Agenda and minutes

None.

To confirm the minutes of the previous meeting held on 30 April 2024.

RESOLVED – that the minutes of the meeting held on 30 April 2024 be confirmed and signed by the Chair.

To review the Audit Committee Terms of Reference.

The Audit, Governance & Procurement Lead Manager presented the Audit Committee Terms of Reference for the 2024/25 municipal year.

There was a requirement in the Council’s Constitution that an annual review of the terms of reference took place at the first meeting following the Council’s Annual General Meeting.

The Audit Committee terms of reference reflected the requirements of the Council under the Local Audit & Accountability Act 2014 in respect of the appointment of External Auditors.

Key tasks for the coming year were to approve the Audit Charter and Internal Audit Plan, review Internal Audit activities, review documentation from the External Auditors, review governance and risk management processes, monitor treasury management activities and approve the Annual Governance Statement that accompanied the final accounts.

Upon being put to the vote it was, unanimously:

RESOLVED – that:

a)    the report be noted; and

b)   the Terms of Reference be adopted by Council at the meeting being held in July 2024.

To receive the External Audit Plan for 2023/24 from KPMG, External Auditors.

KPMG, the Council’s External Auditors, presented the Audit Plan for 2023/24.

The 2023/24 audit was progressing well and the audit plan set out the financial statement risks for 2024.

Materiality current sat at £10.6m but this figure may be revised in relation to the 2% general accepted risk mark.  There was a set level of 65% which was worked towards in the sum of £6.89m with the misstatement reporting threshold of £530,000.

The External Auditors had looked at the whistle blowing policy and the estate valuation.  Three risk areas, including valuation of land and buildings, management override and controls and the valuation of RGPS scheme were currently being looked at.

Further areas for consideration were the expenditure fraud risks and revenue recognition.

The External Auditors outlined their approach in relation to VFM which was in its early stages and further detail would be given to the next Audit Committee.

The Audit timetable was set out in the report, but it was highlighted that there would be an increase in the fee, although this had been part of the tender process.

Details in relation to confirmation of independence were highlighted in the report and there were no issues that would impact or impair their ability to perform a full and robust audit.

During the discussion, some Members welcomed the report and enquired whether the audit would meet the December 2024 deadline and whether the NuPlace audit was undertaken separately.

The External Auditors confirmed that they were anticipating the audit would be completed by September and that the audit of NuPlace would be undertaken separately.

The Group Accountant commented that the Accounts would be brought to the November 2024 meeting.

To receive the Annual Governance Statement.

The Audit, Governance & Procurement Lead Manager presented the Annual Governance Statement which was a requirement of the Accounts and Audit Regulations 2015 and should accompany the Annual Accounts.

The Annual Governance Statement (AGS) for 2023/24 had been developed based on the requirements of the regulations and CIPFA/Solace guidance.  The statement included an action plan to ensure that there was continual improvement to the existing governance arrangements.

The action plan which accompanied the 2022/23 statement had been reviewed and updated to reflect current progress.  Any actions still in progress from the 2022/23 plan had been incorporated into the 2023/24 action plan.

The AGS and the Local Code of Good Governance outlined that the Council had a robust governance framework in place but that it should continually review procedures.   The Audit Committee were assured that during 2023/24 good governance arrangements were in place.

The AGS fed into the work of both Internal and External Audit and was compliant with external agencies such as Ofsted and the CQC. 

The report gave details of where the Council had excelled and gained awards and reported on good governance activities.

It was the opinion of the Audit, Governance & Procurement Lead Manager that the council’s current arrangements gave a reasonable level of assurance.

Upon being put to the vote, it was unanimously:

RESOLVED – that:

a)    the Annual Governance Statement 2023/24 be approved; and

b)   the contents of the report be noted.

To receive a copy of the draft Statement of Accounts 2023/24.

The Group Accountant presented the draft Statement of Accounts 2023/24 to the Audit Committee who had delegated authority to review the statement of accounts for the year ending 31 March 2024. 

The Statement of Accounts was a lengthy complex document which included the consolidated group accounts.  The Audited Accounts would be brought before Committee in accordance with the External Auditor’s timetable which was expected around September to November 2024.

Members were encouraged to contact the Finance Team if they had any queries and confirmed that a training session for Members would be provided, prior to the presentation of the Audited Statement of Accounts.

The draft Statement of Accounts would be subject to a 30 day period of public inspection once the completed statement of accounts had been signed off and this would be advertised on the Council’s website and in the Shropshire Star.

KPMG, the Council’s External Auditors for 2023/24, would report any findings to future meetings of the Audit Committee.

During the discussion, some Members welcomed the remarkable achievement in getting the Statement of Accounts produced before the deadline at the end of May and thanked the Finance Team for their hard work.

The report was noted.

To receive the Internal Audit Annual Report 2023/24, The Audit Committee Annual Report 2023/24 and the 2023/24 Annual Audit Plan.

 The Principal Auditor and the Audit, Governance & Procurement Lead Manager presented the Internal Audit Annual Report 2023/24, the Audit Committee Annual Report 2023/24 and the 2023/24 Annual Audit Plan.

The 2023/24 Annual Report gave details of the planned Internal Audit resources for 2023/24 which was initially 671 days and included 49 days of specialist ICT audit provision provided by Lighthouse Consultancy.  During 2023/24 there had been a number of unplanned audit assignments which resulted in some planned audits being removed and replaced with the unplanned work. Deferred audits and resource challenges within the Audit Team, resulted in the plan being reduced to 432 days with Audit Committee being kept informed throughout the year.  The team achieved 90% of the planned work, although some items were due to be rescheduled and included in the 2024/2025 plan.

Based on internal audit work undertaken during the year, Internal Audit’s annual opinion provided reasonable assurance in respect of the adequacy and effectiveness of the Council’s framework of governance, risk management and internal control.

The number of green, yellow and red reports issued this year had increased from 2022/23, yet the number of amber reports had decreased. However, all gradings remain comparable over a 3 year period.  In 2023/24 there had been 244 recommendations made in total compared to 146 in 2022/23 and 256 in 2021/22. 

The Internal Audit Team has faced some resource challenges during the year but managed to complete 90% of the annual audit plan. The Internal Audit Team continued to work with services to ensure risks were appropriately managed and adequate systems of internal control were in place.

The Internal Audit Team monitor their performance using key performance indicators and the results for 2023/24 demonstrated that team performance met or exceed the targets set. 

Customer surveys were issued electronically with every completed audit report. Results showed that 100% of customers continued to think Internal Audit were a positive support and added value to their service. As a comparison to 2022/23 the team’s customer performance has remained extremely high within all areas included in the customer feedback form although improvements had been made.  

In conclusion, Internal Audit had performed well and made a positive contribution to the governance arrangements within the Council. During 2023/24, completion of the audit plan increased from the previous year despite the Council experiencing resource challenges. The statutory responsibilities of the Council’s Chief Financial Officer (Section 151 Officer) in respect to internal audit and internal control had been met and the work of the Internal Audit Team and other assurance activity had provided reasonable assurance to the Council on the adequacy of operation of the Council’s internal controls, governance and risk management processes. However, there were changes occurring both within and outside the Council during 2024/25 and beyond which could affect the team’s future activities.

The work of the Audit Committee in 2023/24 began with approval of the Terms of Reference.  The Committee had considered a comprehensive set of agendas to reassure the community and the Audit Committee  ...  view the full minutes text for item AU7

To receive the Internal Audit Activity Report.

The Principal Auditor presented the Internal Audit Activity Report for the period 1 January 2024 to 31 March 2024 and the unplanned work to date.  An update was also provided on the progress of previous audit reports issued.

During the reporting period, nine reports had been issued, six yellow (reasonable) and three green (good).  Internal Audit intend to follow up, where necessary, within three to six months to check that recommendations had been implemented and they were confident that management would implement the controls to bring about an improvement.  There were no other issues to bring to the attention of the Committee at this time.

Audit Committee members approved the 2023/24 Internal Audit Plan at the May 2023 committee meeting.  Progress made against this plan from a total of 73 audits, 27 audits have been completed, 11 were in progress and 31 have been deferred or removed due to requests from the service area. 

Work continued on the commercial contracts with Academies and Town Councils and there had been recent success in winning two new contracts with Manor Multi Academy Trust and Lykos Academy.   The Audit Team now provided audit services to a total of 11 Academy Trusts and 2 Town Councils. Internal Audit continued to look for opportunities to expand their commercial offering.

During the debate, some Members asked if further information could be provided on areas that were having a second follow up in order to understand how “limited” improvement was being managed.

The Principal Auditor confirmed that they were working with the teams involved where a lot of recommendations had been put in place, but testing was due to be undertaken when there was information to test.  The Audit Committee would be kept informed of progress, but it was expected that improvements would be made on the second follow up.

The Audit, Governance & Procurement Lead Manager explained that limited or poor reports are reported the to the Director of the service and the Chief Executive who also takes these reports very seriously and if requested they could come before the Audit Committee.

Members noted the report.

To receive the 2023/24 Information Governance & Caldicott Guardian Annual Report.

The Audit, Governance & Procurement Lead Manager presented the 2023/24 Information Governance & Caldicott Guardian Annual Report which set out the pieces of legislation and good practice standards that govern the IG arrangements of the Council.

There had been 100 more Freedom of Information (FOI) requests in 2023/24 than the previous year and this had led to the response rate being slightly down to 85%.  The ICO has set a benchmark of 90% for responding to FOI requests within the 20 working day statutory deadline for responding to requests.  There had also been an increase of appeals in relation to FOIs which come to the Council to review.  The appeals were broadly in line with the previous year.  Information Commissioner Officer (ICO) referrals, where it was considered a response was not adequate, a compromise was undertaken, further information provided and no further action taken.

In 2023/24 the Council received 104 subject access requests (SARs), 34 less than the previous year.  The processing of SAR’s continued to be a challenge due to the volume (in pages) of information being asked for.  Four of the subject access requests received in 23/24 alone encompassed over 10,000 pages of information which have to be read and redacted. 

In relation to data breaches, although there was a large number of transactions and activities undertaken by the Council, it was good news that no breaches had met the threshold for reporting to the ICO as a fine could be up to £17.5m.  To assist in preventing any data breaches, the Council had introduced a new system, Zivver, which had worked well and reduced the number of errors.

Progress on the 2023/2024 IG work programme was set out in the report and was a legal requirement of the data protection officer under GDRP.  The Audit & Governance Lead Manager was the designated officer who ensured that the work programme was completed in an appropriate way.

The report also contained information on the role of the Caldicott Guardian and its responsibilities.  The Caldicott Guardian and the Senior Information Risk Owner (SIRO) met four times per year with the Director: Policy & Governance.

Upon being put to the vote it was, unanimously:

RESOLVED – that:

a)    the Information Governance & Caldicott Guardian Annual Report for 2023/2024 be noted: and

b)   the IG Work Programme for 2024/25 be approved.

To receive the 2023/24 Anti-Fraud & Corruption Annual Report.

The Audit, Governance & Procurement Lead Manager presented the Annual Anti-Fraud & Corruption Report which gave details of the activity for 2023/24.

Investigation activities within Telford & Wrekin Council were driven by the Investigation Team along with Internal Audit and IDT and the work that other enforcement teams did in tackling certain types of fraud within our communities.  The Committee were advised that when the Investigation Team refer to the term fraud it also included associated offences such as theft, bribery, corruption, money laundering and other financial irregularity, which are all matters that the Investigation Team.

A number of complex investigations had been undertaken in 2023/24. Some of these were continuing into the next financial year.

The Investigation Team had now started joint working with the Department for Work and Pensions (DWP) where there were matters of Council Tax Support fraud and fraud related to other relevant DWP benefits.

The Investigation Team concluded 147 investigations in 2023/24 with 83 having a positive outcome. This figure did not include 47 open investigations which were being carried over into the next financial year.

There was no way of accurately measuring the consequential effects and indirect savings that occurred due to the team’s prevention work. If this work was not undertaken, then the loss to the authority would potentially increase year on year. In addition, potential fraudsters would be less likely to attempt to commit acts of fraud than they would if there was no team in place.

In order to prevent fraudulent activity, face to face induction training had been implemented for new employees with further training opportunities available via Ollie for all staff.

Revenues and Benefits, IDT (in relation to cyber fraud) and public protection feedback information to Internal Audit in relation to fraudulent activities.

The Investigation Team had a good partnership and working relationship with the local Police in the fight against crime.

During the debate, some Members asked why social care had a higher rate of suspected fraud, whether there were adequate controls in place in relation to cyber fraud and if continual updating of systems was required was there a cost to that.  Other Members asked how much had been saved from the outcome of the £121,000 fraud.  Members welcomed the proactive approach across the Council to data security and GDPR.

The Audit, Governance & Procurement Lead Manager explained that in relation to direct payments, the government introduced that a sum on money would be given to the person who required care and that they organised their own care.  Where third parties were involved, they must ensure that the work contracted was honoured.  Expenditure in social care was a boom area and was a bigger fraud risk.  In relation to cyber fraud, the Council were part of a West Midlands Group who looked at trends in cyber fraud and there was an IDT lead on cyber security.   There was reasonable assurance that controls were in place to protect the Council including focus groups, public sector requirements a tool kit around cyber  ...  view the full minutes text for item AU10

To receive the outline of Audit Committee business for 2024/25.

The Audit, Governance & Procurement Lead Manager asked Members to note the outline of business for 2024/25.