Governance and Audit Committee - Monday, 29th April, 2024 2.00 pm
April 29, 2024 View on council website Watch video of meeting or read trancriptTranscript
But I think by the experience, I think, of or at least having the opportunity to be able to consolidate that more fully as one full-time equivalent, I think, given the environment that we're in, nature of the debate today, and in terms of, you know, having somebody who's going to be able to offer that level of dedicated time in that senior role and that senior position, I know we've got to go through process in and around that. And that's the interest you're showing clearly at the outset of the meeting. But I think the fraud aspect is also very important as well in inherent within that. I think, Jan, and I think we both knew and I think the committee knows that there's a need to, I'm not going to concern around our arrangements. I think I just want an additional level of rigor in and around those arrangements. And again, given, you know, we talked about risk through this meeting, you know, and that's an area that all public bodies, you know, are facing in terms of those inherent risks of fraud as much as you have. Shannon, Kath, come in to talk about cyber security, you know, there are areas that we have rightly invested in in recent years to strengthen our capabilities, and I think now is the right time to do the same in and around our internal audit work. So, yeah, the report, I think, talks to itself, really interested to just sort of get feedback from the committee and to hopefully get the endorsement of the committee to sort of move in this direction and certainly for this next period of time. So thank you. Thanks very much, Peter. We'll go to questions. We'll start with Tony, please. Yes, thank you, Chair. Two questions. Well, I want to comment. There's a question, 4.11 you've touched on the detachment of a shared service. Was that your experience of the previous way we operated, or was it a shared service or a shared person at that time? The other question is, there's an indication that there's an increase in fraud. Have you been able to identify where that fraud, why has it increased, where it's come from? You've got detection reasons to find it out. But is this something pre-pandemic or post-pandemic that's caused a lot of work in and things like that, which might create fraud, like I'm assuming it's fraud within the organization rather than fraud outside the organization? So in response to the first question, it was a shared post. It wasn't a collaboration in the fullest sense, even though, I think, you know, a deepening of collaboration with Newport, was one of the options that is obviously presented in the paper. I think Newport, and I think if Mairean, my counterpart, was here today, I think he probably acknowledged one in the same. They're in a different position to us as a result of, I think, vacancies that they've suffered through a period of time. They've looked a buy-in from the market, and I guess they were in a slightly different position in terms of understanding fundamentally what their next steps were, I think, in the way that we've been able to consolidate, you know, over this last year, we're in a different position, really, in assessing our options. So, yeah, on that one, and again, to my only comment, there's no criticism there in terms of what was there before. I think it's just the opportunity of time and for us to assess what the most appropriate next step is, sorry, remind me on the second question. Sorry, fraud fraud fraud. Yes, regarding the preponderance or the use of preponderance, it might be wrong, of an increased level of fraud, fine fraud prevention, obviously, is this something which has come from post-pandemic? It might be homework and so on. Yeah, so, I guess, if we sit the pandemic very specifically when we talk about things as our business grounds aside, then, you know, we've not got a pattern of significant fraud, even despite the fact that, you know, we've got good arrangements in place, the increased incident of fraud is something that is being seen across public sector. So invariably, we would be complacent, I think, to just sit on our laurels of low levels of fraud and just be comfortable with the arrangements that we have. So it's the need now for us to establish now that more dedicated role and, you know, that can suitably inform, I guess, me and Jan and the committee and in terms of and in the similar way to what I just touched on and with cybersecurity and how we've evolved that in recent years, you know, that will guide us again in terms of the next step of our journey. Any other questions or comments, Martin? Thank you. Thank you, Chair. Peter, I don't suppose, I guess, that it's cheaper to be unhoused and to join with other organisations, and I think you inferred that that's because we pay less. Pay less and the gradings in which they, in which the way that they assimilate across, they sit differently and in terms of with the regional internal audit service to us and that leads to upward trajectory in terms of assimilation over. So it's a combination of, it's probably the latter more than the former, I think, isn't it? Okay, so I was thinking about the risk is clearly if there are other organisations which are paying more for services, we won't have Jan for long because he'll go and get more money somewhere else. For example, of course he wouldn't, because he loves it here. The other thing about having a smaller team is the specialties, and it isn't directly addressed. I don't think in the paper things like cyber and IT audit, very specialist areas, will we have that facility in-house or will we have to go and buy that in? Yeah, I think it's the extent that we need to determine as to whether that needs to be drawn in or it can be developed, I guess, inherently within the team. It's also, and it's a conversation to be worked through, so for example, if we take something like the shared resource service, the SRS, which you've had a level of exposure on in the last cycle, and I guess Tor Vine has got a level of experience in that and undertakes the internal audit work in that area, so sometimes that answer is not too far away in terms of being able to identify the means to achieve that. Thank you, I think that's helpful, I'm supportive of the paper, I guess, because it's a reasons position to be in, but it feels to be running against the way the world is moving in local governments, where individual organisations can't afford the standard they've owned yet. In this case, we seem to be able to, indeed it clearly works out to be the case, I wonder whether it's over the core budget committees and sharing across Gwent, et cetera, but that got really on in this, isn't it? Yeah, and I'll probably make note of, because it's public, RCT stepped away from the regional internal audit service in recent months, they've done that for their own reasons and in terms of, I guess, as I understand it, a bit of a consolidation and focus in terms of their own internal governance, because they felt that, I think, in the way that it's been described at least, it's allowed them to, comes back to, I guess, that bit around flexibility and being able to be in really clear in terms of where you direct your internal audit resource, so it's just worth to note that and the other bit on collaboration is, you know, collaboration in all walks of life in public service needs to be very carefully thought through, you do not just collaborate for the sake of collaboration, it's got to be for the right reasons. So yeah, any assessment has got to be a thought for one. Okay, Phil, please. Yeah, I was pleased to see the enhanced structure, particularly in the current climate. Quite your fashion really, to see a team enhanced rather than depleted. So yeah, I mean, obviously, you accept that if we lose somebody, there's a problem within the team, but that's life, isn't it? But no, I think it's the right proposal. I was just going to touch Peter on RCT because I understand their model was to move performance closer together with internal audit, which, you know, that seems a bit counterintuitive to me that, you know, internal audit, you know, can hold performance back and perhaps not the best place to be too close together, so I'll see, I mean, three months of experience in front of me that perhaps that's the answer for someone else, but it didn't seem sensible to be. Okay, I'm not seeing any of our hands, so a couple of comments and one question, I think. Thank you, Peter, for paper, I'm grateful to officers for early sight of draft of this paper and the opportunity to provide feedback. I think it's a very good, well thought out paper and clearly very supportive of the recommendation. I think it was important for our people, that is the staff and this committee that we give certainty in terms of what the target operating model was and come to a swift and very sensible conclusion. So yeah, again, thank you, Peter, for your hard work in pulling this together. So clearly recommendations accepted. My question is around timetable and all next steps. I think the paper will say a lot of that, could you just give us some insight in terms of what the next steps are, please? Yeah, thank you, Chair, just reminding me it just allows me the opportunity to come back in because it was one important piece I forgot to mention, which is that as you naturally expect as part of a proper process, there's been a level of staff consultation. You know, that's extended, obviously, beyond Jan, but with the rest of the team, really good feedback received, but, you know, again, very supportive in terms of the direction of travel, but not in a way of the option that being chosen is, of course, the option of lease change for such colleagues, they have actually come back in with very constructive comment, I guess, and in terms of how this can actually look to put the internal audit service on stronger footing going forward. So that's just good to acknowledge. So we've already been through that hurdle back to your point on timeline. So that's cleared. So on the basis of an endorsement today by the governance and audit committee, we will be almost immediately looking to make move, therefore, and looking to try and streamline the process as much as I'm able to, but obviously in offering fair opportunity, I guess, for the roles that are obviously brought forward as part of the process. So I wouldn't want to get, I wouldn't want to get past the summer, really, with us not having this implemented and through. Okay. That sounds positive. Thank you very much. So clearly you have a committee's endorsement and look forward to an update in terms of when it's actually been implemented. Thank you once again. We'll now move on to item 12. Item 12 is the Reformatted Committee Forward Work Plan. May I just pass my thanks to Wendy and I think Cheryl for the work they've been involved with in terms of developing it. I was content of the content, but were there any questions or comments from members? No. We'll then move on to the minutes of a previous meeting. Yet again, I've reviewed the views and have no particular comments or questions, but may look to members for their views. Happy to have approved, yeah. Okay. We will approve those minutes. Thank you. And the final big part, and I should have just confirmed, we've already addressed item 11, so at the top end of this meeting. The final then matter is to confirm the date of the next meeting, hopefully it's new diaries 6th of June, and I think that concludes this committee meeting. So thank you one and all. Thank you. [BLANK_AUDIO]
Transcript
Okay. We will now move to item three public open form. May I just check Tony? Your mic is on. Did you wish to speak? Okay. Public open form. This is the opportunity for members of public to address the committee to raise any concerns or relevant matters. Wendy, have we any members of public who wish to address this? That no chair. Okay. In which case we will move on to the action list. There's four actions in the action list. We'll start as this tradition with the first one and that's in relation to a paper, possibly an informal paper on finance team capacity. Members will be aware this is a long outstanding paper. So I can see John Davis head of finances on the lines. John, can we kindly give an update in terms of where we are of this paper, please? Yeah, afternoon, everyone. And thanks, Chair. Yeah, I think I communicated via email over the past week or so that the paper is near and completion. It's not a paper that is going to come in front of the committee as a report as such. So this is very much an operational paper that outlines the changes required to the finance structure. It's, as I say, near and completion. So I'll hopefully be able to share that with yourself. Chair, at the same time as it goes across to Peter has in his role as chief officer for resources to be able to consider and sign that off in the Peter's role. So yeah, hoping to be shared this week. It's near and completion. It doesn't mean an easy one because it encapsulates quite a few temporary arrangements that we've had in place. So just needed to bottom those out before bringing that forward as a final version. Hopefully that gives us an update. So John, thanks for the update. We did discuss it. We're at the pre-meter week or so ago. Given how long it's taken to see the light of day, I did strongly indicate that I'd want to pay per bike end of this month, which is effectively tomorrow. So I would like it. Water and all tomorrow, please. Are you happy to do that? I'll work towards that, Chair. I'll take a look through and hopefully share something at the same time that is sent over to Peter. Thank you. Much appreciated. Okay, we've gone to the actions. Actions 2 is not due until next month. I'm not going to go to MAT unless he signals that he wishes to update this point, but I look forward to seeing that paper at next month's committee. Item 3 is included within Richard Jones' excellent paper on risk management and item. What is it? It's fair. Item 6, conceived of looking. So what I'm going to ask Peter Davis to provide an update unless he wishes to at this stage and similarly item 4, that's not due until late in the year. So no update of this point is required. If we could then move on to item 5. Item 5 is the Audit Wales Program Council Board of Wales Work Program Council Progress Update. And I believe this item is going to be introduced initially by Hannah Carter Performance Analyst. So Hannah, over to you, please. Thank you, Chair. Yeah, so today we have the Audit Wales Work Program Progress Update for members to review. This is a six-monthly report that was last presented to the committee back in October. So this report provides an update on the progress being made by the Council in implementing the findings of Audit Wales reviews. This includes both local and national studies published by Audit Wales. So for our local studies, recommendations that we deem require further attention are marked as open. And then when a recommendation has been assessed as been adequately addressed, it's marked as closed and an explanation might be provided. So the local reviews currently marked as open can be found in Appendix 1. These include a review into financial sustainability and also a review into asset and workforce management. As well as these local studies, Audit Wales also publish national studies. And whilst the findings of these studies may not always be specific to Monma Shaw or necessarily pertinent, we do share these with the most appropriate service area to consider their findings and recommendations and to respond accordingly. And the Council's management response to national studies can be found in Appendix 2. There's been just one national study published since the last update provided to the committee, and this is into regeneration of Brownfield sites. Something to note for the committee is that the management response template for our national studies has been adjusted very slightly to include a responsibility holder and time scale. And this is to ensure alignment with Audit Wales's organisational response forms that we are required to complete following these national studies. The committee is asked to scrutinise the Council's response to the Audit Wales work program and seek assurance that adequate progress is being made. And they are also able to refer any issues contained within the national studies for other committees to consider where they identify their findings that may require some further scrutiny. And I'm happy to take any questions that you may have from the report. Okay, thank you, Hannah. Let's go to members first for questions and comments. Martin. Thank you, Chair. Thank you, Hannah. It's a helpful report. If I write your reading this, these are only the Open Audit Wales recommendations, so there are some which have been closed. It would be helpful, not for this time, but for in future, just a brief summary of the ones that have been done just so we understand what action has been done to make sure we've closed that off happily. Specifically then, on the appendix one that's here today, and the finance proposals, the bottom one and the finance proposals on page six of the paper talks about robust details, review of plan savings brought forward to ensure impact on service deliveries mitigated where possible. And it says March 24. That's so, I presume that hasn't yet happened, always in progress. Yes, so this is referring to setting a balanced budget, which was then done in March 24. That's why it's not as much 24. So that action has been done. Ah, but it's because it's part of a bigger overall action, which has the opening of that way, it's a looping. Okay, that's really helpful. A couple of other places, however, where the actions are marked as ongoing. How on earth do we ever close off an ongoing action? Yes, I think that's the first point. I have closed actions as well. It's going to be helpful and I'll come on to the ongoing one. In terms of close, there aren't any actually within this report that close, but it's to say when we close an action, we will also include a rationale for closing it within this report. And also, I know all the way else colleagues on the call are planning further follow up work on closed actions as well. So that may help the committee and certainly help as an organisation. In terms of ongoing, I think it's a fair challenge. I think some of the nature of the actions is, Hannah's just sorry. Hannah's just pardon me. As Hannah's just described, we'll have a specific end date, so we'll set the budget on a certain date and we can see the actions closed. Some of the things we're doing are looking at ongoing incremental improvements to how we deliver in services. So, the one in front of me around the asset management plan has now been put in place. Within that, there are a range of actions and activities that will set out different milestones and measures which they want to deliver. It's difficult for us in one paper to wrap all those up at a headline level, too. But I think it is a fair challenge and something I think we'll take back to when we're working with service areas we respond to these, try and pin down clear timescale. So both we and you can hold them to account for delivery and I'm sure what it was, Connie, to say the same. Thank you, Richard. That's really helpful. What I don't want to do is force officers into setting realistic deadlines to get things done. So I'd like them to think about these things. And if it is complex, it is going to take a while, let's be honest and say it'll take a year, it'll take however long it takes. But I hate ongoing because you can never close it off, Connie. Thank you. Any other questions or comments, please? Okay. Before I turn to order Wales for various views on this paper, just to please say I didn't see you. With regard to the empty land and buildings piece, I'd note the response. I mean, we don't have the same issues in Momshire that a lot of authorities have do. And I know that officers are aware of where the brownfield sites are and what they are. And of course, it's great that the authority is sort of putting its own house in order first through the asset strategy. But I wondered whether we are actually meeting the challenge of being given with the audit Wales to be ambitious and interventionist and whether the sites that are around the county, are we aware of which collectively as an authority and being aware that that's very much cross departmental, are we identified those sites which are not coming forward in the normal, through the normal course of things, through the LDP or through anything else, and where the authority may need to intervene to avoid that site becoming a continuing beat to be a blight. I mean, I'm sure we can all identify a few around the county which are where there are ice walls where nothing appears to be happening. I think it's difficult for us to answer that when no sponsor of the service here, I think in bringing the paper forward with the committee, there's probably two roles. You've got one is a show on yourself around the initial response. The second one is if you think there are elements here that could be followed up in more detail, that could be something, for example, you refer on to a scrutiny committee, for example, to look at where this, obviously, I know the planning policy and the local development plan, for example, it is already part of the work program. Secondly, and more specifically, we can take that question away in us for the service here to provide a return response. So, I believe it to the committee to decide what further action I'd take, but I'm happy to take the specific question back to you. Thank you, Richard. Thank you, Sarah. You made some important points there. How do you wish to play it? We can ask the officers to come back to us with a fair update, or we could refer to scrutiny, or even potentially ask a relevant officer to attend this committee, albeit I'm not very keen at that last option. Have any thoughts, please, Sarah? Perhaps to identify whether we have a list, as an authority, do we have a list of the brownfield sites in the county and the sites in need for regeneration, and are we aware of the current status of those? I'm sure Phil will know more than I do. Phil, please, quite honestly, Chair, that's one for the replacement local development plan, which is due to P&M's by cabinet in September. So, I think Sarah would probably be better waiting until she gets that, because whatever there is at the moment could well change by then. Tony. Yeah, thank you, Chair. Page 11 on your report, I won't read all of it, but it says, this is the Council House, and can this directly involve communities in its development of the county, where you engage the stakeholders throughout the development of the replacement local development plan, et cetera. I won't read all the paragraph. I think that Yann knows what I'm coming from. Can you assure me that there will be that continued and regular involvement of communities rather than just righted down on you? I think, well, the response is given by the head of planning, placemaking, highways, it's a long title, highways, and flooding and regeneration manager. So, that's what they've committed to do in the response. I can't personally respond to that, Chair, but again, we can ask you if there's a specific question for the officer to respond. Yeah, so I do have some sympathies with Richard's view. So, Tony, I don't know if it's best asking that question directly to the officer outside of his forum, but if you're not satisfied, please bring it back, because it is related to the points within this paper. Yes, they've got concerns, yes. Okay, thank you, Tony. I kind of check, Sarah. Are you happy to wait to see the LDP in September? I am. Yes, thank you, Chair. I think that's an excellent suggestion from them. Okay, thank you. Just a few comments from me back to the finance proposals. Clearly, a critical set of actions here, and, you know, we have, as a committee, asked to be engaged in the development of a financial strategy, and I do note that the financial strategies on the agenda for our meeting next month, and I'm sure that that will come forward as appropriate, which is really, really important, and certainly sort of the scale of the action set out here, and what the outcome actually desired is pretty significant and critical to the continuing the viability of this organisation. So, look forward to seeing that, and also looking forward to seeing these actions closed out. Before concluding, may I just turn to Gareth Lucy and Jason Williams for their comments in terms of the adequacy of the Council's response, please. Thank you, Chair. Yes, obviously, a lot of these comments relate to historical reports and outputs that we've made. So, you know, we maintain a contact with Council officers in terms of those responses, you know, and carry out a range of follow-up work as well as appropriate. So, you know, that work then provides us with the assurance we need that those are being taken forward. So, I want to use a combination of that ongoing dialogue and the follow-up work that will provide assurances in the Chair. Great. Okay, I take that, but you are broadly comfortable with what's said out. That is, there are no further contour indications. Thank you, Gareth. As I mentioned at the pre-meet, we will now move to item 11. Item 11 is the Ordes Wales Performance Data Review, and I'll turn initially to Gareth Lucy to introduce the item. I think Jason Williams will then provide a bit more detail, and then turn to members for questions and comments. So, back to you, Gareth, please. Thank you very much, Chair, and good afternoon, everyone. Just to introduce myself, my name is Gareth Lucy. I'm the Engagement Director with Responsibility for Delivery, of all audit work here at Momshire County Council. I've recently taken over from Anthony Ville, who has previously held the role. So, just to introduce this work, first of all, before I introduce my colleague, Jason, into to talk through some of the detail of the findings. So, this is a report on the Council's use of service users of perspectives and consideration of outcomes when it comes to its performance information. This is a piece of work that we've performed across all 22 local authorities in Wales. So, isn't a local audit risk that we've identified as such. This is a piece of thematic work that we've carried out all across the country, this report therefore forms the local output of that work for Momshire. We got 21 other reports similarly being presented elsewhere across Wales, too. It's worth flagging up at this stage that this is a report focusing on the use of service user perspectives and outcomes within performance information. So, this isn't a wider review of the Council's use of performance information, so its processes or its performance in that area. This is looking at a specific element of that. So, I just asked members to bear that in mind as they consider the findings of this report. Hopefully, everyone's had a chance to read the report in detail to see the main findings coming out of it. You'll also see after the report in the agenda PAC, the Council have also completed our organisational response form on page 1, 2, 3 of the PAC. That summarizes the Council's response to the recommendations that we've raised in the report as well. Although Jason will come on to those in a little more detail now, fundamentally, we're satisfied at this stage around the content and sufficiency of that response from the Council as well. So, with that all summarized here, I'll hand over to Jason now, we'll come up through some of the details of the report, and then hopefully, we can hand over to a Council officer then for a response in terms of their response to our report. Thank you very much. Yeah, I'm Jason Williams, senior officer with Audit Wales. I've been working on this particular review, amongst others, and just to follow on from what Gareth has said, we carried out this review to answer the key question, which was, does the Council's performance data enable senior leaders to understand the service user perspective and the outcomes of its activities to effectively manage its performance? We explored the performance information that provided the senior leaders on the perspective of service users, the information on the outcomes of the Council's activities and arrangements to ensure that the data provided is correct. The overall finding that we came to within the report, and this is all detailed within the report, and I'll just pull a little bits out as we go along, but the overall finding was that the Council provides some performance information to enable senior leaders to understand the perspective of service users, but informational outcomes was limited in restricting the ability to manage performance effectively. The reviews findings then, which fed into that overall finding, were as follows. So performance information provided to senior leaders includes some information, but it does not enable them to get a comprehensive understanding of the service user perspectives. We did find some examples of performance information, which would help senior leaders understand the perspective of service users, but overall we found the information on the perspective of service users did not enable senior leaders to get a comprehensive understanding of how well services and policies are meeting the needs of service users, particularly given the breadth of services are provided. Our next finding was regards to the performance information provided the senior leaders to help them understand the outcomes of the Council's activities as being limited. So we found some information about outcomes. Much of the information in the Council's report is based upon outputs, however, and quantitative measures with limited evaluation of those outcomes and the outcomes of the actions. Our next finding was around the Council has limited arrangements to ensure performance data. Reflecting the service user's perspective and the outcomes is accurate. The Council has limited arrangements in place to routinely check the accuracy and quality of data and performance information. There were things such as performance measures guidance, which we looked through in the principles and of development and checking performance measures. We looked at performance team and take sense checks and in consideration we found that inaccuracies with performance information may not be identified if anomalies were not noted. So another one of the points was that there has been no data quality orders that we had seen in the past four years and as the Council has limited arrangements, therefore, to assure itself that the service user perspective and outcomes data is accurate, there was then deemed the risk that performance information presented to senior leaders may therefore be inaccurate. Our next finding. As information provided on outcomes is limited, the extent to which the Council can use this information to help it achieve its outcomes is also limited. Some performance information to enable senior leaders were found to understand the perspective of service users, but information on outcomes was found to be limited and where we did find examples of the Council providing information, we found some examples of the Council then using that information and making changes. The next finding was that the Council recognised that it needs to strengthen the quality and range of information available to it. The Council has set new objectives in its community and corporate plan with a focus on developing more localized data to better understand the lived experiences of its residents, so that was stated. It will be important for the Council to benchmark and compare its performance arrangements, however, for collecting and reporting on outcomes and service user perspectives with other organisations. So having gone through that, coming to the final overall rather conclusion and finding, we came up with three recommendations, which I'll just summarize as in. The first was about the Council should strengthen the information it provides to its senior leaders. The second was that the Council should strengthen the information provided to senior leaders to help them understand the impact of its services and that's with regards to outcomes and then the third was the Council needs to assure itself that it has robust arrangements in place to check the quality and accuracy of the service user perspective and outcomes data provides to senior leaders. That report was produced, agreed, it's been agreed with Council and it has been submitted with an ORF, an organisational response form. As was mentioned by Gareth, that's been returned to us and our conclusion in that is that the Council's response to findings together with their planned actions was deemed sufficient and appropriate and that's basically it from, I believe, thank you. So thank you, Gareth, thank you, Jason, really, really helpful introduction. From my perspective, a very important paper and indeed it's a real challenge, not only from on the shy bet, but for other local authorities in order to sort of address a number of these recommendations. So before going to members, I note that a number of these actions, Citry of Richard Jones, Performance and Data Insight Manager, as well as with Matt Gaethaus. Richard, did you want to say anything at this stage in terms of your confidence in delivering those actions, please? Yes, Chair, I think overall again, thank you for the audit, Will's work on this. It is timely, as mentioned, flipping the input from Jason, we set the community called Brown, looking at developing our outcomes of this piece of work from what it well is to inform that. It's helpful, I think, what I'd give some assurance to members is that we have some arrangements in place and we have performance monitoring reporting in place, we have a performance management framework in place and we have regular timetable of work plans to report those in. I think what the report challenges on is strengthening that to focus on outcomes in the services perspective. Some of those things we have in place, I think the report cites some of those examples around things like our self-reloration report, things like our directors reports coming from chief officer in social care health and chief officer's children and people, but nonetheless, as our management response covers, we're looking to strengthen those arrangements in the coming months and years ahead. So, in terms of the key actions, there's a couple of key things we're looking to do. Firstly, is strengthening the measures within the community and corporate plan to try and make sure there's focus on outcomes and the service use of respect as they can be recognizing that no one number alone will fully reflect that and actually, I think as we've talked to this committee for about our self-assessment arrangements, bringing a wide range of evidence to support our self-assessment will be important and that won't just be quantitative evidence that will be qualitative as well and sometimes that will take a while to develop review, evaluate and bring that forward which is partly linked to one of our key second actions for both the first two recommendations and working with service areas to strengthen their own information gathering and assessment through their service plans as well because it's that that then for feet and vocal but reporting and the service areas are the ones closest to the service uses and the outcomes where they're being delivered as well, but again, just to reiterate, there are arrangements in place for that and we do have good examples where that's in place nonetheless, it's about making sure that practice is even and consistent across our range of services as well and the final action there that links to our self-assessment arrangements which I've already covered and then finally around the third recommendation around the quality and accuracy or information again, Jason, hopefully we'll do some of the arrangements we have in place in terms of, you know, providing that assurance to ourselves around do we have robust arrangements to check, to check quality sure performance data, I think a big part of it for us is it's not looking just at the name and point check but looking at data for its life cycle, so looking at when data is first, when it's first entered, how it's stored, how it's exported, how it's exported, rather dated and reported and you know, I think the way we're looking at our actions takes forward around the data material assessment, it's looking at across that whole life cycle including some of the processes we have in place to do some of those end-point checks and part of that, you know, I've spoken to Jan as well in terms of the work that we can jointly do within an audit, the strength and some of those arrangements as well, so that's a brief overview and confidence in terms of where we go next and I'll see a report on that committee, I don't know, Chief, if Matt wanted to add anything. I think there was a sort of fairly comprehensive initiative input from Rich and also just your chair as needed to pick up any subsequent questions from the committee. Great, thanks both, so I'll have two members for questions and comments, either towards Wales or to officers. Only a quick one, Chair, just a bit of clarification really, on a general point. All these Wales, in particular, there's various references to effectively or what appears to be effectively accepting the reports that have provided to senior managers as being correct if they're doing a financial audit, that the information provided by officers and internal audit is correct and then there's a heavy reliance upon us getting what we give out that they look at being correct. So my question is, what tests go on on that? You know, are we actually hanging ourselves when perhaps we shouldn't have done? You know, this general question about how the effectiveness is worked through. Thank you. So I think that's essentially a question about data accuracy and integrity. Richard, do you want to go with the answering right, please? Yeah, thanks. Thanks, Councillor MURPHY. It's a good point. Again, I think, probably look, it's a different area's responsibility and then at each point those are different areas in essence of check. So we take performance data as a line in this report, so obviously we'll have a responsibility holder in the service area who will be generated in producing that performance data. Part of our response round data maturity is making sure that they have the skill support awareness they need when they're producing the data to think of it through that lifecycle. So has it been entered correctly? Are they validating it before then they pass it on to be used in the next chain in the cycle? As you describe, the next part of that in terms of if I looked safely at the arrangements having place with a community and corporate plan performance measures, which are important to us because they are our headline measures of our objectives as an organisation, we have, as described in the report, definitions, proformers in place, which would calculate things like variants. We'll ensure that the officer providing information is signing off that they're happy it's accurate. If there are variants, it's like that we as a team will act as a potential another check in that process to test then why is something varied? Have you had a changing process? Have you changed your system? Has the performance gone up or down that much? Why? And that's another check in the line. And obviously we then report through two committees as well, who at the end point have a scrutiny challenge role. I know in using with the response to report with into an audit colleagues of our new into an audit part of their work programme, we're required or we're on a risk basis to be important also to test out some of the performance data and data arrangements services have in place. So I think it's we have a process in place but for me it's not just the process, it's making sure that the culture, the skills are embedded within that and that's where I think our response will help working as a performance team and in these and with the with all the colleagues as well as our whole system. Thanks for that which obviously a lot of care taken there but can I just turn the question on on audit Wales then please and just see what their perspective is on that. Do you want to repeat your question for Ben for Wales? Basically even though you have acknowledged the amount of care which is taken in preparing reports and the information provided to you, what checks do you carry out to make sure that that is in fact the case? Yeah thank you Chair and thanks to the Councillor for the question. Yes ultimately this is kind of the skill of the job ultimately as an auditor is to assess the data that's put in front of you and come to a conclusion as to whether it's something that can be relied upon or whether further work needs to be done and if further work needs to be done what that work therefore is. So some professional skepticism is really what underpins the work that we do. It's really just carrying that mindset forward to review every piece of information we get be that for auditing the accounts or for a piece of performance audit work and constantly assessing whether that is a viable and accurate piece of information and sometimes that's more straightforward than others. So sometimes it's externally verifiable, sometimes we may need to stop colleagues who may have greater knowledge and assurances in this area, sometimes it's as simple as just asking through the questions of the person who's provided it and getting assurances that way. There's no set of approach ultimately but I suppose just please be assured from our part that this is something that underpins all of the work that we do, that we're never taking anything at face value and as an external auditor's we have to question what we're provided at all times. That was the anticipated response, thank you for that. Okay thank you Gareth. Have any Martin please. Thank you Chair. I guess this is which is this is probably view in the recommendation responses. As you mentioned the recommendation is one-on-two, there's a bullet that says support service managers to strengthen the use of evidence. How are we going to do that? Is that going to be a training courses, training people how to use data? What does support service managers actually look like? Yeah I think it'll be a range of things. So for example, Anne and I are responsible set up service business plan process as part of that. We have a range of guidance training materials that we'll provide managers with either generally offered or offered on a support or need basis and we'll be developing some new retailers part of that. So for example we'll be looking at doing some video recordings so we can have training available. We'll make people that hold in a specific session and also that will be part of then we're part of the various networks and performance networks. We may draw in specific training courses or support as available as well. So we've got a suite available I think the challenge and audit way as a report is a welcome moment in terms of that focus on impact. It's something we identified in our self-assessment process as well. So yeah there'll be a great emphasis now as we move in the next few months into through the service business planning to focus on training and supporting managers around ourselves more so than we currently do. That's really helpful thank you. Sarah next please. Thank you Chair. I think Melty has asked one of the questions I was going to ask. This is a really welcome challenge and very much echoes. I know what I know is the the administration's commitment to put the citizen experience at the centre of everything the council does and to use data robustly. I will also go to ask about the the training and so on but I'd like to ask audit Wales is really how do we compare to other authorities in that. Perhaps this is not something you could answer in this but I know that we're always ready to learn from good practice elsewhere. Thank you. Are you able to answer that Gareth? Yes yes absolutely and thanks again for the question. I think this is the really useful thing about performing these thematic pieces of work across all of the 22 councils as it allows us to compare also allows council officers to compare contrast, share and learn and ultimately that's what we're hoping for from this piece of work is it'll it'll act as that catalyst for discussion and sharing. Ultimately the I think the conclusions we've drawn here are fairly consistent with what we've seen elsewhere. Again wouldn't want to sort of pre-empt any other reports which may still be going through this process but they'll all be findable on our website later on anyway but it's fairly consistent. I think we found these sort of general themes of potential improvements that could be made in terms of enhancing the perspective of the service user and outcomes as part of performance management data. So I think the findings that we have here are certainly not unique. We certainly have seen similar themes elsewhere and what we'd hope now is let me say councils could get together, share information and learn from that but I suppose just as that final piece of reassurance you know what you see here is not more much of being an agglaya. I'd say this is very much part of being one of the past clearly and it's just a matter of now the steps from here to further that improvement journey. Okay thank you helpful Richard we'd like to come in there please. Just to add and thank Harris for that helpful explanation just to reassure the council that we're also part of network with performance colleagues across other organisations particularly through the WLGA and as we look to develop out our use of outcome measures we're looking and we're networking with them in terms of other practice we can we can learn from and share. Audrey please. Thanks Chair. It was only a quick one for Richard I was just thinking in terms of going forward. I just wanted to double check you don't actually get to name them but have you identified the service areas that are going to need additional support in doing that the outcomes, evidence in the outcomes and where they may need additional training. Yeah and I think we're all going to look to be more targeted so as part of our service business planning process we do a quality assurance process. I say we kind of largely largely leads that and a hand is in a piece of work to review all all 50 of our service business plans looking at the quality of the different areas and where those who perhaps need more support in different areas not just self-assessment but on things like risk for example others we'll we'll be more targeted using that information we've got to focus on certain areas and supporting them to strengthen the arrangements initially but really equally there will be an offer open for anyone within the organisation who wish to take it up as well. Okay, you're not seeing any of our hands raised so let's conclude this matter. May once again thank you, thanks, extend our thanks to Gareth and Jason for her contributions please feel free to stay but also please feel free to to leave as you as a dean for it. Many thanks. Thank you, Jane. Okay we'll move back to item six which is the Risk and Management paper. I think this paper is going to be introduced by Richard Jones, Performance Data and Insight Manager and Hannah Carter. I understand there's going to be a presentation, I don't know which all you want to take it but maybe is the presentation first or do you want to introduce this paper which is easiest for you Richard? Okay, if I introduce it and I hand over to Hannah who will share a screen on the call for everyone just to talk through a bit more detail about the changes and updates to the Risk Management Policy were proposed as part of the paper. So yeah thank you that chair. So there's two main parts to paper before you view to the committee. First of these to seek your feedback on our proposed revisions to the Strategic Risk Management Policy which just said Hannah will talk you through shortly and the second is to provide you with our own assessment of our implementation of our current Risk Management Framework and also to provide you with an overview of our current student risk facing the organization which I would be familiar with is part of our regular six-monthly reporting to you as a committee. Just briefly provide a little bit more context on some of those parts we'll hand over to Hannah. So in terms of the update to the Strategic Risk Management Policy to have a little to remind you why we've undertaken it now both in terms of our own self-assessment arrangements, the feedback from this committee and the feedback from interlord and our general desire to strengthen risk management and the organization's sort of led us to complete the review before you today and obviously the evidence feedback from all all those sources including yourselves has been considered as part of the policy. So thank you for your challenge and support in it. It's so far welcome anything further today. I think it's going to emphasize that the policy review has largely built upon arrangements we have in place. It's not looking at radically changing the basis and foundation we've got which I think it's worked as it's looking at strengthening and developing on our arrangements through the policy and we've presented three parts to pre-part to you tonight today. Firstly the policy itself secondly the risk appetite statement which obviously a key development within the policy and thirdly we thought it was helpful just to attach the sporting risk guidance as well and this is one of those as I mentioned earlier one of those many guidance documents we have in place to support services to actually implement some of our policies and in this case this supports the supports of guidance. This supports the policy sorry but as it's guidance it's not you know formally part of it but we thought it would be helpful to share with you as part of your scrutiny. The second part is our effectiveness of our assessment of our effectiveness of current student risks. Again this is building upon I think the last assessment review which was in February one of key updates just to bring your attention to which we factored in is we've had the conclusion of the internal audit review of our risk management arrangements which we we've considered as part of this assessment and then that gave a reasonable assurance rating you know with some areas of strengths and some areas of development and lots of which have we've embedded within the proposed revisions to the to the policy and then final part is to provide you with an overview of our risk register. So the main update changes to risk level summary of the key mitigating actions that have taken place that have been delivered or behind schedule in some cases in the last in the last six months since the last brought to you and as as you're familiar with now the responsibility to scrutinize the actual fall detail the risk register will go to performance and overview scrutiny committee in May and the the fall register will then also represent its cabinet to be be endorsed in in June. Finally today I don't know if you're going to cover the action points on the work role now would you want to come back to that? Coors just become back then because there's a lot here which need to to unpick it so finish the introduction and then go back please. I'm going to do a guide you through the policy changes. I'll just share my screen and we have a short presentation to go through so hopefully everyone can see that. Yes. So Richard has just covered these main points why we've done the the review and the role of the committee and so if I just go through some key changes so firstly we've looked to expand the description and introduction of wider risk management arrangements that the council has in place and so this has helped us to link to tedious management with the wider arrangements and then also to provide an additional level of assurance to both officers and members and that the arrangements that we have in place are wide ranging and also robust. Secondly we've looked to adopt the three lines model which is derived from the UK government's orange book on risk management and so this has helped us to more clearly define the responsibilities for risk management including the separation of risk management and overseeing the risk management process and this will help us to delegate and coordinate risk management roles within the organization. Next is the introduction of horizon scanning into a policy so I'm sure you all know when identifying risks there's a need to look at both what's currently happening but also what is going to happen and so we will use this horizon scanning model to produce sorry risk radar report on an annual basis and this will outline potential risks that may impact more mature overcoming years so this will help us to identify key uncertainties and challenges that may affect our organizations objectives and operations and thus help us strengthen our risk identification arrangements. Next is the introduction of direct risk registers so these will help us to track and manage the most significant risks facing each director. We currently have over 50 service business plans and these all feed into our singles treated risk register and so these direct at risk registers will essentially form a middle man between these two and sit between them and help us strengthen our escalation de-escalation and risk identification process and will also help the directorates in facilitating more robust and often discussion of risk. Next is our risk monitoring reporting so we have worked to further define our risk monitoring and reporting arrangements and this includes setting out how each element of the risk monitoring process should monitor and manage risks and how these all link together and we've also worked to outline our reporting arrangements on risk management including the role of this committee in overseeing the effectiveness sorry of risk management process and the last significant change we want to highlight is our risk appetite statement so we have worked further to define the organization's risk appetite through setting a risk appetite statement and we set a risk appetite range for various categories of risk based on organizational activity so this includes Chijic, financial and environmental etc. The risk appetite range is from a lower limit of a verse to an upper limit of eager and we've gone for this risk appetite range model to allow for differing risk appetite to be applied to different activity that may be contained with the same risk category. This risk appetite statement will set separately to the risk management policy and this is to allow for more regular review and update to ensure it remains relevant and appropriate and so that's it for the key changes that we wanted to highlight in terms of the next steps for this policy and following consideration of feedback from this committee the policy will be presented to cabinet in June for formal approval and following cabinet approval we will work to embed the proposed changes and strengthening arrangements that are currently in place as part of a phase introduction and work with officers to embed this policy. Thank you. Okay thank you Hannah. Let's go back to Richard. Richard is going to pick up fee and pick up and cross reference to action three in the action list and highlight how we go into how this is going to be addressed back to you Richard. Yes thank you Jim. Yeah so so your action list contains an action around which corporate risk control policies is committee you should review. So we've considered this as part of the review of the policy as Hannah just outlined we identified under section 2.3 of the risk management policy other arrangement which are integral to managing and are part of student risks. So these are health and safety emergency planning, insurance, finance, internet audit, information governance and cyber security some of which I know you already have oversight of a committee others maybe you haven't had as much or or any site of it in your forward work program so far. So our proposal is as they are embedded in our link to our student risk management policy we think they're appropriate and logical that the committee has oversight of them. We've proposed in that as each arrangement each of those arrangements has different arrangements in place. It's important they're considered each individually and in context of the various governance and accountability arrangements they have but as a first step in your oversight to that we've proposed an in agreement with the deputy chief executive as well. We've provided your forward work program for July and I tend to bring together a composite overview of each of those as the first step in your oversight and then as a committee you can take a view from there. So that's our proposal to respond the action by obviously subject to your views cheering the committees. Thank you. Before we go to questions just to say thank you very much Richard and Hannah for great work here. I have the opportunity to speak to Richard several times and provide comment and feedback and much of my feedback has been addressed in the drop in the version you have before you which which really pleases me without wishing to constrain any comments questions or concerns. Yeah this committee has my personal view and it's a personal view is that this is the best articulation of the risk management framework I've seen in the public sector in Wales by quite some margin and it's a real sort of credit to the team involved with this and Peter if you could just take that compliment it is a great work and I'm really pleased with the progress made in terms of starting to articulate a risk appetite. That is a foundation for all good risk management and many public sector organisations shy away from that or paid lip service and I'm really pleased with the high quality intellect applied to this challenging piece of work. Saying all of that there's some real challenges now about operationalising and embedding this and this is where the senior leadership team and Dr Peter Davis our deputy chief executive to take an active lead in supporting Richard and team in this endeavor because it's essential to the ongoing viability and success of his council. I'll pause if you have a comment to make but let's go to questions and comments please members. I thought you'd look across at me then. I agree with what you say it was a slog going through it. I'd admit that it was a real slog but it was all there and you know it was difficult to punch any holes in it really but yeah it was a very very comprehensive report so well done. Thank you Phil. Peter. Yeah thanks Sharon thanks Richard and Hannah for that work. Just really something that perhaps we as a committee could recommend to perhaps front of the scrutiny committees or cabinet member to pick up on from the report and that's on 2.3.2 reference there to the Gwent local resilience forum and in particular to the community risk register. That register is clearly written for the public to read you know good see from the language and so on but I suspect that the great majority of our residents are blissfully unaware of of that document although no doubt it's hidden away well not hidden away it's it's secure somewhere on our on our website. I just wonder if we could recommend that some either one of the scrutiny committees or whoever have a look at whether we should be doing more to publicize that that register so that some residents they know what they can do to help themselves but they also know what we as a council can do to help them if if the risks become realities. Thank you. Thanks Peter. Richard able to give a response to that please. Yeah I think it's really important part of our arrangements and you know it's why we would innovate it in terms of you know we'll be looking at from an organisational perspective so relevant risks and one wish we came to council's delivery of its objectives we'll also feature on our street interest register as well I think in terms of you know clarifying the roles and responsibilities as I just mentioned is that emergency plan will be one of those areas linked arrangements that we've proposed and to bring back to you in in July you know clearly that register is an important part of it so in terms of you know any further action or oversight it might be you know helpful for the committee to receive that paper and then you determine any other further scrutiny or activities in result of that. Yep I've had some sensible way forward thank you Richard. Martin. Thank you Chair and I just reiterate your comments I think it's a terrific piece of work really comprehensive. This I presumably going to be some training alongside this again to make sure that people understand what their roles and responsibilities are and that's particularly the introduction of director at risk register I think is a really excellent way of connecting it feels like a big gap from 50 to 1 and hopefully that means that director at senior leadership teams can have the regular discussions with us. I presume somebody is the risk management champion over to I don't know if it's you Richard but somebody in the organisation is that's that role and so somebody put some challenge into the process so when the director of risk register is to exist and things bubble up to the corporate risk register that somebody says why that and what's happening here you know we just check it and being you know putting a level of challenge into the risk register I think that that would be important. There's a really interesting comment about risk tolerance in here which I always describe as the number of plates you spin at once and that's really interesting as well because you're going to have individual risks and they can add up into something considerably bigger so I'm pleased you've tried to articulate that. There's a section of risk appetite and I hear Hannah what you say about a range but I think that there are risk appetite statements are guidelines and then maybe exceptional circumstance where you go outside even even a range but if something happens that so the upside is so big that you might want to take that risk and I think it's worth saying it's okay to go outside these as long as it's well you know the management magic phrase and if all your whales are here they now they'd still say this well managed risk taking is what they're after so if you've considered all the episodes and all the downsides and you made a decision and it goes on they won't kick you with well that's what they say in theory I will hopefully we won't get that point. Finally on horizon scanning I think that's it's also great that you've mentioned that I just wonder there's a lot of discussion in the paper about world and UK events that might sort of come our way there's also local things which you might think about so I wonder how you incorporate some more local horizon scanning whether there's going to be a risk management group of sort of willing people who are going to have that sort of a little bit of blue sky thinking every now and again that might be really helpful and if you really want to give your risk register the next level you can actually have the horizon scanning built into your risk register in terms of how far away is the risk and I've seen some risk register as well as you've read up the green for the scale and the risk there's also a proximity alert which is which in some place they've used blue as the sky is blue it's a long way away or grey the clouds are coming and black it's raining and it's here and I think that's kind of helpful as well in terms of understanding how far some of these things are because if it's a legislation maybe a couple of years down the road but we know it's coming versus a Q&A now kind of risk thank you Richard thank you thank Martin for the comments I think you know overall it raises a very important point you're a thank you committee chair and everyone for your feedback there's a team effort particularly involving Hannah but a wide range of colleagues so we'll take that back I think the important point you've you mentioned there Martin is about then embed in this I think you know Hannah Hannah may kick me into the table for this but this is almost the first part the big part then is actually operationalizing this and applying it and make sure people train and stand what it means applying it within the context is meant to be applied and applying it robustly as well I think that you know that is the next step for us you know in terms of our self-assessment report we bring to you as a committee we will be looking to know both test ourselves on that and give you assurance or or any areas where we think we're still to develop you know part of our process to bring this forward over so over the next six to 12 months in terms of embed in different parts of this policy once it's approved by by cabinet hopefully in in June and that allows time to make sure actually that those requirements are understood the processes and structures where they're not currently in place or they need to tweak are changed and that that understanding of the arrangements are really important I think you made a good point about you know risk appetite it is those guidelines it's partly why we went for a range is to provide that guidelines but I need to be applied appropriately and you know both in terms of well managed risk taking which is ultimately the heart of of what this paper is trying to try to get to we do you know as a team provide some challenge to any new risks and move forward but ultimately also then we've got those responsibility holders within the process set out in the policy to actually make those decisions as well to determine you know what's escalated into yes late off the studio risk register and I'm guided by guidance as well then yeah thanks for the helpful comments on sort of horizon scanning I think an area that you know so could be valuable in your forming you know just the next few months for the next few years in terms of our risk management and our policy development as well yeah and certainly looking local as well as you know regional and national trends will be important again something will be you know keen to engage a range with you know both both partners locally and regionally and nationally in terms of the evidence we can gather to inform that and again you know some of those challenges will be unique to mama show but some will be more localized in a different way or presenting themselves specifically in mama show we need to be aware of so yeah that's when we know a lot more to come great thank you Peter thank you Chair Tony just very briefly but first of all I probably don't want to take the plaudits as was maybe being suggested earlier to recognize I think what what's an excellent piece of work I think that's been I think that's with Mack Aitos and obviously Richard and Hannah but I think it's probably worth while we mentioning just echoing I guess Richard and Hannah brought this in front of strategic leadership team a few weeks ago I think the reaction and the response is very similar to your own chair and that of the committee I think this is an excellent piece of work it was unanimously supported I think it's the next stage of evolution I think in terms of our risk management arrangements I'm also particularly pleased in the way that the debate in the conversation took place SLT in the sense of really pushing back at immediate adoption and in fact that point of six to twelve twelve months leading because actually it's it's affording what is in fact the necessary time I think for us to be able to transition up into into those arrangements and make sure that they are using Richard's words properly and appropriately embedded I think the final point really is back to the action on the action log that I think Richard has talked well to and I think that there seems to be general comfort about bringing that report back in in July but clearly there'll be a piece there just in terms of being able to demonstrate back to the committee the arrangements I think rich probably take a second a second opportunity hand in hand with it to maybe take the policy now in its rewritten form and be able to actually apply that lens to it as well so it's maybe you know cutting our teeth you know with the new and updated policy on those identified corporate arrangements I think it's probably a really healthy thing to do up front okay thank you so let's look to conclude this matter if we turn our attention back to paragraph two recommendations it is a view of this committee that it recommends the policy for adoption by the council it is comfortable with these self-assessment results are set out within the body of his paper and it is comfortable with the proposed way to address the action tree and action list by by means of bringing forward a paper to his committee in July setting out relevant information so thank you one and all we will now move to the next item which is the internal audit plan at agenda item seven this paper being introduced by Jan Furtec our acting chief in ten Lordita Jan as per usual assume we've read the paper but draw out key points please thank you chair yes so this report aims to inform members of the governor's not a committee on the work to be undertaken by the intern lordit team at an operational level during the 24 25 financial year and I'm requesting that the committee review comment and approves this audit plan so the mission of intern lordit and the reason why we are here is to enhance and protect organizational value by providing risk based and objective assurance advice and insight we're an independent team we provide objective assurance and also consultant activities designed to add value and to improve the organization's operations we use a systematic approach to evaluate and improve the effectiveness of the risk management framework the control and governance processes within the council so the audit planning process takes into account all possible systems processes sections establishments that could be audited within mommasher this includes all services activities and functions which mommasher commissions and or delivers via a third party or via collaborative and partnership arrangements for the 24 25 audit plan the total number of available days amounted to 1300 that was based on five full-time equivalent auditors in the team for a full year we then take off an allowance for planned annual leave any sickness or estimated sickness training management time and admin time which is deducted and to give us our operational lordit days for the year so that calculation has left us with 813 operational days which we allocate across all service area director it's on a risk basis so the summary of that can be seen as appendix one in the report within this 813 days we also set aside 70 days for any special investigations where they could be allegations of fraud theft or bribery against employees of the organization and to also complete any reactive work as we need to if the intern lordit service was to complete a review of each of the service areas which would either due for audit or had not yet been audited and during that during the next financial year the resource required for the team would account would amount to around 2873 audit days therefore the audit plan has had to be risk assessed and prioritized to match the resource of the team chief officers and all heads of service were given the opportunity to contribute and to shape the audit plan the initial plan was provided to a meeting of the street leadership team along with chief officers in the departmental management teams to discuss and to refine a copy of the draft audit plan was also due to be presented to the meeting of the governance and audit committee on the 14th of march this year however as the meeting was cancelled a copy of the covering report and the audit plan was sent to all members via email as an opportunity to provide comment and to highlight any requests these have been taken account when devising the final version of the plan so there's a couple of key changes between the draft and the final audit plan these are highlighted within section 3.13 of the report and the majority of which were work in progress at the end of the flange leer which we didn't quite get over the line and to be issued as draft by the 31st of march it's important to highlight that this plan may change as the year progresses especially if the risk profile of our audit work changes it is intended that the audit plan remains fluid and will be dependent on any new priorities or risks emerge into the council so we can do reactive work as and when we need to this plan will therefore be reviewed quarterly by myself as the acting chief intern lordster and discuss regularly with the deputy chief executive and chief officer of resources and also the chair of the governance and audit committee as and why necessary if we do need to significantly change the audit plan that will be brought back to the committee for further approval consideration is given throughout the audit plan for the appropriate level of resources for intern lordit at mommasha came to council the current establishment of five members of staff remains just about adequate for the current level of assess risk although this will be considered as part of a later item on today's agenda it's worth noting that if there was any unplanned absences such as long-term sickness accomments prolonged investigations or prolonged reactive work undertaken this could significantly impact on the audit plan as cover is limited so the 24 25 audit plan is attached as appendix two to the report the audit jobs have been risk assessed and prioritized which matches to our available resource for the year we therefore have 47 audit opinion jobs and 25 non-opinion jobs incorporated into the plan and it is my opinion that this will be sufficient audit work and coverage to provide informed end-of-year audit opinion to committee this time next year so governance and audit committee are responsible as per the terms of reference of the committee to approve and monitor the intern lordit plan over the course of the year quarterly reports will be presented promptly by myself informing committee of the current progress against the approved plan the opinions issued issued an assembly of all unfavourable reports the committee's role is to hold officers to account and provide oversight of the audit process and the organizational system of internal control i therefore ask committee to approve the 24 25 audit plan and happy to answer any questions thank you Jan questions or comments please Martin thank you Jan it's very comprehensive as always one thing i don't get a flavour from from the the table of appendix two which lists the audits you have yes knows as the order to do and then you alongside the ones you have chosen there's a risk level of mediums and highs obviously no low level ones all the ones that are yes but you're not including i presume they are lower risk level and the ones you have included i presume that's right um is a good question um so in terms of the column with audit due so that's basically any area that either has not been audited or hasn't been audited within a five-year period we then risk assess each individual review to ensure that we concentrate on the jobs that need to be done within a year so um a good example could be second one on the list budgetary control capital that that would be a high risk review it is due there are a number of reasons why that has not been included within the audit plan for the current year um but it will be picked up most likely next year as part of the audit plan so there could be other ones like that it's all part of the risk assessment process thank you yeah and i figured there was more to it than meets the eye initially okay that that's helpful i'll come back to resources in a second but one thing you you you you you brought my attention to was powers 37 and 38 as you said they've got five whole-time equivalent stuff which adds up to 3,300 days and then you've said our allowance the lease signals training management admin is deducted and that brings us down to about 800 days so we lose 500 days or i don't know what's what the heck's that best part of it's over a third of our time it's a non-productive audit work and it'd be interesting how we talk about key performance indicators i thought that's not a particularly good place to be in i understand entirely staff we're entitled to leave and if staff are sick etc but that feels like a big big chunk of training management admin from our from our work i just i like to that the other question i was going to ask is around volume of work and the width versus depth and whether 72 jobs is too many jobs whether you can do more jobs or you do less jobs how long it takes but that's those kind of questions thanks John thank you Martin um yes in terms of your first point it does seem a lot of time um obviously annual leave is and bank holidays is statutory obligations we have to take that off and we have been quite frugal in terms of the calculation it all is all done scientifically in terms of um across the team to do this calculations we put in a nominal amount of sickness obviously we we don't know and hopefully none of my team will be sick over the next year um but we have to put in a nominal a figure on that obviously if there is um spare capacity during the year um sickness allocation has not been used up management time has not been used up admin time has not been used up um then members of the team can do potential and planned work and we add that back into the reactive time or we're a job has um overrun uh for whatever reasons it could be additional work required out on site then that can be used to offset some of that time as well in terms of your second question in terms of depth versus the number of audit jobs and that's part of our risk assessment um for each individual audit review so at the start of the year in that audit plan i put in a an estimate of time that we need available for each job so that's based on cumulative audit knowledge um that's not to say that a job might not overrun because i've put it down as 15 days and it might require 20 because of the level of depth that we need to go in to um during that review so each individual review is scoped we ensure that we cover all the high risk areas within that obviously if we had more time we could cover more areas and but we are trying to get as much audit worked and as much coverage across the council done with it with our resource thank you go to peter next please yeah thank you john um it's clear for me a report and and from your your answers that you've got a team who are dealing with a very heavy workload that you're only able to deal with with very careful planning um are you able to sort reassure us that your team are feeling positive about their work that they're not feeling overwhelmed by why that amount of work so that they're perhaps suffering from excessive levels of stress and anxiety because that in itself is is a risk um both from the point of view of our duty of care to our staff but also in terms of you know if we have those situations then people do start to go off sick and so on and then the NSA work doesn't get done things slip under the uh under the radar and and so on so i don't know if you could comment on the the general level of morale amongst your team yeah thank you for the question yeah so i'm not not going to lie audit work is is very challenging um the team are quite often put in quite uncomfortable situations especially when they go out on site um they have to ask a lot of questions that potentially sometimes are not welcome um and obviously deal and deal with that accordingly then especially if management disagree with the line of questioning or the recommendations which they then issue um so it is a difficult auditing is a difficult job um it's my role as um the manager of the team to ensure that the team uh um the team morale is is there that um members of staff feel supported when they when they do audit when they go out on site um i like to think that i support i support the team um and make sure that they they know they've got um got someone's got their back when they um when they go out and ask ask these questions um i'd like to say that the morale and the team is is quite good at the moment um and as we move on um i'm not not gonna say that let's say this it's a difficult job um and will the proof will be as staff remain happy staff remaining in work and issuing issuing audit reports yes just say thank you for that don't not make yourself a hostage support you now don't take take quick care and thanks for the clarity of answering and that little insight you you you've given us into the difficulties of of the nature of the job and uh certain circumstances i think many of us just don't appreciate unless we're reminded about it thank you yes that is the addition maybe um noting that there's an inherent tension between the order team the order term but generally orders are treated with respect for it Monmocha is that correct? yes that would be correct yeah great okay we'll go to Rod VNX Vince era Rod V please thanks thank you um just think in terms of forward planning uh yan at uh 4.7 it says about the global internal audit standards becoming mandatory in uh January um but that you um you're currently waiting for the guidance i was just wondered in terms of time skills in terms of you getting that guidance and what the likely impact would be in terms of your work schedule going forward okay thank you yeah so the latest that we've heard um should i believe as a starter last week was that there's still no decision that's been made on the if the public sector internal audit standards are going to be updated in light of the new global internal audit standards or whether the global internal audit standards will be implemented across the public sector in the UK the last i heard was that although the global standards are effective from the first of January it's likely that the public sector will have at least until the 31st of March and before they have to come on board with whatever standards are going to be put in place and whether but they're still considering whether the public sector standards themselves will be updated or we go on to the global standards so at the moment it's a wait and see um i don't think many heads of order quite happy with that we want to get going if we need to make changes we want to make them i know i've got a presentation down on the work program to give committee which we keep on pushing back there's no point in doing it until we know what we're what we're actually going to be playing with um so it is it is on our radar and we will look to implement as soon as we as soon as we know thank you Sarah please thanks chair a related question to peters i suspect and that chair knows that i've always said that strong audit is what and it enables an operational manager to sleep at night um i was concerned to see that in the in the audit plan a number of areas which had not been audited for some time or indeed in some cases ever um presumably because they were regarded as low risk but i'm just to what extent do you feel the team is is playing catch up on on previous years and things that have not been thoroughly audited previously i don't want to say that hasn't been thoroughly audited previously um it is just the volume of transactions the volume of areas that a council will and has to manage um we can't get across to everyone i mentioned that ideally we'd look at every area across a five-year period i think that is nayon impossible the the amount of actions that and the amount of teams across the council that would require some oversight and then this certain reviews that we want to do every year or every other year and some some of the fundamental financial systems like council tax um debt recovery we want to look at those more often than than other areas so unfortunately that means certain areas that are considered more lower risk would get pushed back and likewise the new duties that the council take on at the same time so some of the things that have never been audited it might because it's been a relatively new duty so we're waiting for a period of time for the service to embed themselves before we then come in and look at them so there's a number of reasons why an area might not have been audited um obviously we want to get across to everyone i'd love that column to say everyone's done within the five-year period in reality it's just not going to happen unless pete decides to give me an extra five or six months of staff but that's going to be for his decision yeah i think um i think yan's answered that well i mean i think the only supplementary add to it is um in probably describing the horrors of horizontals and the verticals of the organization so you know there's a nature of uh you know a variety of the uh audit work that's within uh the audit plan that i guess is cross-cutting um and you look to get those assurances around for example payroll um as has been you know a good example of um you know and that um allows us to to be able to get that sort of overarching sort of level of comfort um or at least where um inherently um you see those controls playing out through the organization um but by its very nature internal order is uh going back to i guess Richard's last item um you know it's an assessment of risk um on the basis of you know the best intelligence that you have at a moment in time and i guess even an internal audit plan and the one you see now um is iterative in that nature there may be risks that will materialize during the year and and it happens um you know what it work will switch out and in accordingly and that's the way it should operate um but yeah we um you know you're never going to get through a local authority uh a whole array of local authority services uh even in a five-year time frame um but we have we we do have wider business intelligence you know it's not it's not always an internal audit um that will give you a level of comfort uh with regards to robustness of arrangements within one service area to it to another um you know there's other lenses that are applied as well and again all of that feeds in to the construct of what you've got in front of you now thank you okay i'm not seeing any of the hands raised so we look to conclude by saying thank you for the paper very helpful and this committee approves the order planner set out we want to item eight item eight is the external QA of internal audit uh so back to you yarn please thank you chair yes the purpose of this report is to inform the committee of the external quality assessment EQA of the internal audit team which has been recently undertaken to ensure compliance to the public sector internal audit standards the public sector standards require internal audit teams to undergo an external quality assessment once every five years and they should be undertaken by a qualified independent reviewer from outside of the organization it was agreed by section 151 officers and the whilst chief auditors group that each local authority would complete an internal self-assessment which would be validated by an external reviewer from an independent council this approach was used for the last EQA which was completed um in may 2018 and has continued to be the approach undertaken across the public sector over the past couple of years it's important to note that the external assessment should have been completed by May 23 on basis of the five-year period from May 18 however due to the resignation of the previous chief intern-lord in April 23 and myself coming into post later that month it was agreed that this EQA would be delayed until quarter four of the 23 24 financial year to allow for an honest evaluation and validation process to take place so Monmasher's peer review was undertaken during quarter four and this was done by the acting into lord and manager who has the head of into lord at responsibilities at kafilly county borough council they are provided with all the self-assessment information associated documents and evidence as they saw fit um to request the results of the peer review assessment and the validation process can be seen as appendix one which is the final assessment report in summary the review confirmed that the Monmasher intern lord team generally conforms with the public sector intern lord standards and the areas of non-conformance would not considered to be significant there was one area of non or partial conformance and three actions required to strengthen the existing areas the area of non or partial conformance was that the EQA was delayed past its May 23 due date this was deemed minor by the assessor and not material to the overall assessment so the required action is to obviously complete the external assessment and ensure that this report is presented to the committee there are three areas for consideration which would help the team strengthen the team's conformance so it's amending the core principles of internal audit practice based on the new global standards which will be done as part of a review of the internal audit charter once we know these including a direct link and a direct reference for the local code of corporate governance within the audit charter so again that'll be completed when we review our audit charter later this year and to implement a standardized CPD recording process across the team which has already been implemented so we had implement we had identified these as areas for improvement within our self assessment and that was confirmed by the head of audit at kafili so that's our external report can be seen as appendix one and happy to answer any questions thank you Martin not an odd question but it's not observation I think it's a terrific outcome for you and the team Jan and I think generally conforms is such a a sentence which doesn't convey how good a report it is because there is no higher level than generally conforms it absolutely conforms is what it should say and I'm really pleased so congratulations you and your team yeah thank you and with clearly I would echo those remarks so it's a well done please pass on our gratitude and thanks to your team as well are there any more questions or comments no okay in that case we conclude by noting the various satisfactory reports many thanks okay item nine the implementation of internal audit of three recommendations back to you Jan please thank you chair yeah so my final report is the monitoring of implementation of recommendations issued during the 22-23 financial year so the purpose of this report is to show committee provide committee with an update on the progress the operational managers of it have made implementing these recommendations and to also confirm that this report has been presented previously to the council strategic leadership team so again a requirement to the public sector interlord standards is that we monitor and ensure that management actions or recommendations have been effectively implemented or that senior management have accepted any risks of not taking appropriate action so we conducted our follow-up work in January 24 we excluded one report which was issued with a limited audit opinion which was our lady in st michael's primary school due to the unfavorable opinion the school was subject to a formal follow-up audit visit which took place during march 24 so the results from the follow-up audit will be reported to the school chief order to answer the governance and order committee in due course during the next meeting but i can say that it was a more favorable opinion our approach to completing the follow-up work was based on the fact that all recommendations and action plans are for managers to implement within their agreed time scales so the most effective use of our resource was to contact managers to complete a self-assessment they provided the details as to the progress made and we reviewed the responses to ensure that senior management have taken the necessary action so overall during the 22 23 financial year we issued 82 recommendations and table one within the report provides a summary of the findings it's pleasing to note that overall 84 percent of recommendations had either been fully fully or partially implemented where they've been partially implemented um the details of the actions taken to date along with the revised implementation dates were provided by the manager and reviewed by the audit team and we were happy with the with those explanations there were eight recommendations which was stated as not yet being implemented the reasons for their delay was reviewed by the audit team and new target dates for implementation were confirmed were confirmed by managers as table two shows the majority of these were due to a timing issue we followed up in january of the eight five of them were due to be implemented by the 31st of march so that it was already entrained the actions were already being taken um the other actions which are delayed between june to december there are reasons why and were comfortable that those revised implementation dates are correct there was three recommendations where managers effectively decided to accept the risk associated with the original audit findings although it's disappointing to note that the recommendations will not be fully implemented we are of the opinion that the acceptance of these risks will not result in any undue risk being borne by the authority um this report as i mentioned has already been presented to a meeting of the council's strategic leadership team in february this year um chief officers are made aware of the recommendations outstanding within their portfolio and the chief executive has asked that all chief officers review the report and satisfy themselves that appropriate action is being taken by management especially where the risks have been accepted and that the chief officer was also comfortable to accept that risk in addition to management um so that's the report and happy to answer any questions okay thank you very much well i have any questions or comments for honest reports please okay no it looks like a clean bit of health clearly um if anything changes in terms of example the chief officers disagree with the view of their fairs um as direct reports please update us otherwise i think we can note those reports and be comforted by what's been set out there thank you once again we now move on to item 10 item 10 is the proposed future delivery model for internal audits and asked peter davis our chief deputy chief executive to introduce the paper over to you peter thank you chair um i think this has been a subject of ongoing reference for the benefit of the committee to understand how we're gonna look to consolidate and move forward with the internal audit service and given the former chief internal audit Andrew watson uh leaving probably about 12 months ago and committee will be aware that we were exploring conversations around a variety of potential collaborative endeavors and notwithstanding you know yan highlighted the interest earlier but yan has been working very closely with me and through variety of other conversations to look to develop a much more mature position and obviously a business case that looks to present a set of options and obviously a recommended option to move forward um undoubtedly i'm you know working on the basis that uh committee members have obviously read through the report and you'll see that uh the conclusion that is reached there um is for us to recommend that we remain actually in house but importantly to consolidate uh both the resources the skills and and the nature of the roles uh within the team um and that's uh as a consequence um and i think as the committee will will know um um i think uh it's been certainly a desire of mine and certainly the chairs as much as the committees to to make sure that uh you know we draw um swift conclusion uh in terms of the you know the way forward um the report i think has uh rep you know represented in in report form uh quite an awful lot of work that's gone through by way of discussions and and and looking through the detail and you understand i guess by the options assessed uh that those uh those aspects of uh looking at cost and independence and flexibility that each of those models obviously offers um some some of those options uh i think that we were exploring fell away quite quickly by way of the conversations that we sort of evolved um and um you know you even though that they uh stood on similar fair footing i guess in terms of their scoring um i think probably the most mature collaborative arrangement um and probably potential option for us in comparison to the in-house option was uh the regional intern lordit service that's uh currently in place um but we've you know engaged in a number of purposeful discussions with them uh around that and they've uh to their credit they've been very open in terms of sharing of detail and information booked in terms of structures and costs and the like um and for us to be able to assess and weigh and understand that uh against uh i guess the option that we're recommending to remain in-house um you'll see from the report that um uh in fact uh if we had been to entertain the regional intern lordit service that would have actually ended up costing us more um yes i understand uh there is invariably a point in terms of resilience which is what will come into play when whenever you look at any collaboration uh in all honesty um but i don't think that uh in fact outweighed uh i guess those other factors of cost uh and independence and flexibility is afforded by the in-house model i think it's important to note the experience that we've had um and mappy to put that on the record in terms of i think any you've seen it you know meeting on meeting in terms of you know what yan has uh look to achieve uh and to the i think the questions about the morale of the team uh earlier um i've uh um you know been very much uh in a place of having that straight talking discussion with the team and with yan um and i've welcomed the nature of them coming back to me uh quite early on in terms of informal feedback and that you know they're very very pleased um in terms of the trajectory they've taken and under um yan's uh leadership um but i don't i don't think i need to tell you that um i think you've seen that so um in the quality of the reports that are coming through um so naturally um and this is an important part i think of just you know i'm talking here publicly on live stream um you know i do want to thank um the regional internal audit service for the opportunity they've presented at this moment in time um and it's not to say that there is any door shut on any collaboration actually um you know you're going forward i think that would be sort of a naive statement to make i think uh yan as well as myself recognizes that the the world doesn't have a dynamic and changing place i think we all know that um but certainly i want to offer the team stability in order to consolidate off the back of what's been a really good first year under yan's leadership um but i've you know i've rightly had to uh demonstrate that through the um the business case and the report that's in front of you today um i think that the sensible decisions through both of us uh myself and yan and working with the team i think it's um it's been recognized the slight change of shape of the team's structure i think the need for a full-time equivalent chief intern in order to i think um is is is quite key um and i'm not gonna i don't think i'm gonna criticize the the previous arrangement where we shared one with new port um but i think by the the experience i think of or at least having the opportunity to be able to consolidate that more fully as as one full-time equivalent um i think given the environment that we're in nature of the debate today and in terms of you know um having somebody who's going to be able to offer that level of dedicated time in that senior role and that senior position and we've got to go through process uh in and around that um and that's the uh the interest you're showing um clearly at the outset of the meeting um but i think the fraud aspect is also very important as well in inherent within that um i think yan um and i think well i think we both knew and i think the committee knows that there's a need to um i'm not going to concern around our arrangements um i think i just want um an additional level of rigor in and around those arrangements and again given you know we talked about risk through this meeting you know and that's an area that all public bodies um you know are facing um into in terms of those inherent risks of of fraud as much as you have shan and kath uh come in to talk about cyber security you know there are areas that we have rightly invested in um in recent years to strengthen our capabilities and i think now is the right time to do the same uh in and around um our internal audit work so so yeah the report i think uh talks to itself um i'm really interested to just sort of get feedback from the committee um and to hopefully get the endorsement of the committee to sort of move in this direction and certainly for this uh this next period of time so thank you. Thanks very much peter we'll go to questions we'll start with tony please yes thank you chair um the two questions well i want to comment and to tell us a question 4.11 you've touched on the detachment of a shared service without your experience of the previous way we operated or was it a shared service or a shared person at that time the other question is um there's an indication that there's an increase in fraud um have you been able to identify where that fraud why has he increased where it's come from i noticed we've got detection regions to find it out but is this something pre-pandemic or post-pandemic just caused um a lot of work and things like that which might create fraud like i'm assuming it's fraud within the organization rather before the organization so in response to the first question um it was a shared post it wasn't it wasn't a collaboration in the fuller sense um even though i think you know a deepening of collaboration with newport um was one of the options that is obviously presented in the paper i think newport um and i think if um if mary and my my counterpart was here today i think he probably acknowledged one in the same they're in a they're in a different position to us as a result of um i think vacancies that they've suffered through a period of time they've looked to buy in from the market and i guess they're they were in a slightly different position in terms of understanding fundamentally what their next steps were i think in the way that we've been able to consolidate um you know over this last year we we we're in a different position really in in assessing our options um but um so yeah on that one and again to my only comment there's no criticism there in terms of what was there before um i think it's just the opportunity of time and for us to assess uh you know what what the most appropriate next step is um sorry remind me on the second question sorry fraud fraud yes regarding the preponderance or are you as a word preponderance it might be wrong of an increased level of fraud i find fraud prevention obviously is this something which has come from post-pandemic so i might be home working so yeah so i guess if we if we if we if we sit the pandemic very specifically when we talk about things like business grounds aside um then you know we've we've not we've not got a pattern uh of significant fraud um even even despite the fact that you know we've got good arrangements in place um the the increased incident of fraud is something that is being seen across public sector so um invariably we we would be complacent i think to just sit on our laurels of low levels of fraud and just be comfortable um with the arrangements that we have um so um you know it's the need now for us to establish now that um that more dedicated role and um you know that conceivably inform i guess me and yan and the committee and in terms of and in the similar way to what i just touched on and with cyber security um and how we've evolved that in recent years you know that will that will guide us again in terms of the next step of our journey any any other questions or comments Martin thank you thank you Peter i'm a little surprised i guess that it's cheaper to be in house than to join with other organizations and i think you inferred that that's because we pay less um pay less and the gradings in which they in which the way that they assimilate okay across uh because they they sit differently and in terms of with the regional internal audit service uh to us and um that leads to upward trajectory in terms of assimilation over okay so it's a combination of it's probably probably the latter more than the former i think isn't okay so i was thinking about the risk is clearly if there are other organizations which are paying more for services we won't have yan for long because he'll go and get more money somewhere else for example for example of course he wouldn't easy loves it here and the other thing about having a smaller team is the specialties and it doesn't it isn't directly addressed i don't think in the paper things like cyber and it's very specialist areas where we have that facility in household we have to go buy that in yeah i think um i think it's the extent that we need to determine as to whether that needs to be drawn in or it can be developed i guess inherently within the team um so also you know it's kind of a conversation to be worked through so for example if we take something like the shared resource service the SRS which you've you know had a level of exposure on in in the last cycle and i guess Torvine has got a level of experience in that and undertakes the internal audit work in that area so sometimes you know that answer is not not not not too far away in terms of being able to identify the means to achieve that thank you that i think i think that's helpful i'm i'm supportive of the paper i guess because it's a it's a reasons positioned to be in but it feels to be running against the way the world is moving in local governments where individual organizations can't afford the standard they've owned yet in this case we seem to be able to and the clearly works out to be the case i wonder whether there's a lot of coverage on committees and sharing across grant etc but that got hula quickly purely on in this isn't it yeah and i'll probably make note of because it's public our seat RCT stepped away from the regional internal audit service in recent months you know they all have done that for their own reasons and in in terms of i guess as i understand it a bit of a consolidation and focus in terms of their own their own internal governance because they felt that i think in the way that it's been described at least it's you know it's allowed them to come back to i guess that bit around flexibility and being able to you know be able to really clear in terms of where you direct your internal audit resource so it's just you know it's just worth to note that and then the other bit on collaboration is you know collaboration in all walks of life in public service needs to be very carefully thought through you do not just collaborate for the sake of collaboration it's got to be for the right reasons so yeah and any assessment it's got to be a thoughtful one okay um Phil please yeah i was pleased to see the enhanced structure particularly in the current climate um quite refreshing really to see a team enhanced rather than depleted so yeah i mean obviously you accept that if we lose somebody there's there's a problem within the team but that's life isn't it um but no i think it's i think it's the right proposal i was just going to touch Peter on on our CT because i understand their model was to move performance closer together with internal audit which i you know that seems a bit counterintuitive to me that you know internal audit you know can hold performance back and and then perhaps not not best place to be too close together so i'll see i mean three moments of experience of me that perhaps that's uh that's the answer for someone else but uh but it didn't seem sensible to me okay i'm not seeing any of our hands so a couple of comments and one question i think um thank you Peter for paper i'm grateful to officers for early sight of draft of this this paper and the opportunity to provide feedback um i think it's it's a very good well thought out paper and clearly they're supportive of the recommendation i think it was important for our people that is the staff and this committee that we give certainty in terms of what the target operating model was and come to a swift and very sensible conclusion so yet again thank you Peter for your hard work in pulling this together so i so clearly clearly the recommendations accepted my question is is around timetable and all next steps i think the paper will say onto that could you just give us some insight in terms of what the next steps are please yeah thank you chair just remind me it just allows me the opportunity to come back in because it was one important piece i forgot to mention which is that um as you naturally expect it part of a proper process there's been a level of staff consultation um you know this extended obviously beyond yan but with the rest of the team um really good feedback received um but you know again very supportive in terms of the direction of travel um but not in a way of it the the option that being chosen is of course the option of least change for such colleagues they have actually come back in with very constructive uh comment i guess and in terms of how this can actually look to um put uh the internal audit service on stronger footing going forward um so that's that that's just good to acknowledge um so we've so we've already been through that uh hurdle back to your point on timeline uh so that's cleared so on the basis of um an endorsement uh today uh by the governance and audit committee we will be almost immediately looking to uh to to make move therefore um i'm looking to try and streamline uh the process uh as uh as much as i'm able to but obviously in in office offering fair opportunity i guess for the for the roles that are obviously um brought forward as part of the process um so you know i wouldn't want to get oh touch wood uh i wouldn't want to get passed um and the summer really uh with us um not having this uh or implemented in through okay that sounds positive thank you very much so clearly you have a committee's endorsement and look forward to an update in terms of when it's actually been implemented thank you once again we'll now move on to item 12 item 12 is the reformatted uh committee forward work plan may i just pass my thanks to wendy and i think Cheryl for the work they've um they've been involved with in terms of developing it i was content of the content uh but were there any questions or comments members no we'll then move on to the minutes of a previous meeting yet again i've reviewed vv's and they have no particular comments or questions but may look to members for their views happy to approve okay we will we will we will approve those minutes thank you and the final um the big part i shouldn't just confirmed we've already addressed item 11 so so at the top end of this meeting the final then that is to confirm the date of next meeting hopefully this new diary is 6th of June and think that concludes this committee meeting so thank you one and all [BLANK_AUDIO]
Transcript
Okay. We will now move to item three public open form. May I just check Tony? Your mic is on. Did you wish to speak? Okay. Public open form. This is the opportunity for members of public to address the committee to raise any concerns or relevant matters. Wendy, have we any members of public who wish to address this? That no chair. Okay. In which case we will move on to the action list. There's four actions in the action list. We'll start as this tradition with the first one and that's in relation to a paper, possibly an informal paper on finance team capacity. Members will be aware this is a long outstanding paper. So I can see John Davis head of finances on the lines. John, can we kindly give an update in terms of where we are of this paper, please? Yeah, afternoon, everyone. And thanks, Chair. Yeah, I think I communicated via email over the past week or so that the paper is near and completion. It's not a paper that is going to come in front of the committee as a report as such. So this is very much an operational paper that outlines the changes required to the finance structure. It's, as I say, near and completion. So I'll hopefully be able to share that with yourself. Chair, at the same time as it goes across to Peter has in his role as chief officer for resources to be able to consider and sign that off in the Peter's role. So yeah, hoping to be shared this week. It's near and completion. It doesn't mean an easy one because it encapsulates quite a few temporary arrangements that we've had in place. So just needed to bottom those out before bringing that forward as a final version. Hopefully that gives us an update. So John, thanks for the update. We did discuss it. We're at the pre-meter week or so ago. Given how long it's taken to see the light of day, I did strongly indicate that I'd want to pay per bike end of this month, which is effectively tomorrow. So I would like it. Water and all tomorrow, please. Are you happy to do that? I'll work towards that, Chair. I'll take a look through and hopefully share something at the same time that is sent over to Peter. Thank you. Much appreciated. Okay, we've gone to the actions. Actions 2 is not due until next month. I'm not going to go to MAT unless he signals that he wishes to update this point, but I look forward to seeing that paper at next month's committee. Item 3 is included within Richard Jones' excellent paper on risk management and item. What is it? It's fair. Item 6, conceived of looking. So what I'm going to ask Peter Davis to provide an update unless he wishes to at this stage and similarly item 4, that's not due until late in the year. So no update of this point is required. If we could then move on to item 5. Item 5 is the Audit Wales Program Council Board of Wales Work Program Council Progress Update. And I believe this item is going to be introduced initially by Hannah Carter Performance Analyst. So Hannah, over to you, please. Thank you, Chair. Yeah, so today we have the Audit Wales Work Program Progress Update for members to review. This is a six-monthly report that was last presented to the committee back in October. So this report provides an update on the progress being made by the Council in implementing the findings of Audit Wales reviews. This includes both local and national studies published by Audit Wales. So for our local studies, recommendations that we deem require further attention are marked as open. And then when a recommendation has been assessed as been adequately addressed, it's marked as closed and an explanation might be provided. So the local reviews currently marked as open can be found in Appendix 1. These include a review into financial sustainability and also a review into asset and workforce management. As well as these local studies, Audit Wales also publish national studies. And whilst the findings of these studies may not always be specific to Monma Shaw or necessarily pertinent, we do share these with the most appropriate service area to consider their findings and recommendations and to respond accordingly. And the Council's management response to national studies can be found in Appendix 2. There's been just one national study published since the last update provided to the committee, and this is into regeneration of Brownfield sites. Something to note for the committee is that the management response template for our national studies has been adjusted very slightly to include a responsibility holder and time scale. And this is to ensure alignment with Audit Wales's organisational response forms that we are required to complete following these national studies. The committee is asked to scrutinise the Council's response to the Audit Wales work program and seek assurance that adequate progress is being made. And they are also able to refer any issues contained within the national studies for other committees to consider where they identify their findings that may require some further scrutiny. And I'm happy to take any questions that you may have from the report. Okay, thank you, Hannah. Let's go to members first for questions and comments. Martin. Thank you, Chair. Thank you, Hannah. It's a helpful report. If I write your reading this, these are only the Open Audit Wales recommendations, so there are some which have been closed. It would be helpful, not for this time, but for in future, just a brief summary of the ones that have been done just so we understand what action has been done to make sure we've closed that off happily. Specifically then, on the appendix one that's here today, and the finance proposals, the bottom one and the finance proposals on page six of the paper talks about robust details, review of plan savings brought forward to ensure impact on service deliveries mitigated where possible. And it says March 24. That's so, I presume that hasn't yet happened, always in progress. Yes, so this is referring to setting a balanced budget, which was then done in March 24. That's why it's not as much 24. So that action has been done. Ah, but it's because it's part of a bigger overall action, which has the opening of that way, it's a looping. Okay, that's really helpful. A couple of other places, however, where the actions are marked as ongoing. How on earth do we ever close off an ongoing action? Yes, I think that's the first point. I have closed actions as well. It's going to be helpful and I'll come on to the ongoing one. In terms of close, there aren't any actually within this report that close, but it's to say when we close an action, we will also include a rationale for closing it within this report. And also, I know all the way else colleagues on the call are planning further follow up work on closed actions as well. So that may help the committee and certainly help as an organisation. In terms of ongoing, I think it's a fair challenge. I think some of the nature of the actions is, Hannah's just sorry. Hannah's just pardon me. As Hannah's just described, we'll have a specific end date, so we'll set the budget on a certain date and we can see the actions closed. Some of the things we're doing are looking at ongoing incremental improvements to how we deliver in services. So, the one in front of me around the asset management plan has now been put in place. Within that, there are a range of actions and activities that will set out different milestones and measures which they want to deliver. It's difficult for us in one paper to wrap all those up at a headline level, too. But I think it is a fair challenge and something I think we'll take back to when we're working with service areas we respond to these, try and pin down clear timescale. So both we and you can hold them to account for delivery and I'm sure what it was, Connie, to say the same. Thank you, Richard. That's really helpful. What I don't want to do is force officers into setting realistic deadlines to get things done. So I'd like them to think about these things. And if it is complex, it is going to take a while, let's be honest and say it'll take a year, it'll take however long it takes. But I hate ongoing because you can never close it off, Connie. Thank you. Any other questions or comments, please? Okay. Before I turn to order Wales for various views on this paper, just to please say I didn't see you. With regard to the empty land and buildings piece, I'd note the response. I mean, we don't have the same issues in Momshire that a lot of authorities have do. And I know that officers are aware of where the brownfield sites are and what they are. And of course, it's great that the authority is sort of putting its own house in order first through the asset strategy. But I wondered whether we are actually meeting the challenge of being given with the audit Wales to be ambitious and interventionist and whether the sites that are around the county, are we aware of which collectively as an authority and being aware that that's very much cross departmental, are we identified those sites which are not coming forward in the normal, through the normal course of things, through the LDP or through anything else, and where the authority may need to intervene to avoid that site becoming a continuing beat to be a blight. I mean, I'm sure we can all identify a few around the county which are where there are ice walls where nothing appears to be happening. I think it's difficult for us to answer that when no sponsor of the service here, I think in bringing the paper forward with the committee, there's probably two roles. You've got one is a show on yourself around the initial response. The second one is if you think there are elements here that could be followed up in more detail, that could be something, for example, you refer on to a scrutiny committee, for example, to look at where this, obviously, I know the planning policy and the local development plan, for example, it is already part of the work program. Secondly, and more specifically, we can take that question away in us for the service here to provide a return response. So, I believe it to the committee to decide what further action I'd take, but I'm happy to take the specific question back to you. Thank you, Richard. Thank you, Sarah. You made some important points there. How do you wish to play it? We can ask the officers to come back to us with a fair update, or we could refer to scrutiny, or even potentially ask a relevant officer to attend this committee, albeit I'm not very keen at that last option. Have any thoughts, please, Sarah? Perhaps to identify whether we have a list, as an authority, do we have a list of the brownfield sites in the county and the sites in need for regeneration, and are we aware of the current status of those? I'm sure Phil will know more than I do. Phil, please, quite honestly, Chair, that's one for the replacement local development plan, which is due to P&M's by cabinet in September. So, I think Sarah would probably be better waiting until she gets that, because whatever there is at the moment could well change by then. Tony. Yeah, thank you, Chair. Page 11 on your report, I won't read all of it, but it says, this is the Council House, and can this directly involve communities in its development of the county, where you engage the stakeholders throughout the development of the replacement local development plan, et cetera. I won't read all the paragraph. I think that Yann knows what I'm coming from. Can you assure me that there will be that continued and regular involvement of communities rather than just righted down on you? I think, well, the response is given by the head of planning, placemaking, highways, it's a long title, highways, and flooding and regeneration manager. So, that's what they've committed to do in the response. I can't personally respond to that, Chair, but again, we can ask you if there's a specific question for the officer to respond. Yeah, so I do have some sympathies with Richard's view. So, Tony, I don't know if it's best asking that question directly to the officer outside of his forum, but if you're not satisfied, please bring it back, because it is related to the points within this paper. Yes, they've got concerns, yes. Okay, thank you, Tony. I kind of check, Sarah. Are you happy to wait to see the LDP in September? I am. Yes, thank you, Chair. I think that's an excellent suggestion from them. Okay, thank you. Just a few comments from me back to the finance proposals. Clearly, a critical set of actions here, and, you know, we have, as a committee, asked to be engaged in the development of a financial strategy, and I do note that the financial strategies on the agenda for our meeting next month, and I'm sure that that will come forward as appropriate, which is really, really important, and certainly sort of the scale of the action set out here, and what the outcome actually desired is pretty significant and critical to the continuing the viability of this organisation. So, look forward to seeing that, and also looking forward to seeing these actions closed out. Before concluding, may I just turn to Gareth Lucy and Jason Williams for their comments in terms of the adequacy of the Council's response, please. Thank you, Chair. Yes, obviously, a lot of these comments relate to historical reports and outputs that we've made. So, you know, we maintain a contact with Council officers in terms of those responses, you know, and carry out a range of follow-up work as well as appropriate. So, you know, that work then provides us with the assurance we need that those are being taken forward. So, I want to use a combination of that ongoing dialogue and the follow-up work that will provide assurances in the Chair. Great. Okay, I take that, but you are broadly comfortable with what's said out. That is, there are no further contour indications. Thank you, Gareth. As I mentioned at the pre-meet, we will now move to item 11. Item 11 is the Ordes Wales Performance Data Review, and I'll turn initially to Gareth Lucy to introduce the item. I think Jason Williams will then provide a bit more detail, and then turn to members for questions and comments. So, back to you, Gareth, please. Thank you very much, Chair, and good afternoon, everyone. Just to introduce myself, my name is Gareth Lucy. I'm the Engagement Director with Responsibility for Delivery, of all audit work here at Momshire County Council. I've recently taken over from Anthony Ville, who has previously held the role. So, just to introduce this work, first of all, before I introduce my colleague, Jason, into to talk through some of the detail of the findings. So, this is a report on the Council's use of service users of perspectives and consideration of outcomes when it comes to its performance information. This is a piece of work that we've performed across all 22 local authorities in Wales. So, isn't a local audit risk that we've identified as such. This is a piece of thematic work that we've carried out all across the country, this report therefore forms the local output of that work for Momshire. We got 21 other reports similarly being presented elsewhere across Wales, too. It's worth flagging up at this stage that this is a report focusing on the use of service user perspectives and outcomes within performance information. So, this isn't a wider review of the Council's use of performance information, so its processes or its performance in that area. This is looking at a specific element of that. So, I just asked members to bear that in mind as they consider the findings of this report. Hopefully, everyone's had a chance to read the report in detail to see the main findings coming out of it. You'll also see after the report in the agenda PAC, the Council have also completed our organisational response form on page 1, 2, 3 of the PAC. That summarizes the Council's response to the recommendations that we've raised in the report as well. Although Jason will come on to those in a little more detail now, fundamentally, we're satisfied at this stage around the content and sufficiency of that response from the Council as well. So, with that all summarized here, I'll hand over to Jason now, we'll come up through some of the details of the report, and then hopefully, we can hand over to a Council officer then for a response in terms of their response to our report. Thank you very much. Yeah, I'm Jason Williams, senior officer with Audit Wales. I've been working on this particular review, amongst others, and just to follow on from what Gareth has said, we carried out this review to answer the key question, which was, does the Council's performance data enable senior leaders to understand the service user perspective and the outcomes of its activities to effectively manage its performance? We explored the performance information that provided the senior leaders on the perspective of service users, the information on the outcomes of the Council's activities and arrangements to ensure that the data provided is correct. The overall finding that we came to within the report, and this is all detailed within the report, and I'll just pull a little bits out as we go along, but the overall finding was that the Council provides some performance information to enable senior leaders to understand the perspective of service users, but informational outcomes was limited in restricting the ability to manage performance effectively. The reviews findings then, which fed into that overall finding, were as follows. So performance information provided to senior leaders includes some information, but it does not enable them to get a comprehensive understanding of the service user perspectives. We did find some examples of performance information, which would help senior leaders understand the perspective of service users, but overall we found the information on the perspective of service users did not enable senior leaders to get a comprehensive understanding of how well services and policies are meeting the needs of service users, particularly given the breadth of services are provided. Our next finding was regards to the performance information provided the senior leaders to help them understand the outcomes of the Council's activities as being limited. So we found some information about outcomes. Much of the information in the Council's report is based upon outputs, however, and quantitative measures with limited evaluation of those outcomes and the outcomes of the actions. Our next finding was around the Council has limited arrangements to ensure performance data. Reflecting the service user's perspective and the outcomes is accurate. The Council has limited arrangements in place to routinely check the accuracy and quality of data and performance information. There were things such as performance measures guidance, which we looked through in the principles and of development and checking performance measures. We looked at performance team and take sense checks and in consideration we found that inaccuracies with performance information may not be identified if anomalies were not noted. So another one of the points was that there has been no data quality orders that we had seen in the past four years and as the Council has limited arrangements, therefore, to assure itself that the service user perspective and outcomes data is accurate, there was then deemed the risk that performance information presented to senior leaders may therefore be inaccurate. Our next finding. As information provided on outcomes is limited, the extent to which the Council can use this information to help it achieve its outcomes is also limited. Some performance information to enable senior leaders were found to understand the perspective of service users, but information on outcomes was found to be limited and where we did find examples of the Council providing information, we found some examples of the Council then using that information and making changes. The next finding was that the Council recognised that it needs to strengthen the quality and range of information available to it. The Council has set new objectives in its community and corporate plan with a focus on developing more localized data to better understand the lived experiences of its residents, so that was stated. It will be important for the Council to benchmark and compare its performance arrangements, however, for collecting and reporting on outcomes and service user perspectives with other organisations. So having gone through that, coming to the final overall rather conclusion and finding, we came up with three recommendations, which I'll just summarize as in. The first was about the Council should strengthen the information it provides to its senior leaders. The second was that the Council should strengthen the information provided to senior leaders to help them understand the impact of its services and that's with regards to outcomes and then the third was the Council needs to assure itself that it has robust arrangements in place to check the quality and accuracy of the service user perspective and outcomes data provides to senior leaders. That report was produced, agreed, it's been agreed with Council and it has been submitted with an ORF, an organisational response form. As was mentioned by Gareth, that's been returned to us and our conclusion in that is that the Council's response to findings together with their planned actions was deemed sufficient and appropriate and that's basically it from, I believe, thank you. So thank you, Gareth, thank you, Jason, really, really helpful introduction. From my perspective, a very important paper and indeed it's a real challenge, not only from on the shy bet, but for other local authorities in order to sort of address a number of these recommendations. So before going to members, I note that a number of these actions, Citry of Richard Jones, Performance and Data Insight Manager, as well as with Matt Gaethaus. Richard, did you want to say anything at this stage in terms of your confidence in delivering those actions, please? Yes, Chair, I think overall again, thank you for the audit, Will's work on this. It is timely, as mentioned, flipping the input from Jason, we set the community called Brown, looking at developing our outcomes of this piece of work from what it well is to inform that. It's helpful, I think, what I'd give some assurance to members is that we have some arrangements in place and we have performance monitoring reporting in place, we have a performance management framework in place and we have regular timetable of work plans to report those in. I think what the report challenges on is strengthening that to focus on outcomes in the services perspective. Some of those things we have in place, I think the report cites some of those examples around things like our self-reloration report, things like our directors reports coming from chief officer in social care health and chief officer's children and people, but nonetheless, as our management response covers, we're looking to strengthen those arrangements in the coming months and years ahead. So, in terms of the key actions, there's a couple of key things we're looking to do. Firstly, is strengthening the measures within the community and corporate plan to try and make sure there's focus on outcomes and the service use of respect as they can be recognizing that no one number alone will fully reflect that and actually, I think as we've talked to this committee for about our self-assessment arrangements, bringing a wide range of evidence to support our self-assessment will be important and that won't just be quantitative evidence that will be qualitative as well and sometimes that will take a while to develop review, evaluate and bring that forward which is partly linked to one of our key second actions for both the first two recommendations and working with service areas to strengthen their own information gathering and assessment through their service plans as well because it's that that then for feet and vocal but reporting and the service areas are the ones closest to the service uses and the outcomes where they're being delivered as well, but again, just to reiterate, there are arrangements in place for that and we do have good examples where that's in place nonetheless, it's about making sure that practice is even and consistent across our range of services as well and the final action there that links to our self-assessment arrangements which I've already covered and then finally around the third recommendation around the quality and accuracy or information again, Jason, hopefully we'll do some of the arrangements we have in place in terms of, you know, providing that assurance to ourselves around do we have robust arrangements to check, to check quality sure performance data, I think a big part of it for us is it's not looking just at the name and point check but looking at data for its life cycle, so looking at when data is first, when it's first entered, how it's stored, how it's exported, how it's exported, rather dated and reported and you know, I think the way we're looking at our actions takes forward around the data material assessment, it's looking at across that whole life cycle including some of the processes we have in place to do some of those end-point checks and part of that, you know, I've spoken to Jan as well in terms of the work that we can jointly do within an audit, the strength and some of those arrangements as well, so that's a brief overview and confidence in terms of where we go next and I'll see a report on that committee, I don't know, Chief, if Matt wanted to add anything. I think there was a sort of fairly comprehensive initiative input from Rich and also just your chair as needed to pick up any subsequent questions from the committee. Great, thanks both, so I'll have two members for questions and comments, either towards Wales or to officers. Only a quick one, Chair, just a bit of clarification really, on a general point. All these Wales, in particular, there's various references to effectively or what appears to be effectively accepting the reports that have provided to senior managers as being correct if they're doing a financial audit, that the information provided by officers and internal audit is correct and then there's a heavy reliance upon us getting what we give out that they look at being correct. So my question is, what tests go on on that? You know, are we actually hanging ourselves when perhaps we shouldn't have done? You know, this general question about how the effectiveness is worked through. Thank you. So I think that's essentially a question about data accuracy and integrity. Richard, do you want to go with the answering right, please? Yeah, thanks. Thanks, Councillor MURPHY. It's a good point. Again, I think, probably look, it's a different area's responsibility and then at each point those are different areas in essence of check. So we take performance data as a line in this report, so obviously we'll have a responsibility holder in the service area who will be generated in producing that performance data. Part of our response round data maturity is making sure that they have the skill support awareness they need when they're producing the data to think of it through that lifecycle. So has it been entered correctly? Are they validating it before then they pass it on to be used in the next chain in the cycle? As you describe, the next part of that in terms of if I looked safely at the arrangements having place with a community and corporate plan performance measures, which are important to us because they are our headline measures of our objectives as an organisation, we have, as described in the report, definitions, proformers in place, which would calculate things like variants. We'll ensure that the officer providing information is signing off that they're happy it's accurate. If there are variants, it's like that we as a team will act as a potential another check in that process to test then why is something varied? Have you had a changing process? Have you changed your system? Has the performance gone up or down that much? Why? And that's another check in the line. And obviously we then report through two committees as well, who at the end point have a scrutiny challenge role. I know in using with the response to report with into an audit colleagues of our new into an audit part of their work programme, we're required or we're on a risk basis to be important also to test out some of the performance data and data arrangements services have in place. So I think it's we have a process in place but for me it's not just the process, it's making sure that the culture, the skills are embedded within that and that's where I think our response will help working as a performance team and in these and with the with all the colleagues as well as our whole system. Thanks for that which obviously a lot of care taken there but can I just turn the question on on audit Wales then please and just see what their perspective is on that. Do you want to repeat your question for Ben for Wales? Basically even though you have acknowledged the amount of care which is taken in preparing reports and the information provided to you, what checks do you carry out to make sure that that is in fact the case? Yeah thank you Chair and thanks to the Councillor for the question. Yes ultimately this is kind of the skill of the job ultimately as an auditor is to assess the data that's put in front of you and come to a conclusion as to whether it's something that can be relied upon or whether further work needs to be done and if further work needs to be done what that work therefore is. So some professional skepticism is really what underpins the work that we do. It's really just carrying that mindset forward to review every piece of information we get be that for auditing the accounts or for a piece of performance audit work and constantly assessing whether that is a viable and accurate piece of information and sometimes that's more straightforward than others. So sometimes it's externally verifiable, sometimes we may need to stop colleagues who may have greater knowledge and assurances in this area, sometimes it's as simple as just asking through the questions of the person who's provided it and getting assurances that way. There's no set of approach ultimately but I suppose just please be assured from our part that this is something that underpins all of the work that we do, that we're never taking anything at face value and as an external auditor's we have to question what we're provided at all times. That was the anticipated response, thank you for that. Okay thank you Gareth. Have any Martin please. Thank you Chair. I guess this is which is this is probably view in the recommendation responses. As you mentioned the recommendation is one-on-two, there's a bullet that says support service managers to strengthen the use of evidence. How are we going to do that? Is that going to be a training courses, training people how to use data? What does support service managers actually look like? Yeah I think it'll be a range of things. So for example, Anne and I are responsible set up service business plan process as part of that. We have a range of guidance training materials that we'll provide managers with either generally offered or offered on a support or need basis and we'll be developing some new retailers part of that. So for example we'll be looking at doing some video recordings so we can have training available. We'll make people that hold in a specific session and also that will be part of then we're part of the various networks and performance networks. We may draw in specific training courses or support as available as well. So we've got a suite available I think the challenge and audit way as a report is a welcome moment in terms of that focus on impact. It's something we identified in our self-assessment process as well. So yeah there'll be a great emphasis now as we move in the next few months into through the service business planning to focus on training and supporting managers around ourselves more so than we currently do. That's really helpful thank you. Sarah next please. Thank you Chair. I think Melty has asked one of the questions I was going to ask. This is a really welcome challenge and very much echoes. I know what I know is the the administration's commitment to put the citizen experience at the centre of everything the council does and to use data robustly. I will also go to ask about the the training and so on but I'd like to ask audit Wales is really how do we compare to other authorities in that. Perhaps this is not something you could answer in this but I know that we're always ready to learn from good practice elsewhere. Thank you. Are you able to answer that Gareth? Yes yes absolutely and thanks again for the question. I think this is the really useful thing about performing these thematic pieces of work across all of the 22 councils as it allows us to compare also allows council officers to compare contrast, share and learn and ultimately that's what we're hoping for from this piece of work is it'll it'll act as that catalyst for discussion and sharing. Ultimately the I think the conclusions we've drawn here are fairly consistent with what we've seen elsewhere. Again wouldn't want to sort of pre-empt any other reports which may still be going through this process but they'll all be findable on our website later on anyway but it's fairly consistent. I think we found these sort of general themes of potential improvements that could be made in terms of enhancing the perspective of the service user and outcomes as part of performance management data. So I think the findings that we have here are certainly not unique. We certainly have seen similar themes elsewhere and what we'd hope now is let me say councils could get together, share information and learn from that but I suppose just as that final piece of reassurance you know what you see here is not more much of being an agglaya. I'd say this is very much part of being one of the past clearly and it's just a matter of now the steps from here to further that improvement journey. Okay thank you helpful Richard we'd like to come in there please. Just to add and thank Harris for that helpful explanation just to reassure the council that we're also part of network with performance colleagues across other organisations particularly through the WLGA and as we look to develop out our use of outcome measures we're looking and we're networking with them in terms of other practice we can we can learn from and share. Audrey please. Thanks Chair. It was only a quick one for Richard I was just thinking in terms of going forward. I just wanted to double check you don't actually get to name them but have you identified the service areas that are going to need additional support in doing that the outcomes, evidence in the outcomes and where they may need additional training. Yeah and I think we're all going to look to be more targeted so as part of our service business planning process we do a quality assurance process. I say we kind of largely largely leads that and a hand is in a piece of work to review all all 50 of our service business plans looking at the quality of the different areas and where those who perhaps need more support in different areas not just self-assessment but on things like risk for example others we'll we'll be more targeted using that information we've got to focus on certain areas and supporting them to strengthen the arrangements initially but really equally there will be an offer open for anyone within the organisation who wish to take it up as well. Okay, you're not seeing any of our hands raised so let's conclude this matter. May once again thank you, thanks, extend our thanks to Gareth and Jason for her contributions please feel free to stay but also please feel free to to leave as you as a dean for it. Many thanks. Thank you, Jane. Okay we'll move back to item six which is the Risk and Management paper. I think this paper is going to be introduced by Richard Jones, Performance Data and Insight Manager and Hannah Carter. I understand there's going to be a presentation, I don't know which all you want to take it but maybe is the presentation first or do you want to introduce this paper which is easiest for you Richard? Okay, if I introduce it and I hand over to Hannah who will share a screen on the call for everyone just to talk through a bit more detail about the changes and updates to the Risk Management Policy were proposed as part of the paper. So yeah thank you that chair. So there's two main parts to paper before you view to the committee. First of these to seek your feedback on our proposed revisions to the Strategic Risk Management Policy which just said Hannah will talk you through shortly and the second is to provide you with our own assessment of our implementation of our current Risk Management Framework and also to provide you with an overview of our current student risk facing the organization which I would be familiar with is part of our regular six-monthly reporting to you as a committee. Just briefly provide a little bit more context on some of those parts we'll hand over to Hannah. So in terms of the update to the Strategic Risk Management Policy to have a little to remind you why we've undertaken it now both in terms of our own self-assessment arrangements, the feedback from this committee and the feedback from interlord and our general desire to strengthen risk management and the organization's sort of led us to complete the review before you today and obviously the evidence feedback from all all those sources including yourselves has been considered as part of the policy. So thank you for your challenge and support in it. It's so far welcome anything further today. I think it's going to emphasize that the policy review has largely built upon arrangements we have in place. It's not looking at radically changing the basis and foundation we've got which I think it's worked as it's looking at strengthening and developing on our arrangements through the policy and we've presented three parts to pre-part to you tonight today. Firstly the policy itself secondly the risk appetite statement which obviously a key development within the policy and thirdly we thought it was helpful just to attach the sporting risk guidance as well and this is one of those as I mentioned earlier one of those many guidance documents we have in place to support services to actually implement some of our policies and in this case this supports the supports of guidance. This supports the policy sorry but as it's guidance it's not you know formally part of it but we thought it would be helpful to share with you as part of your scrutiny. The second part is our effectiveness of our assessment of our effectiveness of current student risks. Again this is building upon I think the last assessment review which was in February one of key updates just to bring your attention to which we factored in is we've had the conclusion of the internal audit review of our risk management arrangements which we we've considered as part of this assessment and then that gave a reasonable assurance rating you know with some areas of strengths and some areas of development and lots of which have we've embedded within the proposed revisions to the to the policy and then final part is to provide you with an overview of our risk register. So the main update changes to risk level summary of the key mitigating actions that have taken place that have been delivered or behind schedule in some cases in the last in the last six months since the last brought to you and as as you're familiar with now the responsibility to scrutinize the actual fall detail the risk register will go to performance and overview scrutiny committee in May and the the fall register will then also represent its cabinet to be be endorsed in in June. Finally today I don't know if you're going to cover the action points on the work role now would you want to come back to that? Coors just become back then because there's a lot here which need to to unpick it so finish the introduction and then go back please. I'm going to do a guide you through the policy changes. I'll just share my screen and we have a short presentation to go through so hopefully everyone can see that. Yes. So Richard has just covered these main points why we've done the the review and the role of the committee and so if I just go through some key changes so firstly we've looked to expand the description and introduction of wider risk management arrangements that the council has in place and so this has helped us to link to tedious management with the wider arrangements and then also to provide an additional level of assurance to both officers and members and that the arrangements that we have in place are wide ranging and also robust. Secondly we've looked to adopt the three lines model which is derived from the UK government's orange book on risk management and so this has helped us to more clearly define the responsibilities for risk management including the separation of risk management and overseeing the risk management process and this will help us to delegate and coordinate risk management roles within the organization. Next is the introduction of horizon scanning into a policy so I'm sure you all know when identifying risks there's a need to look at both what's currently happening but also what is going to happen and so we will use this horizon scanning model to produce sorry risk radar report on an annual basis and this will outline potential risks that may impact more mature overcoming years so this will help us to identify key uncertainties and challenges that may affect our organizations objectives and operations and thus help us strengthen our risk identification arrangements. Next is the introduction of direct risk registers so these will help us to track and manage the most significant risks facing each director. We currently have over 50 service business plans and these all feed into our singles treated risk register and so these direct at risk registers will essentially form a middle man between these two and sit between them and help us strengthen our escalation de-escalation and risk identification process and will also help the directorates in facilitating more robust and often discussion of risk. Next is our risk monitoring reporting so we have worked to further define our risk monitoring and reporting arrangements and this includes setting out how each element of the risk monitoring process should monitor and manage risks and how these all link together and we've also worked to outline our reporting arrangements on risk management including the role of this committee in overseeing the effectiveness sorry of risk management process and the last significant change we want to highlight is our risk appetite statement so we have worked further to define the organization's risk appetite through setting a risk appetite statement and we set a risk appetite range for various categories of risk based on organizational activity so this includes Chijic, financial and environmental etc. The risk appetite range is from a lower limit of a verse to an upper limit of eager and we've gone for this risk appetite range model to allow for differing risk appetite to be applied to different activity that may be contained with the same risk category. This risk appetite statement will set separately to the risk management policy and this is to allow for more regular review and update to ensure it remains relevant and appropriate and so that's it for the key changes that we wanted to highlight in terms of the next steps for this policy and following consideration of feedback from this committee the policy will be presented to cabinet in June for formal approval and following cabinet approval we will work to embed the proposed changes and strengthening arrangements that are currently in place as part of a phase introduction and work with officers to embed this policy. Thank you. Okay thank you Hannah. Let's go back to Richard. Richard is going to pick up fee and pick up and cross reference to action three in the action list and highlight how we go into how this is going to be addressed back to you Richard. Yes thank you Jim. Yeah so so your action list contains an action around which corporate risk control policies is committee you should review. So we've considered this as part of the review of the policy as Hannah just outlined we identified under section 2.3 of the risk management policy other arrangement which are integral to managing and are part of student risks. So these are health and safety emergency planning, insurance, finance, internet audit, information governance and cyber security some of which I know you already have oversight of a committee others maybe you haven't had as much or or any site of it in your forward work program so far. So our proposal is as they are embedded in our link to our student risk management policy we think they're appropriate and logical that the committee has oversight of them. We've proposed in that as each arrangement each of those arrangements has different arrangements in place. It's important they're considered each individually and in context of the various governance and accountability arrangements they have but as a first step in your oversight to that we've proposed an in agreement with the deputy chief executive as well. We've provided your forward work program for July and I tend to bring together a composite overview of each of those as the first step in your oversight and then as a committee you can take a view from there. So that's our proposal to respond the action by obviously subject to your views cheering the committees. Thank you. Before we go to questions just to say thank you very much Richard and Hannah for great work here. I have the opportunity to speak to Richard several times and provide comment and feedback and much of my feedback has been addressed in the drop in the version you have before you which which really pleases me without wishing to constrain any comments questions or concerns. Yeah this committee has my personal view and it's a personal view is that this is the best articulation of the risk management framework I've seen in the public sector in Wales by quite some margin and it's a real sort of credit to the team involved with this and Peter if you could just take that compliment it is a great work and I'm really pleased with the progress made in terms of starting to articulate a risk appetite. That is a foundation for all good risk management and many public sector organisations shy away from that or paid lip service and I'm really pleased with the high quality intellect applied to this challenging piece of work. Saying all of that there's some real challenges now about operationalising and embedding this and this is where the senior leadership team and Dr Peter Davis our deputy chief executive to take an active lead in supporting Richard and team in this endeavor because it's essential to the ongoing viability and success of his council. I'll pause if you have a comment to make but let's go to questions and comments please members. I thought you'd look across at me then. I agree with what you say it was a slog going through it. I'd admit that it was a real slog but it was all there and you know it was difficult to punch any holes in it really but yeah it was a very very comprehensive report so well done. Thank you Phil. Peter. Yeah thanks Sharon thanks Richard and Hannah for that work. Just really something that perhaps we as a committee could recommend to perhaps front of the scrutiny committees or cabinet member to pick up on from the report and that's on 2.3.2 reference there to the Gwent local resilience forum and in particular to the community risk register. That register is clearly written for the public to read you know good see from the language and so on but I suspect that the great majority of our residents are blissfully unaware of of that document although no doubt it's hidden away well not hidden away it's it's secure somewhere on our on our website. I just wonder if we could recommend that some either one of the scrutiny committees or whoever have a look at whether we should be doing more to publicize that that register so that some residents they know what they can do to help themselves but they also know what we as a council can do to help them if if the risks become realities. Thank you. Thanks Peter. Richard able to give a response to that please. Yeah I think it's really important part of our arrangements and you know it's why we would innovate it in terms of you know we'll be looking at from an organisational perspective so relevant risks and one wish we came to council's delivery of its objectives we'll also feature on our street interest register as well I think in terms of you know clarifying the roles and responsibilities as I just mentioned is that emergency plan will be one of those areas linked arrangements that we've proposed and to bring back to you in in July you know clearly that register is an important part of it so in terms of you know any further action or oversight it might be you know helpful for the committee to receive that paper and then you determine any other further scrutiny or activities in result of that. Yep I've had some sensible way forward thank you Richard. Martin. Thank you Chair and I just reiterate your comments I think it's a terrific piece of work really comprehensive. This I presumably going to be some training alongside this again to make sure that people understand what their roles and responsibilities are and that's particularly the introduction of director at risk register I think is a really excellent way of connecting it feels like a big gap from 50 to 1 and hopefully that means that director at senior leadership teams can have the regular discussions with us. I presume somebody is the risk management champion over to I don't know if it's you Richard but somebody in the organisation is that's that role and so somebody put some challenge into the process so when the director of risk register is to exist and things bubble up to the corporate risk register that somebody says why that and what's happening here you know we just check it and being you know putting a level of challenge into the risk register I think that that would be important. There's a really interesting comment about risk tolerance in here which I always describe as the number of plates you spin at once and that's really interesting as well because you're going to have individual risks and they can add up into something considerably bigger so I'm pleased you've tried to articulate that. There's a section of risk appetite and I hear Hannah what you say about a range but I think that there are risk appetite statements are guidelines and then maybe exceptional circumstance where you go outside even even a range but if something happens that so the upside is so big that you might want to take that risk and I think it's worth saying it's okay to go outside these as long as it's well you know the management magic phrase and if all your whales are here they now they'd still say this well managed risk taking is what they're after so if you've considered all the episodes and all the downsides and you made a decision and it goes on they won't kick you with well that's what they say in theory I will hopefully we won't get that point. Finally on horizon scanning I think that's it's also great that you've mentioned that I just wonder there's a lot of discussion in the paper about world and UK events that might sort of come our way there's also local things which you might think about so I wonder how you incorporate some more local horizon scanning whether there's going to be a risk management group of sort of willing people who are going to have that sort of a little bit of blue sky thinking every now and again that might be really helpful and if you really want to give your risk register the next level you can actually have the horizon scanning built into your risk register in terms of how far away is the risk and I've seen some risk register as well as you've read up the green for the scale and the risk there's also a proximity alert which is which in some place they've used blue as the sky is blue it's a long way away or grey the clouds are coming and black it's raining and it's here and I think that's kind of helpful as well in terms of understanding how far some of these things are because if it's a legislation maybe a couple of years down the road but we know it's coming versus a Q&A now kind of risk thank you Richard thank you thank Martin for the comments I think you know overall it raises a very important point you're a thank you committee chair and everyone for your feedback there's a team effort particularly involving Hannah but a wide range of colleagues so we'll take that back I think the important point you've you mentioned there Martin is about then embed in this I think you know Hannah Hannah may kick me into the table for this but this is almost the first part the big part then is actually operationalizing this and applying it and make sure people train and stand what it means applying it within the context is meant to be applied and applying it robustly as well I think that you know that is the next step for us you know in terms of our self-assessment report we bring to you as a committee we will be looking to know both test ourselves on that and give you assurance or or any areas where we think we're still to develop you know part of our process to bring this forward over so over the next six to 12 months in terms of embed in different parts of this policy once it's approved by by cabinet hopefully in in June and that allows time to make sure actually that those requirements are understood the processes and structures where they're not currently in place or they need to tweak are changed and that that understanding of the arrangements are really important I think you made a good point about you know risk appetite it is those guidelines it's partly why we went for a range is to provide that guidelines but I need to be applied appropriately and you know both in terms of well managed risk taking which is ultimately the heart of of what this paper is trying to try to get to we do you know as a team provide some challenge to any new risks and move forward but ultimately also then we've got those responsibility holders within the process set out in the policy to actually make those decisions as well to determine you know what's escalated into yes late off the studio risk register and I'm guided by guidance as well then yeah thanks for the helpful comments on sort of horizon scanning I think an area that you know so could be valuable in your forming you know just the next few months for the next few years in terms of our risk management and our policy development as well yeah and certainly looking local as well as you know regional and national trends will be important again something will be you know keen to engage a range with you know both both partners locally and regionally and nationally in terms of the evidence we can gather to inform that and again you know some of those challenges will be unique to mama show but some will be more localized in a different way or presenting themselves specifically in mama show we need to be aware of so yeah that's when we know a lot more to come great thank you Peter thank you Chair Tony just very briefly but first of all I probably don't want to take the plaudits as was maybe being suggested earlier to recognize I think what what's an excellent piece of work I think that's been I think that's with Mack Aitos and obviously Richard and Hannah but I think it's probably worth while we mentioning just echoing I guess Richard and Hannah brought this in front of strategic leadership team a few weeks ago I think the reaction and the response is very similar to your own chair and that of the committee I think this is an excellent piece of work it was unanimously supported I think it's the next stage of evolution I think in terms of our risk management arrangements I'm also particularly pleased in the way that the debate in the conversation took place SLT in the sense of really pushing back at immediate adoption and in fact that point of six to twelve twelve months leading because actually it's it's affording what is in fact the necessary time I think for us to be able to transition up into into those arrangements and make sure that they are using Richard's words properly and appropriately embedded I think the final point really is back to the action on the action log that I think Richard has talked well to and I think that there seems to be general comfort about bringing that report back in in July but clearly there'll be a piece there just in terms of being able to demonstrate back to the committee the arrangements I think rich probably take a second a second opportunity hand in hand with it to maybe take the policy now in its rewritten form and be able to actually apply that lens to it as well so it's maybe you know cutting our teeth you know with the new and updated policy on those identified corporate arrangements I think it's probably a really healthy thing to do up front okay thank you so let's look to conclude this matter if we turn our attention back to paragraph two recommendations it is a view of this committee that it recommends the policy for adoption by the council it is comfortable with these self-assessment results are set out within the body of his paper and it is comfortable with the proposed way to address the action tree and action list by by means of bringing forward a paper to his committee in July setting out relevant information so thank you one and all we will now move to the next item which is the internal audit plan at agenda item seven this paper being introduced by Jan Furtec our acting chief in ten Lordita Jan as per usual assume we've read the paper but draw out key points please thank you chair yes so this report aims to inform members of the governor's not a committee on the work to be undertaken by the intern lordit team at an operational level during the 24 25 financial year and I'm requesting that the committee review comment and approves this audit plan so the mission of intern lordit and the reason why we are here is to enhance and protect organizational value by providing risk based and objective assurance advice and insight we're an independent team we provide objective assurance and also consultant activities designed to add value and to improve the organization's operations we use a systematic approach to evaluate and improve the effectiveness of the risk management framework the control and governance processes within the council so the audit planning process takes into account all possible systems processes sections establishments that could be audited within mommasher this includes all services activities and functions which mommasher commissions and or delivers via a third party or via collaborative and partnership arrangements for the 24 25 audit plan the total number of available days amounted to 1300 that was based on five full-time equivalent auditors in the team for a full year we then take off an allowance for planned annual leave any sickness or estimated sickness training management time and admin time which is deducted and to give us our operational lordit days for the year so that calculation has left us with 813 operational days which we allocate across all service area director it's on a risk basis so the summary of that can be seen as appendix one in the report within this 813 days we also set aside 70 days for any special investigations where they could be allegations of fraud theft or bribery against employees of the organization and to also complete any reactive work as we need to if the intern lordit service was to complete a review of each of the service areas which would either due for audit or had not yet been audited and during that during the next financial year the resource required for the team would account would amount to around 2873 audit days therefore the audit plan has had to be risk assessed and prioritized to match the resource of the team chief officers and all heads of service were given the opportunity to contribute and to shape the audit plan the initial plan was provided to a meeting of the street leadership team along with chief officers in the departmental management teams to discuss and to refine a copy of the draft audit plan was also due to be presented to the meeting of the governance and audit committee on the 14th of march this year however as the meeting was cancelled a copy of the covering report and the audit plan was sent to all members via email as an opportunity to provide comment and to highlight any requests these have been taken account when devising the final version of the plan so there's a couple of key changes between the draft and the final audit plan these are highlighted within section 3.13 of the report and the majority of which were work in progress at the end of the flange leer which we didn't quite get over the line and to be issued as draft by the 31st of march it's important to highlight that this plan may change as the year progresses especially if the risk profile of our audit work changes it is intended that the audit plan remains fluid and will be dependent on any new priorities or risks emerge into the council so we can do reactive work as and when we need to this plan will therefore be reviewed quarterly by myself as the acting chief intern lordster and discuss regularly with the deputy chief executive and chief officer of resources and also the chair of the governance and audit committee as and why necessary if we do need to significantly change the audit plan that will be brought back to the committee for further approval consideration is given throughout the audit plan for the appropriate level of resources for intern lordit at mommasha came to council the current establishment of five members of staff remains just about adequate for the current level of assess risk although this will be considered as part of a later item on today's agenda it's worth noting that if there was any unplanned absences such as long-term sickness accomments prolonged investigations or prolonged reactive work undertaken this could significantly impact on the audit plan as cover is limited so the 24 25 audit plan is attached as appendix two to the report the audit jobs have been risk assessed and prioritized which matches to our available resource for the year we therefore have 47 audit opinion jobs and 25 non-opinion jobs incorporated into the plan and it is my opinion that this will be sufficient audit work and coverage to provide informed end-of-year audit opinion to committee this time next year so governance and audit committee are responsible as per the terms of reference of the committee to approve and monitor the intern lordit plan over the course of the year quarterly reports will be presented promptly by myself informing committee of the current progress against the approved plan the opinions issued issued an assembly of all unfavourable reports the committee's role is to hold officers to account and provide oversight of the audit process and the organizational system of internal control i therefore ask committee to approve the 24 25 audit plan and happy to answer any questions thank you Jan questions or comments please Martin thank you Jan it's very comprehensive as always one thing i don't get a flavour from from the the table of appendix two which lists the audits you have yes knows as the order to do and then you alongside the ones you have chosen there's a risk level of mediums and highs obviously no low level ones all the ones that are yes but you're not including i presume they are lower risk level and the ones you have included i presume that's right um is a good question um so in terms of the column with audit due so that's basically any area that either has not been audited or hasn't been audited within a five-year period we then risk assess each individual review to ensure that we concentrate on the jobs that need to be done within a year so um a good example could be second one on the list budgetary control capital that that would be a high risk review it is due there are a number of reasons why that has not been included within the audit plan for the current year um but it will be picked up most likely next year as part of the audit plan so there could be other ones like that it's all part of the risk assessment process thank you yeah and i figured there was more to it than meets the eye initially okay that that's helpful i'll come back to resources in a second but one thing you you you you you brought my attention to was powers 37 and 38 as you said they've got five whole-time equivalent stuff which adds up to 3,300 days and then you've said our allowance the lease signals training management admin is deducted and that brings us down to about 800 days so we lose 500 days or i don't know what's what the heck's that best part of it's over a third of our time it's a non-productive audit work and it'd be interesting how we talk about key performance indicators i thought that's not a particularly good place to be in i understand entirely staff we're entitled to leave and if staff are sick etc but that feels like a big big chunk of training management admin from our from our work i just i like to that the other question i was going to ask is around volume of work and the width versus depth and whether 72 jobs is too many jobs whether you can do more jobs or you do less jobs how long it takes but that's those kind of questions thanks John thank you Martin um yes in terms of your first point it does seem a lot of time um obviously annual leave is and bank holidays is statutory obligations we have to take that off and we have been quite frugal in terms of the calculation it all is all done scientifically in terms of um across the team to do this calculations we put in a nominal amount of sickness obviously we we don't know and hopefully none of my team will be sick over the next year um but we have to put in a nominal a figure on that obviously if there is um spare capacity during the year um sickness allocation has not been used up management time has not been used up admin time has not been used up um then members of the team can do potential and planned work and we add that back into the reactive time or we're a job has um overrun uh for whatever reasons it could be additional work required out on site then that can be used to offset some of that time as well in terms of your second question in terms of depth versus the number of audit jobs and that's part of our risk assessment um for each individual audit review so at the start of the year in that audit plan i put in a an estimate of time that we need available for each job so that's based on cumulative audit knowledge um that's not to say that a job might not overrun because i've put it down as 15 days and it might require 20 because of the level of depth that we need to go in to um during that review so each individual review is scoped we ensure that we cover all the high risk areas within that obviously if we had more time we could cover more areas and but we are trying to get as much audit worked and as much coverage across the council done with it with our resource thank you go to peter next please yeah thank you john um it's clear for me a report and and from your your answers that you've got a team who are dealing with a very heavy workload that you're only able to deal with with very careful planning um are you able to sort reassure us that your team are feeling positive about their work that they're not feeling overwhelmed by why that amount of work so that they're perhaps suffering from excessive levels of stress and anxiety because that in itself is is a risk um both from the point of view of our duty of care to our staff but also in terms of you know if we have those situations then people do start to go off sick and so on and then the NSA work doesn't get done things slip under the uh under the radar and and so on so i don't know if you could comment on the the general level of morale amongst your team yeah thank you for the question yeah so i'm not not going to lie audit work is is very challenging um the team are quite often put in quite uncomfortable situations especially when they go out on site um they have to ask a lot of questions that potentially sometimes are not welcome um and obviously deal and deal with that accordingly then especially if management disagree with the line of questioning or the recommendations which they then issue um so it is a difficult auditing is a difficult job um it's my role as um the manager of the team to ensure that the team uh um the team morale is is there that um members of staff feel supported when they when they do audit when they go out on site um i like to think that i support i support the team um and make sure that they they know they've got um got someone's got their back when they um when they go out and ask ask these questions um i'd like to say that the morale and the team is is quite good at the moment um and as we move on um i'm not not gonna say that let's say this it's a difficult job um and will the proof will be as staff remain happy staff remaining in work and issuing issuing audit reports yes just say thank you for that don't not make yourself a hostage support you now don't take take quick care and thanks for the clarity of answering and that little insight you you you've given us into the difficulties of of the nature of the job and uh certain circumstances i think many of us just don't appreciate unless we're reminded about it thank you yes that is the addition maybe um noting that there's an inherent tension between the order team the order term but generally orders are treated with respect for it Monmocha is that correct? yes that would be correct yeah great okay we'll go to Rod VNX Vince era Rod V please thanks thank you um just think in terms of forward planning uh yan at uh 4.7 it says about the global internal audit standards becoming mandatory in uh January um but that you um you're currently waiting for the guidance i was just wondered in terms of time skills in terms of you getting that guidance and what the likely impact would be in terms of your work schedule going forward okay thank you yeah so the latest that we've heard um should i believe as a starter last week was that there's still no decision that's been made on the if the public sector internal audit standards are going to be updated in light of the new global internal audit standards or whether the global internal audit standards will be implemented across the public sector in the UK the last i heard was that although the global standards are effective from the first of January it's likely that the public sector will have at least until the 31st of March and before they have to come on board with whatever standards are going to be put in place and whether but they're still considering whether the public sector standards themselves will be updated or we go on to the global standards so at the moment it's a wait and see um i don't think many heads of order quite happy with that we want to get going if we need to make changes we want to make them i know i've got a presentation down on the work program to give committee which we keep on pushing back there's no point in doing it until we know what we're what we're actually going to be playing with um so it is it is on our radar and we will look to implement as soon as we as soon as we know thank you Sarah please thanks chair a related question to peters i suspect and that chair knows that i've always said that strong audit is what and it enables an operational manager to sleep at night um i was concerned to see that in the in the audit plan a number of areas which had not been audited for some time or indeed in some cases ever um presumably because they were regarded as low risk but i'm just to what extent do you feel the team is is playing catch up on on previous years and things that have not been thoroughly audited previously i don't want to say that hasn't been thoroughly audited previously um it is just the volume of transactions the volume of areas that a council will and has to manage um we can't get across to everyone i mentioned that ideally we'd look at every area across a five-year period i think that is nayon impossible the the amount of actions that and the amount of teams across the council that would require some oversight and then this certain reviews that we want to do every year or every other year and some some of the fundamental financial systems like council tax um debt recovery we want to look at those more often than than other areas so unfortunately that means certain areas that are considered more lower risk would get pushed back and likewise the new duties that the council take on at the same time so some of the things that have never been audited it might because it's been a relatively new duty so we're waiting for a period of time for the service to embed themselves before we then come in and look at them so there's a number of reasons why an area might not have been audited um obviously we want to get across to everyone i'd love that column to say everyone's done within the five-year period in reality it's just not going to happen unless pete decides to give me an extra five or six months of staff but that's going to be for his decision yeah i think um i think yan's answered that well i mean i think the only supplementary add to it is um in probably describing the horrors of horizontals and the verticals of the organization so you know there's a nature of uh you know a variety of the uh audit work that's within uh the audit plan that i guess is cross-cutting um and you look to get those assurances around for example payroll um as has been you know a good example of um you know and that um allows us to to be able to get that sort of overarching sort of level of comfort um or at least where um inherently um you see those controls playing out through the organization um but by its very nature internal order is uh going back to i guess Richard's last item um you know it's an assessment of risk um on the basis of you know the best intelligence that you have at a moment in time and i guess even an internal audit plan and the one you see now um is iterative in that nature there may be risks that will materialize during the year and and it happens um you know what it work will switch out and in accordingly and that's the way it should operate um but yeah we um you know you're never going to get through a local authority uh a whole array of local authority services uh even in a five-year time frame um but we have we we do have wider business intelligence you know it's not it's not always an internal audit um that will give you a level of comfort uh with regards to robustness of arrangements within one service area to it to another um you know there's other lenses that are applied as well and again all of that feeds in to the construct of what you've got in front of you now thank you okay i'm not seeing any of the hands raised so we look to conclude by saying thank you for the paper very helpful and this committee approves the order planner set out we want to item eight item eight is the external QA of internal audit uh so back to you yarn please thank you chair yes the purpose of this report is to inform the committee of the external quality assessment EQA of the internal audit team which has been recently undertaken to ensure compliance to the public sector internal audit standards the public sector standards require internal audit teams to undergo an external quality assessment once every five years and they should be undertaken by a qualified independent reviewer from outside of the organization it was agreed by section 151 officers and the whilst chief auditors group that each local authority would complete an internal self-assessment which would be validated by an external reviewer from an independent council this approach was used for the last EQA which was completed um in may 2018 and has continued to be the approach undertaken across the public sector over the past couple of years it's important to note that the external assessment should have been completed by May 23 on basis of the five-year period from May 18 however due to the resignation of the previous chief intern-lord in April 23 and myself coming into post later that month it was agreed that this EQA would be delayed until quarter four of the 23 24 financial year to allow for an honest evaluation and validation process to take place so Monmasher's peer review was undertaken during quarter four and this was done by the acting into lord and manager who has the head of into lord at responsibilities at kafilly county borough council they are provided with all the self-assessment information associated documents and evidence as they saw fit um to request the results of the peer review assessment and the validation process can be seen as appendix one which is the final assessment report in summary the review confirmed that the Monmasher intern lord team generally conforms with the public sector intern lord standards and the areas of non-conformance would not considered to be significant there was one area of non or partial conformance and three actions required to strengthen the existing areas the area of non or partial conformance was that the EQA was delayed past its May 23 due date this was deemed minor by the assessor and not material to the overall assessment so the required action is to obviously complete the external assessment and ensure that this report is presented to the committee there are three areas for consideration which would help the team strengthen the team's conformance so it's amending the core principles of internal audit practice based on the new global standards which will be done as part of a review of the internal audit charter once we know these including a direct link and a direct reference for the local code of corporate governance within the audit charter so again that'll be completed when we review our audit charter later this year and to implement a standardized CPD recording process across the team which has already been implemented so we had implement we had identified these as areas for improvement within our self assessment and that was confirmed by the head of audit at kafili so that's our external report can be seen as appendix one and happy to answer any questions thank you Martin not an odd question but it's not observation I think it's a terrific outcome for you and the team Jan and I think generally conforms is such a a sentence which doesn't convey how good a report it is because there is no higher level than generally conforms it absolutely conforms is what it should say and I'm really pleased so congratulations you and your team yeah thank you and with clearly I would echo those remarks so it's a well done please pass on our gratitude and thanks to your team as well are there any more questions or comments no okay in that case we conclude by noting the various satisfactory reports many thanks okay item nine the implementation of internal audit of three recommendations back to you Jan please thank you chair yeah so my final report is the monitoring of implementation of recommendations issued during the 22-23 financial year so the purpose of this report is to show committee provide committee with an update on the progress the operational managers of it have made implementing these recommendations and to also confirm that this report has been presented previously to the council strategic leadership team so again a requirement to the public sector interlord standards is that we monitor and ensure that management actions or recommendations have been effectively implemented or that senior management have accepted any risks of not taking appropriate action so we conducted our follow-up work in January 24 we excluded one report which was issued with a limited audit opinion which was our lady in st michael's primary school due to the unfavorable opinion the school was subject to a formal follow-up audit visit which took place during march 24 so the results from the follow-up audit will be reported to the school chief order to answer the governance and order committee in due course during the next meeting but i can say that it was a more favorable opinion our approach to completing the follow-up work was based on the fact that all recommendations and action plans are for managers to implement within their agreed time scales so the most effective use of our resource was to contact managers to complete a self-assessment they provided the details as to the progress made and we reviewed the responses to ensure that senior management have taken the necessary action so overall during the 22 23 financial year we issued 82 recommendations and table one within the report provides a summary of the findings it's pleasing to note that overall 84 percent of recommendations had either been fully fully or partially implemented where they've been partially implemented um the details of the actions taken to date along with the revised implementation dates were provided by the manager and reviewed by the audit team and we were happy with the with those explanations there were eight recommendations which was stated as not yet being implemented the reasons for their delay was reviewed by the audit team and new target dates for implementation were confirmed were confirmed by managers as table two shows the majority of these were due to a timing issue we followed up in january of the eight five of them were due to be implemented by the 31st of march so that it was already entrained the actions were already being taken um the other actions which are delayed between june to december there are reasons why and were comfortable that those revised implementation dates are correct there was three recommendations where managers effectively decided to accept the risk associated with the original audit findings although it's disappointing to note that the recommendations will not be fully implemented we are of the opinion that the acceptance of these risks will not result in any undue risk being borne by the authority um this report as i mentioned has already been presented to a meeting of the council's strategic leadership team in february this year um chief officers are made aware of the recommendations outstanding within their portfolio and the chief executive has asked that all chief officers review the report and satisfy themselves that appropriate action is being taken by management especially where the risks have been accepted and that the chief officer was also comfortable to accept that risk in addition to management um so that's the report and happy to answer any questions okay thank you very much well i have any questions or comments for honest reports please okay no it looks like a clean bit of health clearly um if anything changes in terms of example the chief officers disagree with the view of their fairs um as direct reports please update us otherwise i think we can note those reports and be comforted by what's been set out there thank you once again we now move on to item 10 item 10 is the proposed future delivery model for internal audits and asked peter davis our chief deputy chief executive to introduce the paper over to you peter thank you chair um i think this has been a subject of ongoing reference for the benefit of the committee to understand how we're gonna look to consolidate and move forward with the internal audit service and given the former chief internal audit Andrew watson uh leaving probably about 12 months ago and committee will be aware that we were exploring conversations around a variety of potential collaborative endeavors and notwithstanding you know yan highlighted the interest earlier but yan has been working very closely with me and through variety of other conversations to look to develop a much more mature position and obviously a business case that looks to present a set of options and obviously a recommended option to move forward um undoubtedly i'm you know working on the basis that uh committee members have obviously read through the report and you'll see that uh the conclusion that is reached there um is for us to recommend that we remain actually in house but importantly to consolidate uh both the resources the skills and and the nature of the roles uh within the team um and that's uh as a consequence um and i think as the committee will will know um um i think uh it's been certainly a desire of mine and certainly the chairs as much as the committees to to make sure that uh you know we draw um swift conclusion uh in terms of the you know the way forward um the report i think has uh rep you know represented in in report form uh quite an awful lot of work that's gone through by way of discussions and and and looking through the detail and you understand i guess by the options assessed uh that those uh those aspects of uh looking at cost and independence and flexibility that each of those models obviously offers um some some of those options uh i think that we were exploring fell away quite quickly by way of the conversations that we sort of evolved um and um you know you even though that they uh stood on similar fair footing i guess in terms of their scoring um i think probably the most mature collaborative arrangement um and probably potential option for us in comparison to the in-house option was uh the regional intern lordit service that's uh currently in place um but we've you know engaged in a number of purposeful discussions with them uh around that and they've uh to their credit they've been very open in terms of sharing of detail and information booked in terms of structures and costs and the like um and for us to be able to assess and weigh and understand that uh against uh i guess the option that we're recommending to remain in-house um you'll see from the report that um uh in fact uh if we had been to entertain the regional intern lordit service that would have actually ended up costing us more um yes i understand uh there is invariably a point in terms of resilience which is what will come into play when whenever you look at any collaboration uh in all honesty um but i don't think that uh in fact outweighed uh i guess those other factors of cost uh and independence and flexibility is afforded by the in-house model i think it's important to note the experience that we've had um and mappy to put that on the record in terms of i think any you've seen it you know meeting on meeting in terms of you know what yan has uh look to achieve uh and to the i think the questions about the morale of the team uh earlier um i've uh um you know been very much uh in a place of having that straight talking discussion with the team and with yan um and i've welcomed the nature of them coming back to me uh quite early on in terms of informal feedback and that you know they're very very pleased um in terms of the trajectory they've taken and under um yan's uh leadership um but i don't i don't think i need to tell you that um i think you've seen that so um in the quality of the reports that are coming through um so naturally um and this is an important part i think of just you know i'm talking here publicly on live stream um you know i do want to thank um the regional internal audit service for the opportunity they've presented at this moment in time um and it's not to say that there is any door shut on any collaboration actually um you know you're going forward i think that would be sort of a naive statement to make i think uh yan as well as myself recognizes that the the world doesn't have a dynamic and changing place i think we all know that um but certainly i want to offer the team stability in order to consolidate off the back of what's been a really good first year under yan's leadership um but i've you know i've rightly had to uh demonstrate that through the um the business case and the report that's in front of you today um i think that the sensible decisions through both of us uh myself and yan and working with the team i think it's um it's been recognized the slight change of shape of the team's structure i think the need for a full-time equivalent chief intern in order to i think um is is is quite key um and i'm not gonna i don't think i'm gonna criticize the the previous arrangement where we shared one with new port um but i think by the the experience i think of or at least having the opportunity to be able to consolidate that more fully as as one full-time equivalent um i think given the environment that we're in nature of the debate today and in terms of you know um having somebody who's going to be able to offer that level of dedicated time in that senior role and that senior position and we've got to go through process uh in and around that um and that's the uh the interest you're showing um clearly at the outset of the meeting um but i think the fraud aspect is also very important as well in inherent within that um i think yan um and i think well i think we both knew and i think the committee knows that there's a need to um i'm not going to concern around our arrangements um i think i just want um an additional level of rigor in and around those arrangements and again given you know we talked about risk through this meeting you know and that's an area that all public bodies um you know are facing um into in terms of those inherent risks of of fraud as much as you have shan and kath uh come in to talk about cyber security you know there are areas that we have rightly invested in um in recent years to strengthen our capabilities and i think now is the right time to do the same uh in and around um our internal audit work so so yeah the report i think uh talks to itself um i'm really interested to just sort of get feedback from the committee um and to hopefully get the endorsement of the committee to sort of move in this direction and certainly for this uh this next period of time so thank you. Thanks very much peter we'll go to questions we'll start with tony please yes thank you chair um the two questions well i want to comment and to tell us a question 4.11 you've touched on the detachment of a shared service without your experience of the previous way we operated or was it a shared service or a shared person at that time the other question is um there's an indication that there's an increase in fraud um have you been able to identify where that fraud why has he increased where it's come from i noticed we've got detection regions to find it out but is this something pre-pandemic or post-pandemic just caused um a lot of work and things like that which might create fraud like i'm assuming it's fraud within the organization rather before the organization so in response to the first question um it was a shared post it wasn't it wasn't a collaboration in the fuller sense um even though i think you know a deepening of collaboration with newport um was one of the options that is obviously presented in the paper i think newport um and i think if um if mary and my my counterpart was here today i think he probably acknowledged one in the same they're in a they're in a different position to us as a result of um i think vacancies that they've suffered through a period of time they've looked to buy in from the market and i guess they're they were in a slightly different position in terms of understanding fundamentally what their next steps were i think in the way that we've been able to consolidate um you know over this last year we we we're in a different position really in in assessing our options um but um so yeah on that one and again to my only comment there's no criticism there in terms of what was there before um i think it's just the opportunity of time and for us to assess uh you know what what the most appropriate next step is um sorry remind me on the second question sorry fraud fraud yes regarding the preponderance or are you as a word preponderance it might be wrong of an increased level of fraud i find fraud prevention obviously is this something which has come from post-pandemic so i might be home working so yeah so i guess if we if we if we if we sit the pandemic very specifically when we talk about things like business grounds aside um then you know we've we've not we've not got a pattern uh of significant fraud um even even despite the fact that you know we've got good arrangements in place um the the increased incident of fraud is something that is being seen across public sector so um invariably we we would be complacent i think to just sit on our laurels of low levels of fraud and just be comfortable um with the arrangements that we have um so um you know it's the need now for us to establish now that um that more dedicated role and um you know that conceivably inform i guess me and yan and the committee and in terms of and in the similar way to what i just touched on and with cyber security um and how we've evolved that in recent years you know that will that will guide us again in terms of the next step of our journey any any other questions or comments Martin thank you thank you Peter i'm a little surprised i guess that it's cheaper to be in house than to join with other organizations and i think you inferred that that's because we pay less um pay less and the gradings in which they in which the way that they assimilate okay across uh because they they sit differently and in terms of with the regional internal audit service uh to us and um that leads to upward trajectory in terms of assimilation over okay so it's a combination of it's probably probably the latter more than the former i think isn't okay so i was thinking about the risk is clearly if there are other organizations which are paying more for services we won't have yan for long because he'll go and get more money somewhere else for example for example of course he wouldn't easy loves it here and the other thing about having a smaller team is the specialties and it doesn't it isn't directly addressed i don't think in the paper things like cyber and it's very specialist areas where we have that facility in household we have to go buy that in yeah i think um i think it's the extent that we need to determine as to whether that needs to be drawn in or it can be developed i guess inherently within the team um so also you know it's kind of a conversation to be worked through so for example if we take something like the shared resource service the SRS which you've you know had a level of exposure on in in the last cycle and i guess Torvine has got a level of experience in that and undertakes the internal audit work in that area so sometimes you know that answer is not not not not too far away in terms of being able to identify the means to achieve that thank you that i think i think that's helpful i'm i'm supportive of the paper i guess because it's a it's a reasons positioned to be in but it feels to be running against the way the world is moving in local governments where individual organizations can't afford the standard they've owned yet in this case we seem to be able to and the clearly works out to be the case i wonder whether there's a lot of coverage on committees and sharing across grant etc but that got hula quickly purely on in this isn't it yeah and i'll probably make note of because it's public our seat RCT stepped away from the regional internal audit service in recent months you know they all have done that for their own reasons and in in terms of i guess as i understand it a bit of a consolidation and focus in terms of their own their own internal governance because they felt that i think in the way that it's been described at least it's you know it's allowed them to come back to i guess that bit around flexibility and being able to you know be able to really clear in terms of where you direct your internal audit resource so it's just you know it's just worth to note that and then the other bit on collaboration is you know collaboration in all walks of life in public service needs to be very carefully thought through you do not just collaborate for the sake of collaboration it's got to be for the right reasons so yeah and any assessment it's got to be a thoughtful one okay um Phil please yeah i was pleased to see the enhanced structure particularly in the current climate um quite refreshing really to see a team enhanced rather than depleted so yeah i mean obviously you accept that if we lose somebody there's there's a problem within the team but that's life isn't it um but no i think it's i think it's the right proposal i was just going to touch Peter on on our CT because i understand their model was to move performance closer together with internal audit which i you know that seems a bit counterintuitive to me that you know internal audit you know can hold performance back and and then perhaps not not best place to be too close together so i'll see i mean three moments of experience of me that perhaps that's uh that's the answer for someone else but uh but it didn't seem sensible to me okay i'm not seeing any of our hands so a couple of comments and one question i think um thank you Peter for paper i'm grateful to officers for early sight of draft of this this paper and the opportunity to provide feedback um i think it's it's a very good well thought out paper and clearly they're supportive of the recommendation i think it was important for our people that is the staff and this committee that we give certainty in terms of what the target operating model was and come to a swift and very sensible conclusion so yet again thank you Peter for your hard work in pulling this together so i so clearly clearly the recommendations accepted my question is is around timetable and all next steps i think the paper will say onto that could you just give us some insight in terms of what the next steps are please yeah thank you chair just remind me it just allows me the opportunity to come back in because it was one important piece i forgot to mention which is that um as you naturally expect it part of a proper process there's been a level of staff consultation um you know this extended obviously beyond yan but with the rest of the team um really good feedback received um but you know again very supportive in terms of the direction of travel um but not in a way of it the the option that being chosen is of course the option of least change for such colleagues they have actually come back in with very constructive uh comment i guess and in terms of how this can actually look to um put uh the internal audit service on stronger footing going forward um so that's that that's just good to acknowledge um so we've so we've already been through that uh hurdle back to your point on timeline uh so that's cleared so on the basis of um an endorsement uh today uh by the governance and audit committee we will be almost immediately looking to uh to to make move therefore um i'm looking to try and streamline uh the process uh as uh as much as i'm able to but obviously in in office offering fair opportunity i guess for the for the roles that are obviously um brought forward as part of the process um so you know i wouldn't want to get oh touch wood uh i wouldn't want to get passed um and the summer really uh with us um not having this uh or implemented in through okay that sounds positive thank you very much so clearly you have a committee's endorsement and look forward to an update in terms of when it's actually been implemented thank you once again we'll now move on to item 12 item 12 is the reformatted uh committee forward work plan may i just pass my thanks to wendy and i think Cheryl for the work they've um they've been involved with in terms of developing it i was content of the content uh but were there any questions or comments members no we'll then move on to the minutes of a previous meeting yet again i've reviewed vv's and they have no particular comments or questions but may look to members for their views happy to approve okay we will we will we will approve those minutes thank you and the final um the big part i shouldn't just confirmed we've already addressed item 11 so so at the top end of this meeting the final then that is to confirm the date of next meeting hopefully this new diary is 6th of June and think that concludes this committee meeting so thank you one and all [BLANK_AUDIO]
Transcript
Okay. We will now move to item three public open form. May I just check Tony? Your mic is on. Did you wish to speak? Okay. Public open form. This is the opportunity for members of public to address the committee to raise any concerns or relevant matters. Wendy, have we any members of public who wish to address this? That no chair. Okay. In which case we will move on to the action list. There's four actions in the action list. We'll start as this tradition with the first one and that's in relation to a paper, possibly an informal paper on finance team capacity. Members will be aware this is a long outstanding paper. So I can see John Davis head of finances on the lines. John, can we kindly give an update in terms of where we are of this paper, please? Yeah, afternoon, everyone. And thanks, Chair. Yeah, I think I communicated via email over the past week or so that the paper is near and completion. It's not a paper that is going to come in front of the committee as a report as such. So this is very much an operational paper that outlines the changes required to the finance structure. It's, as I say, near and completion. So I'll hopefully be able to share that with yourself. Chair, at the same time as it goes across to Peter has in his role as chief officer for resources to be able to consider and sign that off in the Peter's role. So yeah, hoping to be shared this week. It's near and completion. It doesn't mean an easy one because it encapsulates quite a few temporary arrangements that we've had in place. So just needed to bottom those out before bringing that forward as a final version. Hopefully that gives us an update. So John, thanks for the update. We did discuss it. We're at the pre-meter week or so ago. Given how long it's taken to see the light of day, I did strongly indicate that I'd want to pay per bike end of this month, which is effectively tomorrow. So I would like it. Water and all tomorrow, please. Are you happy to do that? I'll work towards that, Chair. I'll take a look through and hopefully share something at the same time that is sent over to Peter. Thank you. Much appreciated. Okay, we've gone to the actions. Actions 2 is not due until next month. I'm not going to go to MAT unless he signals that he wishes to update this point, but I look forward to seeing that paper at next month's committee. Item 3 is included within Richard Jones' excellent paper on risk management and item. What is it? It's fair. Item 6, conceived of looking. So what I'm going to ask Peter Davis to provide an update unless he wishes to at this stage and similarly item 4, that's not due until late in the year. So no update of this point is required. If we could then move on to item 5. Item 5 is the Audit Wales Program Council Board of Wales Work Program Council Progress Update. And I believe this item is going to be introduced initially by Hannah Carter Performance Analyst. So Hannah, over to you, please. Thank you, Chair. Yeah, so today we have the Audit Wales Work Program Progress Update for members to review. This is a six-monthly report that was last presented to the committee back in October. So this report provides an update on the progress being made by the Council in implementing the findings of Audit Wales reviews. This includes both local and national studies published by Audit Wales. So for our local studies, recommendations that we deem require further attention are marked as open. And then when a recommendation has been assessed as been adequately addressed, it's marked as closed and an explanation might be provided. So the local reviews currently marked as open can be found in Appendix 1. These include a review into financial sustainability and also a review into asset and workforce management. As well as these local studies, Audit Wales also publish national studies. And whilst the findings of these studies may not always be specific to Monma Shaw or necessarily pertinent, we do share these with the most appropriate service area to consider their findings and recommendations and to respond accordingly. And the Council's management response to national studies can be found in Appendix 2. There's been just one national study published since the last update provided to the committee, and this is into regeneration of Brownfield sites. Something to note for the committee is that the management response template for our national studies has been adjusted very slightly to include a responsibility holder and time scale. And this is to ensure alignment with Audit Wales's organisational response forms that we are required to complete following these national studies. The committee is asked to scrutinise the Council's response to the Audit Wales work program and seek assurance that adequate progress is being made. And they are also able to refer any issues contained within the national studies for other committees to consider where they identify their findings that may require some further scrutiny. And I'm happy to take any questions that you may have from the report. Okay, thank you, Hannah. Let's go to members first for questions and comments. Martin. Thank you, Chair. Thank you, Hannah. It's a helpful report. If I write your reading this, these are only the Open Audit Wales recommendations, so there are some which have been closed. It would be helpful, not for this time, but for in future, just a brief summary of the ones that have been done just so we understand what action has been done to make sure we've closed that off happily. Specifically then, on the appendix one that's here today, and the finance proposals, the bottom one and the finance proposals on page six of the paper talks about robust details, review of plan savings brought forward to ensure impact on service deliveries mitigated where possible. And it says March 24. That's so, I presume that hasn't yet happened, always in progress. Yes, so this is referring to setting a balanced budget, which was then done in March 24. That's why it's not as much 24. So that action has been done. Ah, but it's because it's part of a bigger overall action, which has the opening of that way, it's a looping. Okay, that's really helpful. A couple of other places, however, where the actions are marked as ongoing. How on earth do we ever close off an ongoing action? Yes, I think that's the first point. I have closed actions as well. It's going to be helpful and I'll come on to the ongoing one. In terms of close, there aren't any actually within this report that close, but it's to say when we close an action, we will also include a rationale for closing it within this report. And also, I know all the way else colleagues on the call are planning further follow up work on closed actions as well. So that may help the committee and certainly help as an organisation. In terms of ongoing, I think it's a fair challenge. I think some of the nature of the actions is, Hannah's just sorry. Hannah's just pardon me. As Hannah's just described, we'll have a specific end date, so we'll set the budget on a certain date and we can see the actions closed. Some of the things we're doing are looking at ongoing incremental improvements to how we deliver in services. So, the one in front of me around the asset management plan has now been put in place. Within that, there are a range of actions and activities that will set out different milestones and measures which they want to deliver. It's difficult for us in one paper to wrap all those up at a headline level, too. But I think it is a fair challenge and something I think we'll take back to when we're working with service areas we respond to these, try and pin down clear timescale. So both we and you can hold them to account for delivery and I'm sure what it was, Connie, to say the same. Thank you, Richard. That's really helpful. What I don't want to do is force officers into setting realistic deadlines to get things done. So I'd like them to think about these things. And if it is complex, it is going to take a while, let's be honest and say it'll take a year, it'll take however long it takes. But I hate ongoing because you can never close it off, Connie. Thank you. Any other questions or comments, please? Okay. Before I turn to order Wales for various views on this paper, just to please say I didn't see you. With regard to the empty land and buildings piece, I'd note the response. I mean, we don't have the same issues in Momshire that a lot of authorities have do. And I know that officers are aware of where the brownfield sites are and what they are. And of course, it's great that the authority is sort of putting its own house in order first through the asset strategy. But I wondered whether we are actually meeting the challenge of being given with the audit Wales to be ambitious and interventionist and whether the sites that are around the county, are we aware of which collectively as an authority and being aware that that's very much cross departmental, are we identified those sites which are not coming forward in the normal, through the normal course of things, through the LDP or through anything else, and where the authority may need to intervene to avoid that site becoming a continuing beat to be a blight. I mean, I'm sure we can all identify a few around the county which are where there are ice walls where nothing appears to be happening. I think it's difficult for us to answer that when no sponsor of the service here, I think in bringing the paper forward with the committee, there's probably two roles. You've got one is a show on yourself around the initial response. The second one is if you think there are elements here that could be followed up in more detail, that could be something, for example, you refer on to a scrutiny committee, for example, to look at where this, obviously, I know the planning policy and the local development plan, for example, it is already part of the work program. Secondly, and more specifically, we can take that question away in us for the service here to provide a return response. So, I believe it to the committee to decide what further action I'd take, but I'm happy to take the specific question back to you. Thank you, Richard. Thank you, Sarah. You made some important points there. How do you wish to play it? We can ask the officers to come back to us with a fair update, or we could refer to scrutiny, or even potentially ask a relevant officer to attend this committee, albeit I'm not very keen at that last option. Have any thoughts, please, Sarah? Perhaps to identify whether we have a list, as an authority, do we have a list of the brownfield sites in the county and the sites in need for regeneration, and are we aware of the current status of those? I'm sure Phil will know more than I do. Phil, please, quite honestly, Chair, that's one for the replacement local development plan, which is due to P&M's by cabinet in September. So, I think Sarah would probably be better waiting until she gets that, because whatever there is at the moment could well change by then. Tony. Yeah, thank you, Chair. Page 11 on your report, I won't read all of it, but it says, this is the Council House, and can this directly involve communities in its development of the county, where you engage the stakeholders throughout the development of the replacement local development plan, et cetera. I won't read all the paragraph. I think that Yann knows what I'm coming from. Can you assure me that there will be that continued and regular involvement of communities rather than just righted down on you? I think, well, the response is given by the head of planning, placemaking, highways, it's a long title, highways, and flooding and regeneration manager. So, that's what they've committed to do in the response. I can't personally respond to that, Chair, but again, we can ask you if there's a specific question for the officer to respond. Yeah, so I do have some sympathies with Richard's view. So, Tony, I don't know if it's best asking that question directly to the officer outside of his forum, but if you're not satisfied, please bring it back, because it is related to the points within this paper. Yes, they've got concerns, yes. Okay, thank you, Tony. I kind of check, Sarah. Are you happy to wait to see the LDP in September? I am. Yes, thank you, Chair. I think that's an excellent suggestion from them. Okay, thank you. Just a few comments from me back to the finance proposals. Clearly, a critical set of actions here, and, you know, we have, as a committee, asked to be engaged in the development of a financial strategy, and I do note that the financial strategies on the agenda for our meeting next month, and I'm sure that that will come forward as appropriate, which is really, really important, and certainly sort of the scale of the action set out here, and what the outcome actually desired is pretty significant and critical to the continuing the viability of this organisation. So, look forward to seeing that, and also looking forward to seeing these actions closed out. Before concluding, may I just turn to Gareth Lucy and Jason Williams for their comments in terms of the adequacy of the Council's response, please. Thank you, Chair. Yes, obviously, a lot of these comments relate to historical reports and outputs that we've made. So, you know, we maintain a contact with Council officers in terms of those responses, you know, and carry out a range of follow-up work as well as appropriate. So, you know, that work then provides us with the assurance we need that those are being taken forward. So, I want to use a combination of that ongoing dialogue and the follow-up work that will provide assurances in the Chair. Great. Okay, I take that, but you are broadly comfortable with what's said out. That is, there are no further contour indications. Thank you, Gareth. As I mentioned at the pre-meet, we will now move to item 11. Item 11 is the Ordes Wales Performance Data Review, and I'll turn initially to Gareth Lucy to introduce the item. I think Jason Williams will then provide a bit more detail, and then turn to members for questions and comments. So, back to you, Gareth, please. Thank you very much, Chair, and good afternoon, everyone. Just to introduce myself, my name is Gareth Lucy. I'm the Engagement Director with Responsibility for Delivery, of all audit work here at Momshire County Council. I've recently taken over from Anthony Ville, who has previously held the role. So, just to introduce this work, first of all, before I introduce my colleague, Jason, into to talk through some of the detail of the findings. So, this is a report on the Council's use of service users of perspectives and consideration of outcomes when it comes to its performance information. This is a piece of work that we've performed across all 22 local authorities in Wales. So, isn't a local audit risk that we've identified as such. This is a piece of thematic work that we've carried out all across the country, this report therefore forms the local output of that work for Momshire. We got 21 other reports similarly being presented elsewhere across Wales, too. It's worth flagging up at this stage that this is a report focusing on the use of service user perspectives and outcomes within performance information. So, this isn't a wider review of the Council's use of performance information, so its processes or its performance in that area. This is looking at a specific element of that. So, I just asked members to bear that in mind as they consider the findings of this report. Hopefully, everyone's had a chance to read the report in detail to see the main findings coming out of it. You'll also see after the report in the agenda PAC, the Council have also completed our organisational response form on page 1, 2, 3 of the PAC. That summarizes the Council's response to the recommendations that we've raised in the report as well. Although Jason will come on to those in a little more detail now, fundamentally, we're satisfied at this stage around the content and sufficiency of that response from the Council as well. So, with that all summarized here, I'll hand over to Jason now, we'll come up through some of the details of the report, and then hopefully, we can hand over to a Council officer then for a response in terms of their response to our report. Thank you very much. Yeah, I'm Jason Williams, senior officer with Audit Wales. I've been working on this particular review, amongst others, and just to follow on from what Gareth has said, we carried out this review to answer the key question, which was, does the Council's performance data enable senior leaders to understand the service user perspective and the outcomes of its activities to effectively manage its performance? We explored the performance information that provided the senior leaders on the perspective of service users, the information on the outcomes of the Council's activities and arrangements to ensure that the data provided is correct. The overall finding that we came to within the report, and this is all detailed within the report, and I'll just pull a little bits out as we go along, but the overall finding was that the Council provides some performance information to enable senior leaders to understand the perspective of service users, but informational outcomes was limited in restricting the ability to manage performance effectively. The reviews findings then, which fed into that overall finding, were as follows. So performance information provided to senior leaders includes some information, but it does not enable them to get a comprehensive understanding of the service user perspectives. We did find some examples of performance information, which would help senior leaders understand the perspective of service users, but overall we found the information on the perspective of service users did not enable senior leaders to get a comprehensive understanding of how well services and policies are meeting the needs of service users, particularly given the breadth of services are provided. Our next finding was regards to the performance information provided the senior leaders to help them understand the outcomes of the Council's activities as being limited. So we found some information about outcomes. Much of the information in the Council's report is based upon outputs, however, and quantitative measures with limited evaluation of those outcomes and the outcomes of the actions. Our next finding was around the Council has limited arrangements to ensure performance data. Reflecting the service user's perspective and the outcomes is accurate. The Council has limited arrangements in place to routinely check the accuracy and quality of data and performance information. There were things such as performance measures guidance, which we looked through in the principles and of development and checking performance measures. We looked at performance team and take sense checks and in consideration we found that inaccuracies with performance information may not be identified if anomalies were not noted. So another one of the points was that there has been no data quality orders that we had seen in the past four years and as the Council has limited arrangements, therefore, to assure itself that the service user perspective and outcomes data is accurate, there was then deemed the risk that performance information presented to senior leaders may therefore be inaccurate. Our next finding. As information provided on outcomes is limited, the extent to which the Council can use this information to help it achieve its outcomes is also limited. Some performance information to enable senior leaders were found to understand the perspective of service users, but information on outcomes was found to be limited and where we did find examples of the Council providing information, we found some examples of the Council then using that information and making changes. The next finding was that the Council recognised that it needs to strengthen the quality and range of information available to it. The Council has set new objectives in its community and corporate plan with a focus on developing more localized data to better understand the lived experiences of its residents, so that was stated. It will be important for the Council to benchmark and compare its performance arrangements, however, for collecting and reporting on outcomes and service user perspectives with other organisations. So having gone through that, coming to the final overall rather conclusion and finding, we came up with three recommendations, which I'll just summarize as in. The first was about the Council should strengthen the information it provides to its senior leaders. The second was that the Council should strengthen the information provided to senior leaders to help them understand the impact of its services and that's with regards to outcomes and then the third was the Council needs to assure itself that it has robust arrangements in place to check the quality and accuracy of the service user perspective and outcomes data provides to senior leaders. That report was produced, agreed, it's been agreed with Council and it has been submitted with an ORF, an organisational response form. As was mentioned by Gareth, that's been returned to us and our conclusion in that is that the Council's response to findings together with their planned actions was deemed sufficient and appropriate and that's basically it from, I believe, thank you. So thank you, Gareth, thank you, Jason, really, really helpful introduction. From my perspective, a very important paper and indeed it's a real challenge, not only from on the shy bet, but for other local authorities in order to sort of address a number of these recommendations. So before going to members, I note that a number of these actions, Citry of Richard Jones, Performance and Data Insight Manager, as well as with Matt Gaethaus. Richard, did you want to say anything at this stage in terms of your confidence in delivering those actions, please? Yes, Chair, I think overall again, thank you for the audit, Will's work on this. It is timely, as mentioned, flipping the input from Jason, we set the community called Brown, looking at developing our outcomes of this piece of work from what it well is to inform that. It's helpful, I think, what I'd give some assurance to members is that we have some arrangements in place and we have performance monitoring reporting in place, we have a performance management framework in place and we have regular timetable of work plans to report those in. I think what the report challenges on is strengthening that to focus on outcomes in the services perspective. Some of those things we have in place, I think the report cites some of those examples around things like our self-reloration report, things like our directors reports coming from chief officer in social care health and chief officer's children and people, but nonetheless, as our management response covers, we're looking to strengthen those arrangements in the coming months and years ahead. So, in terms of the key actions, there's a couple of key things we're looking to do. Firstly, is strengthening the measures within the community and corporate plan to try and make sure there's focus on outcomes and the service use of respect as they can be recognizing that no one number alone will fully reflect that and actually, I think as we've talked to this committee for about our self-assessment arrangements, bringing a wide range of evidence to support our self-assessment will be important and that won't just be quantitative evidence that will be qualitative as well and sometimes that will take a while to develop review, evaluate and bring that forward which is partly linked to one of our key second actions for both the first two recommendations and working with service areas to strengthen their own information gathering and assessment through their service plans as well because it's that that then for feet and vocal but reporting and the service areas are the ones closest to the service uses and the outcomes where they're being delivered as well, but again, just to reiterate, there are arrangements in place for that and we do have good examples where that's in place nonetheless, it's about making sure that practice is even and consistent across our range of services as well and the final action there that links to our self-assessment arrangements which I've already covered and then finally around the third recommendation around the quality and accuracy or information again, Jason, hopefully we'll do some of the arrangements we have in place in terms of, you know, providing that assurance to ourselves around do we have robust arrangements to check, to check quality sure performance data, I think a big part of it for us is it's not looking just at the name and point check but looking at data for its life cycle, so looking at when data is first, when it's first entered, how it's stored, how it's exported, how it's exported, rather dated and reported and you know, I think the way we're looking at our actions takes forward around the data material assessment, it's looking at across that whole life cycle including some of the processes we have in place to do some of those end-point checks and part of that, you know, I've spoken to Jan as well in terms of the work that we can jointly do within an audit, the strength and some of those arrangements as well, so that's a brief overview and confidence in terms of where we go next and I'll see a report on that committee, I don't know, Chief, if Matt wanted to add anything. I think there was a sort of fairly comprehensive initiative input from Rich and also just your chair as needed to pick up any subsequent questions from the committee. Great, thanks both, so I'll have two members for questions and comments, either towards Wales or to officers. Only a quick one, Chair, just a bit of clarification really, on a general point. All these Wales, in particular, there's various references to effectively or what appears to be effectively accepting the reports that have provided to senior managers as being correct if they're doing a financial audit, that the information provided by officers and internal audit is correct and then there's a heavy reliance upon us getting what we give out that they look at being correct. So my question is, what tests go on on that? You know, are we actually hanging ourselves when perhaps we shouldn't have done? You know, this general question about how the effectiveness is worked through. Thank you. So I think that's essentially a question about data accuracy and integrity. Richard, do you want to go with the answering right, please? Yeah, thanks. Thanks, Councillor MURPHY. It's a good point. Again, I think, probably look, it's a different area's responsibility and then at each point those are different areas in essence of check. So we take performance data as a line in this report, so obviously we'll have a responsibility holder in the service area who will be generated in producing that performance data. Part of our response round data maturity is making sure that they have the skill support awareness they need when they're producing the data to think of it through that lifecycle. So has it been entered correctly? Are they validating it before then they pass it on to be used in the next chain in the cycle? As you describe, the next part of that in terms of if I looked safely at the arrangements having place with a community and corporate plan performance measures, which are important to us because they are our headline measures of our objectives as an organisation, we have, as described in the report, definitions, proformers in place, which would calculate things like variants. We'll ensure that the officer providing information is signing off that they're happy it's accurate. If there are variants, it's like that we as a team will act as a potential another check in that process to test then why is something varied? Have you had a changing process? Have you changed your system? Has the performance gone up or down that much? Why? And that's another check in the line. And obviously we then report through two committees as well, who at the end point have a scrutiny challenge role. I know in using with the response to report with into an audit colleagues of our new into an audit part of their work programme, we're required or we're on a risk basis to be important also to test out some of the performance data and data arrangements services have in place. So I think it's we have a process in place but for me it's not just the process, it's making sure that the culture, the skills are embedded within that and that's where I think our response will help working as a performance team and in these and with the with all the colleagues as well as our whole system. Thanks for that which obviously a lot of care taken there but can I just turn the question on on audit Wales then please and just see what their perspective is on that. Do you want to repeat your question for Ben for Wales? Basically even though you have acknowledged the amount of care which is taken in preparing reports and the information provided to you, what checks do you carry out to make sure that that is in fact the case? Yeah thank you Chair and thanks to the Councillor for the question. Yes ultimately this is kind of the skill of the job ultimately as an auditor is to assess the data that's put in front of you and come to a conclusion as to whether it's something that can be relied upon or whether further work needs to be done and if further work needs to be done what that work therefore is. So some professional skepticism is really what underpins the work that we do. It's really just carrying that mindset forward to review every piece of information we get be that for auditing the accounts or for a piece of performance audit work and constantly assessing whether that is a viable and accurate piece of information and sometimes that's more straightforward than others. So sometimes it's externally verifiable, sometimes we may need to stop colleagues who may have greater knowledge and assurances in this area, sometimes it's as simple as just asking through the questions of the person who's provided it and getting assurances that way. There's no set of approach ultimately but I suppose just please be assured from our part that this is something that underpins all of the work that we do, that we're never taking anything at face value and as an external auditor's we have to question what we're provided at all times. That was the anticipated response, thank you for that. Okay thank you Gareth. Have any Martin please. Thank you Chair. I guess this is which is this is probably view in the recommendation responses. As you mentioned the recommendation is one-on-two, there's a bullet that says support service managers to strengthen the use of evidence. How are we going to do that? Is that going to be a training courses, training people how to use data? What does support service managers actually look like? Yeah I think it'll be a range of things. So for example, Anne and I are responsible set up service business plan process as part of that. We have a range of guidance training materials that we'll provide managers with either generally offered or offered on a support or need basis and we'll be developing some new retailers part of that. So for example we'll be looking at doing some video recordings so we can have training available. We'll make people that hold in a specific session and also that will be part of then we're part of the various networks and performance networks. We may draw in specific training courses or support as available as well. So we've got a suite available I think the challenge and audit way as a report is a welcome moment in terms of that focus on impact. It's something we identified in our self-assessment process as well. So yeah there'll be a great emphasis now as we move in the next few months into through the service business planning to focus on training and supporting managers around ourselves more so than we currently do. That's really helpful thank you. Sarah next please. Thank you Chair. I think Melty has asked one of the questions I was going to ask. This is a really welcome challenge and very much echoes. I know what I know is the the administration's commitment to put the citizen experience at the centre of everything the council does and to use data robustly. I will also go to ask about the the training and so on but I'd like to ask audit Wales is really how do we compare to other authorities in that. Perhaps this is not something you could answer in this but I know that we're always ready to learn from good practice elsewhere. Thank you. Are you able to answer that Gareth? Yes yes absolutely and thanks again for the question. I think this is the really useful thing about performing these thematic pieces of work across all of the 22 councils as it allows us to compare also allows council officers to compare contrast, share and learn and ultimately that's what we're hoping for from this piece of work is it'll it'll act as that catalyst for discussion and sharing. Ultimately the I think the conclusions we've drawn here are fairly consistent with what we've seen elsewhere. Again wouldn't want to sort of pre-empt any other reports which may still be going through this process but they'll all be findable on our website later on anyway but it's fairly consistent. I think we found these sort of general themes of potential improvements that could be made in terms of enhancing the perspective of the service user and outcomes as part of performance management data. So I think the findings that we have here are certainly not unique. We certainly have seen similar themes elsewhere and what we'd hope now is let me say councils could get together, share information and learn from that but I suppose just as that final piece of reassurance you know what you see here is not more much of being an agglaya. I'd say this is very much part of being one of the past clearly and it's just a matter of now the steps from here to further that improvement journey. Okay thank you helpful Richard we'd like to come in there please. Just to add and thank Harris for that helpful explanation just to reassure the council that we're also part of network with performance colleagues across other organisations particularly through the WLGA and as we look to develop out our use of outcome measures we're looking and we're networking with them in terms of other practice we can we can learn from and share. Audrey please. Thanks Chair. It was only a quick one for Richard I was just thinking in terms of going forward. I just wanted to double check you don't actually get to name them but have you identified the service areas that are going to need additional support in doing that the outcomes, evidence in the outcomes and where they may need additional training. Yeah and I think we're all going to look to be more targeted so as part of our service business planning process we do a quality assurance process. I say we kind of largely largely leads that and a hand is in a piece of work to review all all 50 of our service business plans looking at the quality of the different areas and where those who perhaps need more support in different areas not just self-assessment but on things like risk for example others we'll we'll be more targeted using that information we've got to focus on certain areas and supporting them to strengthen the arrangements initially but really equally there will be an offer open for anyone within the organisation who wish to take it up as well. Okay, you're not seeing any of our hands raised so let's conclude this matter. May once again thank you, thanks, extend our thanks to Gareth and Jason for her contributions please feel free to stay but also please feel free to to leave as you as a dean for it. Many thanks. Thank you, Jane. Okay we'll move back to item six which is the Risk and Management paper. I think this paper is going to be introduced by Richard Jones, Performance Data and Insight Manager and Hannah Carter. I understand there's going to be a presentation, I don't know which all you want to take it but maybe is the presentation first or do you want to introduce this paper which is easiest for you Richard? Okay, if I introduce it and I hand over to Hannah who will share a screen on the call for everyone just to talk through a bit more detail about the changes and updates to the Risk Management Policy were proposed as part of the paper. So yeah thank you that chair. So there's two main parts to paper before you view to the committee. First of these to seek your feedback on our proposed revisions to the Strategic Risk Management Policy which just said Hannah will talk you through shortly and the second is to provide you with our own assessment of our implementation of our current Risk Management Framework and also to provide you with an overview of our current student risk facing the organization which I would be familiar with is part of our regular six-monthly reporting to you as a committee. Just briefly provide a little bit more context on some of those parts we'll hand over to Hannah. So in terms of the update to the Strategic Risk Management Policy to have a little to remind you why we've undertaken it now both in terms of our own self-assessment arrangements, the feedback from this committee and the feedback from interlord and our general desire to strengthen risk management and the organization's sort of led us to complete the review before you today and obviously the evidence feedback from all all those sources including yourselves has been considered as part of the policy. So thank you for your challenge and support in it. It's so far welcome anything further today. I think it's going to emphasize that the policy review has largely built upon arrangements we have in place. It's not looking at radically changing the basis and foundation we've got which I think it's worked as it's looking at strengthening and developing on our arrangements through the policy and we've presented three parts to pre-part to you tonight today. Firstly the policy itself secondly the risk appetite statement which obviously a key development within the policy and thirdly we thought it was helpful just to attach the sporting risk guidance as well and this is one of those as I mentioned earlier one of those many guidance documents we have in place to support services to actually implement some of our policies and in this case this supports the supports of guidance. This supports the policy sorry but as it's guidance it's not you know formally part of it but we thought it would be helpful to share with you as part of your scrutiny. The second part is our effectiveness of our assessment of our effectiveness of current student risks. Again this is building upon I think the last assessment review which was in February one of key updates just to bring your attention to which we factored in is we've had the conclusion of the internal audit review of our risk management arrangements which we we've considered as part of this assessment and then that gave a reasonable assurance rating you know with some areas of strengths and some areas of development and lots of which have we've embedded within the proposed revisions to the to the policy and then final part is to provide you with an overview of our risk register. So the main update changes to risk level summary of the key mitigating actions that have taken place that have been delivered or behind schedule in some cases in the last in the last six months since the last brought to you and as as you're familiar with now the responsibility to scrutinize the actual fall detail the risk register will go to performance and overview scrutiny committee in May and the the fall register will then also represent its cabinet to be be endorsed in in June. Finally today I don't know if you're going to cover the action points on the work role now would you want to come back to that? Coors just become back then because there's a lot here which need to to unpick it so finish the introduction and then go back please. I'm going to do a guide you through the policy changes. I'll just share my screen and we have a short presentation to go through so hopefully everyone can see that. Yes. So Richard has just covered these main points why we've done the the review and the role of the committee and so if I just go through some key changes so firstly we've looked to expand the description and introduction of wider risk management arrangements that the council has in place and so this has helped us to link to tedious management with the wider arrangements and then also to provide an additional level of assurance to both officers and members and that the arrangements that we have in place are wide ranging and also robust. Secondly we've looked to adopt the three lines model which is derived from the UK government's orange book on risk management and so this has helped us to more clearly define the responsibilities for risk management including the separation of risk management and overseeing the risk management process and this will help us to delegate and coordinate risk management roles within the organization. Next is the introduction of horizon scanning into a policy so I'm sure you all know when identifying risks there's a need to look at both what's currently happening but also what is going to happen and so we will use this horizon scanning model to produce sorry risk radar report on an annual basis and this will outline potential risks that may impact more mature overcoming years so this will help us to identify key uncertainties and challenges that may affect our organizations objectives and operations and thus help us strengthen our risk identification arrangements. Next is the introduction of direct risk registers so these will help us to track and manage the most significant risks facing each director. We currently have over 50 service business plans and these all feed into our singles treated risk register and so these direct at risk registers will essentially form a middle man between these two and sit between them and help us strengthen our escalation de-escalation and risk identification process and will also help the directorates in facilitating more robust and often discussion of risk. Next is our risk monitoring reporting so we have worked to further define our risk monitoring and reporting arrangements and this includes setting out how each element of the risk monitoring process should monitor and manage risks and how these all link together and we've also worked to outline our reporting arrangements on risk management including the role of this committee in overseeing the effectiveness sorry of risk management process and the last significant change we want to highlight is our risk appetite statement so we have worked further to define the organization's risk appetite through setting a risk appetite statement and we set a risk appetite range for various categories of risk based on organizational activity so this includes Chijic, financial and environmental etc. The risk appetite range is from a lower limit of a verse to an upper limit of eager and we've gone for this risk appetite range model to allow for differing risk appetite to be applied to different activity that may be contained with the same risk category. This risk appetite statement will set separately to the risk management policy and this is to allow for more regular review and update to ensure it remains relevant and appropriate and so that's it for the key changes that we wanted to highlight in terms of the next steps for this policy and following consideration of feedback from this committee the policy will be presented to cabinet in June for formal approval and following cabinet approval we will work to embed the proposed changes and strengthening arrangements that are currently in place as part of a phase introduction and work with officers to embed this policy. Thank you. Okay thank you Hannah. Let's go back to Richard. Richard is going to pick up fee and pick up and cross reference to action three in the action list and highlight how we go into how this is going to be addressed back to you Richard. Yes thank you Jim. Yeah so so your action list contains an action around which corporate risk control policies is committee you should review. So we've considered this as part of the review of the policy as Hannah just outlined we identified under section 2.3 of the risk management policy other arrangement which are integral to managing and are part of student risks. So these are health and safety emergency planning, insurance, finance, internet audit, information governance and cyber security some of which I know you already have oversight of a committee others maybe you haven't had as much or or any site of it in your forward work program so far. So our proposal is as they are embedded in our link to our student risk management policy we think they're appropriate and logical that the committee has oversight of them. We've proposed in that as each arrangement each of those arrangements has different arrangements in place. It's important they're considered each individually and in context of the various governance and accountability arrangements they have but as a first step in your oversight to that we've proposed an in agreement with the deputy chief executive as well. We've provided your forward work program for July and I tend to bring together a composite overview of each of those as the first step in your oversight and then as a committee you can take a view from there. So that's our proposal to respond the action by obviously subject to your views cheering the committees. Thank you. Before we go to questions just to say thank you very much Richard and Hannah for great work here. I have the opportunity to speak to Richard several times and provide comment and feedback and much of my feedback has been addressed in the drop in the version you have before you which which really pleases me without wishing to constrain any comments questions or concerns. Yeah this committee has my personal view and it's a personal view is that this is the best articulation of the risk management framework I've seen in the public sector in Wales by quite some margin and it's a real sort of credit to the team involved with this and Peter if you could just take that compliment it is a great work and I'm really pleased with the progress made in terms of starting to articulate a risk appetite. That is a foundation for all good risk management and many public sector organisations shy away from that or paid lip service and I'm really pleased with the high quality intellect applied to this challenging piece of work. Saying all of that there's some real challenges now about operationalising and embedding this and this is where the senior leadership team and Dr Peter Davis our deputy chief executive to take an active lead in supporting Richard and team in this endeavor because it's essential to the ongoing viability and success of his council. I'll pause if you have a comment to make but let's go to questions and comments please members. I thought you'd look across at me then. I agree with what you say it was a slog going through it. I'd admit that it was a real slog but it was all there and you know it was difficult to punch any holes in it really but yeah it was a very very comprehensive report so well done. Thank you Phil. Peter. Yeah thanks Sharon thanks Richard and Hannah for that work. Just really something that perhaps we as a committee could recommend to perhaps front of the scrutiny committees or cabinet member to pick up on from the report and that's on 2.3.2 reference there to the Gwent local resilience forum and in particular to the community risk register. That register is clearly written for the public to read you know good see from the language and so on but I suspect that the great majority of our residents are blissfully unaware of of that document although no doubt it's hidden away well not hidden away it's it's secure somewhere on our on our website. I just wonder if we could recommend that some either one of the scrutiny committees or whoever have a look at whether we should be doing more to publicize that that register so that some residents they know what they can do to help themselves but they also know what we as a council can do to help them if if the risks become realities. Thank you. Thanks Peter. Richard able to give a response to that please. Yeah I think it's really important part of our arrangements and you know it's why we would innovate it in terms of you know we'll be looking at from an organisational perspective so relevant risks and one wish we came to council's delivery of its objectives we'll also feature on our street interest register as well I think in terms of you know clarifying the roles and responsibilities as I just mentioned is that emergency plan will be one of those areas linked arrangements that we've proposed and to bring back to you in in July you know clearly that register is an important part of it so in terms of you know any further action or oversight it might be you know helpful for the committee to receive that paper and then you determine any other further scrutiny or activities in result of that. Yep I've had some sensible way forward thank you Richard. Martin. Thank you Chair and I just reiterate your comments I think it's a terrific piece of work really comprehensive. This I presumably going to be some training alongside this again to make sure that people understand what their roles and responsibilities are and that's particularly the introduction of director at risk register I think is a really excellent way of connecting it feels like a big gap from 50 to 1 and hopefully that means that director at senior leadership teams can have the regular discussions with us. I presume somebody is the risk management champion over to I don't know if it's you Richard but somebody in the organisation is that's that role and so somebody put some challenge into the process so when the director of risk register is to exist and things bubble up to the corporate risk register that somebody says why that and what's happening here you know we just check it and being you know putting a level of challenge into the risk register I think that that would be important. There's a really interesting comment about risk tolerance in here which I always describe as the number of plates you spin at once and that's really interesting as well because you're going to have individual risks and they can add up into something considerably bigger so I'm pleased you've tried to articulate that. There's a section of risk appetite and I hear Hannah what you say about a range but I think that there are risk appetite statements are guidelines and then maybe exceptional circumstance where you go outside even even a range but if something happens that so the upside is so big that you might want to take that risk and I think it's worth saying it's okay to go outside these as long as it's well you know the management magic phrase and if all your whales are here they now they'd still say this well managed risk taking is what they're after so if you've considered all the episodes and all the downsides and you made a decision and it goes on they won't kick you with well that's what they say in theory I will hopefully we won't get that point. Finally on horizon scanning I think that's it's also great that you've mentioned that I just wonder there's a lot of discussion in the paper about world and UK events that might sort of come our way there's also local things which you might think about so I wonder how you incorporate some more local horizon scanning whether there's going to be a risk management group of sort of willing people who are going to have that sort of a little bit of blue sky thinking every now and again that might be really helpful and if you really want to give your risk register the next level you can actually have the horizon scanning built into your risk register in terms of how far away is the risk and I've seen some risk register as well as you've read up the green for the scale and the risk there's also a proximity alert which is which in some place they've used blue as the sky is blue it's a long way away or grey the clouds are coming and black it's raining and it's here and I think that's kind of helpful as well in terms of understanding how far some of these things are because if it's a legislation maybe a couple of years down the road but we know it's coming versus a Q&A now kind of risk thank you Richard thank you thank Martin for the comments I think you know overall it raises a very important point you're a thank you committee chair and everyone for your feedback there's a team effort particularly involving Hannah but a wide range of colleagues so we'll take that back I think the important point you've you mentioned there Martin is about then embed in this I think you know Hannah Hannah may kick me into the table for this but this is almost the first part the big part then is actually operationalizing this and applying it and make sure people train and stand what it means applying it within the context is meant to be applied and applying it robustly as well I think that you know that is the next step for us you know in terms of our self-assessment report we bring to you as a committee we will be looking to know both test ourselves on that and give you assurance or or any areas where we think we're still to develop you know part of our process to bring this forward over so over the next six to 12 months in terms of embed in different parts of this policy once it's approved by by cabinet hopefully in in June and that allows time to make sure actually that those requirements are understood the processes and structures where they're not currently in place or they need to tweak are changed and that that understanding of the arrangements are really important I think you made a good point about you know risk appetite it is those guidelines it's partly why we went for a range is to provide that guidelines but I need to be applied appropriately and you know both in terms of well managed risk taking which is ultimately the heart of of what this paper is trying to try to get to we do you know as a team provide some challenge to any new risks and move forward but ultimately also then we've got those responsibility holders within the process set out in the policy to actually make those decisions as well to determine you know what's escalated into yes late off the studio risk register and I'm guided by guidance as well then yeah thanks for the helpful comments on sort of horizon scanning I think an area that you know so could be valuable in your forming you know just the next few months for the next few years in terms of our risk management and our policy development as well yeah and certainly looking local as well as you know regional and national trends will be important again something will be you know keen to engage a range with you know both both partners locally and regionally and nationally in terms of the evidence we can gather to inform that and again you know some of those challenges will be unique to mama show but some will be more localized in a different way or presenting themselves specifically in mama show we need to be aware of so yeah that's when we know a lot more to come great thank you Peter thank you Chair Tony just very briefly but first of all I probably don't want to take the plaudits as was maybe being suggested earlier to recognize I think what what's an excellent piece of work I think that's been I think that's with Mack Aitos and obviously Richard and Hannah but I think it's probably worth while we mentioning just echoing I guess Richard and Hannah brought this in front of strategic leadership team a few weeks ago I think the reaction and the response is very similar to your own chair and that of the committee I think this is an excellent piece of work it was unanimously supported I think it's the next stage of evolution I think in terms of our risk management arrangements I'm also particularly pleased in the way that the debate in the conversation took place SLT in the sense of really pushing back at immediate adoption and in fact that point of six to twelve twelve months leading because actually it's it's affording what is in fact the necessary time I think for us to be able to transition up into into those arrangements and make sure that they are using Richard's words properly and appropriately embedded I think the final point really is back to the action on the action log that I think Richard has talked well to and I think that there seems to be general comfort about bringing that report back in in July but clearly there'll be a piece there just in terms of being able to demonstrate back to the committee the arrangements I think rich probably take a second a second opportunity hand in hand with it to maybe take the policy now in its rewritten form and be able to actually apply that lens to it as well so it's maybe you know cutting our teeth you know with the new and updated policy on those identified corporate arrangements I think it's probably a really healthy thing to do up front okay thank you so let's look to conclude this matter if we turn our attention back to paragraph two recommendations it is a view of this committee that it recommends the policy for adoption by the council it is comfortable with these self-assessment results are set out within the body of his paper and it is comfortable with the proposed way to address the action tree and action list by by means of bringing forward a paper to his committee in July setting out relevant information so thank you one and all we will now move to the next item which is the internal audit plan at agenda item seven this paper being introduced by Jan Furtec our acting chief in ten Lordita Jan as per usual assume we've read the paper but draw out key points please thank you chair yes so this report aims to inform members of the governor's not a committee on the work to be undertaken by the intern lordit team at an operational level during the 24 25 financial year and I'm requesting that the committee review comment and approves this audit plan so the mission of intern lordit and the reason why we are here is to enhance and protect organizational value by providing risk based and objective assurance advice and insight we're an independent team we provide objective assurance and also consultant activities designed to add value and to improve the organization's operations we use a systematic approach to evaluate and improve the effectiveness of the risk management framework the control and governance processes within the council so the audit planning process takes into account all possible systems processes sections establishments that could be audited within mommasher this includes all services activities and functions which mommasher commissions and or delivers via a third party or via collaborative and partnership arrangements for the 24 25 audit plan the total number of available days amounted to 1300 that was based on five full-time equivalent auditors in the team for a full year we then take off an allowance for planned annual leave any sickness or estimated sickness training management time and admin time which is deducted and to give us our operational lordit days for the year so that calculation has left us with 813 operational days which we allocate across all service area director it's on a risk basis so the summary of that can be seen as appendix one in the report within this 813 days we also set aside 70 days for any special investigations where they could be allegations of fraud theft or bribery against employees of the organization and to also complete any reactive work as we need to if the intern lordit service was to complete a review of each of the service areas which would either due for audit or had not yet been audited and during that during the next financial year the resource required for the team would account would amount to around 2873 audit days therefore the audit plan has had to be risk assessed and prioritized to match the resource of the team chief officers and all heads of service were given the opportunity to contribute and to shape the audit plan the initial plan was provided to a meeting of the street leadership team along with chief officers in the departmental management teams to discuss and to refine a copy of the draft audit plan was also due to be presented to the meeting of the governance and audit committee on the 14th of march this year however as the meeting was cancelled a copy of the covering report and the audit plan was sent to all members via email as an opportunity to provide comment and to highlight any requests these have been taken account when devising the final version of the plan so there's a couple of key changes between the draft and the final audit plan these are highlighted within section 3.13 of the report and the majority of which were work in progress at the end of the flange leer which we didn't quite get over the line and to be issued as draft by the 31st of march it's important to highlight that this plan may change as the year progresses especially if the risk profile of our audit work changes it is intended that the audit plan remains fluid and will be dependent on any new priorities or risks emerge into the council so we can do reactive work as and when we need to this plan will therefore be reviewed quarterly by myself as the acting chief intern lordster and discuss regularly with the deputy chief executive and chief officer of resources and also the chair of the governance and audit committee as and why necessary if we do need to significantly change the audit plan that will be brought back to the committee for further approval consideration is given throughout the audit plan for the appropriate level of resources for intern lordit at mommasha came to council the current establishment of five members of staff remains just about adequate for the current level of assess risk although this will be considered as part of a later item on today's agenda it's worth noting that if there was any unplanned absences such as long-term sickness accomments prolonged investigations or prolonged reactive work undertaken this could significantly impact on the audit plan as cover is limited so the 24 25 audit plan is attached as appendix two to the report the audit jobs have been risk assessed and prioritized which matches to our available resource for the year we therefore have 47 audit opinion jobs and 25 non-opinion jobs incorporated into the plan and it is my opinion that this will be sufficient audit work and coverage to provide informed end-of-year audit opinion to committee this time next year so governance and audit committee are responsible as per the terms of reference of the committee to approve and monitor the intern lordit plan over the course of the year quarterly reports will be presented promptly by myself informing committee of the current progress against the approved plan the opinions issued issued an assembly of all unfavourable reports the committee's role is to hold officers to account and provide oversight of the audit process and the organizational system of internal control i therefore ask committee to approve the 24 25 audit plan and happy to answer any questions thank you Jan questions or comments please Martin thank you Jan it's very comprehensive as always one thing i don't get a flavour from from the the table of appendix two which lists the audits you have yes knows as the order to do and then you alongside the ones you have chosen there's a risk level of mediums and highs obviously no low level ones all the ones that are yes but you're not including i presume they are lower risk level and the ones you have included i presume that's right um is a good question um so in terms of the column with audit due so that's basically any area that either has not been audited or hasn't been audited within a five-year period we then risk assess each individual review to ensure that we concentrate on the jobs that need to be done within a year so um a good example could be second one on the list budgetary control capital that that would be a high risk review it is due there are a number of reasons why that has not been included within the audit plan for the current year um but it will be picked up most likely next year as part of the audit plan so there could be other ones like that it's all part of the risk assessment process thank you yeah and i figured there was more to it than meets the eye initially okay that that's helpful i'll come back to resources in a second but one thing you you you you you brought my attention to was powers 37 and 38 as you said they've got five whole-time equivalent stuff which adds up to 3,300 days and then you've said our allowance the lease signals training management admin is deducted and that brings us down to about 800 days so we lose 500 days or i don't know what's what the heck's that best part of it's over a third of our time it's a non-productive audit work and it'd be interesting how we talk about key performance indicators i thought that's not a particularly good place to be in i understand entirely staff we're entitled to leave and if staff are sick etc but that feels like a big big chunk of training management admin from our from our work i just i like to that the other question i was going to ask is around volume of work and the width versus depth and whether 72 jobs is too many jobs whether you can do more jobs or you do less jobs how long it takes but that's those kind of questions thanks John thank you Martin um yes in terms of your first point it does seem a lot of time um obviously annual leave is and bank holidays is statutory obligations we have to take that off and we have been quite frugal in terms of the calculation it all is all done scientifically in terms of um across the team to do this calculations we put in a nominal amount of sickness obviously we we don't know and hopefully none of my team will be sick over the next year um but we have to put in a nominal a figure on that obviously if there is um spare capacity during the year um sickness allocation has not been used up management time has not been used up admin time has not been used up um then members of the team can do potential and planned work and we add that back into the reactive time or we're a job has um overrun uh for whatever reasons it could be additional work required out on site then that can be used to offset some of that time as well in terms of your second question in terms of depth versus the number of audit jobs and that's part of our risk assessment um for each individual audit review so at the start of the year in that audit plan i put in a an estimate of time that we need available for each job so that's based on cumulative audit knowledge um that's not to say that a job might not overrun because i've put it down as 15 days and it might require 20 because of the level of depth that we need to go in to um during that review so each individual review is scoped we ensure that we cover all the high risk areas within that obviously if we had more time we could cover more areas and but we are trying to get as much audit worked and as much coverage across the council done with it with our resource thank you go to peter next please yeah thank you john um it's clear for me a report and and from your your answers that you've got a team who are dealing with a very heavy workload that you're only able to deal with with very careful planning um are you able to sort reassure us that your team are feeling positive about their work that they're not feeling overwhelmed by why that amount of work so that they're perhaps suffering from excessive levels of stress and anxiety because that in itself is is a risk um both from the point of view of our duty of care to our staff but also in terms of you know if we have those situations then people do start to go off sick and so on and then the NSA work doesn't get done things slip under the uh under the radar and and so on so i don't know if you could comment on the the general level of morale amongst your team yeah thank you for the question yeah so i'm not not going to lie audit work is is very challenging um the team are quite often put in quite uncomfortable situations especially when they go out on site um they have to ask a lot of questions that potentially sometimes are not welcome um and obviously deal and deal with that accordingly then especially if management disagree with the line of questioning or the recommendations which they then issue um so it is a difficult auditing is a difficult job um it's my role as um the manager of the team to ensure that the team uh um the team morale is is there that um members of staff feel supported when they when they do audit when they go out on site um i like to think that i support i support the team um and make sure that they they know they've got um got someone's got their back when they um when they go out and ask ask these questions um i'd like to say that the morale and the team is is quite good at the moment um and as we move on um i'm not not gonna say that let's say this it's a difficult job um and will the proof will be as staff remain happy staff remaining in work and issuing issuing audit reports yes just say thank you for that don't not make yourself a hostage support you now don't take take quick care and thanks for the clarity of answering and that little insight you you you've given us into the difficulties of of the nature of the job and uh certain circumstances i think many of us just don't appreciate unless we're reminded about it thank you yes that is the addition maybe um noting that there's an inherent tension between the order team the order term but generally orders are treated with respect for it Monmocha is that correct? yes that would be correct yeah great okay we'll go to Rod VNX Vince era Rod V please thanks thank you um just think in terms of forward planning uh yan at uh 4.7 it says about the global internal audit standards becoming mandatory in uh January um but that you um you're currently waiting for the guidance i was just wondered in terms of time skills in terms of you getting that guidance and what the likely impact would be in terms of your work schedule going forward okay thank you yeah so the latest that we've heard um should i believe as a starter last week was that there's still no decision that's been made on the if the public sector internal audit standards are going to be updated in light of the new global internal audit standards or whether the global internal audit standards will be implemented across the public sector in the UK the last i heard was that although the global standards are effective from the first of January it's likely that the public sector will have at least until the 31st of March and before they have to come on board with whatever standards are going to be put in place and whether but they're still considering whether the public sector standards themselves will be updated or we go on to the global standards so at the moment it's a wait and see um i don't think many heads of order quite happy with that we want to get going if we need to make changes we want to make them i know i've got a presentation down on the work program to give committee which we keep on pushing back there's no point in doing it until we know what we're what we're actually going to be playing with um so it is it is on our radar and we will look to implement as soon as we as soon as we know thank you Sarah please thanks chair a related question to peters i suspect and that chair knows that i've always said that strong audit is what and it enables an operational manager to sleep at night um i was concerned to see that in the in the audit plan a number of areas which had not been audited for some time or indeed in some cases ever um presumably because they were regarded as low risk but i'm just to what extent do you feel the team is is playing catch up on on previous years and things that have not been thoroughly audited previously i don't want to say that hasn't been thoroughly audited previously um it is just the volume of transactions the volume of areas that a council will and has to manage um we can't get across to everyone i mentioned that ideally we'd look at every area across a five-year period i think that is nayon impossible the the amount of actions that and the amount of teams across the council that would require some oversight and then this certain reviews that we want to do every year or every other year and some some of the fundamental financial systems like council tax um debt recovery we want to look at those more often than than other areas so unfortunately that means certain areas that are considered more lower risk would get pushed back and likewise the new duties that the council take on at the same time so some of the things that have never been audited it might because it's been a relatively new duty so we're waiting for a period of time for the service to embed themselves before we then come in and look at them so there's a number of reasons why an area might not have been audited um obviously we want to get across to everyone i'd love that column to say everyone's done within the five-year period in reality it's just not going to happen unless pete decides to give me an extra five or six months of staff but that's going to be for his decision yeah i think um i think yan's answered that well i mean i think the only supplementary add to it is um in probably describing the horrors of horizontals and the verticals of the organization so you know there's a nature of uh you know a variety of the uh audit work that's within uh the audit plan that i guess is cross-cutting um and you look to get those assurances around for example payroll um as has been you know a good example of um you know and that um allows us to to be able to get that sort of overarching sort of level of comfort um or at least where um inherently um you see those controls playing out through the organization um but by its very nature internal order is uh going back to i guess Richard's last item um you know it's an assessment of risk um on the basis of you know the best intelligence that you have at a moment in time and i guess even an internal audit plan and the one you see now um is iterative in that nature there may be risks that will materialize during the year and and it happens um you know what it work will switch out and in accordingly and that's the way it should operate um but yeah we um you know you're never going to get through a local authority uh a whole array of local authority services uh even in a five-year time frame um but we have we we do have wider business intelligence you know it's not it's not always an internal audit um that will give you a level of comfort uh with regards to robustness of arrangements within one service area to it to another um you know there's other lenses that are applied as well and again all of that feeds in to the construct of what you've got in front of you now thank you okay i'm not seeing any of the hands raised so we look to conclude by saying thank you for the paper very helpful and this committee approves the order planner set out we want to item eight item eight is the external QA of internal audit uh so back to you yarn please thank you chair yes the purpose of this report is to inform the committee of the external quality assessment EQA of the internal audit team which has been recently undertaken to ensure compliance to the public sector internal audit standards the public sector standards require internal audit teams to undergo an external quality assessment once every five years and they should be undertaken by a qualified independent reviewer from outside of the organization it was agreed by section 151 officers and the whilst chief auditors group that each local authority would complete an internal self-assessment which would be validated by an external reviewer from an independent council this approach was used for the last EQA which was completed um in may 2018 and has continued to be the approach undertaken across the public sector over the past couple of years it's important to note that the external assessment should have been completed by May 23 on basis of the five-year period from May 18 however due to the resignation of the previous chief intern-lord in April 23 and myself coming into post later that month it was agreed that this EQA would be delayed until quarter four of the 23 24 financial year to allow for an honest evaluation and validation process to take place so Monmasher's peer review was undertaken during quarter four and this was done by the acting into lord and manager who has the head of into lord at responsibilities at kafilly county borough council they are provided with all the self-assessment information associated documents and evidence as they saw fit um to request the results of the peer review assessment and the validation process can be seen as appendix one which is the final assessment report in summary the review confirmed that the Monmasher intern lord team generally conforms with the public sector intern lord standards and the areas of non-conformance would not considered to be significant there was one area of non or partial conformance and three actions required to strengthen the existing areas the area of non or partial conformance was that the EQA was delayed past its May 23 due date this was deemed minor by the assessor and not material to the overall assessment so the required action is to obviously complete the external assessment and ensure that this report is presented to the committee there are three areas for consideration which would help the team strengthen the team's conformance so it's amending the core principles of internal audit practice based on the new global standards which will be done as part of a review of the internal audit charter once we know these including a direct link and a direct reference for the local code of corporate governance within the audit charter so again that'll be completed when we review our audit charter later this year and to implement a standardized CPD recording process across the team which has already been implemented so we had implement we had identified these as areas for improvement within our self assessment and that was confirmed by the head of audit at kafili so that's our external report can be seen as appendix one and happy to answer any questions thank you Martin not an odd question but it's not observation I think it's a terrific outcome for you and the team Jan and I think generally conforms is such a a sentence which doesn't convey how good a report it is because there is no higher level than generally conforms it absolutely conforms is what it should say and I'm really pleased so congratulations you and your team yeah thank you and with clearly I would echo those remarks so it's a well done please pass on our gratitude and thanks to your team as well are there any more questions or comments no okay in that case we conclude by noting the various satisfactory reports many thanks okay item nine the implementation of internal audit of three recommendations back to you Jan please thank you chair yeah so my final report is the monitoring of implementation of recommendations issued during the 22-23 financial year so the purpose of this report is to show committee provide committee with an update on the progress the operational managers of it have made implementing these recommendations and to also confirm that this report has been presented previously to the council strategic leadership team so again a requirement to the public sector interlord standards is that we monitor and ensure that management actions or recommendations have been effectively implemented or that senior management have accepted any risks of not taking appropriate action so we conducted our follow-up work in January 24 we excluded one report which was issued with a limited audit opinion which was our lady in st michael's primary school due to the unfavorable opinion the school was subject to a formal follow-up audit visit which took place during march 24 so the results from the follow-up audit will be reported to the school chief order to answer the governance and order committee in due course during the next meeting but i can say that it was a more favorable opinion our approach to completing the follow-up work was based on the fact that all recommendations and action plans are for managers to implement within their agreed time scales so the most effective use of our resource was to contact managers to complete a self-assessment they provided the details as to the progress made and we reviewed the responses to ensure that senior management have taken the necessary action so overall during the 22 23 financial year we issued 82 recommendations and table one within the report provides a summary of the findings it's pleasing to note that overall 84 percent of recommendations had either been fully fully or partially implemented where they've been partially implemented um the details of the actions taken to date along with the revised implementation dates were provided by the manager and reviewed by the audit team and we were happy with the with those explanations there were eight recommendations which was stated as not yet being implemented the reasons for their delay was reviewed by the audit team and new target dates for implementation were confirmed were confirmed by managers as table two shows the majority of these were due to a timing issue we followed up in january of the eight five of them were due to be implemented by the 31st of march so that it was already entrained the actions were already being taken um the other actions which are delayed between june to december there are reasons why and were comfortable that those revised implementation dates are correct there was three recommendations where managers effectively decided to accept the risk associated with the original audit findings although it's disappointing to note that the recommendations will not be fully implemented we are of the opinion that the acceptance of these risks will not result in any undue risk being borne by the authority um this report as i mentioned has already been presented to a meeting of the council's strategic leadership team in february this year um chief officers are made aware of the recommendations outstanding within their portfolio and the chief executive has asked that all chief officers review the report and satisfy themselves that appropriate action is being taken by management especially where the risks have been accepted and that the chief officer was also comfortable to accept that risk in addition to management um so that's the report and happy to answer any questions okay thank you very much well i have any questions or comments for honest reports please okay no it looks like a clean bit of health clearly um if anything changes in terms of example the chief officers disagree with the view of their fairs um as direct reports please update us otherwise i think we can note those reports and be comforted by what's been set out there thank you once again we now move on to item 10 item 10 is the proposed future delivery model for internal audits and asked peter davis our chief deputy chief executive to introduce the paper over to you peter thank you chair um i think this has been a subject of ongoing reference for the benefit of the committee to understand how we're gonna look to consolidate and move forward with the internal audit service and given the former chief internal audit Andrew watson uh leaving probably about 12 months ago and committee will be aware that we were exploring conversations around a variety of potential collaborative endeavors and notwithstanding you know yan highlighted the interest earlier but yan has been working very closely with me and through variety of other conversations to look to develop a much more mature position and obviously a business case that looks to present a set of options and obviously a recommended option to move forward um undoubtedly i'm you know working on the basis that uh committee members have obviously read through the report and you'll see that uh the conclusion that is reached there um is for us to recommend that we remain actually in house but importantly to consolidate uh both the resources the skills and and the nature of the roles uh within the team um and that's uh as a consequence um and i think as the committee will will know um um i think uh it's been certainly a desire of mine and certainly the chairs as much as the committees to to make sure that uh you know we draw um swift conclusion uh in terms of the you know the way forward um the report i think has uh rep you know represented in in report form uh quite an awful lot of work that's gone through by way of discussions and and and looking through the detail and you understand i guess by the options assessed uh that those uh those aspects of uh looking at cost and independence and flexibility that each of those models obviously offers um some some of those options uh i think that we were exploring fell away quite quickly by way of the conversations that we sort of evolved um and um you know you even though that they uh stood on similar fair footing i guess in terms of their scoring um i think probably the most mature collaborative arrangement um and probably potential option for us in comparison to the in-house option was uh the regional intern lordit service that's uh currently in place um but we've you know engaged in a number of purposeful discussions with them uh around that and they've uh to their credit they've been very open in terms of sharing of detail and information booked in terms of structures and costs and the like um and for us to be able to assess and weigh and understand that uh against uh i guess the option that we're recommending to remain in-house um you'll see from the report that um uh in fact uh if we had been to entertain the regional intern lordit service that would have actually ended up costing us more um yes i understand uh there is invariably a point in terms of resilience which is what will come into play when whenever you look at any collaboration uh in all honesty um but i don't think that uh in fact outweighed uh i guess those other factors of cost uh and independence and flexibility is afforded by the in-house model i think it's important to note the experience that we've had um and mappy to put that on the record in terms of i think any you've seen it you know meeting on meeting in terms of you know what yan has uh look to achieve uh and to the i think the questions about the morale of the team uh earlier um i've uh um you know been very much uh in a place of having that straight talking discussion with the team and with yan um and i've welcomed the nature of them coming back to me uh quite early on in terms of informal feedback and that you know they're very very pleased um in terms of the trajectory they've taken and under um yan's uh leadership um but i don't i don't think i need to tell you that um i think you've seen that so um in the quality of the reports that are coming through um so naturally um and this is an important part i think of just you know i'm talking here publicly on live stream um you know i do want to thank um the regional internal audit service for the opportunity they've presented at this moment in time um and it's not to say that there is any door shut on any collaboration actually um you know you're going forward i think that would be sort of a naive statement to make i think uh yan as well as myself recognizes that the the world doesn't have a dynamic and changing place i think we all know that um but certainly i want to offer the team stability in order to consolidate off the back of what's been a really good first year under yan's leadership um but i've you know i've rightly had to uh demonstrate that through the um the business case and the report that's in front of you today um i think that the sensible decisions through both of us uh myself and yan and working with the team i think it's um it's been recognized the slight change of shape of the team's structure i think the need for a full-time equivalent chief intern in order to i think um is is is quite key um and i'm not gonna i don't think i'm gonna criticize the the previous arrangement where we shared one with new port um but i think by the the experience i think of or at least having the opportunity to be able to consolidate that more fully as as one full-time equivalent um i think given the environment that we're in nature of the debate today and in terms of you know um having somebody who's going to be able to offer that level of dedicated time in that senior role and that senior position and we've got to go through process uh in and around that um and that's the uh the interest you're showing um clearly at the outset of the meeting um but i think the fraud aspect is also very important as well in inherent within that um i think yan um and i think well i think we both knew and i think the committee knows that there's a need to um i'm not going to concern around our arrangements um i think i just want um an additional level of rigor in and around those arrangements and again given you know we talked about risk through this meeting you know and that's an area that all public bodies um you know are facing um into in terms of those inherent risks of of fraud as much as you have shan and kath uh come in to talk about cyber security you know there are areas that we have rightly invested in um in recent years to strengthen our capabilities and i think now is the right time to do the same uh in and around um our internal audit work so so yeah the report i think uh talks to itself um i'm really interested to just sort of get feedback from the committee um and to hopefully get the endorsement of the committee to sort of move in this direction and certainly for this uh this next period of time so thank you. Thanks very much peter we'll go to questions we'll start with tony please yes thank you chair um the two questions well i want to comment and to tell us a question 4.11 you've touched on the detachment of a shared service without your experience of the previous way we operated or was it a shared service or a shared person at that time the other question is um there's an indication that there's an increase in fraud um have you been able to identify where that fraud why has he increased where it's come from i noticed we've got detection regions to find it out but is this something pre-pandemic or post-pandemic just caused um a lot of work and things like that which might create fraud like i'm assuming it's fraud within the organization rather before the organization so in response to the first question um it was a shared post it wasn't it wasn't a collaboration in the fuller sense um even though i think you know a deepening of collaboration with newport um was one of the options that is obviously presented in the paper i think newport um and i think if um if mary and my my counterpart was here today i think he probably acknowledged one in the same they're in a they're in a different position to us as a result of um i think vacancies that they've suffered through a period of time they've looked to buy in from the market and i guess they're they were in a slightly different position in terms of understanding fundamentally what their next steps were i think in the way that we've been able to consolidate um you know over this last year we we we're in a different position really in in assessing our options um but um so yeah on that one and again to my only comment there's no criticism there in terms of what was there before um i think it's just the opportunity of time and for us to assess uh you know what what the most appropriate next step is um sorry remind me on the second question sorry fraud fraud yes regarding the preponderance or are you as a word preponderance it might be wrong of an increased level of fraud i find fraud prevention obviously is this something which has come from post-pandemic so i might be home working so yeah so i guess if we if we if we if we sit the pandemic very specifically when we talk about things like business grounds aside um then you know we've we've not we've not got a pattern uh of significant fraud um even even despite the fact that you know we've got good arrangements in place um the the increased incident of fraud is something that is being seen across public sector so um invariably we we would be complacent i think to just sit on our laurels of low levels of fraud and just be comfortable um with the arrangements that we have um so um you know it's the need now for us to establish now that um that more dedicated role and um you know that conceivably inform i guess me and yan and the committee and in terms of and in the similar way to what i just touched on and with cyber security um and how we've evolved that in recent years you know that will that will guide us again in terms of the next step of our journey any any other questions or comments Martin thank you thank you Peter i'm a little surprised i guess that it's cheaper to be in house than to join with other organizations and i think you inferred that that's because we pay less um pay less and the gradings in which they in which the way that they assimilate okay across uh because they they sit differently and in terms of with the regional internal audit service uh to us and um that leads to upward trajectory in terms of assimilation over okay so it's a combination of it's probably probably the latter more than the former i think isn't okay so i was thinking about the risk is clearly if there are other organizations which are paying more for services we won't have yan for long because he'll go and get more money somewhere else for example for example of course he wouldn't easy loves it here and the other thing about having a smaller team is the specialties and it doesn't it isn't directly addressed i don't think in the paper things like cyber and it's very specialist areas where we have that facility in household we have to go buy that in yeah i think um i think it's the extent that we need to determine as to whether that needs to be drawn in or it can be developed i guess inherently within the team um so also you know it's kind of a conversation to be worked through so for example if we take something like the shared resource service the SRS which you've you know had a level of exposure on in in the last cycle and i guess Torvine has got a level of experience in that and undertakes the internal audit work in that area so sometimes you know that answer is not not not not too far away in terms of being able to identify the means to achieve that thank you that i think i think that's helpful i'm i'm supportive of the paper i guess because it's a it's a reasons positioned to be in but it feels to be running against the way the world is moving in local governments where individual organizations can't afford the standard they've owned yet in this case we seem to be able to and the clearly works out to be the case i wonder whether there's a lot of coverage on committees and sharing across grant etc but that got hula quickly purely on in this isn't it yeah and i'll probably make note of because it's public our seat RCT stepped away from the regional internal audit service in recent months you know they all have done that for their own reasons and in in terms of i guess as i understand it a bit of a consolidation and focus in terms of their own their own internal governance because they felt that i think in the way that it's been described at least it's you know it's allowed them to come back to i guess that bit around flexibility and being able to you know be able to really clear in terms of where you direct your internal audit resource so it's just you know it's just worth to note that and then the other bit on collaboration is you know collaboration in all walks of life in public service needs to be very carefully thought through you do not just collaborate for the sake of collaboration it's got to be for the right reasons so yeah and any assessment it's got to be a thoughtful one okay um Phil please yeah i was pleased to see the enhanced structure particularly in the current climate um quite refreshing really to see a team enhanced rather than depleted so yeah i mean obviously you accept that if we lose somebody there's there's a problem within the team but that's life isn't it um but no i think it's i think it's the right proposal i was just going to touch Peter on on our CT because i understand their model was to move performance closer together with internal audit which i you know that seems a bit counterintuitive to me that you know internal audit you know can hold performance back and and then perhaps not not best place to be too close together so i'll see i mean three moments of experience of me that perhaps that's uh that's the answer for someone else but uh but it didn't seem sensible to me okay i'm not seeing any of our hands so a couple of comments and one question i think um thank you Peter for paper i'm grateful to officers for early sight of draft of this this paper and the opportunity to provide feedback um i think it's it's a very good well thought out paper and clearly they're supportive of the recommendation i think it was important for our people that is the staff and this committee that we give certainty in terms of what the target operating model was and come to a swift and very sensible conclusion so yet again thank you Peter for your hard work in pulling this together so i so clearly clearly the recommendations accepted my question is is around timetable and all next steps i think the paper will say onto that could you just give us some insight in terms of what the next steps are please yeah thank you chair just remind me it just allows me the opportunity to come back in because it was one important piece i forgot to mention which is that um as you naturally expect it part of a proper process there's been a level of staff consultation um you know this extended obviously beyond yan but with the rest of the team um really good feedback received um but you know again very supportive in terms of the direction of travel um but not in a way of it the the option that being chosen is of course the option of least change for such colleagues they have actually come back in with very constructive uh comment i guess and in terms of how this can actually look to um put uh the internal audit service on stronger footing going forward um so that's that that's just good to acknowledge um so we've so we've already been through that uh hurdle back to your point on timeline uh so that's cleared so on the basis of um an endorsement uh today uh by the governance and audit committee we will be almost immediately looking to uh to to make move therefore um i'm looking to try and streamline uh the process uh as uh as much as i'm able to but obviously in in office offering fair opportunity i guess for the for the roles that are obviously um brought forward as part of the process um so you know i wouldn't want to get oh touch wood uh i wouldn't want to get passed um and the summer really uh with us um not having this uh or implemented in through okay that sounds positive thank you very much so clearly you have a committee's endorsement and look forward to an update in terms of when it's actually been implemented thank you once again we'll now move on to item 12 item 12 is the reformatted uh committee forward work plan may i just pass my thanks to wendy and i think Cheryl for the work they've um they've been involved with in terms of developing it i was content of the content uh but were there any questions or comments members no we'll then move on to the minutes of a previous meeting yet again i've reviewed vv's and they have no particular comments or questions but may look to members for their views happy to approve okay we will we will we will approve those minutes thank you and the final um the big part i shouldn't just confirmed we've already addressed item 11 so so at the top end of this meeting the final then that is to confirm the date of next meeting hopefully this new diary is 6th of June and think that concludes this committee meeting so thank you one and all [BLANK_AUDIO]
Transcript
Okay. We will now move to item three public open form. May I just check Tony? Your mic is on. Did you wish to speak? Okay. Public open form. This is the opportunity for members of public to address the committee to raise any concerns or relevant matters. Wendy, have we any members of public who wish to address this? That no chair. Okay. In which case we will move on to the action list. There's four actions in the action list. We'll start as this tradition with the first one and that's in relation to a paper, possibly an informal paper on finance team capacity. Members will be aware this is a long outstanding paper. So I can see John Davis head of finances on the lines. John, can we kindly give an update in terms of where we are of this paper, please? Yeah, afternoon, everyone. And thanks, Chair. Yeah, I think I communicated via email over the past week or so that the paper is near and completion. It's not a paper that is going to come in front of the committee as a report as such. So this is very much an operational paper that outlines the changes required to the finance structure. It's, as I say, near and completion. So I'll hopefully be able to share that with yourself. Chair, at the same time as it goes across to Peter has in his role as chief officer for resources to be able to consider and sign that off in the Peter's role. So yeah, hoping to be shared this week. It's near and completion. It doesn't mean an easy one because it encapsulates quite a few temporary arrangements that we've had in place. So just needed to bottom those out before bringing that forward as a final version. Hopefully that gives us an update. So John, thanks for the update. We did discuss it. We're at the pre-meter week or so ago. Given how long it's taken to see the light of day, I did strongly indicate that I'd want to pay per bike end of this month, which is effectively tomorrow. So I would like it. Water and all tomorrow, please. Are you happy to do that? I'll work towards that, Chair. I'll take a look through and hopefully share something at the same time that is sent over to Peter. Thank you. Much appreciated. Okay, we've gone to the actions. Actions 2 is not due until next month. I'm not going to go to MAT unless he signals that he wishes to update this point, but I look forward to seeing that paper at next month's committee. Item 3 is included within Richard Jones' excellent paper on risk management and item. What is it? It's fair. Item 6, conceived of looking. So what I'm going to ask Peter Davis to provide an update unless he wishes to at this stage and similarly item 4, that's not due until late in the year. So no update of this point is required. If we could then move on to item 5. Item 5 is the Audit Wales Program Council Board of Wales Work Program Council Progress Update. And I believe this item is going to be introduced initially by Hannah Carter Performance Analyst. So Hannah, over to you, please. Thank you, Chair. Yeah, so today we have the Audit Wales Work Program Progress Update for members to review. This is a six-monthly report that was last presented to the committee back in October. So this report provides an update on the progress being made by the Council in implementing the findings of Audit Wales reviews. This includes both local and national studies published by Audit Wales. So for our local studies, recommendations that we deem require further attention are marked as open. And then when a recommendation has been assessed as been adequately addressed, it's marked as closed and an explanation might be provided. So the local reviews currently marked as open can be found in Appendix 1. These include a review into financial sustainability and also a review into asset and workforce management. As well as these local studies, Audit Wales also publish national studies. And whilst the findings of these studies may not always be specific to Monma Shaw or necessarily pertinent, we do share these with the most appropriate service area to consider their findings and recommendations and to respond accordingly. And the Council's management response to national studies can be found in Appendix 2. There's been just one national study published since the last update provided to the committee, and this is into regeneration of Brownfield sites. Something to note for the committee is that the management response template for our national studies has been adjusted very slightly to include a responsibility holder and time scale. And this is to ensure alignment with Audit Wales's organisational response forms that we are required to complete following these national studies. The committee is asked to scrutinise the Council's response to the Audit Wales work program and seek assurance that adequate progress is being made. And they are also able to refer any issues contained within the national studies for other committees to consider where they identify their findings that may require some further scrutiny. And I'm happy to take any questions that you may have from the report. Okay, thank you, Hannah. Let's go to members first for questions and comments. Martin. Thank you, Chair. Thank you, Hannah. It's a helpful report. If I write your reading this, these are only the Open Audit Wales recommendations, so there are some which have been closed. It would be helpful, not for this time, but for in future, just a brief summary of the ones that have been done just so we understand what action has been done to make sure we've closed that off happily. Specifically then, on the appendix one that's here today, and the finance proposals, the bottom one and the finance proposals on page six of the paper talks about robust details, review of plan savings brought forward to ensure impact on service deliveries mitigated where possible. And it says March 24. That's so, I presume that hasn't yet happened, always in progress. Yes, so this is referring to setting a balanced budget, which was then done in March 24. That's why it's not as much 24. So that action has been done. Ah, but it's because it's part of a bigger overall action, which has the opening of that way, it's a looping. Okay, that's really helpful. A couple of other places, however, where the actions are marked as ongoing. How on earth do we ever close off an ongoing action? Yes, I think that's the first point. I have closed actions as well. It's going to be helpful and I'll come on to the ongoing one. In terms of close, there aren't any actually within this report that close, but it's to say when we close an action, we will also include a rationale for closing it within this report. And also, I know all the way else colleagues on the call are planning further follow up work on closed actions as well. So that may help the committee and certainly help as an organisation. In terms of ongoing, I think it's a fair challenge. I think some of the nature of the actions is, Hannah's just sorry. Hannah's just pardon me. As Hannah's just described, we'll have a specific end date, so we'll set the budget on a certain date and we can see the actions closed. Some of the things we're doing are looking at ongoing incremental improvements to how we deliver in services. So, the one in front of me around the asset management plan has now been put in place. Within that, there are a range of actions and activities that will set out different milestones and measures which they want to deliver. It's difficult for us in one paper to wrap all those up at a headline level, too. But I think it is a fair challenge and something I think we'll take back to when we're working with service areas we respond to these, try and pin down clear timescale. So both we and you can hold them to account for delivery and I'm sure what it was, Connie, to say the same. Thank you, Richard. That's really helpful. What I don't want to do is force officers into setting realistic deadlines to get things done. So I'd like them to think about these things. And if it is complex, it is going to take a while, let's be honest and say it'll take a year, it'll take however long it takes. But I hate ongoing because you can never close it off, Connie. Thank you. Any other questions or comments, please? Okay. Before I turn to order Wales for various views on this paper, just to please say I didn't see you. With regard to the empty land and buildings piece, I'd note the response. I mean, we don't have the same issues in Momshire that a lot of authorities have do. And I know that officers are aware of where the brownfield sites are and what they are. And of course, it's great that the authority is sort of putting its own house in order first through the asset strategy. But I wondered whether we are actually meeting the challenge of being given with the audit Wales to be ambitious and interventionist and whether the sites that are around the county, are we aware of which collectively as an authority and being aware that that's very much cross departmental, are we identified those sites which are not coming forward in the normal, through the normal course of things, through the LDP or through anything else, and where the authority may need to intervene to avoid that site becoming a continuing beat to be a blight. I mean, I'm sure we can all identify a few around the county which are where there are ice walls where nothing appears to be happening. I think it's difficult for us to answer that when no sponsor of the service here, I think in bringing the paper forward with the committee, there's probably two roles. You've got one is a show on yourself around the initial response. The second one is if you think there are elements here that could be followed up in more detail, that could be something, for example, you refer on to a scrutiny committee, for example, to look at where this, obviously, I know the planning policy and the local development plan, for example, it is already part of the work program. Secondly, and more specifically, we can take that question away in us for the service here to provide a return response. So, I believe it to the committee to decide what further action I'd take, but I'm happy to take the specific question back to you. Thank you, Richard. Thank you, Sarah. You made some important points there. How do you wish to play it? We can ask the officers to come back to us with a fair update, or we could refer to scrutiny, or even potentially ask a relevant officer to attend this committee, albeit I'm not very keen at that last option. Have any thoughts, please, Sarah? Perhaps to identify whether we have a list, as an authority, do we have a list of the brownfield sites in the county and the sites in need for regeneration, and are we aware of the current status of those? I'm sure Phil will know more than I do. Phil, please, quite honestly, Chair, that's one for the replacement local development plan, which is due to P&M's by cabinet in September. So, I think Sarah would probably be better waiting until she gets that, because whatever there is at the moment could well change by then. Tony. Yeah, thank you, Chair. Page 11 on your report, I won't read all of it, but it says, this is the Council House, and can this directly involve communities in its development of the county, where you engage the stakeholders throughout the development of the replacement local development plan, et cetera. I won't read all the paragraph. I think that Yann knows what I'm coming from. Can you assure me that there will be that continued and regular involvement of communities rather than just righted down on you? I think, well, the response is given by the head of planning, placemaking, highways, it's a long title, highways, and flooding and regeneration manager. So, that's what they've committed to do in the response. I can't personally respond to that, Chair, but again, we can ask you if there's a specific question for the officer to respond. Yeah, so I do have some sympathies with Richard's view. So, Tony, I don't know if it's best asking that question directly to the officer outside of his forum, but if you're not satisfied, please bring it back, because it is related to the points within this paper. Yes, they've got concerns, yes. Okay, thank you, Tony. I kind of check, Sarah. Are you happy to wait to see the LDP in September? I am. Yes, thank you, Chair. I think that's an excellent suggestion from them. Okay, thank you. Just a few comments from me back to the finance proposals. Clearly, a critical set of actions here, and, you know, we have, as a committee, asked to be engaged in the development of a financial strategy, and I do note that the financial strategies on the agenda for our meeting next month, and I'm sure that that will come forward as appropriate, which is really, really important, and certainly sort of the scale of the action set out here, and what the outcome actually desired is pretty significant and critical to the continuing the viability of this organisation. So, look forward to seeing that, and also looking forward to seeing these actions closed out. Before concluding, may I just turn to Gareth Lucy and Jason Williams for their comments in terms of the adequacy of the Council's response, please. Thank you, Chair. Yes, obviously, a lot of these comments relate to historical reports and outputs that we've made. So, you know, we maintain a contact with Council officers in terms of those responses, you know, and carry out a range of follow-up work as well as appropriate. So, you know, that work then provides us with the assurance we need that those are being taken forward. So, I want to use a combination of that ongoing dialogue and the follow-up work that will provide assurances in the Chair. Great. Okay, I take that, but you are broadly comfortable with what's said out. That is, there are no further contour indications. Thank you, Gareth. As I mentioned at the pre-meet, we will now move to item 11. Item 11 is the Ordes Wales Performance Data Review, and I'll turn initially to Gareth Lucy to introduce the item. I think Jason Williams will then provide a bit more detail, and then turn to members for questions and comments. So, back to you, Gareth, please. Thank you very much, Chair, and good afternoon, everyone. Just to introduce myself, my name is Gareth Lucy. I'm the Engagement Director with Responsibility for Delivery, of all audit work here at Momshire County Council. I've recently taken over from Anthony Ville, who has previously held the role. So, just to introduce this work, first of all, before I introduce my colleague, Jason, into to talk through some of the detail of the findings. So, this is a report on the Council's use of service users of perspectives and consideration of outcomes when it comes to its performance information. This is a piece of work that we've performed across all 22 local authorities in Wales. So, isn't a local audit risk that we've identified as such. This is a piece of thematic work that we've carried out all across the country, this report therefore forms the local output of that work for Momshire. We got 21 other reports similarly being presented elsewhere across Wales, too. It's worth flagging up at this stage that this is a report focusing on the use of service user perspectives and outcomes within performance information. So, this isn't a wider review of the Council's use of performance information, so its processes or its performance in that area. This is looking at a specific element of that. So, I just asked members to bear that in mind as they consider the findings of this report. Hopefully, everyone's had a chance to read the report in detail to see the main findings coming out of it. You'll also see after the report in the agenda PAC, the Council have also completed our organisational response form on page 1, 2, 3 of the PAC. That summarizes the Council's response to the recommendations that we've raised in the report as well. Although Jason will come on to those in a little more detail now, fundamentally, we're satisfied at this stage around the content and sufficiency of that response from the Council as well. So, with that all summarized here, I'll hand over to Jason now, we'll come up through some of the details of the report, and then hopefully, we can hand over to a Council officer then for a response in terms of their response to our report. Thank you very much. Yeah, I'm Jason Williams, senior officer with Audit Wales. I've been working on this particular review, amongst others, and just to follow on from what Gareth has said, we carried out this review to answer the key question, which was, does the Council's performance data enable senior leaders to understand the service user perspective and the outcomes of its activities to effectively manage its performance? We explored the performance information that provided the senior leaders on the perspective of service users, the information on the outcomes of the Council's activities and arrangements to ensure that the data provided is correct. The overall finding that we came to within the report, and this is all detailed within the report, and I'll just pull a little bits out as we go along, but the overall finding was that the Council provides some performance information to enable senior leaders to understand the perspective of service users, but informational outcomes was limited in restricting the ability to manage performance effectively. The reviews findings then, which fed into that overall finding, were as follows. So performance information provided to senior leaders includes some information, but it does not enable them to get a comprehensive understanding of the service user perspectives. We did find some examples of performance information, which would help senior leaders understand the perspective of service users, but overall we found the information on the perspective of service users did not enable senior leaders to get a comprehensive understanding of how well services and policies are meeting the needs of service users, particularly given the breadth of services are provided. Our next finding was regards to the performance information provided the senior leaders to help them understand the outcomes of the Council's activities as being limited. So we found some information about outcomes. Much of the information in the Council's report is based upon outputs, however, and quantitative measures with limited evaluation of those outcomes and the outcomes of the actions. Our next finding was around the Council has limited arrangements to ensure performance data. Reflecting the service user's perspective and the outcomes is accurate. The Council has limited arrangements in place to routinely check the accuracy and quality of data and performance information. There were things such as performance measures guidance, which we looked through in the principles and of development and checking performance measures. We looked at performance team and take sense checks and in consideration we found that inaccuracies with performance information may not be identified if anomalies were not noted. So another one of the points was that there has been no data quality orders that we had seen in the past four years and as the Council has limited arrangements, therefore, to assure itself that the service user perspective and outcomes data is accurate, there was then deemed the risk that performance information presented to senior leaders may therefore be inaccurate. Our next finding. As information provided on outcomes is limited, the extent to which the Council can use this information to help it achieve its outcomes is also limited. Some performance information to enable senior leaders were found to understand the perspective of service users, but information on outcomes was found to be limited and where we did find examples of the Council providing information, we found some examples of the Council then using that information and making changes. The next finding was that the Council recognised that it needs to strengthen the quality and range of information available to it. The Council has set new objectives in its community and corporate plan with a focus on developing more localized data to better understand the lived experiences of its residents, so that was stated. It will be important for the Council to benchmark and compare its performance arrangements, however, for collecting and reporting on outcomes and service user perspectives with other organisations. So having gone through that, coming to the final overall rather conclusion and finding, we came up with three recommendations, which I'll just summarize as in. The first was about the Council should strengthen the information it provides to its senior leaders. The second was that the Council should strengthen the information provided to senior leaders to help them understand the impact of its services and that's with regards to outcomes and then the third was the Council needs to assure itself that it has robust arrangements in place to check the quality and accuracy of the service user perspective and outcomes data provides to senior leaders. That report was produced, agreed, it's been agreed with Council and it has been submitted with an ORF, an organisational response form. As was mentioned by Gareth, that's been returned to us and our conclusion in that is that the Council's response to findings together with their planned actions was deemed sufficient and appropriate and that's basically it from, I believe, thank you. So thank you, Gareth, thank you, Jason, really, really helpful introduction. From my perspective, a very important paper and indeed it's a real challenge, not only from on the shy bet, but for other local authorities in order to sort of address a number of these recommendations. So before going to members, I note that a number of these actions, Citry of Richard Jones, Performance and Data Insight Manager, as well as with Matt Gaethaus. Richard, did you want to say anything at this stage in terms of your confidence in delivering those actions, please? Yes, Chair, I think overall again, thank you for the audit, Will's work on this. It is timely, as mentioned, flipping the input from Jason, we set the community called Brown, looking at developing our outcomes of this piece of work from what it well is to inform that. It's helpful, I think, what I'd give some assurance to members is that we have some arrangements in place and we have performance monitoring reporting in place, we have a performance management framework in place and we have regular timetable of work plans to report those in. I think what the report challenges on is strengthening that to focus on outcomes in the services perspective. Some of those things we have in place, I think the report cites some of those examples around things like our self-reloration report, things like our directors reports coming from chief officer in social care health and chief officer's children and people, but nonetheless, as our management response covers, we're looking to strengthen those arrangements in the coming months and years ahead. So, in terms of the key actions, there's a couple of key things we're looking to do. Firstly, is strengthening the measures within the community and corporate plan to try and make sure there's focus on outcomes and the service use of respect as they can be recognizing that no one number alone will fully reflect that and actually, I think as we've talked to this committee for about our self-assessment arrangements, bringing a wide range of evidence to support our self-assessment will be important and that won't just be quantitative evidence that will be qualitative as well and sometimes that will take a while to develop review, evaluate and bring that forward which is partly linked to one of our key second actions for both the first two recommendations and working with service areas to strengthen their own information gathering and assessment through their service plans as well because it's that that then for feet and vocal but reporting and the service areas are the ones closest to the service uses and the outcomes where they're being delivered as well, but again, just to reiterate, there are arrangements in place for that and we do have good examples where that's in place nonetheless, it's about making sure that practice is even and consistent across our range of services as well and the final action there that links to our self-assessment arrangements which I've already covered and then finally around the third recommendation around the quality and accuracy or information again, Jason, hopefully we'll do some of the arrangements we have in place in terms of, you know, providing that assurance to ourselves around do we have robust arrangements to check, to check quality sure performance data, I think a big part of it for us is it's not looking just at the name and point check but looking at data for its life cycle, so looking at when data is first, when it's first entered, how it's stored, how it's exported, how it's exported, rather dated and reported and you know, I think the way we're looking at our actions takes forward around the data material assessment, it's looking at across that whole life cycle including some of the processes we have in place to do some of those end-point checks and part of that, you know, I've spoken to Jan as well in terms of the work that we can jointly do within an audit, the strength and some of those arrangements as well, so that's a brief overview and confidence in terms of where we go next and I'll see a report on that committee, I don't know, Chief, if Matt wanted to add anything. I think there was a sort of fairly comprehensive initiative input from Rich and also just your chair as needed to pick up any subsequent questions from the committee. Great, thanks both, so I'll have two members for questions and comments, either towards Wales or to officers. Only a quick one, Chair, just a bit of clarification really, on a general point. All these Wales, in particular, there's various references to effectively or what appears to be effectively accepting the reports that have provided to senior managers as being correct if they're doing a financial audit, that the information provided by officers and internal audit is correct and then there's a heavy reliance upon us getting what we give out that they look at being correct. So my question is, what tests go on on that? You know, are we actually hanging ourselves when perhaps we shouldn't have done? You know, this general question about how the effectiveness is worked through. Thank you. So I think that's essentially a question about data accuracy and integrity. Richard, do you want to go with the answering right, please? Yeah, thanks. Thanks, Councillor MURPHY. It's a good point. Again, I think, probably look, it's a different area's responsibility and then at each point those are different areas in essence of check. So we take performance data as a line in this report, so obviously we'll have a responsibility holder in the service area who will be generated in producing that performance data. Part of our response round data maturity is making sure that they have the skill support awareness they need when they're producing the data to think of it through that lifecycle. So has it been entered correctly? Are they validating it before then they pass it on to be used in the next chain in the cycle? As you describe, the next part of that in terms of if I looked safely at the arrangements having place with a community and corporate plan performance measures, which are important to us because they are our headline measures of our objectives as an organisation, we have, as described in the report, definitions, proformers in place, which would calculate things like variants. We'll ensure that the officer providing information is signing off that they're happy it's accurate. If there are variants, it's like that we as a team will act as a potential another check in that process to test then why is something varied? Have you had a changing process? Have you changed your system? Has the performance gone up or down that much? Why? And that's another check in the line. And obviously we then report through two committees as well, who at the end point have a scrutiny challenge role. I know in using with the response to report with into an audit colleagues of our new into an audit part of their work programme, we're required or we're on a risk basis to be important also to test out some of the performance data and data arrangements services have in place. So I think it's we have a process in place but for me it's not just the process, it's making sure that the culture, the skills are embedded within that and that's where I think our response will help working as a performance team and in these and with the with all the colleagues as well as our whole system. Thanks for that which obviously a lot of care taken there but can I just turn the question on on audit Wales then please and just see what their perspective is on that. Do you want to repeat your question for Ben for Wales? Basically even though you have acknowledged the amount of care which is taken in preparing reports and the information provided to you, what checks do you carry out to make sure that that is in fact the case? Yeah thank you Chair and thanks to the Councillor for the question. Yes ultimately this is kind of the skill of the job ultimately as an auditor is to assess the data that's put in front of you and come to a conclusion as to whether it's something that can be relied upon or whether further work needs to be done and if further work needs to be done what that work therefore is. So some professional skepticism is really what underpins the work that we do. It's really just carrying that mindset forward to review every piece of information we get be that for auditing the accounts or for a piece of performance audit work and constantly assessing whether that is a viable and accurate piece of information and sometimes that's more straightforward than others. So sometimes it's externally verifiable, sometimes we may need to stop colleagues who may have greater knowledge and assurances in this area, sometimes it's as simple as just asking through the questions of the person who's provided it and getting assurances that way. There's no set of approach ultimately but I suppose just please be assured from our part that this is something that underpins all of the work that we do, that we're never taking anything at face value and as an external auditor's we have to question what we're provided at all times. That was the anticipated response, thank you for that. Okay thank you Gareth. Have any Martin please. Thank you Chair. I guess this is which is this is probably view in the recommendation responses. As you mentioned the recommendation is one-on-two, there's a bullet that says support service managers to strengthen the use of evidence. How are we going to do that? Is that going to be a training courses, training people how to use data? What does support service managers actually look like? Yeah I think it'll be a range of things. So for example, Anne and I are responsible set up service business plan process as part of that. We have a range of guidance training materials that we'll provide managers with either generally offered or offered on a support or need basis and we'll be developing some new retailers part of that. So for example we'll be looking at doing some video recordings so we can have training available. We'll make people that hold in a specific session and also that will be part of then we're part of the various networks and performance networks. We may draw in specific training courses or support as available as well. So we've got a suite available I think the challenge and audit way as a report is a welcome moment in terms of that focus on impact. It's something we identified in our self-assessment process as well. So yeah there'll be a great emphasis now as we move in the next few months into through the service business planning to focus on training and supporting managers around ourselves more so than we currently do. That's really helpful thank you. Sarah next please. Thank you Chair. I think Melty has asked one of the questions I was going to ask. This is a really welcome challenge and very much echoes. I know what I know is the the administration's commitment to put the citizen experience at the centre of everything the council does and to use data robustly. I will also go to ask about the the training and so on but I'd like to ask audit Wales is really how do we compare to other authorities in that. Perhaps this is not something you could answer in this but I know that we're always ready to learn from good practice elsewhere. Thank you. Are you able to answer that Gareth? Yes yes absolutely and thanks again for the question. I think this is the really useful thing about performing these thematic pieces of work across all of the 22 councils as it allows us to compare also allows council officers to compare contrast, share and learn and ultimately that's what we're hoping for from this piece of work is it'll it'll act as that catalyst for discussion and sharing. Ultimately the I think the conclusions we've drawn here are fairly consistent with what we've seen elsewhere. Again wouldn't want to sort of pre-empt any other reports which may still be going through this process but they'll all be findable on our website later on anyway but it's fairly consistent. I think we found these sort of general themes of potential improvements that could be made in terms of enhancing the perspective of the service user and outcomes as part of performance management data. So I think the findings that we have here are certainly not unique. We certainly have seen similar themes elsewhere and what we'd hope now is let me say councils could get together, share information and learn from that but I suppose just as that final piece of reassurance you know what you see here is not more much of being an agglaya. I'd say this is very much part of being one of the past clearly and it's just a matter of now the steps from here to further that improvement journey. Okay thank you helpful Richard we'd like to come in there please. Just to add and thank Harris for that helpful explanation just to reassure the council that we're also part of network with performance colleagues across other organisations particularly through the WLGA and as we look to develop out our use of outcome measures we're looking and we're networking with them in terms of other practice we can we can learn from and share. Audrey please. Thanks Chair. It was only a quick one for Richard I was just thinking in terms of going forward. I just wanted to double check you don't actually get to name them but have you identified the service areas that are going to need additional support in doing that the outcomes, evidence in the outcomes and where they may need additional training. Yeah and I think we're all going to look to be more targeted so as part of our service business planning process we do a quality assurance process. I say we kind of largely largely leads that and a hand is in a piece of work to review all all 50 of our service business plans looking at the quality of the different areas and where those who perhaps need more support in different areas not just self-assessment but on things like risk for example others we'll we'll be more targeted using that information we've got to focus on certain areas and supporting them to strengthen the arrangements initially but really equally there will be an offer open for anyone within the organisation who wish to take it up as well. Okay, you're not seeing any of our hands raised so let's conclude this matter. May once again thank you, thanks, extend our thanks to Gareth and Jason for her contributions please feel free to stay but also please feel free to to leave as you as a dean for it. Many thanks. Thank you, Jane. Okay we'll move back to item six which is the Risk and Management paper. I think this paper is going to be introduced by Richard Jones, Performance Data and Insight Manager and Hannah Carter. I understand there's going to be a presentation, I don't know which all you want to take it but maybe is the presentation first or do you want to introduce this paper which is easiest for you Richard? Okay, if I introduce it and I hand over to Hannah who will share a screen on the call for everyone just to talk through a bit more detail about the changes and updates to the Risk Management Policy were proposed as part of the paper. So yeah thank you that chair. So there's two main parts to paper before you view to the committee. First of these to seek your feedback on our proposed revisions to the Strategic Risk Management Policy which just said Hannah will talk you through shortly and the second is to provide you with our own assessment of our implementation of our current Risk Management Framework and also to provide you with an overview of our current student risk facing the organization which I would be familiar with is part of our regular six-monthly reporting to you as a committee. Just briefly provide a little bit more context on some of those parts we'll hand over to Hannah. So in terms of the update to the Strategic Risk Management Policy to have a little to remind you why we've undertaken it now both in terms of our own self-assessment arrangements, the feedback from this committee and the feedback from interlord and our general desire to strengthen risk management and the organization's sort of led us to complete the review before you today and obviously the evidence feedback from all all those sources including yourselves has been considered as part of the policy. So thank you for your challenge and support in it. It's so far welcome anything further today. I think it's going to emphasize that the policy review has largely built upon arrangements we have in place. It's not looking at radically changing the basis and foundation we've got which I think it's worked as it's looking at strengthening and developing on our arrangements through the policy and we've presented three parts to pre-part to you tonight today. Firstly the policy itself secondly the risk appetite statement which obviously a key development within the policy and thirdly we thought it was helpful just to attach the sporting risk guidance as well and this is one of those as I mentioned earlier one of those many guidance documents we have in place to support services to actually implement some of our policies and in this case this supports the supports of guidance. This supports the policy sorry but as it's guidance it's not you know formally part of it but we thought it would be helpful to share with you as part of your scrutiny. The second part is our effectiveness of our assessment of our effectiveness of current student risks. Again this is building upon I think the last assessment review which was in February one of key updates just to bring your attention to which we factored in is we've had the conclusion of the internal audit review of our risk management arrangements which we we've considered as part of this assessment and then that gave a reasonable assurance rating you know with some areas of strengths and some areas of development and lots of which have we've embedded within the proposed revisions to the to the policy and then final part is to provide you with an overview of our risk register. So the main update changes to risk level summary of the key mitigating actions that have taken place that have been delivered or behind schedule in some cases in the last in the last six months since the last brought to you and as as you're familiar with now the responsibility to scrutinize the actual fall detail the risk register will go to performance and overview scrutiny committee in May and the the fall register will then also represent its cabinet to be be endorsed in in June. Finally today I don't know if you're going to cover the action points on the work role now would you want to come back to that? Coors just become back then because there's a lot here which need to to unpick it so finish the introduction and then go back please. I'm going to do a guide you through the policy changes. I'll just share my screen and we have a short presentation to go through so hopefully everyone can see that. Yes. So Richard has just covered these main points why we've done the the review and the role of the committee and so if I just go through some key changes so firstly we've looked to expand the description and introduction of wider risk management arrangements that the council has in place and so this has helped us to link to tedious management with the wider arrangements and then also to provide an additional level of assurance to both officers and members and that the arrangements that we have in place are wide ranging and also robust. Secondly we've looked to adopt the three lines model which is derived from the UK government's orange book on risk management and so this has helped us to more clearly define the responsibilities for risk management including the separation of risk management and overseeing the risk management process and this will help us to delegate and coordinate risk management roles within the organization. Next is the introduction of horizon scanning into a policy so I'm sure you all know when identifying risks there's a need to look at both what's currently happening but also what is going to happen and so we will use this horizon scanning model to produce sorry risk radar report on an annual basis and this will outline potential risks that may impact more mature overcoming years so this will help us to identify key uncertainties and challenges that may affect our organizations objectives and operations and thus help us strengthen our risk identification arrangements. Next is the introduction of direct risk registers so these will help us to track and manage the most significant risks facing each director. We currently have over 50 service business plans and these all feed into our singles treated risk register and so these direct at risk registers will essentially form a middle man between these two and sit between them and help us strengthen our escalation de-escalation and risk identification process and will also help the directorates in facilitating more robust and often discussion of risk. Next is our risk monitoring reporting so we have worked to further define our risk monitoring and reporting arrangements and this includes setting out how each element of the risk monitoring process should monitor and manage risks and how these all link together and we've also worked to outline our reporting arrangements on risk management including the role of this committee in overseeing the effectiveness sorry of risk management process and the last significant change we want to highlight is our risk appetite statement so we have worked further to define the organization's risk appetite through setting a risk appetite statement and we set a risk appetite range for various categories of risk based on organizational activity so this includes Chijic, financial and environmental etc. The risk appetite range is from a lower limit of a verse to an upper limit of eager and we've gone for this risk appetite range model to allow for differing risk appetite to be applied to different activity that may be contained with the same risk category. This risk appetite statement will set separately to the risk management policy and this is to allow for more regular review and update to ensure it remains relevant and appropriate and so that's it for the key changes that we wanted to highlight in terms of the next steps for this policy and following consideration of feedback from this committee the policy will be presented to cabinet in June for formal approval and following cabinet approval we will work to embed the proposed changes and strengthening arrangements that are currently in place as part of a phase introduction and work with officers to embed this policy. Thank you. Okay thank you Hannah. Let's go back to Richard. Richard is going to pick up fee and pick up and cross reference to action three in the action list and highlight how we go into how this is going to be addressed back to you Richard. Yes thank you Jim. Yeah so so your action list contains an action around which corporate risk control policies is committee you should review. So we've considered this as part of the review of the policy as Hannah just outlined we identified under section 2.3 of the risk management policy other arrangement which are integral to managing and are part of student risks. So these are health and safety emergency planning, insurance, finance, internet audit, information governance and cyber security some of which I know you already have oversight of a committee others maybe you haven't had as much or or any site of it in your forward work program so far. So our proposal is as they are embedded in our link to our student risk management policy we think they're appropriate and logical that the committee has oversight of them. We've proposed in that as each arrangement each of those arrangements has different arrangements in place. It's important they're considered each individually and in context of the various governance and accountability arrangements they have but as a first step in your oversight to that we've proposed an in agreement with the deputy chief executive as well. We've provided your forward work program for July and I tend to bring together a composite overview of each of those as the first step in your oversight and then as a committee you can take a view from there. So that's our proposal to respond the action by obviously subject to your views cheering the committees. Thank you. Before we go to questions just to say thank you very much Richard and Hannah for great work here. I have the opportunity to speak to Richard several times and provide comment and feedback and much of my feedback has been addressed in the drop in the version you have before you which which really pleases me without wishing to constrain any comments questions or concerns. Yeah this committee has my personal view and it's a personal view is that this is the best articulation of the risk management framework I've seen in the public sector in Wales by quite some margin and it's a real sort of credit to the team involved with this and Peter if you could just take that compliment it is a great work and I'm really pleased with the progress made in terms of starting to articulate a risk appetite. That is a foundation for all good risk management and many public sector organisations shy away from that or paid lip service and I'm really pleased with the high quality intellect applied to this challenging piece of work. Saying all of that there's some real challenges now about operationalising and embedding this and this is where the senior leadership team and Dr Peter Davis our deputy chief executive to take an active lead in supporting Richard and team in this endeavor because it's essential to the ongoing viability and success of his council. I'll pause if you have a comment to make but let's go to questions and comments please members. I thought you'd look across at me then. I agree with what you say it was a slog going through it. I'd admit that it was a real slog but it was all there and you know it was difficult to punch any holes in it really but yeah it was a very very comprehensive report so well done. Thank you Phil. Peter. Yeah thanks Sharon thanks Richard and Hannah for that work. Just really something that perhaps we as a committee could recommend to perhaps front of the scrutiny committees or cabinet member to pick up on from the report and that's on 2.3.2 reference there to the Gwent local resilience forum and in particular to the community risk register. That register is clearly written for the public to read you know good see from the language and so on but I suspect that the great majority of our residents are blissfully unaware of of that document although no doubt it's hidden away well not hidden away it's it's secure somewhere on our on our website. I just wonder if we could recommend that some either one of the scrutiny committees or whoever have a look at whether we should be doing more to publicize that that register so that some residents they know what they can do to help themselves but they also know what we as a council can do to help them if if the risks become realities. Thank you. Thanks Peter. Richard able to give a response to that please. Yeah I think it's really important part of our arrangements and you know it's why we would innovate it in terms of you know we'll be looking at from an organisational perspective so relevant risks and one wish we came to council's delivery of its objectives we'll also feature on our street interest register as well I think in terms of you know clarifying the roles and responsibilities as I just mentioned is that emergency plan will be one of those areas linked arrangements that we've proposed and to bring back to you in in July you know clearly that register is an important part of it so in terms of you know any further action or oversight it might be you know helpful for the committee to receive that paper and then you determine any other further scrutiny or activities in result of that. Yep I've had some sensible way forward thank you Richard. Martin. Thank you Chair and I just reiterate your comments I think it's a terrific piece of work really comprehensive. This I presumably going to be some training alongside this again to make sure that people understand what their roles and responsibilities are and that's particularly the introduction of director at risk register I think is a really excellent way of connecting it feels like a big gap from 50 to 1 and hopefully that means that director at senior leadership teams can have the regular discussions with us. I presume somebody is the risk management champion over to I don't know if it's you Richard but somebody in the organisation is that's that role and so somebody put some challenge into the process so when the director of risk register is to exist and things bubble up to the corporate risk register that somebody says why that and what's happening here you know we just check it and being you know putting a level of challenge into the risk register I think that that would be important. There's a really interesting comment about risk tolerance in here which I always describe as the number of plates you spin at once and that's really interesting as well because you're going to have individual risks and they can add up into something considerably bigger so I'm pleased you've tried to articulate that. There's a section of risk appetite and I hear Hannah what you say about a range but I think that there are risk appetite statements are guidelines and then maybe exceptional circumstance where you go outside even even a range but if something happens that so the upside is so big that you might want to take that risk and I think it's worth saying it's okay to go outside these as long as it's well you know the management magic phrase and if all your whales are here they now they'd still say this well managed risk taking is what they're after so if you've considered all the episodes and all the downsides and you made a decision and it goes on they won't kick you with well that's what they say in theory I will hopefully we won't get that point. Finally on horizon scanning I think that's it's also great that you've mentioned that I just wonder there's a lot of discussion in the paper about world and UK events that might sort of come our way there's also local things which you might think about so I wonder how you incorporate some more local horizon scanning whether there's going to be a risk management group of sort of willing people who are going to have that sort of a little bit of blue sky thinking every now and again that might be really helpful and if you really want to give your risk register the next level you can actually have the horizon scanning built into your risk register in terms of how far away is the risk and I've seen some risk register as well as you've read up the green for the scale and the risk there's also a proximity alert which is which in some place they've used blue as the sky is blue it's a long way away or grey the clouds are coming and black it's raining and it's here and I think that's kind of helpful as well in terms of understanding how far some of these things are because if it's a legislation maybe a couple of years down the road but we know it's coming versus a Q&A now kind of risk thank you Richard thank you thank Martin for the comments I think you know overall it raises a very important point you're a thank you committee chair and everyone for your feedback there's a team effort particularly involving Hannah but a wide range of colleagues so we'll take that back I think the important point you've you mentioned there Martin is about then embed in this I think you know Hannah Hannah may kick me into the table for this but this is almost the first part the big part then is actually operationalizing this and applying it and make sure people train and stand what it means applying it within the context is meant to be applied and applying it robustly as well I think that you know that is the next step for us you know in terms of our self-assessment report we bring to you as a committee we will be looking to know both test ourselves on that and give you assurance or or any areas where we think we're still to develop you know part of our process to bring this forward over so over the next six to 12 months in terms of embed in different parts of this policy once it's approved by by cabinet hopefully in in June and that allows time to make sure actually that those requirements are understood the processes and structures where they're not currently in place or they need to tweak are changed and that that understanding of the arrangements are really important I think you made a good point about you know risk appetite it is those guidelines it's partly why we went for a range is to provide that guidelines but I need to be applied appropriately and you know both in terms of well managed risk taking which is ultimately the heart of of what this paper is trying to try to get to we do you know as a team provide some challenge to any new risks and move forward but ultimately also then we've got those responsibility holders within the process set out in the policy to actually make those decisions as well to determine you know what's escalated into yes late off the studio risk register and I'm guided by guidance as well then yeah thanks for the helpful comments on sort of horizon scanning I think an area that you know so could be valuable in your forming you know just the next few months for the next few years in terms of our risk management and our policy development as well yeah and certainly looking local as well as you know regional and national trends will be important again something will be you know keen to engage a range with you know both both partners locally and regionally and nationally in terms of the evidence we can gather to inform that and again you know some of those challenges will be unique to mama show but some will be more localized in a different way or presenting themselves specifically in mama show we need to be aware of so yeah that's when we know a lot more to come great thank you Peter thank you Chair Tony just very briefly but first of all I probably don't want to take the plaudits as was maybe being suggested earlier to recognize I think what what's an excellent piece of work I think that's been I think that's with Mack Aitos and obviously Richard and Hannah but I think it's probably worth while we mentioning just echoing I guess Richard and Hannah brought this in front of strategic leadership team a few weeks ago I think the reaction and the response is very similar to your own chair and that of the committee I think this is an excellent piece of work it was unanimously supported I think it's the next stage of evolution I think in terms of our risk management arrangements I'm also particularly pleased in the way that the debate in the conversation took place SLT in the sense of really pushing back at immediate adoption and in fact that point of six to twelve twelve months leading because actually it's it's affording what is in fact the necessary time I think for us to be able to transition up into into those arrangements and make sure that they are using Richard's words properly and appropriately embedded I think the final point really is back to the action on the action log that I think Richard has talked well to and I think that there seems to be general comfort about bringing that report back in in July but clearly there'll be a piece there just in terms of being able to demonstrate back to the committee the arrangements I think rich probably take a second a second opportunity hand in hand with it to maybe take the policy now in its rewritten form and be able to actually apply that lens to it as well so it's maybe you know cutting our teeth you know with the new and updated policy on those identified corporate arrangements I think it's probably a really healthy thing to do up front okay thank you so let's look to conclude this matter if we turn our attention back to paragraph two recommendations it is a view of this committee that it recommends the policy for adoption by the council it is comfortable with these self-assessment results are set out within the body of his paper and it is comfortable with the proposed way to address the action tree and action list by by means of bringing forward a paper to his committee in July setting out relevant information so thank you one and all we will now move to the next item which is the internal audit plan at agenda item seven this paper being introduced by Jan Furtec our acting chief in ten Lordita Jan as per usual assume we've read the paper but draw out key points please thank you chair yes so this report aims to inform members of the governor's not a committee on the work to be undertaken by the intern lordit team at an operational level during the 24 25 financial year and I'm requesting that the committee review comment and approves this audit plan so the mission of intern lordit and the reason why we are here is to enhance and protect organizational value by providing risk based and objective assurance advice and insight we're an independent team we provide objective assurance and also consultant activities designed to add value and to improve the organization's operations we use a systematic approach to evaluate and improve the effectiveness of the risk management framework the control and governance processes within the council so the audit planning process takes into account all possible systems processes sections establishments that could be audited within mommasher this includes all services activities and functions which mommasher commissions and or delivers via a third party or via collaborative and partnership arrangements for the 24 25 audit plan the total number of available days amounted to 1300 that was based on five full-time equivalent auditors in the team for a full year we then take off an allowance for planned annual leave any sickness or estimated sickness training management time and admin time which is deducted and to give us our operational lordit days for the year so that calculation has left us with 813 operational days which we allocate across all service area director it's on a risk basis so the summary of that can be seen as appendix one in the report within this 813 days we also set aside 70 days for any special investigations where they could be allegations of fraud theft or bribery against employees of the organization and to also complete any reactive work as we need to if the intern lordit service was to complete a review of each of the service areas which would either due for audit or had not yet been audited and during that during the next financial year the resource required for the team would account would amount to around 2873 audit days therefore the audit plan has had to be risk assessed and prioritized to match the resource of the team chief officers and all heads of service were given the opportunity to contribute and to shape the audit plan the initial plan was provided to a meeting of the street leadership team along with chief officers in the departmental management teams to discuss and to refine a copy of the draft audit plan was also due to be presented to the meeting of the governance and audit committee on the 14th of march this year however as the meeting was cancelled a copy of the covering report and the audit plan was sent to all members via email as an opportunity to provide comment and to highlight any requests these have been taken account when devising the final version of the plan so there's a couple of key changes between the draft and the final audit plan these are highlighted within section 3.13 of the report and the majority of which were work in progress at the end of the flange leer which we didn't quite get over the line and to be issued as draft by the 31st of march it's important to highlight that this plan may change as the year progresses especially if the risk profile of our audit work changes it is intended that the audit plan remains fluid and will be dependent on any new priorities or risks emerge into the council so we can do reactive work as and when we need to this plan will therefore be reviewed quarterly by myself as the acting chief intern lordster and discuss regularly with the deputy chief executive and chief officer of resources and also the chair of the governance and audit committee as and why necessary if we do need to significantly change the audit plan that will be brought back to the committee for further approval consideration is given throughout the audit plan for the appropriate level of resources for intern lordit at mommasha came to council the current establishment of five members of staff remains just about adequate for the current level of assess risk although this will be considered as part of a later item on today's agenda it's worth noting that if there was any unplanned absences such as long-term sickness accomments prolonged investigations or prolonged reactive work undertaken this could significantly impact on the audit plan as cover is limited so the 24 25 audit plan is attached as appendix two to the report the audit jobs have been risk assessed and prioritized which matches to our available resource for the year we therefore have 47 audit opinion jobs and 25 non-opinion jobs incorporated into the plan and it is my opinion that this will be sufficient audit work and coverage to provide informed end-of-year audit opinion to committee this time next year so governance and audit committee are responsible as per the terms of reference of the committee to approve and monitor the intern lordit plan over the course of the year quarterly reports will be presented promptly by myself informing committee of the current progress against the approved plan the opinions issued issued an assembly of all unfavourable reports the committee's role is to hold officers to account and provide oversight of the audit process and the organizational system of internal control i therefore ask committee to approve the 24 25 audit plan and happy to answer any questions thank you Jan questions or comments please Martin thank you Jan it's very comprehensive as always one thing i don't get a flavour from from the the table of appendix two which lists the audits you have yes knows as the order to do and then you alongside the ones you have chosen there's a risk level of mediums and highs obviously no low level ones all the ones that are yes but you're not including i presume they are lower risk level and the ones you have included i presume that's right um is a good question um so in terms of the column with audit due so that's basically any area that either has not been audited or hasn't been audited within a five-year period we then risk assess each individual review to ensure that we concentrate on the jobs that need to be done within a year so um a good example could be second one on the list budgetary control capital that that would be a high risk review it is due there are a number of reasons why that has not been included within the audit plan for the current year um but it will be picked up most likely next year as part of the audit plan so there could be other ones like that it's all part of the risk assessment process thank you yeah and i figured there was more to it than meets the eye initially okay that that's helpful i'll come back to resources in a second but one thing you you you you you brought my attention to was powers 37 and 38 as you said they've got five whole-time equivalent stuff which adds up to 3,300 days and then you've said our allowance the lease signals training management admin is deducted and that brings us down to about 800 days so we lose 500 days or i don't know what's what the heck's that best part of it's over a third of our time it's a non-productive audit work and it'd be interesting how we talk about key performance indicators i thought that's not a particularly good place to be in i understand entirely staff we're entitled to leave and if staff are sick etc but that feels like a big big chunk of training management admin from our from our work i just i like to that the other question i was going to ask is around volume of work and the width versus depth and whether 72 jobs is too many jobs whether you can do more jobs or you do less jobs how long it takes but that's those kind of questions thanks John thank you Martin um yes in terms of your first point it does seem a lot of time um obviously annual leave is and bank holidays is statutory obligations we have to take that off and we have been quite frugal in terms of the calculation it all is all done scientifically in terms of um across the team to do this calculations we put in a nominal amount of sickness obviously we we don't know and hopefully none of my team will be sick over the next year um but we have to put in a nominal a figure on that obviously if there is um spare capacity during the year um sickness allocation has not been used up management time has not been used up admin time has not been used up um then members of the team can do potential and planned work and we add that back into the reactive time or we're a job has um overrun uh for whatever reasons it could be additional work required out on site then that can be used to offset some of that time as well in terms of your second question in terms of depth versus the number of audit jobs and that's part of our risk assessment um for each individual audit review so at the start of the year in that audit plan i put in a an estimate of time that we need available for each job so that's based on cumulative audit knowledge um that's not to say that a job might not overrun because i've put it down as 15 days and it might require 20 because of the level of depth that we need to go in to um during that review so each individual review is scoped we ensure that we cover all the high risk areas within that obviously if we had more time we could cover more areas and but we are trying to get as much audit worked and as much coverage across the council done with it with our resource thank you go to peter next please yeah thank you john um it's clear for me a report and and from your your answers that you've got a team who are dealing with a very heavy workload that you're only able to deal with with very careful planning um are you able to sort reassure us that your team are feeling positive about their work that they're not feeling overwhelmed by why that amount of work so that they're perhaps suffering from excessive levels of stress and anxiety because that in itself is is a risk um both from the point of view of our duty of care to our staff but also in terms of you know if we have those situations then people do start to go off sick and so on and then the NSA work doesn't get done things slip under the uh under the radar and and so on so i don't know if you could comment on the the general level of morale amongst your team yeah thank you for the question yeah so i'm not not going to lie audit work is is very challenging um the team are quite often put in quite uncomfortable situations especially when they go out on site um they have to ask a lot of questions that potentially sometimes are not welcome um and obviously deal and deal with that accordingly then especially if management disagree with the line of questioning or the recommendations which they then issue um so it is a difficult auditing is a difficult job um it's my role as um the manager of the team to ensure that the team uh um the team morale is is there that um members of staff feel supported when they when they do audit when they go out on site um i like to think that i support i support the team um and make sure that they they know they've got um got someone's got their back when they um when they go out and ask ask these questions um i'd like to say that the morale and the team is is quite good at the moment um and as we move on um i'm not not gonna say that let's say this it's a difficult job um and will the proof will be as staff remain happy staff remaining in work and issuing issuing audit reports yes just say thank you for that don't not make yourself a hostage support you now don't take take quick care and thanks for the clarity of answering and that little insight you you you've given us into the difficulties of of the nature of the job and uh certain circumstances i think many of us just don't appreciate unless we're reminded about it thank you yes that is the addition maybe um noting that there's an inherent tension between the order team the order term but generally orders are treated with respect for it Monmocha is that correct? yes that would be correct yeah great okay we'll go to Rod VNX Vince era Rod V please thanks thank you um just think in terms of forward planning uh yan at uh 4.7 it says about the global internal audit standards becoming mandatory in uh January um but that you um you're currently waiting for the guidance i was just wondered in terms of time skills in terms of you getting that guidance and what the likely impact would be in terms of your work schedule going forward okay thank you yeah so the latest that we've heard um should i believe as a starter last week was that there's still no decision that's been made on the if the public sector internal audit standards are going to be updated in light of the new global internal audit standards or whether the global internal audit standards will be implemented across the public sector in the UK the last i heard was that although the global standards are effective from the first of January it's likely that the public sector will have at least until the 31st of March and before they have to come on board with whatever standards are going to be put in place and whether but they're still considering whether the public sector standards themselves will be updated or we go on to the global standards so at the moment it's a wait and see um i don't think many heads of order quite happy with that we want to get going if we need to make changes we want to make them i know i've got a presentation down on the work program to give committee which we keep on pushing back there's no point in doing it until we know what we're what we're actually going to be playing with um so it is it is on our radar and we will look to implement as soon as we as soon as we know thank you Sarah please thanks chair a related question to peters i suspect and that chair knows that i've always said that strong audit is what and it enables an operational manager to sleep at night um i was concerned to see that in the in the audit plan a number of areas which had not been audited for some time or indeed in some cases ever um presumably because they were regarded as low risk but i'm just to what extent do you feel the team is is playing catch up on on previous years and things that have not been thoroughly audited previously i don't want to say that hasn't been thoroughly audited previously um it is just the volume of transactions the volume of areas that a council will and has to manage um we can't get across to everyone i mentioned that ideally we'd look at every area across a five-year period i think that is nayon impossible the the amount of actions that and the amount of teams across the council that would require some oversight and then this certain reviews that we want to do every year or every other year and some some of the fundamental financial systems like council tax um debt recovery we want to look at those more often than than other areas so unfortunately that means certain areas that are considered more lower risk would get pushed back and likewise the new duties that the council take on at the same time so some of the things that have never been audited it might because it's been a relatively new duty so we're waiting for a period of time for the service to embed themselves before we then come in and look at them so there's a number of reasons why an area might not have been audited um obviously we want to get across to everyone i'd love that column to say everyone's done within the five-year period in reality it's just not going to happen unless pete decides to give me an extra five or six months of staff but that's going to be for his decision yeah i think um i think yan's answered that well i mean i think the only supplementary add to it is um in probably describing the horrors of horizontals and the verticals of the organization so you know there's a nature of uh you know a variety of the uh audit work that's within uh the audit plan that i guess is cross-cutting um and you look to get those assurances around for example payroll um as has been you know a good example of um you know and that um allows us to to be able to get that sort of overarching sort of level of comfort um or at least where um inherently um you see those controls playing out through the organization um but by its very nature internal order is uh going back to i guess Richard's last item um you know it's an assessment of risk um on the basis of you know the best intelligence that you have at a moment in time and i guess even an internal audit plan and the one you see now um is iterative in that nature there may be risks that will materialize during the year and and it happens um you know what it work will switch out and in accordingly and that's the way it should operate um but yeah we um you know you're never going to get through a local authority uh a whole array of local authority services uh even in a five-year time frame um but we have we we do have wider business intelligence you know it's not it's not always an internal audit um that will give you a level of comfort uh with regards to robustness of arrangements within one service area to it to another um you know there's other lenses that are applied as well and again all of that feeds in to the construct of what you've got in front of you now thank you okay i'm not seeing any of the hands raised so we look to conclude by saying thank you for the paper very helpful and this committee approves the order planner set out we want to item eight item eight is the external QA of internal audit uh so back to you yarn please thank you chair yes the purpose of this report is to inform the committee of the external quality assessment EQA of the internal audit team which has been recently undertaken to ensure compliance to the public sector internal audit standards the public sector standards require internal audit teams to undergo an external quality assessment once every five years and they should be undertaken by a qualified independent reviewer from outside of the organization it was agreed by section 151 officers and the whilst chief auditors group that each local authority would complete an internal self-assessment which would be validated by an external reviewer from an independent council this approach was used for the last EQA which was completed um in may 2018 and has continued to be the approach undertaken across the public sector over the past couple of years it's important to note that the external assessment should have been completed by May 23 on basis of the five-year period from May 18 however due to the resignation of the previous chief intern-lord in April 23 and myself coming into post later that month it was agreed that this EQA would be delayed until quarter four of the 23 24 financial year to allow for an honest evaluation and validation process to take place so Monmasher's peer review was undertaken during quarter four and this was done by the acting into lord and manager who has the head of into lord at responsibilities at kafilly county borough council they are provided with all the self-assessment information associated documents and evidence as they saw fit um to request the results of the peer review assessment and the validation process can be seen as appendix one which is the final assessment report in summary the review confirmed that the Monmasher intern lord team generally conforms with the public sector intern lord standards and the areas of non-conformance would not considered to be significant there was one area of non or partial conformance and three actions required to strengthen the existing areas the area of non or partial conformance was that the EQA was delayed past its May 23 due date this was deemed minor by the assessor and not material to the overall assessment so the required action is to obviously complete the external assessment and ensure that this report is presented to the committee there are three areas for consideration which would help the team strengthen the team's conformance so it's amending the core principles of internal audit practice based on the new global standards which will be done as part of a review of the internal audit charter once we know these including a direct link and a direct reference for the local code of corporate governance within the audit charter so again that'll be completed when we review our audit charter later this year and to implement a standardized CPD recording process across the team which has already been implemented so we had implement we had identified these as areas for improvement within our self assessment and that was confirmed by the head of audit at kafili so that's our external report can be seen as appendix one and happy to answer any questions thank you Martin not an odd question but it's not observation I think it's a terrific outcome for you and the team Jan and I think generally conforms is such a a sentence which doesn't convey how good a report it is because there is no higher level than generally conforms it absolutely conforms is what it should say and I'm really pleased so congratulations you and your team yeah thank you and with clearly I would echo those remarks so it's a well done please pass on our gratitude and thanks to your team as well are there any more questions or comments no okay in that case we conclude by noting the various satisfactory reports many thanks okay item nine the implementation of internal audit of three recommendations back to you Jan please thank you chair yeah so my final report is the monitoring of implementation of recommendations issued during the 22-23 financial year so the purpose of this report is to show committee provide committee with an update on the progress the operational managers of it have made implementing these recommendations and to also confirm that this report has been presented previously to the council strategic leadership team so again a requirement to the public sector interlord standards is that we monitor and ensure that management actions or recommendations have been effectively implemented or that senior management have accepted any risks of not taking appropriate action so we conducted our follow-up work in January 24 we excluded one report which was issued with a limited audit opinion which was our lady in st michael's primary school due to the unfavorable opinion the school was subject to a formal follow-up audit visit which took place during march 24 so the results from the follow-up audit will be reported to the school chief order to answer the governance and order committee in due course during the next meeting but i can say that it was a more favorable opinion our approach to completing the follow-up work was based on the fact that all recommendations and action plans are for managers to implement within their agreed time scales so the most effective use of our resource was to contact managers to complete a self-assessment they provided the details as to the progress made and we reviewed the responses to ensure that senior management have taken the necessary action so overall during the 22 23 financial year we issued 82 recommendations and table one within the report provides a summary of the findings it's pleasing to note that overall 84 percent of recommendations had either been fully fully or partially implemented where they've been partially implemented um the details of the actions taken to date along with the revised implementation dates were provided by the manager and reviewed by the audit team and we were happy with the with those explanations there were eight recommendations which was stated as not yet being implemented the reasons for their delay was reviewed by the audit team and new target dates for implementation were confirmed were confirmed by managers as table two shows the majority of these were due to a timing issue we followed up in january of the eight five of them were due to be implemented by the 31st of march so that it was already entrained the actions were already being taken um the other actions which are delayed between june to december there are reasons why and were comfortable that those revised implementation dates are correct there was three recommendations where managers effectively decided to accept the risk associated with the original audit findings although it's disappointing to note that the recommendations will not be fully implemented we are of the opinion that the acceptance of these risks will not result in any undue risk being borne by the authority um this report as i mentioned has already been presented to a meeting of the council's strategic leadership team in february this year um chief officers are made aware of the recommendations outstanding within their portfolio and the chief executive has asked that all chief officers review the report and satisfy themselves that appropriate action is being taken by management especially where the risks have been accepted and that the chief officer was also comfortable to accept that risk in addition to management um so that's the report and happy to answer any questions okay thank you very much well i have any questions or comments for honest reports please okay no it looks like a clean bit of health clearly um if anything changes in terms of example the chief officers disagree with the view of their fairs um as direct reports please update us otherwise i think we can note those reports and be comforted by what's been set out there thank you once again we now move on to item 10 item 10 is the proposed future delivery model for internal audits and asked peter davis our chief deputy chief executive to introduce the paper over to you peter thank you chair um i think this has been a subject of ongoing reference for the benefit of the committee to understand how we're gonna look to consolidate and move forward with the internal audit service and given the former chief internal audit Andrew watson uh leaving probably about 12 months ago and committee will be aware that we were exploring conversations around a variety of potential collaborative endeavors and notwithstanding you know yan highlighted the interest earlier but yan has been working very closely with me and through variety of other conversations to look to develop a much more mature position and obviously a business case that looks to present a set of options and obviously a recommended option to move forward um undoubtedly i'm you know working on the basis that uh committee members have obviously read through the report and you'll see that uh the conclusion that is reached there um is for us to recommend that we remain actually in house but importantly to consolidate uh both the resources the skills and and the nature of the roles uh within the team um and that's uh as a consequence um and i think as the committee will will know um um i think uh it's been certainly a desire of mine and certainly the chairs as much as the committees to to make sure that uh you know we draw um swift conclusion uh in terms of the you know the way forward um the report i think has uh rep you know represented in in report form uh quite an awful lot of work that's gone through by way of discussions and and and looking through the detail and you understand i guess by the options assessed uh that those uh those aspects of uh looking at cost and independence and flexibility that each of those models obviously offers um some some of those options uh i think that we were exploring fell away quite quickly by way of the conversations that we sort of evolved um and um you know you even though that they uh stood on similar fair footing i guess in terms of their scoring um i think probably the most mature collaborative arrangement um and probably potential option for us in comparison to the in-house option was uh the regional intern lordit service that's uh currently in place um but we've you know engaged in a number of purposeful discussions with them uh around that and they've uh to their credit they've been very open in terms of sharing of detail and information booked in terms of structures and costs and the like um and for us to be able to assess and weigh and understand that uh against uh i guess the option that we're recommending to remain in-house um you'll see from the report that um uh in fact uh if we had been to entertain the regional intern lordit service that would have actually ended up costing us more um yes i understand uh there is invariably a point in terms of resilience which is what will come into play when whenever you look at any collaboration uh in all honesty um but i don't think that uh in fact outweighed uh i guess those other factors of cost uh and independence and flexibility is afforded by the in-house model i think it's important to note the experience that we've had um and mappy to put that on the record in terms of i think any you've seen it you know meeting on meeting in terms of you know what yan has uh look to achieve uh and to the i think the questions about the morale of the team uh earlier um i've uh um you know been very much uh in a place of having that straight talking discussion with the team and with yan um and i've welcomed the nature of them coming back to me uh quite early on in terms of informal feedback and that you know they're very very pleased um in terms of the trajectory they've taken and under um yan's uh leadership um but i don't i don't think i need to tell you that um i think you've seen that so um in the quality of the reports that are coming through um so naturally um and this is an important part i think of just you know i'm talking here publicly on live stream um you know i do want to thank um the regional internal audit service for the opportunity they've presented at this moment in time um and it's not to say that there is any door shut on any collaboration actually um you know you're going forward i think that would be sort of a naive statement to make i think uh yan as well as myself recognizes that the the world doesn't have a dynamic and changing place i think we all know that um but certainly i want to offer the team stability in order to consolidate off the back of what's been a really good first year under yan's leadership um but i've you know i've rightly had to uh demonstrate that through the um the business case and the report that's in front of you today um i think that the sensible decisions through both of us uh myself and yan and working with the team i think it's um it's been recognized the slight change of shape of the team's structure i think the need for a full-time equivalent chief intern in order to i think um is is is quite key um and i'm not gonna i don't think i'm gonna criticize the the previous arrangement where we shared one with new port um but i think by the the experience i think of or at least having the opportunity to be able to consolidate that more fully as as one full-time equivalent um i think given the environment that we're in nature of the debate today and in terms of you know um having somebody who's going to be able to offer that level of dedicated time in that senior role and that senior position and we've got to go through process uh in and around that um and that's the uh the interest you're showing um clearly at the outset of the meeting um but i think the fraud aspect is also very important as well in inherent within that um i think yan um and i think well i think we both knew and i think the committee knows that there's a need to um i'm not going to concern around our arrangements um i think i just want um an additional level of rigor in and around those arrangements and again given you know we talked about risk through this meeting you know and that's an area that all public bodies um you know are facing um into in terms of those inherent risks of of fraud as much as you have shan and kath uh come in to talk about cyber security you know there are areas that we have rightly invested in um in recent years to strengthen our capabilities and i think now is the right time to do the same uh in and around um our internal audit work so so yeah the report i think uh talks to itself um i'm really interested to just sort of get feedback from the committee um and to hopefully get the endorsement of the committee to sort of move in this direction and certainly for this uh this next period of time so thank you. Thanks very much peter we'll go to questions we'll start with tony please yes thank you chair um the two questions well i want to comment and to tell us a question 4.11 you've touched on the detachment of a shared service without your experience of the previous way we operated or was it a shared service or a shared person at that time the other question is um there's an indication that there's an increase in fraud um have you been able to identify where that fraud why has he increased where it's come from i noticed we've got detection regions to find it out but is this something pre-pandemic or post-pandemic just caused um a lot of work and things like that which might create fraud like i'm assuming it's fraud within the organization rather before the organization so in response to the first question um it was a shared post it wasn't it wasn't a collaboration in the fuller sense um even though i think you know a deepening of collaboration with newport um was one of the options that is obviously presented in the paper i think newport um and i think if um if mary and my my counterpart was here today i think he probably acknowledged one in the same they're in a they're in a different position to us as a result of um i think vacancies that they've suffered through a period of time they've looked to buy in from the market and i guess they're they were in a slightly different position in terms of understanding fundamentally what their next steps were i think in the way that we've been able to consolidate um you know over this last year we we we're in a different position really in in assessing our options um but um so yeah on that one and again to my only comment there's no criticism there in terms of what was there before um i think it's just the opportunity of time and for us to assess uh you know what what the most appropriate next step is um sorry remind me on the second question sorry fraud fraud yes regarding the preponderance or are you as a word preponderance it might be wrong of an increased level of fraud i find fraud prevention obviously is this something which has come from post-pandemic so i might be home working so yeah so i guess if we if we if we if we sit the pandemic very specifically when we talk about things like business grounds aside um then you know we've we've not we've not got a pattern uh of significant fraud um even even despite the fact that you know we've got good arrangements in place um the the increased incident of fraud is something that is being seen across public sector so um invariably we we would be complacent i think to just sit on our laurels of low levels of fraud and just be comfortable um with the arrangements that we have um so um you know it's the need now for us to establish now that um that more dedicated role and um you know that conceivably inform i guess me and yan and the committee and in terms of and in the similar way to what i just touched on and with cyber security um and how we've evolved that in recent years you know that will that will guide us again in terms of the next step of our journey any any other questions or comments Martin thank you thank you Peter i'm a little surprised i guess that it's cheaper to be in house than to join with other organizations and i think you inferred that that's because we pay less um pay less and the gradings in which they in which the way that they assimilate okay across uh because they they sit differently and in terms of with the regional internal audit service uh to us and um that leads to upward trajectory in terms of assimilation over okay so it's a combination of it's probably probably the latter more than the former i think isn't okay so i was thinking about the risk is clearly if there are other organizations which are paying more for services we won't have yan for long because he'll go and get more money somewhere else for example for example of course he wouldn't easy loves it here and the other thing about having a smaller team is the specialties and it doesn't it isn't directly addressed i don't think in the paper things like cyber and it's very specialist areas where we have that facility in household we have to go buy that in yeah i think um i think it's the extent that we need to determine as to whether that needs to be drawn in or it can be developed i guess inherently within the team um so also you know it's kind of a conversation to be worked through so for example if we take something like the shared resource service the SRS which you've you know had a level of exposure on in in the last cycle and i guess Torvine has got a level of experience in that and undertakes the internal audit work in that area so sometimes you know that answer is not not not not too far away in terms of being able to identify the means to achieve that thank you that i think i think that's helpful i'm i'm supportive of the paper i guess because it's a it's a reasons positioned to be in but it feels to be running against the way the world is moving in local governments where individual organizations can't afford the standard they've owned yet in this case we seem to be able to and the clearly works out to be the case i wonder whether there's a lot of coverage on committees and sharing across grant etc but that got hula quickly purely on in this isn't it yeah and i'll probably make note of because it's public our seat RCT stepped away from the regional internal audit service in recent months you know they all have done that for their own reasons and in in terms of i guess as i understand it a bit of a consolidation and focus in terms of their own their own internal governance because they felt that i think in the way that it's been described at least it's you know it's allowed them to come back to i guess that bit around flexibility and being able to you know be able to really clear in terms of where you direct your internal audit resource so it's just you know it's just worth to note that and then the other bit on collaboration is you know collaboration in all walks of life in public service needs to be very carefully thought through you do not just collaborate for the sake of collaboration it's got to be for the right reasons so yeah and any assessment it's got to be a thoughtful one okay um Phil please yeah i was pleased to see the enhanced structure particularly in the current climate um quite refreshing really to see a team enhanced rather than depleted so yeah i mean obviously you accept that if we lose somebody there's there's a problem within the team but that's life isn't it um but no i think it's i think it's the right proposal i was just going to touch Peter on on our CT because i understand their model was to move performance closer together with internal audit which i you know that seems a bit counterintuitive to me that you know internal audit you know can hold performance back and and then perhaps not not best place to be too close together so i'll see i mean three moments of experience of me that perhaps that's uh that's the answer for someone else but uh but it didn't seem sensible to me okay i'm not seeing any of our hands so a couple of comments and one question i think um thank you Peter for paper i'm grateful to officers for early sight of draft of this this paper and the opportunity to provide feedback um i think it's it's a very good well thought out paper and clearly they're supportive of the recommendation i think it was important for our people that is the staff and this committee that we give certainty in terms of what the target operating model was and come to a swift and very sensible conclusion so yet again thank you Peter for your hard work in pulling this together so i so clearly clearly the recommendations accepted my question is is around timetable and all next steps i think the paper will say onto that could you just give us some insight in terms of what the next steps are please yeah thank you chair just remind me it just allows me the opportunity to come back in because it was one important piece i forgot to mention which is that um as you naturally expect it part of a proper process there's been a level of staff consultation um you know this extended obviously beyond yan but with the rest of the team um really good feedback received um but you know again very supportive in terms of the direction of travel um but not in a way of it the the option that being chosen is of course the option of least change for such colleagues they have actually come back in with very constructive uh comment i guess and in terms of how this can actually look to um put uh the internal audit service on stronger footing going forward um so that's that that's just good to acknowledge um so we've so we've already been through that uh hurdle back to your point on timeline uh so that's cleared so on the basis of um an endorsement uh today uh by the governance and audit committee we will be almost immediately looking to uh to to make move therefore um i'm looking to try and streamline uh the process uh as uh as much as i'm able to but obviously in in office offering fair opportunity i guess for the for the roles that are obviously um brought forward as part of the process um so you know i wouldn't want to get oh touch wood uh i wouldn't want to get passed um and the summer really uh with us um not having this uh or implemented in through okay that sounds positive thank you very much so clearly you have a committee's endorsement and look forward to an update in terms of when it's actually been implemented thank you once again we'll now move on to item 12 item 12 is the reformatted uh committee forward work plan may i just pass my thanks to wendy and i think Cheryl for the work they've um they've been involved with in terms of developing it i was content of the content uh but were there any questions or comments members no we'll then move on to the minutes of a previous meeting yet again i've reviewed vv's and they have no particular comments or questions but may look to members for their views happy to approve okay we will we will we will approve those minutes thank you and the final um the big part i shouldn't just confirmed we've already addressed item 11 so so at the top end of this meeting the final then that is to confirm the date of next meeting hopefully this new diary is 6th of June and think that concludes this committee meeting so thank you one and all [BLANK_AUDIO]
Transcript
Okay. We will now move to item three public open form. May I just check Tony? Your mic is on. Did you wish to speak? Okay. Public open form. This is the opportunity for members of public to address the committee to raise any concerns or relevant matters. Wendy, have we any members of public who wish to address this? That no chair. Okay. In which case we will move on to the action list. There's four actions in the action list. We'll start as this tradition with the first one and that's in relation to a paper, possibly an informal paper on finance team capacity. Members will be aware this is a long outstanding paper. So I can see John Davis head of finances on the lines. John, can we kindly give an update in terms of where we are of this paper, please? Yeah, afternoon, everyone. And thanks, Chair. Yeah, I think I communicated via email over the past week or so that the paper is near and completion. It's not a paper that is going to come in front of the committee as a report as such. So this is very much an operational paper that outlines the changes required to the finance structure. It's, as I say, near and completion. So I'll hopefully be able to share that with yourself. Chair, at the same time as it goes across to Peter has in his role as chief officer for resources to be able to consider and sign that off in the Peter's role. So yeah, hoping to be shared this week. It's near and completion. It doesn't mean an easy one because it encapsulates quite a few temporary arrangements that we've had in place. So just needed to bottom those out before bringing that forward as a final version. Hopefully that gives us an update. So John, thanks for the update. We did discuss it. We're at the pre-meter week or so ago. Given how long it's taken to see the light of day, I did strongly indicate that I'd want to pay per bike end of this month, which is effectively tomorrow. So I would like it. Water and all tomorrow, please. Are you happy to do that? I'll work towards that, Chair. I'll take a look through and hopefully share something at the same time that is sent over to Peter. Thank you. Much appreciated. Okay, we've gone to the actions. Actions 2 is not due until next month. I'm not going to go to MAT unless he signals that he wishes to update this point, but I look forward to seeing that paper at next month's committee. Item 3 is included within Richard Jones' excellent paper on risk management and item. What is it? It's fair. Item 6, conceived of looking. So what I'm going to ask Peter Davis to provide an update unless he wishes to at this stage and similarly item 4, that's not due until late in the year. So no update of this point is required. If we could then move on to item 5. Item 5 is the Audit Wales Program Council Board of Wales Work Program Council Progress Update. And I believe this item is going to be introduced initially by Hannah Carter Performance Analyst. So Hannah, over to you, please. Thank you, Chair. Yeah, so today we have the Audit Wales Work Program Progress Update for members to review. This is a six-monthly report that was last presented to the committee back in October. So this report provides an update on the progress being made by the Council in implementing the findings of Audit Wales reviews. This includes both local and national studies published by Audit Wales. So for our local studies, recommendations that we deem require further attention are marked as open. And then when a recommendation has been assessed as been adequately addressed, it's marked as closed and an explanation might be provided. So the local reviews currently marked as open can be found in Appendix 1. These include a review into financial sustainability and also a review into asset and workforce management. As well as these local studies, Audit Wales also publish national studies. And whilst the findings of these studies may not always be specific to Monma Shaw or necessarily pertinent, we do share these with the most appropriate service area to consider their findings and recommendations and to respond accordingly. And the Council's management response to national studies can be found in Appendix 2. There's been just one national study published since the last update provided to the committee, and this is into regeneration of Brownfield sites. Something to note for the committee is that the management response template for our national studies has been adjusted very slightly to include a responsibility holder and time scale. And this is to ensure alignment with Audit Wales's organisational response forms that we are required to complete following these national studies. The committee is asked to scrutinise the Council's response to the Audit Wales work program and seek assurance that adequate progress is being made. And they are also able to refer any issues contained within the national studies for other committees to consider where they identify their findings that may require some further scrutiny. And I'm happy to take any questions that you may have from the report. Okay, thank you, Hannah. Let's go to members first for questions and comments. Martin. Thank you, Chair. Thank you, Hannah. It's a helpful report. If I write your reading this, these are only the Open Audit Wales recommendations, so there are some which have been closed. It would be helpful, not for this time, but for in future, just a brief summary of the ones that have been done just so we understand what action has been done to make sure we've closed that off happily. Specifically then, on the appendix one that's here today, and the finance proposals, the bottom one and the finance proposals on page six of the paper talks about robust details, review of plan savings brought forward to ensure impact on service deliveries mitigated where possible. And it says March 24. That's so, I presume that hasn't yet happened, always in progress. Yes, so this is referring to setting a balanced budget, which was then done in March 24. That's why it's not as much 24. So that action has been done. Ah, but it's because it's part of a bigger overall action, which has the opening of that way, it's a looping. Okay, that's really helpful. A couple of other places, however, where the actions are marked as ongoing. How on earth do we ever close off an ongoing action? Yes, I think that's the first point. I have closed actions as well. It's going to be helpful and I'll come on to the ongoing one. In terms of close, there aren't any actually within this report that close, but it's to say when we close an action, we will also include a rationale for closing it within this report. And also, I know all the way else colleagues on the call are planning further follow up work on closed actions as well. So that may help the committee and certainly help as an organisation. In terms of ongoing, I think it's a fair challenge. I think some of the nature of the actions is, Hannah's just sorry. Hannah's just pardon me. As Hannah's just described, we'll have a specific end date, so we'll set the budget on a certain date and we can see the actions closed. Some of the things we're doing are looking at ongoing incremental improvements to how we deliver in services. So, the one in front of me around the asset management plan has now been put in place. Within that, there are a range of actions and activities that will set out different milestones and measures which they want to deliver. It's difficult for us in one paper to wrap all those up at a headline level, too. But I think it is a fair challenge and something I think we'll take back to when we're working with service areas we respond to these, try and pin down clear timescale. So both we and you can hold them to account for delivery and I'm sure what it was, Connie, to say the same. Thank you, Richard. That's really helpful. What I don't want to do is force officers into setting realistic deadlines to get things done. So I'd like them to think about these things. And if it is complex, it is going to take a while, let's be honest and say it'll take a year, it'll take however long it takes. But I hate ongoing because you can never close it off, Connie. Thank you. Any other questions or comments, please? Okay. Before I turn to order Wales for various views on this paper, just to please say I didn't see you. With regard to the empty land and buildings piece, I'd note the response. I mean, we don't have the same issues in Momshire that a lot of authorities have do. And I know that officers are aware of where the brownfield sites are and what they are. And of course, it's great that the authority is sort of putting its own house in order first through the asset strategy. But I wondered whether we are actually meeting the challenge of being given with the audit Wales to be ambitious and interventionist and whether the sites that are around the county, are we aware of which collectively as an authority and being aware that that's very much cross departmental, are we identified those sites which are not coming forward in the normal, through the normal course of things, through the LDP or through anything else, and where the authority may need to intervene to avoid that site becoming a continuing beat to be a blight. I mean, I'm sure we can all identify a few around the county which are where there are ice walls where nothing appears to be happening. I think it's difficult for us to answer that when no sponsor of the service here, I think in bringing the paper forward with the committee, there's probably two roles. You've got one is a show on yourself around the initial response. The second one is if you think there are elements here that could be followed up in more detail, that could be something, for example, you refer on to a scrutiny committee, for example, to look at where this, obviously, I know the planning policy and the local development plan, for example, it is already part of the work program. Secondly, and more specifically, we can take that question away in us for the service here to provide a return response. So, I believe it to the committee to decide what further action I'd take, but I'm happy to take the specific question back to you. Thank you, Richard. Thank you, Sarah. You made some important points there. How do you wish to play it? We can ask the officers to come back to us with a fair update, or we could refer to scrutiny, or even potentially ask a relevant officer to attend this committee, albeit I'm not very keen at that last option. Have any thoughts, please, Sarah? Perhaps to identify whether we have a list, as an authority, do we have a list of the brownfield sites in the county and the sites in need for regeneration, and are we aware of the current status of those? I'm sure Phil will know more than I do. Phil, please, quite honestly, Chair, that's one for the replacement local development plan, which is due to P&M's by cabinet in September. So, I think Sarah would probably be better waiting until she gets that, because whatever there is at the moment could well change by then. Tony. Yeah, thank you, Chair. Page 11 on your report, I won't read all of it, but it says, this is the Council House, and can this directly involve communities in its development of the county, where you engage the stakeholders throughout the development of the replacement local development plan, et cetera. I won't read all the paragraph. I think that Yann knows what I'm coming from. Can you assure me that there will be that continued and regular involvement of communities rather than just righted down on you? I think, well, the response is given by the head of planning, placemaking, highways, it's a long title, highways, and flooding and regeneration manager. So, that's what they've committed to do in the response. I can't personally respond to that, Chair, but again, we can ask you if there's a specific question for the officer to respond. Yeah, so I do have some sympathies with Richard's view. So, Tony, I don't know if it's best asking that question directly to the officer outside of his forum, but if you're not satisfied, please bring it back, because it is related to the points within this paper. Yes, they've got concerns, yes. Okay, thank you, Tony. I kind of check, Sarah. Are you happy to wait to see the LDP in September? I am. Yes, thank you, Chair. I think that's an excellent suggestion from them. Okay, thank you. Just a few comments from me back to the finance proposals. Clearly, a critical set of actions here, and, you know, we have, as a committee, asked to be engaged in the development of a financial strategy, and I do note that the financial strategies on the agenda for our meeting next month, and I'm sure that that will come forward as appropriate, which is really, really important, and certainly sort of the scale of the action set out here, and what the outcome actually desired is pretty significant and critical to the continuing the viability of this organisation. So, look forward to seeing that, and also looking forward to seeing these actions closed out. Before concluding, may I just turn to Gareth Lucy and Jason Williams for their comments in terms of the adequacy of the Council's response, please. Thank you, Chair. Yes, obviously, a lot of these comments relate to historical reports and outputs that we've made. So, you know, we maintain a contact with Council officers in terms of those responses, you know, and carry out a range of follow-up work as well as appropriate. So, you know, that work then provides us with the assurance we need that those are being taken forward. So, I want to use a combination of that ongoing dialogue and the follow-up work that will provide assurances in the Chair. Great. Okay, I take that, but you are broadly comfortable with what's said out. That is, there are no further contour indications. Thank you, Gareth. As I mentioned at the pre-meet, we will now move to item 11. Item 11 is the Ordes Wales Performance Data Review, and I'll turn initially to Gareth Lucy to introduce the item. I think Jason Williams will then provide a bit more detail, and then turn to members for questions and comments. So, back to you, Gareth, please. Thank you very much, Chair, and good afternoon, everyone. Just to introduce myself, my name is Gareth Lucy. I'm the Engagement Director with Responsibility for Delivery, of all audit work here at Momshire County Council. I've recently taken over from Anthony Ville, who has previously held the role. So, just to introduce this work, first of all, before I introduce my colleague, Jason, into to talk through some of the detail of the findings. So, this is a report on the Council's use of service users of perspectives and consideration of outcomes when it comes to its performance information. This is a piece of work that we've performed across all 22 local authorities in Wales. So, isn't a local audit risk that we've identified as such. This is a piece of thematic work that we've carried out all across the country, this report therefore forms the local output of that work for Momshire. We got 21 other reports similarly being presented elsewhere across Wales, too. It's worth flagging up at this stage that this is a report focusing on the use of service user perspectives and outcomes within performance information. So, this isn't a wider review of the Council's use of performance information, so its processes or its performance in that area. This is looking at a specific element of that. So, I just asked members to bear that in mind as they consider the findings of this report. Hopefully, everyone's had a chance to read the report in detail to see the main findings coming out of it. You'll also see after the report in the agenda PAC, the Council have also completed our organisational response form on page 1, 2, 3 of the PAC. That summarizes the Council's response to the recommendations that we've raised in the report as well. Although Jason will come on to those in a little more detail now, fundamentally, we're satisfied at this stage around the content and sufficiency of that response from the Council as well. So, with that all summarized here, I'll hand over to Jason now, we'll come up through some of the details of the report, and then hopefully, we can hand over to a Council officer then for a response in terms of their response to our report. Thank you very much. Yeah, I'm Jason Williams, senior officer with Audit Wales. I've been working on this particular review, amongst others, and just to follow on from what Gareth has said, we carried out this review to answer the key question, which was, does the Council's performance data enable senior leaders to understand the service user perspective and the outcomes of its activities to effectively manage its performance? We explored the performance information that provided the senior leaders on the perspective of service users, the information on the outcomes of the Council's activities and arrangements to ensure that the data provided is correct. The overall finding that we came to within the report, and this is all detailed within the report, and I'll just pull a little bits out as we go along, but the overall finding was that the Council provides some performance information to enable senior leaders to understand the perspective of service users, but informational outcomes was limited in restricting the ability to manage performance effectively. The reviews findings then, which fed into that overall finding, were as follows. So performance information provided to senior leaders includes some information, but it does not enable them to get a comprehensive understanding of the service user perspectives. We did find some examples of performance information, which would help senior leaders understand the perspective of service users, but overall we found the information on the perspective of service users did not enable senior leaders to get a comprehensive understanding of how well services and policies are meeting the needs of service users, particularly given the breadth of services are provided. Our next finding was regards to the performance information provided the senior leaders to help them understand the outcomes of the Council's activities as being limited. So we found some information about outcomes. Much of the information in the Council's report is based upon outputs, however, and quantitative measures with limited evaluation of those outcomes and the outcomes of the actions. Our next finding was around the Council has limited arrangements to ensure performance data. Reflecting the service user's perspective and the outcomes is accurate. The Council has limited arrangements in place to routinely check the accuracy and quality of data and performance information. There were things such as performance measures guidance, which we looked through in the principles and of development and checking performance measures. We looked at performance team and take sense checks and in consideration we found that inaccuracies with performance information may not be identified if anomalies were not noted. So another one of the points was that there has been no data quality orders that we had seen in the past four years and as the Council has limited arrangements, therefore, to assure itself that the service user perspective and outcomes data is accurate, there was then deemed the risk that performance information presented to senior leaders may therefore be inaccurate. Our next finding. As information provided on outcomes is limited, the extent to which the Council can use this information to help it achieve its outcomes is also limited. Some performance information to enable senior leaders were found to understand the perspective of service users, but information on outcomes was found to be limited and where we did find examples of the Council providing information, we found some examples of the Council then using that information and making changes. The next finding was that the Council recognised that it needs to strengthen the quality and range of information available to it. The Council has set new objectives in its community and corporate plan with a focus on developing more localized data to better understand the lived experiences of its residents, so that was stated. It will be important for the Council to benchmark and compare its performance arrangements, however, for collecting and reporting on outcomes and service user perspectives with other organisations. So having gone through that, coming to the final overall rather conclusion and finding, we came up with three recommendations, which I'll just summarize as in. The first was about the Council should strengthen the information it provides to its senior leaders. The second was that the Council should strengthen the information provided to senior leaders to help them understand the impact of its services and that's with regards to outcomes and then the third was the Council needs to assure itself that it has robust arrangements in place to check the quality and accuracy of the service user perspective and outcomes data provides to senior leaders. That report was produced, agreed, it's been agreed with Council and it has been submitted with an ORF, an organisational response form. As was mentioned by Gareth, that's been returned to us and our conclusion in that is that the Council's response to findings together with their planned actions was deemed sufficient and appropriate and that's basically it from, I believe, thank you. So thank you, Gareth, thank you, Jason, really, really helpful introduction. From my perspective, a very important paper and indeed it's a real challenge, not only from on the shy bet, but for other local authorities in order to sort of address a number of these recommendations. So before going to members, I note that a number of these actions, Citry of Richard Jones, Performance and Data Insight Manager, as well as with Matt Gaethaus. Richard, did you want to say anything at this stage in terms of your confidence in delivering those actions, please? Yes, Chair, I think overall again, thank you for the audit, Will's work on this. It is timely, as mentioned, flipping the input from Jason, we set the community called Brown, looking at developing our outcomes of this piece of work from what it well is to inform that. It's helpful, I think, what I'd give some assurance to members is that we have some arrangements in place and we have performance monitoring reporting in place, we have a performance management framework in place and we have regular timetable of work plans to report those in. I think what the report challenges on is strengthening that to focus on outcomes in the services perspective. Some of those things we have in place, I think the report cites some of those examples around things like our self-reloration report, things like our directors reports coming from chief officer in social care health and chief officer's children and people, but nonetheless, as our management response covers, we're looking to strengthen those arrangements in the coming months and years ahead. So, in terms of the key actions, there's a couple of key things we're looking to do. Firstly, is strengthening the measures within the community and corporate plan to try and make sure there's focus on outcomes and the service use of respect as they can be recognizing that no one number alone will fully reflect that and actually, I think as we've talked to this committee for about our self-assessment arrangements, bringing a wide range of evidence to support our self-assessment will be important and that won't just be quantitative evidence that will be qualitative as well and sometimes that will take a while to develop review, evaluate and bring that forward which is partly linked to one of our key second actions for both the first two recommendations and working with service areas to strengthen their own information gathering and assessment through their service plans as well because it's that that then for feet and vocal but reporting and the service areas are the ones closest to the service uses and the outcomes where they're being delivered as well, but again, just to reiterate, there are arrangements in place for that and we do have good examples where that's in place nonetheless, it's about making sure that practice is even and consistent across our range of services as well and the final action there that links to our self-assessment arrangements which I've already covered and then finally around the third recommendation around the quality and accuracy or information again, Jason, hopefully we'll do some of the arrangements we have in place in terms of, you know, providing that assurance to ourselves around do we have robust arrangements to check, to check quality sure performance data, I think a big part of it for us is it's not looking just at the name and point check but looking at data for its life cycle, so looking at when data is first, when it's first entered, how it's stored, how it's exported, how it's exported, rather dated and reported and you know, I think the way we're looking at our actions takes forward around the data material assessment, it's looking at across that whole life cycle including some of the processes we have in place to do some of those end-point checks and part of that, you know, I've spoken to Jan as well in terms of the work that we can jointly do within an audit, the strength and some of those arrangements as well, so that's a brief overview and confidence in terms of where we go next and I'll see a report on that committee, I don't know, Chief, if Matt wanted to add anything. I think there was a sort of fairly comprehensive initiative input from Rich and also just your chair as needed to pick up any subsequent questions from the committee. Great, thanks both, so I'll have two members for questions and comments, either towards Wales or to officers. Only a quick one, Chair, just a bit of clarification really, on a general point. All these Wales, in particular, there's various references to effectively or what appears to be effectively accepting the reports that have provided to senior managers as being correct if they're doing a financial audit, that the information provided by officers and internal audit is correct and then there's a heavy reliance upon us getting what we give out that they look at being correct. So my question is, what tests go on on that? You know, are we actually hanging ourselves when perhaps we shouldn't have done? You know, this general question about how the effectiveness is worked through. Thank you. So I think that's essentially a question about data accuracy and integrity. Richard, do you want to go with the answering right, please? Yeah, thanks. Thanks, Councillor MURPHY. It's a good point. Again, I think, probably look, it's a different area's responsibility and then at each point those are different areas in essence of check. So we take performance data as a line in this report, so obviously we'll have a responsibility holder in the service area who will be generated in producing that performance data. Part of our response round data maturity is making sure that they have the skill support awareness they need when they're producing the data to think of it through that lifecycle. So has it been entered correctly? Are they validating it before then they pass it on to be used in the next chain in the cycle? As you describe, the next part of that in terms of if I looked safely at the arrangements having place with a community and corporate plan performance measures, which are important to us because they are our headline measures of our objectives as an organisation, we have, as described in the report, definitions, proformers in place, which would calculate things like variants. We'll ensure that the officer providing information is signing off that they're happy it's accurate. If there are variants, it's like that we as a team will act as a potential another check in that process to test then why is something varied? Have you had a changing process? Have you changed your system? Has the performance gone up or down that much? Why? And that's another check in the line. And obviously we then report through two committees as well, who at the end point have a scrutiny challenge role. I know in using with the response to report with into an audit colleagues of our new into an audit part of their work programme, we're required or we're on a risk basis to be important also to test out some of the performance data and data arrangements services have in place. So I think it's we have a process in place but for me it's not just the process, it's making sure that the culture, the skills are embedded within that and that's where I think our response will help working as a performance team and in these and with the with all the colleagues as well as our whole system. Thanks for that which obviously a lot of care taken there but can I just turn the question on on audit Wales then please and just see what their perspective is on that. Do you want to repeat your question for Ben for Wales? Basically even though you have acknowledged the amount of care which is taken in preparing reports and the information provided to you, what checks do you carry out to make sure that that is in fact the case? Yeah thank you Chair and thanks to the Councillor for the question. Yes ultimately this is kind of the skill of the job ultimately as an auditor is to assess the data that's put in front of you and come to a conclusion as to whether it's something that can be relied upon or whether further work needs to be done and if further work needs to be done what that work therefore is. So some professional skepticism is really what underpins the work that we do. It's really just carrying that mindset forward to review every piece of information we get be that for auditing the accounts or for a piece of performance audit work and constantly assessing whether that is a viable and accurate piece of information and sometimes that's more straightforward than others. So sometimes it's externally verifiable, sometimes we may need to stop colleagues who may have greater knowledge and assurances in this area, sometimes it's as simple as just asking through the questions of the person who's provided it and getting assurances that way. There's no set of approach ultimately but I suppose just please be assured from our part that this is something that underpins all of the work that we do, that we're never taking anything at face value and as an external auditor's we have to question what we're provided at all times. That was the anticipated response, thank you for that. Okay thank you Gareth. Have any Martin please. Thank you Chair. I guess this is which is this is probably view in the recommendation responses. As you mentioned the recommendation is one-on-two, there's a bullet that says support service managers to strengthen the use of evidence. How are we going to do that? Is that going to be a training courses, training people how to use data? What does support service managers actually look like? Yeah I think it'll be a range of things. So for example, Anne and I are responsible set up service business plan process as part of that. We have a range of guidance training materials that we'll provide managers with either generally offered or offered on a support or need basis and we'll be developing some new retailers part of that. So for example we'll be looking at doing some video recordings so we can have training available. We'll make people that hold in a specific session and also that will be part of then we're part of the various networks and performance networks. We may draw in specific training courses or support as available as well. So we've got a suite available I think the challenge and audit way as a report is a welcome moment in terms of that focus on impact. It's something we identified in our self-assessment process as well. So yeah there'll be a great emphasis now as we move in the next few months into through the service business planning to focus on training and supporting managers around ourselves more so than we currently do. That's really helpful thank you. Sarah next please. Thank you Chair. I think Melty has asked one of the questions I was going to ask. This is a really welcome challenge and very much echoes. I know what I know is the the administration's commitment to put the citizen experience at the centre of everything the council does and to use data robustly. I will also go to ask about the the training and so on but I'd like to ask audit Wales is really how do we compare to other authorities in that. Perhaps this is not something you could answer in this but I know that we're always ready to learn from good practice elsewhere. Thank you. Are you able to answer that Gareth? Yes yes absolutely and thanks again for the question. I think this is the really useful thing about performing these thematic pieces of work across all of the 22 councils as it allows us to compare also allows council officers to compare contrast, share and learn and ultimately that's what we're hoping for from this piece of work is it'll it'll act as that catalyst for discussion and sharing. Ultimately the I think the conclusions we've drawn here are fairly consistent with what we've seen elsewhere. Again wouldn't want to sort of pre-empt any other reports which may still be going through this process but they'll all be findable on our website later on anyway but it's fairly consistent. I think we found these sort of general themes of potential improvements that could be made in terms of enhancing the perspective of the service user and outcomes as part of performance management data. So I think the findings that we have here are certainly not unique. We certainly have seen similar themes elsewhere and what we'd hope now is let me say councils could get together, share information and learn from that but I suppose just as that final piece of reassurance you know what you see here is not more much of being an agglaya. I'd say this is very much part of being one of the past clearly and it's just a matter of now the steps from here to further that improvement journey. Okay thank you helpful Richard we'd like to come in there please. Just to add and thank Harris for that helpful explanation just to reassure the council that we're also part of network with performance colleagues across other organisations particularly through the WLGA and as we look to develop out our use of outcome measures we're looking and we're networking with them in terms of other practice we can we can learn from and share. Audrey please. Thanks Chair. It was only a quick one for Richard I was just thinking in terms of going forward. I just wanted to double check you don't actually get to name them but have you identified the service areas that are going to need additional support in doing that the outcomes, evidence in the outcomes and where they may need additional training. Yeah and I think we're all going to look to be more targeted so as part of our service business planning process we do a quality assurance process. I say we kind of largely largely leads that and a hand is in a piece of work to review all all 50 of our service business plans looking at the quality of the different areas and where those who perhaps need more support in different areas not just self-assessment but on things like risk for example others we'll we'll be more targeted using that information we've got to focus on certain areas and supporting them to strengthen the arrangements initially but really equally there will be an offer open for anyone within the organisation who wish to take it up as well. Okay, you're not seeing any of our hands raised so let's conclude this matter. May once again thank you, thanks, extend our thanks to Gareth and Jason for her contributions please feel free to stay but also please feel free to to leave as you as a dean for it. Many thanks. Thank you, Jane. Okay we'll move back to item six which is the Risk and Management paper. I think this paper is going to be introduced by Richard Jones, Performance Data and Insight Manager and Hannah Carter. I understand there's going to be a presentation, I don't know which all you want to take it but maybe is the presentation first or do you want to introduce this paper which is easiest for you Richard? Okay, if I introduce it and I hand over to Hannah who will share a screen on the call for everyone just to talk through a bit more detail about the changes and updates to the Risk Management Policy were proposed as part of the paper. So yeah thank you that chair. So there's two main parts to paper before you view to the committee. First of these to seek your feedback on our proposed revisions to the Strategic Risk Management Policy which just said Hannah will talk you through shortly and the second is to provide you with our own assessment of our implementation of our current Risk Management Framework and also to provide you with an overview of our current student risk facing the organization which I would be familiar with is part of our regular six-monthly reporting to you as a committee. Just briefly provide a little bit more context on some of those parts we'll hand over to Hannah. So in terms of the update to the Strategic Risk Management Policy to have a little to remind you why we've undertaken it now both in terms of our own self-assessment arrangements, the feedback from this committee and the feedback from interlord and our general desire to strengthen risk management and the organization's sort of led us to complete the review before you today and obviously the evidence feedback from all all those sources including yourselves has been considered as part of the policy. So thank you for your challenge and support in it. It's so far welcome anything further today. I think it's going to emphasize that the policy review has largely built upon arrangements we have in place. It's not looking at radically changing the basis and foundation we've got which I think it's worked as it's looking at strengthening and developing on our arrangements through the policy and we've presented three parts to pre-part to you tonight today. Firstly the policy itself secondly the risk appetite statement which obviously a key development within the policy and thirdly we thought it was helpful just to attach the sporting risk guidance as well and this is one of those as I mentioned earlier one of those many guidance documents we have in place to support services to actually implement some of our policies and in this case this supports the supports of guidance. This supports the policy sorry but as it's guidance it's not you know formally part of it but we thought it would be helpful to share with you as part of your scrutiny. The second part is our effectiveness of our assessment of our effectiveness of current student risks. Again this is building upon I think the last assessment review which was in February one of key updates just to bring your attention to which we factored in is we've had the conclusion of the internal audit review of our risk management arrangements which we we've considered as part of this assessment and then that gave a reasonable assurance rating you know with some areas of strengths and some areas of development and lots of which have we've embedded within the proposed revisions to the to the policy and then final part is to provide you with an overview of our risk register. So the main update changes to risk level summary of the key mitigating actions that have taken place that have been delivered or behind schedule in some cases in the last in the last six months since the last brought to you and as as you're familiar with now the responsibility to scrutinize the actual fall detail the risk register will go to performance and overview scrutiny committee in May and the the fall register will then also represent its cabinet to be be endorsed in in June. Finally today I don't know if you're going to cover the action points on the work role now would you want to come back to that? Coors just become back then because there's a lot here which need to to unpick it so finish the introduction and then go back please. I'm going to do a guide you through the policy changes. I'll just share my screen and we have a short presentation to go through so hopefully everyone can see that. Yes. So Richard has just covered these main points why we've done the the review and the role of the committee and so if I just go through some key changes so firstly we've looked to expand the description and introduction of wider risk management arrangements that the council has in place and so this has helped us to link to tedious management with the wider arrangements and then also to provide an additional level of assurance to both officers and members and that the arrangements that we have in place are wide ranging and also robust. Secondly we've looked to adopt the three lines model which is derived from the UK government's orange book on risk management and so this has helped us to more clearly define the responsibilities for risk management including the separation of risk management and overseeing the risk management process and this will help us to delegate and coordinate risk management roles within the organization. Next is the introduction of horizon scanning into a policy so I'm sure you all know when identifying risks there's a need to look at both what's currently happening but also what is going to happen and so we will use this horizon scanning model to produce sorry risk radar report on an annual basis and this will outline potential risks that may impact more mature overcoming years so this will help us to identify key uncertainties and challenges that may affect our organizations objectives and operations and thus help us strengthen our risk identification arrangements. Next is the introduction of direct risk registers so these will help us to track and manage the most significant risks facing each director. We currently have over 50 service business plans and these all feed into our singles treated risk register and so these direct at risk registers will essentially form a middle man between these two and sit between them and help us strengthen our escalation de-escalation and risk identification process and will also help the directorates in facilitating more robust and often discussion of risk. Next is our risk monitoring reporting so we have worked to further define our risk monitoring and reporting arrangements and this includes setting out how each element of the risk monitoring process should monitor and manage risks and how these all link together and we've also worked to outline our reporting arrangements on risk management including the role of this committee in overseeing the effectiveness sorry of risk management process and the last significant change we want to highlight is our risk appetite statement so we have worked further to define the organization's risk appetite through setting a risk appetite statement and we set a risk appetite range for various categories of risk based on organizational activity so this includes Chijic, financial and environmental etc. The risk appetite range is from a lower limit of a verse to an upper limit of eager and we've gone for this risk appetite range model to allow for differing risk appetite to be applied to different activity that may be contained with the same risk category. This risk appetite statement will set separately to the risk management policy and this is to allow for more regular review and update to ensure it remains relevant and appropriate and so that's it for the key changes that we wanted to highlight in terms of the next steps for this policy and following consideration of feedback from this committee the policy will be presented to cabinet in June for formal approval and following cabinet approval we will work to embed the proposed changes and strengthening arrangements that are currently in place as part of a phase introduction and work with officers to embed this policy. Thank you. Okay thank you Hannah. Let's go back to Richard. Richard is going to pick up fee and pick up and cross reference to action three in the action list and highlight how we go into how this is going to be addressed back to you Richard. Yes thank you Jim. Yeah so so your action list contains an action around which corporate risk control policies is committee you should review. So we've considered this as part of the review of the policy as Hannah just outlined we identified under section 2.3 of the risk management policy other arrangement which are integral to managing and are part of student risks. So these are health and safety emergency planning, insurance, finance, internet audit, information governance and cyber security some of which I know you already have oversight of a committee others maybe you haven't had as much or or any site of it in your forward work program so far. So our proposal is as they are embedded in our link to our student risk management policy we think they're appropriate and logical that the committee has oversight of them. We've proposed in that as each arrangement each of those arrangements has different arrangements in place. It's important they're considered each individually and in context of the various governance and accountability arrangements they have but as a first step in your oversight to that we've proposed an in agreement with the deputy chief executive as well. We've provided your forward work program for July and I tend to bring together a composite overview of each of those as the first step in your oversight and then as a committee you can take a view from there. So that's our proposal to respond the action by obviously subject to your views cheering the committees. Thank you. Before we go to questions just to say thank you very much Richard and Hannah for great work here. I have the opportunity to speak to Richard several times and provide comment and feedback and much of my feedback has been addressed in the drop in the version you have before you which which really pleases me without wishing to constrain any comments questions or concerns. Yeah this committee has my personal view and it's a personal view is that this is the best articulation of the risk management framework I've seen in the public sector in Wales by quite some margin and it's a real sort of credit to the team involved with this and Peter if you could just take that compliment it is a great work and I'm really pleased with the progress made in terms of starting to articulate a risk appetite. That is a foundation for all good risk management and many public sector organisations shy away from that or paid lip service and I'm really pleased with the high quality intellect applied to this challenging piece of work. Saying all of that there's some real challenges now about operationalising and embedding this and this is where the senior leadership team and Dr Peter Davis our deputy chief executive to take an active lead in supporting Richard and team in this endeavor because it's essential to the ongoing viability and success of his council. I'll pause if you have a comment to make but let's go to questions and comments please members. I thought you'd look across at me then. I agree with what you say it was a slog going through it. I'd admit that it was a real slog but it was all there and you know it was difficult to punch any holes in it really but yeah it was a very very comprehensive report so well done. Thank you Phil. Peter. Yeah thanks Sharon thanks Richard and Hannah for that work. Just really something that perhaps we as a committee could recommend to perhaps front of the scrutiny committees or cabinet member to pick up on from the report and that's on 2.3.2 reference there to the Gwent local resilience forum and in particular to the community risk register. That register is clearly written for the public to read you know good see from the language and so on but I suspect that the great majority of our residents are blissfully unaware of of that document although no doubt it's hidden away well not hidden away it's it's secure somewhere on our on our website. I just wonder if we could recommend that some either one of the scrutiny committees or whoever have a look at whether we should be doing more to publicize that that register so that some residents they know what they can do to help themselves but they also know what we as a council can do to help them if if the risks become realities. Thank you. Thanks Peter. Richard able to give a response to that please. Yeah I think it's really important part of our arrangements and you know it's why we would innovate it in terms of you know we'll be looking at from an organisational perspective so relevant risks and one wish we came to council's delivery of its objectives we'll also feature on our street interest register as well I think in terms of you know clarifying the roles and responsibilities as I just mentioned is that emergency plan will be one of those areas linked arrangements that we've proposed and to bring back to you in in July you know clearly that register is an important part of it so in terms of you know any further action or oversight it might be you know helpful for the committee to receive that paper and then you determine any other further scrutiny or activities in result of that. Yep I've had some sensible way forward thank you Richard. Martin. Thank you Chair and I just reiterate your comments I think it's a terrific piece of work really comprehensive. This I presumably going to be some training alongside this again to make sure that people understand what their roles and responsibilities are and that's particularly the introduction of director at risk register I think is a really excellent way of connecting it feels like a big gap from 50 to 1 and hopefully that means that director at senior leadership teams can have the regular discussions with us. I presume somebody is the risk management champion over to I don't know if it's you Richard but somebody in the organisation is that's that role and so somebody put some challenge into the process so when the director of risk register is to exist and things bubble up to the corporate risk register that somebody says why that and what's happening here you know we just check it and being you know putting a level of challenge into the risk register I think that that would be important. There's a really interesting comment about risk tolerance in here which I always describe as the number of plates you spin at once and that's really interesting as well because you're going to have individual risks and they can add up into something considerably bigger so I'm pleased you've tried to articulate that. There's a section of risk appetite and I hear Hannah what you say about a range but I think that there are risk appetite statements are guidelines and then maybe exceptional circumstance where you go outside even even a range but if something happens that so the upside is so big that you might want to take that risk and I think it's worth saying it's okay to go outside these as long as it's well you know the management magic phrase and if all your whales are here they now they'd still say this well managed risk taking is what they're after so if you've considered all the episodes and all the downsides and you made a decision and it goes on they won't kick you with well that's what they say in theory I will hopefully we won't get that point. Finally on horizon scanning I think that's it's also great that you've mentioned that I just wonder there's a lot of discussion in the paper about world and UK events that might sort of come our way there's also local things which you might think about so I wonder how you incorporate some more local horizon scanning whether there's going to be a risk management group of sort of willing people who are going to have that sort of a little bit of blue sky thinking every now and again that might be really helpful and if you really want to give your risk register the next level you can actually have the horizon scanning built into your risk register in terms of how far away is the risk and I've seen some risk register as well as you've read up the green for the scale and the risk there's also a proximity alert which is which in some place they've used blue as the sky is blue it's a long way away or grey the clouds are coming and black it's raining and it's here and I think that's kind of helpful as well in terms of understanding how far some of these things are because if it's a legislation maybe a couple of years down the road but we know it's coming versus a Q&A now kind of risk thank you Richard thank you thank Martin for the comments I think you know overall it raises a very important point you're a thank you committee chair and everyone for your feedback there's a team effort particularly involving Hannah but a wide range of colleagues so we'll take that back I think the important point you've you mentioned there Martin is about then embed in this I think you know Hannah Hannah may kick me into the table for this but this is almost the first part the big part then is actually operationalizing this and applying it and make sure people train and stand what it means applying it within the context is meant to be applied and applying it robustly as well I think that you know that is the next step for us you know in terms of our self-assessment report we bring to you as a committee we will be looking to know both test ourselves on that and give you assurance or or any areas where we think we're still to develop you know part of our process to bring this forward over so over the next six to 12 months in terms of embed in different parts of this policy once it's approved by by cabinet hopefully in in June and that allows time to make sure actually that those requirements are understood the processes and structures where they're not currently in place or they need to tweak are changed and that that understanding of the arrangements are really important I think you made a good point about you know risk appetite it is those guidelines it's partly why we went for a range is to provide that guidelines but I need to be applied appropriately and you know both in terms of well managed risk taking which is ultimately the heart of of what this paper is trying to try to get to we do you know as a team provide some challenge to any new risks and move forward but ultimately also then we've got those responsibility holders within the process set out in the policy to actually make those decisions as well to determine you know what's escalated into yes late off the studio risk register and I'm guided by guidance as well then yeah thanks for the helpful comments on sort of horizon scanning I think an area that you know so could be valuable in your forming you know just the next few months for the next few years in terms of our risk management and our policy development as well yeah and certainly looking local as well as you know regional and national trends will be important again something will be you know keen to engage a range with you know both both partners locally and regionally and nationally in terms of the evidence we can gather to inform that and again you know some of those challenges will be unique to mama show but some will be more localized in a different way or presenting themselves specifically in mama show we need to be aware of so yeah that's when we know a lot more to come great thank you Peter thank you Chair Tony just very briefly but first of all I probably don't want to take the plaudits as was maybe being suggested earlier to recognize I think what what's an excellent piece of work I think that's been I think that's with Mack Aitos and obviously Richard and Hannah but I think it's probably worth while we mentioning just echoing I guess Richard and Hannah brought this in front of strategic leadership team a few weeks ago I think the reaction and the response is very similar to your own chair and that of the committee I think this is an excellent piece of work it was unanimously supported I think it's the next stage of evolution I think in terms of our risk management arrangements I'm also particularly pleased in the way that the debate in the conversation took place SLT in the sense of really pushing back at immediate adoption and in fact that point of six to twelve twelve months leading because actually it's it's affording what is in fact the necessary time I think for us to be able to transition up into into those arrangements and make sure that they are using Richard's words properly and appropriately embedded I think the final point really is back to the action on the action log that I think Richard has talked well to and I think that there seems to be general comfort about bringing that report back in in July but clearly there'll be a piece there just in terms of being able to demonstrate back to the committee the arrangements I think rich probably take a second a second opportunity hand in hand with it to maybe take the policy now in its rewritten form and be able to actually apply that lens to it as well so it's maybe you know cutting our teeth you know with the new and updated policy on those identified corporate arrangements I think it's probably a really healthy thing to do up front okay thank you so let's look to conclude this matter if we turn our attention back to paragraph two recommendations it is a view of this committee that it recommends the policy for adoption by the council it is comfortable with these self-assessment results are set out within the body of his paper and it is comfortable with the proposed way to address the action tree and action list by by means of bringing forward a paper to his committee in July setting out relevant information so thank you one and all we will now move to the next item which is the internal audit plan at agenda item seven this paper being introduced by Jan Furtec our acting chief in ten Lordita Jan as per usual assume we've read the paper but draw out key points please thank you chair yes so this report aims to inform members of the governor's not a committee on the work to be undertaken by the intern lordit team at an operational level during the 24 25 financial year and I'm requesting that the committee review comment and approves this audit plan so the mission of intern lordit and the reason why we are here is to enhance and protect organizational value by providing risk based and objective assurance advice and insight we're an independent team we provide objective assurance and also consultant activities designed to add value and to improve the organization's operations we use a systematic approach to evaluate and improve the effectiveness of the risk management framework the control and governance processes within the council so the audit planning process takes into account all possible systems processes sections establishments that could be audited within mommasher this includes all services activities and functions which mommasher commissions and or delivers via a third party or via collaborative and partnership arrangements for the 24 25 audit plan the total number of available days amounted to 1300 that was based on five full-time equivalent auditors in the team for a full year we then take off an allowance for planned annual leave any sickness or estimated sickness training management time and admin time which is deducted and to give us our operational lordit days for the year so that calculation has left us with 813 operational days which we allocate across all service area director it's on a risk basis so the summary of that can be seen as appendix one in the report within this 813 days we also set aside 70 days for any special investigations where they could be allegations of fraud theft or bribery against employees of the organization and to also complete any reactive work as we need to if the intern lordit service was to complete a review of each of the service areas which would either due for audit or had not yet been audited and during that during the next financial year the resource required for the team would account would amount to around 2873 audit days therefore the audit plan has had to be risk assessed and prioritized to match the resource of the team chief officers and all heads of service were given the opportunity to contribute and to shape the audit plan the initial plan was provided to a meeting of the street leadership team along with chief officers in the departmental management teams to discuss and to refine a copy of the draft audit plan was also due to be presented to the meeting of the governance and audit committee on the 14th of march this year however as the meeting was cancelled a copy of the covering report and the audit plan was sent to all members via email as an opportunity to provide comment and to highlight any requests these have been taken account when devising the final version of the plan so there's a couple of key changes between the draft and the final audit plan these are highlighted within section 3.13 of the report and the majority of which were work in progress at the end of the flange leer which we didn't quite get over the line and to be issued as draft by the 31st of march it's important to highlight that this plan may change as the year progresses especially if the risk profile of our audit work changes it is intended that the audit plan remains fluid and will be dependent on any new priorities or risks emerge into the council so we can do reactive work as and when we need to this plan will therefore be reviewed quarterly by myself as the acting chief intern lordster and discuss regularly with the deputy chief executive and chief officer of resources and also the chair of the governance and audit committee as and why necessary if we do need to significantly change the audit plan that will be brought back to the committee for further approval consideration is given throughout the audit plan for the appropriate level of resources for intern lordit at mommasha came to council the current establishment of five members of staff remains just about adequate for the current level of assess risk although this will be considered as part of a later item on today's agenda it's worth noting that if there was any unplanned absences such as long-term sickness accomments prolonged investigations or prolonged reactive work undertaken this could significantly impact on the audit plan as cover is limited so the 24 25 audit plan is attached as appendix two to the report the audit jobs have been risk assessed and prioritized which matches to our available resource for the year we therefore have 47 audit opinion jobs and 25 non-opinion jobs incorporated into the plan and it is my opinion that this will be sufficient audit work and coverage to provide informed end-of-year audit opinion to committee this time next year so governance and audit committee are responsible as per the terms of reference of the committee to approve and monitor the intern lordit plan over the course of the year quarterly reports will be presented promptly by myself informing committee of the current progress against the approved plan the opinions issued issued an assembly of all unfavourable reports the committee's role is to hold officers to account and provide oversight of the audit process and the organizational system of internal control i therefore ask committee to approve the 24 25 audit plan and happy to answer any questions thank you Jan questions or comments please Martin thank you Jan it's very comprehensive as always one thing i don't get a flavour from from the the table of appendix two which lists the audits you have yes knows as the order to do and then you alongside the ones you have chosen there's a risk level of mediums and highs obviously no low level ones all the ones that are yes but you're not including i presume they are lower risk level and the ones you have included i presume that's right um is a good question um so in terms of the column with audit due so that's basically any area that either has not been audited or hasn't been audited within a five-year period we then risk assess each individual review to ensure that we concentrate on the jobs that need to be done within a year so um a good example could be second one on the list budgetary control capital that that would be a high risk review it is due there are a number of reasons why that has not been included within the audit plan for the current year um but it will be picked up most likely next year as part of the audit plan so there could be other ones like that it's all part of the risk assessment process thank you yeah and i figured there was more to it than meets the eye initially okay that that's helpful i'll come back to resources in a second but one thing you you you you you brought my attention to was powers 37 and 38 as you said they've got five whole-time equivalent stuff which adds up to 3,300 days and then you've said our allowance the lease signals training management admin is deducted and that brings us down to about 800 days so we lose 500 days or i don't know what's what the heck's that best part of it's over a third of our time it's a non-productive audit work and it'd be interesting how we talk about key performance indicators i thought that's not a particularly good place to be in i understand entirely staff we're entitled to leave and if staff are sick etc but that feels like a big big chunk of training management admin from our from our work i just i like to that the other question i was going to ask is around volume of work and the width versus depth and whether 72 jobs is too many jobs whether you can do more jobs or you do less jobs how long it takes but that's those kind of questions thanks John thank you Martin um yes in terms of your first point it does seem a lot of time um obviously annual leave is and bank holidays is statutory obligations we have to take that off and we have been quite frugal in terms of the calculation it all is all done scientifically in terms of um across the team to do this calculations we put in a nominal amount of sickness obviously we we don't know and hopefully none of my team will be sick over the next year um but we have to put in a nominal a figure on that obviously if there is um spare capacity during the year um sickness allocation has not been used up management time has not been used up admin time has not been used up um then members of the team can do potential and planned work and we add that back into the reactive time or we're a job has um overrun uh for whatever reasons it could be additional work required out on site then that can be used to offset some of that time as well in terms of your second question in terms of depth versus the number of audit jobs and that's part of our risk assessment um for each individual audit review so at the start of the year in that audit plan i put in a an estimate of time that we need available for each job so that's based on cumulative audit knowledge um that's not to say that a job might not overrun because i've put it down as 15 days and it might require 20 because of the level of depth that we need to go in to um during that review so each individual review is scoped we ensure that we cover all the high risk areas within that obviously if we had more time we could cover more areas and but we are trying to get as much audit worked and as much coverage across the council done with it with our resource thank you go to peter next please yeah thank you john um it's clear for me a report and and from your your answers that you've got a team who are dealing with a very heavy workload that you're only able to deal with with very careful planning um are you able to sort reassure us that your team are feeling positive about their work that they're not feeling overwhelmed by why that amount of work so that they're perhaps suffering from excessive levels of stress and anxiety because that in itself is is a risk um both from the point of view of our duty of care to our staff but also in terms of you know if we have those situations then people do start to go off sick and so on and then the NSA work doesn't get done things slip under the uh under the radar and and so on so i don't know if you could comment on the the general level of morale amongst your team yeah thank you for the question yeah so i'm not not going to lie audit work is is very challenging um the team are quite often put in quite uncomfortable situations especially when they go out on site um they have to ask a lot of questions that potentially sometimes are not welcome um and obviously deal and deal with that accordingly then especially if management disagree with the line of questioning or the recommendations which they then issue um so it is a difficult auditing is a difficult job um it's my role as um the manager of the team to ensure that the team uh um the team morale is is there that um members of staff feel supported when they when they do audit when they go out on site um i like to think that i support i support the team um and make sure that they they know they've got um got someone's got their back when they um when they go out and ask ask these questions um i'd like to say that the morale and the team is is quite good at the moment um and as we move on um i'm not not gonna say that let's say this it's a difficult job um and will the proof will be as staff remain happy staff remaining in work and issuing issuing audit reports yes just say thank you for that don't not make yourself a hostage support you now don't take take quick care and thanks for the clarity of answering and that little insight you you you've given us into the difficulties of of the nature of the job and uh certain circumstances i think many of us just don't appreciate unless we're reminded about it thank you yes that is the addition maybe um noting that there's an inherent tension between the order team the order term but generally orders are treated with respect for it Monmocha is that correct? yes that would be correct yeah great okay we'll go to Rod VNX Vince era Rod V please thanks thank you um just think in terms of forward planning uh yan at uh 4.7 it says about the global internal audit standards becoming mandatory in uh January um but that you um you're currently waiting for the guidance i was just wondered in terms of time skills in terms of you getting that guidance and what the likely impact would be in terms of your work schedule going forward okay thank you yeah so the latest that we've heard um should i believe as a starter last week was that there's still no decision that's been made on the if the public sector internal audit standards are going to be updated in light of the new global internal audit standards or whether the global internal audit standards will be implemented across the public sector in the UK the last i heard was that although the global standards are effective from the first of January it's likely that the public sector will have at least until the 31st of March and before they have to come on board with whatever standards are going to be put in place and whether but they're still considering whether the public sector standards themselves will be updated or we go on to the global standards so at the moment it's a wait and see um i don't think many heads of order quite happy with that we want to get going if we need to make changes we want to make them i know i've got a presentation down on the work program to give committee which we keep on pushing back there's no point in doing it until we know what we're what we're actually going to be playing with um so it is it is on our radar and we will look to implement as soon as we as soon as we know thank you Sarah please thanks chair a related question to peters i suspect and that chair knows that i've always said that strong audit is what and it enables an operational manager to sleep at night um i was concerned to see that in the in the audit plan a number of areas which had not been audited for some time or indeed in some cases ever um presumably because they were regarded as low risk but i'm just to what extent do you feel the team is is playing catch up on on previous years and things that have not been thoroughly audited previously i don't want to say that hasn't been thoroughly audited previously um it is just the volume of transactions the volume of areas that a council will and has to manage um we can't get across to everyone i mentioned that ideally we'd look at every area across a five-year period i think that is nayon impossible the the amount of actions that and the amount of teams across the council that would require some oversight and then this certain reviews that we want to do every year or every other year and some some of the fundamental financial systems like council tax um debt recovery we want to look at those more often than than other areas so unfortunately that means certain areas that are considered more lower risk would get pushed back and likewise the new duties that the council take on at the same time so some of the things that have never been audited it might because it's been a relatively new duty so we're waiting for a period of time for the service to embed themselves before we then come in and look at them so there's a number of reasons why an area might not have been audited um obviously we want to get across to everyone i'd love that column to say everyone's done within the five-year period in reality it's just not going to happen unless pete decides to give me an extra five or six months of staff but that's going to be for his decision yeah i think um i think yan's answered that well i mean i think the only supplementary add to it is um in probably describing the horrors of horizontals and the verticals of the organization so you know there's a nature of uh you know a variety of the uh audit work that's within uh the audit plan that i guess is cross-cutting um and you look to get those assurances around for example payroll um as has been you know a good example of um you know and that um allows us to to be able to get that sort of overarching sort of level of comfort um or at least where um inherently um you see those controls playing out through the organization um but by its very nature internal order is uh going back to i guess Richard's last item um you know it's an assessment of risk um on the basis of you know the best intelligence that you have at a moment in time and i guess even an internal audit plan and the one you see now um is iterative in that nature there may be risks that will materialize during the year and and it happens um you know what it work will switch out and in accordingly and that's the way it should operate um but yeah we um you know you're never going to get through a local authority uh a whole array of local authority services uh even in a five-year time frame um but we have we we do have wider business intelligence you know it's not it's not always an internal audit um that will give you a level of comfort uh with regards to robustness of arrangements within one service area to it to another um you know there's other lenses that are applied as well and again all of that feeds in to the construct of what you've got in front of you now thank you okay i'm not seeing any of the hands raised so we look to conclude by saying thank you for the paper very helpful and this committee approves the order planner set out we want to item eight item eight is the external QA of internal audit uh so back to you yarn please thank you chair yes the purpose of this report is to inform the committee of the external quality assessment EQA of the internal audit team which has been recently undertaken to ensure compliance to the public sector internal audit standards the public sector standards require internal audit teams to undergo an external quality assessment once every five years and they should be undertaken by a qualified independent reviewer from outside of the organization it was agreed by section 151 officers and the whilst chief auditors group that each local authority would complete an internal self-assessment which would be validated by an external reviewer from an independent council this approach was used for the last EQA which was completed um in may 2018 and has continued to be the approach undertaken across the public sector over the past couple of years it's important to note that the external assessment should have been completed by May 23 on basis of the five-year period from May 18 however due to the resignation of the previous chief intern-lord in April 23 and myself coming into post later that month it was agreed that this EQA would be delayed until quarter four of the 23 24 financial year to allow for an honest evaluation and validation process to take place so Monmasher's peer review was undertaken during quarter four and this was done by the acting into lord and manager who has the head of into lord at responsibilities at kafilly county borough council they are provided with all the self-assessment information associated documents and evidence as they saw fit um to request the results of the peer review assessment and the validation process can be seen as appendix one which is the final assessment report in summary the review confirmed that the Monmasher intern lord team generally conforms with the public sector intern lord standards and the areas of non-conformance would not considered to be significant there was one area of non or partial conformance and three actions required to strengthen the existing areas the area of non or partial conformance was that the EQA was delayed past its May 23 due date this was deemed minor by the assessor and not material to the overall assessment so the required action is to obviously complete the external assessment and ensure that this report is presented to the committee there are three areas for consideration which would help the team strengthen the team's conformance so it's amending the core principles of internal audit practice based on the new global standards which will be done as part of a review of the internal audit charter once we know these including a direct link and a direct reference for the local code of corporate governance within the audit charter so again that'll be completed when we review our audit charter later this year and to implement a standardized CPD recording process across the team which has already been implemented so we had implement we had identified these as areas for improvement within our self assessment and that was confirmed by the head of audit at kafili so that's our external report can be seen as appendix one and happy to answer any questions thank you Martin not an odd question but it's not observation I think it's a terrific outcome for you and the team Jan and I think generally conforms is such a a sentence which doesn't convey how good a report it is because there is no higher level than generally conforms it absolutely conforms is what it should say and I'm really pleased so congratulations you and your team yeah thank you and with clearly I would echo those remarks so it's a well done please pass on our gratitude and thanks to your team as well are there any more questions or comments no okay in that case we conclude by noting the various satisfactory reports many thanks okay item nine the implementation of internal audit of three recommendations back to you Jan please thank you chair yeah so my final report is the monitoring of implementation of recommendations issued during the 22-23 financial year so the purpose of this report is to show committee provide committee with an update on the progress the operational managers of it have made implementing these recommendations and to also confirm that this report has been presented previously to the council strategic leadership team so again a requirement to the public sector interlord standards is that we monitor and ensure that management actions or recommendations have been effectively implemented or that senior management have accepted any risks of not taking appropriate action so we conducted our follow-up work in January 24 we excluded one report which was issued with a limited audit opinion which was our lady in st michael's primary school due to the unfavorable opinion the school was subject to a formal follow-up audit visit which took place during march 24 so the results from the follow-up audit will be reported to the school chief order to answer the governance and order committee in due course during the next meeting but i can say that it was a more favorable opinion our approach to completing the follow-up work was based on the fact that all recommendations and action plans are for managers to implement within their agreed time scales so the most effective use of our resource was to contact managers to complete a self-assessment they provided the details as to the progress made and we reviewed the responses to ensure that senior management have taken the necessary action so overall during the 22 23 financial year we issued 82 recommendations and table one within the report provides a summary of the findings it's pleasing to note that overall 84 percent of recommendations had either been fully fully or partially implemented where they've been partially implemented um the details of the actions taken to date along with the revised implementation dates were provided by the manager and reviewed by the audit team and we were happy with the with those explanations there were eight recommendations which was stated as not yet being implemented the reasons for their delay was reviewed by the audit team and new target dates for implementation were confirmed were confirmed by managers as table two shows the majority of these were due to a timing issue we followed up in january of the eight five of them were due to be implemented by the 31st of march so that it was already entrained the actions were already being taken um the other actions which are delayed between june to december there are reasons why and were comfortable that those revised implementation dates are correct there was three recommendations where managers effectively decided to accept the risk associated with the original audit findings although it's disappointing to note that the recommendations will not be fully implemented we are of the opinion that the acceptance of these risks will not result in any undue risk being borne by the authority um this report as i mentioned has already been presented to a meeting of the council's strategic leadership team in february this year um chief officers are made aware of the recommendations outstanding within their portfolio and the chief executive has asked that all chief officers review the report and satisfy themselves that appropriate action is being taken by management especially where the risks have been accepted and that the chief officer was also comfortable to accept that risk in addition to management um so that's the report and happy to answer any questions okay thank you very much well i have any questions or comments for honest reports please okay no it looks like a clean bit of health clearly um if anything changes in terms of example the chief officers disagree with the view of their fairs um as direct reports please update us otherwise i think we can note those reports and be comforted by what's been set out there thank you once again we now move on to item 10 item 10 is the proposed future delivery model for internal audits and asked peter davis our chief deputy chief executive to introduce the paper over to you peter thank you chair um i think this has been a subject of ongoing reference for the benefit of the committee to understand how we're gonna look to consolidate and move forward with the internal audit service and given the former chief internal audit Andrew watson uh leaving probably about 12 months ago and committee will be aware that we were exploring conversations around a variety of potential collaborative endeavors and notwithstanding you know yan highlighted the interest earlier but yan has been working very closely with me and through variety of other conversations to look to develop a much more mature position and obviously a business case that looks to present a set of options and obviously a recommended option to move forward um undoubtedly i'm you know working on the basis that uh committee members have obviously read through the report and you'll see that uh the conclusion that is reached there um is for us to recommend that we remain actually in house but importantly to consolidate uh both the resources the skills and and the nature of the roles uh within the team um and that's uh as a consequence um and i think as the committee will will know um um i think uh it's been certainly a desire of mine and certainly the chairs as much as the committees to to make sure that uh you know we draw um swift conclusion uh in terms of the you know the way forward um the report i think has uh rep you know represented in in report form uh quite an awful lot of work that's gone through by way of discussions and and and looking through the detail and you understand i guess by the options assessed uh that those uh those aspects of uh looking at cost and independence and flexibility that each of those models obviously offers um some some of those options uh i think that we were exploring fell away quite quickly by way of the conversations that we sort of evolved um and um you know you even though that they uh stood on similar fair footing i guess in terms of their scoring um i think probably the most mature collaborative arrangement um and probably potential option for us in comparison to the in-house option was uh the regional intern lordit service that's uh currently in place um but we've you know engaged in a number of purposeful discussions with them uh around that and they've uh to their credit they've been very open in terms of sharing of detail and information booked in terms of structures and costs and the like um and for us to be able to assess and weigh and understand that uh against uh i guess the option that we're recommending to remain in-house um you'll see from the report that um uh in fact uh if we had been to entertain the regional intern lordit service that would have actually ended up costing us more um yes i understand uh there is invariably a point in terms of resilience which is what will come into play when whenever you look at any collaboration uh in all honesty um but i don't think that uh in fact outweighed uh i guess those other factors of cost uh and independence and flexibility is afforded by the in-house model i think it's important to note the experience that we've had um and mappy to put that on the record in terms of i think any you've seen it you know meeting on meeting in terms of you know what yan has uh look to achieve uh and to the i think the questions about the morale of the team uh earlier um i've uh um you know been very much uh in a place of having that straight talking discussion with the team and with yan um and i've welcomed the nature of them coming back to me uh quite early on in terms of informal feedback and that you know they're very very pleased um in terms of the trajectory they've taken and under um yan's uh leadership um but i don't i don't think i need to tell you that um i think you've seen that so um in the quality of the reports that are coming through um so naturally um and this is an important part i think of just you know i'm talking here publicly on live stream um you know i do want to thank um the regional internal audit service for the opportunity they've presented at this moment in time um and it's not to say that there is any door shut on any collaboration actually um you know you're going forward i think that would be sort of a naive statement to make i think uh yan as well as myself recognizes that the the world doesn't have a dynamic and changing place i think we all know that um but certainly i want to offer the team stability in order to consolidate off the back of what's been a really good first year under yan's leadership um but i've you know i've rightly had to uh demonstrate that through the um the business case and the report that's in front of you today um i think that the sensible decisions through both of us uh myself and yan and working with the team i think it's um it's been recognized the slight change of shape of the team's structure i think the need for a full-time equivalent chief intern in order to i think um is is is quite key um and i'm not gonna i don't think i'm gonna criticize the the previous arrangement where we shared one with new port um but i think by the the experience i think of or at least having the opportunity to be able to consolidate that more fully as as one full-time equivalent um i think given the environment that we're in nature of the debate today and in terms of you know um having somebody who's going to be able to offer that level of dedicated time in that senior role and that senior position and we've got to go through process uh in and around that um and that's the uh the interest you're showing um clearly at the outset of the meeting um but i think the fraud aspect is also very important as well in inherent within that um i think yan um and i think well i think we both knew and i think the committee knows that there's a need to um i'm not going to concern around our arrangements um i think i just want um an additional level of rigor in and around those arrangements and again given you know we talked about risk through this meeting you know and that's an area that all public bodies um you know are facing um into in terms of those inherent risks of of fraud as much as you have shan and kath uh come in to talk about cyber security you know there are areas that we have rightly invested in um in recent years to strengthen our capabilities and i think now is the right time to do the same uh in and around um our internal audit work so so yeah the report i think uh talks to itself um i'm really interested to just sort of get feedback from the committee um and to hopefully get the endorsement of the committee to sort of move in this direction and certainly for this uh this next period of time so thank you. Thanks very much peter we'll go to questions we'll start with tony please yes thank you chair um the two questions well i want to comment and to tell us a question 4.11 you've touched on the detachment of a shared service without your experience of the previous way we operated or was it a shared service or a shared person at that time the other question is um there's an indication that there's an increase in fraud um have you been able to identify where that fraud why has he increased where it's come from i noticed we've got detection regions to find it out but is this something pre-pandemic or post-pandemic just caused um a lot of work and things like that which might create fraud like i'm assuming it's fraud within the organization rather before the organization so in response to the first question um it was a shared post it wasn't it wasn't a collaboration in the fuller sense um even though i think you know a deepening of collaboration with newport um was one of the options that is obviously presented in the paper i think newport um and i think if um if mary and my my counterpart was here today i think he probably acknowledged one in the same they're in a they're in a different position to us as a result of um i think vacancies that they've suffered through a period of time they've looked to buy in from the market and i guess they're they were in a slightly different position in terms of understanding fundamentally what their next steps were i think in the way that we've been able to consolidate um you know over this last year we we we're in a different position really in in assessing our options um but um so yeah on that one and again to my only comment there's no criticism there in terms of what was there before um i think it's just the opportunity of time and for us to assess uh you know what what the most appropriate next step is um sorry remind me on the second question sorry fraud fraud yes regarding the preponderance or are you as a word preponderance it might be wrong of an increased level of fraud i find fraud prevention obviously is this something which has come from post-pandemic so i might be home working so yeah so i guess if we if we if we if we sit the pandemic very specifically when we talk about things like business grounds aside um then you know we've we've not we've not got a pattern uh of significant fraud um even even despite the fact that you know we've got good arrangements in place um the the increased incident of fraud is something that is being seen across public sector so um invariably we we would be complacent i think to just sit on our laurels of low levels of fraud and just be comfortable um with the arrangements that we have um so um you know it's the need now for us to establish now that um that more dedicated role and um you know that conceivably inform i guess me and yan and the committee and in terms of and in the similar way to what i just touched on and with cyber security um and how we've evolved that in recent years you know that will that will guide us again in terms of the next step of our journey any any other questions or comments Martin thank you thank you Peter i'm a little surprised i guess that it's cheaper to be in house than to join with other organizations and i think you inferred that that's because we pay less um pay less and the gradings in which they in which the way that they assimilate okay across uh because they they sit differently and in terms of with the regional internal audit service uh to us and um that leads to upward trajectory in terms of assimilation over okay so it's a combination of it's probably probably the latter more than the former i think isn't okay so i was thinking about the risk is clearly if there are other organizations which are paying more for services we won't have yan for long because he'll go and get more money somewhere else for example for example of course he wouldn't easy loves it here and the other thing about having a smaller team is the specialties and it doesn't it isn't directly addressed i don't think in the paper things like cyber and it's very specialist areas where we have that facility in household we have to go buy that in yeah i think um i think it's the extent that we need to determine as to whether that needs to be drawn in or it can be developed i guess inherently within the team um so also you know it's kind of a conversation to be worked through so for example if we take something like the shared resource service the SRS which you've you know had a level of exposure on in in the last cycle and i guess Torvine has got a level of experience in that and undertakes the internal audit work in that area so sometimes you know that answer is not not not not too far away in terms of being able to identify the means to achieve that thank you that i think i think that's helpful i'm i'm supportive of the paper i guess because it's a it's a reasons positioned to be in but it feels to be running against the way the world is moving in local governments where individual organizations can't afford the standard they've owned yet in this case we seem to be able to and the clearly works out to be the case i wonder whether there's a lot of coverage on committees and sharing across grant etc but that got hula quickly purely on in this isn't it yeah and i'll probably make note of because it's public our seat RCT stepped away from the regional internal audit service in recent months you know they all have done that for their own reasons and in in terms of i guess as i understand it a bit of a consolidation and focus in terms of their own their own internal governance because they felt that i think in the way that it's been described at least it's you know it's allowed them to come back to i guess that bit around flexibility and being able to you know be able to really clear in terms of where you direct your internal audit resource so it's just you know it's just worth to note that and then the other bit on collaboration is you know collaboration in all walks of life in public service needs to be very carefully thought through you do not just collaborate for the sake of collaboration it's got to be for the right reasons so yeah and any assessment it's got to be a thoughtful one okay um Phil please yeah i was pleased to see the enhanced structure particularly in the current climate um quite refreshing really to see a team enhanced rather than depleted so yeah i mean obviously you accept that if we lose somebody there's there's a problem within the team but that's life isn't it um but no i think it's i think it's the right proposal i was just going to touch Peter on on our CT because i understand their model was to move performance closer together with internal audit which i you know that seems a bit counterintuitive to me that you know internal audit you know can hold performance back and and then perhaps not not best place to be too close together so i'll see i mean three moments of experience of me that perhaps that's uh that's the answer for someone else but uh but it didn't seem sensible to me okay i'm not seeing any of our hands so a couple of comments and one question i think um thank you Peter for paper i'm grateful to officers for early sight of draft of this this paper and the opportunity to provide feedback um i think it's it's a very good well thought out paper and clearly they're supportive of the recommendation i think it was important for our people that is the staff and this committee that we give certainty in terms of what the target operating model was and come to a swift and very sensible conclusion so yet again thank you Peter for your hard work in pulling this together so i so clearly clearly the recommendations accepted my question is is around timetable and all next steps i think the paper will say onto that could you just give us some insight in terms of what the next steps are please yeah thank you chair just remind me it just allows me the opportunity to come back in because it was one important piece i forgot to mention which is that um as you naturally expect it part of a proper process there's been a level of staff consultation um you know this extended obviously beyond yan but with the rest of the team um really good feedback received um but you know again very supportive in terms of the direction of travel um but not in a way of it the the option that being chosen is of course the option of least change for such colleagues they have actually come back in with very constructive uh comment i guess and in terms of how this can actually look to um put uh the internal audit service on stronger footing going forward um so that's that that's just good to acknowledge um so we've so we've already been through that uh hurdle back to your point on timeline uh so that's cleared so on the basis of um an endorsement uh today uh by the governance and audit committee we will be almost immediately looking to uh to to make move therefore um i'm looking to try and streamline uh the process uh as uh as much as i'm able to but obviously in in office offering fair opportunity i guess for the for the roles that are obviously um brought forward as part of the process um so you know i wouldn't want to get oh touch wood uh i wouldn't want to get passed um and the summer really uh with us um not having this uh or implemented in through okay that sounds positive thank you very much so clearly you have a committee's endorsement and look forward to an update in terms of when it's actually been implemented thank you once again we'll now move on to item 12 item 12 is the reformatted uh committee forward work plan may i just pass my thanks to wendy and i think Cheryl for the work they've um they've been involved with in terms of developing it i was content of the content uh but were there any questions or comments members no we'll then move on to the minutes of a previous meeting yet again i've reviewed vv's and they have no particular comments or questions but may look to members for their views happy to approve okay we will we will we will approve those minutes thank you and the final um the big part i shouldn't just confirmed we've already addressed item 11 so so at the top end of this meeting the final then that is to confirm the date of next meeting hopefully this new diary is 6th of June and think that concludes this committee meeting so thank you one and all [BLANK_AUDIO]
Transcript
Okay. We will now move to item three public open form. May I just check Tony? Your mic is on. Did you wish to speak? Okay. Public open form. This is the opportunity for members of public to address the committee to raise any concerns or relevant matters. Wendy, have we any members of public who wish to address this? That no chair. Okay. In which case we will move on to the action list. There's four actions in the action list. We'll start as this tradition with the first one and that's in relation to a paper, possibly an informal paper on finance team capacity. Members will be aware this is a long outstanding paper. So I can see John Davis head of finances on the lines. John, can we kindly give an update in terms of where we are of this paper, please? Yeah, afternoon, everyone. And thanks, Chair. Yeah, I think I communicated via email over the past week or so that the paper is near and completion. It's not a paper that is going to come in front of the committee as a report as such. So this is very much an operational paper that outlines the changes required to the finance structure. It's, as I say, near and completion. So I'll hopefully be able to share that with yourself. Chair, at the same time as it goes across to Peter has in his role as chief officer for resources to be able to consider and sign that off in the Peter's role. So yeah, hoping to be shared this week. It's near and completion. It doesn't mean an easy one because it encapsulates quite a few temporary arrangements that we've had in place. So just needed to bottom those out before bringing that forward as a final version. Hopefully that gives us an update. So John, thanks for the update. We did discuss it. We're at the pre-meter week or so ago. Given how long it's taken to see the light of day, I did strongly indicate that I'd want to pay per bike end of this month, which is effectively tomorrow. So I would like it. Water and all tomorrow, please. Are you happy to do that? I'll work towards that, Chair. I'll take a look through and hopefully share something at the same time that is sent over to Peter. Thank you. Much appreciated. Okay, we've gone to the actions. Actions 2 is not due until next month. I'm not going to go to MAT unless he signals that he wishes to update this point, but I look forward to seeing that paper at next month's committee. Item 3 is included within Richard Jones' excellent paper on risk management and item. What is it? It's fair. Item 6, conceived of looking. So what I'm going to ask Peter Davis to provide an update unless he wishes to at this stage and similarly item 4, that's not due until late in the year. So no update of this point is required. If we could then move on to item 5. Item 5 is the Audit Wales Program Council Board of Wales Work Program Council Progress Update. And I believe this item is going to be introduced initially by Hannah Carter Performance Analyst. So Hannah, over to you, please. Thank you, Chair. Yeah, so today we have the Audit Wales Work Program Progress Update for members to review. This is a six-monthly report that was last presented to the committee back in October. So this report provides an update on the progress being made by the Council in implementing the findings of Audit Wales reviews. This includes both local and national studies published by Audit Wales. So for our local studies, recommendations that we deem require further attention are marked as open. And then when a recommendation has been assessed as been adequately addressed, it's marked as closed and an explanation might be provided. So the local reviews currently marked as open can be found in Appendix 1. These include a review into financial sustainability and also a review into asset and workforce management. As well as these local studies, Audit Wales also publish national studies. And whilst the findings of these studies may not always be specific to Monma Shaw or necessarily pertinent, we do share these with the most appropriate service area to consider their findings and recommendations and to respond accordingly. And the Council's management response to national studies can be found in Appendix 2. There's been just one national study published since the last update provided to the committee, and this is into regeneration of Brownfield sites. Something to note for the committee is that the management response template for our national studies has been adjusted very slightly to include a responsibility holder and time scale. And this is to ensure alignment with Audit Wales's organisational response forms that we are required to complete following these national studies. The committee is asked to scrutinise the Council's response to the Audit Wales work program and seek assurance that adequate progress is being made. And they are also able to refer any issues contained within the national studies for other committees to consider where they identify their findings that may require some further scrutiny. And I'm happy to take any questions that you may have from the report. Okay, thank you, Hannah. Let's go to members first for questions and comments. Martin. Thank you, Chair. Thank you, Hannah. It's a helpful report. If I write your reading this, these are only the Open Audit Wales recommendations, so there are some which have been closed. It would be helpful, not for this time, but for in future, just a brief summary of the ones that have been done just so we understand what action has been done to make sure we've closed that off happily. Specifically then, on the appendix one that's here today, and the finance proposals, the bottom one and the finance proposals on page six of the paper talks about robust details, review of plan savings brought forward to ensure impact on service deliveries mitigated where possible. And it says March 24. That's so, I presume that hasn't yet happened, always in progress. Yes, so this is referring to setting a balanced budget, which was then done in March 24. That's why it's not as much 24. So that action has been done. Ah, but it's because it's part of a bigger overall action, which has the opening of that way, it's a looping. Okay, that's really helpful. A couple of other places, however, where the actions are marked as ongoing. How on earth do we ever close off an ongoing action? Yes, I think that's the first point. I have closed actions as well. It's going to be helpful and I'll come on to the ongoing one. In terms of close, there aren't any actually within this report that close, but it's to say when we close an action, we will also include a rationale for closing it within this report. And also, I know all the way else colleagues on the call are planning further follow up work on closed actions as well. So that may help the committee and certainly help as an organisation. In terms of ongoing, I think it's a fair challenge. I think some of the nature of the actions is, Hannah's just sorry. Hannah's just pardon me. As Hannah's just described, we'll have a specific end date, so we'll set the budget on a certain date and we can see the actions closed. Some of the things we're doing are looking at ongoing incremental improvements to how we deliver in services. So, the one in front of me around the asset management plan has now been put in place. Within that, there are a range of actions and activities that will set out different milestones and measures which they want to deliver. It's difficult for us in one paper to wrap all those up at a headline level, too. But I think it is a fair challenge and something I think we'll take back to when we're working with service areas we respond to these, try and pin down clear timescale. So both we and you can hold them to account for delivery and I'm sure what it was, Connie, to say the same. Thank you, Richard. That's really helpful. What I don't want to do is force officers into setting realistic deadlines to get things done. So I'd like them to think about these things. And if it is complex, it is going to take a while, let's be honest and say it'll take a year, it'll take however long it takes. But I hate ongoing because you can never close it off, Connie. Thank you. Any other questions or comments, please? Okay. Before I turn to order Wales for various views on this paper, just to please say I didn't see you. With regard to the empty land and buildings piece, I'd note the response. I mean, we don't have the same issues in Momshire that a lot of authorities have do. And I know that officers are aware of where the brownfield sites are and what they are. And of course, it's great that the authority is sort of putting its own house in order first through the asset strategy. But I wondered whether we are actually meeting the challenge of being given with the audit Wales to be ambitious and interventionist and whether the sites that are around the county, are we aware of which collectively as an authority and being aware that that's very much cross departmental, are we identified those sites which are not coming forward in the normal, through the normal course of things, through the LDP or through anything else, and where the authority may need to intervene to avoid that site becoming a continuing beat to be a blight. I mean, I'm sure we can all identify a few around the county which are where there are ice walls where nothing appears to be happening. I think it's difficult for us to answer that when no sponsor of the service here, I think in bringing the paper forward with the committee, there's probably two roles. You've got one is a show on yourself around the initial response. The second one is if you think there are elements here that could be followed up in more detail, that could be something, for example, you refer on to a scrutiny committee, for example, to look at where this, obviously, I know the planning policy and the local development plan, for example, it is already part of the work program. Secondly, and more specifically, we can take that question away in us for the service here to provide a return response. So, I believe it to the committee to decide what further action I'd take, but I'm happy to take the specific question back to you. Thank you, Richard. Thank you, Sarah. You made some important points there. How do you wish to play it? We can ask the officers to come back to us with a fair update, or we could refer to scrutiny, or even potentially ask a relevant officer to attend this committee, albeit I'm not very keen at that last option. Have any thoughts, please, Sarah? Perhaps to identify whether we have a list, as an authority, do we have a list of the brownfield sites in the county and the sites in need for regeneration, and are we aware of the current status of those? I'm sure Phil will know more than I do. Phil, please, quite honestly, Chair, that's one for the replacement local development plan, which is due to P&M's by cabinet in September. So, I think Sarah would probably be better waiting until she gets that, because whatever there is at the moment could well change by then. Tony. Yeah, thank you, Chair. Page 11 on your report, I won't read all of it, but it says, this is the Council House, and can this directly involve communities in its development of the county, where you engage the stakeholders throughout the development of the replacement local development plan, et cetera. I won't read all the paragraph. I think that Yann knows what I'm coming from. Can you assure me that there will be that continued and regular involvement of communities rather than just righted down on you? I think, well, the response is given by the head of planning, placemaking, highways, it's a long title, highways, and flooding and regeneration manager. So, that's what they've committed to do in the response. I can't personally respond to that, Chair, but again, we can ask you if there's a specific question for the officer to respond. Yeah, so I do have some sympathies with Richard's view. So, Tony, I don't know if it's best asking that question directly to the officer outside of his forum, but if you're not satisfied, please bring it back, because it is related to the points within this paper. Yes, they've got concerns, yes. Okay, thank you, Tony. I kind of check, Sarah. Are you happy to wait to see the LDP in September? I am. Yes, thank you, Chair. I think that's an excellent suggestion from them. Okay, thank you. Just a few comments from me back to the finance proposals. Clearly, a critical set of actions here, and, you know, we have, as a committee, asked to be engaged in the development of a financial strategy, and I do note that the financial strategies on the agenda for our meeting next month, and I'm sure that that will come forward as appropriate, which is really, really important, and certainly sort of the scale of the action set out here, and what the outcome actually desired is pretty significant and critical to the continuing the viability of this organisation. So, look forward to seeing that, and also looking forward to seeing these actions closed out. Before concluding, may I just turn to Gareth Lucy and Jason Williams for their comments in terms of the adequacy of the Council's response, please. Thank you, Chair. Yes, obviously, a lot of these comments relate to historical reports and outputs that we've made. So, you know, we maintain a contact with Council officers in terms of those responses, you know, and carry out a range of follow-up work as well as appropriate. So, you know, that work then provides us with the assurance we need that those are being taken forward. So, I want to use a combination of that ongoing dialogue and the follow-up work that will provide assurances in the Chair. Great. Okay, I take that, but you are broadly comfortable with what's said out. That is, there are no further contour indications. Thank you, Gareth. As I mentioned at the pre-meet, we will now move to item 11. Item 11 is the Ordes Wales Performance Data Review, and I'll turn initially to Gareth Lucy to introduce the item. I think Jason Williams will then provide a bit more detail, and then turn to members for questions and comments. So, back to you, Gareth, please. Thank you very much, Chair, and good afternoon, everyone. Just to introduce myself, my name is Gareth Lucy. I'm the Engagement Director with Responsibility for Delivery, of all audit work here at Momshire County Council. I've recently taken over from Anthony Ville, who has previously held the role. So, just to introduce this work, first of all, before I introduce my colleague, Jason, into to talk through some of the detail of the findings. So, this is a report on the Council's use of service users of perspectives and consideration of outcomes when it comes to its performance information. This is a piece of work that we've performed across all 22 local authorities in Wales. So, isn't a local audit risk that we've identified as such. This is a piece of thematic work that we've carried out all across the country, this report therefore forms the local output of that work for Momshire. We got 21 other reports similarly being presented elsewhere across Wales, too. It's worth flagging up at this stage that this is a report focusing on the use of service user perspectives and outcomes within performance information. So, this isn't a wider review of the Council's use of performance information, so its processes or its performance in that area. This is looking at a specific element of that. So, I just asked members to bear that in mind as they consider the findings of this report. Hopefully, everyone's had a chance to read the report in detail to see the main findings coming out of it. You'll also see after the report in the agenda PAC, the Council have also completed our organisational response form on page 1, 2, 3 of the PAC. That summarizes the Council's response to the recommendations that we've raised in the report as well. Although Jason will come on to those in a little more detail now, fundamentally, we're satisfied at this stage around the content and sufficiency of that response from the Council as well. So, with that all summarized here, I'll hand over to Jason now, we'll come up through some of the details of the report, and then hopefully, we can hand over to a Council officer then for a response in terms of their response to our report. Thank you very much. Yeah, I'm Jason Williams, senior officer with Audit Wales. I've been working on this particular review, amongst others, and just to follow on from what Gareth has said, we carried out this review to answer the key question, which was, does the Council's performance data enable senior leaders to understand the service user perspective and the outcomes of its activities to effectively manage its performance? We explored the performance information that provided the senior leaders on the perspective of service users, the information on the outcomes of the Council's activities and arrangements to ensure that the data provided is correct. The overall finding that we came to within the report, and this is all detailed within the report, and I'll just pull a little bits out as we go along, but the overall finding was that the Council provides some performance information to enable senior leaders to understand the perspective of service users, but informational outcomes was limited in restricting the ability to manage performance effectively. The reviews findings then, which fed into that overall finding, were as follows. So performance information provided to senior leaders includes some information, but it does not enable them to get a comprehensive understanding of the service user perspectives. We did find some examples of performance information, which would help senior leaders understand the perspective of service users, but overall we found the information on the perspective of service users did not enable senior leaders to get a comprehensive understanding of how well services and policies are meeting the needs of service users, particularly given the breadth of services are provided. Our next finding was regards to the performance information provided the senior leaders to help them understand the outcomes of the Council's activities as being limited. So we found some information about outcomes. Much of the information in the Council's report is based upon outputs, however, and quantitative measures with limited evaluation of those outcomes and the outcomes of the actions. Our next finding was around the Council has limited arrangements to ensure performance data. Reflecting the service user's perspective and the outcomes is accurate. The Council has limited arrangements in place to routinely check the accuracy and quality of data and performance information. There were things such as performance measures guidance, which we looked through in the principles and of development and checking performance measures. We looked at performance team and take sense checks and in consideration we found that inaccuracies with performance information may not be identified if anomalies were not noted. So another one of the points was that there has been no data quality orders that we had seen in the past four years and as the Council has limited arrangements, therefore, to assure itself that the service user perspective and outcomes data is accurate, there was then deemed the risk that performance information presented to senior leaders may therefore be inaccurate. Our next finding. As information provided on outcomes is limited, the extent to which the Council can use this information to help it achieve its outcomes is also limited. Some performance information to enable senior leaders were found to understand the perspective of service users, but information on outcomes was found to be limited and where we did find examples of the Council providing information, we found some examples of the Council then using that information and making changes. The next finding was that the Council recognised that it needs to strengthen the quality and range of information available to it. The Council has set new objectives in its community and corporate plan with a focus on developing more localized data to better understand the lived experiences of its residents, so that was stated. It will be important for the Council to benchmark and compare its performance arrangements, however, for collecting and reporting on outcomes and service user perspectives with other organisations. So having gone through that, coming to the final overall rather conclusion and finding, we came up with three recommendations, which I'll just summarize as in. The first was about the Council should strengthen the information it provides to its senior leaders. The second was that the Council should strengthen the information provided to senior leaders to help them understand the impact of its services and that's with regards to outcomes and then the third was the Council needs to assure itself that it has robust arrangements in place to check the quality and accuracy of the service user perspective and outcomes data provides to senior leaders. That report was produced, agreed, it's been agreed with Council and it has been submitted with an ORF, an organisational response form. As was mentioned by Gareth, that's been returned to us and our conclusion in that is that the Council's response to findings together with their planned actions was deemed sufficient and appropriate and that's basically it from, I believe, thank you. So thank you, Gareth, thank you, Jason, really, really helpful introduction. From my perspective, a very important paper and indeed it's a real challenge, not only from on the shy bet, but for other local authorities in order to sort of address a number of these recommendations. So before going to members, I note that a number of these actions, Citry of Richard Jones, Performance and Data Insight Manager, as well as with Matt Gaethaus. Richard, did you want to say anything at this stage in terms of your confidence in delivering those actions, please? Yes, Chair, I think overall again, thank you for the audit, Will's work on this. It is timely, as mentioned, flipping the input from Jason, we set the community called Brown, looking at developing our outcomes of this piece of work from what it well is to inform that. It's helpful, I think, what I'd give some assurance to members is that we have some arrangements in place and we have performance monitoring reporting in place, we have a performance management framework in place and we have regular timetable of work plans to report those in. I think what the report challenges on is strengthening that to focus on outcomes in the services perspective. Some of those things we have in place, I think the report cites some of those examples around things like our self-reloration report, things like our directors reports coming from chief officer in social care health and chief officer's children and people, but nonetheless, as our management response covers, we're looking to strengthen those arrangements in the coming months and years ahead. So, in terms of the key actions, there's a couple of key things we're looking to do. Firstly, is strengthening the measures within the community and corporate plan to try and make sure there's focus on outcomes and the service use of respect as they can be recognizing that no one number alone will fully reflect that and actually, I think as we've talked to this committee for about our self-assessment arrangements, bringing a wide range of evidence to support our self-assessment will be important and that won't just be quantitative evidence that will be qualitative as well and sometimes that will take a while to develop review, evaluate and bring that forward which is partly linked to one of our key second actions for both the first two recommendations and working with service areas to strengthen their own information gathering and assessment through their service plans as well because it's that that then for feet and vocal but reporting and the service areas are the ones closest to the service uses and the outcomes where they're being delivered as well, but again, just to reiterate, there are arrangements in place for that and we do have good examples where that's in place nonetheless, it's about making sure that practice is even and consistent across our range of services as well and the final action there that links to our self-assessment arrangements which I've already covered and then finally around the third recommendation around the quality and accuracy or information again, Jason, hopefully we'll do some of the arrangements we have in place in terms of, you know, providing that assurance to ourselves around do we have robust arrangements to check, to check quality sure performance data, I think a big part of it for us is it's not looking just at the name and point check but looking at data for its life cycle, so looking at when data is first, when it's first entered, how it's stored, how it's exported, how it's exported, rather dated and reported and you know, I think the way we're looking at our actions takes forward around the data material assessment, it's looking at across that whole life cycle including some of the processes we have in place to do some of those end-point checks and part of that, you know, I've spoken to Jan as well in terms of the work that we can jointly do within an audit, the strength and some of those arrangements as well, so that's a brief overview and confidence in terms of where we go next and I'll see a report on that committee, I don't know, Chief, if Matt wanted to add anything. I think there was a sort of fairly comprehensive initiative input from Rich and also just your chair as needed to pick up any subsequent questions from the committee. Great, thanks both, so I'll have two members for questions and comments, either towards Wales or to officers. Only a quick one, Chair, just a bit of clarification really, on a general point. All these Wales, in particular, there's various references to effectively or what appears to be effectively accepting the reports that have provided to senior managers as being correct if they're doing a financial audit, that the information provided by officers and internal audit is correct and then there's a heavy reliance upon us getting what we give out that they look at being correct. So my question is, what tests go on on that? You know, are we actually hanging ourselves when perhaps we shouldn't have done? You know, this general question about how the effectiveness is worked through. Thank you. So I think that's essentially a question about data accuracy and integrity. Richard, do you want to go with the answering right, please? Yeah, thanks. Thanks, Councillor MURPHY. It's a good point. Again, I think, probably look, it's a different area's responsibility and then at each point those are different areas in essence of check. So we take performance data as a line in this report, so obviously we'll have a responsibility holder in the service area who will be generated in producing that performance data. Part of our response round data maturity is making sure that they have the skill support awareness they need when they're producing the data to think of it through that lifecycle. So has it been entered correctly? Are they validating it before then they pass it on to be used in the next chain in the cycle? As you describe, the next part of that in terms of if I looked safely at the arrangements having place with a community and corporate plan performance measures, which are important to us because they are our headline measures of our objectives as an organisation, we have, as described in the report, definitions, proformers in place, which would calculate things like variants. We'll ensure that the officer providing information is signing off that they're happy it's accurate. If there are variants, it's like that we as a team will act as a potential another check in that process to test then why is something varied? Have you had a changing process? Have you changed your system? Has the performance gone up or down that much? Why? And that's another check in the line. And obviously we then report through two committees as well, who at the end point have a scrutiny challenge role. I know in using with the response to report with into an audit colleagues of our new into an audit part of their work programme, we're required or we're on a risk basis to be important also to test out some of the performance data and data arrangements services have in place. So I think it's we have a process in place but for me it's not just the process, it's making sure that the culture, the skills are embedded within that and that's where I think our response will help working as a performance team and in these and with the with all the colleagues as well as our whole system. Thanks for that which obviously a lot of care taken there but can I just turn the question on on audit Wales then please and just see what their perspective is on that. Do you want to repeat your question for Ben for Wales? Basically even though you have acknowledged the amount of care which is taken in preparing reports and the information provided to you, what checks do you carry out to make sure that that is in fact the case? Yeah thank you Chair and thanks to the Councillor for the question. Yes ultimately this is kind of the skill of the job ultimately as an auditor is to assess the data that's put in front of you and come to a conclusion as to whether it's something that can be relied upon or whether further work needs to be done and if further work needs to be done what that work therefore is. So some professional skepticism is really what underpins the work that we do. It's really just carrying that mindset forward to review every piece of information we get be that for auditing the accounts or for a piece of performance audit work and constantly assessing whether that is a viable and accurate piece of information and sometimes that's more straightforward than others. So sometimes it's externally verifiable, sometimes we may need to stop colleagues who may have greater knowledge and assurances in this area, sometimes it's as simple as just asking through the questions of the person who's provided it and getting assurances that way. There's no set of approach ultimately but I suppose just please be assured from our part that this is something that underpins all of the work that we do, that we're never taking anything at face value and as an external auditor's we have to question what we're provided at all times. That was the anticipated response, thank you for that. Okay thank you Gareth. Have any Martin please. Thank you Chair. I guess this is which is this is probably view in the recommendation responses. As you mentioned the recommendation is one-on-two, there's a bullet that says support service managers to strengthen the use of evidence. How are we going to do that? Is that going to be a training courses, training people how to use data? What does support service managers actually look like? Yeah I think it'll be a range of things. So for example, Anne and I are responsible set up service business plan process as part of that. We have a range of guidance training materials that we'll provide managers with either generally offered or offered on a support or need basis and we'll be developing some new retailers part of that. So for example we'll be looking at doing some video recordings so we can have training available. We'll make people that hold in a specific session and also that will be part of then we're part of the various networks and performance networks. We may draw in specific training courses or support as available as well. So we've got a suite available I think the challenge and audit way as a report is a welcome moment in terms of that focus on impact. It's something we identified in our self-assessment process as well. So yeah there'll be a great emphasis now as we move in the next few months into through the service business planning to focus on training and supporting managers around ourselves more so than we currently do. That's really helpful thank you. Sarah next please. Thank you Chair. I think Melty has asked one of the questions I was going to ask. This is a really welcome challenge and very much echoes. I know what I know is the the administration's commitment to put the citizen experience at the centre of everything the council does and to use data robustly. I will also go to ask about the the training and so on but I'd like to ask audit Wales is really how do we compare to other authorities in that. Perhaps this is not something you could answer in this but I know that we're always ready to learn from good practice elsewhere. Thank you. Are you able to answer that Gareth? Yes yes absolutely and thanks again for the question. I think this is the really useful thing about performing these thematic pieces of work across all of the 22 councils as it allows us to compare also allows council officers to compare contrast, share and learn and ultimately that's what we're hoping for from this piece of work is it'll it'll act as that catalyst for discussion and sharing. Ultimately the I think the conclusions we've drawn here are fairly consistent with what we've seen elsewhere. Again wouldn't want to sort of pre-empt any other reports which may still be going through this process but they'll all be findable on our website later on anyway but it's fairly consistent. I think we found these sort of general themes of potential improvements that could be made in terms of enhancing the perspective of the service user and outcomes as part of performance management data. So I think the findings that we have here are certainly not unique. We certainly have seen similar themes elsewhere and what we'd hope now is let me say councils could get together, share information and learn from that but I suppose just as that final piece of reassurance you know what you see here is not more much of being an agglaya. I'd say this is very much part of being one of the past clearly and it's just a matter of now the steps from here to further that improvement journey. Okay thank you helpful Richard we'd like to come in there please. Just to add and thank Harris for that helpful explanation just to reassure the council that we're also part of network with performance colleagues across other organisations particularly through the WLGA and as we look to develop out our use of outcome measures we're looking and we're networking with them in terms of other practice we can we can learn from and share. Audrey please. Thanks Chair. It was only a quick one for Richard I was just thinking in terms of going forward. I just wanted to double check you don't actually get to name them but have you identified the service areas that are going to need additional support in doing that the outcomes, evidence in the outcomes and where they may need additional training. Yeah and I think we're all going to look to be more targeted so as part of our service business planning process we do a quality assurance process. I say we kind of largely largely leads that and a hand is in a piece of work to review all all 50 of our service business plans looking at the quality of the different areas and where those who perhaps need more support in different areas not just self-assessment but on things like risk for example others we'll we'll be more targeted using that information we've got to focus on certain areas and supporting them to strengthen the arrangements initially but really equally there will be an offer open for anyone within the organisation who wish to take it up as well. Okay, you're not seeing any of our hands raised so let's conclude this matter. May once again thank you, thanks, extend our thanks to Gareth and Jason for her contributions please feel free to stay but also please feel free to to leave as you as a dean for it. Many thanks. Thank you, Jane. Okay we'll move back to item six which is the Risk and Management paper. I think this paper is going to be introduced by Richard Jones, Performance Data and Insight Manager and Hannah Carter. I understand there's going to be a presentation, I don't know which all you want to take it but maybe is the presentation first or do you want to introduce this paper which is easiest for you Richard? Okay, if I introduce it and I hand over to Hannah who will share a screen on the call for everyone just to talk through a bit more detail about the changes and updates to the Risk Management Policy were proposed as part of the paper. So yeah thank you that chair. So there's two main parts to paper before you view to the committee. First of these to seek your feedback on our proposed revisions to the Strategic Risk Management Policy which just said Hannah will talk you through shortly and the second is to provide you with our own assessment of our implementation of our current Risk Management Framework and also to provide you with an overview of our current student risk facing the organization which I would be familiar with is part of our regular six-monthly reporting to you as a committee. Just briefly provide a little bit more context on some of those parts we'll hand over to Hannah. So in terms of the update to the Strategic Risk Management Policy to have a little to remind you why we've undertaken it now both in terms of our own self-assessment arrangements, the feedback from this committee and the feedback from interlord and our general desire to strengthen risk management and the organization's sort of led us to complete the review before you today and obviously the evidence feedback from all all those sources including yourselves has been considered as part of the policy. So thank you for your challenge and support in it. It's so far welcome anything further today. I think it's going to emphasize that the policy review has largely built upon arrangements we have in place. It's not looking at radically changing the basis and foundation we've got which I think it's worked as it's looking at strengthening and developing on our arrangements through the policy and we've presented three parts to pre-part to you tonight today. Firstly the policy itself secondly the risk appetite statement which obviously a key development within the policy and thirdly we thought it was helpful just to attach the sporting risk guidance as well and this is one of those as I mentioned earlier one of those many guidance documents we have in place to support services to actually implement some of our policies and in this case this supports the supports of guidance. This supports the policy sorry but as it's guidance it's not you know formally part of it but we thought it would be helpful to share with you as part of your scrutiny. The second part is our effectiveness of our assessment of our effectiveness of current student risks. Again this is building upon I think the last assessment review which was in February one of key updates just to bring your attention to which we factored in is we've had the conclusion of the internal audit review of our risk management arrangements which we we've considered as part of this assessment and then that gave a reasonable assurance rating you know with some areas of strengths and some areas of development and lots of which have we've embedded within the proposed revisions to the to the policy and then final part is to provide you with an overview of our risk register. So the main update changes to risk level summary of the key mitigating actions that have taken place that have been delivered or behind schedule in some cases in the last in the last six months since the last brought to you and as as you're familiar with now the responsibility to scrutinize the actual fall detail the risk register will go to performance and overview scrutiny committee in May and the the fall register will then also represent its cabinet to be be endorsed in in June. Finally today I don't know if you're going to cover the action points on the work role now would you want to come back to that? Coors just become back then because there's a lot here which need to to unpick it so finish the introduction and then go back please. I'm going to do a guide you through the policy changes. I'll just share my screen and we have a short presentation to go through so hopefully everyone can see that. Yes. So Richard has just covered these main points why we've done the the review and the role of the committee and so if I just go through some key changes so firstly we've looked to expand the description and introduction of wider risk management arrangements that the council has in place and so this has helped us to link to tedious management with the wider arrangements and then also to provide an additional level of assurance to both officers and members and that the arrangements that we have in place are wide ranging and also robust. Secondly we've looked to adopt the three lines model which is derived from the UK government's orange book on risk management and so this has helped us to more clearly define the responsibilities for risk management including the separation of risk management and overseeing the risk management process and this will help us to delegate and coordinate risk management roles within the organization. Next is the introduction of horizon scanning into a policy so I'm sure you all know when identifying risks there's a need to look at both what's currently happening but also what is going to happen and so we will use this horizon scanning model to produce sorry risk radar report on an annual basis and this will outline potential risks that may impact more mature overcoming years so this will help us to identify key uncertainties and challenges that may affect our organizations objectives and operations and thus help us strengthen our risk identification arrangements. Next is the introduction of direct risk registers so these will help us to track and manage the most significant risks facing each director. We currently have over 50 service business plans and these all feed into our singles treated risk register and so these direct at risk registers will essentially form a middle man between these two and sit between them and help us strengthen our escalation de-escalation and risk identification process and will also help the directorates in facilitating more robust and often discussion of risk. Next is our risk monitoring reporting so we have worked to further define our risk monitoring and reporting arrangements and this includes setting out how each element of the risk monitoring process should monitor and manage risks and how these all link together and we've also worked to outline our reporting arrangements on risk management including the role of this committee in overseeing the effectiveness sorry of risk management process and the last significant change we want to highlight is our risk appetite statement so we have worked further to define the organization's risk appetite through setting a risk appetite statement and we set a risk appetite range for various categories of risk based on organizational activity so this includes Chijic, financial and environmental etc. The risk appetite range is from a lower limit of a verse to an upper limit of eager and we've gone for this risk appetite range model to allow for differing risk appetite to be applied to different activity that may be contained with the same risk category. This risk appetite statement will set separately to the risk management policy and this is to allow for more regular review and update to ensure it remains relevant and appropriate and so that's it for the key changes that we wanted to highlight in terms of the next steps for this policy and following consideration of feedback from this committee the policy will be presented to cabinet in June for formal approval and following cabinet approval we will work to embed the proposed changes and strengthening arrangements that are currently in place as part of a phase introduction and work with officers to embed this policy. Thank you. Okay thank you Hannah. Let's go back to Richard. Richard is going to pick up fee and pick up and cross reference to action three in the action list and highlight how we go into how this is going to be addressed back to you Richard. Yes thank you Jim. Yeah so so your action list contains an action around which corporate risk control policies is committee you should review. So we've considered this as part of the review of the policy as Hannah just outlined we identified under section 2.3 of the risk management policy other arrangement which are integral to managing and are part of student risks. So these are health and safety emergency planning, insurance, finance, internet audit, information governance and cyber security some of which I know you already have oversight of a committee others maybe you haven't had as much or or any site of it in your forward work program so far. So our proposal is as they are embedded in our link to our student risk management policy we think they're appropriate and logical that the committee has oversight of them. We've proposed in that as each arrangement each of those arrangements has different arrangements in place. It's important they're considered each individually and in context of the various governance and accountability arrangements they have but as a first step in your oversight to that we've proposed an in agreement with the deputy chief executive as well. We've provided your forward work program for July and I tend to bring together a composite overview of each of those as the first step in your oversight and then as a committee you can take a view from there. So that's our proposal to respond the action by obviously subject to your views cheering the committees. Thank you. Before we go to questions just to say thank you very much Richard and Hannah for great work here. I have the opportunity to speak to Richard several times and provide comment and feedback and much of my feedback has been addressed in the drop in the version you have before you which which really pleases me without wishing to constrain any comments questions or concerns. Yeah this committee has my personal view and it's a personal view is that this is the best articulation of the risk management framework I've seen in the public sector in Wales by quite some margin and it's a real sort of credit to the team involved with this and Peter if you could just take that compliment it is a great work and I'm really pleased with the progress made in terms of starting to articulate a risk appetite. That is a foundation for all good risk management and many public sector organisations shy away from that or paid lip service and I'm really pleased with the high quality intellect applied to this challenging piece of work. Saying all of that there's some real challenges now about operationalising and embedding this and this is where the senior leadership team and Dr Peter Davis our deputy chief executive to take an active lead in supporting Richard and team in this endeavor because it's essential to the ongoing viability and success of his council. I'll pause if you have a comment to make but let's go to questions and comments please members. I thought you'd look across at me then. I agree with what you say it was a slog going through it. I'd admit that it was a real slog but it was all there and you know it was difficult to punch any holes in it really but yeah it was a very very comprehensive report so well done. Thank you Phil. Peter. Yeah thanks Sharon thanks Richard and Hannah for that work. Just really something that perhaps we as a committee could recommend to perhaps front of the scrutiny committees or cabinet member to pick up on from the report and that's on 2.3.2 reference there to the Gwent local resilience forum and in particular to the community risk register. That register is clearly written for the public to read you know good see from the language and so on but I suspect that the great majority of our residents are blissfully unaware of of that document although no doubt it's hidden away well not hidden away it's it's secure somewhere on our on our website. I just wonder if we could recommend that some either one of the scrutiny committees or whoever have a look at whether we should be doing more to publicize that that register so that some residents they know what they can do to help themselves but they also know what we as a council can do to help them if if the risks become realities. Thank you. Thanks Peter. Richard able to give a response to that please. Yeah I think it's really important part of our arrangements and you know it's why we would innovate it in terms of you know we'll be looking at from an organisational perspective so relevant risks and one wish we came to council's delivery of its objectives we'll also feature on our street interest register as well I think in terms of you know clarifying the roles and responsibilities as I just mentioned is that emergency plan will be one of those areas linked arrangements that we've proposed and to bring back to you in in July you know clearly that register is an important part of it so in terms of you know any further action or oversight it might be you know helpful for the committee to receive that paper and then you determine any other further scrutiny or activities in result of that. Yep I've had some sensible way forward thank you Richard. Martin. Thank you Chair and I just reiterate your comments I think it's a terrific piece of work really comprehensive. This I presumably going to be some training alongside this again to make sure that people understand what their roles and responsibilities are and that's particularly the introduction of director at risk register I think is a really excellent way of connecting it feels like a big gap from 50 to 1 and hopefully that means that director at senior leadership teams can have the regular discussions with us. I presume somebody is the risk management champion over to I don't know if it's you Richard but somebody in the organisation is that's that role and so somebody put some challenge into the process so when the director of risk register is to exist and things bubble up to the corporate risk register that somebody says why that and what's happening here you know we just check it and being you know putting a level of challenge into the risk register I think that that would be important. There's a really interesting comment about risk tolerance in here which I always describe as the number of plates you spin at once and that's really interesting as well because you're going to have individual risks and they can add up into something considerably bigger so I'm pleased you've tried to articulate that. There's a section of risk appetite and I hear Hannah what you say about a range but I think that there are risk appetite statements are guidelines and then maybe exceptional circumstance where you go outside even even a range but if something happens that so the upside is so big that you might want to take that risk and I think it's worth saying it's okay to go outside these as long as it's well you know the management magic phrase and if all your whales are here they now they'd still say this well managed risk taking is what they're after so if you've considered all the episodes and all the downsides and you made a decision and it goes on they won't kick you with well that's what they say in theory I will hopefully we won't get that point. Finally on horizon scanning I think that's it's also great that you've mentioned that I just wonder there's a lot of discussion in the paper about world and UK events that might sort of come our way there's also local things which you might think about so I wonder how you incorporate some more local horizon scanning whether there's going to be a risk management group of sort of willing people who are going to have that sort of a little bit of blue sky thinking every now and again that might be really helpful and if you really want to give your risk register the next level you can actually have the horizon scanning built into your risk register in terms of how far away is the risk and I've seen some risk register as well as you've read up the green for the scale and the risk there's also a proximity alert which is which in some place they've used blue as the sky is blue it's a long way away or grey the clouds are coming and black it's raining and it's here and I think that's kind of helpful as well in terms of understanding how far some of these things are because if it's a legislation maybe a couple of years down the road but we know it's coming versus a Q&A now kind of risk thank you Richard thank you thank Martin for the comments I think you know overall it raises a very important point you're a thank you committee chair and everyone for your feedback there's a team effort particularly involving Hannah but a wide range of colleagues so we'll take that back I think the important point you've you mentioned there Martin is about then embed in this I think you know Hannah Hannah may kick me into the table for this but this is almost the first part the big part then is actually operationalizing this and applying it and make sure people train and stand what it means applying it within the context is meant to be applied and applying it robustly as well I think that you know that is the next step for us you know in terms of our self-assessment report we bring to you as a committee we will be looking to know both test ourselves on that and give you assurance or or any areas where we think we're still to develop you know part of our process to bring this forward over so over the next six to 12 months in terms of embed in different parts of this policy once it's approved by by cabinet hopefully in in June and that allows time to make sure actually that those requirements are understood the processes and structures where they're not currently in place or they need to tweak are changed and that that understanding of the arrangements are really important I think you made a good point about you know risk appetite it is those guidelines it's partly why we went for a range is to provide that guidelines but I need to be applied appropriately and you know both in terms of well managed risk taking which is ultimately the heart of of what this paper is trying to try to get to we do you know as a team provide some challenge to any new risks and move forward but ultimately also then we've got those responsibility holders within the process set out in the policy to actually make those decisions as well to determine you know what's escalated into yes late off the studio risk register and I'm guided by guidance as well then yeah thanks for the helpful comments on sort of horizon scanning I think an area that you know so could be valuable in your forming you know just the next few months for the next few years in terms of our risk management and our policy development as well yeah and certainly looking local as well as you know regional and national trends will be important again something will be you know keen to engage a range with you know both both partners locally and regionally and nationally in terms of the evidence we can gather to inform that and again you know some of those challenges will be unique to mama show but some will be more localized in a different way or presenting themselves specifically in mama show we need to be aware of so yeah that's when we know a lot more to come great thank you Peter thank you Chair Tony just very briefly but first of all I probably don't want to take the plaudits as was maybe being suggested earlier to recognize I think what what's an excellent piece of work I think that's been I think that's with Mack Aitos and obviously Richard and Hannah but I think it's probably worth while we mentioning just echoing I guess Richard and Hannah brought this in front of strategic leadership team a few weeks ago I think the reaction and the response is very similar to your own chair and that of the committee I think this is an excellent piece of work it was unanimously supported I think it's the next stage of evolution I think in terms of our risk management arrangements I'm also particularly pleased in the way that the debate in the conversation took place SLT in the sense of really pushing back at immediate adoption and in fact that point of six to twelve twelve months leading because actually it's it's affording what is in fact the necessary time I think for us to be able to transition up into into those arrangements and make sure that they are using Richard's words properly and appropriately embedded I think the final point really is back to the action on the action log that I think Richard has talked well to and I think that there seems to be general comfort about bringing that report back in in July but clearly there'll be a piece there just in terms of being able to demonstrate back to the committee the arrangements I think rich probably take a second a second opportunity hand in hand with it to maybe take the policy now in its rewritten form and be able to actually apply that lens to it as well so it's maybe you know cutting our teeth you know with the new and updated policy on those identified corporate arrangements I think it's probably a really healthy thing to do up front okay thank you so let's look to conclude this matter if we turn our attention back to paragraph two recommendations it is a view of this committee that it recommends the policy for adoption by the council it is comfortable with these self-assessment results are set out within the body of his paper and it is comfortable with the proposed way to address the action tree and action list by by means of bringing forward a paper to his committee in July setting out relevant information so thank you one and all we will now move to the next item which is the internal audit plan at agenda item seven this paper being introduced by Jan Furtec our acting chief in ten Lordita Jan as per usual assume we've read the paper but draw out key points please thank you chair yes so this report aims to inform members of the governor's not a committee on the work to be undertaken by the intern lordit team at an operational level during the 24 25 financial year and I'm requesting that the committee review comment and approves this audit plan so the mission of intern lordit and the reason why we are here is to enhance and protect organizational value by providing risk based and objective assurance advice and insight we're an independent team we provide objective assurance and also consultant activities designed to add value and to improve the organization's operations we use a systematic approach to evaluate and improve the effectiveness of the risk management framework the control and governance processes within the council so the audit planning process takes into account all possible systems processes sections establishments that could be audited within mommasher this includes all services activities and functions which mommasher commissions and or delivers via a third party or via collaborative and partnership arrangements for the 24 25 audit plan the total number of available days amounted to 1300 that was based on five full-time equivalent auditors in the team for a full year we then take off an allowance for planned annual leave any sickness or estimated sickness training management time and admin time which is deducted and to give us our operational lordit days for the year so that calculation has left us with 813 operational days which we allocate across all service area director it's on a risk basis so the summary of that can be seen as appendix one in the report within this 813 days we also set aside 70 days for any special investigations where they could be allegations of fraud theft or bribery against employees of the organization and to also complete any reactive work as we need to if the intern lordit service was to complete a review of each of the service areas which would either due for audit or had not yet been audited and during that during the next financial year the resource required for the team would account would amount to around 2873 audit days therefore the audit plan has had to be risk assessed and prioritized to match the resource of the team chief officers and all heads of service were given the opportunity to contribute and to shape the audit plan the initial plan was provided to a meeting of the street leadership team along with chief officers in the departmental management teams to discuss and to refine a copy of the draft audit plan was also due to be presented to the meeting of the governance and audit committee on the 14th of march this year however as the meeting was cancelled a copy of the covering report and the audit plan was sent to all members via email as an opportunity to provide comment and to highlight any requests these have been taken account when devising the final version of the plan so there's a couple of key changes between the draft and the final audit plan these are highlighted within section 3.13 of the report and the majority of which were work in progress at the end of the flange leer which we didn't quite get over the line and to be issued as draft by the 31st of march it's important to highlight that this plan may change as the year progresses especially if the risk profile of our audit work changes it is intended that the audit plan remains fluid and will be dependent on any new priorities or risks emerge into the council so we can do reactive work as and when we need to this plan will therefore be reviewed quarterly by myself as the acting chief intern lordster and discuss regularly with the deputy chief executive and chief officer of resources and also the chair of the governance and audit committee as and why necessary if we do need to significantly change the audit plan that will be brought back to the committee for further approval consideration is given throughout the audit plan for the appropriate level of resources for intern lordit at mommasha came to council the current establishment of five members of staff remains just about adequate for the current level of assess risk although this will be considered as part of a later item on today's agenda it's worth noting that if there was any unplanned absences such as long-term sickness accomments prolonged investigations or prolonged reactive work undertaken this could significantly impact on the audit plan as cover is limited so the 24 25 audit plan is attached as appendix two to the report the audit jobs have been risk assessed and prioritized which matches to our available resource for the year we therefore have 47 audit opinion jobs and 25 non-opinion jobs incorporated into the plan and it is my opinion that this will be sufficient audit work and coverage to provide informed end-of-year audit opinion to committee this time next year so governance and audit committee are responsible as per the terms of reference of the committee to approve and monitor the intern lordit plan over the course of the year quarterly reports will be presented promptly by myself informing committee of the current progress against the approved plan the opinions issued issued an assembly of all unfavourable reports the committee's role is to hold officers to account and provide oversight of the audit process and the organizational system of internal control i therefore ask committee to approve the 24 25 audit plan and happy to answer any questions thank you Jan questions or comments please Martin thank you Jan it's very comprehensive as always one thing i don't get a flavour from from the the table of appendix two which lists the audits you have yes knows as the order to do and then you alongside the ones you have chosen there's a risk level of mediums and highs obviously no low level ones all the ones that are yes but you're not including i presume they are lower risk level and the ones you have included i presume that's right um is a good question um so in terms of the column with audit due so that's basically any area that either has not been audited or hasn't been audited within a five-year period we then risk assess each individual review to ensure that we concentrate on the jobs that need to be done within a year so um a good example could be second one on the list budgetary control capital that that would be a high risk review it is due there are a number of reasons why that has not been included within the audit plan for the current year um but it will be picked up most likely next year as part of the audit plan so there could be other ones like that it's all part of the risk assessment process thank you yeah and i figured there was more to it than meets the eye initially okay that that's helpful i'll come back to resources in a second but one thing you you you you you brought my attention to was powers 37 and 38 as you said they've got five whole-time equivalent stuff which adds up to 3,300 days and then you've said our allowance the lease signals training management admin is deducted and that brings us down to about 800 days so we lose 500 days or i don't know what's what the heck's that best part of it's over a third of our time it's a non-productive audit work and it'd be interesting how we talk about key performance indicators i thought that's not a particularly good place to be in i understand entirely staff we're entitled to leave and if staff are sick etc but that feels like a big big chunk of training management admin from our from our work i just i like to that the other question i was going to ask is around volume of work and the width versus depth and whether 72 jobs is too many jobs whether you can do more jobs or you do less jobs how long it takes but that's those kind of questions thanks John thank you Martin um yes in terms of your first point it does seem a lot of time um obviously annual leave is and bank holidays is statutory obligations we have to take that off and we have been quite frugal in terms of the calculation it all is all done scientifically in terms of um across the team to do this calculations we put in a nominal amount of sickness obviously we we don't know and hopefully none of my team will be sick over the next year um but we have to put in a nominal a figure on that obviously if there is um spare capacity during the year um sickness allocation has not been used up management time has not been used up admin time has not been used up um then members of the team can do potential and planned work and we add that back into the reactive time or we're a job has um overrun uh for whatever reasons it could be additional work required out on site then that can be used to offset some of that time as well in terms of your second question in terms of depth versus the number of audit jobs and that's part of our risk assessment um for each individual audit review so at the start of the year in that audit plan i put in a an estimate of time that we need available for each job so that's based on cumulative audit knowledge um that's not to say that a job might not overrun because i've put it down as 15 days and it might require 20 because of the level of depth that we need to go in to um during that review so each individual review is scoped we ensure that we cover all the high risk areas within that obviously if we had more time we could cover more areas and but we are trying to get as much audit worked and as much coverage across the council done with it with our resource thank you go to peter next please yeah thank you john um it's clear for me a report and and from your your answers that you've got a team who are dealing with a very heavy workload that you're only able to deal with with very careful planning um are you able to sort reassure us that your team are feeling positive about their work that they're not feeling overwhelmed by why that amount of work so that they're perhaps suffering from excessive levels of stress and anxiety because that in itself is is a risk um both from the point of view of our duty of care to our staff but also in terms of you know if we have those situations then people do start to go off sick and so on and then the NSA work doesn't get done things slip under the uh under the radar and and so on so i don't know if you could comment on the the general level of morale amongst your team yeah thank you for the question yeah so i'm not not going to lie audit work is is very challenging um the team are quite often put in quite uncomfortable situations especially when they go out on site um they have to ask a lot of questions that potentially sometimes are not welcome um and obviously deal and deal with that accordingly then especially if management disagree with the line of questioning or the recommendations which they then issue um so it is a difficult auditing is a difficult job um it's my role as um the manager of the team to ensure that the team uh um the team morale is is there that um members of staff feel supported when they when they do audit when they go out on site um i like to think that i support i support the team um and make sure that they they know they've got um got someone's got their back when they um when they go out and ask ask these questions um i'd like to say that the morale and the team is is quite good at the moment um and as we move on um i'm not not gonna say that let's say this it's a difficult job um and will the proof will be as staff remain happy staff remaining in work and issuing issuing audit reports yes just say thank you for that don't not make yourself a hostage support you now don't take take quick care and thanks for the clarity of answering and that little insight you you you've given us into the difficulties of of the nature of the job and uh certain circumstances i think many of us just don't appreciate unless we're reminded about it thank you yes that is the addition maybe um noting that there's an inherent tension between the order team the order term but generally orders are treated with respect for it Monmocha is that correct? yes that would be correct yeah great okay we'll go to Rod VNX Vince era Rod V please thanks thank you um just think in terms of forward planning uh yan at uh 4.7 it says about the global internal audit standards becoming mandatory in uh January um but that you um you're currently waiting for the guidance i was just wondered in terms of time skills in terms of you getting that guidance and what the likely impact would be in terms of your work schedule going forward okay thank you yeah so the latest that we've heard um should i believe as a starter last week was that there's still no decision that's been made on the if the public sector internal audit standards are going to be updated in light of the new global internal audit standards or whether the global internal audit standards will be implemented across the public sector in the UK the last i heard was that although the global standards are effective from the first of January it's likely that the public sector will have at least until the 31st of March and before they have to come on board with whatever standards are going to be put in place and whether but they're still considering whether the public sector standards themselves will be updated or we go on to the global standards so at the moment it's a wait and see um i don't think many heads of order quite happy with that we want to get going if we need to make changes we want to make them i know i've got a presentation down on the work program to give committee which we keep on pushing back there's no point in doing it until we know what we're what we're actually going to be playing with um so it is it is on our radar and we will look to implement as soon as we as soon as we know thank you Sarah please thanks chair a related question to peters i suspect and that chair knows that i've always said that strong audit is what and it enables an operational manager to sleep at night um i was concerned to see that in the in the audit plan a number of areas which had not been audited for some time or indeed in some cases ever um presumably because they were regarded as low risk but i'm just to what extent do you feel the team is is playing catch up on on previous years and things that have not been thoroughly audited previously i don't want to say that hasn't been thoroughly audited previously um it is just the volume of transactions the volume of areas that a council will and has to manage um we can't get across to everyone i mentioned that ideally we'd look at every area across a five-year period i think that is nayon impossible the the amount of actions that and the amount of teams across the council that would require some oversight and then this certain reviews that we want to do every year or every other year and some some of the fundamental financial systems like council tax um debt recovery we want to look at those more often than than other areas so unfortunately that means certain areas that are considered more lower risk would get pushed back and likewise the new duties that the council take on at the same time so some of the things that have never been audited it might because it's been a relatively new duty so we're waiting for a period of time for the service to embed themselves before we then come in and look at them so there's a number of reasons why an area might not have been audited um obviously we want to get across to everyone i'd love that column to say everyone's done within the five-year period in reality it's just not going to happen unless pete decides to give me an extra five or six months of staff but that's going to be for his decision yeah i think um i think yan's answered that well i mean i think the only supplementary add to it is um in probably describing the horrors of horizontals and the verticals of the organization so you know there's a nature of uh you know a variety of the uh audit work that's within uh the audit plan that i guess is cross-cutting um and you look to get those assurances around for example payroll um as has been you know a good example of um you know and that um allows us to to be able to get that sort of overarching sort of level of comfort um or at least where um inherently um you see those controls playing out through the organization um but by its very nature internal order is uh going back to i guess Richard's last item um you know it's an assessment of risk um on the basis of you know the best intelligence that you have at a moment in time and i guess even an internal audit plan and the one you see now um is iterative in that nature there may be risks that will materialize during the year and and it happens um you know what it work will switch out and in accordingly and that's the way it should operate um but yeah we um you know you're never going to get through a local authority uh a whole array of local authority services uh even in a five-year time frame um but we have we we do have wider business intelligence you know it's not it's not always an internal audit um that will give you a level of comfort uh with regards to robustness of arrangements within one service area to it to another um you know there's other lenses that are applied as well and again all of that feeds in to the construct of what you've got in front of you now thank you okay i'm not seeing any of the hands raised so we look to conclude by saying thank you for the paper very helpful and this committee approves the order planner set out we want to item eight item eight is the external QA of internal audit uh so back to you yarn please thank you chair yes the purpose of this report is to inform the committee of the external quality assessment EQA of the internal audit team which has been recently undertaken to ensure compliance to the public sector internal audit standards the public sector standards require internal audit teams to undergo an external quality assessment once every five years and they should be undertaken by a qualified independent reviewer from outside of the organization it was agreed by section 151 officers and the whilst chief auditors group that each local authority would complete an internal self-assessment which would be validated by an external reviewer from an independent council this approach was used for the last EQA which was completed um in may 2018 and has continued to be the approach undertaken across the public sector over the past couple of years it's important to note that the external assessment should have been completed by May 23 on basis of the five-year period from May 18 however due to the resignation of the previous chief intern-lord in April 23 and myself coming into post later that month it was agreed that this EQA would be delayed until quarter four of the 23 24 financial year to allow for an honest evaluation and validation process to take place so Monmasher's peer review was undertaken during quarter four and this was done by the acting into lord and manager who has the head of into lord at responsibilities at kafilly county borough council they are provided with all the self-assessment information associated documents and evidence as they saw fit um to request the results of the peer review assessment and the validation process can be seen as appendix one which is the final assessment report in summary the review confirmed that the Monmasher intern lord team generally conforms with the public sector intern lord standards and the areas of non-conformance would not considered to be significant there was one area of non or partial conformance and three actions required to strengthen the existing areas the area of non or partial conformance was that the EQA was delayed past its May 23 due date this was deemed minor by the assessor and not material to the overall assessment so the required action is to obviously complete the external assessment and ensure that this report is presented to the committee there are three areas for consideration which would help the team strengthen the team's conformance so it's amending the core principles of internal audit practice based on the new global standards which will be done as part of a review of the internal audit charter once we know these including a direct link and a direct reference for the local code of corporate governance within the audit charter so again that'll be completed when we review our audit charter later this year and to implement a standardized CPD recording process across the team which has already been implemented so we had implement we had identified these as areas for improvement within our self assessment and that was confirmed by the head of audit at kafili so that's our external report can be seen as appendix one and happy to answer any questions thank you Martin not an odd question but it's not observation I think it's a terrific outcome for you and the team Jan and I think generally conforms is such a a sentence which doesn't convey how good a report it is because there is no higher level than generally conforms it absolutely conforms is what it should say and I'm really pleased so congratulations you and your team yeah thank you and with clearly I would echo those remarks so it's a well done please pass on our gratitude and thanks to your team as well are there any more questions or comments no okay in that case we conclude by noting the various satisfactory reports many thanks okay item nine the implementation of internal audit of three recommendations back to you Jan please thank you chair yeah so my final report is the monitoring of implementation of recommendations issued during the 22-23 financial year so the purpose of this report is to show committee provide committee with an update on the progress the operational managers of it have made implementing these recommendations and to also confirm that this report has been presented previously to the council strategic leadership team so again a requirement to the public sector interlord standards is that we monitor and ensure that management actions or recommendations have been effectively implemented or that senior management have accepted any risks of not taking appropriate action so we conducted our follow-up work in January 24 we excluded one report which was issued with a limited audit opinion which was our lady in st michael's primary school due to the unfavorable opinion the school was subject to a formal follow-up audit visit which took place during march 24 so the results from the follow-up audit will be reported to the school chief order to answer the governance and order committee in due course during the next meeting but i can say that it was a more favorable opinion our approach to completing the follow-up work was based on the fact that all recommendations and action plans are for managers to implement within their agreed time scales so the most effective use of our resource was to contact managers to complete a self-assessment they provided the details as to the progress made and we reviewed the responses to ensure that senior management have taken the necessary action so overall during the 22 23 financial year we issued 82 recommendations and table one within the report provides a summary of the findings it's pleasing to note that overall 84 percent of recommendations had either been fully fully or partially implemented where they've been partially implemented um the details of the actions taken to date along with the revised implementation dates were provided by the manager and reviewed by the audit team and we were happy with the with those explanations there were eight recommendations which was stated as not yet being implemented the reasons for their delay was reviewed by the audit team and new target dates for implementation were confirmed were confirmed by managers as table two shows the majority of these were due to a timing issue we followed up in january of the eight five of them were due to be implemented by the 31st of march so that it was already entrained the actions were already being taken um the other actions which are delayed between june to december there are reasons why and were comfortable that those revised implementation dates are correct there was three recommendations where managers effectively decided to accept the risk associated with the original audit findings although it's disappointing to note that the recommendations will not be fully implemented we are of the opinion that the acceptance of these risks will not result in any undue risk being borne by the authority um this report as i mentioned has already been presented to a meeting of the council's strategic leadership team in february this year um chief officers are made aware of the recommendations outstanding within their portfolio and the chief executive has asked that all chief officers review the report and satisfy themselves that appropriate action is being taken by management especially where the risks have been accepted and that the chief officer was also comfortable to accept that risk in addition to management um so that's the report and happy to answer any questions okay thank you very much well i have any questions or comments for honest reports please okay no it looks like a clean bit of health clearly um if anything changes in terms of example the chief officers disagree with the view of their fairs um as direct reports please update us otherwise i think we can note those reports and be comforted by what's been set out there thank you once again we now move on to item 10 item 10 is the proposed future delivery model for internal audits and asked peter davis our chief deputy chief executive to introduce the paper over to you peter thank you chair um i think this has been a subject of ongoing reference for the benefit of the committee to understand how we're gonna look to consolidate and move forward with the internal audit service and given the former chief internal audit Andrew watson uh leaving probably about 12 months ago and committee will be aware that we were exploring conversations around a variety of potential collaborative endeavors and notwithstanding you know yan highlighted the interest earlier but yan has been working very closely with me and through variety of other conversations to look to develop a much more mature position and obviously a business case that looks to present a set of options and obviously a recommended option to move forward um undoubtedly i'm you know working on the basis that uh committee members have obviously read through the report and you'll see that uh the conclusion that is reached there um is for us to recommend that we remain actually in house but importantly to consolidate uh both the resources the skills and and the nature of the roles uh within the team um and that's uh as a consequence um and i think as the committee will will know um um i think uh it's been certainly a desire of mine and certainly the chairs as much as the committees to to make sure that uh you know we draw um swift conclusion uh in terms of the you know the way forward um the report i think has uh rep you know represented in in report form uh quite an awful lot of work that's gone through by way of discussions and and and looking through the detail and you understand i guess by the options assessed uh that those uh those aspects of uh looking at cost and independence and flexibility that each of those models obviously offers um some some of those options uh i think that we were exploring fell away quite quickly by way of the conversations that we sort of evolved um and um you know you even though that they uh stood on similar fair footing i guess in terms of their scoring um i think probably the most mature collaborative arrangement um and probably potential option for us in comparison to the in-house option was uh the regional intern lordit service that's uh currently in place um but we've you know engaged in a number of purposeful discussions with them uh around that and they've uh to their credit they've been very open in terms of sharing of detail and information booked in terms of structures and costs and the like um and for us to be able to assess and weigh and understand that uh against uh i guess the option that we're recommending to remain in-house um you'll see from the report that um uh in fact uh if we had been to entertain the regional intern lordit service that would have actually ended up costing us more um yes i understand uh there is invariably a point in terms of resilience which is what will come into play when whenever you look at any collaboration uh in all honesty um but i don't think that uh in fact outweighed uh i guess those other factors of cost uh and independence and flexibility is afforded by the in-house model i think it's important to note the experience that we've had um and mappy to put that on the record in terms of i think any you've seen it you know meeting on meeting in terms of you know what yan has uh look to achieve uh and to the i think the questions about the morale of the team uh earlier um i've uh um you know been very much uh in a place of having that straight talking discussion with the team and with yan um and i've welcomed the nature of them coming back to me uh quite early on in terms of informal feedback and that you know they're very very pleased um in terms of the trajectory they've taken and under um yan's uh leadership um but i don't i don't think i need to tell you that um i think you've seen that so um in the quality of the reports that are coming through um so naturally um and this is an important part i think of just you know i'm talking here publicly on live stream um you know i do want to thank um the regional internal audit service for the opportunity they've presented at this moment in time um and it's not to say that there is any door shut on any collaboration actually um you know you're going forward i think that would be sort of a naive statement to make i think uh yan as well as myself recognizes that the the world doesn't have a dynamic and changing place i think we all know that um but certainly i want to offer the team stability in order to consolidate off the back of what's been a really good first year under yan's leadership um but i've you know i've rightly had to uh demonstrate that through the um the business case and the report that's in front of you today um i think that the sensible decisions through both of us uh myself and yan and working with the team i think it's um it's been recognized the slight change of shape of the team's structure i think the need for a full-time equivalent chief intern in order to i think um is is is quite key um and i'm not gonna i don't think i'm gonna criticize the the previous arrangement where we shared one with new port um but i think by the the experience i think of or at least having the opportunity to be able to consolidate that more fully as as one full-time equivalent um i think given the environment that we're in nature of the debate today and in terms of you know um having somebody who's going to be able to offer that level of dedicated time in that senior role and that senior position and we've got to go through process uh in and around that um and that's the uh the interest you're showing um clearly at the outset of the meeting um but i think the fraud aspect is also very important as well in inherent within that um i think yan um and i think well i think we both knew and i think the committee knows that there's a need to um i'm not going to concern around our arrangements um i think i just want um an additional level of rigor in and around those arrangements and again given you know we talked about risk through this meeting you know and that's an area that all public bodies um you know are facing um into in terms of those inherent risks of of fraud as much as you have shan and kath uh come in to talk about cyber security you know there are areas that we have rightly invested in um in recent years to strengthen our capabilities and i think now is the right time to do the same uh in and around um our internal audit work so so yeah the report i think uh talks to itself um i'm really interested to just sort of get feedback from the committee um and to hopefully get the endorsement of the committee to sort of move in this direction and certainly for this uh this next period of time so thank you. Thanks very much peter we'll go to questions we'll start with tony please yes thank you chair um the two questions well i want to comment and to tell us a question 4.11 you've touched on the detachment of a shared service without your experience of the previous way we operated or was it a shared service or a shared person at that time the other question is um there's an indication that there's an increase in fraud um have you been able to identify where that fraud why has he increased where it's come from i noticed we've got detection regions to find it out but is this something pre-pandemic or post-pandemic just caused um a lot of work and things like that which might create fraud like i'm assuming it's fraud within the organization rather before the organization so in response to the first question um it was a shared post it wasn't it wasn't a collaboration in the fuller sense um even though i think you know a deepening of collaboration with newport um was one of the options that is obviously presented in the paper i think newport um and i think if um if mary and my my counterpart was here today i think he probably acknowledged one in the same they're in a they're in a different position to us as a result of um i think vacancies that they've suffered through a period of time they've looked to buy in from the market and i guess they're they were in a slightly different position in terms of understanding fundamentally what their next steps were i think in the way that we've been able to consolidate um you know over this last year we we we're in a different position really in in assessing our options um but um so yeah on that one and again to my only comment there's no criticism there in terms of what was there before um i think it's just the opportunity of time and for us to assess uh you know what what the most appropriate next step is um sorry remind me on the second question sorry fraud fraud yes regarding the preponderance or are you as a word preponderance it might be wrong of an increased level of fraud i find fraud prevention obviously is this something which has come from post-pandemic so i might be home working so yeah so i guess if we if we if we if we sit the pandemic very specifically when we talk about things like business grounds aside um then you know we've we've not we've not got a pattern uh of significant fraud um even even despite the fact that you know we've got good arrangements in place um the the increased incident of fraud is something that is being seen across public sector so um invariably we we would be complacent i think to just sit on our laurels of low levels of fraud and just be comfortable um with the arrangements that we have um so um you know it's the need now for us to establish now that um that more dedicated role and um you know that conceivably inform i guess me and yan and the committee and in terms of and in the similar way to what i just touched on and with cyber security um and how we've evolved that in recent years you know that will that will guide us again in terms of the next step of our journey any any other questions or comments Martin thank you thank you Peter i'm a little surprised i guess that it's cheaper to be in house than to join with other organizations and i think you inferred that that's because we pay less um pay less and the gradings in which they in which the way that they assimilate okay across uh because they they sit differently and in terms of with the regional internal audit service uh to us and um that leads to upward trajectory in terms of assimilation over okay so it's a combination of it's probably probably the latter more than the former i think isn't okay so i was thinking about the risk is clearly if there are other organizations which are paying more for services we won't have yan for long because he'll go and get more money somewhere else for example for example of course he wouldn't easy loves it here and the other thing about having a smaller team is the specialties and it doesn't it isn't directly addressed i don't think in the paper things like cyber and it's very specialist areas where we have that facility in household we have to go buy that in yeah i think um i think it's the extent that we need to determine as to whether that needs to be drawn in or it can be developed i guess inherently within the team um so also you know it's kind of a conversation to be worked through so for example if we take something like the shared resource service the SRS which you've you know had a level of exposure on in in the last cycle and i guess Torvine has got a level of experience in that and undertakes the internal audit work in that area so sometimes you know that answer is not not not not too far away in terms of being able to identify the means to achieve that thank you that i think i think that's helpful i'm i'm supportive of the paper i guess because it's a it's a reasons positioned to be in but it feels to be running against the way the world is moving in local governments where individual organizations can't afford the standard they've owned yet in this case we seem to be able to and the clearly works out to be the case i wonder whether there's a lot of coverage on committees and sharing across grant etc but that got hula quickly purely on in this isn't it yeah and i'll probably make note of because it's public our seat RCT stepped away from the regional internal audit service in recent months you know they all have done that for their own reasons and in in terms of i guess as i understand it a bit of a consolidation and focus in terms of their own their own internal governance because they felt that i think in the way that it's been described at least it's you know it's allowed them to come back to i guess that bit around flexibility and being able to you know be able to really clear in terms of where you direct your internal audit resource so it's just you know it's just worth to note that and then the other bit on collaboration is you know collaboration in all walks of life in public service needs to be very carefully thought through you do not just collaborate for the sake of collaboration it's got to be for the right reasons so yeah and any assessment it's got to be a thoughtful one okay um Phil please yeah i was pleased to see the enhanced structure particularly in the current climate um quite refreshing really to see a team enhanced rather than depleted so yeah i mean obviously you accept that if we lose somebody there's there's a problem within the team but that's life isn't it um but no i think it's i think it's the right proposal i was just going to touch Peter on on our CT because i understand their model was to move performance closer together with internal audit which i you know that seems a bit counterintuitive to me that you know internal audit you know can hold performance back and and then perhaps not not best place to be too close together so i'll see i mean three moments of experience of me that perhaps that's uh that's the answer for someone else but uh but it didn't seem sensible to me okay i'm not seeing any of our hands so a couple of comments and one question i think um thank you Peter for paper i'm grateful to officers for early sight of draft of this this paper and the opportunity to provide feedback um i think it's it's a very good well thought out paper and clearly they're supportive of the recommendation i think it was important for our people that is the staff and this committee that we give certainty in terms of what the target operating model was and come to a swift and very sensible conclusion so yet again thank you Peter for your hard work in pulling this together so i so clearly clearly the recommendations accepted my question is is around timetable and all next steps i think the paper will say onto that could you just give us some insight in terms of what the next steps are please yeah thank you chair just remind me it just allows me the opportunity to come back in because it was one important piece i forgot to mention which is that um as you naturally expect it part of a proper process there's been a level of staff consultation um you know this extended obviously beyond yan but with the rest of the team um really good feedback received um but you know again very supportive in terms of the direction of travel um but not in a way of it the the option that being chosen is of course the option of least change for such colleagues they have actually come back in with very constructive uh comment i guess and in terms of how this can actually look to um put uh the internal audit service on stronger footing going forward um so that's that that's just good to acknowledge um so we've so we've already been through that uh hurdle back to your point on timeline uh so that's cleared so on the basis of um an endorsement uh today uh by the governance and audit committee we will be almost immediately looking to uh to to make move therefore um i'm looking to try and streamline uh the process uh as uh as much as i'm able to but obviously in in office offering fair opportunity i guess for the for the roles that are obviously um brought forward as part of the process um so you know i wouldn't want to get oh touch wood uh i wouldn't want to get passed um and the summer really uh with us um not having this uh or implemented in through okay that sounds positive thank you very much so clearly you have a committee's endorsement and look forward to an update in terms of when it's actually been implemented thank you once again we'll now move on to item 12 item 12 is the reformatted uh committee forward work plan may i just pass my thanks to wendy and i think Cheryl for the work they've um they've been involved with in terms of developing it i was content of the content uh but were there any questions or comments members no we'll then move on to the minutes of a previous meeting yet again i've reviewed vv's and they have no particular comments or questions but may look to members for their views happy to approve okay we will we will we will approve those minutes thank you and the final um the big part i shouldn't just confirmed we've already addressed item 11 so so at the top end of this meeting the final then that is to confirm the date of next meeting hopefully this new diary is 6th of June and think that concludes this committee meeting so thank you one and all [BLANK_AUDIO]
Transcript
Okay. We will now move to item three public open form. May I just check Tony? Your mic is on. Did you wish to speak? Okay. Public open form. This is the opportunity for members of public to address the committee to raise any concerns or relevant matters. Wendy, have we any members of public who wish to address this? That no chair. Okay. In which case we will move on to the action list. There's four actions in the action list. We'll start as this tradition with the first one and that's in relation to a paper, possibly an informal paper on finance team capacity. Members will be aware this is a long outstanding paper. So I can see John Davis head of finances on the lines. John, can we kindly give an update in terms of where we are of this paper, please? Yeah, afternoon, everyone. And thanks, Chair. Yeah, I think I communicated via email over the past week or so that the paper is near and completion. It's not a paper that is going to come in front of the committee as a report as such. So this is very much an operational paper that outlines the changes required to the finance structure. It's, as I say, near and completion. So I'll hopefully be able to share that with yourself. Chair, at the same time as it goes across to Peter has in his role as chief officer for resources to be able to consider and sign that off in the Peter's role. So yeah, hoping to be shared this week. It's near and completion. It doesn't mean an easy one because it encapsulates quite a few temporary arrangements that we've had in place. So just needed to bottom those out before bringing that forward as a final version. Hopefully that gives us an update. So John, thanks for the update. We did discuss it. We're at the pre-meter week or so ago. Given how long it's taken to see the light of day, I did strongly indicate that I'd want to pay per bike end of this month, which is effectively tomorrow. So I would like it. Water and all tomorrow, please. Are you happy to do that? I'll work towards that, Chair. I'll take a look through and hopefully share something at the same time that is sent over to Peter. Thank you. Much appreciated. Okay, we've gone to the actions. Actions 2 is not due until next month. I'm not going to go to MAT unless he signals that he wishes to update this point, but I look forward to seeing that paper at next month's committee. Item 3 is included within Richard Jones' excellent paper on risk management and item. What is it? It's fair. Item 6, conceived of looking. So what I'm going to ask Peter Davis to provide an update unless he wishes to at this stage and similarly item 4, that's not due until late in the year. So no update of this point is required. If we could then move on to item 5. Item 5 is the Audit Wales Program Council Board of Wales Work Program Council Progress Update. And I believe this item is going to be introduced initially by Hannah Carter Performance Analyst. So Hannah, over to you, please. Thank you, Chair. Yeah, so today we have the Audit Wales Work Program Progress Update for members to review. This is a six-monthly report that was last presented to the committee back in October. So this report provides an update on the progress being made by the Council in implementing the findings of Audit Wales reviews. This includes both local and national studies published by Audit Wales. So for our local studies, recommendations that we deem require further attention are marked as open. And then when a recommendation has been assessed as been adequately addressed, it's marked as closed and an explanation might be provided. So the local reviews currently marked as open can be found in Appendix 1. These include a review into financial sustainability and also a review into asset and workforce management. As well as these local studies, Audit Wales also publish national studies. And whilst the findings of these studies may not always be specific to Monma Shaw or necessarily pertinent, we do share these with the most appropriate service area to consider their findings and recommendations and to respond accordingly. And the Council's management response to national studies can be found in Appendix 2. There's been just one national study published since the last update provided to the committee, and this is into regeneration of Brownfield sites. Something to note for the committee is that the management response template for our national studies has been adjusted very slightly to include a responsibility holder and time scale. And this is to ensure alignment with Audit Wales's organisational response forms that we are required to complete following these national studies. The committee is asked to scrutinise the Council's response to the Audit Wales work program and seek assurance that adequate progress is being made. And they are also able to refer any issues contained within the national studies for other committees to consider where they identify their findings that may require some further scrutiny. And I'm happy to take any questions that you may have from the report. Okay, thank you, Hannah. Let's go to members first for questions and comments. Martin. Thank you, Chair. Thank you, Hannah. It's a helpful report. If I write your reading this, these are only the Open Audit Wales recommendations, so there are some which have been closed. It would be helpful, not for this time, but for in future, just a brief summary of the ones that have been done just so we understand what action has been done to make sure we've closed that off happily. Specifically then, on the appendix one that's here today, and the finance proposals, the bottom one and the finance proposals on page six of the paper talks about robust details, review of plan savings brought forward to ensure impact on service deliveries mitigated where possible. And it says March 24. That's so, I presume that hasn't yet happened, always in progress. Yes, so this is referring to setting a balanced budget, which was then done in March 24. That's why it's not as much 24. So that action has been done. Ah, but it's because it's part of a bigger overall action, which has the opening of that way, it's a looping. Okay, that's really helpful. A couple of other places, however, where the actions are marked as ongoing. How on earth do we ever close off an ongoing action? Yes, I think that's the first point. I have closed actions as well. It's going to be helpful and I'll come on to the ongoing one. In terms of close, there aren't any actually within this report that close, but it's to say when we close an action, we will also include a rationale for closing it within this report. And also, I know all the way else colleagues on the call are planning further follow up work on closed actions as well. So that may help the committee and certainly help as an organisation. In terms of ongoing, I think it's a fair challenge. I think some of the nature of the actions is, Hannah's just sorry. Hannah's just pardon me. As Hannah's just described, we'll have a specific end date, so we'll set the budget on a certain date and we can see the actions closed. Some of the things we're doing are looking at ongoing incremental improvements to how we deliver in services. So, the one in front of me around the asset management plan has now been put in place. Within that, there are a range of actions and activities that will set out different milestones and measures which they want to deliver. It's difficult for us in one paper to wrap all those up at a headline level, too. But I think it is a fair challenge and something I think we'll take back to when we're working with service areas we respond to these, try and pin down clear timescale. So both we and you can hold them to account for delivery and I'm sure what it was, Connie, to say the same. Thank you, Richard. That's really helpful. What I don't want to do is force officers into setting realistic deadlines to get things done. So I'd like them to think about these things. And if it is complex, it is going to take a while, let's be honest and say it'll take a year, it'll take however long it takes. But I hate ongoing because you can never close it off, Connie. Thank you. Any other questions or comments, please? Okay. Before I turn to order Wales for various views on this paper, just to please say I didn't see you. With regard to the empty land and buildings piece, I'd note the response. I mean, we don't have the same issues in Momshire that a lot of authorities have do. And I know that officers are aware of where the brownfield sites are and what they are. And of course, it's great that the authority is sort of putting its own house in order first through the asset strategy. But I wondered whether we are actually meeting the challenge of being given with the audit Wales to be ambitious and interventionist and whether the sites that are around the county, are we aware of which collectively as an authority and being aware that that's very much cross departmental, are we identified those sites which are not coming forward in the normal, through the normal course of things, through the LDP or through anything else, and where the authority may need to intervene to avoid that site becoming a continuing beat to be a blight. I mean, I'm sure we can all identify a few around the county which are where there are ice walls where nothing appears to be happening. I think it's difficult for us to answer that when no sponsor of the service here, I think in bringing the paper forward with the committee, there's probably two roles. You've got one is a show on yourself around the initial response. The second one is if you think there are elements here that could be followed up in more detail, that could be something, for example, you refer on to a scrutiny committee, for example, to look at where this, obviously, I know the planning policy and the local development plan, for example, it is already part of the work program. Secondly, and more specifically, we can take that question away in us for the service here to provide a return response. So, I believe it to the committee to decide what further action I'd take, but I'm happy to take the specific question back to you. Thank you, Richard. Thank you, Sarah. You made some important points there. How do you wish to play it? We can ask the officers to come back to us with a fair update, or we could refer to scrutiny, or even potentially ask a relevant officer to attend this committee, albeit I'm not very keen at that last option. Have any thoughts, please, Sarah? Perhaps to identify whether we have a list, as an authority, do we have a list of the brownfield sites in the county and the sites in need for regeneration, and are we aware of the current status of those? I'm sure Phil will know more than I do. Phil, please, quite honestly, Chair, that's one for the replacement local development plan, which is due to P&M's by cabinet in September. So, I think Sarah would probably be better waiting until she gets that, because whatever there is at the moment could well change by then. Tony. Yeah, thank you, Chair. Page 11 on your report, I won't read all of it, but it says, this is the Council House, and can this directly involve communities in its development of the county, where you engage the stakeholders throughout the development of the replacement local development plan, et cetera. I won't read all the paragraph. I think that Yann knows what I'm coming from. Can you assure me that there will be that continued and regular involvement of communities rather than just righted down on you? I think, well, the response is given by the head of planning, placemaking, highways, it's a long title, highways, and flooding and regeneration manager. So, that's what they've committed to do in the response. I can't personally respond to that, Chair, but again, we can ask you if there's a specific question for the officer to respond. Yeah, so I do have some sympathies with Richard's view. So, Tony, I don't know if it's best asking that question directly to the officer outside of his forum, but if you're not satisfied, please bring it back, because it is related to the points within this paper. Yes, they've got concerns, yes. Okay, thank you, Tony. I kind of check, Sarah. Are you happy to wait to see the LDP in September? I am. Yes, thank you, Chair. I think that's an excellent suggestion from them. Okay, thank you. Just a few comments from me back to the finance proposals. Clearly, a critical set of actions here, and, you know, we have, as a committee, asked to be engaged in the development of a financial strategy, and I do note that the financial strategies on the agenda for our meeting next month, and I'm sure that that will come forward as appropriate, which is really, really important, and certainly sort of the scale of the action set out here, and what the outcome actually desired is pretty significant and critical to the continuing the viability of this organisation. So, look forward to seeing that, and also looking forward to seeing these actions closed out. Before concluding, may I just turn to Gareth Lucy and Jason Williams for their comments in terms of the adequacy of the Council's response, please. Thank you, Chair. Yes, obviously, a lot of these comments relate to historical reports and outputs that we've made. So, you know, we maintain a contact with Council officers in terms of those responses, you know, and carry out a range of follow-up work as well as appropriate. So, you know, that work then provides us with the assurance we need that those are being taken forward. So, I want to use a combination of that ongoing dialogue and the follow-up work that will provide assurances in the Chair. Great. Okay, I take that, but you are broadly comfortable with what's said out. That is, there are no further contour indications. Thank you, Gareth. As I mentioned at the pre-meet, we will now move to item 11. Item 11 is the Ordes Wales Performance Data Review, and I'll turn initially to Gareth Lucy to introduce the item. I think Jason Williams will then provide a bit more detail, and then turn to members for questions and comments. So, back to you, Gareth, please. Thank you very much, Chair, and good afternoon, everyone. Just to introduce myself, my name is Gareth Lucy. I'm the Engagement Director with Responsibility for Delivery, of all audit work here at Momshire County Council. I've recently taken over from Anthony Ville, who has previously held the role. So, just to introduce this work, first of all, before I introduce my colleague, Jason, into to talk through some of the detail of the findings. So, this is a report on the Council's use of service users of perspectives and consideration of outcomes when it comes to its performance information. This is a piece of work that we've performed across all 22 local authorities in Wales. So, isn't a local audit risk that we've identified as such. This is a piece of thematic work that we've carried out all across the country, this report therefore forms the local output of that work for Momshire. We got 21 other reports similarly being presented elsewhere across Wales, too. It's worth flagging up at this stage that this is a report focusing on the use of service user perspectives and outcomes within performance information. So, this isn't a wider review of the Council's use of performance information, so its processes or its performance in that area. This is looking at a specific element of that. So, I just asked members to bear that in mind as they consider the findings of this report. Hopefully, everyone's had a chance to read the report in detail to see the main findings coming out of it. You'll also see after the report in the agenda PAC, the Council have also completed our organisational response form on page 1, 2, 3 of the PAC. That summarizes the Council's response to the recommendations that we've raised in the report as well. Although Jason will come on to those in a little more detail now, fundamentally, we're satisfied at this stage around the content and sufficiency of that response from the Council as well. So, with that all summarized here, I'll hand over to Jason now, we'll come up through some of the details of the report, and then hopefully, we can hand over to a Council officer then for a response in terms of their response to our report. Thank you very much. Yeah, I'm Jason Williams, senior officer with Audit Wales. I've been working on this particular review, amongst others, and just to follow on from what Gareth has said, we carried out this review to answer the key question, which was, does the Council's performance data enable senior leaders to understand the service user perspective and the outcomes of its activities to effectively manage its performance? We explored the performance information that provided the senior leaders on the perspective of service users, the information on the outcomes of the Council's activities and arrangements to ensure that the data provided is correct. The overall finding that we came to within the report, and this is all detailed within the report, and I'll just pull a little bits out as we go along, but the overall finding was that the Council provides some performance information to enable senior leaders to understand the perspective of service users, but informational outcomes was limited in restricting the ability to manage performance effectively. The reviews findings then, which fed into that overall finding, were as follows. So performance information provided to senior leaders includes some information, but it does not enable them to get a comprehensive understanding of the service user perspectives. We did find some examples of performance information, which would help senior leaders understand the perspective of service users, but overall we found the information on the perspective of service users did not enable senior leaders to get a comprehensive understanding of how well services and policies are meeting the needs of service users, particularly given the breadth of services are provided. Our next finding was regards to the performance information provided the senior leaders to help them understand the outcomes of the Council's activities as being limited. So we found some information about outcomes. Much of the information in the Council's report is based upon outputs, however, and quantitative measures with limited evaluation of those outcomes and the outcomes of the actions. Our next finding was around the Council has limited arrangements to ensure performance data. Reflecting the service user's perspective and the outcomes is accurate. The Council has limited arrangements in place to routinely check the accuracy and quality of data and performance information. There were things such as performance measures guidance, which we looked through in the principles and of development and checking performance measures. We looked at performance team and take sense checks and in consideration we found that inaccuracies with performance information may not be identified if anomalies were not noted. So another one of the points was that there has been no data quality orders that we had seen in the past four years and as the Council has limited arrangements, therefore, to assure itself that the service user perspective and outcomes data is accurate, there was then deemed the risk that performance information presented to senior leaders may therefore be inaccurate. Our next finding. As information provided on outcomes is limited, the extent to which the Council can use this information to help it achieve its outcomes is also limited. Some performance information to enable senior leaders were found to understand the perspective of service users, but information on outcomes was found to be limited and where we did find examples of the Council providing information, we found some examples of the Council then using that information and making changes. The next finding was that the Council recognised that it needs to strengthen the quality and range of information available to it. The Council has set new objectives in its community and corporate plan with a focus on developing more localized data to better understand the lived experiences of its residents, so that was stated. It will be important for the Council to benchmark and compare its performance arrangements, however, for collecting and reporting on outcomes and service user perspectives with other organisations. So having gone through that, coming to the final overall rather conclusion and finding, we came up with three recommendations, which I'll just summarize as in. The first was about the Council should strengthen the information it provides to its senior leaders. The second was that the Council should strengthen the information provided to senior leaders to help them understand the impact of its services and that's with regards to outcomes and then the third was the Council needs to assure itself that it has robust arrangements in place to check the quality and accuracy of the service user perspective and outcomes data provides to senior leaders. That report was produced, agreed, it's been agreed with Council and it has been submitted with an ORF, an organisational response form. As was mentioned by Gareth, that's been returned to us and our conclusion in that is that the Council's response to findings together with their planned actions was deemed sufficient and appropriate and that's basically it from, I believe, thank you. So thank you, Gareth, thank you, Jason, really, really helpful introduction. From my perspective, a very important paper and indeed it's a real challenge, not only from on the shy bet, but for other local authorities in order to sort of address a number of these recommendations. So before going to members, I note that a number of these actions, Citry of Richard Jones, Performance and Data Insight Manager, as well as with Matt Gaethaus. Richard, did you want to say anything at this stage in terms of your confidence in delivering those actions, please? Yes, Chair, I think overall again, thank you for the audit, Will's work on this. It is timely, as mentioned, flipping the input from Jason, we set the community called Brown, looking at developing our outcomes of this piece of work from what it well is to inform that. It's helpful, I think, what I'd give some assurance to members is that we have some arrangements in place and we have performance monitoring reporting in place, we have a performance management framework in place and we have regular timetable of work plans to report those in. I think what the report challenges on is strengthening that to focus on outcomes in the services perspective. Some of those things we have in place, I think the report cites some of those examples around things like our self-reloration report, things like our directors reports coming from chief officer in social care health and chief officer's children and people, but nonetheless, as our management response covers, we're looking to strengthen those arrangements in the coming months and years ahead. So, in terms of the key actions, there's a couple of key things we're looking to do. Firstly, is strengthening the measures within the community and corporate plan to try and make sure there's focus on outcomes and the service use of respect as they can be recognizing that no one number alone will fully reflect that and actually, I think as we've talked to this committee for about our self-assessment arrangements, bringing a wide range of evidence to support our self-assessment will be important and that won't just be quantitative evidence that will be qualitative as well and sometimes that will take a while to develop review, evaluate and bring that forward which is partly linked to one of our key second actions for both the first two recommendations and working with service areas to strengthen their own information gathering and assessment through their service plans as well because it's that that then for feet and vocal but reporting and the service areas are the ones closest to the service uses and the outcomes where they're being delivered as well, but again, just to reiterate, there are arrangements in place for that and we do have good examples where that's in place nonetheless, it's about making sure that practice is even and consistent across our range of services as well and the final action there that links to our self-assessment arrangements which I've already covered and then finally around the third recommendation around the quality and accuracy or information again, Jason, hopefully we'll do some of the arrangements we have in place in terms of, you know, providing that assurance to ourselves around do we have robust arrangements to check, to check quality sure performance data, I think a big part of it for us is it's not looking just at the name and point check but looking at data for its life cycle, so looking at when data is first, when it's first entered, how it's stored, how it's exported, how it's exported, rather dated and reported and you know, I think the way we're looking at our actions takes forward around the data material assessment, it's looking at across that whole life cycle including some of the processes we have in place to do some of those end-point checks and part of that, you know, I've spoken to Jan as well in terms of the work that we can jointly do within an audit, the strength and some of those arrangements as well, so that's a brief overview and confidence in terms of where we go next and I'll see a report on that committee, I don't know, Chief, if Matt wanted to add anything. I think there was a sort of fairly comprehensive initiative input from Rich and also just your chair as needed to pick up any subsequent questions from the committee. Great, thanks both, so I'll have two members for questions and comments, either towards Wales or to officers. Only a quick one, Chair, just a bit of clarification really, on a general point. All these Wales, in particular, there's various references to effectively or what appears to be effectively accepting the reports that have provided to senior managers as being correct if they're doing a financial audit, that the information provided by officers and internal audit is correct and then there's a heavy reliance upon us getting what we give out that they look at being correct. So my question is, what tests go on on that? You know, are we actually hanging ourselves when perhaps we shouldn't have done? You know, this general question about how the effectiveness is worked through. Thank you. So I think that's essentially a question about data accuracy and integrity. Richard, do you want to go with the answering right, please? Yeah, thanks. Thanks, Councillor MURPHY. It's a good point. Again, I think, probably look, it's a different area's responsibility and then at each point those are different areas in essence of check. So we take performance data as a line in this report, so obviously we'll have a responsibility holder in the service area who will be generated in producing that performance data. Part of our response round data maturity is making sure that they have the skill support awareness they need when they're producing the data to think of it through that lifecycle. So has it been entered correctly? Are they validating it before then they pass it on to be used in the next chain in the cycle? As you describe, the next part of that in terms of if I looked safely at the arrangements having place with a community and corporate plan performance measures, which are important to us because they are our headline measures of our objectives as an organisation, we have, as described in the report, definitions, proformers in place, which would calculate things like variants. We'll ensure that the officer providing information is signing off that they're happy it's accurate. If there are variants, it's like that we as a team will act as a potential another check in that process to test then why is something varied? Have you had a changing process? Have you changed your system? Has the performance gone up or down that much? Why? And that's another check in the line. And obviously we then report through two committees as well, who at the end point have a scrutiny challenge role. I know in using with the response to report with into an audit colleagues of our new into an audit part of their work programme, we're required or we're on a risk basis to be important also to test out some of the performance data and data arrangements services have in place. So I think it's we have a process in place but for me it's not just the process, it's making sure that the culture, the skills are embedded within that and that's where I think our response will help working as a performance team and in these and with the with all the colleagues as well as our whole system. Thanks for that which obviously a lot of care taken there but can I just turn the question on on audit Wales then please and just see what their perspective is on that. Do you want to repeat your question for Ben for Wales? Basically even though you have acknowledged the amount of care which is taken in preparing reports and the information provided to you, what checks do you carry out to make sure that that is in fact the case? Yeah thank you Chair and thanks to the Councillor for the question. Yes ultimately this is kind of the skill of the job ultimately as an auditor is to assess the data that's put in front of you and come to a conclusion as to whether it's something that can be relied upon or whether further work needs to be done and if further work needs to be done what that work therefore is. So some professional skepticism is really what underpins the work that we do. It's really just carrying that mindset forward to review every piece of information we get be that for auditing the accounts or for a piece of performance audit work and constantly assessing whether that is a viable and accurate piece of information and sometimes that's more straightforward than others. So sometimes it's externally verifiable, sometimes we may need to stop colleagues who may have greater knowledge and assurances in this area, sometimes it's as simple as just asking through the questions of the person who's provided it and getting assurances that way. There's no set of approach ultimately but I suppose just please be assured from our part that this is something that underpins all of the work that we do, that we're never taking anything at face value and as an external auditor's we have to question what we're provided at all times. That was the anticipated response, thank you for that. Okay thank you Gareth. Have any Martin please. Thank you Chair. I guess this is which is this is probably view in the recommendation responses. As you mentioned the recommendation is one-on-two, there's a bullet that says support service managers to strengthen the use of evidence. How are we going to do that? Is that going to be a training courses, training people how to use data? What does support service managers actually look like? Yeah I think it'll be a range of things. So for example, Anne and I are responsible set up service business plan process as part of that. We have a range of guidance training materials that we'll provide managers with either generally offered or offered on a support or need basis and we'll be developing some new retailers part of that. So for example we'll be looking at doing some video recordings so we can have training available. We'll make people that hold in a specific session and also that will be part of then we're part of the various networks and performance networks. We may draw in specific training courses or support as available as well. So we've got a suite available I think the challenge and audit way as a report is a welcome moment in terms of that focus on impact. It's something we identified in our self-assessment process as well. So yeah there'll be a great emphasis now as we move in the next few months into through the service business planning to focus on training and supporting managers around ourselves more so than we currently do. That's really helpful thank you. Sarah next please. Thank you Chair. I think Melty has asked one of the questions I was going to ask. This is a really welcome challenge and very much echoes. I know what I know is the the administration's commitment to put the citizen experience at the centre of everything the council does and to use data robustly. I will also go to ask about the the training and so on but I'd like to ask audit Wales is really how do we compare to other authorities in that. Perhaps this is not something you could answer in this but I know that we're always ready to learn from good practice elsewhere. Thank you. Are you able to answer that Gareth? Yes yes absolutely and thanks again for the question. I think this is the really useful thing about performing these thematic pieces of work across all of the 22 councils as it allows us to compare also allows council officers to compare contrast, share and learn and ultimately that's what we're hoping for from this piece of work is it'll it'll act as that catalyst for discussion and sharing. Ultimately the I think the conclusions we've drawn here are fairly consistent with what we've seen elsewhere. Again wouldn't want to sort of pre-empt any other reports which may still be going through this process but they'll all be findable on our website later on anyway but it's fairly consistent. I think we found these sort of general themes of potential improvements that could be made in terms of enhancing the perspective of the service user and outcomes as part of performance management data. So I think the findings that we have here are certainly not unique. We certainly have seen similar themes elsewhere and what we'd hope now is let me say councils could get together, share information and learn from that but I suppose just as that final piece of reassurance you know what you see here is not more much of being an agglaya. I'd say this is very much part of being one of the past clearly and it's just a matter of now the steps from here to further that improvement journey. Okay thank you helpful Richard we'd like to come in there please. Just to add and thank Harris for that helpful explanation just to reassure the council that we're also part of network with performance colleagues across other organisations particularly through the WLGA and as we look to develop out our use of outcome measures we're looking and we're networking with them in terms of other practice we can we can learn from and share. Audrey please. Thanks Chair. It was only a quick one for Richard I was just thinking in terms of going forward. I just wanted to double check you don't actually get to name them but have you identified the service areas that are going to need additional support in doing that the outcomes, evidence in the outcomes and where they may need additional training. Yeah and I think we're all going to look to be more targeted so as part of our service business planning process we do a quality assurance process. I say we kind of largely largely leads that and a hand is in a piece of work to review all all 50 of our service business plans looking at the quality of the different areas and where those who perhaps need more support in different areas not just self-assessment but on things like risk for example others we'll we'll be more targeted using that information we've got to focus on certain areas and supporting them to strengthen the arrangements initially but really equally there will be an offer open for anyone within the organisation who wish to take it up as well. Okay, you're not seeing any of our hands raised so let's conclude this matter. May once again thank you, thanks, extend our thanks to Gareth and Jason for her contributions please feel free to stay but also please feel free to to leave as you as a dean for it. Many thanks. Thank you, Jane. Okay we'll move back to item six which is the Risk and Management paper. I think this paper is going to be introduced by Richard Jones, Performance Data and Insight Manager and Hannah Carter. I understand there's going to be a presentation, I don't know which all you want to take it but maybe is the presentation first or do you want to introduce this paper which is easiest for you Richard? Okay, if I introduce it and I hand over to Hannah who will share a screen on the call for everyone just to talk through a bit more detail about the changes and updates to the Risk Management Policy were proposed as part of the paper. So yeah thank you that chair. So there's two main parts to paper before you view to the committee. First of these to seek your feedback on our proposed revisions to the Strategic Risk Management Policy which just said Hannah will talk you through shortly and the second is to provide you with our own assessment of our implementation of our current Risk Management Framework and also to provide you with an overview of our current student risk facing the organization which I would be familiar with is part of our regular six-monthly reporting to you as a committee. Just briefly provide a little bit more context on some of those parts we'll hand over to Hannah. So in terms of the update to the Strategic Risk Management Policy to have a little to remind you why we've undertaken it now both in terms of our own self-assessment arrangements, the feedback from this committee and the feedback from interlord and our general desire to strengthen risk management and the organization's sort of led us to complete the review before you today and obviously the evidence feedback from all all those sources including yourselves has been considered as part of the policy. So thank you for your challenge and support in it. It's so far welcome anything further today. I think it's going to emphasize that the policy review has largely built upon arrangements we have in place. It's not looking at radically changing the basis and foundation we've got which I think it's worked as it's looking at strengthening and developing on our arrangements through the policy and we've presented three parts to pre-part to you tonight today. Firstly the policy itself secondly the risk appetite statement which obviously a key development within the policy and thirdly we thought it was helpful just to attach the sporting risk guidance as well and this is one of those as I mentioned earlier one of those many guidance documents we have in place to support services to actually implement some of our policies and in this case this supports the supports of guidance. This supports the policy sorry but as it's guidance it's not you know formally part of it but we thought it would be helpful to share with you as part of your scrutiny. The second part is our effectiveness of our assessment of our effectiveness of current student risks. Again this is building upon I think the last assessment review which was in February one of key updates just to bring your attention to which we factored in is we've had the conclusion of the internal audit review of our risk management arrangements which we we've considered as part of this assessment and then that gave a reasonable assurance rating you know with some areas of strengths and some areas of development and lots of which have we've embedded within the proposed revisions to the to the policy and then final part is to provide you with an overview of our risk register. So the main update changes to risk level summary of the key mitigating actions that have taken place that have been delivered or behind schedule in some cases in the last in the last six months since the last brought to you and as as you're familiar with now the responsibility to scrutinize the actual fall detail the risk register will go to performance and overview scrutiny committee in May and the the fall register will then also represent its cabinet to be be endorsed in in June. Finally today I don't know if you're going to cover the action points on the work role now would you want to come back to that? Coors just become back then because there's a lot here which need to to unpick it so finish the introduction and then go back please. I'm going to do a guide you through the policy changes. I'll just share my screen and we have a short presentation to go through so hopefully everyone can see that. Yes. So Richard has just covered these main points why we've done the the review and the role of the committee and so if I just go through some key changes so firstly we've looked to expand the description and introduction of wider risk management arrangements that the council has in place and so this has helped us to link to tedious management with the wider arrangements and then also to provide an additional level of assurance to both officers and members and that the arrangements that we have in place are wide ranging and also robust. Secondly we've looked to adopt the three lines model which is derived from the UK government's orange book on risk management and so this has helped us to more clearly define the responsibilities for risk management including the separation of risk management and overseeing the risk management process and this will help us to delegate and coordinate risk management roles within the organization. Next is the introduction of horizon scanning into a policy so I'm sure you all know when identifying risks there's a need to look at both what's currently happening but also what is going to happen and so we will use this horizon scanning model to produce sorry risk radar report on an annual basis and this will outline potential risks that may impact more mature overcoming years so this will help us to identify key uncertainties and challenges that may affect our organizations objectives and operations and thus help us strengthen our risk identification arrangements. Next is the introduction of direct risk registers so these will help us to track and manage the most significant risks facing each director. We currently have over 50 service business plans and these all feed into our singles treated risk register and so these direct at risk registers will essentially form a middle man between these two and sit between them and help us strengthen our escalation de-escalation and risk identification process and will also help the directorates in facilitating more robust and often discussion of risk. Next is our risk monitoring reporting so we have worked to further define our risk monitoring and reporting arrangements and this includes setting out how each element of the risk monitoring process should monitor and manage risks and how these all link together and we've also worked to outline our reporting arrangements on risk management including the role of this committee in overseeing the effectiveness sorry of risk management process and the last significant change we want to highlight is our risk appetite statement so we have worked further to define the organization's risk appetite through setting a risk appetite statement and we set a risk appetite range for various categories of risk based on organizational activity so this includes Chijic, financial and environmental etc. The risk appetite range is from a lower limit of a verse to an upper limit of eager and we've gone for this risk appetite range model to allow for differing risk appetite to be applied to different activity that may be contained with the same risk category. This risk appetite statement will set separately to the risk management policy and this is to allow for more regular review and update to ensure it remains relevant and appropriate and so that's it for the key changes that we wanted to highlight in terms of the next steps for this policy and following consideration of feedback from this committee the policy will be presented to cabinet in June for formal approval and following cabinet approval we will work to embed the proposed changes and strengthening arrangements that are currently in place as part of a phase introduction and work with officers to embed this policy. Thank you. Okay thank you Hannah. Let's go back to Richard. Richard is going to pick up fee and pick up and cross reference to action three in the action list and highlight how we go into how this is going to be addressed back to you Richard. Yes thank you Jim. Yeah so so your action list contains an action around which corporate risk control policies is committee you should review. So we've considered this as part of the review of the policy as Hannah just outlined we identified under section 2.3 of the risk management policy other arrangement which are integral to managing and are part of student risks. So these are health and safety emergency planning, insurance, finance, internet audit, information governance and cyber security some of which I know you already have oversight of a committee others maybe you haven't had as much or or any site of it in your forward work program so far. So our proposal is as they are embedded in our link to our student risk management policy we think they're appropriate and logical that the committee has oversight of them. We've proposed in that as each arrangement each of those arrangements has different arrangements in place. It's important they're considered each individually and in context of the various governance and accountability arrangements they have but as a first step in your oversight to that we've proposed an in agreement with the deputy chief executive as well. We've provided your forward work program for July and I tend to bring together a composite overview of each of those as the first step in your oversight and then as a committee you can take a view from there. So that's our proposal to respond the action by obviously subject to your views cheering the committees. Thank you. Before we go to questions just to say thank you very much Richard and Hannah for great work here. I have the opportunity to speak to Richard several times and provide comment and feedback and much of my feedback has been addressed in the drop in the version you have before you which which really pleases me without wishing to constrain any comments questions or concerns. Yeah this committee has my personal view and it's a personal view is that this is the best articulation of the risk management framework I've seen in the public sector in Wales by quite some margin and it's a real sort of credit to the team involved with this and Peter if you could just take that compliment it is a great work and I'm really pleased with the progress made in terms of starting to articulate a risk appetite. That is a foundation for all good risk management and many public sector organisations shy away from that or paid lip service and I'm really pleased with the high quality intellect applied to this challenging piece of work. Saying all of that there's some real challenges now about operationalising and embedding this and this is where the senior leadership team and Dr Peter Davis our deputy chief executive to take an active lead in supporting Richard and team in this endeavor because it's essential to the ongoing viability and success of his council. I'll pause if you have a comment to make but let's go to questions and comments please members. I thought you'd look across at me then. I agree with what you say it was a slog going through it. I'd admit that it was a real slog but it was all there and you know it was difficult to punch any holes in it really but yeah it was a very very comprehensive report so well done. Thank you Phil. Peter. Yeah thanks Sharon thanks Richard and Hannah for that work. Just really something that perhaps we as a committee could recommend to perhaps front of the scrutiny committees or cabinet member to pick up on from the report and that's on 2.3.2 reference there to the Gwent local resilience forum and in particular to the community risk register. That register is clearly written for the public to read you know good see from the language and so on but I suspect that the great majority of our residents are blissfully unaware of of that document although no doubt it's hidden away well not hidden away it's it's secure somewhere on our on our website. I just wonder if we could recommend that some either one of the scrutiny committees or whoever have a look at whether we should be doing more to publicize that that register so that some residents they know what they can do to help themselves but they also know what we as a council can do to help them if if the risks become realities. Thank you. Thanks Peter. Richard able to give a response to that please. Yeah I think it's really important part of our arrangements and you know it's why we would innovate it in terms of you know we'll be looking at from an organisational perspective so relevant risks and one wish we came to council's delivery of its objectives we'll also feature on our street interest register as well I think in terms of you know clarifying the roles and responsibilities as I just mentioned is that emergency plan will be one of those areas linked arrangements that we've proposed and to bring back to you in in July you know clearly that register is an important part of it so in terms of you know any further action or oversight it might be you know helpful for the committee to receive that paper and then you determine any other further scrutiny or activities in result of that. Yep I've had some sensible way forward thank you Richard. Martin. Thank you Chair and I just reiterate your comments I think it's a terrific piece of work really comprehensive. This I presumably going to be some training alongside this again to make sure that people understand what their roles and responsibilities are and that's particularly the introduction of director at risk register I think is a really excellent way of connecting it feels like a big gap from 50 to 1 and hopefully that means that director at senior leadership teams can have the regular discussions with us. I presume somebody is the risk management champion over to I don't know if it's you Richard but somebody in the organisation is that's that role and so somebody put some challenge into the process so when the director of risk register is to exist and things bubble up to the corporate risk register that somebody says why that and what's happening here you know we just check it and being you know putting a level of challenge into the risk register I think that that would be important. There's a really interesting comment about risk tolerance in here which I always describe as the number of plates you spin at once and that's really interesting as well because you're going to have individual risks and they can add up into something considerably bigger so I'm pleased you've tried to articulate that. There's a section of risk appetite and I hear Hannah what you say about a range but I think that there are risk appetite statements are guidelines and then maybe exceptional circumstance where you go outside even even a range but if something happens that so the upside is so big that you might want to take that risk and I think it's worth saying it's okay to go outside these as long as it's well you know the management magic phrase and if all your whales are here they now they'd still say this well managed risk taking is what they're after so if you've considered all the episodes and all the downsides and you made a decision and it goes on they won't kick you with well that's what they say in theory I will hopefully we won't get that point. Finally on horizon scanning I think that's it's also great that you've mentioned that I just wonder there's a lot of discussion in the paper about world and UK events that might sort of come our way there's also local things which you might think about so I wonder how you incorporate some more local horizon scanning whether there's going to be a risk management group of sort of willing people who are going to have that sort of a little bit of blue sky thinking every now and again that might be really helpful and if you really want to give your risk register the next level you can actually have the horizon scanning built into your risk register in terms of how far away is the risk and I've seen some risk register as well as you've read up the green for the scale and the risk there's also a proximity alert which is which in some place they've used blue as the sky is blue it's a long way away or grey the clouds are coming and black it's raining and it's here and I think that's kind of helpful as well in terms of understanding how far some of these things are because if it's a legislation maybe a couple of years down the road but we know it's coming versus a Q&A now kind of risk thank you Richard thank you thank Martin for the comments I think you know overall it raises a very important point you're a thank you committee chair and everyone for your feedback there's a team effort particularly involving Hannah but a wide range of colleagues so we'll take that back I think the important point you've you mentioned there Martin is about then embed in this I think you know Hannah Hannah may kick me into the table for this but this is almost the first part the big part then is actually operationalizing this and applying it and make sure people train and stand what it means applying it within the context is meant to be applied and applying it robustly as well I think that you know that is the next step for us you know in terms of our self-assessment report we bring to you as a committee we will be looking to know both test ourselves on that and give you assurance or or any areas where we think we're still to develop you know part of our process to bring this forward over so over the next six to 12 months in terms of embed in different parts of this policy once it's approved by by cabinet hopefully in in June and that allows time to make sure actually that those requirements are understood the processes and structures where they're not currently in place or they need to tweak are changed and that that understanding of the arrangements are really important I think you made a good point about you know risk appetite it is those guidelines it's partly why we went for a range is to provide that guidelines but I need to be applied appropriately and you know both in terms of well managed risk taking which is ultimately the heart of of what this paper is trying to try to get to we do you know as a team provide some challenge to any new risks and move forward but ultimately also then we've got those responsibility holders within the process set out in the policy to actually make those decisions as well to determine you know what's escalated into yes late off the studio risk register and I'm guided by guidance as well then yeah thanks for the helpful comments on sort of horizon scanning I think an area that you know so could be valuable in your forming you know just the next few months for the next few years in terms of our risk management and our policy development as well yeah and certainly looking local as well as you know regional and national trends will be important again something will be you know keen to engage a range with you know both both partners locally and regionally and nationally in terms of the evidence we can gather to inform that and again you know some of those challenges will be unique to mama show but some will be more localized in a different way or presenting themselves specifically in mama show we need to be aware of so yeah that's when we know a lot more to come great thank you Peter thank you Chair Tony just very briefly but first of all I probably don't want to take the plaudits as was maybe being suggested earlier to recognize I think what what's an excellent piece of work I think that's been I think that's with Mack Aitos and obviously Richard and Hannah but I think it's probably worth while we mentioning just echoing I guess Richard and Hannah brought this in front of strategic leadership team a few weeks ago I think the reaction and the response is very similar to your own chair and that of the committee I think this is an excellent piece of work it was unanimously supported I think it's the next stage of evolution I think in terms of our risk management arrangements I'm also particularly pleased in the way that the debate in the conversation took place SLT in the sense of really pushing back at immediate adoption and in fact that point of six to twelve twelve months leading because actually it's it's affording what is in fact the necessary time I think for us to be able to transition up into into those arrangements and make sure that they are using Richard's words properly and appropriately embedded I think the final point really is back to the action on the action log that I think Richard has talked well to and I think that there seems to be general comfort about bringing that report back in in July but clearly there'll be a piece there just in terms of being able to demonstrate back to the committee the arrangements I think rich probably take a second a second opportunity hand in hand with it to maybe take the policy now in its rewritten form and be able to actually apply that lens to it as well so it's maybe you know cutting our teeth you know with the new and updated policy on those identified corporate arrangements I think it's probably a really healthy thing to do up front okay thank you so let's look to conclude this matter if we turn our attention back to paragraph two recommendations it is a view of this committee that it recommends the policy for adoption by the council it is comfortable with these self-assessment results are set out within the body of his paper and it is comfortable with the proposed way to address the action tree and action list by by means of bringing forward a paper to his committee in July setting out relevant information so thank you one and all we will now move to the next item which is the internal audit plan at agenda item seven this paper being introduced by Jan Furtec our acting chief in ten Lordita Jan as per usual assume we've read the paper but draw out key points please thank you chair yes so this report aims to inform members of the governor's not a committee on the work to be undertaken by the intern lordit team at an operational level during the 24 25 financial year and I'm requesting that the committee review comment and approves this audit plan so the mission of intern lordit and the reason why we are here is to enhance and protect organizational value by providing risk based and objective assurance advice and insight we're an independent team we provide objective assurance and also consultant activities designed to add value and to improve the organization's operations we use a systematic approach to evaluate and improve the effectiveness of the risk management framework the control and governance processes within the council so the audit planning process takes into account all possible systems processes sections establishments that could be audited within mommasher this includes all services activities and functions which mommasher commissions and or delivers via a third party or via collaborative and partnership arrangements for the 24 25 audit plan the total number of available days amounted to 1300 that was based on five full-time equivalent auditors in the team for a full year we then take off an allowance for planned annual leave any sickness or estimated sickness training management time and admin time which is deducted and to give us our operational lordit days for the year so that calculation has left us with 813 operational days which we allocate across all service area director it's on a risk basis so the summary of that can be seen as appendix one in the report within this 813 days we also set aside 70 days for any special investigations where they could be allegations of fraud theft or bribery against employees of the organization and to also complete any reactive work as we need to if the intern lordit service was to complete a review of each of the service areas which would either due for audit or had not yet been audited and during that during the next financial year the resource required for the team would account would amount to around 2873 audit days therefore the audit plan has had to be risk assessed and prioritized to match the resource of the team chief officers and all heads of service were given the opportunity to contribute and to shape the audit plan the initial plan was provided to a meeting of the street leadership team along with chief officers in the departmental management teams to discuss and to refine a copy of the draft audit plan was also due to be presented to the meeting of the governance and audit committee on the 14th of march this year however as the meeting was cancelled a copy of the covering report and the audit plan was sent to all members via email as an opportunity to provide comment and to highlight any requests these have been taken account when devising the final version of the plan so there's a couple of key changes between the draft and the final audit plan these are highlighted within section 3.13 of the report and the majority of which were work in progress at the end of the flange leer which we didn't quite get over the line and to be issued as draft by the 31st of march it's important to highlight that this plan may change as the year progresses especially if the risk profile of our audit work changes it is intended that the audit plan remains fluid and will be dependent on any new priorities or risks emerge into the council so we can do reactive work as and when we need to this plan will therefore be reviewed quarterly by myself as the acting chief intern lordster and discuss regularly with the deputy chief executive and chief officer of resources and also the chair of the governance and audit committee as and why necessary if we do need to significantly change the audit plan that will be brought back to the committee for further approval consideration is given throughout the audit plan for the appropriate level of resources for intern lordit at mommasha came to council the current establishment of five members of staff remains just about adequate for the current level of assess risk although this will be considered as part of a later item on today's agenda it's worth noting that if there was any unplanned absences such as long-term sickness accomments prolonged investigations or prolonged reactive work undertaken this could significantly impact on the audit plan as cover is limited so the 24 25 audit plan is attached as appendix two to the report the audit jobs have been risk assessed and prioritized which matches to our available resource for the year we therefore have 47 audit opinion jobs and 25 non-opinion jobs incorporated into the plan and it is my opinion that this will be sufficient audit work and coverage to provide informed end-of-year audit opinion to committee this time next year so governance and audit committee are responsible as per the terms of reference of the committee to approve and monitor the intern lordit plan over the course of the year quarterly reports will be presented promptly by myself informing committee of the current progress against the approved plan the opinions issued issued an assembly of all unfavourable reports the committee's role is to hold officers to account and provide oversight of the audit process and the organizational system of internal control i therefore ask committee to approve the 24 25 audit plan and happy to answer any questions thank you Jan questions or comments please Martin thank you Jan it's very comprehensive as always one thing i don't get a flavour from from the the table of appendix two which lists the audits you have yes knows as the order to do and then you alongside the ones you have chosen there's a risk level of mediums and highs obviously no low level ones all the ones that are yes but you're not including i presume they are lower risk level and the ones you have included i presume that's right um is a good question um so in terms of the column with audit due so that's basically any area that either has not been audited or hasn't been audited within a five-year period we then risk assess each individual review to ensure that we concentrate on the jobs that need to be done within a year so um a good example could be second one on the list budgetary control capital that that would be a high risk review it is due there are a number of reasons why that has not been included within the audit plan for the current year um but it will be picked up most likely next year as part of the audit plan so there could be other ones like that it's all part of the risk assessment process thank you yeah and i figured there was more to it than meets the eye initially okay that that's helpful i'll come back to resources in a second but one thing you you you you you brought my attention to was powers 37 and 38 as you said they've got five whole-time equivalent stuff which adds up to 3,300 days and then you've said our allowance the lease signals training management admin is deducted and that brings us down to about 800 days so we lose 500 days or i don't know what's what the heck's that best part of it's over a third of our time it's a non-productive audit work and it'd be interesting how we talk about key performance indicators i thought that's not a particularly good place to be in i understand entirely staff we're entitled to leave and if staff are sick etc but that feels like a big big chunk of training management admin from our from our work i just i like to that the other question i was going to ask is around volume of work and the width versus depth and whether 72 jobs is too many jobs whether you can do more jobs or you do less jobs how long it takes but that's those kind of questions thanks John thank you Martin um yes in terms of your first point it does seem a lot of time um obviously annual leave is and bank holidays is statutory obligations we have to take that off and we have been quite frugal in terms of the calculation it all is all done scientifically in terms of um across the team to do this calculations we put in a nominal amount of sickness obviously we we don't know and hopefully none of my team will be sick over the next year um but we have to put in a nominal a figure on that obviously if there is um spare capacity during the year um sickness allocation has not been used up management time has not been used up admin time has not been used up um then members of the team can do potential and planned work and we add that back into the reactive time or we're a job has um overrun uh for whatever reasons it could be additional work required out on site then that can be used to offset some of that time as well in terms of your second question in terms of depth versus the number of audit jobs and that's part of our risk assessment um for each individual audit review so at the start of the year in that audit plan i put in a an estimate of time that we need available for each job so that's based on cumulative audit knowledge um that's not to say that a job might not overrun because i've put it down as 15 days and it might require 20 because of the level of depth that we need to go in to um during that review so each individual review is scoped we ensure that we cover all the high risk areas within that obviously if we had more time we could cover more areas and but we are trying to get as much audit worked and as much coverage across the council done with it with our resource thank you go to peter next please yeah thank you john um it's clear for me a report and and from your your answers that you've got a team who are dealing with a very heavy workload that you're only able to deal with with very careful planning um are you able to sort reassure us that your team are feeling positive about their work that they're not feeling overwhelmed by why that amount of work so that they're perhaps suffering from excessive levels of stress and anxiety because that in itself is is a risk um both from the point of view of our duty of care to our staff but also in terms of you know if we have those situations then people do start to go off sick and so on and then the NSA work doesn't get done things slip under the uh under the radar and and so on so i don't know if you could comment on the the general level of morale amongst your team yeah thank you for the question yeah so i'm not not going to lie audit work is is very challenging um the team are quite often put in quite uncomfortable situations especially when they go out on site um they have to ask a lot of questions that potentially sometimes are not welcome um and obviously deal and deal with that accordingly then especially if management disagree with the line of questioning or the recommendations which they then issue um so it is a difficult auditing is a difficult job um it's my role as um the manager of the team to ensure that the team uh um the team morale is is there that um members of staff feel supported when they when they do audit when they go out on site um i like to think that i support i support the team um and make sure that they they know they've got um got someone's got their back when they um when they go out and ask ask these questions um i'd like to say that the morale and the team is is quite good at the moment um and as we move on um i'm not not gonna say that let's say this it's a difficult job um and will the proof will be as staff remain happy staff remaining in work and issuing issuing audit reports yes just say thank you for that don't not make yourself a hostage support you now don't take take quick care and thanks for the clarity of answering and that little insight you you you've given us into the difficulties of of the nature of the job and uh certain circumstances i think many of us just don't appreciate unless we're reminded about it thank you yes that is the addition maybe um noting that there's an inherent tension between the order team the order term but generally orders are treated with respect for it Monmocha is that correct? yes that would be correct yeah great okay we'll go to Rod VNX Vince era Rod V please thanks thank you um just think in terms of forward planning uh yan at uh 4.7 it says about the global internal audit standards becoming mandatory in uh January um but that you um you're currently waiting for the guidance i was just wondered in terms of time skills in terms of you getting that guidance and what the likely impact would be in terms of your work schedule going forward okay thank you yeah so the latest that we've heard um should i believe as a starter last week was that there's still no decision that's been made on the if the public sector internal audit standards are going to be updated in light of the new global internal audit standards or whether the global internal audit standards will be implemented across the public sector in the UK the last i heard was that although the global standards are effective from the first of January it's likely that the public sector will have at least until the 31st of March and before they have to come on board with whatever standards are going to be put in place and whether but they're still considering whether the public sector standards themselves will be updated or we go on to the global standards so at the moment it's a wait and see um i don't think many heads of order quite happy with that we want to get going if we need to make changes we want to make them i know i've got a presentation down on the work program to give committee which we keep on pushing back there's no point in doing it until we know what we're what we're actually going to be playing with um so it is it is on our radar and we will look to implement as soon as we as soon as we know thank you Sarah please thanks chair a related question to peters i suspect and that chair knows that i've always said that strong audit is what and it enables an operational manager to sleep at night um i was concerned to see that in the in the audit plan a number of areas which had not been audited for some time or indeed in some cases ever um presumably because they were regarded as low risk but i'm just to what extent do you feel the team is is playing catch up on on previous years and things that have not been thoroughly audited previously i don't want to say that hasn't been thoroughly audited previously um it is just the volume of transactions the volume of areas that a council will and has to manage um we can't get across to everyone i mentioned that ideally we'd look at every area across a five-year period i think that is nayon impossible the the amount of actions that and the amount of teams across the council that would require some oversight and then this certain reviews that we want to do every year or every other year and some some of the fundamental financial systems like council tax um debt recovery we want to look at those more often than than other areas so unfortunately that means certain areas that are considered more lower risk would get pushed back and likewise the new duties that the council take on at the same time so some of the things that have never been audited it might because it's been a relatively new duty so we're waiting for a period of time for the service to embed themselves before we then come in and look at them so there's a number of reasons why an area might not have been audited um obviously we want to get across to everyone i'd love that column to say everyone's done within the five-year period in reality it's just not going to happen unless pete decides to give me an extra five or six months of staff but that's going to be for his decision yeah i think um i think yan's answered that well i mean i think the only supplementary add to it is um in probably describing the horrors of horizontals and the verticals of the organization so you know there's a nature of uh you know a variety of the uh audit work that's within uh the audit plan that i guess is cross-cutting um and you look to get those assurances around for example payroll um as has been you know a good example of um you know and that um allows us to to be able to get that sort of overarching sort of level of comfort um or at least where um inherently um you see those controls playing out through the organization um but by its very nature internal order is uh going back to i guess Richard's last item um you know it's an assessment of risk um on the basis of you know the best intelligence that you have at a moment in time and i guess even an internal audit plan and the one you see now um is iterative in that nature there may be risks that will materialize during the year and and it happens um you know what it work will switch out and in accordingly and that's the way it should operate um but yeah we um you know you're never going to get through a local authority uh a whole array of local authority services uh even in a five-year time frame um but we have we we do have wider business intelligence you know it's not it's not always an internal audit um that will give you a level of comfort uh with regards to robustness of arrangements within one service area to it to another um you know there's other lenses that are applied as well and again all of that feeds in to the construct of what you've got in front of you now thank you okay i'm not seeing any of the hands raised so we look to conclude by saying thank you for the paper very helpful and this committee approves the order planner set out we want to item eight item eight is the external QA of internal audit uh so back to you yarn please thank you chair yes the purpose of this report is to inform the committee of the external quality assessment EQA of the internal audit team which has been recently undertaken to ensure compliance to the public sector internal audit standards the public sector standards require internal audit teams to undergo an external quality assessment once every five years and they should be undertaken by a qualified independent reviewer from outside of the organization it was agreed by section 151 officers and the whilst chief auditors group that each local authority would complete an internal self-assessment which would be validated by an external reviewer from an independent council this approach was used for the last EQA which was completed um in may 2018 and has continued to be the approach undertaken across the public sector over the past couple of years it's important to note that the external assessment should have been completed by May 23 on basis of the five-year period from May 18 however due to the resignation of the previous chief intern-lord in April 23 and myself coming into post later that month it was agreed that this EQA would be delayed until quarter four of the 23 24 financial year to allow for an honest evaluation and validation process to take place so Monmasher's peer review was undertaken during quarter four and this was done by the acting into lord and manager who has the head of into lord at responsibilities at kafilly county borough council they are provided with all the self-assessment information associated documents and evidence as they saw fit um to request the results of the peer review assessment and the validation process can be seen as appendix one which is the final assessment report in summary the review confirmed that the Monmasher intern lord team generally conforms with the public sector intern lord standards and the areas of non-conformance would not considered to be significant there was one area of non or partial conformance and three actions required to strengthen the existing areas the area of non or partial conformance was that the EQA was delayed past its May 23 due date this was deemed minor by the assessor and not material to the overall assessment so the required action is to obviously complete the external assessment and ensure that this report is presented to the committee there are three areas for consideration which would help the team strengthen the team's conformance so it's amending the core principles of internal audit practice based on the new global standards which will be done as part of a review of the internal audit charter once we know these including a direct link and a direct reference for the local code of corporate governance within the audit charter so again that'll be completed when we review our audit charter later this year and to implement a standardized CPD recording process across the team which has already been implemented so we had implement we had identified these as areas for improvement within our self assessment and that was confirmed by the head of audit at kafili so that's our external report can be seen as appendix one and happy to answer any questions thank you Martin not an odd question but it's not observation I think it's a terrific outcome for you and the team Jan and I think generally conforms is such a a sentence which doesn't convey how good a report it is because there is no higher level than generally conforms it absolutely conforms is what it should say and I'm really pleased so congratulations you and your team yeah thank you and with clearly I would echo those remarks so it's a well done please pass on our gratitude and thanks to your team as well are there any more questions or comments no okay in that case we conclude by noting the various satisfactory reports many thanks okay item nine the implementation of internal audit of three recommendations back to you Jan please thank you chair yeah so my final report is the monitoring of implementation of recommendations issued during the 22-23 financial year so the purpose of this report is to show committee provide committee with an update on the progress the operational managers of it have made implementing these recommendations and to also confirm that this report has been presented previously to the council strategic leadership team so again a requirement to the public sector interlord standards is that we monitor and ensure that management actions or recommendations have been effectively implemented or that senior management have accepted any risks of not taking appropriate action so we conducted our follow-up work in January 24 we excluded one report which was issued with a limited audit opinion which was our lady in st michael's primary school due to the unfavorable opinion the school was subject to a formal follow-up audit visit which took place during march 24 so the results from the follow-up audit will be reported to the school chief order to answer the governance and order committee in due course during the next meeting but i can say that it was a more favorable opinion our approach to completing the follow-up work was based on the fact that all recommendations and action plans are for managers to implement within their agreed time scales so the most effective use of our resource was to contact managers to complete a self-assessment they provided the details as to the progress made and we reviewed the responses to ensure that senior management have taken the necessary action so overall during the 22 23 financial year we issued 82 recommendations and table one within the report provides a summary of the findings it's pleasing to note that overall 84 percent of recommendations had either been fully fully or partially implemented where they've been partially implemented um the details of the actions taken to date along with the revised implementation dates were provided by the manager and reviewed by the audit team and we were happy with the with those explanations there were eight recommendations which was stated as not yet being implemented the reasons for their delay was reviewed by the audit team and new target dates for implementation were confirmed were confirmed by managers as table two shows the majority of these were due to a timing issue we followed up in january of the eight five of them were due to be implemented by the 31st of march so that it was already entrained the actions were already being taken um the other actions which are delayed between june to december there are reasons why and were comfortable that those revised implementation dates are correct there was three recommendations where managers effectively decided to accept the risk associated with the original audit findings although it's disappointing to note that the recommendations will not be fully implemented we are of the opinion that the acceptance of these risks will not result in any undue risk being borne by the authority um this report as i mentioned has already been presented to a meeting of the council's strategic leadership team in february this year um chief officers are made aware of the recommendations outstanding within their portfolio and the chief executive has asked that all chief officers review the report and satisfy themselves that appropriate action is being taken by management especially where the risks have been accepted and that the chief officer was also comfortable to accept that risk in addition to management um so that's the report and happy to answer any questions okay thank you very much well i have any questions or comments for honest reports please okay no it looks like a clean bit of health clearly um if anything changes in terms of example the chief officers disagree with the view of their fairs um as direct reports please update us otherwise i think we can note those reports and be comforted by what's been set out there thank you once again we now move on to item 10 item 10 is the proposed future delivery model for internal audits and asked peter davis our chief deputy chief executive to introduce the paper over to you peter thank you chair um i think this has been a subject of ongoing reference for the benefit of the committee to understand how we're gonna look to consolidate and move forward with the internal audit service and given the former chief internal audit Andrew watson uh leaving probably about 12 months ago and committee will be aware that we were exploring conversations around a variety of potential collaborative endeavors and notwithstanding you know yan highlighted the interest earlier but yan has been working very closely with me and through variety of other conversations to look to develop a much more mature position and obviously a business case that looks to present a set of options and obviously a recommended option to move forward um undoubtedly i'm you know working on the basis that uh committee members have obviously read through the report and you'll see that uh the conclusion that is reached there um is for us to recommend that we remain actually in house but importantly to consolidate uh both the resources the skills and and the nature of the roles uh within the team um and that's uh as a consequence um and i think as the committee will will know um um i think uh it's been certainly a desire of mine and certainly the chairs as much as the committees to to make sure that uh you know we draw um swift conclusion uh in terms of the you know the way forward um the report i think has uh rep you know represented in in report form uh quite an awful lot of work that's gone through by way of discussions and and and looking through the detail and you understand i guess by the options assessed uh that those uh those aspects of uh looking at cost and independence and flexibility that each of those models obviously offers um some some of those options uh i think that we were exploring fell away quite quickly by way of the conversations that we sort of evolved um and um you know you even though that they uh stood on similar fair footing i guess in terms of their scoring um i think probably the most mature collaborative arrangement um and probably potential option for us in comparison to the in-house option was uh the regional intern lordit service that's uh currently in place um but we've you know engaged in a number of purposeful discussions with them uh around that and they've uh to their credit they've been very open in terms of sharing of detail and information booked in terms of structures and costs and the like um and for us to be able to assess and weigh and understand that uh against uh i guess the option that we're recommending to remain in-house um you'll see from the report that um uh in fact uh if we had been to entertain the regional intern lordit service that would have actually ended up costing us more um yes i understand uh there is invariably a point in terms of resilience which is what will come into play when whenever you look at any collaboration uh in all honesty um but i don't think that uh in fact outweighed uh i guess those other factors of cost uh and independence and flexibility is afforded by the in-house model i think it's important to note the experience that we've had um and mappy to put that on the record in terms of i think any you've seen it you know meeting on meeting in terms of you know what yan has uh look to achieve uh and to the i think the questions about the morale of the team uh earlier um i've uh um you know been very much uh in a place of having that straight talking discussion with the team and with yan um and i've welcomed the nature of them coming back to me uh quite early on in terms of informal feedback and that you know they're very very pleased um in terms of the trajectory they've taken and under um yan's uh leadership um but i don't i don't think i need to tell you that um i think you've seen that so um in the quality of the reports that are coming through um so naturally um and this is an important part i think of just you know i'm talking here publicly on live stream um you know i do want to thank um the regional internal audit service for the opportunity they've presented at this moment in time um and it's not to say that there is any door shut on any collaboration actually um you know you're going forward i think that would be sort of a naive statement to make i think uh yan as well as myself recognizes that the the world doesn't have a dynamic and changing place i think we all know that um but certainly i want to offer the team stability in order to consolidate off the back of what's been a really good first year under yan's leadership um but i've you know i've rightly had to uh demonstrate that through the um the business case and the report that's in front of you today um i think that the sensible decisions through both of us uh myself and yan and working with the team i think it's um it's been recognized the slight change of shape of the team's structure i think the need for a full-time equivalent chief intern in order to i think um is is is quite key um and i'm not gonna i don't think i'm gonna criticize the the previous arrangement where we shared one with new port um but i think by the the experience i think of or at least having the opportunity to be able to consolidate that more fully as as one full-time equivalent um i think given the environment that we're in nature of the debate today and in terms of you know um having somebody who's going to be able to offer that level of dedicated time in that senior role and that senior position and we've got to go through process uh in and around that um and that's the uh the interest you're showing um clearly at the outset of the meeting um but i think the fraud aspect is also very important as well in inherent within that um i think yan um and i think well i think we both knew and i think the committee knows that there's a need to um i'm not going to concern around our arrangements um i think i just want um an additional level of rigor in and around those arrangements and again given you know we talked about risk through this meeting you know and that's an area that all public bodies um you know are facing um into in terms of those inherent risks of of fraud as much as you have shan and kath uh come in to talk about cyber security you know there are areas that we have rightly invested in um in recent years to strengthen our capabilities and i think now is the right time to do the same uh in and around um our internal audit work so so yeah the report i think uh talks to itself um i'm really interested to just sort of get feedback from the committee um and to hopefully get the endorsement of the committee to sort of move in this direction and certainly for this uh this next period of time so thank you. Thanks very much peter we'll go to questions we'll start with tony please yes thank you chair um the two questions well i want to comment and to tell us a question 4.11 you've touched on the detachment of a shared service without your experience of the previous way we operated or was it a shared service or a shared person at that time the other question is um there's an indication that there's an increase in fraud um have you been able to identify where that fraud why has he increased where it's come from i noticed we've got detection regions to find it out but is this something pre-pandemic or post-pandemic just caused um a lot of work and things like that which might create fraud like i'm assuming it's fraud within the organization rather before the organization so in response to the first question um it was a shared post it wasn't it wasn't a collaboration in the fuller sense um even though i think you know a deepening of collaboration with newport um was one of the options that is obviously presented in the paper i think newport um and i think if um if mary and my my counterpart was here today i think he probably acknowledged one in the same they're in a they're in a different position to us as a result of um i think vacancies that they've suffered through a period of time they've looked to buy in from the market and i guess they're they were in a slightly different position in terms of understanding fundamentally what their next steps were i think in the way that we've been able to consolidate um you know over this last year we we we're in a different position really in in assessing our options um but um so yeah on that one and again to my only comment there's no criticism there in terms of what was there before um i think it's just the opportunity of time and for us to assess uh you know what what the most appropriate next step is um sorry remind me on the second question sorry fraud fraud yes regarding the preponderance or are you as a word preponderance it might be wrong of an increased level of fraud i find fraud prevention obviously is this something which has come from post-pandemic so i might be home working so yeah so i guess if we if we if we if we sit the pandemic very specifically when we talk about things like business grounds aside um then you know we've we've not we've not got a pattern uh of significant fraud um even even despite the fact that you know we've got good arrangements in place um the the increased incident of fraud is something that is being seen across public sector so um invariably we we would be complacent i think to just sit on our laurels of low levels of fraud and just be comfortable um with the arrangements that we have um so um you know it's the need now for us to establish now that um that more dedicated role and um you know that conceivably inform i guess me and yan and the committee and in terms of and in the similar way to what i just touched on and with cyber security um and how we've evolved that in recent years you know that will that will guide us again in terms of the next step of our journey any any other questions or comments Martin thank you thank you Peter i'm a little surprised i guess that it's cheaper to be in house than to join with other organizations and i think you inferred that that's because we pay less um pay less and the gradings in which they in which the way that they assimilate okay across uh because they they sit differently and in terms of with the regional internal audit service uh to us and um that leads to upward trajectory in terms of assimilation over okay so it's a combination of it's probably probably the latter more than the former i think isn't okay so i was thinking about the risk is clearly if there are other organizations which are paying more for services we won't have yan for long because he'll go and get more money somewhere else for example for example of course he wouldn't easy loves it here and the other thing about having a smaller team is the specialties and it doesn't it isn't directly addressed i don't think in the paper things like cyber and it's very specialist areas where we have that facility in household we have to go buy that in yeah i think um i think it's the extent that we need to determine as to whether that needs to be drawn in or it can be developed i guess inherently within the team um so also you know it's kind of a conversation to be worked through so for example if we take something like the shared resource service the SRS which you've you know had a level of exposure on in in the last cycle and i guess Torvine has got a level of experience in that and undertakes the internal audit work in that area so sometimes you know that answer is not not not not too far away in terms of being able to identify the means to achieve that thank you that i think i think that's helpful i'm i'm supportive of the paper i guess because it's a it's a reasons positioned to be in but it feels to be running against the way the world is moving in local governments where individual organizations can't afford the standard they've owned yet in this case we seem to be able to and the clearly works out to be the case i wonder whether there's a lot of coverage on committees and sharing across grant etc but that got hula quickly purely on in this isn't it yeah and i'll probably make note of because it's public our seat RCT stepped away from the regional internal audit service in recent months you know they all have done that for their own reasons and in in terms of i guess as i understand it a bit of a consolidation and focus in terms of their own their own internal governance because they felt that i think in the way that it's been described at least it's you know it's allowed them to come back to i guess that bit around flexibility and being able to you know be able to really clear in terms of where you direct your internal audit resource so it's just you know it's just worth to note that and then the other bit on collaboration is you know collaboration in all walks of life in public service needs to be very carefully thought through you do not just collaborate for the sake of collaboration it's got to be for the right reasons so yeah and any assessment it's got to be a thoughtful one okay um Phil please yeah i was pleased to see the enhanced structure particularly in the current climate um quite refreshing really to see a team enhanced rather than depleted so yeah i mean obviously you accept that if we lose somebody there's there's a problem within the team but that's life isn't it um but no i think it's i think it's the right proposal i was just going to touch Peter on on our CT because i understand their model was to move performance closer together with internal audit which i you know that seems a bit counterintuitive to me that you know internal audit you know can hold performance back and and then perhaps not not best place to be too close together so i'll see i mean three moments of experience of me that perhaps that's uh that's the answer for someone else but uh but it didn't seem sensible to me okay i'm not seeing any of our hands so a couple of comments and one question i think um thank you Peter for paper i'm grateful to officers for early sight of draft of this this paper and the opportunity to provide feedback um i think it's it's a very good well thought out paper and clearly they're supportive of the recommendation i think it was important for our people that is the staff and this committee that we give certainty in terms of what the target operating model was and come to a swift and very sensible conclusion so yet again thank you Peter for your hard work in pulling this together so i so clearly clearly the recommendations accepted my question is is around timetable and all next steps i think the paper will say onto that could you just give us some insight in terms of what the next steps are please yeah thank you chair just remind me it just allows me the opportunity to come back in because it was one important piece i forgot to mention which is that um as you naturally expect it part of a proper process there's been a level of staff consultation um you know this extended obviously beyond yan but with the rest of the team um really good feedback received um but you know again very supportive in terms of the direction of travel um but not in a way of it the the option that being chosen is of course the option of least change for such colleagues they have actually come back in with very constructive uh comment i guess and in terms of how this can actually look to um put uh the internal audit service on stronger footing going forward um so that's that that's just good to acknowledge um so we've so we've already been through that uh hurdle back to your point on timeline uh so that's cleared so on the basis of um an endorsement uh today uh by the governance and audit committee we will be almost immediately looking to uh to to make move therefore um i'm looking to try and streamline uh the process uh as uh as much as i'm able to but obviously in in office offering fair opportunity i guess for the for the roles that are obviously um brought forward as part of the process um so you know i wouldn't want to get oh touch wood uh i wouldn't want to get passed um and the summer really uh with us um not having this uh or implemented in through okay that sounds positive thank you very much so clearly you have a committee's endorsement and look forward to an update in terms of when it's actually been implemented thank you once again we'll now move on to item 12 item 12 is the reformatted uh committee forward work plan may i just pass my thanks to wendy and i think Cheryl for the work they've um they've been involved with in terms of developing it i was content of the content uh but were there any questions or comments members no we'll then move on to the minutes of a previous meeting yet again i've reviewed vv's and they have no particular comments or questions but may look to members for their views happy to approve okay we will we will we will approve those minutes thank you and the final um the big part i shouldn't just confirmed we've already addressed item 11 so so at the top end of this meeting the final then that is to confirm the date of next meeting hopefully this new diary is 6th of June and think that concludes this committee meeting so thank you one and all [BLANK_AUDIO]
Transcript
Okay. We will now move to item three public open form. May I just check Tony? Your mic is on. Did you wish to speak? Okay. Public open form. This is the opportunity for members of public to address the committee to raise any concerns or relevant matters. Wendy, have we any members of public who wish to address this? That no chair. Okay. In which case we will move on to the action list. There's four actions in the action list. We'll start as this tradition with the first one and that's in relation to a paper, possibly an informal paper on finance team capacity. Members will be aware this is a long outstanding paper. So I can see John Davis head of finances on the lines. John, can we kindly give an update in terms of where we are of this paper, please? Yeah, afternoon, everyone. And thanks, Chair. Yeah, I think I communicated via email over the past week or so that the paper is near and completion. It's not a paper that is going to come in front of the committee as a report as such. So this is very much an operational paper that outlines the changes required to the finance structure. It's, as I say, near and completion. So I'll hopefully be able to share that with yourself. Chair, at the same time as it goes across to Peter has in his role as chief officer for resources to be able to consider and sign that off in the Peter's role. So yeah, hoping to be shared this week. It's near and completion. It doesn't mean an easy one because it encapsulates quite a few temporary arrangements that we've had in place. So just needed to bottom those out before bringing that forward as a final version. Hopefully that gives us an update. So John, thanks for the update. We did discuss it. We're at the pre-meter week or so ago. Given how long it's taken to see the light of day, I did strongly indicate that I'd want to pay per bike end of this month, which is effectively tomorrow. So I would like it. Water and all tomorrow, please. Are you happy to do that? I'll work towards that, Chair. I'll take a look through and hopefully share something at the same time that is sent over to Peter. Thank you. Much appreciated. Okay, we've gone to the actions. Actions 2 is not due until next month. I'm not going to go to MAT unless he signals that he wishes to update this point, but I look forward to seeing that paper at next month's committee. Item 3 is included within Richard Jones' excellent paper on risk management and item. What is it? It's fair. Item 6, conceived of looking. So what I'm going to ask Peter Davis to provide an update unless he wishes to at this stage and similarly item 4, that's not due until late in the year. So no update of this point is required. If we could then move on to item 5. Item 5 is the Audit Wales Program Council Board of Wales Work Program Council Progress Update. And I believe this item is going to be introduced initially by Hannah Carter Performance Analyst. So Hannah, over to you, please. Thank you, Chair. Yeah, so today we have the Audit Wales Work Program Progress Update for members to review. This is a six-monthly report that was last presented to the committee back in October. So this report provides an update on the progress being made by the Council in implementing the findings of Audit Wales reviews. This includes both local and national studies published by Audit Wales. So for our local studies, recommendations that we deem require further attention are marked as open. And then when a recommendation has been assessed as been adequately addressed, it's marked as closed and an explanation might be provided. So the local reviews currently marked as open can be found in Appendix 1. These include a review into financial sustainability and also a review into asset and workforce management. As well as these local studies, Audit Wales also publish national studies. And whilst the findings of these studies may not always be specific to Monma Shaw or necessarily pertinent, we do share these with the most appropriate service area to consider their findings and recommendations and to respond accordingly. And the Council's management response to national studies can be found in Appendix 2. There's been just one national study published since the last update provided to the committee, and this is into regeneration of Brownfield sites. Something to note for the committee is that the management response template for our national studies has been adjusted very slightly to include a responsibility holder and time scale. And this is to ensure alignment with Audit Wales's organisational response forms that we are required to complete following these national studies. The committee is asked to scrutinise the Council's response to the Audit Wales work program and seek assurance that adequate progress is being made. And they are also able to refer any issues contained within the national studies for other committees to consider where they identify their findings that may require some further scrutiny. And I'm happy to take any questions that you may have from the report. Okay, thank you, Hannah. Let's go to members first for questions and comments. Martin. Thank you, Chair. Thank you, Hannah. It's a helpful report. If I write your reading this, these are only the Open Audit Wales recommendations, so there are some which have been closed. It would be helpful, not for this time, but for in future, just a brief summary of the ones that have been done just so we understand what action has been done to make sure we've closed that off happily. Specifically then, on the appendix one that's here today, and the finance proposals, the bottom one and the finance proposals on page six of the paper talks about robust details, review of plan savings brought forward to ensure impact on service deliveries mitigated where possible. And it says March 24. That's so, I presume that hasn't yet happened, always in progress. Yes, so this is referring to setting a balanced budget, which was then done in March 24. That's why it's not as much 24. So that action has been done. Ah, but it's because it's part of a bigger overall action, which has the opening of that way, it's a looping. Okay, that's really helpful. A couple of other places, however, where the actions are marked as ongoing. How on earth do we ever close off an ongoing action? Yes, I think that's the first point. I have closed actions as well. It's going to be helpful and I'll come on to the ongoing one. In terms of close, there aren't any actually within this report that close, but it's to say when we close an action, we will also include a rationale for closing it within this report. And also, I know all the way else colleagues on the call are planning further follow up work on closed actions as well. So that may help the committee and certainly help as an organisation. In terms of ongoing, I think it's a fair challenge. I think some of the nature of the actions is, Hannah's just sorry. Hannah's just pardon me. As Hannah's just described, we'll have a specific end date, so we'll set the budget on a certain date and we can see the actions closed. Some of the things we're doing are looking at ongoing incremental improvements to how we deliver in services. So, the one in front of me around the asset management plan has now been put in place. Within that, there are a range of actions and activities that will set out different milestones and measures which they want to deliver. It's difficult for us in one paper to wrap all those up at a headline level, too. But I think it is a fair challenge and something I think we'll take back to when we're working with service areas we respond to these, try and pin down clear timescale. So both we and you can hold them to account for delivery and I'm sure what it was, Connie, to say the same. Thank you, Richard. That's really helpful. What I don't want to do is force officers into setting realistic deadlines to get things done. So I'd like them to think about these things. And if it is complex, it is going to take a while, let's be honest and say it'll take a year, it'll take however long it takes. But I hate ongoing because you can never close it off, Connie. Thank you. Any other questions or comments, please? Okay. Before I turn to order Wales for various views on this paper, just to please say I didn't see you. With regard to the empty land and buildings piece, I'd note the response. I mean, we don't have the same issues in Momshire that a lot of authorities have do. And I know that officers are aware of where the brownfield sites are and what they are. And of course, it's great that the authority is sort of putting its own house in order first through the asset strategy. But I wondered whether we are actually meeting the challenge of being given with the audit Wales to be ambitious and interventionist and whether the sites that are around the county, are we aware of which collectively as an authority and being aware that that's very much cross departmental, are we identified those sites which are not coming forward in the normal, through the normal course of things, through the LDP or through anything else, and where the authority may need to intervene to avoid that site becoming a continuing beat to be a blight. I mean, I'm sure we can all identify a few around the county which are where there are ice walls where nothing appears to be happening. I think it's difficult for us to answer that when no sponsor of the service here, I think in bringing the paper forward with the committee, there's probably two roles. You've got one is a show on yourself around the initial response. The second one is if you think there are elements here that could be followed up in more detail, that could be something, for example, you refer on to a scrutiny committee, for example, to look at where this, obviously, I know the planning policy and the local development plan, for example, it is already part of the work program. Secondly, and more specifically, we can take that question away in us for the service here to provide a return response. So, I believe it to the committee to decide what further action I'd take, but I'm happy to take the specific question back to you. Thank you, Richard. Thank you, Sarah. You made some important points there. How do you wish to play it? We can ask the officers to come back to us with a fair update, or we could refer to scrutiny, or even potentially ask a relevant officer to attend this committee, albeit I'm not very keen at that last option. Have any thoughts, please, Sarah? Perhaps to identify whether we have a list, as an authority, do we have a list of the brownfield sites in the county and the sites in need for regeneration, and are we aware of the current status of those? I'm sure Phil will know more than I do. Phil, please, quite honestly, Chair, that's one for the replacement local development plan, which is due to P&M's by cabinet in September. So, I think Sarah would probably be better waiting until she gets that, because whatever there is at the moment could well change by then. Tony. Yeah, thank you, Chair. Page 11 on your report, I won't read all of it, but it says, this is the Council House, and can this directly involve communities in its development of the county, where you engage the stakeholders throughout the development of the replacement local development plan, et cetera. I won't read all the paragraph. I think that Yann knows what I'm coming from. Can you assure me that there will be that continued and regular involvement of communities rather than just righted down on you? I think, well, the response is given by the head of planning, placemaking, highways, it's a long title, highways, and flooding and regeneration manager. So, that's what they've committed to do in the response. I can't personally respond to that, Chair, but again, we can ask you if there's a specific question for the officer to respond. Yeah, so I do have some sympathies with Richard's view. So, Tony, I don't know if it's best asking that question directly to the officer outside of his forum, but if you're not satisfied, please bring it back, because it is related to the points within this paper. Yes, they've got concerns, yes. Okay, thank you, Tony. I kind of check, Sarah. Are you happy to wait to see the LDP in September? I am. Yes, thank you, Chair. I think that's an excellent suggestion from them. Okay, thank you. Just a few comments from me back to the finance proposals. Clearly, a critical set of actions here, and, you know, we have, as a committee, asked to be engaged in the development of a financial strategy, and I do note that the financial strategies on the agenda for our meeting next month, and I'm sure that that will come forward as appropriate, which is really, really important, and certainly sort of the scale of the action set out here, and what the outcome actually desired is pretty significant and critical to the continuing the viability of this organisation. So, look forward to seeing that, and also looking forward to seeing these actions closed out. Before concluding, may I just turn to Gareth Lucy and Jason Williams for their comments in terms of the adequacy of the Council's response, please. Thank you, Chair. Yes, obviously, a lot of these comments relate to historical reports and outputs that we've made. So, you know, we maintain a contact with Council officers in terms of those responses, you know, and carry out a range of follow-up work as well as appropriate. So, you know, that work then provides us with the assurance we need that those are being taken forward. So, I want to use a combination of that ongoing dialogue and the follow-up work that will provide assurances in the Chair. Great. Okay, I take that, but you are broadly comfortable with what's said out. That is, there are no further contour indications. Thank you, Gareth. As I mentioned at the pre-meet, we will now move to item 11. Item 11 is the Ordes Wales Performance Data Review, and I'll turn initially to Gareth Lucy to introduce the item. I think Jason Williams will then provide a bit more detail, and then turn to members for questions and comments. So, back to you, Gareth, please. Thank you very much, Chair, and good afternoon, everyone. Just to introduce myself, my name is Gareth Lucy. I'm the Engagement Director with Responsibility for Delivery, of all audit work here at Momshire County Council. I've recently taken over from Anthony Ville, who has previously held the role. So, just to introduce this work, first of all, before I introduce my colleague, Jason, into to talk through some of the detail of the findings. So, this is a report on the Council's use of service users of perspectives and consideration of outcomes when it comes to its performance information. This is a piece of work that we've performed across all 22 local authorities in Wales. So, isn't a local audit risk that we've identified as such. This is a piece of thematic work that we've carried out all across the country, this report therefore forms the local output of that work for Momshire. We got 21 other reports similarly being presented elsewhere across Wales, too. It's worth flagging up at this stage that this is a report focusing on the use of service user perspectives and outcomes within performance information. So, this isn't a wider review of the Council's use of performance information, so its processes or its performance in that area. This is looking at a specific element of that. So, I just asked members to bear that in mind as they consider the findings of this report. Hopefully, everyone's had a chance to read the report in detail to see the main findings coming out of it. You'll also see after the report in the agenda PAC, the Council have also completed our organisational response form on page 1, 2, 3 of the PAC. That summarizes the Council's response to the recommendations that we've raised in the report as well. Although Jason will come on to those in a little more detail now, fundamentally, we're satisfied at this stage around the content and sufficiency of that response from the Council as well. So, with that all summarized here, I'll hand over to Jason now, we'll come up through some of the details of the report, and then hopefully, we can hand over to a Council officer then for a response in terms of their response to our report. Thank you very much. Yeah, I'm Jason Williams, senior officer with Audit Wales. I've been working on this particular review, amongst others, and just to follow on from what Gareth has said, we carried out this review to answer the key question, which was, does the Council's performance data enable senior leaders to understand the service user perspective and the outcomes of its activities to effectively manage its performance? We explored the performance information that provided the senior leaders on the perspective of service users, the information on the outcomes of the Council's activities and arrangements to ensure that the data provided is correct. The overall finding that we came to within the report, and this is all detailed within the report, and I'll just pull a little bits out as we go along, but the overall finding was that the Council provides some performance information to enable senior leaders to understand the perspective of service users, but informational outcomes was limited in restricting the ability to manage performance effectively. The reviews findings then, which fed into that overall finding, were as follows. So performance information provided to senior leaders includes some information, but it does not enable them to get a comprehensive understanding of the service user perspectives. We did find some examples of performance information, which would help senior leaders understand the perspective of service users, but overall we found the information on the perspective of service users did not enable senior leaders to get a comprehensive understanding of how well services and policies are meeting the needs of service users, particularly given the breadth of services are provided. Our next finding was regards to the performance information provided the senior leaders to help them understand the outcomes of the Council's activities as being limited. So we found some information about outcomes. Much of the information in the Council's report is based upon outputs, however, and quantitative measures with limited evaluation of those outcomes and the outcomes of the actions. Our next finding was around the Council has limited arrangements to ensure performance data. Reflecting the service user's perspective and the outcomes is accurate. The Council has limited arrangements in place to routinely check the accuracy and quality of data and performance information. There were things such as performance measures guidance, which we looked through in the principles and of development and checking performance measures. We looked at performance team and take sense checks and in consideration we found that inaccuracies with performance information may not be identified if anomalies were not noted. So another one of the points was that there has been no data quality orders that we had seen in the past four years and as the Council has limited arrangements, therefore, to assure itself that the service user perspective and outcomes data is accurate, there was then deemed the risk that performance information presented to senior leaders may therefore be inaccurate. Our next finding. As information provided on outcomes is limited, the extent to which the Council can use this information to help it achieve its outcomes is also limited. Some performance information to enable senior leaders were found to understand the perspective of service users, but information on outcomes was found to be limited and where we did find examples of the Council providing information, we found some examples of the Council then using that information and making changes. The next finding was that the Council recognised that it needs to strengthen the quality and range of information available to it. The Council has set new objectives in its community and corporate plan with a focus on developing more localized data to better understand the lived experiences of its residents, so that was stated. It will be important for the Council to benchmark and compare its performance arrangements, however, for collecting and reporting on outcomes and service user perspectives with other organisations. So having gone through that, coming to the final overall rather conclusion and finding, we came up with three recommendations, which I'll just summarize as in. The first was about the Council should strengthen the information it provides to its senior leaders. The second was that the Council should strengthen the information provided to senior leaders to help them understand the impact of its services and that's with regards to outcomes and then the third was the Council needs to assure itself that it has robust arrangements in place to check the quality and accuracy of the service user perspective and outcomes data provides to senior leaders. That report was produced, agreed, it's been agreed with Council and it has been submitted with an ORF, an organisational response form. As was mentioned by Gareth, that's been returned to us and our conclusion in that is that the Council's response to findings together with their planned actions was deemed sufficient and appropriate and that's basically it from, I believe, thank you. So thank you, Gareth, thank you, Jason, really, really helpful introduction. From my perspective, a very important paper and indeed it's a real challenge, not only from on the shy bet, but for other local authorities in order to sort of address a number of these recommendations. So before going to members, I note that a number of these actions, Citry of Richard Jones, Performance and Data Insight Manager, as well as with Matt Gaethaus. Richard, did you want to say anything at this stage in terms of your confidence in delivering those actions, please? Yes, Chair, I think overall again, thank you for the audit, Will's work on this. It is timely, as mentioned, flipping the input from Jason, we set the community called Brown, looking at developing our outcomes of this piece of work from what it well is to inform that. It's helpful, I think, what I'd give some assurance to members is that we have some arrangements in place and we have performance monitoring reporting in place, we have a performance management framework in place and we have regular timetable of work plans to report those in. I think what the report challenges on is strengthening that to focus on outcomes in the services perspective. Some of those things we have in place, I think the report cites some of those examples around things like our self-reloration report, things like our directors reports coming from chief officer in social care health and chief officer's children and people, but nonetheless, as our management response covers, we're looking to strengthen those arrangements in the coming months and years ahead. So, in terms of the key actions, there's a couple of key things we're looking to do. Firstly, is strengthening the measures within the community and corporate plan to try and make sure there's focus on outcomes and the service use of respect as they can be recognizing that no one number alone will fully reflect that and actually, I think as we've talked to this committee for about our self-assessment arrangements, bringing a wide range of evidence to support our self-assessment will be important and that won't just be quantitative evidence that will be qualitative as well and sometimes that will take a while to develop review, evaluate and bring that forward which is partly linked to one of our key second actions for both the first two recommendations and working with service areas to strengthen their own information gathering and assessment through their service plans as well because it's that that then for feet and vocal but reporting and the service areas are the ones closest to the service uses and the outcomes where they're being delivered as well, but again, just to reiterate, there are arrangements in place for that and we do have good examples where that's in place nonetheless, it's about making sure that practice is even and consistent across our range of services as well and the final action there that links to our self-assessment arrangements which I've already covered and then finally around the third recommendation around the quality and accuracy or information again, Jason, hopefully we'll do some of the arrangements we have in place in terms of, you know, providing that assurance to ourselves around do we have robust arrangements to check, to check quality sure performance data, I think a big part of it for us is it's not looking just at the name and point check but looking at data for its life cycle, so looking at when data is first, when it's first entered, how it's stored, how it's exported, how it's exported, rather dated and reported and you know, I think the way we're looking at our actions takes forward around the data material assessment, it's looking at across that whole life cycle including some of the processes we have in place to do some of those end-point checks and part of that, you know, I've spoken to Jan as well in terms of the work that we can jointly do within an audit, the strength and some of those arrangements as well, so that's a brief overview and confidence in terms of where we go next and I'll see a report on that committee, I don't know, Chief, if Matt wanted to add anything. I think there was a sort of fairly comprehensive initiative input from Rich and also just your chair as needed to pick up any subsequent questions from the committee. Great, thanks both, so I'll have two members for questions and comments, either towards Wales or to officers. Only a quick one, Chair, just a bit of clarification really, on a general point. All these Wales, in particular, there's various references to effectively or what appears to be effectively accepting the reports that have provided to senior managers as being correct if they're doing a financial audit, that the information provided by officers and internal audit is correct and then there's a heavy reliance upon us getting what we give out that they look at being correct. So my question is, what tests go on on that? You know, are we actually hanging ourselves when perhaps we shouldn't have done? You know, this general question about how the effectiveness is worked through. Thank you. So I think that's essentially a question about data accuracy and integrity. Richard, do you want to go with the answering right, please? Yeah, thanks. Thanks, Councillor MURPHY. It's a good point. Again, I think, probably look, it's a different area's responsibility and then at each point those are different areas in essence of check. So we take performance data as a line in this report, so obviously we'll have a responsibility holder in the service area who will be generated in producing that performance data. Part of our response round data maturity is making sure that they have the skill support awareness they need when they're producing the data to think of it through that lifecycle. So has it been entered correctly? Are they validating it before then they pass it on to be used in the next chain in the cycle? As you describe, the next part of that in terms of if I looked safely at the arrangements having place with a community and corporate plan performance measures, which are important to us because they are our headline measures of our objectives as an organisation, we have, as described in the report, definitions, proformers in place, which would calculate things like variants. We'll ensure that the officer providing information is signing off that they're happy it's accurate. If there are variants, it's like that we as a team will act as a potential another check in that process to test then why is something varied? Have you had a changing process? Have you changed your system? Has the performance gone up or down that much? Why? And that's another check in the line. And obviously we then report through two committees as well, who at the end point have a scrutiny challenge role. I know in using with the response to report with into an audit colleagues of our new into an audit part of their work programme, we're required or we're on a risk basis to be important also to test out some of the performance data and data arrangements services have in place. So I think it's we have a process in place but for me it's not just the process, it's making sure that the culture, the skills are embedded within that and that's where I think our response will help working as a performance team and in these and with the with all the colleagues as well as our whole system. Thanks for that which obviously a lot of care taken there but can I just turn the question on on audit Wales then please and just see what their perspective is on that. Do you want to repeat your question for Ben for Wales? Basically even though you have acknowledged the amount of care which is taken in preparing reports and the information provided to you, what checks do you carry out to make sure that that is in fact the case? Yeah thank you Chair and thanks to the Councillor for the question. Yes ultimately this is kind of the skill of the job ultimately as an auditor is to assess the data that's put in front of you and come to a conclusion as to whether it's something that can be relied upon or whether further work needs to be done and if further work needs to be done what that work therefore is. So some professional skepticism is really what underpins the work that we do. It's really just carrying that mindset forward to review every piece of information we get be that for auditing the accounts or for a piece of performance audit work and constantly assessing whether that is a viable and accurate piece of information and sometimes that's more straightforward than others. So sometimes it's externally verifiable, sometimes we may need to stop colleagues who may have greater knowledge and assurances in this area, sometimes it's as simple as just asking through the questions of the person who's provided it and getting assurances that way. There's no set of approach ultimately but I suppose just please be assured from our part that this is something that underpins all of the work that we do, that we're never taking anything at face value and as an external auditor's we have to question what we're provided at all times. That was the anticipated response, thank you for that. Okay thank you Gareth. Have any Martin please. Thank you Chair. I guess this is which is this is probably view in the recommendation responses. As you mentioned the recommendation is one-on-two, there's a bullet that says support service managers to strengthen the use of evidence. How are we going to do that? Is that going to be a training courses, training people how to use data? What does support service managers actually look like? Yeah I think it'll be a range of things. So for example, Anne and I are responsible set up service business plan process as part of that. We have a range of guidance training materials that we'll provide managers with either generally offered or offered on a support or need basis and we'll be developing some new retailers part of that. So for example we'll be looking at doing some video recordings so we can have training available. We'll make people that hold in a specific session and also that will be part of then we're part of the various networks and performance networks. We may draw in specific training courses or support as available as well. So we've got a suite available I think the challenge and audit way as a report is a welcome moment in terms of that focus on impact. It's something we identified in our self-assessment process as well. So yeah there'll be a great emphasis now as we move in the next few months into through the service business planning to focus on training and supporting managers around ourselves more so than we currently do. That's really helpful thank you. Sarah next please. Thank you Chair. I think Melty has asked one of the questions I was going to ask. This is a really welcome challenge and very much echoes. I know what I know is the the administration's commitment to put the citizen experience at the centre of everything the council does and to use data robustly. I will also go to ask about the the training and so on but I'd like to ask audit Wales is really how do we compare to other authorities in that. Perhaps this is not something you could answer in this but I know that we're always ready to learn from good practice elsewhere. Thank you. Are you able to answer that Gareth? Yes yes absolutely and thanks again for the question. I think this is the really useful thing about performing these thematic pieces of work across all of the 22 councils as it allows us to compare also allows council officers to compare contrast, share and learn and ultimately that's what we're hoping for from this piece of work is it'll it'll act as that catalyst for discussion and sharing. Ultimately the I think the conclusions we've drawn here are fairly consistent with what we've seen elsewhere. Again wouldn't want to sort of pre-empt any other reports which may still be going through this process but they'll all be findable on our website later on anyway but it's fairly consistent. I think we found these sort of general themes of potential improvements that could be made in terms of enhancing the perspective of the service user and outcomes as part of performance management data. So I think the findings that we have here are certainly not unique. We certainly have seen similar themes elsewhere and what we'd hope now is let me say councils could get together, share information and learn from that but I suppose just as that final piece of reassurance you know what you see here is not more much of being an agglaya. I'd say this is very much part of being one of the past clearly and it's just a matter of now the steps from here to further that improvement journey. Okay thank you helpful Richard we'd like to come in there please. Just to add and thank Harris for that helpful explanation just to reassure the council that we're also part of network with performance colleagues across other organisations particularly through the WLGA and as we look to develop out our use of outcome measures we're looking and we're networking with them in terms of other practice we can we can learn from and share. Audrey please. Thanks Chair. It was only a quick one for Richard I was just thinking in terms of going forward. I just wanted to double check you don't actually get to name them but have you identified the service areas that are going to need additional support in doing that the outcomes, evidence in the outcomes and where they may need additional training. Yeah and I think we're all going to look to be more targeted so as part of our service business planning process we do a quality assurance process. I say we kind of largely largely leads that and a hand is in a piece of work to review all all 50 of our service business plans looking at the quality of the different areas and where those who perhaps need more support in different areas not just self-assessment but on things like risk for example others we'll we'll be more targeted using that information we've got to focus on certain areas and supporting them to strengthen the arrangements initially but really equally there will be an offer open for anyone within the organisation who wish to take it up as well. Okay, you're not seeing any of our hands raised so let's conclude this matter. May once again thank you, thanks, extend our thanks to Gareth and Jason for her contributions please feel free to stay but also please feel free to to leave as you as a dean for it. Many thanks. Thank you, Jane. Okay we'll move back to item six which is the Risk and Management paper. I think this paper is going to be introduced by Richard Jones, Performance Data and Insight Manager and Hannah Carter. I understand there's going to be a presentation, I don't know which all you want to take it but maybe is the presentation first or do you want to introduce this paper which is easiest for you Richard? Okay, if I introduce it and I hand over to Hannah who will share a screen on the call for everyone just to talk through a bit more detail about the changes and updates to the Risk Management Policy were proposed as part of the paper. So yeah thank you that chair. So there's two main parts to paper before you view to the committee. First of these to seek your feedback on our proposed revisions to the Strategic Risk Management Policy which just said Hannah will talk you through shortly and the second is to provide you with our own assessment of our implementation of our current Risk Management Framework and also to provide you with an overview of our current student risk facing the organization which I would be familiar with is part of our regular six-monthly reporting to you as a committee. Just briefly provide a little bit more context on some of those parts we'll hand over to Hannah. So in terms of the update to the Strategic Risk Management Policy to have a little to remind you why we've undertaken it now both in terms of our own self-assessment arrangements, the feedback from this committee and the feedback from interlord and our general desire to strengthen risk management and the organization's sort of led us to complete the review before you today and obviously the evidence feedback from all all those sources including yourselves has been considered as part of the policy. So thank you for your challenge and support in it. It's so far welcome anything further today. I think it's going to emphasize that the policy review has largely built upon arrangements we have in place. It's not looking at radically changing the basis and foundation we've got which I think it's worked as it's looking at strengthening and developing on our arrangements through the policy and we've presented three parts to pre-part to you tonight today. Firstly the policy itself secondly the risk appetite statement which obviously a key development within the policy and thirdly we thought it was helpful just to attach the sporting risk guidance as well and this is one of those as I mentioned earlier one of those many guidance documents we have in place to support services to actually implement some of our policies and in this case this supports the supports of guidance. This supports the policy sorry but as it's guidance it's not you know formally part of it but we thought it would be helpful to share with you as part of your scrutiny. The second part is our effectiveness of our assessment of our effectiveness of current student risks. Again this is building upon I think the last assessment review which was in February one of key updates just to bring your attention to which we factored in is we've had the conclusion of the internal audit review of our risk management arrangements which we we've considered as part of this assessment and then that gave a reasonable assurance rating you know with some areas of strengths and some areas of development and lots of which have we've embedded within the proposed revisions to the to the policy and then final part is to provide you with an overview of our risk register. So the main update changes to risk level summary of the key mitigating actions that have taken place that have been delivered or behind schedule in some cases in the last in the last six months since the last brought to you and as as you're familiar with now the responsibility to scrutinize the actual fall detail the risk register will go to performance and overview scrutiny committee in May and the the fall register will then also represent its cabinet to be be endorsed in in June. Finally today I don't know if you're going to cover the action points on the work role now would you want to come back to that? Coors just become back then because there's a lot here which need to to unpick it so finish the introduction and then go back please. I'm going to do a guide you through the policy changes. I'll just share my screen and we have a short presentation to go through so hopefully everyone can see that. Yes. So Richard has just covered these main points why we've done the the review and the role of the committee and so if I just go through some key changes so firstly we've looked to expand the description and introduction of wider risk management arrangements that the council has in place and so this has helped us to link to tedious management with the wider arrangements and then also to provide an additional level of assurance to both officers and members and that the arrangements that we have in place are wide ranging and also robust. Secondly we've looked to adopt the three lines model which is derived from the UK government's orange book on risk management and so this has helped us to more clearly define the responsibilities for risk management including the separation of risk management and overseeing the risk management process and this will help us to delegate and coordinate risk management roles within the organization. Next is the introduction of horizon scanning into a policy so I'm sure you all know when identifying risks there's a need to look at both what's currently happening but also what is going to happen and so we will use this horizon scanning model to produce sorry risk radar report on an annual basis and this will outline potential risks that may impact more mature overcoming years so this will help us to identify key uncertainties and challenges that may affect our organizations objectives and operations and thus help us strengthen our risk identification arrangements. Next is the introduction of direct risk registers so these will help us to track and manage the most significant risks facing each director. We currently have over 50 service business plans and these all feed into our singles treated risk register and so these direct at risk registers will essentially form a middle man between these two and sit between them and help us strengthen our escalation de-escalation and risk identification process and will also help the directorates in facilitating more robust and often discussion of risk. Next is our risk monitoring reporting so we have worked to further define our risk monitoring and reporting arrangements and this includes setting out how each element of the risk monitoring process should monitor and manage risks and how these all link together and we've also worked to outline our reporting arrangements on risk management including the role of this committee in overseeing the effectiveness sorry of risk management process and the last significant change we want to highlight is our risk appetite statement so we have worked further to define the organization's risk appetite through setting a risk appetite statement and we set a risk appetite range for various categories of risk based on organizational activity so this includes Chijic, financial and environmental etc. The risk appetite range is from a lower limit of a verse to an upper limit of eager and we've gone for this risk appetite range model to allow for differing risk appetite to be applied to different activity that may be contained with the same risk category. This risk appetite statement will set separately to the risk management policy and this is to allow for more regular review and update to ensure it remains relevant and appropriate and so that's it for the key changes that we wanted to highlight in terms of the next steps for this policy and following consideration of feedback from this committee the policy will be presented to cabinet in June for formal approval and following cabinet approval we will work to embed the proposed changes and strengthening arrangements that are currently in place as part of a phase introduction and work with officers to embed this policy. Thank you. Okay thank you Hannah. Let's go back to Richard. Richard is going to pick up fee and pick up and cross reference to action three in the action list and highlight how we go into how this is going to be addressed back to you Richard. Yes thank you Jim. Yeah so so your action list contains an action around which corporate risk control policies is committee you should review. So we've considered this as part of the review of the policy as Hannah just outlined we identified under section 2.3 of the risk management policy other arrangement which are integral to managing and are part of student risks. So these are health and safety emergency planning, insurance, finance, internet audit, information governance and cyber security some of which I know you already have oversight of a committee others maybe you haven't had as much or or any site of it in your forward work program so far. So our proposal is as they are embedded in our link to our student risk management policy we think they're appropriate and logical that the committee has oversight of them. We've proposed in that as each arrangement each of those arrangements has different arrangements in place. It's important they're considered each individually and in context of the various governance and accountability arrangements they have but as a first step in your oversight to that we've proposed an in agreement with the deputy chief executive as well. We've provided your forward work program for July and I tend to bring together a composite overview of each of those as the first step in your oversight and then as a committee you can take a view from there. So that's our proposal to respond the action by obviously subject to your views cheering the committees. Thank you. Before we go to questions just to say thank you very much Richard and Hannah for great work here. I have the opportunity to speak to Richard several times and provide comment and feedback and much of my feedback has been addressed in the drop in the version you have before you which which really pleases me without wishing to constrain any comments questions or concerns. Yeah this committee has my personal view and it's a personal view is that this is the best articulation of the risk management framework I've seen in the public sector in Wales by quite some margin and it's a real sort of credit to the team involved with this and Peter if you could just take that compliment it is a great work and I'm really pleased with the progress made in terms of starting to articulate a risk appetite. That is a foundation for all good risk management and many public sector organisations shy away from that or paid lip service and I'm really pleased with the high quality intellect applied to this challenging piece of work. Saying all of that there's some real challenges now about operationalising and embedding this and this is where the senior leadership team and Dr Peter Davis our deputy chief executive to take an active lead in supporting Richard and team in this endeavor because it's essential to the ongoing viability and success of his council. I'll pause if you have a comment to make but let's go to questions and comments please members. I thought you'd look across at me then. I agree with what you say it was a slog going through it. I'd admit that it was a real slog but it was all there and you know it was difficult to punch any holes in it really but yeah it was a very very comprehensive report so well done. Thank you Phil. Peter. Yeah thanks Sharon thanks Richard and Hannah for that work. Just really something that perhaps we as a committee could recommend to perhaps front of the scrutiny committees or cabinet member to pick up on from the report and that's on 2.3.2 reference there to the Gwent local resilience forum and in particular to the community risk register. That register is clearly written for the public to read you know good see from the language and so on but I suspect that the great majority of our residents are blissfully unaware of of that document although no doubt it's hidden away well not hidden away it's it's secure somewhere on our on our website. I just wonder if we could recommend that some either one of the scrutiny committees or whoever have a look at whether we should be doing more to publicize that that register so that some residents they know what they can do to help themselves but they also know what we as a council can do to help them if if the risks become realities. Thank you. Thanks Peter. Richard able to give a response to that please. Yeah I think it's really important part of our arrangements and you know it's why we would innovate it in terms of you know we'll be looking at from an organisational perspective so relevant risks and one wish we came to council's delivery of its objectives we'll also feature on our street interest register as well I think in terms of you know clarifying the roles and responsibilities as I just mentioned is that emergency plan will be one of those areas linked arrangements that we've proposed and to bring back to you in in July you know clearly that register is an important part of it so in terms of you know any further action or oversight it might be you know helpful for the committee to receive that paper and then you determine any other further scrutiny or activities in result of that. Yep I've had some sensible way forward thank you Richard. Martin. Thank you Chair and I just reiterate your comments I think it's a terrific piece of work really comprehensive. This I presumably going to be some training alongside this again to make sure that people understand what their roles and responsibilities are and that's particularly the introduction of director at risk register I think is a really excellent way of connecting it feels like a big gap from 50 to 1 and hopefully that means that director at senior leadership teams can have the regular discussions with us. I presume somebody is the risk management champion over to I don't know if it's you Richard but somebody in the organisation is that's that role and so somebody put some challenge into the process so when the director of risk register is to exist and things bubble up to the corporate risk register that somebody says why that and what's happening here you know we just check it and being you know putting a level of challenge into the risk register I think that that would be important. There's a really interesting comment about risk tolerance in here which I always describe as the number of plates you spin at once and that's really interesting as well because you're going to have individual risks and they can add up into something considerably bigger so I'm pleased you've tried to articulate that. There's a section of risk appetite and I hear Hannah what you say about a range but I think that there are risk appetite statements are guidelines and then maybe exceptional circumstance where you go outside even even a range but if something happens that so the upside is so big that you might want to take that risk and I think it's worth saying it's okay to go outside these as long as it's well you know the management magic phrase and if all your whales are here they now they'd still say this well managed risk taking is what they're after so if you've considered all the episodes and all the downsides and you made a decision and it goes on they won't kick you with well that's what they say in theory I will hopefully we won't get that point. Finally on horizon scanning I think that's it's also great that you've mentioned that I just wonder there's a lot of discussion in the paper about world and UK events that might sort of come our way there's also local things which you might think about so I wonder how you incorporate some more local horizon scanning whether there's going to be a risk management group of sort of willing people who are going to have that sort of a little bit of blue sky thinking every now and again that might be really helpful and if you really want to give your risk register the next level you can actually have the horizon scanning built into your risk register in terms of how far away is the risk and I've seen some risk register as well as you've read up the green for the scale and the risk there's also a proximity alert which is which in some place they've used blue as the sky is blue it's a long way away or grey the clouds are coming and black it's raining and it's here and I think that's kind of helpful as well in terms of understanding how far some of these things are because if it's a legislation maybe a couple of years down the road but we know it's coming versus a Q&A now kind of risk thank you Richard thank you thank Martin for the comments I think you know overall it raises a very important point you're a thank you committee chair and everyone for your feedback there's a team effort particularly involving Hannah but a wide range of colleagues so we'll take that back I think the important point you've you mentioned there Martin is about then embed in this I think you know Hannah Hannah may kick me into the table for this but this is almost the first part the big part then is actually operationalizing this and applying it and make sure people train and stand what it means applying it within the context is meant to be applied and applying it robustly as well I think that you know that is the next step for us you know in terms of our self-assessment report we bring to you as a committee we will be looking to know both test ourselves on that and give you assurance or or any areas where we think we're still to develop you know part of our process to bring this forward over so over the next six to 12 months in terms of embed in different parts of this policy once it's approved by by cabinet hopefully in in June and that allows time to make sure actually that those requirements are understood the processes and structures where they're not currently in place or they need to tweak are changed and that that understanding of the arrangements are really important I think you made a good point about you know risk appetite it is those guidelines it's partly why we went for a range is to provide that guidelines but I need to be applied appropriately and you know both in terms of well managed risk taking which is ultimately the heart of of what this paper is trying to try to get to we do you know as a team provide some challenge to any new risks and move forward but ultimately also then we've got those responsibility holders within the process set out in the policy to actually make those decisions as well to determine you know what's escalated into yes late off the studio risk register and I'm guided by guidance as well then yeah thanks for the helpful comments on sort of horizon scanning I think an area that you know so could be valuable in your forming you know just the next few months for the next few years in terms of our risk management and our policy development as well yeah and certainly looking local as well as you know regional and national trends will be important again something will be you know keen to engage a range with you know both both partners locally and regionally and nationally in terms of the evidence we can gather to inform that and again you know some of those challenges will be unique to mama show but some will be more localized in a different way or presenting themselves specifically in mama show we need to be aware of so yeah that's when we know a lot more to come great thank you Peter thank you Chair Tony just very briefly but first of all I probably don't want to take the plaudits as was maybe being suggested earlier to recognize I think what what's an excellent piece of work I think that's been I think that's with Mack Aitos and obviously Richard and Hannah but I think it's probably worth while we mentioning just echoing I guess Richard and Hannah brought this in front of strategic leadership team a few weeks ago I think the reaction and the response is very similar to your own chair and that of the committee I think this is an excellent piece of work it was unanimously supported I think it's the next stage of evolution I think in terms of our risk management arrangements I'm also particularly pleased in the way that the debate in the conversation took place SLT in the sense of really pushing back at immediate adoption and in fact that point of six to twelve twelve months leading because actually it's it's affording what is in fact the necessary time I think for us to be able to transition up into into those arrangements and make sure that they are using Richard's words properly and appropriately embedded I think the final point really is back to the action on the action log that I think Richard has talked well to and I think that there seems to be general comfort about bringing that report back in in July but clearly there'll be a piece there just in terms of being able to demonstrate back to the committee the arrangements I think rich probably take a second a second opportunity hand in hand with it to maybe take the policy now in its rewritten form and be able to actually apply that lens to it as well so it's maybe you know cutting our teeth you know with the new and updated policy on those identified corporate arrangements I think it's probably a really healthy thing to do up front okay thank you so let's look to conclude this matter if we turn our attention back to paragraph two recommendations it is a view of this committee that it recommends the policy for adoption by the council it is comfortable with these self-assessment results are set out within the body of his paper and it is comfortable with the proposed way to address the action tree and action list by by means of bringing forward a paper to his committee in July setting out relevant information so thank you one and all we will now move to the next item which is the internal audit plan at agenda item seven this paper being introduced by Jan Furtec our acting chief in ten Lordita Jan as per usual assume we've read the paper but draw out key points please thank you chair yes so this report aims to inform members of the governor's not a committee on the work to be undertaken by the intern lordit team at an operational level during the 24 25 financial year and I'm requesting that the committee review comment and approves this audit plan so the mission of intern lordit and the reason why we are here is to enhance and protect organizational value by providing risk based and objective assurance advice and insight we're an independent team we provide objective assurance and also consultant activities designed to add value and to improve the organization's operations we use a systematic approach to evaluate and improve the effectiveness of the risk management framework the control and governance processes within the council so the audit planning process takes into account all possible systems processes sections establishments that could be audited within mommasher this includes all services activities and functions which mommasher commissions and or delivers via a third party or via collaborative and partnership arrangements for the 24 25 audit plan the total number of available days amounted to 1300 that was based on five full-time equivalent auditors in the team for a full year we then take off an allowance for planned annual leave any sickness or estimated sickness training management time and admin time which is deducted and to give us our operational lordit days for the year so that calculation has left us with 813 operational days which we allocate across all service area director it's on a risk basis so the summary of that can be seen as appendix one in the report within this 813 days we also set aside 70 days for any special investigations where they could be allegations of fraud theft or bribery against employees of the organization and to also complete any reactive work as we need to if the intern lordit service was to complete a review of each of the service areas which would either due for audit or had not yet been audited and during that during the next financial year the resource required for the team would account would amount to around 2873 audit days therefore the audit plan has had to be risk assessed and prioritized to match the resource of the team chief officers and all heads of service were given the opportunity to contribute and to shape the audit plan the initial plan was provided to a meeting of the street leadership team along with chief officers in the departmental management teams to discuss and to refine a copy of the draft audit plan was also due to be presented to the meeting of the governance and audit committee on the 14th of march this year however as the meeting was cancelled a copy of the covering report and the audit plan was sent to all members via email as an opportunity to provide comment and to highlight any requests these have been taken account when devising the final version of the plan so there's a couple of key changes between the draft and the final audit plan these are highlighted within section 3.13 of the report and the majority of which were work in progress at the end of the flange leer which we didn't quite get over the line and to be issued as draft by the 31st of march it's important to highlight that this plan may change as the year progresses especially if the risk profile of our audit work changes it is intended that the audit plan remains fluid and will be dependent on any new priorities or risks emerge into the council so we can do reactive work as and when we need to this plan will therefore be reviewed quarterly by myself as the acting chief intern lordster and discuss regularly with the deputy chief executive and chief officer of resources and also the chair of the governance and audit committee as and why necessary if we do need to significantly change the audit plan that will be brought back to the committee for further approval consideration is given throughout the audit plan for the appropriate level of resources for intern lordit at mommasha came to council the current establishment of five members of staff remains just about adequate for the current level of assess risk although this will be considered as part of a later item on today's agenda it's worth noting that if there was any unplanned absences such as long-term sickness accomments prolonged investigations or prolonged reactive work undertaken this could significantly impact on the audit plan as cover is limited so the 24 25 audit plan is attached as appendix two to the report the audit jobs have been risk assessed and prioritized which matches to our available resource for the year we therefore have 47 audit opinion jobs and 25 non-opinion jobs incorporated into the plan and it is my opinion that this will be sufficient audit work and coverage to provide informed end-of-year audit opinion to committee this time next year so governance and audit committee are responsible as per the terms of reference of the committee to approve and monitor the intern lordit plan over the course of the year quarterly reports will be presented promptly by myself informing committee of the current progress against the approved plan the opinions issued issued an assembly of all unfavourable reports the committee's role is to hold officers to account and provide oversight of the audit process and the organizational system of internal control i therefore ask committee to approve the 24 25 audit plan and happy to answer any questions thank you Jan questions or comments please Martin thank you Jan it's very comprehensive as always one thing i don't get a flavour from from the the table of appendix two which lists the audits you have yes knows as the order to do and then you alongside the ones you have chosen there's a risk level of mediums and highs obviously no low level ones all the ones that are yes but you're not including i presume they are lower risk level and the ones you have included i presume that's right um is a good question um so in terms of the column with audit due so that's basically any area that either has not been audited or hasn't been audited within a five-year period we then risk assess each individual review to ensure that we concentrate on the jobs that need to be done within a year so um a good example could be second one on the list budgetary control capital that that would be a high risk review it is due there are a number of reasons why that has not been included within the audit plan for the current year um but it will be picked up most likely next year as part of the audit plan so there could be other ones like that it's all part of the risk assessment process thank you yeah and i figured there was more to it than meets the eye initially okay that that's helpful i'll come back to resources in a second but one thing you you you you you brought my attention to was powers 37 and 38 as you said they've got five whole-time equivalent stuff which adds up to 3,300 days and then you've said our allowance the lease signals training management admin is deducted and that brings us down to about 800 days so we lose 500 days or i don't know what's what the heck's that best part of it's over a third of our time it's a non-productive audit work and it'd be interesting how we talk about key performance indicators i thought that's not a particularly good place to be in i understand entirely staff we're entitled to leave and if staff are sick etc but that feels like a big big chunk of training management admin from our from our work i just i like to that the other question i was going to ask is around volume of work and the width versus depth and whether 72 jobs is too many jobs whether you can do more jobs or you do less jobs how long it takes but that's those kind of questions thanks John thank you Martin um yes in terms of your first point it does seem a lot of time um obviously annual leave is and bank holidays is statutory obligations we have to take that off and we have been quite frugal in terms of the calculation it all is all done scientifically in terms of um across the team to do this calculations we put in a nominal amount of sickness obviously we we don't know and hopefully none of my team will be sick over the next year um but we have to put in a nominal a figure on that obviously if there is um spare capacity during the year um sickness allocation has not been used up management time has not been used up admin time has not been used up um then members of the team can do potential and planned work and we add that back into the reactive time or we're a job has um overrun uh for whatever reasons it could be additional work required out on site then that can be used to offset some of that time as well in terms of your second question in terms of depth versus the number of audit jobs and that's part of our risk assessment um for each individual audit review so at the start of the year in that audit plan i put in a an estimate of time that we need available for each job so that's based on cumulative audit knowledge um that's not to say that a job might not overrun because i've put it down as 15 days and it might require 20 because of the level of depth that we need to go in to um during that review so each individual review is scoped we ensure that we cover all the high risk areas within that obviously if we had more time we could cover more areas and but we are trying to get as much audit worked and as much coverage across the council done with it with our resource thank you go to peter next please yeah thank you john um it's clear for me a report and and from your your answers that you've got a team who are dealing with a very heavy workload that you're only able to deal with with very careful planning um are you able to sort reassure us that your team are feeling positive about their work that they're not feeling overwhelmed by why that amount of work so that they're perhaps suffering from excessive levels of stress and anxiety because that in itself is is a risk um both from the point of view of our duty of care to our staff but also in terms of you know if we have those situations then people do start to go off sick and so on and then the NSA work doesn't get done things slip under the uh under the radar and and so on so i don't know if you could comment on the the general level of morale amongst your team yeah thank you for the question yeah so i'm not not going to lie audit work is is very challenging um the team are quite often put in quite uncomfortable situations especially when they go out on site um they have to ask a lot of questions that potentially sometimes are not welcome um and obviously deal and deal with that accordingly then especially if management disagree with the line of questioning or the recommendations which they then issue um so it is a difficult auditing is a difficult job um it's my role as um the manager of the team to ensure that the team uh um the team morale is is there that um members of staff feel supported when they when they do audit when they go out on site um i like to think that i support i support the team um and make sure that they they know they've got um got someone's got their back when they um when they go out and ask ask these questions um i'd like to say that the morale and the team is is quite good at the moment um and as we move on um i'm not not gonna say that let's say this it's a difficult job um and will the proof will be as staff remain happy staff remaining in work and issuing issuing audit reports yes just say thank you for that don't not make yourself a hostage support you now don't take take quick care and thanks for the clarity of answering and that little insight you you you've given us into the difficulties of of the nature of the job and uh certain circumstances i think many of us just don't appreciate unless we're reminded about it thank you yes that is the addition maybe um noting that there's an inherent tension between the order team the order term but generally orders are treated with respect for it Monmocha is that correct? yes that would be correct yeah great okay we'll go to Rod VNX Vince era Rod V please thanks thank you um just think in terms of forward planning uh yan at uh 4.7 it says about the global internal audit standards becoming mandatory in uh January um but that you um you're currently waiting for the guidance i was just wondered in terms of time skills in terms of you getting that guidance and what the likely impact would be in terms of your work schedule going forward okay thank you yeah so the latest that we've heard um should i believe as a starter last week was that there's still no decision that's been made on the if the public sector internal audit standards are going to be updated in light of the new global internal audit standards or whether the global internal audit standards will be implemented across the public sector in the UK the last i heard was that although the global standards are effective from the first of January it's likely that the public sector will have at least until the 31st of March and before they have to come on board with whatever standards are going to be put in place and whether but they're still considering whether the public sector standards themselves will be updated or we go on to the global standards so at the moment it's a wait and see um i don't think many heads of order quite happy with that we want to get going if we need to make changes we want to make them i know i've got a presentation down on the work program to give committee which we keep on pushing back there's no point in doing it until we know what we're what we're actually going to be playing with um so it is it is on our radar and we will look to implement as soon as we as soon as we know thank you Sarah please thanks chair a related question to peters i suspect and that chair knows that i've always said that strong audit is what and it enables an operational manager to sleep at night um i was concerned to see that in the in the audit plan a number of areas which had not been audited for some time or indeed in some cases ever um presumably because they were regarded as low risk but i'm just to what extent do you feel the team is is playing catch up on on previous years and things that have not been thoroughly audited previously i don't want to say that hasn't been thoroughly audited previously um it is just the volume of transactions the volume of areas that a council will and has to manage um we can't get across to everyone i mentioned that ideally we'd look at every area across a five-year period i think that is nayon impossible the the amount of actions that and the amount of teams across the council that would require some oversight and then this certain reviews that we want to do every year or every other year and some some of the fundamental financial systems like council tax um debt recovery we want to look at those more often than than other areas so unfortunately that means certain areas that are considered more lower risk would get pushed back and likewise the new duties that the council take on at the same time so some of the things that have never been audited it might because it's been a relatively new duty so we're waiting for a period of time for the service to embed themselves before we then come in and look at them so there's a number of reasons why an area might not have been audited um obviously we want to get across to everyone i'd love that column to say everyone's done within the five-year period in reality it's just not going to happen unless pete decides to give me an extra five or six months of staff but that's going to be for his decision yeah i think um i think yan's answered that well i mean i think the only supplementary add to it is um in probably describing the horrors of horizontals and the verticals of the organization so you know there's a nature of uh you know a variety of the uh audit work that's within uh the audit plan that i guess is cross-cutting um and you look to get those assurances around for example payroll um as has been you know a good example of um you know and that um allows us to to be able to get that sort of overarching sort of level of comfort um or at least where um inherently um you see those controls playing out through the organization um but by its very nature internal order is uh going back to i guess Richard's last item um you know it's an assessment of risk um on the basis of you know the best intelligence that you have at a moment in time and i guess even an internal audit plan and the one you see now um is iterative in that nature there may be risks that will materialize during the year and and it happens um you know what it work will switch out and in accordingly and that's the way it should operate um but yeah we um you know you're never going to get through a local authority uh a whole array of local authority services uh even in a five-year time frame um but we have we we do have wider business intelligence you know it's not it's not always an internal audit um that will give you a level of comfort uh with regards to robustness of arrangements within one service area to it to another um you know there's other lenses that are applied as well and again all of that feeds in to the construct of what you've got in front of you now thank you okay i'm not seeing any of the hands raised so we look to conclude by saying thank you for the paper very helpful and this committee approves the order planner set out we want to item eight item eight is the external QA of internal audit uh so back to you yarn please thank you chair yes the purpose of this report is to inform the committee of the external quality assessment EQA of the internal audit team which has been recently undertaken to ensure compliance to the public sector internal audit standards the public sector standards require internal audit teams to undergo an external quality assessment once every five years and they should be undertaken by a qualified independent reviewer from outside of the organization it was agreed by section 151 officers and the whilst chief auditors group that each local authority would complete an internal self-assessment which would be validated by an external reviewer from an independent council this approach was used for the last EQA which was completed um in may 2018 and has continued to be the approach undertaken across the public sector over the past couple of years it's important to note that the external assessment should have been completed by May 23 on basis of the five-year period from May 18 however due to the resignation of the previous chief intern-lord in April 23 and myself coming into post later that month it was agreed that this EQA would be delayed until quarter four of the 23 24 financial year to allow for an honest evaluation and validation process to take place so Monmasher's peer review was undertaken during quarter four and this was done by the acting into lord and manager who has the head of into lord at responsibilities at kafilly county borough council they are provided with all the self-assessment information associated documents and evidence as they saw fit um to request the results of the peer review assessment and the validation process can be seen as appendix one which is the final assessment report in summary the review confirmed that the Monmasher intern lord team generally conforms with the public sector intern lord standards and the areas of non-conformance would not considered to be significant there was one area of non or partial conformance and three actions required to strengthen the existing areas the area of non or partial conformance was that the EQA was delayed past its May 23 due date this was deemed minor by the assessor and not material to the overall assessment so the required action is to obviously complete the external assessment and ensure that this report is presented to the committee there are three areas for consideration which would help the team strengthen the team's conformance so it's amending the core principles of internal audit practice based on the new global standards which will be done as part of a review of the internal audit charter once we know these including a direct link and a direct reference for the local code of corporate governance within the audit charter so again that'll be completed when we review our audit charter later this year and to implement a standardized CPD recording process across the team which has already been implemented so we had implement we had identified these as areas for improvement within our self assessment and that was confirmed by the head of audit at kafili so that's our external report can be seen as appendix one and happy to answer any questions thank you Martin not an odd question but it's not observation I think it's a terrific outcome for you and the team Jan and I think generally conforms is such a a sentence which doesn't convey how good a report it is because there is no higher level than generally conforms it absolutely conforms is what it should say and I'm really pleased so congratulations you and your team yeah thank you and with clearly I would echo those remarks so it's a well done please pass on our gratitude and thanks to your team as well are there any more questions or comments no okay in that case we conclude by noting the various satisfactory reports many thanks okay item nine the implementation of internal audit of three recommendations back to you Jan please thank you chair yeah so my final report is the monitoring of implementation of recommendations issued during the 22-23 financial year so the purpose of this report is to show committee provide committee with an update on the progress the operational managers of it have made implementing these recommendations and to also confirm that this report has been presented previously to the council strategic leadership team so again a requirement to the public sector interlord standards is that we monitor and ensure that management actions or recommendations have been effectively implemented or that senior management have accepted any risks of not taking appropriate action so we conducted our follow-up work in January 24 we excluded one report which was issued with a limited audit opinion which was our lady in st michael's primary school due to the unfavorable opinion the school was subject to a formal follow-up audit visit which took place during march 24 so the results from the follow-up audit will be reported to the school chief order to answer the governance and order committee in due course during the next meeting but i can say that it was a more favorable opinion our approach to completing the follow-up work was based on the fact that all recommendations and action plans are for managers to implement within their agreed time scales so the most effective use of our resource was to contact managers to complete a self-assessment they provided the details as to the progress made and we reviewed the responses to ensure that senior management have taken the necessary action so overall during the 22 23 financial year we issued 82 recommendations and table one within the report provides a summary of the findings it's pleasing to note that overall 84 percent of recommendations had either been fully fully or partially implemented where they've been partially implemented um the details of the actions taken to date along with the revised implementation dates were provided by the manager and reviewed by the audit team and we were happy with the with those explanations there were eight recommendations which was stated as not yet being implemented the reasons for their delay was reviewed by the audit team and new target dates for implementation were confirmed were confirmed by managers as table two shows the majority of these were due to a timing issue we followed up in january of the eight five of them were due to be implemented by the 31st of march so that it was already entrained the actions were already being taken um the other actions which are delayed between june to december there are reasons why and were comfortable that those revised implementation dates are correct there was three recommendations where managers effectively decided to accept the risk associated with the original audit findings although it's disappointing to note that the recommendations will not be fully implemented we are of the opinion that the acceptance of these risks will not result in any undue risk being borne by the authority um this report as i mentioned has already been presented to a meeting of the council's strategic leadership team in february this year um chief officers are made aware of the recommendations outstanding within their portfolio and the chief executive has asked that all chief officers review the report and satisfy themselves that appropriate action is being taken by management especially where the risks have been accepted and that the chief officer was also comfortable to accept that risk in addition to management um so that's the report and happy to answer any questions okay thank you very much well i have any questions or comments for honest reports please okay no it looks like a clean bit of health clearly um if anything changes in terms of example the chief officers disagree with the view of their fairs um as direct reports please update us otherwise i think we can note those reports and be comforted by what's been set out there thank you once again we now move on to item 10 item 10 is the proposed future delivery model for internal audits and asked peter davis our chief deputy chief executive to introduce the paper over to you peter thank you chair um i think this has been a subject of ongoing reference for the benefit of the committee to understand how we're gonna look to consolidate and move forward with the internal audit service and given the former chief internal audit Andrew watson uh leaving probably about 12 months ago and committee will be aware that we were exploring conversations around a variety of potential collaborative endeavors and notwithstanding you know yan highlighted the interest earlier but yan has been working very closely with me and through variety of other conversations to look to develop a much more mature position and obviously a business case that looks to present a set of options and obviously a recommended option to move forward um undoubtedly i'm you know working on the basis that uh committee members have obviously read through the report and you'll see that uh the conclusion that is reached there um is for us to recommend that we remain actually in house but importantly to consolidate uh both the resources the skills and and the nature of the roles uh within the team um and that's uh as a consequence um and i think as the committee will will know um um i think uh it's been certainly a desire of mine and certainly the chairs as much as the committees to to make sure that uh you know we draw um swift conclusion uh in terms of the you know the way forward um the report i think has uh rep you know represented in in report form uh quite an awful lot of work that's gone through by way of discussions and and and looking through the detail and you understand i guess by the options assessed uh that those uh those aspects of uh looking at cost and independence and flexibility that each of those models obviously offers um some some of those options uh i think that we were exploring fell away quite quickly by way of the conversations that we sort of evolved um and um you know you even though that they uh stood on similar fair footing i guess in terms of their scoring um i think probably the most mature collaborative arrangement um and probably potential option for us in comparison to the in-house option was uh the regional intern lordit service that's uh currently in place um but we've you know engaged in a number of purposeful discussions with them uh around that and they've uh to their credit they've been very open in terms of sharing of detail and information booked in terms of structures and costs and the like um and for us to be able to assess and weigh and understand that uh against uh i guess the option that we're recommending to remain in-house um you'll see from the report that um uh in fact uh if we had been to entertain the regional intern lordit service that would have actually ended up costing us more um yes i understand uh there is invariably a point in terms of resilience which is what will come into play when whenever you look at any collaboration uh in all honesty um but i don't think that uh in fact outweighed uh i guess those other factors of cost uh and independence and flexibility is afforded by the in-house model i think it's important to note the experience that we've had um and mappy to put that on the record in terms of i think any you've seen it you know meeting on meeting in terms of you know what yan has uh look to achieve uh and to the i think the questions about the morale of the team uh earlier um i've uh um you know been very much uh in a place of having that straight talking discussion with the team and with yan um and i've welcomed the nature of them coming back to me uh quite early on in terms of informal feedback and that you know they're very very pleased um in terms of the trajectory they've taken and under um yan's uh leadership um but i don't i don't think i need to tell you that um i think you've seen that so um in the quality of the reports that are coming through um so naturally um and this is an important part i think of just you know i'm talking here publicly on live stream um you know i do want to thank um the regional internal audit service for the opportunity they've presented at this moment in time um and it's not to say that there is any door shut on any collaboration actually um you know you're going forward i think that would be sort of a naive statement to make i think uh yan as well as myself recognizes that the the world doesn't have a dynamic and changing place i think we all know that um but certainly i want to offer the team stability in order to consolidate off the back of what's been a really good first year under yan's leadership um but i've you know i've rightly had to uh demonstrate that through the um the business case and the report that's in front of you today um i think that the sensible decisions through both of us uh myself and yan and working with the team i think it's um it's been recognized the slight change of shape of the team's structure i think the need for a full-time equivalent chief intern in order to i think um is is is quite key um and i'm not gonna i don't think i'm gonna criticize the the previous arrangement where we shared one with new port um but i think by the the experience i think of or at least having the opportunity to be able to consolidate that more fully as as one full-time equivalent um i think given the environment that we're in nature of the debate today and in terms of you know um having somebody who's going to be able to offer that level of dedicated time in that senior role and that senior position and we've got to go through process uh in and around that um and that's the uh the interest you're showing um clearly at the outset of the meeting um but i think the fraud aspect is also very important as well in inherent within that um i think yan um and i think well i think we both knew and i think the committee knows that there's a need to um i'm not going to concern around our arrangements um i think i just want um an additional level of rigor in and around those arrangements and again given you know we talked about risk through this meeting you know and that's an area that all public bodies um you know are facing um into in terms of those inherent risks of of fraud as much as you have shan and kath uh come in to talk about cyber security you know there are areas that we have rightly invested in um in recent years to strengthen our capabilities and i think now is the right time to do the same uh in and around um our internal audit work so so yeah the report i think uh talks to itself um i'm really interested to just sort of get feedback from the committee um and to hopefully get the endorsement of the committee to sort of move in this direction and certainly for this uh this next period of time so thank you. Thanks very much peter we'll go to questions we'll start with tony please yes thank you chair um the two questions well i want to comment and to tell us a question 4.11 you've touched on the detachment of a shared service without your experience of the previous way we operated or was it a shared service or a shared person at that time the other question is um there's an indication that there's an increase in fraud um have you been able to identify where that fraud why has he increased where it's come from i noticed we've got detection regions to find it out but is this something pre-pandemic or post-pandemic just caused um a lot of work and things like that which might create fraud like i'm assuming it's fraud within the organization rather before the organization so in response to the first question um it was a shared post it wasn't it wasn't a collaboration in the fuller sense um even though i think you know a deepening of collaboration with newport um was one of the options that is obviously presented in the paper i think newport um and i think if um if mary and my my counterpart was here today i think he probably acknowledged one in the same they're in a they're in a different position to us as a result of um i think vacancies that they've suffered through a period of time they've looked to buy in from the market and i guess they're they were in a slightly different position in terms of understanding fundamentally what their next steps were i think in the way that we've been able to consolidate um you know over this last year we we we're in a different position really in in assessing our options um but um so yeah on that one and again to my only comment there's no criticism there in terms of what was there before um i think it's just the opportunity of time and for us to assess uh you know what what the most appropriate next step is um sorry remind me on the second question sorry fraud fraud yes regarding the preponderance or are you as a word preponderance it might be wrong of an increased level of fraud i find fraud prevention obviously is this something which has come from post-pandemic so i might be home working so yeah so i guess if we if we if we if we sit the pandemic very specifically when we talk about things like business grounds aside um then you know we've we've not we've not got a pattern uh of significant fraud um even even despite the fact that you know we've got good arrangements in place um the the increased incident of fraud is something that is being seen across public sector so um invariably we we would be complacent i think to just sit on our laurels of low levels of fraud and just be comfortable um with the arrangements that we have um so um you know it's the need now for us to establish now that um that more dedicated role and um you know that conceivably inform i guess me and yan and the committee and in terms of and in the similar way to what i just touched on and with cyber security um and how we've evolved that in recent years you know that will that will guide us again in terms of the next step of our journey any any other questions or comments Martin thank you thank you Peter i'm a little surprised i guess that it's cheaper to be in house than to join with other organizations and i think you inferred that that's because we pay less um pay less and the gradings in which they in which the way that they assimilate okay across uh because they they sit differently and in terms of with the regional internal audit service uh to us and um that leads to upward trajectory in terms of assimilation over okay so it's a combination of it's probably probably the latter more than the former i think isn't okay so i was thinking about the risk is clearly if there are other organizations which are paying more for services we won't have yan for long because he'll go and get more money somewhere else for example for example of course he wouldn't easy loves it here and the other thing about having a smaller team is the specialties and it doesn't it isn't directly addressed i don't think in the paper things like cyber and it's very specialist areas where we have that facility in household we have to go buy that in yeah i think um i think it's the extent that we need to determine as to whether that needs to be drawn in or it can be developed i guess inherently within the team um so also you know it's kind of a conversation to be worked through so for example if we take something like the shared resource service the SRS which you've you know had a level of exposure on in in the last cycle and i guess Torvine has got a level of experience in that and undertakes the internal audit work in that area so sometimes you know that answer is not not not not too far away in terms of being able to identify the means to achieve that thank you that i think i think that's helpful i'm i'm supportive of the paper i guess because it's a it's a reasons positioned to be in but it feels to be running against the way the world is moving in local governments where individual organizations can't afford the standard they've owned yet in this case we seem to be able to and the clearly works out to be the case i wonder whether there's a lot of coverage on committees and sharing across grant etc but that got hula quickly purely on in this isn't it yeah and i'll probably make note of because it's public our seat RCT stepped away from the regional internal audit service in recent months you know they all have done that for their own reasons and in in terms of i guess as i understand it a bit of a consolidation and focus in terms of their own their own internal governance because they felt that i think in the way that it's been described at least it's you know it's allowed them to come back to i guess that bit around flexibility and being able to you know be able to really clear in terms of where you direct your internal audit resource so it's just you know it's just worth to note that and then the other bit on collaboration is you know collaboration in all walks of life in public service needs to be very carefully thought through you do not just collaborate for the sake of collaboration it's got to be for the right reasons so yeah and any assessment it's got to be a thoughtful one okay um Phil please yeah i was pleased to see the enhanced structure particularly in the current climate um quite refreshing really to see a team enhanced rather than depleted so yeah i mean obviously you accept that if we lose somebody there's there's a problem within the team but that's life isn't it um but no i think it's i think it's the right proposal i was just going to touch Peter on on our CT because i understand their model was to move performance closer together with internal audit which i you know that seems a bit counterintuitive to me that you know internal audit you know can hold performance back and and then perhaps not not best place to be too close together so i'll see i mean three moments of experience of me that perhaps that's uh that's the answer for someone else but uh but it didn't seem sensible to me okay i'm not seeing any of our hands so a couple of comments and one question i think um thank you Peter for paper i'm grateful to officers for early sight of draft of this this paper and the opportunity to provide feedback um i think it's it's a very good well thought out paper and clearly they're supportive of the recommendation i think it was important for our people that is the staff and this committee that we give certainty in terms of what the target operating model was and come to a swift and very sensible conclusion so yet again thank you Peter for your hard work in pulling this together so i so clearly clearly the recommendations accepted my question is is around timetable and all next steps i think the paper will say onto that could you just give us some insight in terms of what the next steps are please yeah thank you chair just remind me it just allows me the opportunity to come back in because it was one important piece i forgot to mention which is that um as you naturally expect it part of a proper process there's been a level of staff consultation um you know this extended obviously beyond yan but with the rest of the team um really good feedback received um but you know again very supportive in terms of the direction of travel um but not in a way of it the the option that being chosen is of course the option of least change for such colleagues they have actually come back in with very constructive uh comment i guess and in terms of how this can actually look to um put uh the internal audit service on stronger footing going forward um so that's that that's just good to acknowledge um so we've so we've already been through that uh hurdle back to your point on timeline uh so that's cleared so on the basis of um an endorsement uh today uh by the governance and audit committee we will be almost immediately looking to uh to to make move therefore um i'm looking to try and streamline uh the process uh as uh as much as i'm able to but obviously in in office offering fair opportunity i guess for the for the roles that are obviously um brought forward as part of the process um so you know i wouldn't want to get oh touch wood uh i wouldn't want to get passed um and the summer really uh with us um not having this uh or implemented in through okay that sounds positive thank you very much so clearly you have a committee's endorsement and look forward to an update in terms of when it's actually been implemented thank you once again we'll now move on to item 12 item 12 is the reformatted uh committee forward work plan may i just pass my thanks to wendy and i think Cheryl for the work they've um they've been involved with in terms of developing it i was content of the content uh but were there any questions or comments members no we'll then move on to the minutes of a previous meeting yet again i've reviewed vv's and they have no particular comments or questions but may look to members for their views happy to approve okay we will we will we will approve those minutes thank you and the final um the big part i shouldn't just confirmed we've already addressed item 11 so so at the top end of this meeting the final then that is to confirm the date of next meeting hopefully this new diary is 6th of June and think that concludes this committee meeting so thank you one and all [BLANK_AUDIO]
Transcript
Okay. We will now move to item three public open form. May I just check Tony? Your mic is on. Did you wish to speak? Okay. Public open form. This is the opportunity for members of public to address the committee to raise any concerns or relevant matters. Wendy, have we any members of public who wish to address this? That no chair. Okay. In which case we will move on to the action list. There's four actions in the action list. We'll start as this tradition with the first one and that's in relation to a paper, possibly an informal paper on finance team capacity. Members will be aware this is a long outstanding paper. So I can see John Davis head of finances on the lines. John, can we kindly give an update in terms of where we are of this paper, please? Yeah, afternoon, everyone. And thanks, Chair. Yeah, I think I communicated via email over the past week or so that the paper is near and completion. It's not a paper that is going to come in front of the committee as a report as such. So this is very much an operational paper that outlines the changes required to the finance structure. It's, as I say, near and completion. So I'll hopefully be able to share that with yourself. Chair, at the same time as it goes across to Peter has in his role as chief officer for resources to be able to consider and sign that off in the Peter's role. So yeah, hoping to be shared this week. It's near and completion. It doesn't mean an easy one because it encapsulates quite a few temporary arrangements that we've had in place. So just needed to bottom those out before bringing that forward as a final version. Hopefully that gives us an update. So John, thanks for the update. We did discuss it. We're at the pre-meter week or so ago. Given how long it's taken to see the light of day, I did strongly indicate that I'd want to pay per bike end of this month, which is effectively tomorrow. So I would like it. Water and all tomorrow, please. Are you happy to do that? I'll work towards that, Chair. I'll take a look through and hopefully share something at the same time that is sent over to Peter. Thank you. Much appreciated. Okay, we've gone to the actions. Actions 2 is not due until next month. I'm not going to go to MAT unless he signals that he wishes to update this point, but I look forward to seeing that paper at next month's committee. Item 3 is included within Richard Jones' excellent paper on risk management and item. What is it? It's fair. Item 6, conceived of looking. So what I'm going to ask Peter Davis to provide an update unless he wishes to at this stage and similarly item 4, that's not due until late in the year. So no update of this point is required. If we could then move on to item 5. Item 5 is the Audit Wales Program Council Board of Wales Work Program Council Progress Update. And I believe this item is going to be introduced initially by Hannah Carter Performance Analyst. So Hannah, over to you, please. Thank you, Chair. Yeah, so today we have the Audit Wales Work Program Progress Update for members to review. This is a six-monthly report that was last presented to the committee back in October. So this report provides an update on the progress being made by the Council in implementing the findings of Audit Wales reviews. This includes both local and national studies published by Audit Wales. So for our local studies, recommendations that we deem require further attention are marked as open. And then when a recommendation has been assessed as been adequately addressed, it's marked as closed and an explanation might be provided. So the local reviews currently marked as open can be found in Appendix 1. These include a review into financial sustainability and also a review into asset and workforce management. As well as these local studies, Audit Wales also publish national studies. And whilst the findings of these studies may not always be specific to Monma Shaw or necessarily pertinent, we do share these with the most appropriate service area to consider their findings and recommendations and to respond accordingly. And the Council's management response to national studies can be found in Appendix 2. There's been just one national study published since the last update provided to the committee, and this is into regeneration of Brownfield sites. Something to note for the committee is that the management response template for our national studies has been adjusted very slightly to include a responsibility holder and time scale. And this is to ensure alignment with Audit Wales's organisational response forms that we are required to complete following these national studies. The committee is asked to scrutinise the Council's response to the Audit Wales work program and seek assurance that adequate progress is being made. And they are also able to refer any issues contained within the national studies for other committees to consider where they identify their findings that may require some further scrutiny. And I'm happy to take any questions that you may have from the report. Okay, thank you, Hannah. Let's go to members first for questions and comments. Martin. Thank you, Chair. Thank you, Hannah. It's a helpful report. If I write your reading this, these are only the Open Audit Wales recommendations, so there are some which have been closed. It would be helpful, not for this time, but for in future, just a brief summary of the ones that have been done just so we understand what action has been done to make sure we've closed that off happily. Specifically then, on the appendix one that's here today, and the finance proposals, the bottom one and the finance proposals on page six of the paper talks about robust details, review of plan savings brought forward to ensure impact on service deliveries mitigated where possible. And it says March 24. That's so, I presume that hasn't yet happened, always in progress. Yes, so this is referring to setting a balanced budget, which was then done in March 24. That's why it's not as much 24. So that action has been done. Ah, but it's because it's part of a bigger overall action, which has the opening of that way, it's a looping. Okay, that's really helpful. A couple of other places, however, where the actions are marked as ongoing. How on earth do we ever close off an ongoing action? Yes, I think that's the first point. I have closed actions as well. It's going to be helpful and I'll come on to the ongoing one. In terms of close, there aren't any actually within this report that close, but it's to say when we close an action, we will also include a rationale for closing it within this report. And also, I know all the way else colleagues on the call are planning further follow up work on closed actions as well. So that may help the committee and certainly help as an organisation. In terms of ongoing, I think it's a fair challenge. I think some of the nature of the actions is, Hannah's just sorry. Hannah's just pardon me. As Hannah's just described, we'll have a specific end date, so we'll set the budget on a certain date and we can see the actions closed. Some of the things we're doing are looking at ongoing incremental improvements to how we deliver in services. So, the one in front of me around the asset management plan has now been put in place. Within that, there are a range of actions and activities that will set out different milestones and measures which they want to deliver. It's difficult for us in one paper to wrap all those up at a headline level, too. But I think it is a fair challenge and something I think we'll take back to when we're working with service areas we respond to these, try and pin down clear timescale. So both we and you can hold them to account for delivery and I'm sure what it was, Connie, to say the same. Thank you, Richard. That's really helpful. What I don't want to do is force officers into setting realistic deadlines to get things done. So I'd like them to think about these things. And if it is complex, it is going to take a while, let's be honest and say it'll take a year, it'll take however long it takes. But I hate ongoing because you can never close it off, Connie. Thank you. Any other questions or comments, please? Okay. Before I turn to order Wales for various views on this paper, just to please say I didn't see you. With regard to the empty land and buildings piece, I'd note the response. I mean, we don't have the same issues in Momshire that a lot of authorities have do. And I know that officers are aware of where the brownfield sites are and what they are. And of course, it's great that the authority is sort of putting its own house in order first through the asset strategy. But I wondered whether we are actually meeting the challenge of being given with the audit Wales to be ambitious and interventionist and whether the sites that are around the county, are we aware of which collectively as an authority and being aware that that's very much cross departmental, are we identified those sites which are not coming forward in the normal, through the normal course of things, through the LDP or through anything else, and where the authority may need to intervene to avoid that site becoming a continuing beat to be a blight. I mean, I'm sure we can all identify a few around the county which are where there are ice walls where nothing appears to be happening. I think it's difficult for us to answer that when no sponsor of the service here, I think in bringing the paper forward with the committee, there's probably two roles. You've got one is a show on yourself around the initial response. The second one is if you think there are elements here that could be followed up in more detail, that could be something, for example, you refer on to a scrutiny committee, for example, to look at where this, obviously, I know the planning policy and the local development plan, for example, it is already part of the work program. Secondly, and more specifically, we can take that question away in us for the service here to provide a return response. So, I believe it to the committee to decide what further action I'd take, but I'm happy to take the specific question back to you. Thank you, Richard. Thank you, Sarah. You made some important points there. How do you wish to play it? We can ask the officers to come back to us with a fair update, or we could refer to scrutiny, or even potentially ask a relevant officer to attend this committee, albeit I'm not very keen at that last option. Have any thoughts, please, Sarah? Perhaps to identify whether we have a list, as an authority, do we have a list of the brownfield sites in the county and the sites in need for regeneration, and are we aware of the current status of those? I'm sure Phil will know more than I do. Phil, please, quite honestly, Chair, that's one for the replacement local development plan, which is due to P&M's by cabinet in September. So, I think Sarah would probably be better waiting until she gets that, because whatever there is at the moment could well change by then. Tony. Yeah, thank you, Chair. Page 11 on your report, I won't read all of it, but it says, this is the Council House, and can this directly involve communities in its development of the county, where you engage the stakeholders throughout the development of the replacement local development plan, et cetera. I won't read all the paragraph. I think that Yann knows what I'm coming from. Can you assure me that there will be that continued and regular involvement of communities rather than just righted down on you? I think, well, the response is given by the head of planning, placemaking, highways, it's a long title, highways, and flooding and regeneration manager. So, that's what they've committed to do in the response. I can't personally respond to that, Chair, but again, we can ask you if there's a specific question for the officer to respond. Yeah, so I do have some sympathies with Richard's view. So, Tony, I don't know if it's best asking that question directly to the officer outside of his forum, but if you're not satisfied, please bring it back, because it is related to the points within this paper. Yes, they've got concerns, yes. Okay, thank you, Tony. I kind of check, Sarah. Are you happy to wait to see the LDP in September? I am. Yes, thank you, Chair. I think that's an excellent suggestion from them. Okay, thank you. Just a few comments from me back to the finance proposals. Clearly, a critical set of actions here, and, you know, we have, as a committee, asked to be engaged in the development of a financial strategy, and I do note that the financial strategies on the agenda for our meeting next month, and I'm sure that that will come forward as appropriate, which is really, really important, and certainly sort of the scale of the action set out here, and what the outcome actually desired is pretty significant and critical to the continuing the viability of this organisation. So, look forward to seeing that, and also looking forward to seeing these actions closed out. Before concluding, may I just turn to Gareth Lucy and Jason Williams for their comments in terms of the adequacy of the Council's response, please. Thank you, Chair. Yes, obviously, a lot of these comments relate to historical reports and outputs that we've made. So, you know, we maintain a contact with Council officers in terms of those responses, you know, and carry out a range of follow-up work as well as appropriate. So, you know, that work then provides us with the assurance we need that those are being taken forward. So, I want to use a combination of that ongoing dialogue and the follow-up work that will provide assurances in the Chair. Great. Okay, I take that, but you are broadly comfortable with what's said out. That is, there are no further contour indications. Thank you, Gareth. As I mentioned at the pre-meet, we will now move to item 11. Item 11 is the Ordes Wales Performance Data Review, and I'll turn initially to Gareth Lucy to introduce the item. I think Jason Williams will then provide a bit more detail, and then turn to members for questions and comments. So, back to you, Gareth, please. Thank you very much, Chair, and good afternoon, everyone. Just to introduce myself, my name is Gareth Lucy. I'm the Engagement Director with Responsibility for Delivery, of all audit work here at Momshire County Council. I've recently taken over from Anthony Ville, who has previously held the role. So, just to introduce this work, first of all, before I introduce my colleague, Jason, into to talk through some of the detail of the findings. So, this is a report on the Council's use of service users of perspectives and consideration of outcomes when it comes to its performance information. This is a piece of work that we've performed across all 22 local authorities in Wales. So, isn't a local audit risk that we've identified as such. This is a piece of thematic work that we've carried out all across the country, this report therefore forms the local output of that work for Momshire. We got 21 other reports similarly being presented elsewhere across Wales, too. It's worth flagging up at this stage that this is a report focusing on the use of service user perspectives and outcomes within performance information. So, this isn't a wider review of the Council's use of performance information, so its processes or its performance in that area. This is looking at a specific element of that. So, I just asked members to bear that in mind as they consider the findings of this report. Hopefully, everyone's had a chance to read the report in detail to see the main findings coming out of it. You'll also see after the report in the agenda PAC, the Council have also completed our organisational response form on page 1, 2, 3 of the PAC. That summarizes the Council's response to the recommendations that we've raised in the report as well. Although Jason will come on to those in a little more detail now, fundamentally, we're satisfied at this stage around the content and sufficiency of that response from the Council as well. So, with that all summarized here, I'll hand over to Jason now, we'll come up through some of the details of the report, and then hopefully, we can hand over to a Council officer then for a response in terms of their response to our report. Thank you very much. Yeah, I'm Jason Williams, senior officer with Audit Wales. I've been working on this particular review, amongst others, and just to follow on from what Gareth has said, we carried out this review to answer the key question, which was, does the Council's performance data enable senior leaders to understand the service user perspective and the outcomes of its activities to effectively manage its performance? We explored the performance information that provided the senior leaders on the perspective of service users, the information on the outcomes of the Council's activities and arrangements to ensure that the data provided is correct. The overall finding that we came to within the report, and this is all detailed within the report, and I'll just pull a little bits out as we go along, but the overall finding was that the Council provides some performance information to enable senior leaders to understand the perspective of service users, but informational outcomes was limited in restricting the ability to manage performance effectively. The reviews findings then, which fed into that overall finding, were as follows. So performance information provided to senior leaders includes some information, but it does not enable them to get a comprehensive understanding of the service user perspectives. We did find some examples of performance information, which would help senior leaders understand the perspective of service users, but overall we found the information on the perspective of service users did not enable senior leaders to get a comprehensive understanding of how well services and policies are meeting the needs of service users, particularly given the breadth of services are provided. Our next finding was regards to the performance information provided the senior leaders to help them understand the outcomes of the Council's activities as being limited. So we found some information about outcomes. Much of the information in the Council's report is based upon outputs, however, and quantitative measures with limited evaluation of those outcomes and the outcomes of the actions. Our next finding was around the Council has limited arrangements to ensure performance data. Reflecting the service user's perspective and the outcomes is accurate. The Council has limited arrangements in place to routinely check the accuracy and quality of data and performance information. There were things such as performance measures guidance, which we looked through in the principles and of development and checking performance measures. We looked at performance team and take sense checks and in consideration we found that inaccuracies with performance information may not be identified if anomalies were not noted. So another one of the points was that there has been no data quality orders that we had seen in the past four years and as the Council has limited arrangements, therefore, to assure itself that the service user perspective and outcomes data is accurate, there was then deemed the risk that performance information presented to senior leaders may therefore be inaccurate. Our next finding. As information provided on outcomes is limited, the extent to which the Council can use this information to help it achieve its outcomes is also limited. Some performance information to enable senior leaders were found to understand the perspective of service users, but information on outcomes was found to be limited and where we did find examples of the Council providing information, we found some examples of the Council then using that information and making changes. The next finding was that the Council recognised that it needs to strengthen the quality and range of information available to it. The Council has set new objectives in its community and corporate plan with a focus on developing more localized data to better understand the lived experiences of its residents, so that was stated. It will be important for the Council to benchmark and compare its performance arrangements, however, for collecting and reporting on outcomes and service user perspectives with other organisations. So having gone through that, coming to the final overall rather conclusion and finding, we came up with three recommendations, which I'll just summarize as in. The first was about the Council should strengthen the information it provides to its senior leaders. The second was that the Council should strengthen the information provided to senior leaders to help them understand the impact of its services and that's with regards to outcomes and then the third was the Council needs to assure itself that it has robust arrangements in place to check the quality and accuracy of the service user perspective and outcomes data provides to senior leaders. That report was produced, agreed, it's been agreed with Council and it has been submitted with an ORF, an organisational response form. As was mentioned by Gareth, that's been returned to us and our conclusion in that is that the Council's response to findings together with their planned actions was deemed sufficient and appropriate and that's basically it from, I believe, thank you. So thank you, Gareth, thank you, Jason, really, really helpful introduction. From my perspective, a very important paper and indeed it's a real challenge, not only from on the shy bet, but for other local authorities in order to sort of address a number of these recommendations. So before going to members, I note that a number of these actions, Citry of Richard Jones, Performance and Data Insight Manager, as well as with Matt Gaethaus. Richard, did you want to say anything at this stage in terms of your confidence in delivering those actions, please? Yes, Chair, I think overall again, thank you for the audit, Will's work on this. It is timely, as mentioned, flipping the input from Jason, we set the community called Brown, looking at developing our outcomes of this piece of work from what it well is to inform that. It's helpful, I think, what I'd give some assurance to members is that we have some arrangements in place and we have performance monitoring reporting in place, we have a performance management framework in place and we have regular timetable of work plans to report those in. I think what the report challenges on is strengthening that to focus on outcomes in the services perspective. Some of those things we have in place, I think the report cites some of those examples around things like our self-reloration report, things like our directors reports coming from chief officer in social care health and chief officer's children and people, but nonetheless, as our management response covers, we're looking to strengthen those arrangements in the coming months and years ahead. So, in terms of the key actions, there's a couple of key things we're looking to do. Firstly, is strengthening the measures within the community and corporate plan to try and make sure there's focus on outcomes and the service use of respect as they can be recognizing that no one number alone will fully reflect that and actually, I think as we've talked to this committee for about our self-assessment arrangements, bringing a wide range of evidence to support our self-assessment will be important and that won't just be quantitative evidence that will be qualitative as well and sometimes that will take a while to develop review, evaluate and bring that forward which is partly linked to one of our key second actions for both the first two recommendations and working with service areas to strengthen their own information gathering and assessment through their service plans as well because it's that that then for feet and vocal but reporting and the service areas are the ones closest to the service uses and the outcomes where they're being delivered as well, but again, just to reiterate, there are arrangements in place for that and we do have good examples where that's in place nonetheless, it's about making sure that practice is even and consistent across our range of services as well and the final action there that links to our self-assessment arrangements which I've already covered and then finally around the third recommendation around the quality and accuracy or information again, Jason, hopefully we'll do some of the arrangements we have in place in terms of, you know, providing that assurance to ourselves around do we have robust arrangements to check, to check quality sure performance data, I think a big part of it for us is it's not looking just at the name and point check but looking at data for its life cycle, so looking at when data is first, when it's first entered, how it's stored, how it's exported, how it's exported, rather dated and reported and you know, I think the way we're looking at our actions takes forward around the data material assessment, it's looking at across that whole life cycle including some of the processes we have in place to do some of those end-point checks and part of that, you know, I've spoken to Jan as well in terms of the work that we can jointly do within an audit, the strength and some of those arrangements as well, so that's a brief overview and confidence in terms of where we go next and I'll see a report on that committee, I don't know, Chief, if Matt wanted to add anything. I think there was a sort of fairly comprehensive initiative input from Rich and also just your chair as needed to pick up any subsequent questions from the committee. Great, thanks both, so I'll have two members for questions and comments, either towards Wales or to officers. Only a quick one, Chair, just a bit of clarification really, on a general point. All these Wales, in particular, there's various references to effectively or what appears to be effectively accepting the reports that have provided to senior managers as being correct if they're doing a financial audit, that the information provided by officers and internal audit is correct and then there's a heavy reliance upon us getting what we give out that they look at being correct. So my question is, what tests go on on that? You know, are we actually hanging ourselves when perhaps we shouldn't have done? You know, this general question about how the effectiveness is worked through. Thank you. So I think that's essentially a question about data accuracy and integrity. Richard, do you want to go with the answering right, please? Yeah, thanks. Thanks, Councillor MURPHY. It's a good point. Again, I think, probably look, it's a different area's responsibility and then at each point those are different areas in essence of check. So we take performance data as a line in this report, so obviously we'll have a responsibility holder in the service area who will be generated in producing that performance data. Part of our response round data maturity is making sure that they have the skill support awareness they need when they're producing the data to think of it through that lifecycle. So has it been entered correctly? Are they validating it before then they pass it on to be used in the next chain in the cycle? As you describe, the next part of that in terms of if I looked safely at the arrangements having place with a community and corporate plan performance measures, which are important to us because they are our headline measures of our objectives as an organisation, we have, as described in the report, definitions, proformers in place, which would calculate things like variants. We'll ensure that the officer providing information is signing off that they're happy it's accurate. If there are variants, it's like that we as a team will act as a potential another check in that process to test then why is something varied? Have you had a changing process? Have you changed your system? Has the performance gone up or down that much? Why? And that's another check in the line. And obviously we then report through two committees as well, who at the end point have a scrutiny challenge role. I know in using with the response to report with into an audit colleagues of our new into an audit part of their work programme, we're required or we're on a risk basis to be important also to test out some of the performance data and data arrangements services have in place. So I think it's we have a process in place but for me it's not just the process, it's making sure that the culture, the skills are embedded within that and that's where I think our response will help working as a performance team and in these and with the with all the colleagues as well as our whole system. Thanks for that which obviously a lot of care taken there but can I just turn the question on on audit Wales then please and just see what their perspective is on that. Do you want to repeat your question for Ben for Wales? Basically even though you have acknowledged the amount of care which is taken in preparing reports and the information provided to you, what checks do you carry out to make sure that that is in fact the case? Yeah thank you Chair and thanks to the Councillor for the question. Yes ultimately this is kind of the skill of the job ultimately as an auditor is to assess the data that's put in front of you and come to a conclusion as to whether it's something that can be relied upon or whether further work needs to be done and if further work needs to be done what that work therefore is. So some professional skepticism is really what underpins the work that we do. It's really just carrying that mindset forward to review every piece of information we get be that for auditing the accounts or for a piece of performance audit work and constantly assessing whether that is a viable and accurate piece of information and sometimes that's more straightforward than others. So sometimes it's externally verifiable, sometimes we may need to stop colleagues who may have greater knowledge and assurances in this area, sometimes it's as simple as just asking through the questions of the person who's provided it and getting assurances that way. There's no set of approach ultimately but I suppose just please be assured from our part that this is something that underpins all of the work that we do, that we're never taking anything at face value and as an external auditor's we have to question what we're provided at all times. That was the anticipated response, thank you for that. Okay thank you Gareth. Have any Martin please. Thank you Chair. I guess this is which is this is probably view in the recommendation responses. As you mentioned the recommendation is one-on-two, there's a bullet that says support service managers to strengthen the use of evidence. How are we going to do that? Is that going to be a training courses, training people how to use data? What does support service managers actually look like? Yeah I think it'll be a range of things. So for example, Anne and I are responsible set up service business plan process as part of that. We have a range of guidance training materials that we'll provide managers with either generally offered or offered on a support or need basis and we'll be developing some new retailers part of that. So for example we'll be looking at doing some video recordings so we can have training available. We'll make people that hold in a specific session and also that will be part of then we're part of the various networks and performance networks. We may draw in specific training courses or support as available as well. So we've got a suite available I think the challenge and audit way as a report is a welcome moment in terms of that focus on impact. It's something we identified in our self-assessment process as well. So yeah there'll be a great emphasis now as we move in the next few months into through the service business planning to focus on training and supporting managers around ourselves more so than we currently do. That's really helpful thank you. Sarah next please. Thank you Chair. I think Melty has asked one of the questions I was going to ask. This is a really welcome challenge and very much echoes. I know what I know is the the administration's commitment to put the citizen experience at the centre of everything the council does and to use data robustly. I will also go to ask about the the training and so on but I'd like to ask audit Wales is really how do we compare to other authorities in that. Perhaps this is not something you could answer in this but I know that we're always ready to learn from good practice elsewhere. Thank you. Are you able to answer that Gareth? Yes yes absolutely and thanks again for the question. I think this is the really useful thing about performing these thematic pieces of work across all of the 22 councils as it allows us to compare also allows council officers to compare contrast, share and learn and ultimately that's what we're hoping for from this piece of work is it'll it'll act as that catalyst for discussion and sharing. Ultimately the I think the conclusions we've drawn here are fairly consistent with what we've seen elsewhere. Again wouldn't want to sort of pre-empt any other reports which may still be going through this process but they'll all be findable on our website later on anyway but it's fairly consistent. I think we found these sort of general themes of potential improvements that could be made in terms of enhancing the perspective of the service user and outcomes as part of performance management data. So I think the findings that we have here are certainly not unique. We certainly have seen similar themes elsewhere and what we'd hope now is let me say councils could get together, share information and learn from that but I suppose just as that final piece of reassurance you know what you see here is not more much of being an agglaya. I'd say this is very much part of being one of the past clearly and it's just a matter of now the steps from here to further that improvement journey. Okay thank you helpful Richard we'd like to come in there please. Just to add and thank Harris for that helpful explanation just to reassure the council that we're also part of network with performance colleagues across other organisations particularly through the WLGA and as we look to develop out our use of outcome measures we're looking and we're networking with them in terms of other practice we can we can learn from and share. Audrey please. Thanks Chair. It was only a quick one for Richard I was just thinking in terms of going forward. I just wanted to double check you don't actually get to name them but have you identified the service areas that are going to need additional support in doing that the outcomes, evidence in the outcomes and where they may need additional training. Yeah and I think we're all going to look to be more targeted so as part of our service business planning process we do a quality assurance process. I say we kind of largely largely leads that and a hand is in a piece of work to review all all 50 of our service business plans looking at the quality of the different areas and where those who perhaps need more support in different areas not just self-assessment but on things like risk for example others we'll we'll be more targeted using that information we've got to focus on certain areas and supporting them to strengthen the arrangements initially but really equally there will be an offer open for anyone within the organisation who wish to take it up as well. Okay, you're not seeing any of our hands raised so let's conclude this matter. May once again thank you, thanks, extend our thanks to Gareth and Jason for her contributions please feel free to stay but also please feel free to to leave as you as a dean for it. Many thanks. Thank you, Jane. Okay we'll move back to item six which is the Risk and Management paper. I think this paper is going to be introduced by Richard Jones, Performance Data and Insight Manager and Hannah Carter. I understand there's going to be a presentation, I don't know which all you want to take it but maybe is the presentation first or do you want to introduce this paper which is easiest for you Richard? Okay, if I introduce it and I hand over to Hannah who will share a screen on the call for everyone just to talk through a bit more detail about the changes and updates to the Risk Management Policy were proposed as part of the paper. So yeah thank you that chair. So there's two main parts to paper before you view to the committee. First of these to seek your feedback on our proposed revisions to the Strategic Risk Management Policy which just said Hannah will talk you through shortly and the second is to provide you with our own assessment of our implementation of our current Risk Management Framework and also to provide you with an overview of our current student risk facing the organization which I would be familiar with is part of our regular six-monthly reporting to you as a committee. Just briefly provide a little bit more context on some of those parts we'll hand over to Hannah. So in terms of the update to the Strategic Risk Management Policy to have a little to remind you why we've undertaken it now both in terms of our own self-assessment arrangements, the feedback from this committee and the feedback from interlord and our general desire to strengthen risk management and the organization's sort of led us to complete the review before you today and obviously the evidence feedback from all all those sources including yourselves has been considered as part of the policy. So thank you for your challenge and support in it. It's so far welcome anything further today. I think it's going to emphasize that the policy review has largely built upon arrangements we have in place. It's not looking at radically changing the basis and foundation we've got which I think it's worked as it's looking at strengthening and developing on our arrangements through the policy and we've presented three parts to pre-part to you tonight today. Firstly the policy itself secondly the risk appetite statement which obviously a key development within the policy and thirdly we thought it was helpful just to attach the sporting risk guidance as well and this is one of those as I mentioned earlier one of those many guidance documents we have in place to support services to actually implement some of our policies and in this case this supports the supports of guidance. This supports the policy sorry but as it's guidance it's not you know formally part of it but we thought it would be helpful to share with you as part of your scrutiny. The second part is our effectiveness of our assessment of our effectiveness of current student risks. Again this is building upon I think the last assessment review which was in February one of key updates just to bring your attention to which we factored in is we've had the conclusion of the internal audit review of our risk management arrangements which we we've considered as part of this assessment and then that gave a reasonable assurance rating you know with some areas of strengths and some areas of development and lots of which have we've embedded within the proposed revisions to the to the policy and then final part is to provide you with an overview of our risk register. So the main update changes to risk level summary of the key mitigating actions that have taken place that have been delivered or behind schedule in some cases in the last in the last six months since the last brought to you and as as you're familiar with now the responsibility to scrutinize the actual fall detail the risk register will go to performance and overview scrutiny committee in May and the the fall register will then also represent its cabinet to be be endorsed in in June. Finally today I don't know if you're going to cover the action points on the work role now would you want to come back to that? Coors just become back then because there's a lot here which need to to unpick it so finish the introduction and then go back please. I'm going to do a guide you through the policy changes. I'll just share my screen and we have a short presentation to go through so hopefully everyone can see that. Yes. So Richard has just covered these main points why we've done the the review and the role of the committee and so if I just go through some key changes so firstly we've looked to expand the description and introduction of wider risk management arrangements that the council has in place and so this has helped us to link to tedious management with the wider arrangements and then also to provide an additional level of assurance to both officers and members and that the arrangements that we have in place are wide ranging and also robust. Secondly we've looked to adopt the three lines model which is derived from the UK government's orange book on risk management and so this has helped us to more clearly define the responsibilities for risk management including the separation of risk management and overseeing the risk management process and this will help us to delegate and coordinate risk management roles within the organization. Next is the introduction of horizon scanning into a policy so I'm sure you all know when identifying risks there's a need to look at both what's currently happening but also what is going to happen and so we will use this horizon scanning model to produce sorry risk radar report on an annual basis and this will outline potential risks that may impact more mature overcoming years so this will help us to identify key uncertainties and challenges that may affect our organizations objectives and operations and thus help us strengthen our risk identification arrangements. Next is the introduction of direct risk registers so these will help us to track and manage the most significant risks facing each director. We currently have over 50 service business plans and these all feed into our singles treated risk register and so these direct at risk registers will essentially form a middle man between these two and sit between them and help us strengthen our escalation de-escalation and risk identification process and will also help the directorates in facilitating more robust and often discussion of risk. Next is our risk monitoring reporting so we have worked to further define our risk monitoring and reporting arrangements and this includes setting out how each element of the risk monitoring process should monitor and manage risks and how these all link together and we've also worked to outline our reporting arrangements on risk management including the role of this committee in overseeing the effectiveness sorry of risk management process and the last significant change we want to highlight is our risk appetite statement so we have worked further to define the organization's risk appetite through setting a risk appetite statement and we set a risk appetite range for various categories of risk based on organizational activity so this includes Chijic, financial and environmental etc. The risk appetite range is from a lower limit of a verse to an upper limit of eager and we've gone for this risk appetite range model to allow for differing risk appetite to be applied to different activity that may be contained with the same risk category. This risk appetite statement will set separately to the risk management policy and this is to allow for more regular review and update to ensure it remains relevant and appropriate and so that's it for the key changes that we wanted to highlight in terms of the next steps for this policy and following consideration of feedback from this committee the policy will be presented to cabinet in June for formal approval and following cabinet approval we will work to embed the proposed changes and strengthening arrangements that are currently in place as part of a phase introduction and work with officers to embed this policy. Thank you. Okay thank you Hannah. Let's go back to Richard. Richard is going to pick up fee and pick up and cross reference to action three in the action list and highlight how we go into how this is going to be addressed back to you Richard. Yes thank you Jim. Yeah so so your action list contains an action around which corporate risk control policies is committee you should review. So we've considered this as part of the review of the policy as Hannah just outlined we identified under section 2.3 of the risk management policy other arrangement which are integral to managing and are part of student risks. So these are health and safety emergency planning, insurance, finance, internet audit, information governance and cyber security some of which I know you already have oversight of a committee others maybe you haven't had as much or or any site of it in your forward work program so far. So our proposal is as they are embedded in our link to our student risk management policy we think they're appropriate and logical that the committee has oversight of them. We've proposed in that as each arrangement each of those arrangements has different arrangements in place. It's important they're considered each individually and in context of the various governance and accountability arrangements they have but as a first step in your oversight to that we've proposed an in agreement with the deputy chief executive as well. We've provided your forward work program for July and I tend to bring together a composite overview of each of those as the first step in your oversight and then as a committee you can take a view from there. So that's our proposal to respond the action by obviously subject to your views cheering the committees. Thank you. Before we go to questions just to say thank you very much Richard and Hannah for great work here. I have the opportunity to speak to Richard several times and provide comment and feedback and much of my feedback has been addressed in the drop in the version you have before you which which really pleases me without wishing to constrain any comments questions or concerns. Yeah this committee has my personal view and it's a personal view is that this is the best articulation of the risk management framework I've seen in the public sector in Wales by quite some margin and it's a real sort of credit to the team involved with this and Peter if you could just take that compliment it is a great work and I'm really pleased with the progress made in terms of starting to articulate a risk appetite. That is a foundation for all good risk management and many public sector organisations shy away from that or paid lip service and I'm really pleased with the high quality intellect applied to this challenging piece of work. Saying all of that there's some real challenges now about operationalising and embedding this and this is where the senior leadership team and Dr Peter Davis our deputy chief executive to take an active lead in supporting Richard and team in this endeavor because it's essential to the ongoing viability and success of his council. I'll pause if you have a comment to make but let's go to questions and comments please members. I thought you'd look across at me then. I agree with what you say it was a slog going through it. I'd admit that it was a real slog but it was all there and you know it was difficult to punch any holes in it really but yeah it was a very very comprehensive report so well done. Thank you Phil. Peter. Yeah thanks Sharon thanks Richard and Hannah for that work. Just really something that perhaps we as a committee could recommend to perhaps front of the scrutiny committees or cabinet member to pick up on from the report and that's on 2.3.2 reference there to the Gwent local resilience forum and in particular to the community risk register. That register is clearly written for the public to read you know good see from the language and so on but I suspect that the great majority of our residents are blissfully unaware of of that document although no doubt it's hidden away well not hidden away it's it's secure somewhere on our on our website. I just wonder if we could recommend that some either one of the scrutiny committees or whoever have a look at whether we should be doing more to publicize that that register so that some residents they know what they can do to help themselves but they also know what we as a council can do to help them if if the risks become realities. Thank you. Thanks Peter. Richard able to give a response to that please. Yeah I think it's really important part of our arrangements and you know it's why we would innovate it in terms of you know we'll be looking at from an organisational perspective so relevant risks and one wish we came to council's delivery of its objectives we'll also feature on our street interest register as well I think in terms of you know clarifying the roles and responsibilities as I just mentioned is that emergency plan will be one of those areas linked arrangements that we've proposed and to bring back to you in in July you know clearly that register is an important part of it so in terms of you know any further action or oversight it might be you know helpful for the committee to receive that paper and then you determine any other further scrutiny or activities in result of that. Yep I've had some sensible way forward thank you Richard. Martin. Thank you Chair and I just reiterate your comments I think it's a terrific piece of work really comprehensive. This I presumably going to be some training alongside this again to make sure that people understand what their roles and responsibilities are and that's particularly the introduction of director at risk register I think is a really excellent way of connecting it feels like a big gap from 50 to 1 and hopefully that means that director at senior leadership teams can have the regular discussions with us. I presume somebody is the risk management champion over to I don't know if it's you Richard but somebody in the organisation is that's that role and so somebody put some challenge into the process so when the director of risk register is to exist and things bubble up to the corporate risk register that somebody says why that and what's happening here you know we just check it and being you know putting a level of challenge into the risk register I think that that would be important. There's a really interesting comment about risk tolerance in here which I always describe as the number of plates you spin at once and that's really interesting as well because you're going to have individual risks and they can add up into something considerably bigger so I'm pleased you've tried to articulate that. There's a section of risk appetite and I hear Hannah what you say about a range but I think that there are risk appetite statements are guidelines and then maybe exceptional circumstance where you go outside even even a range but if something happens that so the upside is so big that you might want to take that risk and I think it's worth saying it's okay to go outside these as long as it's well you know the management magic phrase and if all your whales are here they now they'd still say this well managed risk taking is what they're after so if you've considered all the episodes and all the downsides and you made a decision and it goes on they won't kick you with well that's what they say in theory I will hopefully we won't get that point. Finally on horizon scanning I think that's it's also great that you've mentioned that I just wonder there's a lot of discussion in the paper about world and UK events that might sort of come our way there's also local things which you might think about so I wonder how you incorporate some more local horizon scanning whether there's going to be a risk management group of sort of willing people who are going to have that sort of a little bit of blue sky thinking every now and again that might be really helpful and if you really want to give your risk register the next level you can actually have the horizon scanning built into your risk register in terms of how far away is the risk and I've seen some risk register as well as you've read up the green for the scale and the risk there's also a proximity alert which is which in some place they've used blue as the sky is blue it's a long way away or grey the clouds are coming and black it's raining and it's here and I think that's kind of helpful as well in terms of understanding how far some of these things are because if it's a legislation maybe a couple of years down the road but we know it's coming versus a Q&A now kind of risk thank you Richard thank you thank Martin for the comments I think you know overall it raises a very important point you're a thank you committee chair and everyone for your feedback there's a team effort particularly involving Hannah but a wide range of colleagues so we'll take that back I think the important point you've you mentioned there Martin is about then embed in this I think you know Hannah Hannah may kick me into the table for this but this is almost the first part the big part then is actually operationalizing this and applying it and make sure people train and stand what it means applying it within the context is meant to be applied and applying it robustly as well I think that you know that is the next step for us you know in terms of our self-assessment report we bring to you as a committee we will be looking to know both test ourselves on that and give you assurance or or any areas where we think we're still to develop you know part of our process to bring this forward over so over the next six to 12 months in terms of embed in different parts of this policy once it's approved by by cabinet hopefully in in June and that allows time to make sure actually that those requirements are understood the processes and structures where they're not currently in place or they need to tweak are changed and that that understanding of the arrangements are really important I think you made a good point about you know risk appetite it is those guidelines it's partly why we went for a range is to provide that guidelines but I need to be applied appropriately and you know both in terms of well managed risk taking which is ultimately the heart of of what this paper is trying to try to get to we do you know as a team provide some challenge to any new risks and move forward but ultimately also then we've got those responsibility holders within the process set out in the policy to actually make those decisions as well to determine you know what's escalated into yes late off the studio risk register and I'm guided by guidance as well then yeah thanks for the helpful comments on sort of horizon scanning I think an area that you know so could be valuable in your forming you know just the next few months for the next few years in terms of our risk management and our policy development as well yeah and certainly looking local as well as you know regional and national trends will be important again something will be you know keen to engage a range with you know both both partners locally and regionally and nationally in terms of the evidence we can gather to inform that and again you know some of those challenges will be unique to mama show but some will be more localized in a different way or presenting themselves specifically in mama show we need to be aware of so yeah that's when we know a lot more to come great thank you Peter thank you Chair Tony just very briefly but first of all I probably don't want to take the plaudits as was maybe being suggested earlier to recognize I think what what's an excellent piece of work I think that's been I think that's with Mack Aitos and obviously Richard and Hannah but I think it's probably worth while we mentioning just echoing I guess Richard and Hannah brought this in front of strategic leadership team a few weeks ago I think the reaction and the response is very similar to your own chair and that of the committee I think this is an excellent piece of work it was unanimously supported I think it's the next stage of evolution I think in terms of our risk management arrangements I'm also particularly pleased in the way that the debate in the conversation took place SLT in the sense of really pushing back at immediate adoption and in fact that point of six to twelve twelve months leading because actually it's it's affording what is in fact the necessary time I think for us to be able to transition up into into those arrangements and make sure that they are using Richard's words properly and appropriately embedded I think the final point really is back to the action on the action log that I think Richard has talked well to and I think that there seems to be general comfort about bringing that report back in in July but clearly there'll be a piece there just in terms of being able to demonstrate back to the committee the arrangements I think rich probably take a second a second opportunity hand in hand with it to maybe take the policy now in its rewritten form and be able to actually apply that lens to it as well so it's maybe you know cutting our teeth you know with the new and updated policy on those identified corporate arrangements I think it's probably a really healthy thing to do up front okay thank you so let's look to conclude this matter if we turn our attention back to paragraph two recommendations it is a view of this committee that it recommends the policy for adoption by the council it is comfortable with these self-assessment results are set out within the body of his paper and it is comfortable with the proposed way to address the action tree and action list by by means of bringing forward a paper to his committee in July setting out relevant information so thank you one and all we will now move to the next item which is the internal audit plan at agenda item seven this paper being introduced by Jan Furtec our acting chief in ten Lordita Jan as per usual assume we've read the paper but draw out key points please thank you chair yes so this report aims to inform members of the governor's not a committee on the work to be undertaken by the intern lordit team at an operational level during the 24 25 financial year and I'm requesting that the committee review comment and approves this audit plan so the mission of intern lordit and the reason why we are here is to enhance and protect organizational value by providing risk based and objective assurance advice and insight we're an independent team we provide objective assurance and also consultant activities designed to add value and to improve the organization's operations we use a systematic approach to evaluate and improve the effectiveness of the risk management framework the control and governance processes within the council so the audit planning process takes into account all possible systems processes sections establishments that could be audited within mommasher this includes all services activities and functions which mommasher commissions and or delivers via a third party or via collaborative and partnership arrangements for the 24 25 audit plan the total number of available days amounted to 1300 that was based on five full-time equivalent auditors in the team for a full year we then take off an allowance for planned annual leave any sickness or estimated sickness training management time and admin time which is deducted and to give us our operational lordit days for the year so that calculation has left us with 813 operational days which we allocate across all service area director it's on a risk basis so the summary of that can be seen as appendix one in the report within this 813 days we also set aside 70 days for any special investigations where they could be allegations of fraud theft or bribery against employees of the organization and to also complete any reactive work as we need to if the intern lordit service was to complete a review of each of the service areas which would either due for audit or had not yet been audited and during that during the next financial year the resource required for the team would account would amount to around 2873 audit days therefore the audit plan has had to be risk assessed and prioritized to match the resource of the team chief officers and all heads of service were given the opportunity to contribute and to shape the audit plan the initial plan was provided to a meeting of the street leadership team along with chief officers in the departmental management teams to discuss and to refine a copy of the draft audit plan was also due to be presented to the meeting of the governance and audit committee on the 14th of march this year however as the meeting was cancelled a copy of the covering report and the audit plan was sent to all members via email as an opportunity to provide comment and to highlight any requests these have been taken account when devising the final version of the plan so there's a couple of key changes between the draft and the final audit plan these are highlighted within section 3.13 of the report and the majority of which were work in progress at the end of the flange leer which we didn't quite get over the line and to be issued as draft by the 31st of march it's important to highlight that this plan may change as the year progresses especially if the risk profile of our audit work changes it is intended that the audit plan remains fluid and will be dependent on any new priorities or risks emerge into the council so we can do reactive work as and when we need to this plan will therefore be reviewed quarterly by myself as the acting chief intern lordster and discuss regularly with the deputy chief executive and chief officer of resources and also the chair of the governance and audit committee as and why necessary if we do need to significantly change the audit plan that will be brought back to the committee for further approval consideration is given throughout the audit plan for the appropriate level of resources for intern lordit at mommasha came to council the current establishment of five members of staff remains just about adequate for the current level of assess risk although this will be considered as part of a later item on today's agenda it's worth noting that if there was any unplanned absences such as long-term sickness accomments prolonged investigations or prolonged reactive work undertaken this could significantly impact on the audit plan as cover is limited so the 24 25 audit plan is attached as appendix two to the report the audit jobs have been risk assessed and prioritized which matches to our available resource for the year we therefore have 47 audit opinion jobs and 25 non-opinion jobs incorporated into the plan and it is my opinion that this will be sufficient audit work and coverage to provide informed end-of-year audit opinion to committee this time next year so governance and audit committee are responsible as per the terms of reference of the committee to approve and monitor the intern lordit plan over the course of the year quarterly reports will be presented promptly by myself informing committee of the current progress against the approved plan the opinions issued issued an assembly of all unfavourable reports the committee's role is to hold officers to account and provide oversight of the audit process and the organizational system of internal control i therefore ask committee to approve the 24 25 audit plan and happy to answer any questions thank you Jan questions or comments please Martin thank you Jan it's very comprehensive as always one thing i don't get a flavour from from the the table of appendix two which lists the audits you have yes knows as the order to do and then you alongside the ones you have chosen there's a risk level of mediums and highs obviously no low level ones all the ones that are yes but you're not including i presume they are lower risk level and the ones you have included i presume that's right um is a good question um so in terms of the column with audit due so that's basically any area that either has not been audited or hasn't been audited within a five-year period we then risk assess each individual review to ensure that we concentrate on the jobs that need to be done within a year so um a good example could be second one on the list budgetary control capital that that would be a high risk review it is due there are a number of reasons why that has not been included within the audit plan for the current year um but it will be picked up most likely next year as part of the audit plan so there could be other ones like that it's all part of the risk assessment process thank you yeah and i figured there was more to it than meets the eye initially okay that that's helpful i'll come back to resources in a second but one thing you you you you you brought my attention to was powers 37 and 38 as you said they've got five whole-time equivalent stuff which adds up to 3,300 days and then you've said our allowance the lease signals training management admin is deducted and that brings us down to about 800 days so we lose 500 days or i don't know what's what the heck's that best part of it's over a third of our time it's a non-productive audit work and it'd be interesting how we talk about key performance indicators i thought that's not a particularly good place to be in i understand entirely staff we're entitled to leave and if staff are sick etc but that feels like a big big chunk of training management admin from our from our work i just i like to that the other question i was going to ask is around volume of work and the width versus depth and whether 72 jobs is too many jobs whether you can do more jobs or you do less jobs how long it takes but that's those kind of questions thanks John thank you Martin um yes in terms of your first point it does seem a lot of time um obviously annual leave is and bank holidays is statutory obligations we have to take that off and we have been quite frugal in terms of the calculation it all is all done scientifically in terms of um across the team to do this calculations we put in a nominal amount of sickness obviously we we don't know and hopefully none of my team will be sick over the next year um but we have to put in a nominal a figure on that obviously if there is um spare capacity during the year um sickness allocation has not been used up management time has not been used up admin time has not been used up um then members of the team can do potential and planned work and we add that back into the reactive time or we're a job has um overrun uh for whatever reasons it could be additional work required out on site then that can be used to offset some of that time as well in terms of your second question in terms of depth versus the number of audit jobs and that's part of our risk assessment um for each individual audit review so at the start of the year in that audit plan i put in a an estimate of time that we need available for each job so that's based on cumulative audit knowledge um that's not to say that a job might not overrun because i've put it down as 15 days and it might require 20 because of the level of depth that we need to go in to um during that review so each individual review is scoped we ensure that we cover all the high risk areas within that obviously if we had more time we could cover more areas and but we are trying to get as much audit worked and as much coverage across the council done with it with our resource thank you go to peter next please yeah thank you john um it's clear for me a report and and from your your answers that you've got a team who are dealing with a very heavy workload that you're only able to deal with with very careful planning um are you able to sort reassure us that your team are feeling positive about their work that they're not feeling overwhelmed by why that amount of work so that they're perhaps suffering from excessive levels of stress and anxiety because that in itself is is a risk um both from the point of view of our duty of care to our staff but also in terms of you know if we have those situations then people do start to go off sick and so on and then the NSA work doesn't get done things slip under the uh under the radar and and so on so i don't know if you could comment on the the general level of morale amongst your team yeah thank you for the question yeah so i'm not not going to lie audit work is is very challenging um the team are quite often put in quite uncomfortable situations especially when they go out on site um they have to ask a lot of questions that potentially sometimes are not welcome um and obviously deal and deal with that accordingly then especially if management disagree with the line of questioning or the recommendations which they then issue um so it is a difficult auditing is a difficult job um it's my role as um the manager of the team to ensure that the team uh um the team morale is is there that um members of staff feel supported when they when they do audit when they go out on site um i like to think that i support i support the team um and make sure that they they know they've got um got someone's got their back when they um when they go out and ask ask these questions um i'd like to say that the morale and the team is is quite good at the moment um and as we move on um i'm not not gonna say that let's say this it's a difficult job um and will the proof will be as staff remain happy staff remaining in work and issuing issuing audit reports yes just say thank you for that don't not make yourself a hostage support you now don't take take quick care and thanks for the clarity of answering and that little insight you you you've given us into the difficulties of of the nature of the job and uh certain circumstances i think many of us just don't appreciate unless we're reminded about it thank you yes that is the addition maybe um noting that there's an inherent tension between the order team the order term but generally orders are treated with respect for it Monmocha is that correct? yes that would be correct yeah great okay we'll go to Rod VNX Vince era Rod V please thanks thank you um just think in terms of forward planning uh yan at uh 4.7 it says about the global internal audit standards becoming mandatory in uh January um but that you um you're currently waiting for the guidance i was just wondered in terms of time skills in terms of you getting that guidance and what the likely impact would be in terms of your work schedule going forward okay thank you yeah so the latest that we've heard um should i believe as a starter last week was that there's still no decision that's been made on the if the public sector internal audit standards are going to be updated in light of the new global internal audit standards or whether the global internal audit standards will be implemented across the public sector in the UK the last i heard was that although the global standards are effective from the first of January it's likely that the public sector will have at least until the 31st of March and before they have to come on board with whatever standards are going to be put in place and whether but they're still considering whether the public sector standards themselves will be updated or we go on to the global standards so at the moment it's a wait and see um i don't think many heads of order quite happy with that we want to get going if we need to make changes we want to make them i know i've got a presentation down on the work program to give committee which we keep on pushing back there's no point in doing it until we know what we're what we're actually going to be playing with um so it is it is on our radar and we will look to implement as soon as we as soon as we know thank you Sarah please thanks chair a related question to peters i suspect and that chair knows that i've always said that strong audit is what and it enables an operational manager to sleep at night um i was concerned to see that in the in the audit plan a number of areas which had not been audited for some time or indeed in some cases ever um presumably because they were regarded as low risk but i'm just to what extent do you feel the team is is playing catch up on on previous years and things that have not been thoroughly audited previously i don't want to say that hasn't been thoroughly audited previously um it is just the volume of transactions the volume of areas that a council will and has to manage um we can't get across to everyone i mentioned that ideally we'd look at every area across a five-year period i think that is nayon impossible the the amount of actions that and the amount of teams across the council that would require some oversight and then this certain reviews that we want to do every year or every other year and some some of the fundamental financial systems like council tax um debt recovery we want to look at those more often than than other areas so unfortunately that means certain areas that are considered more lower risk would get pushed back and likewise the new duties that the council take on at the same time so some of the things that have never been audited it might because it's been a relatively new duty so we're waiting for a period of time for the service to embed themselves before we then come in and look at them so there's a number of reasons why an area might not have been audited um obviously we want to get across to everyone i'd love that column to say everyone's done within the five-year period in reality it's just not going to happen unless pete decides to give me an extra five or six months of staff but that's going to be for his decision yeah i think um i think yan's answered that well i mean i think the only supplementary add to it is um in probably describing the horrors of horizontals and the verticals of the organization so you know there's a nature of uh you know a variety of the uh audit work that's within uh the audit plan that i guess is cross-cutting um and you look to get those assurances around for example payroll um as has been you know a good example of um you know and that um allows us to to be able to get that sort of overarching sort of level of comfort um or at least where um inherently um you see those controls playing out through the organization um but by its very nature internal order is uh going back to i guess Richard's last item um you know it's an assessment of risk um on the basis of you know the best intelligence that you have at a moment in time and i guess even an internal audit plan and the one you see now um is iterative in that nature there may be risks that will materialize during the year and and it happens um you know what it work will switch out and in accordingly and that's the way it should operate um but yeah we um you know you're never going to get through a local authority uh a whole array of local authority services uh even in a five-year time frame um but we have we we do have wider business intelligence you know it's not it's not always an internal audit um that will give you a level of comfort uh with regards to robustness of arrangements within one service area to it to another um you know there's other lenses that are applied as well and again all of that feeds in to the construct of what you've got in front of you now thank you okay i'm not seeing any of the hands raised so we look to conclude by saying thank you for the paper very helpful and this committee approves the order planner set out we want to item eight item eight is the external QA of internal audit uh so back to you yarn please thank you chair yes the purpose of this report is to inform the committee of the external quality assessment EQA of the internal audit team which has been recently undertaken to ensure compliance to the public sector internal audit standards the public sector standards require internal audit teams to undergo an external quality assessment once every five years and they should be undertaken by a qualified independent reviewer from outside of the organization it was agreed by section 151 officers and the whilst chief auditors group that each local authority would complete an internal self-assessment which would be validated by an external reviewer from an independent council this approach was used for the last EQA which was completed um in may 2018 and has continued to be the approach undertaken across the public sector over the past couple of years it's important to note that the external assessment should have been completed by May 23 on basis of the five-year period from May 18 however due to the resignation of the previous chief intern-lord in April 23 and myself coming into post later that month it was agreed that this EQA would be delayed until quarter four of the 23 24 financial year to allow for an honest evaluation and validation process to take place so Monmasher's peer review was undertaken during quarter four and this was done by the acting into lord and manager who has the head of into lord at responsibilities at kafilly county borough council they are provided with all the self-assessment information associated documents and evidence as they saw fit um to request the results of the peer review assessment and the validation process can be seen as appendix one which is the final assessment report in summary the review confirmed that the Monmasher intern lord team generally conforms with the public sector intern lord standards and the areas of non-conformance would not considered to be significant there was one area of non or partial conformance and three actions required to strengthen the existing areas the area of non or partial conformance was that the EQA was delayed past its May 23 due date this was deemed minor by the assessor and not material to the overall assessment so the required action is to obviously complete the external assessment and ensure that this report is presented to the committee there are three areas for consideration which would help the team strengthen the team's conformance so it's amending the core principles of internal audit practice based on the new global standards which will be done as part of a review of the internal audit charter once we know these including a direct link and a direct reference for the local code of corporate governance within the audit charter so again that'll be completed when we review our audit charter later this year and to implement a standardized CPD recording process across the team which has already been implemented so we had implement we had identified these as areas for improvement within our self assessment and that was confirmed by the head of audit at kafili so that's our external report can be seen as appendix one and happy to answer any questions thank you Martin not an odd question but it's not observation I think it's a terrific outcome for you and the team Jan and I think generally conforms is such a a sentence which doesn't convey how good a report it is because there is no higher level than generally conforms it absolutely conforms is what it should say and I'm really pleased so congratulations you and your team yeah thank you and with clearly I would echo those remarks so it's a well done please pass on our gratitude and thanks to your team as well are there any more questions or comments no okay in that case we conclude by noting the various satisfactory reports many thanks okay item nine the implementation of internal audit of three recommendations back to you Jan please thank you chair yeah so my final report is the monitoring of implementation of recommendations issued during the 22-23 financial year so the purpose of this report is to show committee provide committee with an update on the progress the operational managers of it have made implementing these recommendations and to also confirm that this report has been presented previously to the council strategic leadership team so again a requirement to the public sector interlord standards is that we monitor and ensure that management actions or recommendations have been effectively implemented or that senior management have accepted any risks of not taking appropriate action so we conducted our follow-up work in January 24 we excluded one report which was issued with a limited audit opinion which was our lady in st michael's primary school due to the unfavorable opinion the school was subject to a formal follow-up audit visit which took place during march 24 so the results from the follow-up audit will be reported to the school chief order to answer the governance and order committee in due course during the next meeting but i can say that it was a more favorable opinion our approach to completing the follow-up work was based on the fact that all recommendations and action plans are for managers to implement within their agreed time scales so the most effective use of our resource was to contact managers to complete a self-assessment they provided the details as to the progress made and we reviewed the responses to ensure that senior management have taken the necessary action so overall during the 22 23 financial year we issued 82 recommendations and table one within the report provides a summary of the findings it's pleasing to note that overall 84 percent of recommendations had either been fully fully or partially implemented where they've been partially implemented um the details of the actions taken to date along with the revised implementation dates were provided by the manager and reviewed by the audit team and we were happy with the with those explanations there were eight recommendations which was stated as not yet being implemented the reasons for their delay was reviewed by the audit team and new target dates for implementation were confirmed were confirmed by managers as table two shows the majority of these were due to a timing issue we followed up in january of the eight five of them were due to be implemented by the 31st of march so that it was already entrained the actions were already being taken um the other actions which are delayed between june to december there are reasons why and were comfortable that those revised implementation dates are correct there was three recommendations where managers effectively decided to accept the risk associated with the original audit findings although it's disappointing to note that the recommendations will not be fully implemented we are of the opinion that the acceptance of these risks will not result in any undue risk being borne by the authority um this report as i mentioned has already been presented to a meeting of the council's strategic leadership team in february this year um chief officers are made aware of the recommendations outstanding within their portfolio and the chief executive has asked that all chief officers review the report and satisfy themselves that appropriate action is being taken by management especially where the risks have been accepted and that the chief officer was also comfortable to accept that risk in addition to management um so that's the report and happy to answer any questions okay thank you very much well i have any questions or comments for honest reports please okay no it looks like a clean bit of health clearly um if anything changes in terms of example the chief officers disagree with the view of their fairs um as direct reports please update us otherwise i think we can note those reports and be comforted by what's been set out there thank you once again we now move on to item 10 item 10 is the proposed future delivery model for internal audits and asked peter davis our chief deputy chief executive to introduce the paper over to you peter thank you chair um i think this has been a subject of ongoing reference for the benefit of the committee to understand how we're gonna look to consolidate and move forward with the internal audit service and given the former chief internal audit Andrew watson uh leaving probably about 12 months ago and committee will be aware that we were exploring conversations around a variety of potential collaborative endeavors and notwithstanding you know yan highlighted the interest earlier but yan has been working very closely with me and through variety of other conversations to look to develop a much more mature position and obviously a business case that looks to present a set of options and obviously a recommended option to move forward um undoubtedly i'm you know working on the basis that uh committee members have obviously read through the report and you'll see that uh the conclusion that is reached there um is for us to recommend that we remain actually in house but importantly to consolidate uh both the resources the skills and and the nature of the roles uh within the team um and that's uh as a consequence um and i think as the committee will will know um um i think uh it's been certainly a desire of mine and certainly the chairs as much as the committees to to make sure that uh you know we draw um swift conclusion uh in terms of the you know the way forward um the report i think has uh rep you know represented in in report form uh quite an awful lot of work that's gone through by way of discussions and and and looking through the detail and you understand i guess by the options assessed uh that those uh those aspects of uh looking at cost and independence and flexibility that each of those models obviously offers um some some of those options uh i think that we were exploring fell away quite quickly by way of the conversations that we sort of evolved um and um you know you even though that they uh stood on similar fair footing i guess in terms of their scoring um i think probably the most mature collaborative arrangement um and probably potential option for us in comparison to the in-house option was uh the regional intern lordit service that's uh currently in place um but we've you know engaged in a number of purposeful discussions with them uh around that and they've uh to their credit they've been very open in terms of sharing of detail and information booked in terms of structures and costs and the like um and for us to be able to assess and weigh and understand that uh against uh i guess the option that we're recommending to remain in-house um you'll see from the report that um uh in fact uh if we had been to entertain the regional intern lordit service that would have actually ended up costing us more um yes i understand uh there is invariably a point in terms of resilience which is what will come into play when whenever you look at any collaboration uh in all honesty um but i don't think that uh in fact outweighed uh i guess those other factors of cost uh and independence and flexibility is afforded by the in-house model i think it's important to note the experience that we've had um and mappy to put that on the record in terms of i think any you've seen it you know meeting on meeting in terms of you know what yan has uh look to achieve uh and to the i think the questions about the morale of the team uh earlier um i've uh um you know been very much uh in a place of having that straight talking discussion with the team and with yan um and i've welcomed the nature of them coming back to me uh quite early on in terms of informal feedback and that you know they're very very pleased um in terms of the trajectory they've taken and under um yan's uh leadership um but i don't i don't think i need to tell you that um i think you've seen that so um in the quality of the reports that are coming through um so naturally um and this is an important part i think of just you know i'm talking here publicly on live stream um you know i do want to thank um the regional internal audit service for the opportunity they've presented at this moment in time um and it's not to say that there is any door shut on any collaboration actually um you know you're going forward i think that would be sort of a naive statement to make i think uh yan as well as myself recognizes that the the world doesn't have a dynamic and changing place i think we all know that um but certainly i want to offer the team stability in order to consolidate off the back of what's been a really good first year under yan's leadership um but i've you know i've rightly had to uh demonstrate that through the um the business case and the report that's in front of you today um i think that the sensible decisions through both of us uh myself and yan and working with the team i think it's um it's been recognized the slight change of shape of the team's structure i think the need for a full-time equivalent chief intern in order to i think um is is is quite key um and i'm not gonna i don't think i'm gonna criticize the the previous arrangement where we shared one with new port um but i think by the the experience i think of or at least having the opportunity to be able to consolidate that more fully as as one full-time equivalent um i think given the environment that we're in nature of the debate today and in terms of you know um having somebody who's going to be able to offer that level of dedicated time in that senior role and that senior position and we've got to go through process uh in and around that um and that's the uh the interest you're showing um clearly at the outset of the meeting um but i think the fraud aspect is also very important as well in inherent within that um i think yan um and i think well i think we both knew and i think the committee knows that there's a need to um i'm not going to concern around our arrangements um i think i just want um an additional level of rigor in and around those arrangements and again given you know we talked about risk through this meeting you know and that's an area that all public bodies um you know are facing um into in terms of those inherent risks of of fraud as much as you have shan and kath uh come in to talk about cyber security you know there are areas that we have rightly invested in um in recent years to strengthen our capabilities and i think now is the right time to do the same uh in and around um our internal audit work so so yeah the report i think uh talks to itself um i'm really interested to just sort of get feedback from the committee um and to hopefully get the endorsement of the committee to sort of move in this direction and certainly for this uh this next period of time so thank you. Thanks very much peter we'll go to questions we'll start with tony please yes thank you chair um the two questions well i want to comment and to tell us a question 4.11 you've touched on the detachment of a shared service without your experience of the previous way we operated or was it a shared service or a shared person at that time the other question is um there's an indication that there's an increase in fraud um have you been able to identify where that fraud why has he increased where it's come from i noticed we've got detection regions to find it out but is this something pre-pandemic or post-pandemic just caused um a lot of work and things like that which might create fraud like i'm assuming it's fraud within the organization rather before the organization so in response to the first question um it was a shared post it wasn't it wasn't a collaboration in the fuller sense um even though i think you know a deepening of collaboration with newport um was one of the options that is obviously presented in the paper i think newport um and i think if um if mary and my my counterpart was here today i think he probably acknowledged one in the same they're in a they're in a different position to us as a result of um i think vacancies that they've suffered through a period of time they've looked to buy in from the market and i guess they're they were in a slightly different position in terms of understanding fundamentally what their next steps were i think in the way that we've been able to consolidate um you know over this last year we we we're in a different position really in in assessing our options um but um so yeah on that one and again to my only comment there's no criticism there in terms of what was there before um i think it's just the opportunity of time and for us to assess uh you know what what the most appropriate next step is um sorry remind me on the second question sorry fraud fraud yes regarding the preponderance or are you as a word preponderance it might be wrong of an increased level of fraud i find fraud prevention obviously is this something which has come from post-pandemic so i might be home working so yeah so i guess if we if we if we if we sit the pandemic very specifically when we talk about things like business grounds aside um then you know we've we've not we've not got a pattern uh of significant fraud um even even despite the fact that you know we've got good arrangements in place um the the increased incident of fraud is something that is being seen across public sector so um invariably we we would be complacent i think to just sit on our laurels of low levels of fraud and just be comfortable um with the arrangements that we have um so um you know it's the need now for us to establish now that um that more dedicated role and um you know that conceivably inform i guess me and yan and the committee and in terms of and in the similar way to what i just touched on and with cyber security um and how we've evolved that in recent years you know that will that will guide us again in terms of the next step of our journey any any other questions or comments Martin thank you thank you Peter i'm a little surprised i guess that it's cheaper to be in house than to join with other organizations and i think you inferred that that's because we pay less um pay less and the gradings in which they in which the way that they assimilate okay across uh because they they sit differently and in terms of with the regional internal audit service uh to us and um that leads to upward trajectory in terms of assimilation over okay so it's a combination of it's probably probably the latter more than the former i think isn't okay so i was thinking about the risk is clearly if there are other organizations which are paying more for services we won't have yan for long because he'll go and get more money somewhere else for example for example of course he wouldn't easy loves it here and the other thing about having a smaller team is the specialties and it doesn't it isn't directly addressed i don't think in the paper things like cyber and it's very specialist areas where we have that facility in household we have to go buy that in yeah i think um i think it's the extent that we need to determine as to whether that needs to be drawn in or it can be developed i guess inherently within the team um so also you know it's kind of a conversation to be worked through so for example if we take something like the shared resource service the SRS which you've you know had a level of exposure on in in the last cycle and i guess Torvine has got a level of experience in that and undertakes the internal audit work in that area so sometimes you know that answer is not not not not too far away in terms of being able to identify the means to achieve that thank you that i think i think that's helpful i'm i'm supportive of the paper i guess because it's a it's a reasons positioned to be in but it feels to be running against the way the world is moving in local governments where individual organizations can't afford the standard they've owned yet in this case we seem to be able to and the clearly works out to be the case i wonder whether there's a lot of coverage on committees and sharing across grant etc but that got hula quickly purely on in this isn't it yeah and i'll probably make note of because it's public our seat RCT stepped away from the regional internal audit service in recent months you know they all have done that for their own reasons and in in terms of i guess as i understand it a bit of a consolidation and focus in terms of their own their own internal governance because they felt that i think in the way that it's been described at least it's you know it's allowed them to come back to i guess that bit around flexibility and being able to you know be able to really clear in terms of where you direct your internal audit resource so it's just you know it's just worth to note that and then the other bit on collaboration is you know collaboration in all walks of life in public service needs to be very carefully thought through you do not just collaborate for the sake of collaboration it's got to be for the right reasons so yeah and any assessment it's got to be a thoughtful one okay um Phil please yeah i was pleased to see the enhanced structure particularly in the current climate um quite refreshing really to see a team enhanced rather than depleted so yeah i mean obviously you accept that if we lose somebody there's there's a problem within the team but that's life isn't it um but no i think it's i think it's the right proposal i was just going to touch Peter on on our CT because i understand their model was to move performance closer together with internal audit which i you know that seems a bit counterintuitive to me that you know internal audit you know can hold performance back and and then perhaps not not best place to be too close together so i'll see i mean three moments of experience of me that perhaps that's uh that's the answer for someone else but uh but it didn't seem sensible to me okay i'm not seeing any of our hands so a couple of comments and one question i think um thank you Peter for paper i'm grateful to officers for early sight of draft of this this paper and the opportunity to provide feedback um i think it's it's a very good well thought out paper and clearly they're supportive of the recommendation i think it was important for our people that is the staff and this committee that we give certainty in terms of what the target operating model was and come to a swift and very sensible conclusion so yet again thank you Peter for your hard work in pulling this together so i so clearly clearly the recommendations accepted my question is is around timetable and all next steps i think the paper will say onto that could you just give us some insight in terms of what the next steps are please yeah thank you chair just remind me it just allows me the opportunity to come back in because it was one important piece i forgot to mention which is that um as you naturally expect it part of a proper process there's been a level of staff consultation um you know this extended obviously beyond yan but with the rest of the team um really good feedback received um but you know again very supportive in terms of the direction of travel um but not in a way of it the the option that being chosen is of course the option of least change for such colleagues they have actually come back in with very constructive uh comment i guess and in terms of how this can actually look to um put uh the internal audit service on stronger footing going forward um so that's that that's just good to acknowledge um so we've so we've already been through that uh hurdle back to your point on timeline uh so that's cleared so on the basis of um an endorsement uh today uh by the governance and audit committee we will be almost immediately looking to uh to to make move therefore um i'm looking to try and streamline uh the process uh as uh as much as i'm able to but obviously in in office offering fair opportunity i guess for the for the roles that are obviously um brought forward as part of the process um so you know i wouldn't want to get oh touch wood uh i wouldn't want to get passed um and the summer really uh with us um not having this uh or implemented in through okay that sounds positive thank you very much so clearly you have a committee's endorsement and look forward to an update in terms of when it's actually been implemented thank you once again we'll now move on to item 12 item 12 is the reformatted uh committee forward work plan may i just pass my thanks to wendy and i think Cheryl for the work they've um they've been involved with in terms of developing it i was content of the content uh but were there any questions or comments members no we'll then move on to the minutes of a previous meeting yet again i've reviewed vv's and they have no particular comments or questions but may look to members for their views happy to approve okay we will we will we will approve those minutes thank you and the final um the big part i shouldn't just confirmed we've already addressed item 11 so so at the top end of this meeting the final then that is to confirm the date of next meeting hopefully this new diary is 6th of June and think that concludes this committee meeting so thank you one and all [BLANK_AUDIO]
Transcript
Okay. We will now move to item three public open form. May I just check Tony? Your mic is on. Did you wish to speak? Okay. Public open form. This is the opportunity for members of public to address the committee to raise any concerns or relevant matters. Wendy, have we any members of public who wish to address this? That no chair. Okay. In which case we will move on to the action list. There's four actions in the action list. We'll start as this tradition with the first one and that's in relation to a paper, possibly an informal paper on finance team capacity. Members will be aware this is a long outstanding paper. So I can see John Davis head of finances on the lines. John, can we kindly give an update in terms of where we are of this paper, please? Yeah, afternoon, everyone. And thanks, Chair. Yeah, I think I communicated via email over the past week or so that the paper is near and completion. It's not a paper that is going to come in front of the committee as a report as such. So this is very much an operational paper that outlines the changes required to the finance structure. It's, as I say, near and completion. So I'll hopefully be able to share that with yourself. Chair, at the same time as it goes across to Peter has in his role as chief officer for resources to be able to consider and sign that off in the Peter's role. So yeah, hoping to be shared this week. It's near and completion. It doesn't mean an easy one because it encapsulates quite a few temporary arrangements that we've had in place. So just needed to bottom those out before bringing that forward as a final version. Hopefully that gives us an update. So John, thanks for the update. We did discuss it. We're at the pre-meter week or so ago. Given how long it's taken to see the light of day, I did strongly indicate that I'd want to pay per bike end of this month, which is effectively tomorrow. So I would like it. Water and all tomorrow, please. Are you happy to do that? I'll work towards that, Chair. I'll take a look through and hopefully share something at the same time that is sent over to Peter. Thank you. Much appreciated. Okay, we've gone to the actions. Actions 2 is not due until next month. I'm not going to go to MAT unless he signals that he wishes to update this point, but I look forward to seeing that paper at next month's committee. Item 3 is included within Richard Jones' excellent paper on risk management and item. What is it? It's fair. Item 6, conceived of looking. So what I'm going to ask Peter Davis to provide an update unless he wishes to at this stage and similarly item 4, that's not due until late in the year. So no update of this point is required. If we could then move on to item 5. Item 5 is the Audit Wales Program Council Board of Wales Work Program Council Progress Update. And I believe this item is going to be introduced initially by Hannah Carter Performance Analyst. So Hannah, over to you, please. Thank you, Chair. Yeah, so today we have the Audit Wales Work Program Progress Update for members to review. This is a six-monthly report that was last presented to the committee back in October. So this report provides an update on the progress being made by the Council in implementing the findings of Audit Wales reviews. This includes both local and national studies published by Audit Wales. So for our local studies, recommendations that we deem require further attention are marked as open. And then when a recommendation has been assessed as been adequately addressed, it's marked as closed and an explanation might be provided. So the local reviews currently marked as open can be found in Appendix 1. These include a review into financial sustainability and also a review into asset and workforce management. As well as these local studies, Audit Wales also publish national studies. And whilst the findings of these studies may not always be specific to Monma Shaw or necessarily pertinent, we do share these with the most appropriate service area to consider their findings and recommendations and to respond accordingly. And the Council's management response to national studies can be found in Appendix 2. There's been just one national study published since the last update provided to the committee, and this is into regeneration of Brownfield sites. Something to note for the committee is that the management response template for our national studies has been adjusted very slightly to include a responsibility holder and time scale. And this is to ensure alignment with Audit Wales's organisational response forms that we are required to complete following these national studies. The committee is asked to scrutinise the Council's response to the Audit Wales work program and seek assurance that adequate progress is being made. And they are also able to refer any issues contained within the national studies for other committees to consider where they identify their findings that may require some further scrutiny. And I'm happy to take any questions that you may have from the report. Okay, thank you, Hannah. Let's go to members first for questions and comments. Martin. Thank you, Chair. Thank you, Hannah. It's a helpful report. If I write your reading this, these are only the Open Audit Wales recommendations, so there are some which have been closed. It would be helpful, not for this time, but for in future, just a brief summary of the ones that have been done just so we understand what action has been done to make sure we've closed that off happily. Specifically then, on the appendix one that's here today, and the finance proposals, the bottom one and the finance proposals on page six of the paper talks about robust details, review of plan savings brought forward to ensure impact on service deliveries mitigated where possible. And it says March 24. That's so, I presume that hasn't yet happened, always in progress. Yes, so this is referring to setting a balanced budget, which was then done in March 24. That's why it's not as much 24. So that action has been done. Ah, but it's because it's part of a bigger overall action, which has the opening of that way, it's a looping. Okay, that's really helpful. A couple of other places, however, where the actions are marked as ongoing. How on earth do we ever close off an ongoing action? Yes, I think that's the first point. I have closed actions as well. It's going to be helpful and I'll come on to the ongoing one. In terms of close, there aren't any actually within this report that close, but it's to say when we close an action, we will also include a rationale for closing it within this report. And also, I know all the way else colleagues on the call are planning further follow up work on closed actions as well. So that may help the committee and certainly help as an organisation. In terms of ongoing, I think it's a fair challenge. I think some of the nature of the actions is, Hannah's just sorry. Hannah's just pardon me. As Hannah's just described, we'll have a specific end date, so we'll set the budget on a certain date and we can see the actions closed. Some of the things we're doing are looking at ongoing incremental improvements to how we deliver in services. So, the one in front of me around the asset management plan has now been put in place. Within that, there are a range of actions and activities that will set out different milestones and measures which they want to deliver. It's difficult for us in one paper to wrap all those up at a headline level, too. But I think it is a fair challenge and something I think we'll take back to when we're working with service areas we respond to these, try and pin down clear timescale. So both we and you can hold them to account for delivery and I'm sure what it was, Connie, to say the same. Thank you, Richard. That's really helpful. What I don't want to do is force officers into setting realistic deadlines to get things done. So I'd like them to think about these things. And if it is complex, it is going to take a while, let's be honest and say it'll take a year, it'll take however long it takes. But I hate ongoing because you can never close it off, Connie. Thank you. Any other questions or comments, please? Okay. Before I turn to order Wales for various views on this paper, just to please say I didn't see you. With regard to the empty land and buildings piece, I'd note the response. I mean, we don't have the same issues in Momshire that a lot of authorities have do. And I know that officers are aware of where the brownfield sites are and what they are. And of course, it's great that the authority is sort of putting its own house in order first through the asset strategy. But I wondered whether we are actually meeting the challenge of being given with the audit Wales to be ambitious and interventionist and whether the sites that are around the county, are we aware of which collectively as an authority and being aware that that's very much cross departmental, are we identified those sites which are not coming forward in the normal, through the normal course of things, through the LDP or through anything else, and where the authority may need to intervene to avoid that site becoming a continuing beat to be a blight. I mean, I'm sure we can all identify a few around the county which are where there are ice walls where nothing appears to be happening. I think it's difficult for us to answer that when no sponsor of the service here, I think in bringing the paper forward with the committee, there's probably two roles. You've got one is a show on yourself around the initial response. The second one is if you think there are elements here that could be followed up in more detail, that could be something, for example, you refer on to a scrutiny committee, for example, to look at where this, obviously, I know the planning policy and the local development plan, for example, it is already part of the work program. Secondly, and more specifically, we can take that question away in us for the service here to provide a return response. So, I believe it to the committee to decide what further action I'd take, but I'm happy to take the specific question back to you. Thank you, Richard. Thank you, Sarah. You made some important points there. How do you wish to play it? We can ask the officers to come back to us with a fair update, or we could refer to scrutiny, or even potentially ask a relevant officer to attend this committee, albeit I'm not very keen at that last option. Have any thoughts, please, Sarah? Perhaps to identify whether we have a list, as an authority, do we have a list of the brownfield sites in the county and the sites in need for regeneration, and are we aware of the current status of those? I'm sure Phil will know more than I do. Phil, please, quite honestly, Chair, that's one for the replacement local development plan, which is due to P&M's by cabinet in September. So, I think Sarah would probably be better waiting until she gets that, because whatever there is at the moment could well change by then. Tony. Yeah, thank you, Chair. Page 11 on your report, I won't read all of it, but it says, this is the Council House, and can this directly involve communities in its development of the county, where you engage the stakeholders throughout the development of the replacement local development plan, et cetera. I won't read all the paragraph. I think that Yann knows what I'm coming from. Can you assure me that there will be that continued and regular involvement of communities rather than just righted down on you? I think, well, the response is given by the head of planning, placemaking, highways, it's a long title, highways, and flooding and regeneration manager. So, that's what they've committed to do in the response. I can't personally respond to that, Chair, but again, we can ask you if there's a specific question for the officer to respond. Yeah, so I do have some sympathies with Richard's view. So, Tony, I don't know if it's best asking that question directly to the officer outside of his forum, but if you're not satisfied, please bring it back, because it is related to the points within this paper. Yes, they've got concerns, yes. Okay, thank you, Tony. I kind of check, Sarah. Are you happy to wait to see the LDP in September? I am. Yes, thank you, Chair. I think that's an excellent suggestion from them. Okay, thank you. Just a few comments from me back to the finance proposals. Clearly, a critical set of actions here, and, you know, we have, as a committee, asked to be engaged in the development of a financial strategy, and I do note that the financial strategies on the agenda for our meeting next month, and I'm sure that that will come forward as appropriate, which is really, really important, and certainly sort of the scale of the action set out here, and what the outcome actually desired is pretty significant and critical to the continuing the viability of this organisation. So, look forward to seeing that, and also looking forward to seeing these actions closed out. Before concluding, may I just turn to Gareth Lucy and Jason Williams for their comments in terms of the adequacy of the Council's response, please. Thank you, Chair. Yes, obviously, a lot of these comments relate to historical reports and outputs that we've made. So, you know, we maintain a contact with Council officers in terms of those responses, you know, and carry out a range of follow-up work as well as appropriate. So, you know, that work then provides us with the assurance we need that those are being taken forward. So, I want to use a combination of that ongoing dialogue and the follow-up work that will provide assurances in the Chair. Great. Okay, I take that, but you are broadly comfortable with what's said out. That is, there are no further contour indications. Thank you, Gareth. As I mentioned at the pre-meet, we will now move to item 11. Item 11 is the Ordes Wales Performance Data Review, and I'll turn initially to Gareth Lucy to introduce the item. I think Jason Williams will then provide a bit more detail, and then turn to members for questions and comments. So, back to you, Gareth, please. Thank you very much, Chair, and good afternoon, everyone. Just to introduce myself, my name is Gareth Lucy. I'm the Engagement Director with Responsibility for Delivery, of all audit work here at Momshire County Council. I've recently taken over from Anthony Ville, who has previously held the role. So, just to introduce this work, first of all, before I introduce my colleague, Jason, into to talk through some of the detail of the findings. So, this is a report on the Council's use of service users of perspectives and consideration of outcomes when it comes to its performance information. This is a piece of work that we've performed across all 22 local authorities in Wales. So, isn't a local audit risk that we've identified as such. This is a piece of thematic work that we've carried out all across the country, this report therefore forms the local output of that work for Momshire. We got 21 other reports similarly being presented elsewhere across Wales, too. It's worth flagging up at this stage that this is a report focusing on the use of service user perspectives and outcomes within performance information. So, this isn't a wider review of the Council's use of performance information, so its processes or its performance in that area. This is looking at a specific element of that. So, I just asked members to bear that in mind as they consider the findings of this report. Hopefully, everyone's had a chance to read the report in detail to see the main findings coming out of it. You'll also see after the report in the agenda PAC, the Council have also completed our organisational response form on page 1, 2, 3 of the PAC. That summarizes the Council's response to the recommendations that we've raised in the report as well. Although Jason will come on to those in a little more detail now, fundamentally, we're satisfied at this stage around the content and sufficiency of that response from the Council as well. So, with that all summarized here, I'll hand over to Jason now, we'll come up through some of the details of the report, and then hopefully, we can hand over to a Council officer then for a response in terms of their response to our report. Thank you very much. Yeah, I'm Jason Williams, senior officer with Audit Wales. I've been working on this particular review, amongst others, and just to follow on from what Gareth has said, we carried out this review to answer the key question, which was, does the Council's performance data enable senior leaders to understand the service user perspective and the outcomes of its activities to effectively manage its performance? We explored the performance information that provided the senior leaders on the perspective of service users, the information on the outcomes of the Council's activities and arrangements to ensure that the data provided is correct. The overall finding that we came to within the report, and this is all detailed within the report, and I'll just pull a little bits out as we go along, but the overall finding was that the Council provides some performance information to enable senior leaders to understand the perspective of service users, but informational outcomes was limited in restricting the ability to manage performance effectively. The reviews findings then, which fed into that overall finding, were as follows. So performance information provided to senior leaders includes some information, but it does not enable them to get a comprehensive understanding of the service user perspectives. We did find some examples of performance information, which would help senior leaders understand the perspective of service users, but overall we found the information on the perspective of service users did not enable senior leaders to get a comprehensive understanding of how well services and policies are meeting the needs of service users, particularly given the breadth of services are provided. Our next finding was regards to the performance information provided the senior leaders to help them understand the outcomes of the Council's activities as being limited. So we found some information about outcomes. Much of the information in the Council's report is based upon outputs, however, and quantitative measures with limited evaluation of those outcomes and the outcomes of the actions. Our next finding was around the Council has limited arrangements to ensure performance data. Reflecting the service user's perspective and the outcomes is accurate. The Council has limited arrangements in place to routinely check the accuracy and quality of data and performance information. There were things such as performance measures guidance, which we looked through in the principles and of development and checking performance measures. We looked at performance team and take sense checks and in consideration we found that inaccuracies with performance information may not be identified if anomalies were not noted. So another one of the points was that there has been no data quality orders that we had seen in the past four years and as the Council has limited arrangements, therefore, to assure itself that the service user perspective and outcomes data is accurate, there was then deemed the risk that performance information presented to senior leaders may therefore be inaccurate. Our next finding. As information provided on outcomes is limited, the extent to which the Council can use this information to help it achieve its outcomes is also limited. Some performance information to enable senior leaders were found to understand the perspective of service users, but information on outcomes was found to be limited and where we did find examples of the Council providing information, we found some examples of the Council then using that information and making changes. The next finding was that the Council recognised that it needs to strengthen the quality and range of information available to it. The Council has set new objectives in its community and corporate plan with a focus on developing more localized data to better understand the lived experiences of its residents, so that was stated. It will be important for the Council to benchmark and compare its performance arrangements, however, for collecting and reporting on outcomes and service user perspectives with other organisations. So having gone through that, coming to the final overall rather conclusion and finding, we came up with three recommendations, which I'll just summarize as in. The first was about the Council should strengthen the information it provides to its senior leaders. The second was that the Council should strengthen the information provided to senior leaders to help them understand the impact of its services and that's with regards to outcomes and then the third was the Council needs to assure itself that it has robust arrangements in place to check the quality and accuracy of the service user perspective and outcomes data provides to senior leaders. That report was produced, agreed, it's been agreed with Council and it has been submitted with an ORF, an organisational response form. As was mentioned by Gareth, that's been returned to us and our conclusion in that is that the Council's response to findings together with their planned actions was deemed sufficient and appropriate and that's basically it from, I believe, thank you. So thank you, Gareth, thank you, Jason, really, really helpful introduction. From my perspective, a very important paper and indeed it's a real challenge, not only from on the shy bet, but for other local authorities in order to sort of address a number of these recommendations. So before going to members, I note that a number of these actions, Citry of Richard Jones, Performance and Data Insight Manager, as well as with Matt Gaethaus. Richard, did you want to say anything at this stage in terms of your confidence in delivering those actions, please? Yes, Chair, I think overall again, thank you for the audit, Will's work on this. It is timely, as mentioned, flipping the input from Jason, we set the community called Brown, looking at developing our outcomes of this piece of work from what it well is to inform that. It's helpful, I think, what I'd give some assurance to members is that we have some arrangements in place and we have performance monitoring reporting in place, we have a performance management framework in place and we have regular timetable of work plans to report those in. I think what the report challenges on is strengthening that to focus on outcomes in the services perspective. Some of those things we have in place, I think the report cites some of those examples around things like our self-reloration report, things like our directors reports coming from chief officer in social care health and chief officer's children and people, but nonetheless, as our management response covers, we're looking to strengthen those arrangements in the coming months and years ahead. So, in terms of the key actions, there's a couple of key things we're looking to do. Firstly, is strengthening the measures within the community and corporate plan to try and make sure there's focus on outcomes and the service use of respect as they can be recognizing that no one number alone will fully reflect that and actually, I think as we've talked to this committee for about our self-assessment arrangements, bringing a wide range of evidence to support our self-assessment will be important and that won't just be quantitative evidence that will be qualitative as well and sometimes that will take a while to develop review, evaluate and bring that forward which is partly linked to one of our key second actions for both the first two recommendations and working with service areas to strengthen their own information gathering and assessment through their service plans as well because it's that that then for feet and vocal but reporting and the service areas are the ones closest to the service uses and the outcomes where they're being delivered as well, but again, just to reiterate, there are arrangements in place for that and we do have good examples where that's in place nonetheless, it's about making sure that practice is even and consistent across our range of services as well and the final action there that links to our self-assessment arrangements which I've already covered and then finally around the third recommendation around the quality and accuracy or information again, Jason, hopefully we'll do some of the arrangements we have in place in terms of, you know, providing that assurance to ourselves around do we have robust arrangements to check, to check quality sure performance data, I think a big part of it for us is it's not looking just at the name and point check but looking at data for its life cycle, so looking at when data is first, when it's first entered, how it's stored, how it's exported, how it's exported, rather dated and reported and you know, I think the way we're looking at our actions takes forward around the data material assessment, it's looking at across that whole life cycle including some of the processes we have in place to do some of those end-point checks and part of that, you know, I've spoken to Jan as well in terms of the work that we can jointly do within an audit, the strength and some of those arrangements as well, so that's a brief overview and confidence in terms of where we go next and I'll see a report on that committee, I don't know, Chief, if Matt wanted to add anything. I think there was a sort of fairly comprehensive initiative input from Rich and also just your chair as needed to pick up any subsequent questions from the committee. Great, thanks both, so I'll have two members for questions and comments, either towards Wales or to officers. Only a quick one, Chair, just a bit of clarification really, on a general point. All these Wales, in particular, there's various references to effectively or what appears to be effectively accepting the reports that have provided to senior managers as being correct if they're doing a financial audit, that the information provided by officers and internal audit is correct and then there's a heavy reliance upon us getting what we give out that they look at being correct. So my question is, what tests go on on that? You know, are we actually hanging ourselves when perhaps we shouldn't have done? You know, this general question about how the effectiveness is worked through. Thank you. So I think that's essentially a question about data accuracy and integrity. Richard, do you want to go with the answering right, please? Yeah, thanks. Thanks, Councillor MURPHY. It's a good point. Again, I think, probably look, it's a different area's responsibility and then at each point those are different areas in essence of check. So we take performance data as a line in this report, so obviously we'll have a responsibility holder in the service area who will be generated in producing that performance data. Part of our response round data maturity is making sure that they have the skill support awareness they need when they're producing the data to think of it through that lifecycle. So has it been entered correctly? Are they validating it before then they pass it on to be used in the next chain in the cycle? As you describe, the next part of that in terms of if I looked safely at the arrangements having place with a community and corporate plan performance measures, which are important to us because they are our headline measures of our objectives as an organisation, we have, as described in the report, definitions, proformers in place, which would calculate things like variants. We'll ensure that the officer providing information is signing off that they're happy it's accurate. If there are variants, it's like that we as a team will act as a potential another check in that process to test then why is something varied? Have you had a changing process? Have you changed your system? Has the performance gone up or down that much? Why? And that's another check in the line. And obviously we then report through two committees as well, who at the end point have a scrutiny challenge role. I know in using with the response to report with into an audit colleagues of our new into an audit part of their work programme, we're required or we're on a risk basis to be important also to test out some of the performance data and data arrangements services have in place. So I think it's we have a process in place but for me it's not just the process, it's making sure that the culture, the skills are embedded within that and that's where I think our response will help working as a performance team and in these and with the with all the colleagues as well as our whole system. Thanks for that which obviously a lot of care taken there but can I just turn the question on on audit Wales then please and just see what their perspective is on that. Do you want to repeat your question for Ben for Wales? Basically even though you have acknowledged the amount of care which is taken in preparing reports and the information provided to you, what checks do you carry out to make sure that that is in fact the case? Yeah thank you Chair and thanks to the Councillor for the question. Yes ultimately this is kind of the skill of the job ultimately as an auditor is to assess the data that's put in front of you and come to a conclusion as to whether it's something that can be relied upon or whether further work needs to be done and if further work needs to be done what that work therefore is. So some professional skepticism is really what underpins the work that we do. It's really just carrying that mindset forward to review every piece of information we get be that for auditing the accounts or for a piece of performance audit work and constantly assessing whether that is a viable and accurate piece of information and sometimes that's more straightforward than others. So sometimes it's externally verifiable, sometimes we may need to stop colleagues who may have greater knowledge and assurances in this area, sometimes it's as simple as just asking through the questions of the person who's provided it and getting assurances that way. There's no set of approach ultimately but I suppose just please be assured from our part that this is something that underpins all of the work that we do, that we're never taking anything at face value and as an external auditor's we have to question what we're provided at all times. That was the anticipated response, thank you for that. Okay thank you Gareth. Have any Martin please. Thank you Chair. I guess this is which is this is probably view in the recommendation responses. As you mentioned the recommendation is one-on-two, there's a bullet that says support service managers to strengthen the use of evidence. How are we going to do that? Is that going to be a training courses, training people how to use data? What does support service managers actually look like? Yeah I think it'll be a range of things. So for example, Anne and I are responsible set up service business plan process as part of that. We have a range of guidance training materials that we'll provide managers with either generally offered or offered on a support or need basis and we'll be developing some new retailers part of that. So for example we'll be looking at doing some video recordings so we can have training available. We'll make people that hold in a specific session and also that will be part of then we're part of the various networks and performance networks. We may draw in specific training courses or support as available as well. So we've got a suite available I think the challenge and audit way as a report is a welcome moment in terms of that focus on impact. It's something we identified in our self-assessment process as well. So yeah there'll be a great emphasis now as we move in the next few months into through the service business planning to focus on training and supporting managers around ourselves more so than we currently do. That's really helpful thank you. Sarah next please. Thank you Chair. I think Melty has asked one of the questions I was going to ask. This is a really welcome challenge and very much echoes. I know what I know is the the administration's commitment to put the citizen experience at the centre of everything the council does and to use data robustly. I will also go to ask about the the training and so on but I'd like to ask audit Wales is really how do we compare to other authorities in that. Perhaps this is not something you could answer in this but I know that we're always ready to learn from good practice elsewhere. Thank you. Are you able to answer that Gareth? Yes yes absolutely and thanks again for the question. I think this is the really useful thing about performing these thematic pieces of work across all of the 22 councils as it allows us to compare also allows council officers to compare contrast, share and learn and ultimately that's what we're hoping for from this piece of work is it'll it'll act as that catalyst for discussion and sharing. Ultimately the I think the conclusions we've drawn here are fairly consistent with what we've seen elsewhere. Again wouldn't want to sort of pre-empt any other reports which may still be going through this process but they'll all be findable on our website later on anyway but it's fairly consistent. I think we found these sort of general themes of potential improvements that could be made in terms of enhancing the perspective of the service user and outcomes as part of performance management data. So I think the findings that we have here are certainly not unique. We certainly have seen similar themes elsewhere and what we'd hope now is let me say councils could get together, share information and learn from that but I suppose just as that final piece of reassurance you know what you see here is not more much of being an agglaya. I'd say this is very much part of being one of the past clearly and it's just a matter of now the steps from here to further that improvement journey. Okay thank you helpful Richard we'd like to come in there please. Just to add and thank Harris for that helpful explanation just to reassure the council that we're also part of network with performance colleagues across other organisations particularly through the WLGA and as we look to develop out our use of outcome measures we're looking and we're networking with them in terms of other practice we can we can learn from and share. Audrey please. Thanks Chair. It was only a quick one for Richard I was just thinking in terms of going forward. I just wanted to double check you don't actually get to name them but have you identified the service areas that are going to need additional support in doing that the outcomes, evidence in the outcomes and where they may need additional training. Yeah and I think we're all going to look to be more targeted so as part of our service business planning process we do a quality assurance process. I say we kind of largely largely leads that and a hand is in a piece of work to review all all 50 of our service business plans looking at the quality of the different areas and where those who perhaps need more support in different areas not just self-assessment but on things like risk for example others we'll we'll be more targeted using that information we've got to focus on certain areas and supporting them to strengthen the arrangements initially but really equally there will be an offer open for anyone within the organisation who wish to take it up as well. Okay, you're not seeing any of our hands raised so let's conclude this matter. May once again thank you, thanks, extend our thanks to Gareth and Jason for her contributions please feel free to stay but also please feel free to to leave as you as a dean for it. Many thanks. Thank you, Jane. Okay we'll move back to item six which is the Risk and Management paper. I think this paper is going to be introduced by Richard Jones, Performance Data and Insight Manager and Hannah Carter. I understand there's going to be a presentation, I don't know which all you want to take it but maybe is the presentation first or do you want to introduce this paper which is easiest for you Richard? Okay, if I introduce it and I hand over to Hannah who will share a screen on the call for everyone just to talk through a bit more detail about the changes and updates to the Risk Management Policy were proposed as part of the paper. So yeah thank you that chair. So there's two main parts to paper before you view to the committee. First of these to seek your feedback on our proposed revisions to the Strategic Risk Management Policy which just said Hannah will talk you through shortly and the second is to provide you with our own assessment of our implementation of our current Risk Management Framework and also to provide you with an overview of our current student risk facing the organization which I would be familiar with is part of our regular six-monthly reporting to you as a committee. Just briefly provide a little bit more context on some of those parts we'll hand over to Hannah. So in terms of the update to the Strategic Risk Management Policy to have a little to remind you why we've undertaken it now both in terms of our own self-assessment arrangements, the feedback from this committee and the feedback from interlord and our general desire to strengthen risk management and the organization's sort of led us to complete the review before you today and obviously the evidence feedback from all all those sources including yourselves has been considered as part of the policy. So thank you for your challenge and support in it. It's so far welcome anything further today. I think it's going to emphasize that the policy review has largely built upon arrangements we have in place. It's not looking at radically changing the basis and foundation we've got which I think it's worked as it's looking at strengthening and developing on our arrangements through the policy and we've presented three parts to pre-part to you tonight today. Firstly the policy itself secondly the risk appetite statement which obviously a key development within the policy and thirdly we thought it was helpful just to attach the sporting risk guidance as well and this is one of those as I mentioned earlier one of those many guidance documents we have in place to support services to actually implement some of our policies and in this case this supports the supports of guidance. This supports the policy sorry but as it's guidance it's not you know formally part of it but we thought it would be helpful to share with you as part of your scrutiny. The second part is our effectiveness of our assessment of our effectiveness of current student risks. Again this is building upon I think the last assessment review which was in February one of key updates just to bring your attention to which we factored in is we've had the conclusion of the internal audit review of our risk management arrangements which we we've considered as part of this assessment and then that gave a reasonable assurance rating you know with some areas of strengths and some areas of development and lots of which have we've embedded within the proposed revisions to the to the policy and then final part is to provide you with an overview of our risk register. So the main update changes to risk level summary of the key mitigating actions that have taken place that have been delivered or behind schedule in some cases in the last in the last six months since the last brought to you and as as you're familiar with now the responsibility to scrutinize the actual fall detail the risk register will go to performance and overview scrutiny committee in May and the the fall register will then also represent its cabinet to be be endorsed in in June. Finally today I don't know if you're going to cover the action points on the work role now would you want to come back to that? Coors just become back then because there's a lot here which need to to unpick it so finish the introduction and then go back please. I'm going to do a guide you through the policy changes. I'll just share my screen and we have a short presentation to go through so hopefully everyone can see that. Yes. So Richard has just covered these main points why we've done the the review and the role of the committee and so if I just go through some key changes so firstly we've looked to expand the description and introduction of wider risk management arrangements that the council has in place and so this has helped us to link to tedious management with the wider arrangements and then also to provide an additional level of assurance to both officers and members and that the arrangements that we have in place are wide ranging and also robust. Secondly we've looked to adopt the three lines model which is derived from the UK government's orange book on risk management and so this has helped us to more clearly define the responsibilities for risk management including the separation of risk management and overseeing the risk management process and this will help us to delegate and coordinate risk management roles within the organization. Next is the introduction of horizon scanning into a policy so I'm sure you all know when identifying risks there's a need to look at both what's currently happening but also what is going to happen and so we will use this horizon scanning model to produce sorry risk radar report on an annual basis and this will outline potential risks that may impact more mature overcoming years so this will help us to identify key uncertainties and challenges that may affect our organizations objectives and operations and thus help us strengthen our risk identification arrangements. Next is the introduction of direct risk registers so these will help us to track and manage the most significant risks facing each director. We currently have over 50 service business plans and these all feed into our singles treated risk register and so these direct at risk registers will essentially form a middle man between these two and sit between them and help us strengthen our escalation de-escalation and risk identification process and will also help the directorates in facilitating more robust and often discussion of risk. Next is our risk monitoring reporting so we have worked to further define our risk monitoring and reporting arrangements and this includes setting out how each element of the risk monitoring process should monitor and manage risks and how these all link together and we've also worked to outline our reporting arrangements on risk management including the role of this committee in overseeing the effectiveness sorry of risk management process and the last significant change we want to highlight is our risk appetite statement so we have worked further to define the organization's risk appetite through setting a risk appetite statement and we set a risk appetite range for various categories of risk based on organizational activity so this includes Chijic, financial and environmental etc. The risk appetite range is from a lower limit of a verse to an upper limit of eager and we've gone for this risk appetite range model to allow for differing risk appetite to be applied to different activity that may be contained with the same risk category. This risk appetite statement will set separately to the risk management policy and this is to allow for more regular review and update to ensure it remains relevant and appropriate and so that's it for the key changes that we wanted to highlight in terms of the next steps for this policy and following consideration of feedback from this committee the policy will be presented to cabinet in June for formal approval and following cabinet approval we will work to embed the proposed changes and strengthening arrangements that are currently in place as part of a phase introduction and work with officers to embed this policy. Thank you. Okay thank you Hannah. Let's go back to Richard. Richard is going to pick up fee and pick up and cross reference to action three in the action list and highlight how we go into how this is going to be addressed back to you Richard. Yes thank you Jim. Yeah so so your action list contains an action around which corporate risk control policies is committee you should review. So we've considered this as part of the review of the policy as Hannah just outlined we identified under section 2.3 of the risk management policy other arrangement which are integral to managing and are part of student risks. So these are health and safety emergency planning, insurance, finance, internet audit, information governance and cyber security some of which I know you already have oversight of a committee others maybe you haven't had as much or or any site of it in your forward work program so far. So our proposal is as they are embedded in our link to our student risk management policy we think they're appropriate and logical that the committee has oversight of them. We've proposed in that as each arrangement each of those arrangements has different arrangements in place. It's important they're considered each individually and in context of the various governance and accountability arrangements they have but as a first step in your oversight to that we've proposed an in agreement with the deputy chief executive as well. We've provided your forward work program for July and I tend to bring together a composite overview of each of those as the first step in your oversight and then as a committee you can take a view from there. So that's our proposal to respond the action by obviously subject to your views cheering the committees. Thank you. Before we go to questions just to say thank you very much Richard and Hannah for great work here. I have the opportunity to speak to Richard several times and provide comment and feedback and much of my feedback has been addressed in the drop in the version you have before you which which really pleases me without wishing to constrain any comments questions or concerns. Yeah this committee has my personal view and it's a personal view is that this is the best articulation of the risk management framework I've seen in the public sector in Wales by quite some margin and it's a real sort of credit to the team involved with this and Peter if you could just take that compliment it is a great work and I'm really pleased with the progress made in terms of starting to articulate a risk appetite. That is a foundation for all good risk management and many public sector organisations shy away from that or paid lip service and I'm really pleased with the high quality intellect applied to this challenging piece of work. Saying all of that there's some real challenges now about operationalising and embedding this and this is where the senior leadership team and Dr Peter Davis our deputy chief executive to take an active lead in supporting Richard and team in this endeavor because it's essential to the ongoing viability and success of his council. I'll pause if you have a comment to make but let's go to questions and comments please members. I thought you'd look across at me then. I agree with what you say it was a slog going through it. I'd admit that it was a real slog but it was all there and you know it was difficult to punch any holes in it really but yeah it was a very very comprehensive report so well done. Thank you Phil. Peter. Yeah thanks Sharon thanks Richard and Hannah for that work. Just really something that perhaps we as a committee could recommend to perhaps front of the scrutiny committees or cabinet member to pick up on from the report and that's on 2.3.2 reference there to the Gwent local resilience forum and in particular to the community risk register. That register is clearly written for the public to read you know good see from the language and so on but I suspect that the great majority of our residents are blissfully unaware of of that document although no doubt it's hidden away well not hidden away it's it's secure somewhere on our on our website. I just wonder if we could recommend that some either one of the scrutiny committees or whoever have a look at whether we should be doing more to publicize that that register so that some residents they know what they can do to help themselves but they also know what we as a council can do to help them if if the risks become realities. Thank you. Thanks Peter. Richard able to give a response to that please. Yeah I think it's really important part of our arrangements and you know it's why we would innovate it in terms of you know we'll be looking at from an organisational perspective so relevant risks and one wish we came to council's delivery of its objectives we'll also feature on our street interest register as well I think in terms of you know clarifying the roles and responsibilities as I just mentioned is that emergency plan will be one of those areas linked arrangements that we've proposed and to bring back to you in in July you know clearly that register is an important part of it so in terms of you know any further action or oversight it might be you know helpful for the committee to receive that paper and then you determine any other further scrutiny or activities in result of that. Yep I've had some sensible way forward thank you Richard. Martin. Thank you Chair and I just reiterate your comments I think it's a terrific piece of work really comprehensive. This I presumably going to be some training alongside this again to make sure that people understand what their roles and responsibilities are and that's particularly the introduction of director at risk register I think is a really excellent way of connecting it feels like a big gap from 50 to 1 and hopefully that means that director at senior leadership teams can have the regular discussions with us. I presume somebody is the risk management champion over to I don't know if it's you Richard but somebody in the organisation is that's that role and so somebody put some challenge into the process so when the director of risk register is to exist and things bubble up to the corporate risk register that somebody says why that and what's happening here you know we just check it and being you know putting a level of challenge into the risk register I think that that would be important. There's a really interesting comment about risk tolerance in here which I always describe as the number of plates you spin at once and that's really interesting as well because you're going to have individual risks and they can add up into something considerably bigger so I'm pleased you've tried to articulate that. There's a section of risk appetite and I hear Hannah what you say about a range but I think that there are risk appetite statements are guidelines and then maybe exceptional circumstance where you go outside even even a range but if something happens that so the upside is so big that you might want to take that risk and I think it's worth saying it's okay to go outside these as long as it's well you know the management magic phrase and if all your whales are here they now they'd still say this well managed risk taking is what they're after so if you've considered all the episodes and all the downsides and you made a decision and it goes on they won't kick you with well that's what they say in theory I will hopefully we won't get that point. Finally on horizon scanning I think that's it's also great that you've mentioned that I just wonder there's a lot of discussion in the paper about world and UK events that might sort of come our way there's also local things which you might think about so I wonder how you incorporate some more local horizon scanning whether there's going to be a risk management group of sort of willing people who are going to have that sort of a little bit of blue sky thinking every now and again that might be really helpful and if you really want to give your risk register the next level you can actually have the horizon scanning built into your risk register in terms of how far away is the risk and I've seen some risk register as well as you've read up the green for the scale and the risk there's also a proximity alert which is which in some place they've used blue as the sky is blue it's a long way away or grey the clouds are coming and black it's raining and it's here and I think that's kind of helpful as well in terms of understanding how far some of these things are because if it's a legislation maybe a couple of years down the road but we know it's coming versus a Q&A now kind of risk thank you Richard thank you thank Martin for the comments I think you know overall it raises a very important point you're a thank you committee chair and everyone for your feedback there's a team effort particularly involving Hannah but a wide range of colleagues so we'll take that back I think the important point you've you mentioned there Martin is about then embed in this I think you know Hannah Hannah may kick me into the table for this but this is almost the first part the big part then is actually operationalizing this and applying it and make sure people train and stand what it means applying it within the context is meant to be applied and applying it robustly as well I think that you know that is the next step for us you know in terms of our self-assessment report we bring to you as a committee we will be looking to know both test ourselves on that and give you assurance or or any areas where we think we're still to develop you know part of our process to bring this forward over so over the next six to 12 months in terms of embed in different parts of this policy once it's approved by by cabinet hopefully in in June and that allows time to make sure actually that those requirements are understood the processes and structures where they're not currently in place or they need to tweak are changed and that that understanding of the arrangements are really important I think you made a good point about you know risk appetite it is those guidelines it's partly why we went for a range is to provide that guidelines but I need to be applied appropriately and you know both in terms of well managed risk taking which is ultimately the heart of of what this paper is trying to try to get to we do you know as a team provide some challenge to any new risks and move forward but ultimately also then we've got those responsibility holders within the process set out in the policy to actually make those decisions as well to determine you know what's escalated into yes late off the studio risk register and I'm guided by guidance as well then yeah thanks for the helpful comments on sort of horizon scanning I think an area that you know so could be valuable in your forming you know just the next few months for the next few years in terms of our risk management and our policy development as well yeah and certainly looking local as well as you know regional and national trends will be important again something will be you know keen to engage a range with you know both both partners locally and regionally and nationally in terms of the evidence we can gather to inform that and again you know some of those challenges will be unique to mama show but some will be more localized in a different way or presenting themselves specifically in mama show we need to be aware of so yeah that's when we know a lot more to come great thank you Peter thank you Chair Tony just very briefly but first of all I probably don't want to take the plaudits as was maybe being suggested earlier to recognize I think what what's an excellent piece of work I think that's been I think that's with Mack Aitos and obviously Richard and Hannah but I think it's probably worth while we mentioning just echoing I guess Richard and Hannah brought this in front of strategic leadership team a few weeks ago I think the reaction and the response is very similar to your own chair and that of the committee I think this is an excellent piece of work it was unanimously supported I think it's the next stage of evolution I think in terms of our risk management arrangements I'm also particularly pleased in the way that the debate in the conversation took place SLT in the sense of really pushing back at immediate adoption and in fact that point of six to twelve twelve months leading because actually it's it's affording what is in fact the necessary time I think for us to be able to transition up into into those arrangements and make sure that they are using Richard's words properly and appropriately embedded I think the final point really is back to the action on the action log that I think Richard has talked well to and I think that there seems to be general comfort about bringing that report back in in July but clearly there'll be a piece there just in terms of being able to demonstrate back to the committee the arrangements I think rich probably take a second a second opportunity hand in hand with it to maybe take the policy now in its rewritten form and be able to actually apply that lens to it as well so it's maybe you know cutting our teeth you know with the new and updated policy on those identified corporate arrangements I think it's probably a really healthy thing to do up front okay thank you so let's look to conclude this matter if we turn our attention back to paragraph two recommendations it is a view of this committee that it recommends the policy for adoption by the council it is comfortable with these self-assessment results are set out within the body of his paper and it is comfortable with the proposed way to address the action tree and action list by by means of bringing forward a paper to his committee in July setting out relevant information so thank you one and all we will now move to the next item which is the internal audit plan at agenda item seven this paper being introduced by Jan Furtec our acting chief in ten Lordita Jan as per usual assume we've read the paper but draw out key points please thank you chair yes so this report aims to inform members of the governor's not a committee on the work to be undertaken by the intern lordit team at an operational level during the 24 25 financial year and I'm requesting that the committee review comment and approves this audit plan so the mission of intern lordit and the reason why we are here is to enhance and protect organizational value by providing risk based and objective assurance advice and insight we're an independent team we provide objective assurance and also consultant activities designed to add value and to improve the organization's operations we use a systematic approach to evaluate and improve the effectiveness of the risk management framework the control and governance processes within the council so the audit planning process takes into account all possible systems processes sections establishments that could be audited within mommasher this includes all services activities and functions which mommasher commissions and or delivers via a third party or via collaborative and partnership arrangements for the 24 25 audit plan the total number of available days amounted to 1300 that was based on five full-time equivalent auditors in the team for a full year we then take off an allowance for planned annual leave any sickness or estimated sickness training management time and admin time which is deducted and to give us our operational lordit days for the year so that calculation has left us with 813 operational days which we allocate across all service area director it's on a risk basis so the summary of that can be seen as appendix one in the report within this 813 days we also set aside 70 days for any special investigations where they could be allegations of fraud theft or bribery against employees of the organization and to also complete any reactive work as we need to if the intern lordit service was to complete a review of each of the service areas which would either due for audit or had not yet been audited and during that during the next financial year the resource required for the team would account would amount to around 2873 audit days therefore the audit plan has had to be risk assessed and prioritized to match the resource of the team chief officers and all heads of service were given the opportunity to contribute and to shape the audit plan the initial plan was provided to a meeting of the street leadership team along with chief officers in the departmental management teams to discuss and to refine a copy of the draft audit plan was also due to be presented to the meeting of the governance and audit committee on the 14th of march this year however as the meeting was cancelled a copy of the covering report and the audit plan was sent to all members via email as an opportunity to provide comment and to highlight any requests these have been taken account when devising the final version of the plan so there's a couple of key changes between the draft and the final audit plan these are highlighted within section 3.13 of the report and the majority of which were work in progress at the end of the flange leer which we didn't quite get over the line and to be issued as draft by the 31st of march it's important to highlight that this plan may change as the year progresses especially if the risk profile of our audit work changes it is intended that the audit plan remains fluid and will be dependent on any new priorities or risks emerge into the council so we can do reactive work as and when we need to this plan will therefore be reviewed quarterly by myself as the acting chief intern lordster and discuss regularly with the deputy chief executive and chief officer of resources and also the chair of the governance and audit committee as and why necessary if we do need to significantly change the audit plan that will be brought back to the committee for further approval consideration is given throughout the audit plan for the appropriate level of resources for intern lordit at mommasha came to council the current establishment of five members of staff remains just about adequate for the current level of assess risk although this will be considered as part of a later item on today's agenda it's worth noting that if there was any unplanned absences such as long-term sickness accomments prolonged investigations or prolonged reactive work undertaken this could significantly impact on the audit plan as cover is limited so the 24 25 audit plan is attached as appendix two to the report the audit jobs have been risk assessed and prioritized which matches to our available resource for the year we therefore have 47 audit opinion jobs and 25 non-opinion jobs incorporated into the plan and it is my opinion that this will be sufficient audit work and coverage to provide informed end-of-year audit opinion to committee this time next year so governance and audit committee are responsible as per the terms of reference of the committee to approve and monitor the intern lordit plan over the course of the year quarterly reports will be presented promptly by myself informing committee of the current progress against the approved plan the opinions issued issued an assembly of all unfavourable reports the committee's role is to hold officers to account and provide oversight of the audit process and the organizational system of internal control i therefore ask committee to approve the 24 25 audit plan and happy to answer any questions thank you Jan questions or comments please Martin thank you Jan it's very comprehensive as always one thing i don't get a flavour from from the the table of appendix two which lists the audits you have yes knows as the order to do and then you alongside the ones you have chosen there's a risk level of mediums and highs obviously no low level ones all the ones that are yes but you're not including i presume they are lower risk level and the ones you have included i presume that's right um is a good question um so in terms of the column with audit due so that's basically any area that either has not been audited or hasn't been audited within a five-year period we then risk assess each individual review to ensure that we concentrate on the jobs that need to be done within a year so um a good example could be second one on the list budgetary control capital that that would be a high risk review it is due there are a number of reasons why that has not been included within the audit plan for the current year um but it will be picked up most likely next year as part of the audit plan so there could be other ones like that it's all part of the risk assessment process thank you yeah and i figured there was more to it than meets the eye initially okay that that's helpful i'll come back to resources in a second but one thing you you you you you brought my attention to was powers 37 and 38 as you said they've got five whole-time equivalent stuff which adds up to 3,300 days and then you've said our allowance the lease signals training management admin is deducted and that brings us down to about 800 days so we lose 500 days or i don't know what's what the heck's that best part of it's over a third of our time it's a non-productive audit work and it'd be interesting how we talk about key performance indicators i thought that's not a particularly good place to be in i understand entirely staff we're entitled to leave and if staff are sick etc but that feels like a big big chunk of training management admin from our from our work i just i like to that the other question i was going to ask is around volume of work and the width versus depth and whether 72 jobs is too many jobs whether you can do more jobs or you do less jobs how long it takes but that's those kind of questions thanks John thank you Martin um yes in terms of your first point it does seem a lot of time um obviously annual leave is and bank holidays is statutory obligations we have to take that off and we have been quite frugal in terms of the calculation it all is all done scientifically in terms of um across the team to do this calculations we put in a nominal amount of sickness obviously we we don't know and hopefully none of my team will be sick over the next year um but we have to put in a nominal a figure on that obviously if there is um spare capacity during the year um sickness allocation has not been used up management time has not been used up admin time has not been used up um then members of the team can do potential and planned work and we add that back into the reactive time or we're a job has um overrun uh for whatever reasons it could be additional work required out on site then that can be used to offset some of that time as well in terms of your second question in terms of depth versus the number of audit jobs and that's part of our risk assessment um for each individual audit review so at the start of the year in that audit plan i put in a an estimate of time that we need available for each job so that's based on cumulative audit knowledge um that's not to say that a job might not overrun because i've put it down as 15 days and it might require 20 because of the level of depth that we need to go in to um during that review so each individual review is scoped we ensure that we cover all the high risk areas within that obviously if we had more time we could cover more areas and but we are trying to get as much audit worked and as much coverage across the council done with it with our resource thank you go to peter next please yeah thank you john um it's clear for me a report and and from your your answers that you've got a team who are dealing with a very heavy workload that you're only able to deal with with very careful planning um are you able to sort reassure us that your team are feeling positive about their work that they're not feeling overwhelmed by why that amount of work so that they're perhaps suffering from excessive levels of stress and anxiety because that in itself is is a risk um both from the point of view of our duty of care to our staff but also in terms of you know if we have those situations then people do start to go off sick and so on and then the NSA work doesn't get done things slip under the uh under the radar and and so on so i don't know if you could comment on the the general level of morale amongst your team yeah thank you for the question yeah so i'm not not going to lie audit work is is very challenging um the team are quite often put in quite uncomfortable situations especially when they go out on site um they have to ask a lot of questions that potentially sometimes are not welcome um and obviously deal and deal with that accordingly then especially if management disagree with the line of questioning or the recommendations which they then issue um so it is a difficult auditing is a difficult job um it's my role as um the manager of the team to ensure that the team uh um the team morale is is there that um members of staff feel supported when they when they do audit when they go out on site um i like to think that i support i support the team um and make sure that they they know they've got um got someone's got their back when they um when they go out and ask ask these questions um i'd like to say that the morale and the team is is quite good at the moment um and as we move on um i'm not not gonna say that let's say this it's a difficult job um and will the proof will be as staff remain happy staff remaining in work and issuing issuing audit reports yes just say thank you for that don't not make yourself a hostage support you now don't take take quick care and thanks for the clarity of answering and that little insight you you you've given us into the difficulties of of the nature of the job and uh certain circumstances i think many of us just don't appreciate unless we're reminded about it thank you yes that is the addition maybe um noting that there's an inherent tension between the order team the order term but generally orders are treated with respect for it Monmocha is that correct? yes that would be correct yeah great okay we'll go to Rod VNX Vince era Rod V please thanks thank you um just think in terms of forward planning uh yan at uh 4.7 it says about the global internal audit standards becoming mandatory in uh January um but that you um you're currently waiting for the guidance i was just wondered in terms of time skills in terms of you getting that guidance and what the likely impact would be in terms of your work schedule going forward okay thank you yeah so the latest that we've heard um should i believe as a starter last week was that there's still no decision that's been made on the if the public sector internal audit standards are going to be updated in light of the new global internal audit standards or whether the global internal audit standards will be implemented across the public sector in the UK the last i heard was that although the global standards are effective from the first of January it's likely that the public sector will have at least until the 31st of March and before they have to come on board with whatever standards are going to be put in place and whether but they're still considering whether the public sector standards themselves will be updated or we go on to the global standards so at the moment it's a wait and see um i don't think many heads of order quite happy with that we want to get going if we need to make changes we want to make them i know i've got a presentation down on the work program to give committee which we keep on pushing back there's no point in doing it until we know what we're what we're actually going to be playing with um so it is it is on our radar and we will look to implement as soon as we as soon as we know thank you Sarah please thanks chair a related question to peters i suspect and that chair knows that i've always said that strong audit is what and it enables an operational manager to sleep at night um i was concerned to see that in the in the audit plan a number of areas which had not been audited for some time or indeed in some cases ever um presumably because they were regarded as low risk but i'm just to what extent do you feel the team is is playing catch up on on previous years and things that have not been thoroughly audited previously i don't want to say that hasn't been thoroughly audited previously um it is just the volume of transactions the volume of areas that a council will and has to manage um we can't get across to everyone i mentioned that ideally we'd look at every area across a five-year period i think that is nayon impossible the the amount of actions that and the amount of teams across the council that would require some oversight and then this certain reviews that we want to do every year or every other year and some some of the fundamental financial systems like council tax um debt recovery we want to look at those more often than than other areas so unfortunately that means certain areas that are considered more lower risk would get pushed back and likewise the new duties that the council take on at the same time so some of the things that have never been audited it might because it's been a relatively new duty so we're waiting for a period of time for the service to embed themselves before we then come in and look at them so there's a number of reasons why an area might not have been audited um obviously we want to get across to everyone i'd love that column to say everyone's done within the five-year period in reality it's just not going to happen unless pete decides to give me an extra five or six months of staff but that's going to be for his decision yeah i think um i think yan's answered that well i mean i think the only supplementary add to it is um in probably describing the horrors of horizontals and the verticals of the organization so you know there's a nature of uh you know a variety of the uh audit work that's within uh the audit plan that i guess is cross-cutting um and you look to get those assurances around for example payroll um as has been you know a good example of um you know and that um allows us to to be able to get that sort of overarching sort of level of comfort um or at least where um inherently um you see those controls playing out through the organization um but by its very nature internal order is uh going back to i guess Richard's last item um you know it's an assessment of risk um on the basis of you know the best intelligence that you have at a moment in time and i guess even an internal audit plan and the one you see now um is iterative in that nature there may be risks that will materialize during the year and and it happens um you know what it work will switch out and in accordingly and that's the way it should operate um but yeah we um you know you're never going to get through a local authority uh a whole array of local authority services uh even in a five-year time frame um but we have we we do have wider business intelligence you know it's not it's not always an internal audit um that will give you a level of comfort uh with regards to robustness of arrangements within one service area to it to another um you know there's other lenses that are applied as well and again all of that feeds in to the construct of what you've got in front of you now thank you okay i'm not seeing any of the hands raised so we look to conclude by saying thank you for the paper very helpful and this committee approves the order planner set out we want to item eight item eight is the external QA of internal audit uh so back to you yarn please thank you chair yes the purpose of this report is to inform the committee of the external quality assessment EQA of the internal audit team which has been recently undertaken to ensure compliance to the public sector internal audit standards the public sector standards require internal audit teams to undergo an external quality assessment once every five years and they should be undertaken by a qualified independent reviewer from outside of the organization it was agreed by section 151 officers and the whilst chief auditors group that each local authority would complete an internal self-assessment which would be validated by an external reviewer from an independent council this approach was used for the last EQA which was completed um in may 2018 and has continued to be the approach undertaken across the public sector over the past couple of years it's important to note that the external assessment should have been completed by May 23 on basis of the five-year period from May 18 however due to the resignation of the previous chief intern-lord in April 23 and myself coming into post later that month it was agreed that this EQA would be delayed until quarter four of the 23 24 financial year to allow for an honest evaluation and validation process to take place so Monmasher's peer review was undertaken during quarter four and this was done by the acting into lord and manager who has the head of into lord at responsibilities at kafilly county borough council they are provided with all the self-assessment information associated documents and evidence as they saw fit um to request the results of the peer review assessment and the validation process can be seen as appendix one which is the final assessment report in summary the review confirmed that the Monmasher intern lord team generally conforms with the public sector intern lord standards and the areas of non-conformance would not considered to be significant there was one area of non or partial conformance and three actions required to strengthen the existing areas the area of non or partial conformance was that the EQA was delayed past its May 23 due date this was deemed minor by the assessor and not material to the overall assessment so the required action is to obviously complete the external assessment and ensure that this report is presented to the committee there are three areas for consideration which would help the team strengthen the team's conformance so it's amending the core principles of internal audit practice based on the new global standards which will be done as part of a review of the internal audit charter once we know these including a direct link and a direct reference for the local code of corporate governance within the audit charter so again that'll be completed when we review our audit charter later this year and to implement a standardized CPD recording process across the team which has already been implemented so we had implement we had identified these as areas for improvement within our self assessment and that was confirmed by the head of audit at kafili so that's our external report can be seen as appendix one and happy to answer any questions thank you Martin not an odd question but it's not observation I think it's a terrific outcome for you and the team Jan and I think generally conforms is such a a sentence which doesn't convey how good a report it is because there is no higher level than generally conforms it absolutely conforms is what it should say and I'm really pleased so congratulations you and your team yeah thank you and with clearly I would echo those remarks so it's a well done please pass on our gratitude and thanks to your team as well are there any more questions or comments no okay in that case we conclude by noting the various satisfactory reports many thanks okay item nine the implementation of internal audit of three recommendations back to you Jan please thank you chair yeah so my final report is the monitoring of implementation of recommendations issued during the 22-23 financial year so the purpose of this report is to show committee provide committee with an update on the progress the operational managers of it have made implementing these recommendations and to also confirm that this report has been presented previously to the council strategic leadership team so again a requirement to the public sector interlord standards is that we monitor and ensure that management actions or recommendations have been effectively implemented or that senior management have accepted any risks of not taking appropriate action so we conducted our follow-up work in January 24 we excluded one report which was issued with a limited audit opinion which was our lady in st michael's primary school due to the unfavorable opinion the school was subject to a formal follow-up audit visit which took place during march 24 so the results from the follow-up audit will be reported to the school chief order to answer the governance and order committee in due course during the next meeting but i can say that it was a more favorable opinion our approach to completing the follow-up work was based on the fact that all recommendations and action plans are for managers to implement within their agreed time scales so the most effective use of our resource was to contact managers to complete a self-assessment they provided the details as to the progress made and we reviewed the responses to ensure that senior management have taken the necessary action so overall during the 22 23 financial year we issued 82 recommendations and table one within the report provides a summary of the findings it's pleasing to note that overall 84 percent of recommendations had either been fully fully or partially implemented where they've been partially implemented um the details of the actions taken to date along with the revised implementation dates were provided by the manager and reviewed by the audit team and we were happy with the with those explanations there were eight recommendations which was stated as not yet being implemented the reasons for their delay was reviewed by the audit team and new target dates for implementation were confirmed were confirmed by managers as table two shows the majority of these were due to a timing issue we followed up in january of the eight five of them were due to be implemented by the 31st of march so that it was already entrained the actions were already being taken um the other actions which are delayed between june to december there are reasons why and were comfortable that those revised implementation dates are correct there was three recommendations where managers effectively decided to accept the risk associated with the original audit findings although it's disappointing to note that the recommendations will not be fully implemented we are of the opinion that the acceptance of these risks will not result in any undue risk being borne by the authority um this report as i mentioned has already been presented to a meeting of the council's strategic leadership team in february this year um chief officers are made aware of the recommendations outstanding within their portfolio and the chief executive has asked that all chief officers review the report and satisfy themselves that appropriate action is being taken by management especially where the risks have been accepted and that the chief officer was also comfortable to accept that risk in addition to management um so that's the report and happy to answer any questions okay thank you very much well i have any questions or comments for honest reports please okay no it looks like a clean bit of health clearly um if anything changes in terms of example the chief officers disagree with the view of their fairs um as direct reports please update us otherwise i think we can note those reports and be comforted by what's been set out there thank you once again we now move on to item 10 item 10 is the proposed future delivery model for internal audits and asked peter davis our chief deputy chief executive to introduce the paper over to you peter thank you chair um i think this has been a subject of ongoing reference for the benefit of the committee to understand how we're gonna look to consolidate and move forward with the internal audit service and given the former chief internal audit Andrew watson uh leaving probably about 12 months ago and committee will be aware that we were exploring conversations around a variety of potential collaborative endeavors and notwithstanding you know yan highlighted the interest earlier but yan has been working very closely with me and through variety of other conversations to look to develop a much more mature position and obviously a business case that looks to present a set of options and obviously a recommended option to move forward um undoubtedly i'm you know working on the basis that uh committee members have obviously read through the report and you'll see that uh the conclusion that is reached there um is for us to recommend that we remain actually in house but importantly to consolidate uh both the resources the skills and and the nature of the roles uh within the team um and that's uh as a consequence um and i think as the committee will will know um um i think uh it's been certainly a desire of mine and certainly the chairs as much as the committees to to make sure that uh you know we draw um swift conclusion uh in terms of the you know the way forward um the report i think has uh rep you know represented in in report form uh quite an awful lot of work that's gone through by way of discussions and and and looking through the detail and you understand i guess by the options assessed uh that those uh those aspects of uh looking at cost and independence and flexibility that each of those models obviously offers um some some of those options uh i think that we were exploring fell away quite quickly by way of the conversations that we sort of evolved um and um you know you even though that they uh stood on similar fair footing i guess in terms of their scoring um i think probably the most mature collaborative arrangement um and probably potential option for us in comparison to the in-house option was uh the regional intern lordit service that's uh currently in place um but we've you know engaged in a number of purposeful discussions with them uh around that and they've uh to their credit they've been very open in terms of sharing of detail and information booked in terms of structures and costs and the like um and for us to be able to assess and weigh and understand that uh against uh i guess the option that we're recommending to remain in-house um you'll see from the report that um uh in fact uh if we had been to entertain the regional intern lordit service that would have actually ended up costing us more um yes i understand uh there is invariably a point in terms of resilience which is what will come into play when whenever you look at any collaboration uh in all honesty um but i don't think that uh in fact outweighed uh i guess those other factors of cost uh and independence and flexibility is afforded by the in-house model i think it's important to note the experience that we've had um and mappy to put that on the record in terms of i think any you've seen it you know meeting on meeting in terms of you know what yan has uh look to achieve uh and to the i think the questions about the morale of the team uh earlier um i've uh um you know been very much uh in a place of having that straight talking discussion with the team and with yan um and i've welcomed the nature of them coming back to me uh quite early on in terms of informal feedback and that you know they're very very pleased um in terms of the trajectory they've taken and under um yan's uh leadership um but i don't i don't think i need to tell you that um i think you've seen that so um in the quality of the reports that are coming through um so naturally um and this is an important part i think of just you know i'm talking here publicly on live stream um you know i do want to thank um the regional internal audit service for the opportunity they've presented at this moment in time um and it's not to say that there is any door shut on any collaboration actually um you know you're going forward i think that would be sort of a naive statement to make i think uh yan as well as myself recognizes that the the world doesn't have a dynamic and changing place i think we all know that um but certainly i want to offer the team stability in order to consolidate off the back of what's been a really good first year under yan's leadership um but i've you know i've rightly had to uh demonstrate that through the um the business case and the report that's in front of you today um i think that the sensible decisions through both of us uh myself and yan and working with the team i think it's um it's been recognized the slight change of shape of the team's structure i think the need for a full-time equivalent chief intern in order to i think um is is is quite key um and i'm not gonna i don't think i'm gonna criticize the the previous arrangement where we shared one with new port um but i think by the the experience i think of or at least having the opportunity to be able to consolidate that more fully as as one full-time equivalent um i think given the environment that we're in nature of the debate today and in terms of you know um having somebody who's going to be able to offer that level of dedicated time in that senior role and that senior position and we've got to go through process uh in and around that um and that's the uh the interest you're showing um clearly at the outset of the meeting um but i think the fraud aspect is also very important as well in inherent within that um i think yan um and i think well i think we both knew and i think the committee knows that there's a need to um i'm not going to concern around our arrangements um i think i just want um an additional level of rigor in and around those arrangements and again given you know we talked about risk through this meeting you know and that's an area that all public bodies um you know are facing um into in terms of those inherent risks of of fraud as much as you have shan and kath uh come in to talk about cyber security you know there are areas that we have rightly invested in um in recent years to strengthen our capabilities and i think now is the right time to do the same uh in and around um our internal audit work so so yeah the report i think uh talks to itself um i'm really interested to just sort of get feedback from the committee um and to hopefully get the endorsement of the committee to sort of move in this direction and certainly for this uh this next period of time so thank you. Thanks very much peter we'll go to questions we'll start with tony please yes thank you chair um the two questions well i want to comment and to tell us a question 4.11 you've touched on the detachment of a shared service without your experience of the previous way we operated or was it a shared service or a shared person at that time the other question is um there's an indication that there's an increase in fraud um have you been able to identify where that fraud why has he increased where it's come from i noticed we've got detection regions to find it out but is this something pre-pandemic or post-pandemic just caused um a lot of work and things like that which might create fraud like i'm assuming it's fraud within the organization rather before the organization so in response to the first question um it was a shared post it wasn't it wasn't a collaboration in the fuller sense um even though i think you know a deepening of collaboration with newport um was one of the options that is obviously presented in the paper i think newport um and i think if um if mary and my my counterpart was here today i think he probably acknowledged one in the same they're in a they're in a different position to us as a result of um i think vacancies that they've suffered through a period of time they've looked to buy in from the market and i guess they're they were in a slightly different position in terms of understanding fundamentally what their next steps were i think in the way that we've been able to consolidate um you know over this last year we we we're in a different position really in in assessing our options um but um so yeah on that one and again to my only comment there's no criticism there in terms of what was there before um i think it's just the opportunity of time and for us to assess uh you know what what the most appropriate next step is um sorry remind me on the second question sorry fraud fraud yes regarding the preponderance or are you as a word preponderance it might be wrong of an increased level of fraud i find fraud prevention obviously is this something which has come from post-pandemic so i might be home working so yeah so i guess if we if we if we if we sit the pandemic very specifically when we talk about things like business grounds aside um then you know we've we've not we've not got a pattern uh of significant fraud um even even despite the fact that you know we've got good arrangements in place um the the increased incident of fraud is something that is being seen across public sector so um invariably we we would be complacent i think to just sit on our laurels of low levels of fraud and just be comfortable um with the arrangements that we have um so um you know it's the need now for us to establish now that um that more dedicated role and um you know that conceivably inform i guess me and yan and the committee and in terms of and in the similar way to what i just touched on and with cyber security um and how we've evolved that in recent years you know that will that will guide us again in terms of the next step of our journey any any other questions or comments Martin thank you thank you Peter i'm a little surprised i guess that it's cheaper to be in house than to join with other organizations and i think you inferred that that's because we pay less um pay less and the gradings in which they in which the way that they assimilate okay across uh because they they sit differently and in terms of with the regional internal audit service uh to us and um that leads to upward trajectory in terms of assimilation over okay so it's a combination of it's probably probably the latter more than the former i think isn't okay so i was thinking about the risk is clearly if there are other organizations which are paying more for services we won't have yan for long because he'll go and get more money somewhere else for example for example of course he wouldn't easy loves it here and the other thing about having a smaller team is the specialties and it doesn't it isn't directly addressed i don't think in the paper things like cyber and it's very specialist areas where we have that facility in household we have to go buy that in yeah i think um i think it's the extent that we need to determine as to whether that needs to be drawn in or it can be developed i guess inherently within the team um so also you know it's kind of a conversation to be worked through so for example if we take something like the shared resource service the SRS which you've you know had a level of exposure on in in the last cycle and i guess Torvine has got a level of experience in that and undertakes the internal audit work in that area so sometimes you know that answer is not not not not too far away in terms of being able to identify the means to achieve that thank you that i think i think that's helpful i'm i'm supportive of the paper i guess because it's a it's a reasons positioned to be in but it feels to be running against the way the world is moving in local governments where individual organizations can't afford the standard they've owned yet in this case we seem to be able to and the clearly works out to be the case i wonder whether there's a lot of coverage on committees and sharing across grant etc but that got hula quickly purely on in this isn't it yeah and i'll probably make note of because it's public our seat RCT stepped away from the regional internal audit service in recent months you know they all have done that for their own reasons and in in terms of i guess as i understand it a bit of a consolidation and focus in terms of their own their own internal governance because they felt that i think in the way that it's been described at least it's you know it's allowed them to come back to i guess that bit around flexibility and being able to you know be able to really clear in terms of where you direct your internal audit resource so it's just you know it's just worth to note that and then the other bit on collaboration is you know collaboration in all walks of life in public service needs to be very carefully thought through you do not just collaborate for the sake of collaboration it's got to be for the right reasons so yeah and any assessment it's got to be a thoughtful one okay um Phil please yeah i was pleased to see the enhanced structure particularly in the current climate um quite refreshing really to see a team enhanced rather than depleted so yeah i mean obviously you accept that if we lose somebody there's there's a problem within the team but that's life isn't it um but no i think it's i think it's the right proposal i was just going to touch Peter on on our CT because i understand their model was to move performance closer together with internal audit which i you know that seems a bit counterintuitive to me that you know internal audit you know can hold performance back and and then perhaps not not best place to be too close together so i'll see i mean three moments of experience of me that perhaps that's uh that's the answer for someone else but uh but it didn't seem sensible to me okay i'm not seeing any of our hands so a couple of comments and one question i think um thank you Peter for paper i'm grateful to officers for early sight of draft of this this paper and the opportunity to provide feedback um i think it's it's a very good well thought out paper and clearly they're supportive of the recommendation i think it was important for our people that is the staff and this committee that we give certainty in terms of what the target operating model was and come to a swift and very sensible conclusion so yet again thank you Peter for your hard work in pulling this together so i so clearly clearly the recommendations accepted my question is is around timetable and all next steps i think the paper will say onto that could you just give us some insight in terms of what the next steps are please yeah thank you chair just remind me it just allows me the opportunity to come back in because it was one important piece i forgot to mention which is that um as you naturally expect it part of a proper process there's been a level of staff consultation um you know this extended obviously beyond yan but with the rest of the team um really good feedback received um but you know again very supportive in terms of the direction of travel um but not in a way of it the the option that being chosen is of course the option of least change for such colleagues they have actually come back in with very constructive uh comment i guess and in terms of how this can actually look to um put uh the internal audit service on stronger footing going forward um so that's that that's just good to acknowledge um so we've so we've already been through that uh hurdle back to your point on timeline uh so that's cleared so on the basis of um an endorsement uh today uh by the governance and audit committee we will be almost immediately looking to uh to to make move therefore um i'm looking to try and streamline uh the process uh as uh as much as i'm able to but obviously in in office offering fair opportunity i guess for the for the roles that are obviously um brought forward as part of the process um so you know i wouldn't want to get oh touch wood uh i wouldn't want to get passed um and the summer really uh with us um not having this uh or implemented in through okay that sounds positive thank you very much so clearly you have a committee's endorsement and look forward to an update in terms of when it's actually been implemented thank you once again we'll now move on to item 12 item 12 is the reformatted uh committee forward work plan may i just pass my thanks to wendy and i think Cheryl for the work they've um they've been involved with in terms of developing it i was content of the content uh but were there any questions or comments members no we'll then move on to the minutes of a previous meeting yet again i've reviewed vv's and they have no particular comments or questions but may look to members for their views happy to approve okay we will we will we will approve those minutes thank you and the final um the big part i shouldn't just confirmed we've already addressed item 11 so so at the top end of this meeting the final then that is to confirm the date of next meeting hopefully this new diary is 6th of June and think that concludes this committee meeting so thank you one and all [BLANK_AUDIO]
Summary
The council meeting focused on enhancing internal audit functions and addressing fraud risks, with discussions on shared services and cybersecurity investments. The committee endorsed a proposal to consolidate internal audit roles to strengthen governance and fraud prevention measures.
Decision on Internal Audit Enhancement: The committee endorsed a proposal to create a full-time equivalent senior role in internal audit. Arguments for the decision highlighted the need for dedicated oversight given the increasing fraud risks across the public sector. The implications include potentially improved fraud detection and governance. The decision aims to consolidate internal audit capabilities, aligning with best practices observed in other public bodies.
Discussion on Shared Services: The discussion on shared services revolved around whether to continue with shared positions or to establish dedicated roles. The argument for dedicated roles pointed to the need for focused governance, especially in light of recent fraud risks and cybersecurity concerns. The decision to move towards dedicated roles suggests a strategic shift towards strengthening internal controls and audit capabilities within the council.
Cybersecurity Investments: The committee discussed recent investments in cybersecurity, acknowledging the importance of robust IT security measures. The discussion did not lead to a new decision but reinforced the council's commitment to maintaining strong cybersecurity defenses, especially as digital threats evolve.
Interesting Occurrence: An interesting aspect of the meeting was the proactive approach towards internal governance, contrasting with the trend of shared services in other local governments. This reflects a strategic decision to prioritize internal control and audit functions over cost-saving measures through shared services. The council meeting focused on reviewing and updating various policies and operational plans, including the strategic risk management policy and the internal audit plan. Discussions also covered the implementation of internal audit recommendations and the future delivery model for internal audit services.
Strategic Risk Management Policy Update:
- Decision: The committee approved the updated strategic risk management policy.
- Arguments: Enhancements were made to include horizon scanning and directorate risk registers to improve risk identification and management.
- Implications: This update aims to strengthen the council's proactive risk management capabilities, potentially leading to more effective mitigation strategies.
Internal Audit Plan for 2024/2025:
- Decision: The internal audit plan for the fiscal year 2024/2025 was approved.
- Arguments: The plan was designed to focus on high-risk areas while balancing the available auditing resources.
- Implications: Approval of the plan ensures that internal audit resources are aligned with the council's risk profile, aiming to maintain robust governance and oversight.
Implementation of Internal Audit Recommendations:
- Decision: The committee noted the progress report on the implementation of internal audit recommendations.
- Arguments: Most recommendations from the previous year were implemented, with some delays justified by ongoing actions.
- Implications: The council's acknowledgment of these updates reflects its commitment to continuous improvement and addressing identified weaknesses.
Future Delivery Model for Internal Audit:
- Decision: The committee endorsed the proposal to maintain the internal audit function in-house with an enhanced team structure.
- Arguments: Discussions highlighted the benefits of flexibility, cost-effectiveness, and maintaining independence compared to external options.
- Implications: This decision supports the stability and strengthening of the internal audit function, crucial for effective risk management and fraud prevention.
Interesting Note: The meeting displayed a proactive approach to governance, with significant emphasis on risk management and internal controls. The decision to enhance the internal audit function internally rather than through external collaboration was particularly notable, reflecting a strategic choice to build internal capacities. The council meeting focused on reviewing and updating various policies and operational strategies, including risk management and internal audit services. Key decisions were made regarding the risk management policy, the internal audit plan, and the future delivery model for internal audit services.
Risk Management Policy Update: The committee approved a revised risk management policy that introduced new elements like horizon scanning and directorate risk registers. The update aims to enhance the council's ability to proactively manage risks. The decision was supported by the need for a more robust framework in light of evolving organizational and external challenges. The implications include potentially improved governance and a more dynamic response to risks.
Internal Audit Plan Approval: The internal audit plan for the upcoming year was approved, detailing the audits to be conducted. The plan was designed to align with the council's risk profile and operational priorities. Some concerns were raised about the breadth of coverage versus depth of individual audits, reflecting the ongoing challenge of balancing comprehensive risk assessment with resource constraints. The approval ensures continued oversight of council operations and compliance, crucial for maintaining transparency and accountability.
Future Delivery Model for Internal Audit: The council decided to maintain the internal audit function in-house rather than outsourcing or collaborating regionally. Arguments for this decision centered on cost-effectiveness, maintaining independence, and flexibility in managing the audit function. This decision may lead to enhanced control over audit processes and potential cost savings, although it requires careful management to avoid overstretching the internal team.
Interesting Note: The meeting highlighted a proactive approach to governance, with significant emphasis on refining risk management and audit processes to better meet future challenges. The decision to keep the internal audit in-house, contrary to broader public sector trends towards collaboration, was particularly notable. The council meeting focused on reviewing and updating various policies and operational strategies, including risk management and internal audit functions. Key decisions were made regarding the risk management policy, internal audit plan, and the future delivery model for internal audit services.
Risk Management Policy Update: The committee approved a revised risk management policy that introduced new elements like horizon scanning and directorate risk registers. The update aims to enhance the council's ability to proactively manage risks. The decision underscores the council's commitment to strengthening its governance frameworks, potentially leading to more effective risk mitigation.
Internal Audit Plan Approval: The internal audit plan for the upcoming year was approved, detailing the audits to be conducted. The plan was designed to align with the council's risk profile and operational priorities. This decision ensures continued oversight and assessment of the council's operations, crucial for maintaining transparency and accountability.
Future Delivery Model for Internal Audit: The council decided to maintain the internal audit function in-house rather than outsourcing or collaborating regionally. This decision was influenced by considerations of cost, independence, and flexibility. Maintaining the service in-house is expected to provide stability and control over audit processes, which is seen as beneficial in the current governance climate.
Interesting Note: The meeting highlighted the council's proactive approach to governance, particularly through the detailed discussion on risk management enhancements and the strategic decision to keep internal audit functions in-house for greater control and efficiency. The council meeting focused on reviewing and updating various policies and operational strategies, including risk management and internal audit functions. Key decisions were made regarding the risk management policy, the internal audit plan, and the future delivery model for internal audit services.
Risk Management Policy Update: The committee approved a revised risk management policy that introduced new elements like horizon scanning and directorate risk registers. The update aims to enhance the council's ability to proactively manage risks. The decision was supported by the need for a more robust framework in light of evolving organizational and external risks.
Internal Audit Plan Approval: The internal audit plan for the upcoming year was approved, detailing specific audits to be conducted. The plan was designed to align with organizational risks and resource availability. The approval was based on the necessity to maintain strong governance and oversight mechanisms, ensuring that the council's operations are scrutinized effectively.
Future Delivery Model for Internal Audit: The council decided to maintain the internal audit function in-house rather than outsourcing or collaborating regionally. This decision was influenced by cost considerations and the desire for greater control and flexibility. The implications include ensuring stability within the team and potentially enhancing the focus on areas like fraud prevention.
The meeting was marked by a thorough examination of each agenda item, with detailed discussions ensuring that all decisions were well-informed. The emphasis on strengthening internal controls and risk management processes was evident, reflecting the council's proactive approach to governance. The council meeting focused on reviewing and updating various policies and operational strategies, including risk management and internal audit functions. Key decisions were made regarding the internal audit delivery model, the risk management policy, and the internal audit plan for the upcoming year.
Internal Audit Delivery Model: The council decided to maintain the internal audit function in-house rather than outsourcing or collaborating regionally. Arguments for this decision centered on cost-effectiveness and maintaining control and flexibility. The implications include ensuring stability and potentially enhancing fraud prevention measures within the internal audit team.
Risk Management Policy: The council approved a revised risk management policy that introduced new elements like horizon scanning and directorate risk registers. The discussion highlighted the need for a more proactive approach in identifying and managing risks. The updated policy aims to strengthen the council's ability to foresee and mitigate potential risks, enhancing overall governance.
Internal Audit Plan: Approval was given for the internal audit plan for the next fiscal year, which outlined specific areas of focus based on risk assessments. The plan was designed to ensure adequate coverage of critical areas while allowing flexibility to address emerging issues. This decision ensures that the council's internal audit function remains responsive and effective.
Interesting Note: The meeting underscored a strong commitment to maintaining robust internal controls and governance frameworks, reflecting a proactive stance towards organizational risk and compliance. The council meeting focused on reviewing and updating various policies and operational strategies, including risk management and internal audit functions. Key decisions were made regarding the internal audit delivery model, the risk management policy, and the internal audit plan for the upcoming year.
Internal Audit Delivery Model: The council decided to maintain the internal audit function in-house rather than outsourcing or collaborating regionally. Arguments for this decision centered on cost-effectiveness and maintaining independence and flexibility. The implications include enhanced control over internal audit processes and potential improvements in fraud detection and prevention.
Risk Management Policy: The council approved a revised risk management policy that introduced new elements like horizon scanning and directorate risk registers. The discussion highlighted the need for a more comprehensive approach to identifying and managing risks, with the policy aiming to improve the organization's ability to respond to both current and future risks. This decision is expected to strengthen the council's overall risk management framework.
Internal Audit Plan: Approval was given for the internal audit plan for the next fiscal year, which outlined specific areas and functions to be audited. The plan was designed based on risk assessments and available resources. The decision ensures continued oversight and evaluation of the council's operations, aiming to enhance transparency and accountability.
Interesting Note: The meeting also addressed the delay in an external quality assessment of the internal audit, which was noted but not considered a significant issue due to its minor impact on the overall assessment. This reflects an understanding and flexible approach to procedural delays. The council meeting focused on reviewing and updating various policies and operational strategies, including risk management and internal audit services. Key decisions were made regarding the risk management policy, internal audit plan, and the future delivery model for internal audit services.
Risk Management Policy Update: The committee approved a revised risk management policy that introduced new elements like horizon scanning and directorate risk registers. The update aims to enhance the council's ability to proactively manage risks. The decision was supported by the need for a more robust framework in light of evolving organizational and external risks. This policy revision is expected to improve the council's responsiveness to potential threats and align risk management processes more closely with strategic objectives.
Internal Audit Plan for 2024/2025: The committee approved the internal audit plan, which outlined the audits to be conducted over the next fiscal year. The plan was designed to focus on high-risk areas while balancing the team's capacity. Discussions highlighted the challenges of covering all necessary areas within resource constraints. The approval of this plan ensures that the council maintains rigorous oversight of its operations and financial practices, aiming to enhance transparency and accountability.
Future Delivery Model for Internal Audit: After reviewing several options, the committee endorsed the continuation of the internal audit function in-house rather than outsourcing or collaborating regionally. Arguments for maintaining the in-house model included cost-effectiveness and greater control over audit priorities. This decision supports the stability and independence of the internal audit function, crucial for unbiased assessment of council operations.
Interesting Note: The meeting revealed a strong commitment to enhancing governance frameworks, evident in the detailed discussions and the strategic decisions made to bolster risk management and audit functions. The council meeting focused on reviewing and updating various policies and operational strategies, including risk management and internal audit functions. Key discussions revolved around the public open forum, finance team capacity, Audit Wales work program, and the strategic risk management policy. Decisions were made to enhance operational frameworks and ensure compliance with new standards.
Finance Team Capacity: The long-outstanding issue regarding the finance team's capacity was addressed. John Davis confirmed the nearing completion of the operational paper, which outlines necessary changes in the finance structure. The chair emphasized the urgency of receiving this paper by the end of the month, highlighting its importance in maintaining financial oversight and ensuring resource adequacy.
Audit Wales Work Program: Hannah Carter presented a progress update on implementing Audit Wales's recommendations. The council is adjusting its management response template to include responsibility holders and timelines, enhancing accountability and alignment with Audit Wales's requirements. This decision aims to improve the council's responsiveness to audit findings and its overall governance and risk management framework.
Strategic Risk Management Policy: Richard Jones and Hannah Carter proposed revisions to the Strategic Risk Management Policy, introducing a risk appetite statement and directorate risk registers. The committee recommended adopting the revised policy, aiming to strengthen the council's risk identification, assessment, and mitigation processes. This decision is crucial for enhancing the council's ability to proactively manage and respond to potential risks.
Internal Audit Plan: Jan Furtek presented the internal audit plan for the upcoming year, which was approved by the committee. The plan prioritizes audits based on risk assessments and includes provisions for unforeseen investigations. This decision ensures that the council's internal audit function is well-prepared to address both planned and unexpected issues, thereby supporting robust governance.
Surprisingly, the meeting had a smooth flow with minimal opposition or controversy, indicating strong alignment among the members on the discussed issues. This cohesion is essential for the effective governance and operational efficiency of the council. The council meeting focused on reviewing and updating various policies and operational strategies, including risk management and internal audit functions. Key decisions were made regarding the internal audit delivery model, the risk management policy, and the internal audit plan for the upcoming year.
Internal Audit Delivery Model: The council decided to maintain the internal audit function in-house rather than outsourcing or collaborating regionally. Arguments for staying in-house included cost-effectiveness and maintaining independence and flexibility. The decision implies a commitment to enhancing the internal audit structure, including appointing a full-time chief auditor and adding a fraud specialist role.
Risk Management Policy: The council approved a revised risk management policy that introduces new elements like horizon scanning and directorate risk registers. The discussion highlighted the need for a more proactive approach in identifying and managing risks. The updated policy aims to strengthen the council's ability to foresee and mitigate potential risks, enhancing overall governance and strategic decision-making.
Internal Audit Plan: Approval was given for the internal audit plan for the next fiscal year, which outlines the areas and functions to be audited. The plan was designed based on risk assessments and available resources. The decision ensures continued oversight and evaluation of council operations, emphasizing accountability and efficiency.
Interesting Note: The meeting revealed a strong emphasis on maintaining control and oversight internally, reflecting a cautious approach to external collaborations in critical functions like auditing. This could indicate a strategic focus on strengthening internal capabilities and governance frameworks. The council meeting focused on reviewing and updating various policies and operational strategies, including risk management and internal audit functions. Key decisions were made regarding the internal audit delivery model, the risk management policy, and the internal audit plan for the upcoming year.
Internal Audit Delivery Model: The council decided to maintain the internal audit function in-house rather than outsourcing or collaborating regionally. Arguments for this decision highlighted cost-effectiveness and maintaining independence and flexibility. The implications include enhanced control over audit processes and potential improvements in fraud detection capabilities.
Risk Management Policy: The council approved a revised risk management policy that introduces new elements like horizon scanning and directorate risk registers. The decision aims to strengthen the council's ability to foresee and manage potential risks more effectively. This policy revision is expected to provide a more robust framework for risk assessment and mitigation across various council operations.
Internal Audit Plan: Approval was given for the internal audit plan for the next fiscal year, which includes a range of operational audits. The plan was designed to align with the council's risk priorities and available auditing resources. The decision ensures continued oversight of council operations and compliance with regulatory standards.
Interestingly, the meeting also highlighted the council's proactive approach to managing internal challenges and adapting to new standards, reflecting a commitment to transparency and efficiency in governance.
Attendees
Documents
- Agenda frontsheet 29th-Apr-2024 14.00 Governance and Audit Committee agenda
- Action List 22nd February 2024
- Audit Wales Work Programme Progress Report_April 2024
- GA_risk report_April v2
- Appendix 1.1 - Strategic Risk Management Policy
- Appendix 1.2 - Risk Appetite Statement
- Appendix 1.3 - Risk Guidance
- GAC April 24 - Final Internal Audit Plan 24-25 v3
- GAC April 24 - Internal Audit EQA March 2024 v1
- GAC April 24 - Follow-ups
- 20240429 GAC - Internal Audit Future Delivery Models v4
- Audit Wales_ Monmouthshire CC Performance Information Theme_final
- Organisational Response Form - MCC performance_1.0
- Minutes Public Pack 22022024 Governance and Audit Committee
- Printed minutes 29th-Apr-2024 14.00 Governance and Audit Committee
- Supplementary Agenda Governance and Audit Committee 29th-Apr-2024 14.00 Governance and Audit Comm agenda
- work programme
- Public reports pack 29th-Apr-2024 14.00 Governance and Audit Committee reports pack