Agenda and minutes

Audit Committee
Monday, 25th March, 2019 10.00 am

Venue: Committee Room, County Hall, Lewes. View directions

Contact: Simon Bailey  Democratic Services Officer

Items
No. Item

35.

Minutes of the previous meeting pdf icon PDF 119 KB

Minutes:

35.1     The Committee RESOLVED to agree the minutes of the last meeting held on the 22 November 2018 as a correct record.

36.

Apologies for absence

Minutes:

36.1     Apologies for absence were received from Councillors Bob Bowdler, Gerard Fox, and Daniel Shing.

37.

Disclosures of interests

Disclosures by all members present of personal interests in matters on the agenda, the nature of any interest and whether the member regards the interest as prejudicial under the terms of the Code of Conduct.

 

Minutes:

37.1     There were none.

38.

Urgent items

Notification of items which the Chair considers to be urgent and proposes to take at the appropriate part of the agenda. Any members who wish to raise urgent items are asked, wherever possible, to notify the Chair before the start of the meeting. In so doing, they must state the special circumstances which they consider justify the matter being considered urgent.

 

Minutes:

38.1     There were none.

39.

External Audit Plan 2018/19 pdf icon PDF 139 KB

Report by the Chief Finance Officer.

Additional documents:

Minutes:

39.1     Marcus Ward, Grant Thornton, introduced report. The key matters impacting the audit are summarised on page 4 of the Audit Plan (page 16 of the agenda pack) and more details are available on subsequent pages of the Plan.

 

Significant Risks

 

39.2     A risk assessment has been carried out to identify the significant risks that may affect the ability to provide an accurate audit (pages 6-8 of the Audit Plan). The first two risks (page 6) are ones that have to be included in the audit, which are the management over-ride of controls and the risk that revenue includes fraudulent transactions.

 

39.3     The Auditors have partly rebutted the risk of fraudulent recognition of revenue, as a large part of the Council’s income comes from Council Tax which is collected on behalf of the Council. The audit will however include an examination of revenue from fees and charges. The management override of controls is the key risk and the Auditors will look at journals and management estimates as part of their work on this part of the audit.

 

39.4     The other key risks identified are:

  • Valuation of property, plant and equipment. Work in this area will examine whether the valuations are accurate, including the assessment and judgements used in arriving at a valuation.
  • Valuation of the Pension Fund net liability, which represents a large sum in the accounts. Work will examine the actuarial valuations and the basis of assumptions used in the actuarial valuations.
  • Private Finance Initiative (PFI) liabilities. The audit will examine the PFI contracts that the Council has for Waste Disposal and Newhaven schools. Work undertaken will examine the PFI accounting models used to test their accuracy and assess liabilities.

 

Other Matters

 

39.5     The Other Matters included in the audit are listed on page 9 of the Audit Plan. This work includes:

  • Examining the Council’s Annual Governance Statement (AGS) and the financial statements to test that they are accurate and make sure the accounts accurately reflect what is happening in the Council;
  • Considering elector objections if there are any; and
  • Work to examine management’s assessment of the ‘going concern’ assumptions.

 

Materiality and Value for Money (VFM) arrangements

 

39.6     The level of materiality is derived from the gross revenue figure for the Council and is set at £20million. The Auditors will also report any incorrect statements over £1million. The audit will provide a Value for Money (VFM) statement, which includes an examination of identified VFM risks:

  • Ongoing financial sustainability – which will look at the Council’s Medium Term Financial Plan (MTFP) and the Core Offer. This work will involve examining financial statements and talking to management.
  • Partnership working with the NHS; and
  • Brexit.

 

39.7     Marcus Ward outlined the timeframe for the audit which will provide the Audit Findings report to the Audit Committee in July 2019, and confirmed the independence of the Auditors.

 

39.8     The Committee discussed the content of the Audit Plan and asked questions or sought clarification on a number of points. It was clarified that the audit  ...  view the full minutes text for item 39.

40.

External Audit Plan for East Sussex Pension Fund 2018/19 pdf icon PDF 128 KB

Report by the Chief Finance Officer.

Additional documents:

Minutes:

40.1     The Committee considered the External Audit Plan for the East Sussex Pension Fund. The Committee asked for clarification of who appoints the actuary for the Pension Fund valuation. Darren Wells confirmed that the Council appoints the actuary for the valuation of the Pension Fund liabilities.

 

40.2     The Committee RESOLVED to endorse the External Audit Plan for East Sussex Pension Fund for 2018/19.

41.

Internal Audit Progress Report - Quarter 3 2018/19 (01/10/18 - 31/12/18) pdf icon PDF 220 KB

Report by the Chief Internal Auditor.

Additional documents:

Minutes:

41.1     The Audit Manager introduced the report, which summarises the audit opinions for the audits carried out during the reporting period. There were two audits which received an audit opinion of partial assurance, the audit of Surveillance Cameras (on page 48 of the agenda pack) and Cultural Compliance - Business Operations (page 51). The progress report also includes details of the counter fraud and investigations work; changes to the audit plan and; the performance indicators for the Internal Audit Service which are all on target. The Chief Internal Auditor continues to be able to provide reasonable assurance that the Council has in place an effective framework of governance, risk management and internal control.

 

41.2     The Committee commented that the partial assurance opinion for the Cultural Compliance - Business Operations audit appears to include non-compliance with Council policies and sought reassurance that these issues had been tackled. The Chief Operating Officer gave an assurance that these issues have been dealt with and progress reported through the Statutory Officers Group on 4 March 2019. There will also be a follow up to the audit.

 

41.3     The Chief Finance Officer outlined that he meets with business service heads on a monthly basis and this issue has been raised with them. The Chief Internal Auditor commented that Internal Audit will be undertaking an audit of the Declarations of Interest system this year. The Audit Manager added that although corporate policies had not been followed, there was no evidence that any payments made were not legitimate.

 

41.4     The Committee RESOLVED to note the Internal Audit progress report for quarter 3, 2018/19.

42.

Internal Audit Strategy and Annual Plan 2019/20 pdf icon PDF 121 KB

Report by the Chief Internal Auditor.

Additional documents:

Minutes:

42.1     The Audit Manager introduced the report. The Internal Audit Strategy and Annual Plan outlines the audit work which is planned to take place across organisation and is required for the Chief Internal Auditor to be able to give an end of year opinion. The Plan outlines the consultations that have taken place in formulating the plan, which includes work with the Audit Committee. It also gives details of the number of audit days to deliver the Plan, which is similar but slightly reduced in comparison to last year. The details of the audits planned for the forthcoming financial year are contained in annex A of appendix 1 of the report.

 

42.2     The Committee asked whether 1,400 audit days is sufficient, how this figure is derived, and for an explanation of the slight reduction in audit days. The Chief Internal Auditor responded that 1,400 audit days is considered sufficient to deliver the Audit Plan and be able to give an opinion at the end of the year. The calculation of the number of days needed is based on professional judgement and an assessment of risk, based on the Council’s risk profile.

 

42.3     The reduction in audit days last year was a result of the savings made by the Orbis Partnership, which has been partly offset by greater efficiencies and increased resilience. Although the service has been reduced, it does not affect the Chief Internal Auditor’s ability to give an opinion and he will request more resource if he considers it is needed.

 

42.4     The Committee enquired whether it would be possible to make additional savings if the number of local authorities the Internal Audit Service covers is increased. The Chief Internal Auditor outlined that the Internal Audit Strategy and Plan represents the East Sussex County Council (ESCC) portion of service. The Orbis Internal Audit Service has taken on internal audit work for Horsham District Council, which has enabled the Service to reduce overheads and return more audit days. The Service is keen to grow the number of clients, but this has to be done carefully to ensure it can still meet the needs of the three Orbis Partners.

 

42.5     The Committee discussed the risk based approach, which focusses internal audit work on risks to the Council.  The Chief Internal Auditor explained the risk based approach takes into account where internal audit resources can contribute value to the management of the Council. Audit work also takes into account other sources of assurance available to the organisation (e.g. Ofsted inspections) and where Internal Audit has done previous work in the organisation. All audits have regard to management’s arrangements for:

• Achievement of the organisation’s objectives;

• Reliability and integrity of financial and operational information;

• Effectiveness and efficiency of operations and programmes;

• Safeguarding of assets; and

• Compliance with laws, regulations, policies, procedures and contracts.

 

42.6     There is flexibility in the Audit Plan to allow for areas of risk and audit work to be added during the delivery of the Plan.  ...  view the full minutes text for item 42.

43.

Orbis Budget Management Audit - Update report pdf icon PDF 67 KB

Report by the Chief Operating Officer.

Additional documents:

Minutes:

43.1     The Chief Operating Officer introduced the report, which is in response to the Committee’s request for an update on the progress in implementing the agreed management actions following the initial audit opinion of partial assurance. The audit took place fairly early on after the new Orbis budget management arrangements had been put in place, and there will be a follow up audit in 2019/20 (probably in quarter 1).

 

43.2     It was acknowledged that further work was required to reflect the complexity of the Orbis integrated budget management. Work carried out to date has included:

  • the development of a new intranet site for Orbis budget management information;
  • increased support for budget managers;
  • a number of workshops have been delivered for staff; and
  • the development of a budget dashboard (appendix A, of appendix 1 of the report) which  will be reported to Orbis Joint Committee.

 

43.3     The Committee noted that there will be different financial reporting systems in place for each of the Orbis Partners, and asked if Officers are confident that the information can be matched with other Partners’ reporting/monitoring. The Chief Operating Officer responded that the integrated budget management for Orbis is concerned mainly with operating costs (such as staff costs) and there are no issues with matching information. Each Partner has its own core financial accounting system, and ESCC has upgraded the SAP platform so that it is on the same software level as Surrey County Council to facilitate further efficiencies.

 

43.4     The Chief Finance Officer outlined that Orbis has an integrated team which prepares financial accounts across the three Partners. There is a shared Treasury Management function, and all partners have the same External Audit arrangements. So there is an increasing degree of integration amongst the Partners.

 

43.5     The Committee discussed the example of the data dashboard which outlines Orbis performance for Orbis people. It noted that based on the length of service of leavers, ESCC seems to have a more stable staffing structure. The Committee asked if the higher turnover of staff elsewhere in the Partnership has an impact on ESCC’s performance.

 

43.6     The Chief Operating Officer responded that the levels of staff turnover are not causing concerns, and are within normal parameters for the three Partners. Staff turnover can provide an opportunity to change practices and introduce new skills into teams, but if too many skilled and experienced staff leave there can be a risk to service delivery. Staff turnover is not regarded as a problem at present, and is not having an impact on performance.

 

43.7     The Committee RESOLVED to note the management actions that have been taken in response to the Orbis Integrated Budget Management audit.

44.

Strategic Risk Monitoring report - Quarter 3, 2018/19 pdf icon PDF 111 KB

Report by the Chief Operating Officer.

Additional documents:

Minutes:

44.1     The Chief Operating Officer introduced the report which provides an update on strategic risks and the mitigation measures that have been put in place. He highlighted that a separate No-Deal Brexit risk has been included in the Strategic Risk Register following the November 2018 Audit Committee meeting.

 

44.2     The Committee discussed the strategic risk monitoring report and made the following comments:

 

  • Reconciling Policy, Performance and Resources - RPPR (Risk 5). The ESCC financial planning process is extremely robust and the Red rating should not be interpreted as a criticism of the process. The Council is getting to the point where however robust the financial planning process is, it may not be able to mitigate the risk. The Red rating more properly reflects the unknowns that the Council faces in terms of financial planning. The Chief Operating Officer acknowledged this point and commented that it is the implementation of the budget where the main risk resides.

 

  • Cyber Attack (Risk 12). The Committee asked if the two data centres are separated enough to recognise a cyber-attack and not pass on a risk from primary to secondary data storage.  The Chief Operating Officer confirmed that there is a physical separation of storage facilities and resources are not shared to counter this risk.

 

  • Workforce (Risk 9). The Committee noted that the days lost due to stress have reduced, but the days lost due to mental health have increased. The Committee asked for clarification on whether incidences of stress are being appropriately responded to and are not causing an increase in reported mental health issues.  The Chief Operating Officer responded that as the cause of sickness absence is self-reported, so some of the variation is due to this factor. However, there are appropriate responses in place for all types of sickness absence, including a range of mental health initiatives.

 

44.3     The Committee RESOLVED to note the current strategic risks and the risk controls / responses being proposed and implemented by Chief Officers.

45.

Work programme pdf icon PDF 290 KB

Minutes:

45.1     The Chair introduced the work programme item, which was discussed by the Committee members.  Councillor Philip Daniel outlined the work he is undertaking with Officers on the transparency of procurement and contracts, and offered to report back any findings to the Committee. Councillor Barnes commented that it would be helpful for the Committee to schedule an update on the property portfolio and property project work. An update report is planned for the November 2019 Committee meeting. There were no changes to the work programme following the discussion by the Committee.

 

45.2     The Committee RESOLVED to note the Committee’s future work programme.