Venue: Meeting Room 1, Council Offices, Priory Road, Spalding
Contact: Christine Morgan 01775 764454
Declaration of Interests
Where a Councillor has a Disclosable Pecuniary Interest the Councillor must declare the interest to the meeting and leave the room without participating in any discussion or making a statement on the item, except where a Councillor is permitted to remain as a result of a grant of dispensation. ‘
There were none.
To sign as a correct record the minutes of the following meetings:
The minutes of the following meetings were signed by the Chairman as a correct record:
· Governance and Audit Committee meeting – 3 December 2015
· Special meeting of the Governance and Audit Committee – 21 January 2016
South Holland District Council (report of KPMG enclosed)
Consideration was given to KPMG’s External Audit Plan for 2015/16, which was presented to the Committee by the Audit Manager, KPMG.
The external auditor’s statutory responsibilities and powers were set out in the Local Audit and Accountability Act 2014 and the National Audit Office’s Code of Audit Practice.
The audit had two key objectives, requiring the external auditor to audit/review and report on the Authority’s:
· Financial statements (including the Annual Governance Statement): providing an opinion on the Authority’s accounts; and
· Use of resources: concluding on the arrangements in place for securing economy, efficiency and effectiveness in the Authority’s use of resources (the value for money conclusion).
Financial Statements Audit work followed a four stage audit process, and Appendix 1 to the report provided more detail on the activities that this included. The report concentrated on the Financial Statements Audit Planning stage of the Financial Statements Audit.
Value for Money Arrangements work followed a five stage process. More detail was provided within the report of what this included, and the report also concentrated on explaining the Value for Money approach for 2015/16.
The following headlines within the report were provided:
Financial Statement Audit
There were no significant changes to the Code of Practice on Local Authority Accounting in 2015/16, which provided stability in terms of the accounting standards the Authority needed to comply with.
Materiality – Materiality for planning purposes had been based on this year’s budget and was set at £600,000. KPMG were obliged to report uncorrected omissions or misstatements other than those which were ‘clearly trivial’ to those charged with governance, and this had been set at £30,000.
Significant risks – Those risks requiring specific audit attention and procedures to address the likelihood of a material financial statement error had been identified as:
· Management override of controls;
· Fraudulent revenue recognition; and
· Provision for business rate appeals
Other areas of audit focus – Other areas of audit focus were those risks with less likelihood of giving rise to a material error but which were nevertheless worthy of audit understanding. KPMG had not identified any such risks at this stage, but they would review how amendments to accounting standards affected the Authority and the change in the Authority’s approach to the minimum revenue provision.
Value for Money Arrangements work
The National Audit Office (previously the Audit Commission) had issued new guidance for the VFM audit which applied for the 2015/16 audit year. The approach was broadly similar in concept to the previous VFM audit regime, but there were some notable changes:
· There was a new overall criterion on which the auditor’s VFM conclusion was based;
· The overall criteria was supported by three new sub-criteria.
KPMG’s risk assessment was ongoing and they would report VFM significant risks during their audit.
The Committee was also advised of KPMG’s Audit fee. Their Audit Fee Letter 2015/16 had been presented to the Committee in April 2015, and had set out fees for the 2015/16 audit. The letter had also set out their assumptions. The planned ... view the full minutes text for item 40.
Annual Report (report of KPMG enclosed)
Consideration was given to KPMG’s Certification of grants and returns 2014/15. The report summarised the results of work they had carried out on the return. This included the work they had completed under the Public Sector Audit Appointment certification arrangements, as well as the work completed on other grants/returns under separate engagement terms. The work completed in 2014/15 was:
· Under the Public Sector Audit Appointment arrangements, KPMG certified one claim – the Council’s 2014/15 Housing Benefit Subsidy claim. This had a value of £19.6 million.
· Under separate assurance engagements, KPMG also certified the Housing Pooling return.
KPMG’s work on the Authority’s Housing Benefit Subsidy claim was subject to a qualification letter. As a result of issues identified in the previous year, and as a result of their initial work, it was necessary to perform:
· 100% testing in relation to six specific issues where KPMG were able to effect claim adjustments; and
· 40+ testing in relation to six further issues from which KPMG could not reach a conclusion as to whether the claim was fairly stated.
This was an increase in the amount of work from the previous year.
KPMG’s work on the Authority’s Housing Pooling Return resulted in the following reports:
· An unqualified assurance report was issued in respect of this return, although issues were noted in respect of:
o Previously reportable capital allowances being incorrectly recorded as relating to expenditure incurred in buying a relevant interest in a dwelling; and
o Capital receipts in respect of mortgage repayments had not been recorded in the appropriate quarter to which they related.
Cell amendments were agreed with the Council for these errors with neither having an effect on the amount of poolable receipts by the Authority.
Adjustments were necessary to both of the Authority’s grants and returns as a result of KPMGs certification work for the year.
· Their work on the Housing Benefit Subsidy claim resulted in a reduction of subsidy claimed of £2,192; and
· Whilst their work on the Housing Pooling return did not affect the amount of poolable receipts, amendments of £5,771,998 and £440 to differing cells were required.
The findings in respect of the Housing Benefit Subsidy claim were similar to those of the previous year whilst those in respect of the Housing Pooling return were new.
The indicative fee for KPMG’s work on the Authority’s 2014/15 Housing Benefit Subsidy was set by Public Sector Audit Appointments at £8,120. The actual fee for this work was £9,390 which was still subject to determination by PSAA. KPMGs fees for the other ‘assurance’ engagements were subject to agreement directly with the Council and were £3,000.
The Committee considered the report and the following questions were asked:
· With regard to fees, did a portion fall to the Housing Revenue Account?
o The pooling return did however, Housing Benefit fell to the General Fund.
· Were the errors that were identified a result of mistakes or non-compliance?
o They were mistakes, due to the complexity of the issues ... view the full minutes text for item 41.
To update the Committee on progress with the Audit Plan – December 2015 to mid-February 2016 (report of the Audit and Risk Manager (Audit Lincolnshire) and the Executive Director Commercialisation enclosed)
Consideration was given to the report of the Audit & Risk Manager (Audit Lincolnshire), and the Executive Director Commercialisation which provided an update on progress with the Audit Plan between December 2015 to mid-February 2016.
The purpose of the report was to:
· Advise of progress being made with the 2015/16 Audit Plan;
· Provide details of the audit work during the period;
· Provide details of the current position with agreed management actions in respect of previously issued reports; and
· Update the committee on any changes to the 2015/16 Audit Plan and any other matters that may be relevant to the Governance and Audit Committee role.
Contained within the appendices which were attached to the report was detailed information in relation to Assurance Definitions (Appendix 1); Audits with Limited Assurance (Appendix 2); and the Internal Audit Plan and Schedule (Appendix 3).
As detailed within the report, all work was planned for completion by the end of March 2016. The Audit and Risk Manager (Audit Lincolnshire) confirmed that internal audit services for South Holland District Council would be provided by Eastern Internal Audit Services from 1 April 2016, and that she would be meeting with the Executive Director Commercialisation next week to consider handover of the new audit plan.
The Committee was also advised that within the report at section 1.13, the implementation date under ICT Strategy and Projects should be 31 March 2016, not 31 June 2015 as stated.
Members considered the information detailed within the report, and the following issues were raised:
· Section 1.13 (Follow Up on Outstanding Audit Recommendations) – The recommendation for Mobile Devices had a completion date of 29 February 2016. Had this been completed?
o A follow-up had been undertaken mid-February and this was currently the most up to date position. The status would be ascertained and fed back to Committee members.
· Limited assurance had been provided in relation to the ICT Software and ICT Strategy and Projects audit. Could the internal auditors explain this?
o The Audit and Risk Manager advised that Appendix 2 provided a fuller explanation of the background to the limited assurance provided to ICT Strategy and Projects, and the actions required. She advised that if the Committee wanted an update on progress with these, that the ICT Director (CPBS) would be able to provide this information.
o The Chief Accountant commented that there were management actions outside of ICT that would have impact on this area.
· Had lessons been learned from the recent ICT security breach at Lincolnshire County Council?
o The Audit and Risk Manager advised that lessons had been learned, that there had been a de-brief following the incident, and that a more formal de-briefing session would be held at the end of March. She advised that she would share information on cypber-risks with the Internal Audit Consortium Manager.
o The Audit and Risk Manager also commented that the limited assurance opinion for the two ICT reports showed that improvement was required in the governance of ICT by CPBS. The ... view the full minutes text for item 42.
This report provides an overview of the stages followed prior to the formulation of the Strategic Internal Audit Plan for 2016/17 to 2018/19 and the Annual Internal Audit Plan for 2016/17. The Annual Internal Audit Plan will then serve as the work programme for the Council’s Internal Audit Services Contractor; TIAA Ltd. It will also provide the basis for the Annual Audit Opinion on the overall adequacy and effectiveness of South Holland District Council’s framework of governance, risk management and control (report of the Internal Audit Consortium Manager enclosed)
Consideration was given to the report of the Internal Audit Consortium Manager who provided information on the Strategic and Annual Internal Audit Plans 2016/17. The purpose of the report was to provide an overview of the stages followed prior to the formulation of the Strategic Internal Audit Plan for 2016/17 to 2018/19 and the Annual Internal Audit Plan for 2016/17. The Annual Internal Audit Plan would then serve as the work programme for the Council’s Internal Audit Services Contractor, TIAA Ltd. It would also provide the basis for the Annual Audit Opinion on the overall adequacy and effectiveness of South Holland District Council’s framework of governance, risk management and control.
The Accounts and Audit Regulations 2015 required that ‘a relevant authority must undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account public sector internal auditing standards or guidance’. These standards were set out in the Public Sector Internal Audit Standards (PSIAS) which came into effect in April 2013.
The appendix attached to the report contained;
· The Internal Audit Charter which formally defined the internal audit’s purpose, authority and responsibility, and was a mandatory document. The charter also displayed formal commitment to the definition of internal auditing, the code of ethics and the Public Sector Internal Audit Standards;
· The Internal Audit Strategy, which was a strategic high level statement on how the internal audit service would be delivered and developed in accordance with the charter and how it linked to the organisational objectives and priorities;
· The Strategic Internal Audit Plan, which detailed the plan of work for the next 3 financial years;
· The Annual Internal Audit Plan, which detailed the timing and the purpose of each audit agreed for inclusion in 2016/17; and
· Provided the Committee with the performance measures against which the new contractor would be monitored.
The Committee considered the report, and the following issues were raised:
· It was noted that East Lindsey District Council’s audit team had previously audited CPBS for both South Holland District Council and East Lindsey District Council.
o The Internal Audit Consortium Manager advised that this was the case, and that reliance would be placed on this. There would be a continuation of the current arrangements.
· Why did East Lindsey District Council audit CPBS?
o It was ascertained that this arrangement was historic as East Lindsey District Council were majority owners of CPBS i.e.there was a 60/40 split. For the first year of the new audit arrangements, this would continue however after this, the arrangements would be looked into.
· The Committee acknowledged that the arrangement would continue for the first year, but it would monitor the situation.
o The Internal Audit Consortium Manager advised that when a progress report was due, she would ask that the Head of East Lindsey’s Internal Audit section attend the meeting.
a) That the report be noted;
b) That the Committee approve:
· The Internal Audit Charter for 2016/17;
· The Internal Audit Strategy for 2016/17;
· The Strategic Internal ... view the full minutes text for item 43.
To confirm the response to the external audit mandatory inquiries (report of the Executive Director Commercialisation (S151 Officer) enclosed).
Consideration was given to the report of the Executive Director Commercialisation which asked members to confirm the response to the external audit mandatory enquiries.
In order to comply with a number of International Standards of Auditing, external auditors were required to obtain an understanding on how those charged with governance exercised oversight of management’s process in relation to fraud, laws and regulations and going concern. To assist this work, which formed part of the annual audit, the external auditor issued a number of questions to those charged with governance. This year’s focus was on fraud and significant unusual transactions.
Appendix A set out the enquires to those charged with governance. It had been pre-populated to a large extent, where possible, following discussion between the Section 151 Officer and Internal Audit. However, one question on fraud asked for an opinion and it was therefore felt inappropriate to pre-empt the Committee’s response.
Members were asked to consider these responses and to be satisfied that they corresponded to the Committee’s own view of affairs, or whether the responses required modification.
The Committee considered the report and agreed that they were happy with the responses .
That the response to the external audit mandatory inquiries be approved.
To consider the anti-fraud policy in relation to the Council Tax Support scheme (report of the Executive Director Commercialisation (S151 Officer) enclosed).
Consideration was given to the report of the Executive Director Commercialisation (S151 Officer) which provided information on the anti-fraud policy in relation to the Council Tax Support scheme.
Council Tax Support replaced the national Council Tax Benefit system in April 2013 under the Welfare Reform Act 2012, and local authorities were required to have in place a locally determined scheme for working age residents.
It was a legislative requirement that those who received state pension would continue to receive support under the Council Tax Support Scheme on the same terms as would have applied under the old Council Tax Benefit scheme.
Activities outlined in the policy were carried out in practice by trained and experienced officers, with compliance to relevant legislation and governance. To ensure transparency, and to act as a deterrent, the process had been brought together in a Council Tax Support Anti-Fraud Policy. This was attached as Appendix A to the report.
The Committee was advised that this was a relatively new situation for the Council, and the Authority would have to look at what it spent on Council Tax Support. The cost of the scheme had to be examined, and the overall policy reassessed.
The Chief Accountant advised that officers were looking at identifying areas of discount that were discretionary, and that levels had to be set. He stated that information regarding this would be presented to the Committee in the future so that it could provide input.
a) That the report be noted; and
b) That information on the setting of levels of discount that was discretionary would be presented to the Committee for consideration in due course.
To inform the Committee on the current status of the Councils’ strategic risks (report of the Executive Director Strategy and Governance enclosed).
Consideration was given to the report of the Executive Director Strategy and Governance, which updated the Committee on the current status of the Authority’s strategic risks.
The last risk report to the Governance and Audit Committee was in December 2015. Since then, work had continued on configuring the new corporate performance and risk monitoring system, Covalent. The report had been generated using the new system and included updates on strategic risks for quarter 3, 2015/16. Changes had been made to the layout of the report including the addition of the original risk score and details of the controls/mitigation in place.
Strategic risks were captured on the Corporate Dashboard, reviewed by Executive Management Team quarterly. In addition, risks were reviewed monthly at the officer-led Performance, Risk and Audit Board, chaired by the Executive Director of Strategy and Governance.
Strategic risks had been reviewed and updated with responsible members of the Executive Management Team (EMT). The strategic risk register included twelve strategic risks (detailed at Appendix A to the report). These covered the over-arching risks that may affect the strategic direction of the Council, rather than risks linked to business continuity or those that affected discreet service areas.
Following recent high profile media coverage regarding the ICT breach at Lincolnshire County Council, a strategic risk had been developed relating to the security of ICT at South Holland. The severity of an attack on the ICT, and the resulting shut down in order to avoid breaches of data, had meant that the risk was currently scored as a high risk after controls and mitigation. This would continue to be monitored.
Strategic risks typically affected the whole of the organisation and not just one or more parts of it. Strategic risks could potentially involve very high stakes and often affect the ability of the organisation to survive, e.g. impact on the ability of the Council to achieve its corporate plan objectives and purpose. Strategic risks were managed at Board (EMT) level.
The Risk Framework was currently under review, alongside the implementation of the new ICT system. As part of the Risk Framework review, the procedure in which an operational risk became a strategic risk had been considered. It was recommended that operational risks continue to be monitored monthly as part of the Performance, Risk and Audit Board and where a risk remained at a score of fifteen for a period of more than one quarter after controls and mitigation had been put in place, this risk would then be considered a strategic risk and therefore be reported to the Governance and Audit Committee.
As a result of the Risk Framework review, the risk matrix had been changed from a 3 x 3 to a 5 x 5 matrix, based on best practice in comparable organisations. This provided a more comprehensive assessment and understanding of risk likelihood and impact. The matrix resulted in a numerical score which combined the impact of the risk occurring with the likelihood of it happening. Risks fell into High, Medium ... view the full minutes text for item 46.
To set out the Work Programme of the Governance and Audit Committee (report of the Shared Executive Manager Governance enclosed).
Consideration was given to the report of the Democratic Services and Legal Manager, which presented the Work Programme of the Governance and Audit Committee, as set out in Appendix A within the report.
The schedule of meetings for 2016/17 was now available, and dates for Governance and Audit meetings had been added to the Work Programme. Regular items had been transferred from the 2015/16 municipal year to the appropriate meeting dates for the new municipal year. Contributors were requested to confirm that the reports, and the meeting dates on which they were to be reported, were correct.
The Committee considered the report and the Work Programme for the forthcoming year and agreed all items on it were correct.
The external auditor advised that at meetings where no full reports were being presented to the Committee, progress reports would be provided.
a) That the report be noted;
b) That progress reports from the external auditor be added to the Work Programme to meetings where no full report was being presented.