit and Risk Management Committee on the Council’s revised Whistleblowing Policy

Minutes:

Members considered the Revised Whistleblowing policy report presented by the Head of Human Resources and Organisational Development, Sam Anthony.

 

Members asked questions, made comments and received responses as follows:

 

·         Councillor Booth stated that it is an important policy and added that he has a concern about the prominence of the ability to go to external sources to discuss whistleblowing concerns and speaking to independent people if an individual wants to talk things through. He expressed the opinion that the policy is very line manager heavy, which can be a deterrent for people to raise concerns and might be evident by virtue of the fact that the policy has only ever been used once. He expressed the view that consideration should be given to the promotion of the external sources available for individuals to discuss their concerns rather than having to go via their line manager. Sam Anthony stated that the comments made by Councillor Booth are valid and added that the Council would always intend to follow any approval from members with some training or updates for staff on the Council’s e-learning system and also staff briefings. She stated that there is the opportunity to ensure that the policy is heavily promoted to staff and then a review would take place 6 or 12 months after somebody has raised a concern where they would be asked how they felt after raising a concern and what could be done to make improvements.

 

The Committee agreed to note and approve the revised Whistleblowing Policy.

ARMC18/21

Audit and Risk Management Committee Workplan pdf icon PDF 166 KB

For information.

Minutes:

Members considered the Audit and Risk Management Committee workplan presented by the Corporate Director and Section 151 Officer, Peter Catchpole.

 

Members asked questions, made comments and received responses as follows:

 

·         Councillor Booth asked whether it was possible for a quarterly update to be provided on the status of audit work being carried out with regard to the Internal Audit Plan at the July meeting. Kathy Woodward stated that her quarter 1 progress report is due to be presented to the committee in September, however, a verbal update can be provided.

 

The Committee agreed to note the Work Programme for information purposes.

ARMC19/21

Items of Topical Interest.

Minutes:

There were no items of topical interest to discuss.