Agenda and minutes

1.1       RESOLVED to agree the minutes as a correct record.

2.1       Apologies for absence were received from the Lead Member for Resources Councillor Nick Bennett.

Disclosures by all members present of personal interests in matters on the agenda, the nature of any interest and whether the member regards the interest as prejudicial under the terms of the Code of Conduct.

3.1       There were none.

Notification of items which the Chair considers to be urgent and proposes to take at the appropriate part of the agenda. Any members who wish to raise urgent items are asked, wherever possible, to notify the Chair before the start of the meeting. In so doing, they must state the special circumstances which they consider justify the matter being considered urgent.

4.1       There were none.

5.1       Reports referred to in the minutes below are contained in the minute book.

Report by the Chief Internal Auditor

6.1       The Committee considered a report by the Chief Internal Auditor, which presented the overall annual opinion of reasonable assurance, and set out a summary of the Internal Audit Team’s work during Quarters 3 and 4 of 2019/20.  The Audit Manager set out the work undertaken with management in respect of the two pension-related audits, and the reporting done to the Pension Board and Pension Committee. Follow up reviews will also be undertaken. The Audit Manager outlined that 90% of the Audit Plan was completed on schedule and the remainder will be worked through during quarter 1 of 2020/21. 

6.2       The Committee asked questions about:

• The Pension Administration audit and the techniques used to produce the assessment, and the risks of over- or under-payment of Fund members
• The reporting of the Pension audits to the Pension Board and Pension Committee
• Atrium, and whether it includes the County’s highways
• Social Value in procurement and its promotion to officers
• Managing Back Office Systems and SAP replacement, and whether it is done in partnership within Orbis
• Business Continuity, and whether it had coped with the pandemic
• Deferred items from 2019/20
• Adult Social Care commissioning and where the Council stands in comparison with other authorities.

6.3       Officers and Members responded:

• The Audit Team historically used an approach approved by the Pensions Regulator, but became aware of additional risks.  A new Internal Audit Strategy for the Pension Fund was agreed last year to reflect the new risks.  The Team also had access to the Pensions administration system which allowed greater interrogation of data.  Greater time was spent on the Pension Fund audit work than in previous years, and will continue with an increased number of audit days allocated to the work.  A follow up audit will be conducted and reported to the Audit Committee.  The Chief Internal Auditor confirmed that the Team’s work was focussed on the systems and processes in place, rather than identifying individual cases of over- or under-payment, but there was no indication that members of the Pension Fund did not get the payments they were entitled to. 
• Councillor Fox, as Chair of the Pension Committee, confirmed that the principal issues of concern were to do with the governance and use of data within the Pensions Administration team.  Some concerns can be addressed with additional software.  Officers will strengthen the controls, with substantial work being done by the Chief Operating Officer and Chief Finance Officer to increase resources for the pension administration function of the Fund..  Councillor Fox also highlighted the work of Data Improvement Project  that had been launched, prior to the audits commencing, which addresses some of these issues.
• Atrium is the Council’s property asset management system, and does not include the highways assets.  However, the Highways Contract re-procurement project is included in the 2020/21 Audit Plan.
• The Council won a national award for its approach to social value in procurement, and is a strong performer in the sector.  A key issue is following up with providers that they have  ...  view the full minutes text for item 6.

Report by the Chief Internal Auditor

7.1       The Committee considered a report by the Chief Internal Auditor, which presented the refreshed Anti-Fraud and Corruption Strategy and Framework, in line with best practice.  The Internal Audit Manager, Counter Fraud introduced the report which sets outs the approach to counter fraud work. The report refreshes the Strategy to take into account changes in regulations, anti-fraud and money laundering activity, and an emphasis on changes in organisational culture.

7.2       The Committee discussed:

• The role of Culture and how it affects the organisation
• Staff leavers and overpayments
• Whistleblowing Policy and raising issues with outside bodies
• Internal powers of investigation, links to the Police and monitoring of social media in support of investigations 
• Effect of increased homeworking as a result of the Covid-19 pandemic and impacts of fraud
• E-learning and how to follow up to ensure the lessons are implemented

7.3       Officers responded:

• Efforts to establish zero tolerance to fraud, having robust policies and making sure individuals are aware of the policies and their responsibility to report instances of fraud.
• Payroll is a key part of the annual audit, looking at the controls which should pick up the issues of leavers.   The Council also participates in the biannual national fraud initiative which involves payroll matching with other authorities, which allows the authority to pursue overpayments.
• Outside bodies with which a concern could be raised include the External Auditors and Protect (formerly Public Concern at Work).  Other sector specific bodies include Ofsted, the Care Quality Commission and the Health & Safety Executive.   
• A benefit of the Orbis partnership is a team of investigators who work to PACE (Police and Criminal Evidence Act) standards.  Investigations have been shared with the Police for criminal prosecution if it is considered appropriate.  Monitoring of social media is done with appropriate RIPA (Regulation of Investigatory Powers Act) sign off, but is not commonly used as there are other sources of evidence.  To reduce the risk of staff being groomed to participate in a fraud there is considerable fraud awareness and e-learning made available, together with participation in fraud awareness week in November each year.  Greater integration with banks in assisting staff to avoid fraud in their personal lives was suggested.
• A Fraud risk assessment was used to log changes in operational procedures resulting from the pandemic on the risk register, and risks were shared with the Finance team.  The log also records changes to business controls as a result of increased homeworking.  The Service works on changes to processes and workarounds by way of advice and challenge to Teams, which have been logged to assist with a return to ‘Business As Usual’ working. Such changes may provide more efficient solutions, but should be reviewed to ensure they are capable of being sustained as a lasting solution.   Any changes will undergo a process of assurance.  The Audit Plan for 2020/21 is being reviewed to ensure it covers the changes to working practices and the potential increased risk of fraud as a result of the pandemic.
• E-learning and maturity of  ...  view the full minutes text for item 7.

Report by the Chief Operating Officer

8.1       The Committee considered a report by the Chief Operating Officer, which presented an update on the current strategic risks faced by the Council and the controls and responses.

8.2       The Committee discussed:

• Cyberattack remains a risk with increased homeworking with staff using their own equipment and systems, and issues of data protection
• Brexit and the implementation of the Political Declaration: should the risk be rewritten and be included, given the risks associated with ports and ferry traffic, the potential disruption to supply chains that may affect Council services
• Covid-19 and the potential for a second wave and response by a local lockdown plans and what that would involve

8.3       Officers responded:

• Data breaches are dealt with by the Data Protection Officer, who reports to the Chief Operating Officer, who coordinates any necessary reporting to the Information Commissioner’s Office.  There has been no increase in reporting during the pandemic.  In terms of staff using their own equipment, access to the Council’s systems is controlled by the security associated with the Council’s Citrix environment.  There are two cybersecurity accredited members of staff (out of circa 1000 people nationally so accredited) who maintain contact with national guidance.  There has been a review of information from the civil service as to the key issues to bear in mind. 
• Brexit is being kept under review and will be incorporated once there is sufficient information for the risk and mitigations to be quantified.
• Public Health have been working on local lockdown plans based on latest government guidance, and information will be provided to Members. Details of the of the Coronavirus Local Outbreak Plan can be found on the Council’s website: (https://www.eastsussex.gov.uk/community/emergencyplanningandcommunitysafety/coronavirus/outbreak-control-plan/).

8.4       The Committee RESOLVED to note the current strategic risks and the risk controls/responses being proposed and implemented by Chief Officers, including the inclusion of a new Covid-19 risk.  The Committee requested consideration be given to reinstating a redefined Brexit risk on the future relationship with the European Union as there has been no agreement on the implementation of the withdrawal agreement.

9.1       The Committee considered the Work Programme.

9.2       The Chief Finance Officer reported that the External Auditors were unable to meet the Council’s initial deadline for considering the 2019/20 accounts.  He requested that the November meeting be moved to accommodate a revised schedule of meetings.

9.3       Councillor Philip Daniel requested an update on Orbis, in the light of Surrey County Council’s announcements on becoming a unitary authority, and the Internal Audit of pension administration.  The Chief Operating Officer confirmed that the Orbis Leadership Team would be examining the issues and opportunities that such a change in Surrey would promote, and provide a report to a future meeting together with a restatement of the services and benefits provided by the Orbis Partnership. The Committee asked if it would be possible to have a report on Orbis at the November Audit Committee meeting.

9.4       The Chief Operating Officer outlined the need to add a report to the Committee’s work programme on the Modernising Back Office Systems programme and in particular regarding the assurance needed on matters such as the production of the statutory accounts. The Chief Operating Officer will liaise with the Democratic Services team on the timescale for this report.

9.5       The Committee RESOLVED to move the November meeting to Friday 6 November 2020, and note the Work Programme together with the amendments made to it in paragraphs 9.3 and 9.4 above.