Meeting documents

To approve, and sign as a correct record, the Minutes of the meeting of the Committee held on 24 September 2014.

RESOLVED –

That the Minutes of the meeting of the Overview and Audit Committee held on 24 September 2014, be approved and signed by the Chairman as a correct record.

To consider Item 5

The Corporate Planning Manager introduced the report and advised members that there had been some changes to the risk register since it was last reviewed by the Overview and Audit Committee on 24 September 2014. There had been one risk removed and a new risk added.

The fit for purpose restructure/organisation change programme had been removed, but would be monitored at directorate level within the People and Organisational Development Risk Register.

There was also the addition of an emerging risk to control room continuity of service following the delay to the Thames Valley Control implementation. This risk was still under evaluation and pending scoring.

The scoring in relation to staff availability had not changed, but had been left at a probability of 5 (extremely likely) and impact of 3, in light of the on-going industrial action by the Fire Brigade’s Union (FBU) in relation to the pension dispute. A new period of 24 hour strike action had been called for the 9 December from 9am.

At the last meeting members had discussed recent cyber-attacks and the Corporate Planning Manager advised there had been a recent attack on Shropshire and Wrekin’s Fire Authority’s website.

The Information Governance and Compliance Manager asked members to note the scoring on the risk register had not changed as new risks emerged. Up until this year fire and rescue services had not been targeted in domestic attacks as nationally they were held in high regard, but internationally fire and rescue services were looked on as a government agency and could be vulnerable to attack.

In response to an attack on Shropshire and Wrekin’s Fire Authority’s website a risk assessment of the security of the Authority’s website was undertaken. The Authority’s website was hosted externally and the providers were confident their systems would repel any attack. However, as any sufficiently determined attack was likely to be successful, the Authority’s systems were continuously monitored to ensure that in the event of an attack, they could be restored speedily.

In answer to a question regarding how negligent the Authority would have to be to incur a potential fine of up to £500k per breach from the Information Commissioner’s Office, members were advised it would mean being aware of a potential risk to people’s personal data and taking inadequate measures to protect it.

In answer to a question asking when the Thames Valley Control project would be included on the risk register, it was advised that it would be very soon once an evaluation had been completed.

The Chief Operating Officer advised that the Thames Valley Fire Control project had been delayed due to issues with BT Openreach cabling. Councillors Dransfield and Reed would be attending a meeting on 18 December to find out further information on the delay.

In answer to a question asking whether the delay was costing the Authority money, it was advised that it was, and a report would be going to the Fire Authority meeting on 17 December 2014.

Resolved –

That the status report  ...  view the full minutes text for item 5.

To consider Item 6(a)

The Internal Auditor advised members that the purpose of the report was to update members on the progress of the internal audit annual plan; work was progressing on the 2014/15 plan with one audit at final report stage and one at draft report stage.  Follow ups had been completed and would be reported separately.

Work had started on the remaining Q3 audits, which in agreement with the Senior Management Team would commence in December 2014. Planning was also underway for the Core Financials audit and ICT Strategy audit which would start in January.

RESOLVED –

That the progress on the Annual Internal Audit Plan be noted.

To consider Item 6(b)

The Internal Audit Manager advised members that this was the final report for the risk management audit completed recently. It was the first time risk management had been looked at separately, as previously it had been included in the Corporate Governance audit.

It had been given a ‘substantial’ level of assurance, with good robust processes in place and clear processes for escalation of risk. Members of this Committee discuss the corporate risk register on a regular basis, but this audit looked at the processes below the corporate risk register.

There were three medium priority recommendations, two of which had already been implemented and the third was due to be implemented by March 2015.

RESOLVED –

That the recommendations within the report be noted.

To consider Item 6(c)

The Internal Audit Manager stated the purpose of the report was to update members on the progress of the implementation of audit recommendations made as at 17 November 2014.

The Committee noted that out of the 26 recommendations arising from the various audit reports, 21 had been fully implemented and 5 were on track but not yet due to be implemented. There were no outstanding recommendations at this time.

Members were advised that the ICT Strategy report had been brought to the previous meeting, there had been eight recommendations that needed to be followed up, these had all been actioned, which was very positive.

In answer to a question regarding there being no movement on the implementation of recommendations arising from the audit of treasury management, the Internal Auditor explained that the date had been extended to allow for a rewrite of the Financial Instructions.

RESOLVED –

That the progress on the implementation of recommendations be noted.

To consider Item 7

The Director of Finance and Assets advised that the purpose of the Annual Audit Letter was to communicate to members and external stakeholders, including members of the public, the key issues arising from the audit, which the auditors consider should be brought to their attention.

The Director of Finance and Assets advised members that this would normally be the conclusion of the audit, but with some outstanding items still on going the certificate of closure had not yet been issued.

The Director of Finance and Assets advised members that there was nothing new in this report; it was just a summary of all the events over the course of the year and sets out in the executive summary the progress of the audit process.

The Director of Finance and Assets informed members that as work was still progressing and the audit completion certificate had yet to be issued (due to the Audit Director’s concerns in relation to provision for payment to DCLG of injury compensation), there was not a final audit fee, but when it was concluded the Authority would be negotiating to ensure the fee was reasonable.

Members were informed that officers had written to civil servants at DCLG requesting them to assert the basis on which the DCLG was legally entitled to claim reimbursement; this had been followed by a letter to the Fire Minister in November. Until a decision had been made by the DCLG there was no legal basis to pay money.

A question was asked as to what would happen if this issue carried on into the following year, the Director of Finance and Assets felt that the provision would remain and the Auditor would take a view as to whether to close the 2013/2014 accounts and leave the 2014/2015 years open.

The Chairman felt there was potentially a reputational risk to the Authority if the accounts were not closed.

The Director of Finance and Assets advised members that there was a meeting on the 19 December for all fire and rescue services affected to get together and discuss the matter.

A member asked that it be noted that he felt the auditor should issue the completion certificate, if not by the December meeting, by the February one.

The members expressed their disappointment that the Audit Director had not attended the meeting and requested that the reason for his absence be ascertained.

RESOLVED –

That the Annual Audit Letter be noted.

To note that the next meeting of the Committee will be held on Wednesday 11 March 2014 at 10.00am.

The Committee noted that the next meeting of the Committee would take place on Wednesday 11 March 2015 at 10.00am.

THE CHAIRMAN CLOSED THE MEETING AT 10.45 AM