Agenda and minutes

An apology for absence was received from Councillor T Swift.

There were no pecuniary interests declared by members at the meeting.

There were no items on the agenda requiring exclusion of the press and public.

Resolved:  That the minutes of the meeting held on 30 July 2018 be approved.

The Committee considered a report which presented the annual audit letter to the Committee.

A copy of the annual audit letter for 2017/18 which had been produced by the external auditors, Mazars, was attached at Appendix 1. The letter provided an executive summary of the outcome of the work programme and confirmed the conclusion of the audit and the fee for the year being unchanged. 

Members discussed the three control recommendations highlighted in Section 2 and it was noted that the recommendation in respect of a leavers procedure for IT users which was due for completion by 31 October 2018 had been actioned.

The Committee queried the timescale for one of the recommendations in Mazars’ report regarding ICT accounts and administrative privileges. It was reported that the Combined Authority had committed to implement the changes by May 2019 but officers would check whether the changes could be accelerated.  The Committee would be advised if this was not possible.

The Director of Resources advised the Committee that since the publication of the papers Public Sector Audit Appointment (PSAA) had issued for consultation the proposed audit scale fees for 2019/20. The fees are unchanged from those applicable for 2018/19. Mazars confirmed that their audit would continue to meet the required professional standards at the proposed fee level.

Resolved: 

(i)            That the annual audit letter for 2017/18 be noted.

(ii)          That the proposed audit fee for 2019/20 be noted.

The Committee considered a report which provided an update on progress made in implementing the preferred option for the provision of Internal Audit services.

It was reported that a business case has now been completed and role profiles developed for posts within the new structure. The posts will be evaluated and graded and a report taken to the Senior Leadership Team for approval of the new structure and commencement of the management of change process.

The Committee also discussed possible apprenticeship and secondment opportunities to the team.  Members were advised that this was included as part of the business case which would be circulated to the Committee together with the role profiles for the posts.

It was anticipated that the new delivery model will be operational before the commencement of the 2019/20 Audit Plan and a progress report will be brought to the next meeting of the Committee.

Resolved:  That the report be noted.

The Committee considered a report which set out the terms of reference for the external review of Internal Audit.

Such an external review is required every four years in accordance with the Public Sector Internal Audit Standards.

Members discussed the terms of reference and noted the phases for assessment which were detailed in the submitted report. It was noted that quotes have been sought for the work and the cost can be met within the current budgets.

Resolved:  That the terms of reference for the external review of Internal Audit be approved.

The Committee considered a report which presented proposals for the introduction of new assurance opinion and recommendation ratings for Internal Audit reports.

It was noted that the current assurance opinions used by the Internal Audit team have been used for several years and require a refresh.  The proposed revised audit opinions consider the level of assurance which can be provided and a copy was attached at Appendix 1 to the submitted report. A copy of the guidance in respect of recommendation ratings was attached at Appendix 2. 

It is proposed that the revised opinion and recommendation ratings guidance be introduced for audit reports completed in the remainder of 2018/19.  Reporting of audits which result in a limited or minimal opinion will continue to be provided to the Committee on a quarterly basis. Members were advised that the new officer Regulatory and Compliance Board (RCB) would meet in November 2018 and the Internal Auditor would be an attendee at the meetings. The RCB would ensure that risks were being addressed and regular updates would be provided to the Governance and Audit Committee and also the Overview and Scrutiny Committee. 

Resolved:  That the proposals to develop the audit opinion categories, priority ratings and supporting guidance be approved.

The Committee considered a report on the work undertaken by the Internal Audit section.

Members noted the activities undertaken by the Internal Audit section in the period 1 April 2018 to 31 October 2018 and of progress made in delivering the 2018/19 audit plan.  A summary of the work undertaken was attached at Appendix 1 to the submitted report. 

The Committee discussed the presentation of the dashboard and the need for this to be linked to the strategic risk appetite and corporate risks statement. It was also suggested that it would be useful if the audit progress summary could display overall total risk.

The Committee discussed the outstanding audit recommendations which were provided in Appendix 2. It was noted that the Committee would be advised if any of the recommendations take longer than 3 months to implement. 

Resolved:  That the report be noted.

The Committee considered a report which set out any changes to the arrangements for internal control in the West Yorkshire Combined Authority and provided information on the current financial position.

It was reported that there had been no significant changes to internal controls in the period and monthly reconciliations were up to date. 

Members noted the progress made in enhancing the internal governance arrangements for risk management and compliance with decision making.  They were advised of changes planned to the governance arrangements for the LEP following the publication of the Government’s ‘Strengthening Local Enterprise Partnerships’ document in July 2018.  The Assurance Framework will be revised and details of the amendments will be brought to the next meeting.

The Committee also noted the requirement by government to make changes in respect of treasury management policies and strategies detailed in the submitted report and an update would be provided at a future meeting. It was suggested that officers from the Treasury Management team at Leeds City Council also be invited to attend a future meeting.

There had been no further reportable (RIDDOR) accidents since the last meeting and the total for the year was two.

In respect of financial monitoring, a summary of the current spend to budget as at August 2018 was attached at Appendix 1. This included a RAG rating to identify budgets that need further review and it was noted that there were no ‘red’ areas of concern to report.  The draft budget 2019/20 would be considered by the Combined Authority in December 2018.

Resolved:  That the report be noted.

The Committee considered a report which provided an update on corporate risk management issues and on actions related to data protection.

It was reported that each Directorate has undertaken a detailed review of their risk registers and the corporate risk register for the organisation has been updated.  A summary of the updated corporate risk register was attached at Appendix 1 and included a summary of the actions being taken to manage each risk.

The Committee considered a proposal to update the Risk Appetite Statement to show the level of financial risk appetite moving from level 3 down to level 2.  This was as a result of the directorate level risk reviews and Members discussed the current assessment of risk appetite which was outlined in the submitted report. It was agreed that Members of the Combined Authority will participate in a further workshop on risk management and the risk register summary to ensure it is robust and also meets with local authorities’ objectives. 

It was noted that the Regulatory and Compliance Board will cover all areas of regulation and will escalate issues including those relating to data protection/GDPR as appropriate. The Committee asked that regular updates from the Regulatory and Compliance Board and Overview and Scrutiny Committee are provided into the Committee to ensure key issues are flagged and aligned to the audit work programme to minimise duplication and ensure a coherent plan of work across key control areas.

In respect of GDPR, it was reported that significant progress had been made implementing and embedding GDPR throughout the organisation and Members noted the key actions that had been taken. It was also reported that a specialist Records Management Officer had been appointed to implement a records management strategy which would address the records management risks. The Combined Authority’s compliance with GDPR will be monitored via a programme of internal audit over the next 7 months.

Resolved:  That the report be noted.