Meeting documents
Venue: Fire Brigade HQ, Stocklake, Aylesbury
Contact: Katie Nellist
No. | Item |
---|---|
To approve, and sign as a correct record, the Minutes of the meeting of the Committee held on 14 November 2018 (Item 2) Minutes: Subject to the following amendment to the Minutes of the meeting held on 14 November 2018:
Councillor Irwin be removed as present.
RESOLVED –
That the Minutes of the meeting of the Overview and Audit Committee held on 14 November 2018, be approved and signed by the Chairman as a correct record. |
|
RIPA Policy (Minute OA39 - 090316) To note that there has been no covert surveillance conducted by officers since the last meeting of the Committee. Minutes: RESOLVED –
To note that there had been no covert surveillance conducted by officers since the last meeting of the Committee. |
|
Internal Audit Reports |
|
To consider Item 6a Additional documents: Minutes: The Audit Manager advised that the purpose of this paper was to update Members on the findings of the finalised Internal Audit reports issued since the last meeting. There was one report the 2018/19 Information Security Audit that had been finalised. Two recommendations had been agreed with the Information Governance and Compliance Manager, and a suitable deadline date for implementation had been identified. Internal Audit would monitor implementation of the recommendations as they fall due.
RESOLVED –
That the recommendations raised in the finalised Internal Audit Report be noted. |
|
Update on Progress of Audit Recommendations PDF 114 KB To consider Item 6b Additional documents: Minutes: The Audit Manager advised that the purpose of this paper was to update Members on the progress of the implementation of audit recommendations made as at 1 February 2019. There were 21 audit recommendations to report on, 15 had been implemented, three were on track but not yet due, and three were not implemented and the due date revised. There were no outstanding recommendations to be brought to the attention of Members at this time. Internal Audit continued to actively monitor implementation of all outstanding recommendations throughout the year.
RESOLVED –
That the progress on implementation of recommendations be noted. |
|
Update on Progress of the Annual Audit Plan 2018/19 PDF 115 KB To consider Item 6c Additional documents: Minutes: The Audit Manager advised that the purpose of this paper was to update Members on the progress of the annual Internal Audit Plan since the last meeting. Work was progressing according to the 2018/19 plan and regular discussions had been held with the Director of Finance and Assets to monitor progress. The audit of Information Security had now been completed and issued as a final report. The draft report for the Project Management Audit of the Blue Light Hub had been issued for management comments. The Performance Management Audit had been deferred to 2019/20 to avoid impeding on the HMICFRS inspection, and was replaced with the Stores Audit as agreed with the Director of Finance and Assets. The field work for the Stores audit was in progress and the Core Financial Controls audit fieldwork had been completed with the draft report due for issue before the end of the financial year.
A Member asked if all 100 audit days would be used and was advised that no, included in the 100 audit days, were 10 contingency days, that had not needed to be used.
RESOLVED –
That the progress on the Annual Internal Audit Plan be noted. |
|
Draft Internal Audit Strategy and Annual Internal Audit Plan 2019/20 PDF 114 KB To consider Item 6d Additional documents: Minutes: The Audit Manager advised Members that this paper set out the Internal Audit Strategy and the proposed Internal Audit Plan for 2019/20. There were no material changes from the strategy of previous years, however, there remained some flexibility through a small provision of contingency days to enable the Director of Finance and Assets to work with Internal Audit to direct work to the most appropriate areas.
The Audit Manager advised Members that the Internal Audit Service was provided as part of a service level agreement with Buckinghamshire County Council. The Council’s Internal Audit Service was delivered in partnership with the London Audit Framework, hosted by the London Borough of Croydon. This partnership arrangement included an element of a ‘call off contract’ should it be necessary to outsource specific technical audits such as ICT or complex contracts.
The Audit Manager advised Members that a risk based methodology would be applied to audit assignments, providing assurance that key controls were well designed and operating effectively to mitigate principal risk exposures. Terms of reference would be prepared for each audit assignment, in consultation with the relevant manager, to ensure that key risks within the audited area were identified.
A Member asked who would be undertaking the Cyber Security audit and was advised that an outside auditor from Mazars IT Auditors would be used.
A Member asked if the Strategy needed to be brought to the Committee annually and was advised that as it was a three year strategy, only updates/amendments needed to be brought to the Committee annually and this was agreed by Members.
RESOLVED –
That the Internal Audit Strategy and Annual Internal Audit Plan be approved. |
|
Ernst & Young Audit Plan 2018/19 PDF 92 KB To consider Item 7 Additional documents: Minutes: The External Auditor highlighted to Members the dashboard on page 65 which summarised the significant accounting and auditing matters outlined in the report. This provided the Committee with an overview of Ernst & Young’s initial risk identification for the upcoming audit and any changes in risks identified in the current year. The changes were highlighted as follows:
The External Auditor advised Members that with regard to materiality, Ernst & Young would report all uncorrected misstatements relating to the primary statements (comprehensive income and expenditure statement, balance sheet, movement in reserves statement and cash flow statement) greater than £33k. Other misstatements identified would be communicated to the extent that they merit the attention of the Committee. With regard to materiality of the Firefighter’s Pension Fund this would be anything greater than £8k.
The External Auditor advised Members that the fee had reduced to £24,162k this year.
A Member asked what the rules of capitalisation were and what limits applied and was advised that the Authority would capitalise something if it lasted for more than a year and was worth more than £6k.
A Member asked if the two new IFRS changes were relevant to the Authority and was advised that they were very low risk.
RESOLVED –
That the Audit Plan 2018/19 set out in Annex A be noted. |
|
CIPFA Benchmarking Report PDF 1 MB To consider Item 8 Additional documents: Minutes: The Director of Finance and Assets advised Members that the purpose of this report was to highlight the performance of the Service relative to other fire services. The key points to note were:
Members agreed they would like to see this report annually.
A Member asked if this report had been circulated to operational staff on station and was advised that it had not, but the senior management team would discuss the best way to circulate the information to all staff.
It being proposed and seconded:
RESOLVED –
That the report be noted and that the information contained within the report be taken to the next Fire Authority meeting. |
|
Treasury Management Performance 2018/19 - Quarter 3 PDF 285 KB To consider Item 9 Minutes: The Principal Accountant advised Members that the accrued interest earned for the first nine months of 2018/19 was £158k, which was £46k higher than the budget (£150k) for the period. In the second quarter of 2018/19, the Bank of England base rate increased by 0.25% and currently remained at 0.75%. As a result of this increase, the market was expected to follow suit and on the back of this, the level of returns the Authority received had shown some slight improvement in Q3.
RESOLVED –
That the Treasury Management Performance 2018/19 – Quarter 3 report be noted. |
|
Corporate Risk Management PDF 103 KB To consider Item 10 Additional documents:
Minutes: The Corporate Planning Manager advised Members that the report provided an update on the current status of identified corporate risks. At the Strategic Management Board (SMB) meeting on 15 January 2019 the following changes to the Risk Register were agreed:
The Corporate Planning Manager advised Members that officers were also currently considering any potential risks to the Authority that may arise from the Court of Appeal’s recent decision regarding the Fire Brigades Union’s 2015 firefighters’ pension scheme age discrimination case against the Government.
The Corporate Planning Manager had reviewed the individual risks as follows: Staff Availability: Although staff retention remained an issue, good progress was being made with the apprenticeship recruitment programme and another 16 apprentices were due to start this month. The Authority was also attempting to capitalise on the recent national awareness campaign to attract more interest in on call staff and was also working to identify potential existing staff to step into leadership roles and meet the succession and resilience planning requirements via the Development Centre Programme.
Funding & Savings: Although the Authority had agreed a balanced budget for the period 2019/20 – 2021/22 the risk score and RAG status remained unchanged at Red as this had been achieved at the expense of the Authority’s capital reserves which if continued would leave the Authority with no capital reserves by 2024/25. There were also other factors that may come into play, such as from Brexit that were, as yet, unknown.
Information Security: There had been no major intrusions or disruption to information systems from malware since the last report to Members in November. Members would note from the latest entry on the risk register that the National Fire Chiefs Council (NFCC) had been gathering information on behalf of the Home Office regarding cloud hosting of fire and rescue services data outside the UK. The Authority was able to provide a nil return as none of its data was held outside of UK hosted sites.
No Deal Brexit Scenario: The overall assessment of this, drawing on input from the NFCC and the Thames Valley Local Resilience Forum (TVLRF), was that the likely short term physical impacts of a withdrawal from the EU without a comprehensive exit agreement were low/medium ... view the full minutes text for item 10. |
|
Business and Systems Integration Project: Progress Report PDF 417 KB To consider Item 11 Minutes: The Business and Systems Integration Project Manager advised Members that since the last Overview and Audit Committee meeting the Premises Risk Management System was moving on well, the trial had been extended to Great Holm and training was now being undertaken with all other stations who do safe and well visits. Safe and Well visits were a new version of the home fire risk checks, but expanded just covering the fire risk to checking the wellness side including falls, social isolation, home warmth etc. The other part of the Premises Risk Management System was Protection which was the audit of commercial properties. This was on track to go live at the beginning of April and streamlined the process that had to be followed.
The Resource Management System was now live across whole-time and day crewed stations. All station watches had received face to face training. This had also recently gone live across on call stations as well. Due to a delay with integrating to Vision our Command Control System, the on call crews had to do part of the process manually to share their status with Vision.
A Member asked if the Safe and Well visit information was shared locally with other relevant agencies and was advised that yes it was, where appropriate.
A Member asked if the Resource Management System was live across all staff and was advised that it was live across all operational staff with support staff to be added over the next couple of months.
RESOLVED –
That the report be noted. |
|
Equality, Diversity and Inclusion Policy PDF 133 KB To consider Item 12 Additional documents:
Minutes: The HR Development Manager advised Members that this report presented the updated Equality, Diversity and Inclusion policy, which had been reviewed in line with normal practice. This document had undergone formal consultation and all feedback had been considered and incorporated into the updated document, as detailed in Appendix 1.
The HR Development Manager advised Members that Appendix 2 detailed the feedback received during the formal consultation process and the responses to each, as incorporated into the updated policy. As noted, some changes had been made to the document, such as including reference to the structured groups established throughout the Service who would support and promote inclusion and engagement. The section on monitoring sensitive personal information had been amended to confirm that whilst submitting information was optional, it was encouraged, as this data was an important component to identifying inequality, initiating activity and evaluating progress as required to meet legislation under the Equality Act (2010). The nine protected characteristics had also been added to aid understanding for the reader. In addition, minor amendments had been made to the document to ensure relevance to current working practices and alignment to other procedures.
A Members asked if something had not been declared would the Authority be liable and was advised that it would depend on the individual case.
RESOLVED –
|
|
Update Code of Conduct (V3.0) PDF 123 KB To consider Item 13 Additional documents:
Minutes: The HR Development Manager advised Members that this report presented the updated Code of Conduct, which had been reviewed in line with normal practice. This document had undergone formal consultation and all feedback had been considered and incorporated into the updated document, as detailed in Appendix 1.
The HR Development Manager advised Members that Appendix 2 detailed feedback received during the formal consultation process and responses to each, as incorporated into the updated Code of Conduct. As noted, some changes had been made to the document, such as making specific reference to the Authority’s values and other sections had been amalgamated to give a more concise document. In addition, minor amendments had been made to the document to ensure relevance to current working practices and alignment to other procedures.
RESOLVED –
|
|
Updated Whistleblowing Procedure (V8.0) PDF 134 KB To consider Item 14 Additional documents: Minutes: The HR Development Manager advised Members that this report presented the updated Whistleblowing procedure, which had been reviewed in line with normal practice. The proposed amendment to the updated procedure was for clarification purposes around the Whistleblowing hotline service. This change was shown as additional text underlined in Section 11 of Appendix 11.
RESOLVED –
That the updated Whistleblowing procedure as detailed in Appendix 1, noting the proposed additional wording in the updated document, be approved for publication. |
|
To consider Item 15 Minutes: The Lead Member for Health and Safety and Corporate Risk advised Members that the Authority was making good progress in providing resilience records management processes that were GDPR compliant. However the Authority was not there yet and, as the Information Commissioner had said "The creation of the Data Protection Act 2018 is not an end point, it’s just the beginning" The Authority was also monitoring any information made available regarding the likely impact of Brexit on information privacy. At this time, there didn’t seem to be any risks to the Authority.
The Information Governance and Compliance Manager advised Members that as they were aware the GDPR came into effect on 25 May 2018 and although the Authority was following the ICO’s twelve step programme that had been released, limited guidance was in place. In terms of GDPR and Brexit the Authority had received good guidance, and as mentioned earlier, all of its cloud hosting was in the UK. The real risk of cloud hosting was not down to GDPR, but bad implementation of the cloud. There had been 70M incidents in the last year of lost or stolen data.
RESOLVED –
|
|
To note Item 16 Minutes: RESOLVED –
That the Forward Plan be noted.
THE CHAIRMAN CLOSED THE MEETING AT 11.26 AM |