Agenda and minutes

Audit and Governance Committee - Monday, 21st June, 2021 5.30 pm

Venue: Council Chamber - Civic Centre, St Luke's Avenue, Harrogate HG1 2AE. This meeting will be livestreamed here: https://bit.ly/HarrogateYouTube (Copy and paste the link in your browser).. View directions

Contact: Democratic Services Tel: 01423 500600 Email: democraticservices@harrogate.gov.uk

Items
No.	Item
14.	Apologies for Absence and Notification of Substitute: Minutes: Councillor Paul Haslam was acting as a substitute for Councillor Michael Harrison. (5.31 pm)
15.	Declarations of Interest: Members to advise of any declarations of interest. Minutes: No declarations of interest were made at the meeting. (5.31 pm)
16.	Minutes: PDF 218 KB Of the meeting of 29 April 2021. Minutes: The Minutes of the meeting of the Committee held on 29 April 2021 were approved as a correct record. (There were three votes for the motion and two abstentions) (5.32 pm)
17.	Exempt Information: To determine whether to exclude the press and public during the consideration of any exempt information items – item 6 (part), item 7 (part), item 9 (part) Minutes: Appendix one of each of the items considered at Minutes 19/21 and 20/21 and Appendix two of the item considered and Minute 22/21 were considered exempt under paragraph 3 of schedule 12A of the Local Government Act 1972. These items were however discussed in open session. (5.32 pm)
18.	Public Arrangements - Questions: To consider any questions under Standing Order 27. Minutes: There were no public questions to consider under Standing Order 27. (5.32 pm)
19.	Internal Audit Report on Data Security: PDF 136 KB The Audit Services and Fraud Manager to submit a written report. (Appendix 1 to the report contains exempt information and is not available to members of the public) Additional documents: Restricted enclosure 5 View the reasons why document 19./2 is restricted Minutes: An internal audit report on data security had been submitted by the Audit Services and Fraud Manager. The report was presented at the meeting by the Head of Finance (HoF). The report was presented to the committee because at the time of the audit, the opinion of Audit Services was that it could only provide partial assurance that adequate controls were in place concerning data security. Exempt Appendix one contained the findings and recommendations, detailed information within the appendix was not referred to and discussions took place in open session. The Audit review had looked at two internal controls and both had received only partial assurance, there were also some outstanding recommendations from a previous audit. Progress had been made in terms of the recommendations, details of these and timescales were within Appendix one. The HoF explained that all recommendations were monitored by the audit team and reported to the committee regularly and was also discussed at Minute 20/21. The HoF agreed to provide further information about compliance statistics with reference to data security training for Councillors. RESOLVED (UNANIMOUSLY): That the Committee note the content of the report. (5.32 pm – 5.35 pm) (D)
20.	Internal Audit Recommendation Report: PDF 134 KB The Audit Services and Fraud Manager to submit a written report. (Appendix 1 to the report contains exempt information and is not available to members of the public) Additional documents: Restricted enclosure 7 View the reasons why document 20./2 is restricted Appendix 2 - Internal Audit Recommendation Movements in the Period , item 20. PDF 393 KB Appendix 3 - Summary of All Outstanding Internal Audit Recommendations , item 20. PDF 393 KB Minutes: The Audit Services and Fraud Manager submitted a written report providing an update on the implementation of recommendations. The report was presented at the meeting by the Head of Finance (HoF). Appendix one to the report contained information about the outstanding priority one internal audit recommendations and was considered exempt, this appendix was not referred to and the meeting remained in open session. Appendix two summarised the movements within the period and Appendix three was a summary of other outstanding audit recommendations. The HoF explained that progress was being made on some long-standing recommendations, details and provisional dates were within the documents. The HoF confirmed that it was anticipated that the implementation of a new integrated workplace management system would provide the assurances required where software limitations had previously been a barrier. RESOLVED (UNANIMOUSLY): That the Committee note the content of the report and appendices. (5.35 pm - 5.39 pm) (D)
21.	External Public Sector Internal Audit Standards (PSIAS) Compliance Review - Action Plan: PDF 235 KB The Audit Services and Fraud Manager to submit a written report. Additional documents: Appendix 1 - Public Sector Internal Audit Standards Compliance 2019/20 Harrogate Borough Council , item 21. PDF 636 KB Appendix 2 - Action Plan/Improvement Programme , item 21. PDF 361 KB Minutes: The Audit Services and Fraud Manager submitted a written report detailing the action plan that had been developed following the External Public Sector Internal Audit Standards (PSIAS) Compliance Review. The report was presented at the meeting by the Head of Finance (HoF). Full details of the PSIAS review had been reported at a meeting of the committee held on 29 April 2021 where the Audit Services and Fraud Manager had explained that an action plan would be brought to a future meeting. The HoF highlighted that the key recommendation was to develop a formal Quality Assurance and Improvement Programme and this had been given a target date of December 2021. There were also some best practice recommendations and the action plan set out the approach, some were already complete and others mostly had target dates in 2021. RESOLVED (UNANIMOUSLY): That the Committee note the content of the report. (5.39 pm – 5.41 pm) (D)
22.	Draft Strategic Risk Register 2021/22: PDF 267 KB The Scrutiny, Governance and Risk Manager to submit a written report. (Appendix 2 to the report contains exempt information and is not available to members of the public) Additional documents: Appendix 1 - Draft Strategic Risk Register 2021/2022 , item 22. PDF 511 KB Restricted enclosure 15 View the reasons why document 22./3 is restricted Minutes: The Scrutiny Governance and Risk Manager (SGRM) submitted a copy of the draft strategic risk register for 2021/22. The report had now been considered by Management Board and as a result there had been some adjustments to the scores within the report and some impacts had been redefined. The SGRM explained the changes: - SRR06 Fraud and error updated – overall score reduced to 6 - SRR08 Local Government Devolution – the overall score was confirmed as 6 - Local Authority Controlled Company (Brimhams Active) – the overall score had reduced to 6 - Local Government Reorganisation – the overall score was confirmed as 4. Impacts identified were capacity to deliver business as usual and to deliver key corporate programmes of work, loss of staff due to uncertainty, structural changes/decisions in relation to funding of capital projects and the ability to influence and participate in implementation plans. The SGRM explained that risk scores were constantly reviewed and updated by risk owners. The SGRM confirmed that if agreed this would become the final strategic risk register 2021/22 that would be reported to the Committee throughout the year. The Committee noted the updates. RESOLVED (UNANIMOUSLY): That (1) the register reflects the current strategic risks facing the council; (2) the risk assessments reflect the current level of risk; and (3) the internal controls in place are adequate to manage each risk. (5.41 pm – 5.46 pm) (D)
23.	Risk Management Update: The Scrutiny, Governance and Risk Manager to provide a verbal update. Minutes: The Scrutiny, Governance and Risk Manager (SGRM) provided an update on work being undertaken. He explained that a new Risk Management Framework, Strategy and Policy was being developed and would be reported to the committee as it had the responsibility for the oversight of risk management arrangements. This work would define how Harrogate Borough Council managed risk across the council and how this was embedded within the organisation. The SGRM was also developing an assurance framework with the Audit Services and Fraud Manager. (5.46 pm – 5.48 pm) (D)