Agenda and minutes
Venue: Committee Room 1 - Wallasey Town Hall
Contact: Patrick Sebastian 0151 691 8424
Members' Code of Conduct - Declarations of Interest
Members are asked to consider whether they have any disclosable pecuniary interests and/or any other relevant interest in connection with any item(s) on this agenda and, if so, to declare them and state the nature of the interest.
Members were asked to consider whether they had any disclosable pecuniary interests and/or any other relevant interest in connection with any item(s) on this agenda and, if so, to declare them and state what they were.
No such declarations were made.
To approve the accuracy of the minutes of the meeting held on 22 November 2016.
Resolved – That the minutes of the meeting held on 22 November 2016, be approved.
The Chief Internal Auditor introduced his report that identified and evaluated the performance of the Internal Audit Section and included items of note arising from the actual work undertaken during the period 1 November to 31 December 2016. The report focused upon:
· Any items of note arising from audit work conducted;
· Any issues arising that require actions to be taken by Members i.e. Outstanding Audit Recommendations;
· Performance information relating to the Internal Audit Service and Internal Audit Developments.
Members’ attention was drawn specifically to a number of items of note that had been identified, which included:
The Chief Internal Auditor informed that following his report to the Audit and Risk Management Committee on 22 November 2016, further work had been completed by Internal Audit and that all of the outstanding actions had been implemented. Additional work was scheduled for 2017/18 to verify and assess the effectiveness of the new arrangements.
Business Rates – Valuations
The Chief Internal Auditor reported that an audit had been undertaken to determine whether the controls within the Non-Domestic Rates valuations system provided reasonable assurance that operating data was accurate and reliable. He informed that the work had resulted in a number of recommendations to management to improve the control environment. Members noted that all recommendations had been agreed, and were currently being implemented. It was further noted that follow up work was scheduled for later in the year, the outcome of which would be reported to Members in due course.
The Audit and Risk Management Committee was apprised that information on the current status of outstanding audit recommendations appended at Appendix 1 to the report, namely Information Governance and Security, ICT Business Continuity and Data Loss Prevention would form the basis of a verbal report of the Head of Digital (SIRO) later in the meeting (see minute 43, post).
The Chief Internal Auditor advised that all of the recommendations were currently Amber rated as being in indicating that progress is being made to address identified issues and actions are expected to be completed within the reported timescales.
Resolved – That the report be noted.
The Assistant Director: Finance (S151) introduced his report that provided the Audit and Risk Management Committee with a progress update on actions taken by officers to address items of concern identified in the Annual Governance Statement for 2015/16.
The Assistant Director: Finance (S151) informed that following consideration of the Annual Government Statement (AGS) by the Committee at its meeting in September 2016, Members had requested that a standard agenda item be included for future meetings to enable regular updates on any matters of concern arising from the AGS.
The report Appendix 1 provided a detailed summary of key issues, outcomes required, target dates, actions and monitoring procedures and informed of the latest positions and progress in relation to the following matters:
The Audit and Risk Management Committee was apprised that information on the current status of outstanding audit recommendations appended at Appendix 1 to the report, and that ICT Business Continuity and Data Loss Prevention would form the basis of a verbal report of the Head of Digital (SIRO) later in the meeting (see minute 43, post).
Members questioned the Assistant Director: Finance (S151) on a number of points relating to the Council’s administration of the staff appraisals process. It was noted that there had been improvements in the number of appraisals undertaken and that although mandatory training on the procedures had only recently been established, management was confident that the targets would be achieved by the end of March 2017.
Resolved – That the report be noted.
Further to Minute 29(2) 22 November 2016, the Head of Digital (SIRO) will provide a verbal update on Outstanding Audit Recommendations in respect of IT.
Further to minutes 41 and 42, the Head of Digital (SIRO) provided a verbal report on the status of the IT programme of works designed to mitigate and remove risks associated with an underinvestment in IT infrastructure over the years. The report detailed progress thus far, and outlined the remaining steps to be completed regarding Information Governance and Security, ICT Business Continuity and Data Loss Prevention.
The Head of Digital (SIRO) informed that the programme of work had delivered, or was in the process of delivering, its planned objectives and provided a summary of the individual elements of the programme, namely:
IT Contingency and Disaster Recovery
The Committee was apprised that contracts had been signed and that works and associated procurement had been actioned with a specialised cable company to link fibre networks through the Mersey Tunnel. Design work for the network equipment was underway for connectivity between the Treasury Building and Mersey Travel Datacentre. Procurement to buy ‘off the shelf’ equipment had been actioned and additional procurement was underway to engage a specialist company with the technical expertise to move and re-commission equipment as part of the two Datacentre sites. The Head of Digital (SIRO) stated that the existing corporate risk would be mitigated when the project was complete, with equipment up and running by September 2017. Additional plans had also been considered to investigate the utilisation of ‘cloud’ technology i.e. paying a company for use of their servers.
Head of Digital (SIRO) informed that policies had now been put in place, reviewed and updated. This ensured that as part of the ICO Audit, the all required assurances would be in place prior to May 2017. The Committee was also informed that as part of existing data loss prevention protocols the Council utilised McAfee end point security software that controlled access to Wirral’s computer networks. Members noted that the standard protocols also meant that there were no permissions for use of USB ports or USB plug in devices and Wirral computer equipment did not have DVD / CD drives fitted – any use of enabled ports would require encrypted devices as a minimum standard. The Head of Digital reported that the above arrangements were covered within the Information Security Policy which was to be reviewed and updated prior to May 2017.
The Head of Digital (SIRO) also reported that all internal audit recommendations had been agreed, in line with overlapping recommendations from the ICO audit, and that any outstanding actions would be completed by May 2017.
General matters, including Information Governance
The Head of Digital (SIRO) reported that governance plans were in place and delivery was on track. He stated that Officer Sub-Groups met regularly and following restructuring better arrangements for scrutiny and information governance existed. He further stated that this fed into improved Corporate Governance arrangements, with regular briefings taking place with Councillor Ann McLachlan, Cabinet Member Transformation, Leisure and Culture. Planning was ... view the full minutes text for item 43.
The Risk and Insurance Officer presented the report of the Chief Executive that confirmed the outcome of the most recent quarterly review of the Corporate Risk register. Progress towards the development of risk registers for Pledge Strategies, new Delivery Units and the revised Transformation Programme were also summarised. A summary of the status of key mitigating actions for the existing Corporate Risks at the end of quarter two 2016/17 was appended to the report.
The report informed that, following adoption of the Wirral Plan in 2015, the Strategic Leadership Team (SLT) had revised the Council’s Corporate Risk Register. This was reported to this Committee on 14 June 2016. A review was undertaken at the end of each quarter by SLT. This addressed progress in relation to the management of the existing corporate risks as well as emerging risk areas for possible addition to the register.
Members questioned the Officer on the methodology used in the scoring of unmanaged and current risk. Discussion then took place regarding the increased incidence of ‘Cyber Attacks’ on Information and Communication Systems. The Head of Digital (SIRO) provided Members with additional information about the regularity of such attacks and the preventative measures currently in place.
Members noted that ongoing management processes undertaken to mitigate risk across different areas of the Council. A request was made that an additional item of report be included in future reports, namely ‘Brexit’ and associated risks, financial or otherwise, to the Council.
Resolved – That
1) the progress in managing the corporate risks be noted; and
2) further reports on the Corporate Risk Register be brought to future meetings of the Committee.
The Risk and Insurance Officer introduced the report of the Assistant Director: Finance that set out the progress made since his previous report in November 2016 in relation to key actions to be taken in relation to corporate risk and insurance management for 2016/17.
The Risk and Insurance Officer reported that Risk and Insurance services remained a key element of traded services for schools and that his officers participated in a launch event on 12 January for services in the 2017/18 financial year. Estimates of insurance costs for controlled schools in the coming financial year had been produced as part of the corporate insurance budget activity. He further informed that forecasts of the cost of external premiums and contributions to the Insurance Fund in the forthcoming financial year and the allocation of these sums between schools and individual Council functions had been produced.
The Committee was informed that the outcome of this being that the Council’s traded services were deemed competitive, and although formal evaluation had yet to be completed first signs were that there would be future cost savings and better provision of insurance cover.
Resolved – That the report be noted.
The Risk and Insurance Officer introduced the report of the Assistant Director: Finance that set out the elements which made up the Insurance Fund, the cost of running the Risk & Insurance Section and the Budget for 2017/18 arising from the forecast of insurance costs.
The report informed that the Budget for 2017/18 was £135,000 less than the agreed Budget for 2016/17.
The report covered key points in relation to the following:
· The Council’s approach to Risk Management and Financing;
· Self-Funded Risks;
· Insurance Contracts and Premiums;
· Casualty (Liability) – improvements;
· Material Damage and Business Interruption;
· Comprehensive Motor – contract extension;
· Other Risks; and
The Risk and Insurance Officer informed that the 2017/18 Budget of £2,850,000 represented a reduction of £135,000 (4.5%) compared with the Budget for 2016/17. The forecast of greater income from Academies reflected the fact that more Academies had chosen to retain the services of the Risk and Insurance team than had been anticipated when the 2016/17 budget was prepared.
Members thanked the Officer for his positive report, endorsed the content and the Insurance Fund Budget 2017/18.
Resolved - That the Insurance Fund Budget 2017/18 be agreed.
Mr Robin Baker of Grant Thornton UK LLP, the Council’s external auditors, presented a report to Members on work undertaken with regard to progress in the delivery of their responsibilities as External Auditor covering the Year ending 31 March 2017. The report informed that:
The External Auditor had issued the planned fee letter (2016/17) in April 2016.
Accounts Audit Plan
The External Auditor is required to issue a detailed accounts audit plan to the Council setting out our proposed approach in order to give an opinion on the Council's 2016/17 financial statements. In addition the Council would also be informed of any subsequent changes to the audit approach.
Members noted that the External Auditor’s Audit Plan for 2016/17 will be presented to the Audit and Risk Management Committee meeting in March 2017.
Interim accounts audit scheduled
The External Auditor’s interim audit had started in January 2017 and completion of this part of their work programme was expected by March 2017. Any findings from their work will be reported as part of the Audit Plan.
Members were apprised that interim fieldwork visits included:
Final accounts audit
The report informed the final accounts audit included information regarding the status of the audit of the 2016/17 financial statements and proposed opinion on the Council's accounts. The External Auditor reported that fieldwork on this was scheduled to be completed by August 2017.
Value for Money (VfM) conclusion
Members noted that the scope of the External Auditor’s work had changed and was set out in the final guidance issued by the National Audit Office in November 2015. The Code required auditors to satisfy themselves that the Council has made proper arrangements for securing economy, efficiency and effectiveness in its use of resources. The External Auditor informed that the timescale for compilation and reporting of the VfM conclusion was February -August 2017.
Resolved - That the report be noted.