Agenda and minutes

To confirm the Minutes of the meeting held on 17 May 2018 as a correct record.

The minutes of the meeting held on 17 May 2018 were approved as a correct record.

To receive any disclosures of interest from Councillors in accordance with the Council’s Code of Conduct for members.

There were none.

To receive a report from the External Auditor.

The Chief Finance Officer reported that external auditors appointed by the Audit Commission, KPMG, were required, in accordance with international auditing standards and statutory requirements, to report annually to the Council on:

·         Their opinion on the Council’s Statement of Accounts

·         Any uncorrected items in the Statement of Accounts

·         Qualitative aspects of the Council’s accounting practices and financial reporting

·         The Annual Governance Statement

·         Their annual Value for Money conclusion

They also reported annually on their audit of the Council’s accounting and internal control systems.

Phillip Johnstone, on behalf of KPMG, presented the report and responded to members’ questions. Mr Johnstone focused particularly on providing a detailed update on where KPMG were with concluding their Value for Money opinion with respect to the BP Campus purchase by the Council in 2016. He explained that KPMG in response to the very large size of the deal (the largest single commercial acquisition by a Council in England) had been taking a very thorough review and that this was nearing conclusion. Mr Johnstone indicated that whilst KPMG were satisfied that the Council had undertaken appropriate due diligence, had appropriate professional advisers, had undertaken appropriate financial modelling that the external auditors were minded to make some recommendations with respect to how the delegation decision was recorded and published and with respect to their view that additional analysis of future value options beyond year 20 should have been undertaken. As a result the Value for Money (VFM) opinion likely to be adverse. Once the 2016/17 VFM opinion is issued KPMG will be able to sign off the 2016/17 accounts. Mr Johnstone indicated that this would probably be late August.  Mr Johnstone indicated that KPMG were still reviewing the 2017/18 commercial acquisitions and that he could not yet advise therefore when the 2017/18 VFM opinion and in turn the opinion on the 2017/18 Statement of Accounts could be issued. The Chairman expressed the Council’s desire that this would be before the next scheduled meeting of the Audit Committee.

Resolved that:

1)    The External Auditor’s 2016/17 DRAFT audit report (Appendix A) be noted, with the expectation of the FINAL version being available by the end of August 2018.

2)    The recommendations, comments, lessons learned and risks (associated with ‘lease expiry’ of the BP property) as covered in the report be noted.

3)    The 2017/18 External Auditor’s DRAFT audit report shall follow after content of the 2016/17 (final) version has been noted, and shall offer additional considerations to the property acquisitions, based on recent ‘lessons learned’.

4)    That on receipt of the external auditors’ final reports for 2016/17 and 2017/18 the accounts for both 2016/17 and 2017/18 be signed off by the Chairman of the Audit Committee and Chief Finance Officer.

The Chief Finance Officer presented his report and outlined the content of the Annual Governance Statement (AGS) 2017/18.

The Chief Finance Officer highlighted that the external auditors were comfortable that the Statement applied with good practice.

The Statement reviewed arrangements for corporate governance and internal control as required by the Accounts and Audit Regulations 2006.

Resolved that the draft Annual Governance Statement at Appendix 1 to the report of the Chief Finance Officer be approved and that the improvement actions identified in the Statement be endorsed.

To receive a report by the Internal Audit Manager.

The Internal Audit Manager presented the Annual Internal Audit Report 2017/18 with further detail in Appendix A.

She highlighted improvements to the RAG ratings of the ‘Summary of Internal Audit Work for the year 1 April 2017 – 31 March 2018’ document (Appendix A) and also the greater number of corporate initiatives now being audited.

Members discussed the issue as to ongoing ownership/responsibility of ‘system administration’, such as local system administrators, with more than one person assigned to review the systems and processes, and possible options for improving the matter.

The Internal Audit Manager agreed to include this risk on future Risk Registers, with an update, as requested by the Chairman, being provided at the next Audit Committee Meeting in November 2018. 

Resolved to:

1.    Note the Annual Internal Audit Report 2017/18.

2.    Include the System Administration risk in future Risk Registers.

To receive a report by the Internal Audit Manager.

The Internal Audit Manager summarised the risks affecting the Council as outlined in the report, and highlighted:-

·         Project Management

·         Information Governance (Organisational Measures)

·         Resilience, Resources and Capacity

·         Acquisitions and Investments (Rental income)

However, the lack of a robust GDPR project plan offers further scope for improvement, particularly in the IAR (Information Asset Register) area.

It was pointed out by officers that there is a detailed action plan for all service areas to follow through to completion the lower priority aspects of the GDPR requirements which have not been fully implemented yet. Progress of these plans will be monitored on a regular basis by Management Team.

The Committee discussed a number of risks associated with segregation of duties, which is seen to be a long standing issue, given the scale of the Council and some of the service teams.

This was raised particularly with respect to systems administration duties..

The Internal Audit Manager said that some issues are being managed more locally and that she would recommend that Managers regularly review the Audit Logs as a set of controls which help mitigate segregation of duties risks.

During the discussion on the Risk Register, Members asked questions on the following, to which the Internal Audit Manager responded:-

·         Recruitment and retention

·         Acquisition projects

·         Risk Plan

The Corporate Risk Register was considered to be an accurate reflection of the high level risks affecting the Authority and progress on actions was documented on the Register.

Resolved that:

1.    The contents of the Corporate Risk Register be noted and accepted;

2.   That the Corporate Risk Register be recommended to Cabinet for approval.

To consider and approve the work programme for the municipal year.

The Committee considered its Work Programme for the remainder of the 2018-2019 Municipal year.

Resolved that the Committee Work Programme for the remainder of the 2018-2019 Municipal year, be approved.