Meeting documents

Apologies for absence were received from Bill Chapple OBE, Raj Khan and Warren Whyte.

The Chief Executive and Service Director for Finance and Commercial Services had also sent apologies.

Richard Scott declared an interest in Item 7a, as he was a Trustee of the Pension Scheme.

of the meeting held on 27 June 2013, to be agreed as a correct record

The Minutes of the meeting held on 27 June 2013 were agreed and signed as a correct record, with the following amendments:

·       Page 5, agenda item 5, fifth paragraph, 1^st sentence should read "A summary of all audits undertaken in 2012-13 was on page 7."

·       Page 7, second paragraph, first sentence should read "A member asked if petty cash was still used and if the use was reviewed."

·       Page 8, third paragraph, should read "…..under the Local Government Act 2003, which were affordable, prudent and sustainable…"

Matters arising

Page 2 – Data Protection Act e-learning for members – this would be going to the Information Governance Board at the end of July 2013. The guidance on the Intranet was being updated and would be circulated once ready.

Page 2 – response to letter from Dr Evershed – the response had been circulated to Committee Members and then to Dr Evershed. Dr Evershed had responded with two further points, and a further response would be circulated to members for their comments.

Ian Dyson, Chief Internal Auditor

The Committee received the Report of the Chief Internal Auditor.

The draft Report had been tabled at the previous meeting, and the full Report was now being presented. The Report outlined the overall audit opinion on the adequacy and effectiveness of the Council’s System of Internal Control and Risk Management. The Report summarised the work undertaken by the Internal Audit Team in coming to the overall opinion. This was a key document within the Council’s Assurance Framework.

The Chief Executive had prepared a report in response to the issues arising in the Annual Report (see agenda item 5).

The Chief Internal Auditor’s opinion was that the overall system of internal control provided a reasonable assurance.

A summary of all audits undertaken in 2012-13 started on page 17. There were a number of limited assurances, including the opinion for the Payroll Audit. This was due to issues regarding reconciliations.

A member said that there were several references to the control accounts (e.g. payroll). Ian Dyson, Chief Internal Auditor, said that Internal Audit would undertake an audit of payroll every year. The reconciliations were not performed by Finance staff but by the Payroll Control Team. These were then checked by Finance staff.

Ian Dyson asked if members were happy with the level of information coming through to the Committee. Members said that they were happy and that the information provided a good overview, with further detail available if needed.

A member referred to page 31 and noted that some of the issues with payroll dated back to 2008 and said that work was needed in this area. Ian Dyson said that managers had confirmed that they would be completing actions in regard to this audit.

A member said that there was a reference to staff not printing expense forms and not attaching receipts, and said that these should be standard procedures across the Council. Ian Dyson said that there was one system in place but that this had different levels of compliance. Standards were set separately and it was up to Service Directors to ensure compliance.

A member referred to page 48 and the process for storage of keys at Black Park. The member said that problems with this could invalidate insurance, and asked if direct action had been taken. Ian Dyson said that he would check this and report back – Action: ID

A member referred to page 67 and the information about imprest accounts. Ian Dyson said that a large review of imprest accounts was being undertaken, under a project called ‘Purchase to Pay.’ Purchasing cards and e-procurement were now in place. The long-term aim was to stop using imprest accounts, as they were no longer needed.

A member asked if there was any reference to corporate credit cards.  Ian Dyson said that the Council used procurement cards, and that a new system had been introduced in April 2013. Five potential fraud risks had been identified, and 80 examples had been looked at. No evidence of fraud had been found,  ...  view the full minutes text for item 4.

Chris Williams, Chief Executive

The Committee received the Report of the Chief Executive.

Ian Dyson, Chief Internal Auditor, gave apologies from the Chief Executive and said that the Chief Executive had oversight of the issues raised and was monitoring these. The Chief Executive accepted the opinion given and noted the concerns raised.

There was a clear message from the Council’s Cabinet that the Council should be ‘risk-aware’ rather than ‘risk-averse.’

The Risk Management Group could look at how ‘risk-aware’ the services were.

The role of Internal Audit was largely around compliance with the rules which the Council had set. There was a need to be mindful of barriers which might prevent the Council being ‘risk-aware,’ e.g. standing orders for contracts and the values used. There had been a discussion at the last meeting about thresholds for contracts standing orders, and a challenge about whether risk was being managed at the right level.

A member asked if the work was being backed up by continual personal development for senior officers. Ian Dyson said that there was very strong performance management through the Delivering Successful Performance (DSP) system, which had a number of quality checks. Appraisals were held twice a year but the guidance stated that personal development should be a continuous process.

The Risk Management Strategy and risk register processes might need to be tightened.

Senior officers had the responsibility of managing services within the rules of the authority.

The Chairman referred to page 86 and asked if the five audits with limited assurances would come back to the Regulatory and Audit Committee. Ian Dyson said that the processes in payroll were routinely under review. Special educational needs processes would be looked at again in Quarter four. Safeguarding processes would also be looked at again in 2013-14.

A member asked if the response from the Chief Executive was a standard worded report. Ian Dyson said that he gave the Chief Executive assurance independently about how processes were being managed.

Tracey Ironmonger, Assistant Director of Public Health

Tracey Ironmonger, Assistant Director of Public Health, was welcomed to the meeting.

Tracey Ironmonger said that they had been asked to return to the Committee after the transfer of public health services from the NHS to the County Council had been completed.

Planning for the transfer had taken a year and a very detailed plan had been in place. The transfer of responsibilities to the County Council had progressed very well (see Appendix 1), and had included the following:

·       All staff employment had been successfully transferred and staff had been fully trained and integrated on County Council systems.

·       Contracts with 60 GP practices and with 90 pharmacies had been extended by NHS England for 2013-14. Work was also being undertaken to adapt a national health contract for local use in regard to clinical services. All GPs and pharmacies would be transferred onto this contract in 2014-15. A priority for the Council was to bring in a more Council-specific contract for these services.

·       A draft performance dashboard had been discussed with Council performance leads and training was planned on the Performance Plus system to establish processes for reporting key performance.

·       Staff had been operational on computers and blackberries within two days of the transfer. Problems were still being experienced with the N3 connection to the NHS, required to access health data. All local authorities were in the same position on this, but in Buckinghamshire the County Council had set up alternative solutions, which not all local authorities had done.

·       Scenario-planning in regard to infectious disease outbreaks had been undertaken with partner organisations.

·       A review of the school nursing service which had been started before the transfer was proving to be very valuable and work was continuing to better understand the resources required for the delivery of the Healthy Child Programme 5–19, which was now a County Council responsibility.

Potential risks which had been identified were described in Section 3, and included:

·       Failure to develop effective organisational structure (work was being undertaken to recruit into vacant posts and to review the capacity required for non-specialist functions).

·       Failure to establish effective working relationships with Public Health England and the NHS England Area Team (work was being undertaken to provide effective relationships).

·       Delivery of a ‘24/7’ rota to deliver an effective response in the event of a public health emergency (work was being undertaken to liaise and co-ordinate with neighbouring authorities and with Public Health England).

·       Failure to agree a contract for the delivery of the core health care offer, which would result in a lack of effective support to NHS Commissioners (relationships with Clinical Commissioning Groups had been established and a Memorandum of Understanding had been written).

·       Inability to mainstream public health responsibilities across all portfolios could reduce the potential opportunities offered by the transition (initial links had been developed with key portfolios and teams).

There had been an extra £1.5m of funding in the current year and this would also be the case in the next financial year. Some proposals for how  ...  view the full minutes text for item 6.

Ian Dyson, Chief Internal Auditor

The Committee received the Report of the Chief Internal Auditor.

Ian Dyson, Chief Internal Auditor, took members through the Report and said the following:

·       Progress had not been made in procuring specialist IT audit resources for 2013-14. This would be completed during Quarter 2. New staff would also be recruited within the combined Oxfordshire and Buckinghamshire Internal Audit team, particularly a Principal Auditor. There would also be recruitment for an Auditor / Senior Auditor.

·       There had been one additional audit in Quarter 1. This was because the Children and Young People’s Service and the Section 151 Officer had requested an internal audit of the Mandeville School. This report was in its draft form, and contained a limited audit opinion.

·       Assurance mapping work for safeguarding was being undertaken, with a pilot in Oxfordshire. The Strategic Director for Children and Young People was fully engaged with the work. Safeguarding had been identified as a significant risk for both authorities.

·       A contracts needs assessment had been undertaken. There were some additional points to be looked at from the audits of the Amey and Ringway Jacobs contracts. These would include looking at the capital programme management. This would be brought to the Committee in September 2013.

A member noted that slippage of this contract work could have a significant effect on cash flow.

·       Annex 2 was the Counter-fraud plan for 2013-14. The fraud risk assessment would be brought to the next Risk Management Group.

·       Proactive fraud reviews were carried out on a number of areas, including blue badge applications.

A member asked how fraud reviews were undertaken. Ian Dyson said that there was a need to understand the control environment and to do an analytical review to see if the controls were working effectively. If not, some testing would be designed to check this.

Grant Thornton UK LLP

This item was an additional item on the agenda, which had been added with the agreement of the Chairman.

Ian Dyson, Chief Internal Auditor

The Committee received the Report of the Chief Internal Auditor.

Ian Dyson, Chief Internal Auditor, said that the Anti-fraud and Corruption Strategy was reviewed annually by the Committee to ensure it was ‘fit for purpose’ and continuously relevant.      

A member asked if staff involved with financial transactions had to take a compulsory two-week holiday annually. Ian Dyson said that this was not done, and that imposing this would require a change to terms and conditions. Other controls should be in place to prevent and detect fraud.

Paul Grady (Grant Thornton) said that when journals were tested, the time they were posted was noted (e.g. if this had been done outside office hours), but that this only provided an indication of fraud, rather than proof. Prevention controls were more effective than detection.

Ian Dyson said that the organisation should monitor people who did not take leave as a health and wellbeing issue, through Human Resources.

Ian Dyson said that transactions outside normal working hours were only indicative, as Local Government now had more flexible working hours.

A member said that even with all controls in place, people would still commit fraud. Paul Grady said that an example was cash collection from parking machines. This was monitored and the monitoring acted as a deterrent.

Ian Dyson said that the level of control needed to be consistent with the risk of fraud.

Paul Grady noted that the more control in place, the more innovation was constrained. Not all fraud was picked up by monitoring people not taking leave.

Ian Dyson said that he would speak to the Fraud Team about how information about annual leave was used and where it was reported to – Action: ID

Ian Dyson said that it would be the responsibility of management to check the controls in place.

Members received the Report of Michelle Higgs, Human Resources Manager.

The Chairman asked that any questions be sent to him, and that he could ask a Human Resources officer to attend a future meeting if necessary.

A member said that changes made to the Strategy needed to show where the changes had been made. Different versions of the Strategy also needed to be dated.

Ian Dyson said that they needed to look at how effective the Whistle-blowing Strategy was. An e-learning tool was in place, and take-up of this would be reviewed.

Only a small number of whistle-blowing cases had come through in the previous year. However there was no evidence that the Council was suppressive, or that staff were fearful.

The Committee received the report of Anne Davies, Service Director, Legal and Democratic Services / Monitoring Officer.

Linda Forsythe, Group Solicitor and Deputy Head of Legal Services, was in attendance in place of Anne Davies. Linda Forsythe told members that administrative changes had been made to the Anti-Money Laundering Policy. This included changing references to the ‘Crime Agency’ to the ‘NCA.’ There had also been a change of Council personnel, which had been reflected in the Policy.

Two further amendments were needed:

·       5.3 – "As soon as you have reported the matter to the MLRO you must follow any directions she gives you…"

·       11.1 – "In the absence of the MLRO the Service Director, Legal and Democratic Services, Anne Davies, is authorised to deputise for him her…"

The Policy mainly affected staff in Finance and Legal Services.

The risk of money laundering at the Council was low.

Members noted the Forward Plan.

24 September 2013, 9am, Mezzanine Room 1, County Hall, Aylesbury

24 September 2013, 9am, Mezzanine Room 1, County Hall, Aylesbury