Meeting documents

To approve, and sign as a correct record, the Minutes of the meeting of the Committee held on 15 November 2017 (Item 2)

RESOLVED –

That the Minutes of the meeting of the Overview and Audit Committee held on 15 November 2017, be approved and signed by the Chairman as a correct record.

To appoint a Vice Chairman for 2017/18

It was moved and seconded that Councillor Cranmer be appointed as Vice Chairman of the Committee for 2017/18. There being no other nominations it was:

RESOLVED –

That Councillor Cranmer be appointed as Vice Chairman of the Committee for 2017/18.

To note that there has been no covert surveillance conducted by officers since the last meeting of the Committee.

RESOLVED –

To note that there had been no covert surveillance conducted by officers since the last meeting of the Committee.

To consider Item 7

The Head of Service Development advised Members that the Service had commissioned Operational Assurance Limited (OAL) to undertake an independent and in depth examination of the Authority’s operational delivery and internal operational assurance processes. This was undertaken in October 2016. After receiving OAL’s positive and constructive report, an action plan was put in place to address the thirty recommendations made. OAL were invited to return to carry out a ‘Check Point Review’ to assess the progress the Authority had made against their recommendations.

This report was provided by the Assurance Team from the Joint Emergency Services Interoperability Programme (JESIP). The team visited the service in June 2017 and undertook a review of how we had implemented and developed joint interoperability with the other two blue light services.

(Councillor Teesdale joined the meeting)

David Cartwright, Chairman of Operational Assurance Limited (OAL) introduced himself and the company and Garry Jones Lead Auditor, gave Members a brief overview of the report.

Garry Jones advised Members that in October 2016 the initial team had come in, and an in depth review was undertaken of the arrangements for providing operational assurance. The review considered the application of a newly developed operational assurance model and examined two core areas: incident command and operational training. As an outcome of that review, 30 recommendations were identified of which 26 were agreed with officers. In November 2017 OAL returned to review the progress that had been made in the implementation of those recommendations. OAL’s conclusion from the Checkpoint Review was extremely positive. It had been identified that an impressive array of work had been undertaken by the service and virtually all the recommendations had been subject to significant progression.  In particular, the three key areas that had been identified as being priority recommendations had received substantial attention.

A Member asked if OAL had examined collaborative cross border working and was advised that this was not a specific part of the review, but while OAL were here they attended a cross border incident which was attended by supporting services and the interaction between the officers was observed.

The Head of Service Delivery advised Members that the review focussed on the governance of operational assurance and an Operational Assurance Group was set up within the service and following on from the work done by OAL, monitoring officers attend incidents and monitor performance, especially if there were crews from other services attending.

A Member asked if the Authority’s inspection was not until Spring/Summer 2019, how the service would maintain momentum and was advised that the Operational Assurance Group had been set up along with an operational assurance plan. This was a dynamic live document where completed activities would be removed and archived and new activities introduced. The Authority was also in the process of procuring a service that would deliver a three year plan of external independent scrutiny of operations to ensure operational excellence, not just for inspection, but for the long term.

A Member asked if OAL’s reports on other fire  ...  view the full minutes text for item 7.

To consider Item 8a

The Internal Audit Manager advised Members that this report set out the proposed Internal Audit Strategy and the proposed Internal Audit Plan for 2018/19 for approval. There were no material changes from the strategy of previous years, however, there remained some flexibility through a provision of contingency days. A new Audit Manager, Selina Harlock, would be introduced for 2018/19, who would be overseeing the day to day delivery of the plan and would be attending future meetings of the Committee. In order to underpin the Annual Audit Opinion a risk based methodology would be applied to all audit assignments, providing assurance that key controls were well designed and operating effectively to mitigate principal risk exposures. As in previous years, the majority of the days would be used on Core Financial Controls. The first audit to be carried out in Quarter 1 was the Information Security audit.

RESOLVED –

That the Internal Audit Strategy and Annual Internal Audit Plan be approved.

To consider Item 8b

The Internal Audit Manager advised that the purpose of this report was to update Members on the findings of the finalised Internal Audit reports issued since the last meeting. The 2017/18 Property Management Audit had now been finalised. The single recommendation had been agreed with the Property Manager and Director of Finance and Assets, and a suitable deadline date for implementation had been identified. The audit had been given a substantial level of assurance.

RESOLVED –

That the recommendations raised in the finalised Internal Audit reports be noted.

To consider Item 8c

The Internal Audit Manager advised that the purpose of this report was to update Members on the progress of the annual Internal Audit Plan since the last meeting. Work had progressed according to the 2017/18 plan, and regular discussions had been held with the Director of Finance and Assets to monitor progress. The draft report for the audit of Corporate Governance had been issued for management comments and the fieldwork for the Core Financials audit had been completed with the draft report due for issue before the end of the financial year.

RESOLVED –

That the progress on the Annual Internal Audit Plan be noted.

To consider Item 8d

The Internal Audit Manager advised that the purpose of this report was to update Members on the implementation of audit recommendations made as at 5 February 2018. 23 out of 25 (92%) actions had been implemented, 2 out of 25 (8%) had not been implemented and the due date revised. There were no outstanding recommendations to bring to the attention of Members at this time.

A Member asked if the new e-recruitment system would be in place for 1 April 2018 and was advised that yes it was currently being trialled for firefighter apprenticeships.

A Member asked what was the Tranman System and was advised that it was used by Workshops to track jobs i.e. vehicles for servicing and stock control.

RESOLVED –

That the progress on implementation of recommendations be noted.

To consider Item 9

The External Auditor advised Members that the report sets out the plan of activity for the Authority’s external auditors, Ernst & Young, for their work in relation to the financial year 2017/18. The Accounts and Audit Regulations 2015 introduced a significant change in statutory deadlines for the 2017/18 financial year. The timetable for the preparation and approval of accounts had been brought forward with draft accounts needing to be prepared by 31 May and the publication of accounts by 31 July. This provided a risk for both the Authority and Ernst & Young as although early close down had been piloted successfully with the Authority, the workload for Ernst & Young would increase as it was now a statutory requirement for all public bodies. There was a very good relationship built up over the last few years which should mitigate this risk.

The External Auditor advised that there were two fraud risks they would like to bring to the attention of Members, the risk of fraud in revenue and expenditure recognition and the risk of management override. These were not just risks in this Authority but all Authorities. There were two inherent risks, valuation of land and buildings and pension liability valuation.

RESOLVED –

That the plan set out in Annex A be noted.

To consider Item 10

The Deputy Director of Finance and Assets presented the report and informed the Committee that investments made had been preforming well. The accrued interest earned from April to December 2017/18 was £126k which was £51k higher than budgeted for the first three quarters of the year. A new strategy was approved at the Fire Authority meeting in February and the income target would be increased to £150k for 2018/19.

RESOLVED –

That the Treasury Management Performance 2017/18 – Quarter 3 report be noted.

To consider Item 11

The Corporate Planning Manager advised Members that the report provided an update on the current status of identified corporate risks. Risk registers were maintained at project, departmental and directorate levels. Corporate risks were those that had been escalated from these levels for scrutiny by the Strategic Management Board because of their magnitude, proximity or because of the treatments and controls require significant development.

Since Members last reviewed the Corporate Risk Register at the Overview and Audit Committee meeting on 15 November 2017, it had been regularly reviewed by the Performance Management Board (PMB), most recently at its 1 February 2018 meeting. Although PMB identified no items for escalation to the Corporate Risk Register it recommended that the following risks be maintained at their existing levels:

• Staff Availability – ongoing recruitment activity targeted at operational staff by neighbouring fire and rescue services, in particular London Fire Brigade, posed a significant staff retention challenge;

• Funding and savings – although a balanced budget for 2018/19 had been set the outcomes of national firefighter pay negotiations were still unknown and present a significant risk to the budgetary position;

• Paging Service – to be maintained at amber RAG status until the new application had gone live following successful user acceptance testing and the Code of Connectivity issue detailed in the Risk Register at Annex C resolved;

• Information Security failure – the threat from malware was high and likely to remain so.

RESOLVED –

1.            That the status report on identified corporate risk at Annex C be reviewed and approved.

2.            That comments to officers for consideration and attention in future updates/reports be provided.

To consider Item 12

The Lead Member for Health and Safety and Corporate Risk advised Members that this was something that was affecting all organisations across Europe and also other countries that trade with them. Changes in data protection legislation reflected the technological changes since the Data Protection Act 1998 was introduced and were intended to complement people’s rights to privacy.  In the UK the GDPR comes into effect on 25 May 2018 and as you would see from the report the Authority was well on the way to developing a watertight system.

The information Governance and Compliance Manager advised Members that the purpose of the report was to advise them on the progress being made to ensure that the requirements of the GDPR were being met. The Information Commissioner’s Office (ICO) provided guidance for Data Protection Officers (DPOs) and others with day-to-day responsibility for data protection, to support the development processes and procedures in readiness for the 25 May 2018. Core to this guidance was the ICO’s ‘Preparing for the GDPR: 12 steps to take now’ which Members could see at Appendix A.

A Member asked how this would be monitored in the future and was advised that it wasn’t clear at present but that the Information Commissioner had asked for extra staff and so may conduct audits in the future.

A Member asked if there would be a role for Internal Audit to look at GDPR and whether they had any scope to look at it in the year ahead and was advised that a discussion had taken place around it as they were undertaking an Information Security Audit, so they could monitor the implementation and provide some independent assurance of how the Authority was progressing and there were some contingency days that could be used.

A Member asked who the formal Data Protection Officer was and was advised that it was the Information Governance and Compliance Manager.

RESOLVED –

That the report be noted.

To consider Item 13

The Information Governance and Compliance Manager advised Members that the purpose of the report was to advise of complaints made and, following investigation, any that were upheld. It included details of the corrective action taken to reduce or remove the problem and improve public perception of the services the Authority provided. It also served to note public satisfaction and, where new good practice was identified, to improve standard operating procedures.

The Information Governance and Compliance Manager advised that as the numbers of compliments and complaints were relatively low, data from the annual satisfaction survey ‘After the Incident’ was included to capture the perceptions of those experiencing an incident in the home or non-domestic premises with 316 non-domestic and 377 domestic premises surveys being completed. Of the 14 complaints received, only 4 were upheld. There were no significant issues and everything was investigated thoroughly.

A Member asked if there was a recording system for incidents that had impeded the fire service, accessing a property for example, and was advised that if there were issues with a property, it was recorded and followed up by the Protection teams as part of its work around the Fire Safety Order. Local issues were recorded at Station level. Reported frustrations or incidents that fire crews had come across were captured on the incident reporting system; the other issue was reports by local residents concerned about parking and appliances not getting access. The Head of Service Delivery agreed to look at what data was held on both elements for a potential item at a future Committee.

RESOLVED –

That the report be noted.

To consider Item 14

The Head of Service Development advised Members that the IT Disaster Recovery project remained on track and on budget. At the time of completing this report the current activities were underway, preparation of Azure for the servers; testing of the bandwidth available across the link; changes to the firewalls to allow access to Azure from all stations and upgrading the operating system on some servers to support the solution.

RESOLVED –

That the report be noted.

To consider Item 15

The BASI Project Manager presented the report and informed the Committee that since the last meeting the Resource Management System had been awarded to FireServiceRota. The first part of the Premises Risk Management Prevention Module was now in the build phase. Building and testing of the new Learning & Development and Performance Management Processes continued to be worked on and a trial would be starting in April in line with the appraisal process, for it to be rolled out the following year.

The BASI Project Manager advised Members that the Authority won the ‘new customer project of the year’ award at the Midlands HR Conference. This was good evidence of team work that went on throughout the organisation to get the system up and running and live.

The BASI Project Manager advised Members that a review of the overall plan had been completed and this had led to a slight extension to the overall timescales. The good news was that it had not changed the costs and it would not impact on quality. The project management audit actions were now complete.

A Member asked whether in future more up-to-date highlight reports could be included in the appendices.

Members expressed their congratulations for the award received.

RESOLVED –

That the report be noted.

To consider Item 16

The Deputy Director of Finance and Assets advised Members that these instructions were part of the financial control framework, which exists to ensure that proper application and control of public money and to safeguard the officers involved in financial processes. Changes had been made by the Chief Finance Officer to reflect the revised processes introduced as a result of moving to the new Finance, HR and Payroll Systems as well as changes to the Financial Regulations approved by the Fire Authority in October 2017.

RESOLVED –

That the updated Financial Instructions be noted.

THE CHAIRMAN CLOSED THE MEETING AT 11.45AM