Agenda and minutes

Apologies for absence were received from Councillor Mrs S Rawlins.

There were no declarations of interest at this point in the meeting.

RESOLVED

That the minutes of the meeting held on 21 November 2016 be signed by the Chairman as a correct record.

(To receive a report from Lucy Pledge, Audit and Rick Manager, which provides the Audit Committee with an insight on the assurances across all the Council's critical services, key risks and projects)

Consideration was given to a report which provided the Audit Committee with an insight on the assurances across all the Council's critical services, key risks and projects.

The Chief Executive and the Executive Directors were in attendance to present their Combined Assurance report and answer any questions from members of the Committee.

Update from the Chief Executive

The Chief Executive gave the Committee an overview of risks for the Council and advised that the biggest concern was the financial pressures on local government, which were considerable, and most considerable in county council areas.  Lincolnshire was one of the 3 most disadvantaged authorities in terms of its financial settlement, as the authority receives so much less per head of population than other areas.  However, it was a credit to the authority that it managed to do what it did.  The authority continued to deliver strongly across all service areas and with many above average services.

The financial pressures would remain but the authority knew what the outlook would be for the next four years as it had accepted the government's four year deal.  Further service reductions would be required, as the financial situation would remain very difficult for the remainder of the decade.  The Council would continue to experience cost pressures such as demographic pressures and the back log in terms of road maintenance would continue to grow.

There were also concerns about the Council's lack of resilience, as the authority had little built in resilience, and was operating near its optimum level.  When there were unexpected pressures, there was not always the ready capacity to deal with them. 

It was also a worry that there were some difficult decisions which would have to be made.  It was a concern that the Council was being driven to look short term, as it needed to solve the immediate problems, rather than to focus on schemes/projects which would be of benefit in 10-20 years.

However, members were advised that there were solutions to the issues outlined.  The Council would prioritise the services it provided, and may need to make difficult decisions about scaling back some services, and would increasingly seek to work with partners in delivering services, as well as in sharing services.

Savings would also be made through the well-focused nature of the contracts that the council let.  There were currently hundreds of contracts in place with a package of measures, which would transfer the risk from the Council.  In the majority of cases this worked very well.

In terms of IT, the authority was behind the game.  Most of the operational problems had been resolved, but now there would be a need to speed up technology applications so the authority could use more efficient and modern systems.

A lot of what the Council did depended on how it worked with others, but other public sector organisations were struggling as well, most notably health partners.  It was acknowledged there were difficulties with relationships in health services, as the structures did not allow  ...  view the full minutes text for item 47.

(To receive a report from Simon Oliver, Chief Technology Officer, which provides the Committee with an insight into the assurance status for Information Management Technology)

Consideration was given to a report which provided the Committee with an insight into the assurance status for Information Management Technology.  There were well established assurance maps which helped to focus work plans on the risks which would affect the successful delivery of the services and strategic objectives. 

In relation to Information Management, these services were either rated green or trending to green.  Those that weren't were where the Council was relying on an outsourced provider for services.

Maturity assessments had been undertaken, and IT services had been reviewed from a customer perspective and from an internal point of view.  These assessments demonstrated that the IT Service Provider was not fulfilling the contractual commitments in many areas.

There was a requirement for IT to deliver a different way of working, and it was currently unable to get those initiatives delivered in a timely manner.  The solutions which were being presented fell short of what was needed to bring the services to adequate levels, regardless of the levels committed to within the contract. 

In terms of service delivery, there were a number of initiatives which should prevent outages, which impact day to day service delivery.  The IT Service Provider was operating a reactive rather than pro-active service, which was against the standard industry methodologies which were contracted for. 

One of the strategic risks was the risk of cyber attacks.  This was also an ongoing national risk.  There were thousands of attempted malware attacks every day, and there was a need to ensure that the authority had the right skills available to identify and manage this risk, and had systems in place to minimise the risk.  It had been difficult for the Council to gain proposals for key technology solutions to mitigate the risks, as identified before and after two malware outages.

Members were provided with the opportunity to ask questions to the officers present in relation to the information contained within the report and some of the points raised during discussion included the following:

·         There was a need for the Audit Committee to have sight of the high level action plan which was in place to bring this risk under control.

·         It was noted that the authority was struggling to get a level of commitment from Serco to address the issues.

·         There was a need for the Executive to work to ensure that key members of IMT team staff were retained.  It was noted that workloads were excessive and there was a lack of capacity within the team due to the need to manage the IT Service Provider to ensure service levels did not worsen.

·         It was reported that there had been assurance from Serco that they would appoint an IT director.

·         One member commented that they sat on the Recovery Group, which did see the programmes and timescales for addressing the issues.  However, it was noted that the information presented to the Recovery Group had not been qualified by the IMT service.

·         It was reported that the authority had  ...  view the full minutes text for item 48.

(To receive a report by Rachel Abbott, Audit Team Leader, which provides an update on internal audit work undertaken in the period 12 September 2016 to 12 January 2017)

Consideration was given to a report which provided an update on internal audit work undertaken in the period 12 September 2016 to 12 February 2017.  It was reported that 15 final reports had been issued, as well as 3 reported to schools.  7 audits were at draft stage, and there were many others in progress.

It was reported that there were 5 reports with high or substantial assurance, and five with limited or low assurance.

Members were provided with the opportunity to ask questions to the officers present in relation to the information contained within the report and some of the points raised during discussion included the following:

·         It was commented that it seemed disappointing that only 65% of recommendations had been implemented.  Members were advised that in the majority of cases, there would be a closure meeting which would finalise timescales for the implementation of actions.  It was noted that the majority of outstanding recommendations related to two pieces of work on payroll and pensions, and the initial timescales may have been ambitious.  However, officers were keeping a close eye on how they were progressing.

·         It was queried what incentives were available to encourage service areas to ensure actions were implemented.  Members were advised that this was more about the time scales to fully implement changes, and many of the actions were partially completed. 

·         It was noted that some actions were dependent on the implementation of other initiatives.

·         Pressure would be kept on the service areas with outstanding actions through the tracking process.

RESOLVED

            That the Committee note the outcomes of the Internal Audit work.

(To receive a report from KPMG, the County Council's External Auditors, giving an update on the 2016/17 Audit deliverables)

Consideration was given to a report from KPMG, the County Council's External Auditors, which gave an update on the 2016/17 Audit deliverables.

Members were guided through the External Audit Progress Report and Technical Update and provided with the opportunity to ask questions to the officers present in relation to the information contained within the report and some of the points raised during discussion included the following;

·         Planning work for the 2016/17 audit had commenced and it was queried whether it was expected that there would be extra work required for this year's audit.  It was confirmed that this was likely, however, it was expected to be less than was required last year.

·         It was noted that the external auditors attended a meeting of the Pensions Board as they were asked to do so, and if they were asked to attend Pensions Committee they would attend.

·         Reference was made to organised crime and it was noted that KPMG would be meeting with the Police, and work was also ongoing with Trading Standards.

RESOLVED

            That the Committee receive the progress report.

(To receive a report from Debbie Bowring, Principal Risk an Assurance Manager, which provides an update on how well the Council's biggest risks are being managed)

Consideration was given to a report which would assist the Committee in its role to gain assurance that the Council was effectively managing its key risks and had good risk management systems and processes in place that enabled decision makers to understand the level of risk being taken that the Council was prepared to accept.  The report also provided an update on how well the Council's biggest risks were being manged as well as reporting on the progress made in assisting the Council to adapt and change the way it 'thinks' about risk.  It was reported that overall, the Council's strategic risks continued to be managed well.

In relation to projects, members were advised that they had not been given a level of assurance as a piece of work was being undertaken with the relevant programme/project leads to establish how risk management was applied and to ensure that the risks had been identified.

RESOLVED

That the Committee note the current status of the strategic risks facing the Council.

(To receive a report from Lucy Pledge, Audit and Risk Manager, which provides the Committee with information on the core assurance activities currently scheduled for the 2016/17 work plan)

Consideration was given to a report which provided the Committee with information on the core assurance activities currently scheduled for the 2016/17 work plan.

It was noted that further items to be added to the work plan included the Strategic Risk Register and an IMT action plan.  It was requested that the action plan be brought to the next meeting of the Committee in March.

Members were advised that the training on risk management had been delayed until the new Committee was in place after the election.  It was noted that there would be a traditional induction session as part of the Councillor Induction Programme, but there would also be some additional risk management training.

RESOLVED

            That the above changes to the work plan be noted.

(To receive a copy of the Data Protection Audit by the Information Commissioners Office, for information only)

Received for information.

(To receive a copy of the Annual Audit Letter by KPMG, the Council's External Auditors, for information only)

Received for information.