Agenda and minutes

Governance & Audit Committee - Wednesday, 28 June 2017 7.30 pm

Venue: Council Chamber, Fourth Floor, Easthampstead House, Bracknell. View directions

Contact: Hannah Stevenson  01344 352308

No. Item


Declarations of Interest

Members are asked to declare any disclosable pecuniary or affected interests in respect of any matter to be considered at this meeting.


Any Member with a Disclosable Pecuniary Interest in a matter should withdraw from the meeting when the matter is under consideration and should notify the Democratic Services Officer in attendance that they are withdrawing as they have such an interest. If the Disclosable Pecuniary Interest is not entered on the register of Members interests the Monitoring Officer must be notified of the interest within 28 days.


Any Member with an affected Interest in a matter must disclose the interest to the meeting and must not participate in discussion of the matter or vote on the matter unless granted a dispensation by the Monitoring officer or by the Governance and Audit Committee.  There is no requirement to withdraw from the meeting when the interest is only an affected interest, but the Monitoring Officer should be notified of the interest, if not previously notified of it, within 28 days of the meeting.


There were no declarations of interest.


Minutes - 29 March 2017 and 24 May 2017 pdf icon PDF 230 KB

To approve as a correct record the minutes of the meetings of the Committee held on 29 March 2017 and Annual Council Meeting held on the 24 May 2017.

Additional documents:


RESOLVED that the minutes of the meeting of the Committee held on the 29 March 2017 and of the Annual Committee held on the 24 May 2017 be approved as a correct record and signed by the Chairman.


Urgent Items of Business

Any other items which, pursuant to Section 100B(4)(b) of the Local Government Act 1972, the Chairman decides are urgent.


There were no urgent items of business.


External Audit Update pdf icon PDF 106 KB

To  receive an update from the External Auditors on work undertaken to date  and to note the Audit fee 2017/18.

Additional documents:


Helen Thompson and Malcolm Haines, Ernst and Young, presented a report from the External Auditors, which set out the Annual Audit Fee for the  2017/18 Audit and a progress report on work undertaken since the last Committee meeting in March 2017.


Since the External Audit Plan had been presented to the Committee at the meeting on the 29 March 2017 the interim visit had taken place during March 2017 which had produced no issues to report to Members.


The year end audit visit had started the week commencing 26 June 2017, with the final report due to come to the Committee at the meeting on 26 July 2017. The visit would progress over the next few weeks, with any major issues found being  reported to the Borough Treasurer and the Chair.


The Grant Certification Work was underway, with the Council’s housing benefit team undertaking the initial testing. Completion of the work was expected by August 2017 which was significantly earlier than previous years and well ahead of the certificate deadline of 30 November 2017.


Since the report had been written the outcome of the PSAA Ltd tender had been decided with Ernst and Young winning lot 2, which Ernst and Young were content with.  The PSAA website set out the timetable, with auditors being provisionally allocated to councils at the end of July 2017 and consultations happening in August. The PSAA had set the principle that they would not change Councils and Auditors for change sake but any Local Authority preference would be taken into account especially where Local Authorities had shared service arrangements. The Council would know who would be their Auditors for 2018/19 by the end of 2017.


The Grant auditor would be appointed directly by the Local Authority. DWP had issued guidance to assist with the  process.


As a result of the Members’ questions and comments the following points were made:


  • The Council can appoint the PSAA Auditor to also undertake the Grant work and set a negotiated fee. The Council could also go out to appoint via tender process for the best price. However the Council would need assurances to be satisfied that the auditor would carry out the work within the set guidance and rules. There had been fairly detailed guidance issued for the procurement process.
  • The grant fee was prescribed through the PSAA.


The Annual Audit and Certification Fees 2017/18 letter had been sent to the Chief Executive in April 2017. This was the final year under contract and the work didn’t differ from the current year.


Next year the deadline for the Financial Statement would be 31 July 2018.  Bracknell Forest had set the same deadline of 31 July 2017 for this year’s Financial Statements, which was challenging.


The total Audit fee for  2017/18 remained the same as the past two years. The Housing Benefit fee was still to be confirmed as it was dependent on the amount of work involved.  It was thought that the fee would be the same as 2016/17  ...  view the full minutes text for item 4.


Internal Audit Annual Assurance pdf icon PDF 672 KB

To receive a report noting  the Head of Audit and Risk Management’s Annual Report setting out the Head of Internal Audit’s Opinion for 2016/17.



Sally Hendrick, Head of Audit and Risk Management presented the Internal Audit Annual Assurance Report 2016/17.


The report, a requirement for Internal Audit, set out the Head of Internal Audit’s Opinion for 2016/17, summarised the results and conclusions of Internal Audit’s work for 2016/17 and provided statement on compliance with the PSIAS which would support the Annual Governance Statement.

In forming its opinion Internal Audit were required to comment on the quality of the internal control environment. During 2016/17 there were no Audits where no assurance was given but 22 were issued with a limited assurances.

There had been eight addition audits since January with limited assurance opinions, these were:

  • College Town Junior
  • Procurement in Schools
  • Construction and Maintenance – 2 reports
  • Creditors
  • IT Equipment
  • LED
  • Bridgewell
  • Adult Social Care Debt Management.

An update was provided on behalf of the Chief Officer; Property in regards to the Construction and Maintenance Audits:

  • One priority one had been resolved so there were now only two priory 2 issues.
  • The quality checks had been addressed with 100% checked during July – March 2017.
  • Better information was being provided from the new contractor, who were also billing promptly and providing supporting documentation.
  • Additional meetings had been held with the Construction and Maintenance Team to ensure that the correct resources were in place and processes were correctly adhered to.

The Declaration of Interest Audit report was still in draft form as more officers needed to be involved in finalising the report, in particular the Chief Officer: HR.

The Chair raised concerns surrounding the Construction and Maintenance audits as they had failed three audits in a row. It was requested that the Chief Officer; Property attend the next Governance and Audit Committee to update the committee what was being done to address the issues.

As a result of the Members’ questions and comments, the following points were made:

  • Keir had been the provider since December 2015, they were more prompt with their billing and provided clearer information. The previous contactor, Grahams, had been slower to bill and generate invoices which caused a back log in quality checks.
  • A further Construction and Maintenance audit was not intended as all issues had been flagged and it was now up to management to address these issues. A clear action plan had been set to implement the recommendations.
  • The three areas of limited assurance in the Construction and Maintenance audit were all a variation on the same theme. These were not carrying out quality assurance checks, not checking rates and not checking the quality or completion of work.
  • Disaster recovery and Back Up Audits had been brought to the Committee for discussion  in January 2017. A follow up audit would take place in Quarter two 17/18 and the position would be fed back to the Committee.
  • It was requested that the Chief Officer; Property attend the next Governance and Audit Committee rather than the Director.
  • The Councils Systems had been robust enough to hold up against the recent cyber attacks  ...  view the full minutes text for item 5.


Fraud Prevention and Anti Bribery Policies pdf icon PDF 109 KB

To approve the Council’s Fraud Prevention and Anti Bribery Policies.

Additional documents:


The Committee received a report to approve the Council’s Fraud Prevention and Anti Bribery Policies.


The Council’s Anti Fraud and Corruption Policy was due for review having previously been reviewed and approved in 2014. External consultants were appointed to check whether this policy was still fit for purpose.


Whilst reviewing the Anti Fraud and Corruption Policy, the external consultants advised that the council should have an separate Anti Bribery policy in place, previously anti bribery was mentioned within the Anti Fraud and Corruption Policy.


Both policies could be found at appendix one and two of the Committee report.


Arising from the Members’ comments and questions, the following points were made:


·         There was currently online training for fraud and corruption for staff, this would be updated and linked to the new policy. In addition, new anti bribery training would be created online for staff training.

·         An email would be circulated to staff advising them of the new policies with a link to the policies on Boris.

·         Fraud prevention and Anti bribery would be included in all internal audits going forward.

·         The Code of Conduct was currently being reviewed by the Code of Conduct working Group, however the Borough Solicitor though that the Code of Conduct in its current from was sufficient enough in light of the new policies.

·         The Committee requested that both the new policies be sent out electronically to Members’ to make them aware of the new policies. It would also be mentioned in the Executive Members report at Full Council.


It was RESOLVED that the Committee:


1.    APPROVE the Fraud Prevention Policy at Appendix 1.


2.    APPROVE the Anti Bribery Policy at Appendix 2.


Risk Management Strategy pdf icon PDF 112 KB

To review and agree the updated Risk Management Strategy.

Additional documents:


The Committee received a report containing the updated Risk Management Strategy.


The Risk Management Strategy had previously been approved by the Governance and Audit Committee in June 2015 and had been updated to reflect the environment that the Council now operating in given the considerable changes in recent times and the significant financial pressures that the Council now faced.


The new strategy now clarified that CMT were responsible for arrangements to manage risk and that the risk register update was presented twice a year to the Governance and Audit Committee.


The following risk management priorities had been identified:


  1. To review the risk appetite for strategic risks.
  2. To continue with identifying the key potential fraud risks and mitigating controls across all directorates and asses adequacy of controls and residual risk.
  3. To review the Councils resilience in response to increasing cyber threats.


As a result of the Members’ comments and questions, the following points were made:


  • Risk appetite was standard risk management language and determined the level of risk that the Council was willing to accept.
  • Risk tolerance was how much risk the Council could cope with taking if it had to.
  • The risk matrix for the Commercial Property Investment Strategy was a good example of evidencing the Council’s risk appetite.
  • The Council’s Emergency Planning function was included in the Membership of the Strategic Risk Management Group, rather than an Officer as there was a review into future arrangements for emergency planning to be part of a shared service arrangement.


RESOLVED that the Committee review and agree the updated Risk Management Strategy at Appendix 1.



Strategic Risk Register pdf icon PDF 908 KB

To receive the update of the Strategic Risk Register.


 The Committee received a report which covered the update of the Strategic Risk Register in its proposed new format, which was still at an embryonic stage and included risk and risk appetite scores that were still subject to review.


The format of the Risk Register had not been updated for some time. Following the debate at Governance and Audit Committee in January 2017, the Head of Audit and Risk Management had undertaken research into different risk register formats and different ways of recording risks. CMT had approved the new approach which was still a work in process.


The new register consisted of a one page summary for each risk. It included risk ratings for unmitigated risk, current residual risk and the risk appetite and tracked all three of these ratings over a number of quarters in order to present the history and trends of the risk. The register also included a RAG status for each risk, an overview of the current actions being under taken and details of further mitigation of what more should be done in order to reduce the risk rating down to the risk appetite level.


As a result of Members’ comments and questions, the following points were made:


  • The format of the new risk register was a significant improvement from the old register and enhanced the displaying of the risk information. It was clearer and a helpful and much needed step forward.
  • Risk 2 was not yet a trend, nor yet a massive cause for concern as the rating had only increase for one quarter. The issue was that as there were so many complex transformation programmes ongoing at the same time there was a risk of disconnect across the programme, which needed to be managed by the Transformation Board.
  • Where the level of risk matched the risk appetite for two or more quarters consideration would be given to removing them from the Strategic Risk Register. The removal of the risk would be discussed with CMT and the Risk Management Group. The Head of Audit and Risk Management stated that careful consideration wouold be needed before removing some of the risks from the strategic risk register, such as they cyber risk, given the recent national cyber attacks.
  • Risk 12 was a difficult risk to manage as many of the factors were out of the control of the council, but there would be a significant, negative impact on the Council’s reputation if an incident were to occur. The risk would probably never reach the appetite level.
  • The OFSTED report would be released in a few weeks time and would help inform the rating and mitigations for risk 12. 
  • The risk which had been removed relating to the loss of key staff wasn’t just in relation to staff leaving the organisation or retiring. It was related to the loss of staff in key positions and at key levels and the way the organisation had to operate and keep moving forward often without replacing the staff. This was a  ...  view the full minutes text for item 8.


Annual Governance Statement pdf icon PDF 213 KB

To receive the Annual Governance Statement for 2016/17 and note the progress against the Action Plan agreed in June 2016

Additional documents:


The Committee received a report requesting approval of the Annual Governance Statement (AGS) 2016/17 and to update the Committee on progress against the Action Plan which had been agreed in June 2016.


The primary source of assurance for the AGS were the Compliance Assessments completed by:


  • The Assistant Chief Executive and each Director on compliance with internal controls and governance arrangements across their departments;
  • The Monitoring officer in respect of legal and regulatory functions;
  • The Borough Treasurer in respect of financial controls; and
  • The Borough Treasurer and Head of Audit and Risk Management in respect of risk management.


The Action Plan attached to last years AGS addressed identified a number of areas for improvement. In particular communicating with and raising staff awareness of information management policies, taking a proactive approach to counter fraud and the review of the Councils’ Standards Framework. Considerable progress had been made during 2016/17  on implementing those actions. Where those issues were ongoing they had again been included in the Action Plan for 2017/18.

There are to be changes to the Data Protection regime, with the Data Protection Act being replaced by the General Data Protection Regulation (“GDPR”) from May 2018. A gap analysis audit will take place to ensure that the council is compliant with the new regulation.

As a result of the Members’ comments and questions, the following points were made:

  • The current security classifications for emails exceeded the governments requirements and this would be realigned to government practice. This would remove bureaucracy and allow staff to be more efficient. The existing Information Security Framework already provided robust protection against potential security breaches though it cannot fully mitigate against human error.  The financial penalties set by the ICO for information security breaches will remain significant under the GDPR. .
  • The role out of the new email classifications was imminent and formed part of the approved IT framework.


  1. the draft Annual Governance Statement (“AGS”) shown as Appendix 1 to this report be APPROVED.
  2. the Action Plan shown at Appendix 3 to this report be APPROVED.