|The Evacuation Procedure was noted.|
|Councillor Barry Woodhouse and Eileen Johnson declared personal non prejudicial interests in relation to the item, 'External Audit - Certification of Claims and Returns', as they were both members of the Teachers Pension Fund.|
|Consideration was given to the minutes of the meeting which was held on the 30th November 2015 for approval and signature.|
|Consideration was given to the External Audit Progress Report, the purpose of which was to update the Audit Committee on Mazars progress in meeting their responsibilities as Stockton Borough Councils external auditor. Mazars also included in the paper key emerging national issues and developments which may have been of interest to the Audit Committee with actions that may want to be considered.|
The main topics discussed were as follows:
- Mazars were currently on track and where they should be at the current time.
- In relation to Certification of Claims and Returns, Mazars reported to Members that the Council had asked them to undertake assurance work in respect of the controls in place for funding from the Skills Funding Agency (providing external assurance on subcontracting systems and controls). The work was originally scheduled for January 2016, however, the Council were then advised by the central body that they had not yet met the threshold requiring external assurance and as such the work had been put on hold for a short time and would be undertaken when the threshold had been met and assurance given.
- Members attention was drawn to the position statement which detailed a schedule of reports and expected completion dates.
- The Chairman highlighted that the Government had taken a decision to extend local authority contracts by one year to cover the 2017/18 audit, the first year in which the accounts and audit deadline was to be brought forward. In relation to the extension of Mazars contract, Stockton's Chief Accountant explained to the Committee that from December 2017 the authority would be in a position where it would have to appoint its own external auditors and this would be done by an independent panel. There would be process which would need to be gone through with varying options. One option was that the act would allow a sector led independent body to do the work on Stockton's behalf. The PSAA were currently looking to be that sector led body however if that did not take place there would have to be other arrangements in place such as Stockton having its own panel, or possibly a consortium with other authorities, or approaching another authority who had already set up their own independent panel to do the work for Stockton. Whichever option the authority took, there was to be significant change over the next couple of years which would require a great deal of preparation. Members discussed the implications the changes may bring. The Chief Accountant informed the Committee that members of the independent panel would not be salaried but would be paid legitimate expenses. The big question thereafter would be what impact this would have on negotiating fees. If every authority was to operate individually then it was likely that economies of scale would be lost. It would be doubtful that some of the firms would not want to deal individually with the smaller authorities as year on year fees had reduced for external auditors.
Members were given the opportunity to ask questions/make comments, these could be summarised as follows:
- How many firms of auditors capable of doing the work were available to local authorities?
The Chief Accountant informed Members that there was were only five firms currently contracted by PSAA that were capable of doing the work required, Mazars were one of them. Deloitte and PWC were previously contracted however were no longer doing the type of work required.
- Members felt that the authority may have to go through a lengthy process which could also prove costly to the authority only to end up with the same external auditors the authority were using currently.
The Procurement and Governance Manager stated that the services provided by External Auditors would be classed as services which would require to be advertised and go through the procurement process regardless of the fact that there may be a lack of competition.
|Consideration was given to a report on Mazars Certification of Claims and Returns.|
The main topics discussed were as follows:
- Mazars highlighted that there were no significant issues relating to Audit Commission/PSAA grant claims or returns which needed to be brought to the attention of the Committee, however there had been amendments to the Housing Benefit Subsidy which had been reported to the Department of Work and Pensions. Details of this were contained within the main report.
- Mazars also reported that there were no significant issues in relation to Non Audit Commission/PSAA grant claims and returns.
- Members attention was drawn to the fees for Audit Commission/PSAA grant claims or returns where the final fee payable for 2014/15 was in line with the indicative fee. The Non Audit Commission/PSAA grant claims and returns fees were agreed with Council Officers prior to Mazars commencing their work.
|Members were asked to consider a report which detailed Mazars 2015/16 Audit Strategy Memorandum and 2015/16 Value for Money(VFM) risk assessment which set out Mazars proposed 2015/16 audit approach, the audit risks they had identified for their audit, and the work Mazars had planned to mitigate those risks.|
The key points from Mazars Audit Strategy Memorandum for the Audit Committee were:
Mazars responsibilities as the Councils external auditor;
areas where Mazars planned to rely on other auditors and experts;
the opinion audit risks identified and audit work planned to mitigate those risks;
the approach to Mazars work on the Councils value for money arrangements, and audit risks identified; and
audit fees and independence considerations.
Mazars Value for money risk assessment set out their consideration, as at February 2016, the work they would need to undertake in order to form the VFM conclusion, by 30 September 2016.
The report detailed the purpose and background, the scope, approach and timeline of what Mazars would cover during the financial year 2015/16 which showed no real change from the previous year.
Members attention was drawn to Mazars reliance on other auditors and the work of Management experts.
Significant risks and key judgement areas were highlighted. These were the risks that Mazars identified as significant for the purpose of their audit and were the risks of material misstatement that in their judgement required special audit consideration. The significant risks identified were:
- Management override of controls
- Pension Estimates
- Valuation of Property, Plant and equipment, although this was not considered a significant risk due to the arrangements Stockton Borough Council had in place, however, it was a key management judgement.
In relation to the Value for Money Conclusion, Mazars responsibility was to ensure that the authority had put the necessary arrangements in place to deliver value for money. Mazars had identified a significant risk relevant to their value for money conclusion which was centred around the increased financial pressure the council faced following the central government budget spending reviews in November 2015. Mazars Value For Money audit risk as external auditor was if the Council did not update its Medium Term Financial Plan (MTFP) for the latest settlement and that their work did not take that into account. Mazars would address the risk by;
- reviewing the Councils MTFP to ensure it had been updated to reflect the funding update from central government issued in November 2015; and
- review the progress the Council had made to achieving savings to date against its plan; in order to gain audit assurance about the robustness of the savings planning processes.
The Committee were updated on recent changes to the external audit team.
Where fees were concerned it was highlighted that there had been a significant drop in fees from 2014/15 to 2015/16. Although fess were set by the PSAA it was not expected that such significant drops would be seen going forward.
Mazars explained the requirement to be independent and the policies and procedures in place which were designed to ensure that work was carried out with integrity, objectivity and independence. Mazars highlighted to the Committee the perceived principal threats to their independence and the safeguards and procedures which had been put in place. Mazars confirmed that there were no significant threats.
Mazars introduced the Value for Money risk assessment - 2015/16 planning stage. The report detailed three areas which Mazars considered to be risks to the Value for Money Conclusion as part of their risk assessment. Mazars had rated some of the areas as medium risk however this was for the benefit of Mazars as auditors as some of the areas included were for consideration at the year end and therefore could not be considered low risk at this early stage. In relation to the item which had been identified within the report as significant risk, Mazars explained to the Committee that this was an area which Mazars needed to work on in more detail and it was not the Councils arrangements which were at risk.
|Consideration was given to a report on the work carried out by the Internal Audit Section and the progress made against the Audit Plan 2015/2016.|
Internal Audit was an independent appraisal function established by the Council to objectively examine, evaluate and report on the adequacy of internal controls. The role ensured that there was proper economic, efficient and effective use of resources. It also ensured that the Council had adequate accounting records and control systems.
The main points highlighted were as follows:
Members attention was drawn towards progress made against the audit plan. The Audit Team were confident that all scheduled audits would be completed by the end of March. There were still a number of corporate audits outstanding however these audits could not be completed until towards the end of the year.
Members were assured that the majority of the output of audits was around full or substantial assurance which meant controls were operating well. There was only one audit which had been categorised as limited assurance which was an audit taken on the Sunrise Childrens Centre where it was found that the financial controls were not as robust as they should have been in the café around income and expenditure. Audit recommendations had been put in place and acted upon. The vast majority of recommendations were medium or low priority which provided assurances to Members with only 9 categorised as high. The 9 high priority recommendations also related to Sunrise Childrens Centre, however this had been rectified and there was confidence that there had been vast improvement at the Centre.
Members were given the opportunity to ask questions/make comments, these could be summarised as follows:
Questions were raised relating to the table contained within the report entitled '2015/16 planned Audits Amalgamated/Cancelled/Deferred' and why there was a lack of comments against each planned audit. The Procurement and Governance Manager explained the following:
- The Planned Audit for Planning School Places and Schools Asset Management had been deferred to 2016/17 due to the fact that they were undertaking a different process which would need time to bed in.
- CareCall Audit was deferred to 2016/17 as a number of changes had also been implemented which required bedding in.
In relation to unplanned audits Members queried why self-assessments had not been returned from a number of primary schools. Officers explained that one of the schools had recently had a change in Head Teacher and the self-assessment had been overlooked.
|Consideration was given to a report on the Internal Audit Charter and proposed annual Audit Plan for the financial year 2016/17.|
The requirement for the Council to have an internal audit function was outlined in Section 151 of the Local Government Act 1972. More specific requirements were detailed in the Accounts and Audit(England & Wales) Regulations 2015 which required the Council to:
undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account public sector internal auditing standards or guidance.
The Council had delegated this responsibility to the Director of Finance and Business Services.
The Public Sector Internal Audit Standards were published on 18th December 2012. These standards, which were based on the requirements of the Institute of Internal Auditors (IIA), were intended to promote further improvement in the professionalism, quality, consistency and effectiveness of internal audit across the public sector. They were mandatory and applied to all internal audit service providers, whether in-house, shared or outsourced.
There were three distinct areas covered by the standards:-
A definition of Internal Auditing;
A Code of Ethics designed to promote an ethical, professional culture; and
The International Standards for the Professional Practice of Internal Auditing.
CIPFA had provided guidance on the application of Public Sector Internal Audit Standard in the form of an Application Note. The Internal Audit Charter (attached) had been prepared in accordance with the Public Sector Internal Audit Standards and this guidance.
Under the standards, the Procurement and Governance Manager was required to prepare an Internal Audit Charter. This was a high level statement of how the Internal Audit Service would be delivered to meet the requirements of the legislation and the standards.
The revised charter attached set out the approach for the period 2016-2020 and gave details of:
Purpose of the Internal Audit Service
Scope of Internal Audit work
Access to Information
Resourcing of the Service
Monitoring the Quality of the Service
The Internal Audit Charter was attached to the report.
The standards stated that a risk based plan designed to implement the audit charter and allow an annual internal audit opinion to be prepared should be produced. During the year the Audit Team had reviewed and updated their risk assessment process and the audit portfolio to ensure the work was focussed on the areas of highest risk to the authority. The revised risk assessment process also ensured the Audit Team were able to direct their resources to areas of highest risk within each audit.
The risk assessment used a number of factors to determine the likelihood of issues occurring including an understanding of the full scope of systems in operation, major change, concerns/external interest and results of previous audit work. It then assessed the impact any issues may have had on the councils strategic objectives, reputation, financial plans, assets and also the potential impact on individuals and/or the environment.
The structure of the plan had also been updated to reflect the new management structure in the organisation.
To aid members understanding of some of the changes the full strategic plan for the period 2016-2020 was included within the report. The plan identified the intended scope of each of the audit reviews for the full period.
As part of the process, the plan was subject to consultation with the Councils external auditors. High priority was given to key financial systems, any significant corporate projects and specific areas requested by Management. A lower priority was given to systems which, although very important to stakeholders, had less impact corporately. All areas of activity were reviewed at least once in a four year period.
Continuous assessment of organisational risks was required given that some risks could escalate or diminish over time, whilst other risks could disappear altogether or be superseded by new risks over fairly short timescales. The plan was therefore indicative as it was inevitable that changes would be made during the year as the risk profile of the Council changed. This would be achieved through ongoing review and amendment in consultation with the Procurement and Governance Manager. The Audit Committee would be informed of any significant changes to the plan.
The current level of resources within the service could be identified as gross audit days based on 6.6 FTEs with 1 officer part-time, which was a reduction of 1 FTE from the previous year. This was equivalent to 1729 audit days. Allowances had been made for annual leave, bank holidays, sickness, training and administrative duties. No allowance had been made for staff turnover. The officer who was part-time was currently on maternity leave with appropriate adjustments made based on their expected return date. The productive audit days to deliver the 2016-2017 Audit Plan was shown in within the report.
The proposed Internal Audit Plan for 2016-17 and indicative plans for 2017-18, 2018-2019 & 2019-20 were attached within the report.
It had been assumed at this time that the same level of annual resources shown within the report would be available for the entire period 2016-2020. Based on this assumption there was a shortfall in resources available to achieve the strategic plan as shown in the attached report.
As a result the service would be looking to review how it provided the necessary level of assurance in future years.
Particular attention was paid to the following areas:
- The Audit Plan was a risk based Audit Plan, undertaking regular risk assessments of the portfolio services across the authority and highlighted those at highest risk scheduling them on a more frequent basis. The risk assessment took into account a number of factors such as level of finance, previous issues etc. The Audit plan was very much aligned to the new directorates which enabled easier reporting to directors.
- The Audit Plan was planned for the next 4 years however it was continually assessed, amended and updated as the year went on as illustrated in the previous years plan where there were a number of cancelled, amalgamated and new audits as a result of circumstances.
- The risk profile of a number of areas had been updated such as ICT systems which had been audited on a 3 yearly cycle however due to the reduced number of findings owing to the fact that systems were becoming more robust with password protection and audit trails it now allowed for 4 yearly audit cycles.
- The scope and subsequent time had been reduced slightly in some of the school audits. Very low risk areas had been reduced such as the audit of inventories and testing around petty cash. This allowed for a reduction in number of days spent on some of the school audits.
- Some schools were to convert to academies and would be responsible for managing their own affairs therefore would be removed from future Audit Plans.
- In terms of resources it was highlighted that going forward there was a projected shortfall. To help mitigate against this there was an intention to look at the scope of some audits and investigate the use of technology to test areas such as creditors and debtors enabling the number of hours required to match the number of resources.
- In terms of the development of the Audit Service a review to maximise the effectiveness of audits using technology was to be investigated. Other sources would also be looked at to provide assurances such as peer reviews, Ofsted inspections etc. Continuing to update monitoring and reporting within the team and promote the service to managers more widely so they were aware how the team could help on an ad hoc basis as well as through planned audits.
Members were given the opportunity to make comments/ask questions these could be summarised as follows:
- Members asked how the auditing of Xentrall worked as it was a shared service with Darlington. Officers explained that it was Stockton's audit team that carried out the audits of Xentrall which was then reported to Darlington's Audit Committee.
- In terms of resources available within the Audit Team how did Stockton compare with other authorities? No formal benchmarking had been carried out in terms of resources relating to staff numbers, however anecdotally some smaller authorities had smaller teams and some had larger. Officers suggested that some form of benchmarking could be carried out specifically around the Tees Valley to get a feel for how Stockton faired in relation to staff numbers.
- Members made reference to the fact that the table within the report highlighting the total number of Audit days required versus resources available within the Audit Team, indicated that the team was under resourced for future years. Members asked how additional work could be planned if it was known that the resource was not available. Officers explained that the plan was indicative and that things would move around, for example next years planned audits included a number of secondary schools however it was known that a couple of these were to drop out due to becoming academies. The Audit Pan for future years was subject to change which would require the plan to be re-profiled, this could impact the number of audit days required to fulfil the plan.
- Questions were raised as to why so many days had been allocated to Xentrall Shared Services planned audits. Members considered that, that area was mainly system based and therefore queried the amount of time allocated to it? It was explained that although some ICT audits had been reduced to every 4 years there were some very big high risk systems which came under Xentrall Services such as finance, HR and payroll. In the future some audits could drop out and change as smarter ways of working were adopted and constant updating of risk around systems. In addition, as the Councils services changed the Audit Plan would change to reflect that.
- Members asked how school academies were audited. The Committee were informed that it was the responsibility of the academy to audit themselves. The authority offered a service to academies however there was very little take up.
|Consideration was given to a report on the Corporate Risk Register Quarter 3 (2015/16) - Period Ending 31 December 2015.|
The Committee was reminded that quarterly reports on the Corporate Risk Register were presented for the purpose of reviewing the key risks that had been identified as having the potential to deflect services from achieving their objectives over the next 12 months and beyond. They also set out the actions being taken to ensure that the risks, and possible adverse outcomes, were minimised.
As a reminder, risks were scored on a scale of one to five for both impact and likelihood. The scores were multiplied to generate a total score and any risks with a score of 15 or above were included on the Corporate Risk Register. For information, any risks scored between 9 and 12 were included on Service Group Risk Registers.
The Committee had requested that, in the absence of substantial changes to the register, quarterly reporting should be confined to highlighting significant additions and amendments since the previous update.
This report covered the period 1 October to 31 December 2015. All Service Groups had been contacted and the returns indicated that there had been no additions or deletions to the Corporate Risk Register. In addition there had been some minor updating to some of the risks previously included on the Councils Corporate Risk Register over the months in question. The changes comprised a general update to a number of risks to reflect ongoing progress.
As a result, the total number of significant risks in the Corporate Risk Register at the end of Quarter 3 was 12.
For purposes of record, the changes referred to above had been incorporated in the latest version of the full Corporate Risk Register. This was available in the attached report.
Members were given the opportunity to make comments/ask questions these could be summarised as follows:
- Questions were raised in relation to the timing of when risks would be escalated. Where reduced budgets were concerned it was presumed that risks would go up, but when would those perceived risks be realised, and was it likely that more risks would appear on the current Audit Plan? In terms of the financial situation, Officers explained that the Council had set a balance budget, the risk associated with that was not delivering the savings to meet the balanced budget and continuing to deliver the objectives of the Council, the Audit Team would try to encompass that risk within the risk of the MTFP. If by the end of the 1st quarter of the next financial year the projected savings were not looking like they would be made the risks would start to escalate and the delivery of the Councils objectives would start to come down. Therefore any risk escalation should be seen after the first quarter and any quarter thereafter.
- Concerns were raised in relation to the risk associated with Workforce Resilience. Staff were reducing however the high level of service and work was still expected to be delivered. Would breaking point eventually be reached where staff levels were so decreased and staff were demoralised that the risk was greater than high? Members were informed that there was a lot of activity going on to manage the risk against resilience such as the 'Shaping a Brighter Future Programme', smarter working and making the most of everyone.
|Consideration was given to a report that detailed the regular non-responsive services provided by the Councils Health and Safety Unit to monitor, improve and to ensure compliance of the health, safety and well-being control environment for the period 1st October to 31st December 2015.|
The detail encapsulated the regular, non-responsive activity of the Health and Safety Unit, and accident and assault statistics:
1. Health and Safety Training
2. Health and Wellbeing Update
3. Premises Audited
4. Construction (Design and Management) Regulations 2015
5. Schools Educational Residential Visits
6. Employee Protection Register Activity
7. Safety Warnings, Advice or Reminders Issued
8. Accidents Reported
9. Physical Assaults Reported
10. Verbal Assaults Reported
Members were informed that the report had been amended in relation to the format splitting it into 2 halves. Half around the non-responsive activity of the Health and Safety Unit and half around the statistics of accidents and assaults. In terms of activity the team continued to run a number of training programmes.
There was an additional 3 areas added to the online health and safety training to enable staff to access them from their desks which were, working in confined spaces, COSH awareness and working at a height.
There was continued provision of physiotherapy workforce assessment referrals for people suffering with back and muscular skeletal problems.
The team had undertaken 32 premise audits of which 20 were primary schools, 1 secondary school and 11 council premises during qtr. 3.
Assurance was given to Members that work place premises were healthy and safe for staff. Only one premise was categorised as partial assurance which was the sports drome at Northfield School. The Audit Committee was informed that all findings had been addressed and processes put in place for future use.
Brief discussion took place in relation to Construction (Design & Management) Regulations 2015.
Members heard that the team were still continuing to offer advice to schools travelling overseas, continuing to operate the employee protection register. The team had also issued a number of warnings, advisory notes and reminders to schools reminding them to have a winter gritting regime in place. Guidance for managers driving own vehicles. A number of new sentencing council guidelines had been issued to all services.
Updates were given on accidents, physical and verbal assaults. The team continued to remind services to report accidents verbal and physical assaults.
|The Chartered Institute of Public Finance & Administration (CIPFA) stated that an effective Audit Committee would produce annual reports on its work and findings.|
The report was to inform members of the work of the Audit Committee during the past year and the sources of information upon which the enclosed Audit Committees opinion statement was based.
|Consideration was given to the Draft Work Programme 2016/17.|