Members were asked to consider whether they had any disclosable pecuniary interests and/or any other relevant interest in connection with any item(s) on this agenda and, if so, to declare them and state what they were.

No such declarations were made.

To approve the accuracy of the minutes of the meeting held on 14 November 2013

The Head of Legal and Member Services presented the minutes of the meeting held on 14 November 2013. With regard to the Improvement Board Review (minute 35 refers), a Member referred specifically to a proposal from the Improvement Board that, in order to strengthen the independent nature of the Audit and Risk Management Committee, consideration be given to the appointment of a majority of external members.

The Assistant Chief Executive referred to a previous recommendation from the Committee (minute 12 (10 June 2013) refers) that the Cabinet should consider the inclusion of a number of matters within the Corporate Risk Register. He advised that the Corporate Risk Register was the responsibility of the Chief Executive’s Strategy Group who, as part of the quarter two review, took account of the views of the Committee. The Group had agreed to add to the Register a number of high impact operational risks including the failure to safeguard vulnerable people and a sustained catastrophic failure in the Council’s ICT systems. However, the Group had considered that flood risk was adequately recognised in the existing Register under the ‘incidence of extreme weather events’ risk. Additionally, the risk associated with COMAH sites was also already recognised by and managed through the Council’s emergency planning arrangements, so it had not been necessary to add it to the Corporate Risk Register (see also minute 43 post).

Resolved –

(1)  That the minutes of the meeting held on 14 November 2013, be approved.

(2)  That the proposal from the Improvement Board Review that the Audit and Risk Management Committee should be comprised of a majority of external members be supported.

(3)  That the update in relation to the Corporate Risk Register be noted.

The Director – Assurance (Grant Thornton UK LLP) presented the Annual Audit Letter for Wirral Council, which summarised the key findings arising from the following work undertaken for the year ended 31 March 2013 –

·  Auditing the 2012/2013 accounts and Whole of Government Accounts submission;

·  Assessing the Council’s arrangements for securing economy, efficiency and effectiveness in its use of resources.

The report set out the audit conclusions that had been provided and it highlighted the key issues facing the Council in future. The Council had experienced a particularly challenging year during 2012/2013 with the loss of key officers, the need to make significant savings, the introduction of a voluntary Improvement Board and continuing concerns expressed by regulators. The report noted new appointments that had been made and improved arrangements that had been put in place to manage financial and governance risks. Although they were taking effect, future financial challenges would continue to test the arrangements. Whilst improvements had been made, some significant risks still remained, as in many other Councils, and plans were in place to respond to those challenges.

Unqualified opinions were issued on the Council’s and Merseyside Pension Fund’s 2012/2013 accounts on 30 September 2013 and an unqualified Whole of Government Accounts opinion on 4 October 2013. He commented that a number of matters brought to the auditor’s attention by local electors in relation to the Council’s BIG and ISUS schemes were subject to further investigation. He advised that the certificate of completion of the audit had now been issued on the basis that the matters under investigation had now been dealt with or were being considered by other relevant bodies.

He reported also that a qualified ‘adverse’ conclusion had been issued and a ‘report by exception’ in respect of the Council’s arrangements for securing economy, efficiency and effectiveness in its use of resources on 30 September 2013. Although the Council had accepted that the arrangements in 2012/2013 were less than adequate, the report also noted that more robust arrangements had now been put in place and were taking effect.

Resolved – That the report be noted.

The Chief Internal Auditor presented an update on the performance of the Internal Audit Section and included details of issues arising from the actual work undertaken during the period 1 September to 31 October 2013. He provided details of the following items of note for the audit period that were brought to the attention of Members –

·  Central Libraries

·  Change in Payment Destination Fraud Investigation (see minute 41 post)

·  External Assurances Update

·  Policies and Procedures

·  Invigor8 Direct Debit Investigation

In each case, management had responded positively to the reports and had agreed to implement all recommendations within agreed timescales. Each would be subject to follow up audits and any outstanding concerns would be brought to the attention of Members. To address concerns raised by Members at previous meetings, regarding retaining sight of issues flagged for attention, he provided in tabular format, information related to those audits where recommended actions in audit reports had not currently been implemented. With the exception of one item, all of the recommendations were currently Amber rated as being in progress and within the agreed timescales. The one Redrated item concerned compliance with the Payment Card Industry Data Security Standard. He commented that following PSN accreditation, IT Services were now progressing with this to achieve the March 2014 deadline.

When items were addressed by officers, they would be removed from the report, which would then be updated on a rolling basis. Nevertheless, the status report was a substantial document, containing a significant amount of information and the Chair sought the views of the Committee as to whether the report should be streamlined. A clear view was expressed by Members that it was essential for the Committee to continue to receive such information, subject to its continued relevance. In addition, Members requested the provision of an additional column to identify the date of the original audit and any follow up audits subsequently undertaken.

Members commented upon the need for the Committee to be assured that the factors which had led to the occurrence of problems identified by the audits had been addressed by management, so as to ensure that they would not be repeated. Members were also particularly concerned with regard to the Direct Debit investigation and commented that the effectiveness of new arrangements was vital to maintain public confidence.

The Strategic Director – Transformation and Resources confirmed that all recommendations had been accepted by management and he anticipated that follow up audits would highlight improvements in each area of note. He referred also to matters that had been previously raised by Members and provided an update in relation to overseas travel, publishing public sector information and mobile phones.

Resolved – That the report be noted.

The Chief Internal Auditor reported that the Authority had recently been the subject of a highly sophisticated Bank Mandate Fraud, which resulted in payments of £45,683.86 and £95.60 that were due for a Care Home being diverted to an alternative account. He confirmed that, following an initial assessment and having established that a fraud had occurred, a replacement payment had been issued to the supplier.

He reported that mandate fraud was a very common fraud targeting Local Authorities, Hospitals, Universities, Supermarkets and other major organisations and he indicated that in the first half of 2012, over £150m was lost to this type of fraud within the UK alone. Neighbouring authorities in the North West, including Salford, Wigan, Rochdale, Bolton and Warrington had fallen victim to such frauds in recent years.

Following the fraud being reported to Internal Audit, an investigation was undertaken and the loss was immediately reported to the local Police on 23 August 2013. Internal Audit continued to trace the money trail and share their information with the Police as no confirmation had been received that the matter had been accepted for investigation. Members expressed their concern that it was not until 5 November 2013 that confirmation was received that the matter was being actively pursued by the Metropolitan Police. The Chief Internal Auditor reported also that, since his report was written, further information had been obtained by Internal Audit from the Banking sector that identified the names and addresses of individual account holders resident in Southern England. The information had been passed to the Metropolitan Police who had advised that it could lead to arrests being made.

He outlined the specific circumstances of the fraud and indicated that the audit investigation had sought to establish how it had been allowed to occur despite clear and robust procedures that were in place to prevent the occurrence of such incidents. Members noted that the fraud had been allowed to occur as a result of an error by a member of staff that had been compounded by a failure of a supervising officer. The Strategic Director – Transformation and Resources reported that instructions had been reissued to staff and a disciplinary investigation was being undertaken. Furthermore, an Action Plan had subsequently been prepared by Internal Audit for senior management, which identified ten recommendations that stressed the importance of following documented procedures in respect of changes to any account details.

A Member commented that although the fraud had been discovered early and dealt with appropriately, the manner in which it had been reported reflected badly on the Council’s image. In addition to dealing with such matters quickly and openly, he highlighted the need for details to be reported immediately to senior management and Members and for control to be maintained as to the release of such information to the press.

The Chief Internal Auditor advised that actions to address the issues were included in his report and the corresponding action plan currently being implemented by officers.

Resolved – That the report  ...  view the full minutes text for item 41.

Further to minute 27 (18 September 2013), the Director of Resources reported that the Statement of Accounts (SOA) 2012/2013 had been published on 30 September 2013, the statutory deadline for publication, and included the Merseyside Pension Fund (MPF) accounts, as Wirral was the Administering Authority for the MPF. To conclude the process, he confirmed that, following the 18 September meeting, no further amendments were requested to be made by the Council’s external auditors, Grant Thornton. The final published SOA also incorporated the Annual Governance Statement and Action Plan (minute 24 (18 September 2013) refers).

He reported also that the Audit Opinion was issued on 30 September 2013, which stated that the financial statements gave a true and fair view of the financial position of the Council at 31 March 2013 and of its expenditure and income for the year and that they had been properly prepared in accordance with the Code of Practice on Local Authority Accounting in the United Kingdom 2012/2013. Grant Thornton had identified a number of concerns in their Audit Findings Report and he commented that if not addressed by the Council through the Action Plan then there were potential risks that the Council would not be able to meet its statutory requirements in respect of the Statement of Accounts. There were also concerns related to Value for Money and the Financial Resilience of the Council.

In response to a question from a Member in relation to recent news reports, the Director confirmed that the Council was not directly affected by matters associated with the Cooperative Bank, as it presently had neither loans nor investments.

Resolved –

(1)  That the Independent Auditors Report be noted.

(2)  That progress on delivering the actions identified in the Audit Findings Report Action Plan be reported to this Committee.

Further to minute 30 (18 September 2013), the Director of Resources reported that risk and insurance management comprised two significant areas of activity –

·  The provision of advice and support to Members and officers in developing the corporate risk management framework and processes

·  Risk financing, which incorporates insurance procurement, management of the Council’s Insurance Fund and claims management

The key actions to be implemented were included in the report to Committee on 31 January 2013 (minute 47 refers) and he provided a summary of progress since the last meeting in relation to –

·  Management of the Insurance Fund

·  Liability funding requirements

·  Academy schools insurance procurement

·  Procurement of Motor and Engineering Insurance and inspection contracts

·  Risk appetite and future objectives for risk management

·  Review of the Corporate Risk Management Framework and processes

·  Draft new Corporate Risk Management Policy and Strategy

·  Review of Corporate Risk Register

Resolved – That the report be noted

The Assistant Chief Executive/Head of Universal and Infrastructure Services reported, in accordance with the Approved Scheme of Delegation and the Contract Procedure Rules of the use of delegated authority to accept the tender and appoint The Training Company of Sandalwood Road, Bolton to deliver the organisational First Aid at Work, Paediatric First Aid and Food Hygiene Training, following the expiration of the existing contract. He was pleased to report that the cost of the training was expected to be in the region of £25k per annum, a substantial reduction against the estimated spend of £100k per annum.

Resolved – That the use of delegated authority to accept the tender and appoint The Training Company of Sandalwood Road, Bolton, BL5 2RQ to deliver the organisational First Aid at Work, Paediatric First Aid and Food Hygiene Training for Wirral Council, be noted.