Agenda and minutes

Audit Committee
Friday, 13th July, 2018 10.00 am

Venue: Committee Room, County Hall, Lewes. View directions

Contact: Simon Bailey  Democratic Services Officer

No. Item


Apologies for absence


1.1       There were no apologies for absence.


Disclosures of interests

Disclosures by all members present of personal interests in matters on the agenda, the nature of any interest and whether the member regards the interest as prejudicial under the terms of the Code of Conduct.



2.1       There were none.


Urgent items

Notification of items which the Chair considers to be urgent and proposes to take at the appropriate part of the agenda. Any members who wish to raise urgent items are asked, wherever possible, to notify the Chair before the start of the meeting. In so doing, they must state the special circumstances which they consider justify the matter being considered urgent.



3.1       There were none notified.


Annual Review of the Corporate Governance Framework 2017/18 pdf icon PDF 124 KB


Report by the Assistant Chief Executive.

Additional documents:


4.1       The Chief Executive introduced the report. The review of the Corporate Governance Framework report is presented to the Committee each year to ensure the Council has effective governance arrangements in place and forms part of the Annual Governance Statement (AGS). The report will be presented to the Governance Committee for approval on 17 July 2018.


4.2       The Committee noted that in Appendix 3 of the report there is an action to develop the Council’s approach to transparency and to respond to the Government’s open data agenda. The Committee asked if there was a conflict between this requirement for openness and the introduction of the General Data Protection Regulation (GDPR). The Chief Operating Officer explained that GDPR is more concerned with personal data and the open data agenda is chiefly about business or organisation information and data, so there is little conflict.


4.3       The Committee commented that there did not appear to be a corresponding action on transparency and the open data agenda in the action plan in Annex A. The Chief Executive explained that as this is an overarching requirement it is being picked up across the organisation.


4.4       Councillor Philip Daniel stated that the Local Government Transparency Code was less demanding than the standards for Central Government level (e.g. the Scottish Government has already published a report on open data), and expressed a view that East Sussex County Council (ESCC) should seek to apply the higher standards, in particular, on risk and obligation transparency with respect to contracting. The publication of the risks the Council is exposed to through major contracts may be of particular relevance in the wake of the Carillion collapse.


4.5       The Chief Executive responded that ESCC complies with the Local Government Transparency Code and that an assessment would need to be done of the relative importance and value to be added by diverting resource away from other activities into this area. The Chief Operating Officer added that the Procurement Team can do an initial assessment and report back through the Audit Committee as necessary. The Chief Executive confirmed that she would draw the Audit Committee’s comments to the attention of the Governance Committee.


4.6       The Committee discussed the training provided for Members as referred to in the bullet point in section 4 of the Annual Governance statement (Appendix 3 of the report). The Chair stated that from his point of view, a comprehensive training programme had not been provided for newly elected Members. The Chief Executive outlined that Governance Services had put in place a comprehensive training programme both following the election and on an ongoing basis since. It was noted there was an issue with the take up of the training on offer, rather than the provision. The Committee commented that it would be helpful to have more online training resources as they can be accessed flexibly by Members. The Chief Operating Officer responded that there is already some online training provision, which is accessible to staff and Members. The Chief Executive said  ...  view the full minutes text for item 4.


Review of the KPMG External Auditor's Report to those charged with Governance and 2017/18 Statement of Accounts pdf icon PDF 146 KB


Report by the Chief Finance Officer.

Additional documents:


5.1       Jo Lees from the Council’s External Auditors, KPMG, introduced report.  She outlined that the External Auditor intended to issue an unqualified opinion on the accounts and value for money work. There are two significant risks that were identified and examined as part of the audit (as detailed on pages 9 and 10 of the External Auditor’s report in appendix 1 of the Governance Committee report – see appendix A). The first risk was the valuation of the Council’s pension assets and liabilities, because this is a key area of judgement. The Auditors found that there were no issues that they needed to draw attention to as a result of their work in this area.


5.2       The second risk included in the audit was the valuation of land and buildings. Again this is due to the judgement issues involved in the way the property portfolio is valued. The approach that ESCC’s professional valuer has adopted includes a contingency in the valuation. This is not wrong, but ESCC does not have to include a contingency. Consequently the Auditors have made a recommendation that the Council considers the appropriateness of this approach.


5.3       The Chief Finance Officer explained that the valuation method used to estimate the cost of rebuilding all the property assets includes a 5% contingency. There is a consultation being undertaken by the Royal Institute of Chartered Surveyors on whether a contingency has to be included, but the consultation has not concluded. ESCC has decided to include a contingency on the advice of the professional valuers, but once the consultation outcome is known, ESCC will act on the revised guidance and change its approach to the valuation accordingly.


5.4       Jo Lees outlined that there are two other risks that the Auditors have to include in their work. The fraud risk from revenue recognition has been rebutted as there is unlikely to be an incentive for local authorities to fraudulently recognise revenue. The other is the fraud risk from the management override of controls. The Auditors found there were no issues arising from this area of risk.


5.5       The Auditor’s view on management judgements (page 12 and 13 of the Auditor’s report) is that they are balanced and sound.  The Auditors concluded that the Authority has adequate arrangements to secure economy, efficiency and effectiveness in its use of resources and therefore anticipate issuing an unqualified value for money conclusion (as outlined in the Summary on page 4). Jo Lees confirmed the independence of the External Auditors.


5.6       The Chair asked the Auditors if they could clarify the meaning of the terms “unqualified opinion” and “true and fair” used in the report. Jo Lees explained that “unqualified” meant that the Auditors were not placing a qualification on the audit opinion (i.e. there are no issues). What is meant by “true and fair” is that the accounts are true and fair based on the evidence the Auditors have seen, and they have not been miss stated. Jo Lees also clarified that the  ...  view the full minutes text for item 5.


Review of KPMG External Auditor's Report to those charged with Governance and the Pension Fund 2017/18 Statement of Accounts pdf icon PDF 143 KB


Report by the Chief Finance Officer.

Additional documents:


6.1       Charlotte Goodrich of KPMG introduced report. She outlined that the External Auditors were giving an unqualified “true and fair” audit opinion on pension fund account. The audit work has included one significant risk on the valuation of hard to price investments (page 8 of the External Auditor’s report), in addition to the risks they are required to assess in all cases. This was due to the areas of judgement involved in valuing these assets. The audit found there were no issues arising from the assessment of this risk.


6.2       Charlotte Goodrich explained that the fraud risk from revenue recognition has been rebutted as there is unlikely to be an incentive for local authorities to fraudulently recognise revenue. The other risk is the fraud risk from the management override of controls. The Auditors found there were no issues arising from these areas of risk and there were no audit adjustments or recommendations.


6.3       The Committee discussed their role in reviewing the External Auditor’s report on the East Sussex Pension Fund. The Committee have an advisory role as part of their oversight of all audit matters. The External Auditor’s report will be presented to the Pension Committee for approval on Monday 16 July 2018.


6.4       The Committee noted that the Pension Fund was a large and mature fund which was close to being fully funded. The Committee asked about the approach being taken to identify what additional investment is needed to fund the Pension Fund’s liabilities. This includes consideration of the level of funding required; the risk of fluctuating markets and measures to ‘de-risk’ the portfolio of investments; and the impact on employers of increased contributions to meet the Pension Fund liabilities. The Head of Accounts and Pensions outlined that these issues will be considered by the Pension Committee as part of the Investment Strategy, and the Pension Committee will be holding an Investment Strategy Review Day after the Pension Committee meeting.


6.5       The Committee did not identify any concerns that they wished to bring to the attention of the Pension Committee, and asked that their comments concerning the Pension Fund Investment Strategy be passed onto the Pension Committee. The Chief Finance Officer agreed to report the Audit Committee’s comments to the Pension Committee for their consideration.



6.6       The Committee RESOLVED to note report and its appendices.


Internal Audit Annual Report and Opinion 2017/18 (including Internal Audit Progress Report Quarter 4, 01/01/18 - 31/03/18) pdf icon PDF 139 KB


Report by the Chief Operating Officer.

Additional documents:


7.1       The Audit Manager introduced the report. The report includes the Internal Audit Annual report opinion for 2017/18 (appendix 1) and the audit outcomes for the audit work completed in quarter 4 of 2017/18 (appendix 2). The Chief Internal Auditor is able to provide an opinion of reasonable assurance that East Sussex County Council has in place an adequate and effective framework of governance, risk management and internal control for the period 1 April 2017 to 31 March 2018.


7.2       The Committee asked how the schools audit work was organised. The Audit Manager outlined that a specific programme for the work on school audits has been developed, which focusses on financial management and governance. The programme includes an examination of governance and reporting, financial planning, income, expenditure, safeguarding of assets etc. The Committee noted with pleasure the improvement in school audit opinions, with no schools over the last 12 months receiving an audit opinion of partial or minimal assurance. This represents substantial progress in this area.


Quarter 4 Audit Opinions


7.3       The Committee discussed the audit of Personal Service Companies and use of Consultants, which received a partial assurance opinion. The Committee commented that it was surprised that the Council does not have records and asked whether the action plan agreed with management will deal with this weakness and lead to an improved opinion in the follow up audit. The Audit Manager outlined that work is underway on the action plan enabling the collection of information for existing contracts and any new ones. The records will then be retained in the procurement system. The Chief Internal Auditor clarified that the issue was not that records had not been kept, but more that there was not a central place where all records were gathered together and accessible. It is the understanding of the Chief Internal Auditor that everyone who needs access to the records will be able to gain access to them.


7.4       The Committee asked for clarification on how complaints relating to fraud and corruption are dealt with. The Chief Internal Auditor explained that ESCC operates a whistle blowing reporting system, which the Internal Audit team manage separately from the ordinary complaints system. The team will then assess all complaints and allegations and investigate or refer them to other teams as appropriate. If necessary, serious allegations will be referred directly to the Police, with the Internal Audit team acting as the main point of contact/liaison with the Council for the Police investigation.



Summary comments


7.5       The Committee did not consider that there were any significant control issues that needed to be included in the Councils annual governance statement, and considered that the Council’s system for internal audit had proved effective during 2017/18.


7.6       The Committee RESOLVED to:

1) Note the Internal Audit Service’s opinion on the Council’s control environment; and

2) Agreed that the Council’s system for internal audit has proved effective during 2017/18.


Public Sector Internal Audit Standards External Assessment Report pdf icon PDF 126 KB


Report by the Chief Internal Auditor.

Additional documents:


8.1       The Chief Internal Auditor introduced report. The timing of the external assessment was at the end of the period when an external assessment has to be carried out, and was also at a critical stage in the integration of the three Orbis Internal Audit departments into one service. The external assessment identified only one area that required action, which relates to the appointment or removal of the Chief Internal Auditor. The Internal Audit Charter has been amended to deal with this issue. The Committee asked for a further explanation of the reason for this action point.


8.2       The Chief Internal Auditor outlined that the independence of Internal Audit is crucial to its effectiveness. One of the ways of preserving effectiveness is for the Chief Internal Auditor to be able to report freely to the Audit Committee. There is a risk that management could remove the Chief Internal Auditor and this recommendation offers protection if the Audit Committee has to be involved in the removal or appointment of Chief Internal Auditor. At present ESCC requires the Chair of the Audit Committee to be consulted, but this was not the situation for the two other Orbis partner authorities. The amendment of the Internal Audit Charter requires all three Audit Committee Chairs to be consulted.


8.3       The Committee noted the external assessor’s conclusion that Orbis Internal Audit has achieved the highest level of conformance with relevant professional standards, and congratulated the team on their achievement.


8.4       The Committee RESOLVED to note the report and the external assessor’s conclusion.


Strategic Risk Monitoring 2017/18 - Quarter 4 pdf icon PDF 74 KB


Report by the Chief Operating Officer.

Additional documents:


9.1       The Chief Operating Officer introduced the report. He explained that the Strategic Risk Monitoring is included in the Council monitoring report which is presented to Cabinet on quarterly basis. The 2017/18 quarter 4 report was presented to Cabinet on 26 June 2018 and included any items that have been changed or escalated from departmental risk registers. The Chief Operating Officer added that a report will be presented at the September Audit Committee meeting to explain the risk assessment process and a how departments assess and escalate risks.


9.2       The Committee reviewed the items on the strategic risk register in appendix 1 of the report, and discussed the following risks in more detail.


School Places and Changes to the Funding Formula


9.3       Councillor Fox raised the risk to school place delivery posed by the increase in the number of schools that were now Academies, and therefore outside of local authority control. He asked whether it might be worth adding this to the monitoring of risk by the Committee and whether it is in the departmental risk register.


9.4       Councillor Barnes outlined that he was still worried about strategic risk 13 Dedicated Schools Grant (DSG). He asked how many schools would be below the block grant threshold (e.g. a threshold of around 120 pupils) and whether this will lead to school closures. Councillor Barnes added that he would have expected that the budget pressures and risk from the block funding formula (DSG) would have been modelled. He outlined that a number for small rural schools could be under threat of closure, and that East Sussex was not alone in this respect.


9.5       The Chief Operating Officer responded that Risk 13 is departmental risk and would be within remit of People Scrutiny Committee to examine. He added that the Council does a huge amount of modelling for school place provision and the need for capital funding. There is a level of oversight of these issues and they are included in the Reconciling Policy, Performance and Resources (RPPR) financial planning process. This includes the potential changes to the DSG and any further investment that may be required as part of the integrated planning process for school places.


Cyber Attack


9.6       The Committee sought further assurance about the robustness of the arrangements for protecting the Council’s data from the risk of Cyber Attack (Risk 12). Khy Perryman, Information Security and Governance Manager, joined meeting and gave a presentation on the measures ESCC is taking on Cyber Security. The presentation covered the following topics:


·              Definition of Cyber Security issues, including the threat from organised crime which is something the Council takes seriously as local government is one of the top targets for organised crime due to the amount of personal information that is held.

·              A description of targets which includes individuals in managerial and professional occupations due to their likely access to systems and data.

·              Third party security, including data breaches (e.g. where other organisations are hacked in order to obtain people’s personal information). There  ...  view the full minutes text for item 9.


Audit Committee - Work programme pdf icon PDF 159 KB

To consider the items on the Committee’s future work programme.


10.1     The Chair introduced the work programme item, which is the Committee’s opportunity to review the future work programme. The Committee discussed the work programme and agreed to add the following items:


·              A report on the Council’s reserves, how they are held, and the projection up to 2021.  As this report is linked to Treasury Management, the Committee requested that the report is presented to the September meeting (alongside the report on the calculation of the Minimum Revenue Provision).


·              The Property Asset Disposal and Investment Strategy annual monitoring report is to be presented to the November Audit Committee meeting, together with a report on the Community Asset Transfer policy and how this links to the Council’s Property Asset Disposal and Investment Strategy.


10.2     The Committee also agreed to receive the report on the Risk Management Framework and risk assessment process (September meeting), before considering whether any further work is necessary on the risks associated with the changes to the schools Direct Support Grant ( see minute 9.4 above).




10.3     The Committee discussed the training that is available to Committee members and the possibility of using the Chartered Institute of Public Finance and Accountancy (CIPFA) to provide Audit Committee training. Individual briefings, provided by Officers, are also available for Committee members. The Chief Finance Officer will arrange a briefing for Councillor Bowdler at a mutually convenient date.