Agenda and draft minutes

Up to 15 minutes are allowed for public participation. Participants are restricted to 3 minutes each.

There was no public participation.

To confirm and sign as a correct record the Minutes of the Meeting of the Governance and Audit Committee held on 16 July 2024

Members heard from the Senior Democratic and Civic Officer, who explained that there was an amendment to the minutes of the Committee meeting held on 16 July 2024. She detailed that Cllr Key had been a substitute for Cllr Darcel, of which was now accurately recorded. The content of the minutes was confirmed as the same, and the version provided to the Chairman was the accurate version.

RESOLVED that the minutes of the previous meeting held on 16 July 2024 be approved and signed as a true and accurate record of the meetings.

Members may make any declarations of interest at this point but may also make them at any point during the meeting.

There were no declarations of interest at this point in the meeting.

Matters Arising schedule setting out current position of previously agreed actions as at 16 September 2024.

Members considered the Matters Arising Schedule which had been updated to contain actions following the previous Committee meeting.

The Chairman noted that the Committee was expecting information regarding the Council’s procurement procedures; the Section 151 Officer responded that due to delays with the Procurement Act 2023, implementation was now expected in February 2025.

With no further comment, the Matters Arising Schedule was DULY NOTED.

Due to the absence of the Customer Experience Manager, the Committee heard from the Senior Democratic and Civic Officer, who highlighted the key points of the report for the committee, offering to take any questions away and respond to the committee on the return of the Customer Experience Manager.

It was explained due to the Ombudsman’s decisions made between April 2023 and March 2024, that no complaints were upheld against the Council.

Members welcomed the report, commenting that despite what they felt was a growing percentage of the public feeling unheard in wider society, the report indicated the Council generally worked well and efficiently, and that it emphasised the Council dealt with complaints in an appropriate manner.

Having been moved and seconded, on putting it to the vote, it was unanimously

RESOLVED that committee members welcomed this report, and after having had considered its contents were assured that the current complaint handling procedures were functioning adequately.

The Committee heard from the Council’s Section 151 officer, who explained that
Members had been provided with the same Annual Governance Statement in draft form during its meeting on 11 June 2024. Comments were encouraged from Members over the summer period, as part of a consultation process which would be concluded with signed recognition from the Chief Executive and Leader of the Council, alongside its approval within the 2023-2024 Financial Statements.

It was explained that no feedback had been received from Members regarding the statement.

The Chairman reiterated that the statement had previously been reviewed by Members, and no further comments had been received.

Having been moved and seconded, the Chairman took the vote, and it was unanimously

RESOLVED that Members had reviewed the updated Governance Statement 2023-2024 and its inclusion within the 2023-2024 Financial Statements be approved.

Members heard from the External Auditor who detailed the progress made on the risk assessment, he explained that the audit plan had been brought to Committee on 16 April 2024, and that the resulting Value for Money Risk (VFM) Risk Assessment was one component of the audit plan, and that a statement of financial accounts formed the second.

The Auditor provided a verbal update on the statement of financial accounts separately to the Value for Money Risk Assessment, explaining that as they approached the end of the audit there were no significant concerns. He explained that with regard to the Value for Money Risk Assessment, no significant risks of weakness had been identified; however, some improvement opportunities were highlighted regarding the medium-term financial plan, namely, the appropriateness of the identification and development of savings plans, and the monitoring of those saving initiatives.

It was further explained that the audit covered the effectiveness of governance processes, with no significant concerns identified; however, some improvement opportunities were identified, firstly, in relation to the timing of the Council’s Risk Management Strategy, which was currently being reviewed. Secondly, he highlighted that there was an opportunity for reflecting upon the Council’s process of procurement regarding contract exceptions. Thirdly, it was outlined that there were some opportunities for improvement and potential lessons to be learnt from the Council’s performance and provision of services, when compared to other similar authorities. Finally, he explained that there were considerations to be made regarding operating in partnership with other bodies.

The Auditor brought attention to the next steps for their team, which were to complete the work on financial statements, and then to build upon the findings of the audit if there were any other risk areas or observations identified. The work would then enter a public commentary phase, where the findings would be available to view on the Council website.

In response to a query from Members regarding the availability of the financial statements element of the audit, it was clarified by the Auditor that the report was due to be finalised and brought to the Committee in November 2024, ahead of the delayed statutory instrument deadline of February 2025 set by central government.

Members thanked the Auditor, and remarked on the report’s complexity and comprehensiveness, noting that the risk assessment outcome was low. However, concerns were raised that the Risk Assessment Management Strategy had not yet been released, to which the Section 151 Officer responded that the release of this strategy was dependent on the increased Member uptake in the completion of the Risk Management Questionnaire. Members were satisfied with this response, and the Section 151 Officer explained that the questionnaire would be recirculated to increase participation.

In light of potential financial constraints from central government, Members sought assurance that the findings of the audit had informed the Council’s forward planning, which was confirmed by the Section 151 Officer.

Having been moved and seconded, it was unanimously

RESOLVED that members had considered the content of the report and  ...  view the full minutes text for item 91.

Members were presented with an update from Internal Audit that outlined the progress which had been made on two reports. The Auditor brought attention to the postponement of the procurement audit, which had been delayed from October 2024 to November 2024, due to departmental changes, which had no overall impact on the timing of the report being brought to Committee.

The first of the reports presented was the ICT Operations Review, which focused on the robustness of the IT infrastructure in place. It was explained that overall, the audit team provided a positive opinion of reasonable assurance, with three medium and two low priority actions identified.

He explained that the ICT Disaster Recovery Policy could be enhanced with regard to Backup Management, in the event that ICT systems would require recovery. Similarly, he outlined that Business Impact Analysis (BIA) was still being completed by the Council at the time of the audit, which would need to be followed up in a later audit. Finally, it was explained that the Business Impact Analysis informed the Business Continuity Plan (BCP), and due to the former report still being updated, the latter plan was not yet fully up-to-date. Overall, he reiterated that the report was positive, with some areas for improvement, and welcomed questions from the Committee.

Members expressed a range of concerns in relation to ICT data recovery in the event of a cyber-attack. In response to these concerns, the Internal Auditor reiterated the risks surrounding ICT data recovery and clarified that this area was rated ‘medium’ rather than ‘high’ due to existence of appropriate safeguarding measures; however, he stressed the need to strengthen related policies to ensure they were sufficiently robust to mitigate risk.

Committee members expressed continued concern with regard to the Council’s ICT data recovery; as a result, the Chair enquired on the viability of bringing the Council’s ICT specialists to Committee or another appropriate setting within the next three months, in order to discuss the matter further.

The Chair emphasised the importance of audit in helping to better the Council, and Members further reiterated the imperative to update the necessary policies.

The Internal Auditor then presented a follow-up report, which highlighted the progress on any actions that were identified in the Internal Audit reports from the previous auditor. Upon review, the audit team confirmed that reasonable progress had been made, with an agreed plan to complete the remaining actions before a further review in February/March of 2025.

Members thanked the Auditors, explaining that their work had been beneficial to the
Council. With no further comments, the recommendations contained within the report were duly proposed and seconded, and on taking the vote it was

RESOLVED that Members had considered the content of the report and identified any actions required.

The Chairman invited the Section 151 Officer to present on the Revised Counter Fraud Corruption and Bribery Policy. She highlighted that contrary to the recommendation, the report was for noting at this stage, with the approval process to be confirmed.

            The report was DULY NOTED.

The Chairman requested that the ICT team speak to Members regarding the vulnerability of the Council to cyber-attacks, which was recorded by the Senior Democratic and Civic Officer as part of the Matters Arising Schedule.

Members heard from the Senior Democratic and Civic Officer, who confirmed that there were likely to be changes to the Workplan going forward.

With no requirement for a vote, the report was DULY NOTED.

To resolve that under Section 100 (A)(4) of the Local Government Act 1972, the public and press be excluded from the meeting for the following item of business on the grounds that it involves the likely disclosure of exempt information as defined in paragraph 7 of Part 1 of Schedule 12A of the Act.

RESOLVED that under Section 100 (A)(4) of the Local Government Act 1972, the public and press be excluded from the meeting for the following items of business on the grounds that they involved the likely disclosure of exempt information as defined in paragraphs 3 and 4 of Part 1 of Schedule 12A of the Act.

Note:               The meeting entered closed session at 2.52pm

The Committee was presented with an update on the Implementation of Fraud Risk Assessment Recommendations from the Section 151 Officer. It was explained that the report brought to the previous committee contained 38 recommendations. Fifteen of the 38 recommendations had been due to be implemented by the date of this committee meeting. Of the 15 recommendations due, 14 had been fully implemented, with one recommendation remaining in progress. A further update would be presented at the November meeting by which time 32 of the 38 recommendations would be due to have been completed. Members were assured that a follow-up audit would be completed to assess whether all recommendations had been implemented. Once this was completed, the details of the recommendations and subsequent actions would be presented as a public report.

With no requirement for a vote, the report was DULY NOTED.