Transcript

[BLANKAUDIO] [BLANKAUDIO] [BLANKAUDIO] [BLANKAUDIO] [BLANKAUDIO] [BLANKAUDIO]

Good evening, everybody, and welcome to the Welling Hatfield Borough Council's Audit Committee. Those present at this meeting should be aware that by law it can be recorded by anyone attending this meeting. Therefore, the meeting can be filmed, audio recorded, photographed, or reported electronically by the use of social media. Anyone recording must cease as soon as the meeting is declared closed. To confirm, this council meeting is now being live streamed, and therefore anyone present should be aware that they are being recorded and broadcast live via the Internet. For this meeting, should a vote be required, we will do so by the show of raising of hands. Agenda item one, apologies and substitutions, there is none. Agenda item two, minutes, can I ask members to confirm the minutes of the meeting held on the 18th of March 2024 as a correct record, please, show of hands. Okay, agreed. Agenda item three. Can I invite members to raise any urgent business to be considered under agenda item 13? Anything? None. Agenda item four, declarations of interest by members, are there any declarations of interest in relation to items on the agenda? Anyone? Okay, we will now move on to agenda item five, external audit 2021-22, auditor's annual report, pages 3-28. I will now hand over to Andrew from Ernst & Young. So for context for members, I'll take the report as read, but the auditor's annual report is a summary report of the results of the audit, to which we brought the results report to the last committee. The auditor's annual report then, in addition to summarising the outcome of the financial statement audit, also includes the value for money commentary, which is the expansion of the work that we did on looking at the value for money arrangements. As a reminder for members, this is not a conclusion on whether the council delivers value for money, it's on whether there are arrangements in place in order to achieve that objective. And we look at under three different criteria, financial sustainability, governance and decision making, and in the auditor's annual report we explain in more detail the work that we've done and the conclusions that we've drawn, which, as you'll be aware from our last report, the March committee, we concluded there was an unqualified conclusion for value for money in addition to the unqualified audit opinion on the 21-22 financial statements. So I will pause there, chair, and I'm happy to take any questions on the report. Thank you, Andrew. I will ask members, are there any questions for Andrew? Ross? It's not so much on the value for money, just to clarify something, I think we may have discussed it at the previous meeting, Andrew. It was just on its page number nine. I just wanted to clarify something, on the 931K in the paragraph, it's on the audit of financial statements in the third paragraph there, that the pension liability increased by 931K. Would that then be shown in the following year, that liability, because the 931K, would that then be shown in the 2023 budget, that 931, because it was identified from there, and then therefore accounted for in the balanced budget of 2023? Is my understanding correct on that or incorrect? Okay, so I think it's probably -- I'll take part of that, and then either Richard or Helen can take the other part. So there was an adjustment made because after the year-end, the actuaries updated their triennial, so every three years they revalue the pension scheme. They came up with a renewed value for the liability, and because of the size of it and the valuation date for the triennial valuation is the 31st of March '22, that adjustment was posted through the financial statements for 21/22. In terms of what the pension liability means and how that is funded going forward, I suggest one of the officers picks that one up. Yeah, I can take that one. So when the triennial revaluation was done, that informs our budget for the next three years, so that's done. We agreed pension contribution rates, both past pension contribution rates and current for employees, and that's built into the budget and the MTFS, so the budget is based on the latest valuation. Any other questions? Okay, can I ask members to note the 21/22 auditor's annual report, please? Noted? Okay. Thank you. Agenda item 6, shared internal audit service, SIAS, progress report, pages 29 to 42. I'll hand over to Katie. Thank you. Thank you, Chair. This report details the progress made by the shared internal audit service in delivering the Council's annual internal audit plan for 24/25, as at the 3rd of June. In-year plan review and proposed plan amendments, the implementation status of previously agreed audit recommendations, and an update on performance indicators. In summary, on page 31, paragraph 2.2, the table details all finalised audits since the last committee in March. A total of eight completed projects are reported, all relating to audits in the 23/24 audit plan, and all audits from last year have now been issued as final reports. On page 32, paragraph 2.3, we note that there are no new high priority recommendations raised as a result of the work completed and reported in the table at paragraph 2.2, and there are currently no outstanding high priority recommendations from previous reports. Paragraph 2.5 highlights that there were three medium priority recommendations due for follow-up during this cycle, one of which has been implemented, and update has been provided in respect to the outstanding medium recommendations in Appendix C, and apologies, that's a correction to the published report, which is at Appendix D. Paragraph 2.6 outlines plan amendments proposed within this reporting period. One amendment has been agreed with management, this relating to the 23/24 building maintenance compliance audit, which was cancelled after year-end, as management confirmed that alternative assurances available to provide evidence that the key risks that gave rise to the audit have been appropriately managed. On page 33, paragraph 2.8 provides an update of performance indicators as at the third of June, billable days were 13%, projects to draft were 4%, and two out of eight client satisfaction questionnaires have been returned, all at a satisfactory level. On page 35, Appendix A provides a detailed summary of all audits and their current delivery status, and on page 38, Appendix B details all audits and their start dates and status across the year. That concludes the update. I'll hand back to the chair for questions. Thank you. Thank you, Katie. Any questions from members? Victoria? Thanks, Jo. A couple, if I may. On page 32, paragraph 2.6, the cancellation of the audit said that alternative assurances available and based on the evidence, can you talk us through what evidence that was in brief, and whether you've kind of reviewed the evidence to satisfy yourselves that that has been the case? No, I can't. We've requested the evidence. I haven't seen it to date, but we are going to review it. We're not just going to leave it. And so the decision was made to cancel it even before the evidence was reviewed. Would you, if the evidence isn't sufficient, would you reopen that? I just find it interesting that it was already cancelled before any evidence had been looked at. Yes, yeah. So this was originally put on the plan to ensure almost a preparedness for the Safety Act and the need to register buildings over 18 metres got to the point in the year where actually we'd already registered the building. We'd already met what was required for that particular building. We've only got one building. So that was the reason it was cancelled. It's just a case of that information needs to be provided to Katie so she can say we didn't do what we needed to do. Okay, thanks. That's great. Okay, that answers that one. And then when I was looking through the risk management report that's been issued, it was noted in there that key risk indicators were available for a number of the risks. But I think we've discussed a couple of times that the audit committee that we aren't using key risk indicators, so I was just quite surprised to read that that was the case because certainly the committee has not seen any of those. So it might be one we need to kind of take away and answer, but I was just really surprised to read that. Sorry, could you which? Yeah, so the risk management audit that was conducted in that audit report, as part of the findings, it was noted that there was evidence of key risk indicators being used across a couple of the different risk areas, but I think we've discussed in the committee and with management a couple of times that key risk indicators haven't been established, so I was just quite surprised to read it. So perhaps we could get some kind of more information, and then as part of kind of the ongoing risk management development, it would obviously I think be good for the committee to kind of see which risk indicators are being used against the strategic risks and any of those high operational ones that come to the committee. Yeah, agreed. Yeah, and yes, the scope of the audit was focused around the setting up and, you know, the initial stages more than the actual output, but it was a continuous thing that we'll be discussing. Yeah, yeah, it was just surprising to see it written there considering we haven't had the visibility of them. Okay, thank you. Claire, could you note that, please? I like that. Thank you. Any other questions? Ross? It was just a general one, really, maybe to help new members on the panel, or maybe to pretend it's to help new members, but actually really to help me. When you look at the table in Appendix A, there's such a broad range of things that are being audited, you know, from brand new things like the community infrastructure level to agency staffing, so it's every area of the council. So within that, what sort of things are being audited? You know, when we think of audit, we just think of numbers, but, you know, what is the scope of an audit within this scenario? I know that's probably a too broad a question to ask, but could you give us an example? I could certainly try. So, yes, in term audit, don't focus so much on the numbers. So we would -- we undertake a risk-based approach to our planning, so discussion with senior officers, looking at risk registers to find the areas that we should focus on for the year. And then once we've agreed those individual engagements, we would meet and discuss that specific topic with those operational managers and then form the scope, but it's normally based around the risks to their departments, to their processes, and checking that controls are in place to mitigate those. That's where our focus is normally on. So, you know, does that help? Yeah, it does. With something like the new community infrastructure level, you might talk to the head of service for planning or something and work out what the risks are within implementing that, as opposed to the S106 or something like that, and then work out that, and that's the scope of the audit that you do. Yeah, I mean, it's not a -- I've oversimplified, obviously, yeah. Yeah, it's not as straightforward as we have like a set, but we would be establishing whether the controls are operating as they should be to safeguard any risks to the organization. Thank you. Okay, if there's no other questions, I'll ask the members to note the following. A, the internal audit process report for the period to 3 June 2024. B, the amendment to 24/25 annual audit plan. And C, the implementation status of internal audit recommendations and the management update. Can I ask members to note that, please? Russ. Yeah, yeah, okay. Well, good. Excellent. And Claire, could you note what was Victoria brought up, please? Thank you. Agenda item 7, shared internal audit service, SIAS annual assurance statement and internal audit annual report, pages 43 to 70, and I'll hand back to Katie again. Thank you, Chair. This report details the overall opinion on the adequacy and effectiveness of the Council's framework of governance, risk management and control for the year 23/24. It summarizes the internal audit work undertaken to form this opinion. It also provides the outcomes of a self-assessment of how SIAS meet the public sector internal audit standards, incorporating the quality assurance program within the standards. Provides an overview of our performance against performance indicators and presents the 24/25 audit charter for approval. In summary, on page 48, paragraph 214, the overall opinion provided is substantial assurance for financial systems and reasonable assurance for non-financial systems. This indicating that there is a generally sound system of governance, risk management and control in place. On page 47, paragraph 2.13, we highlight that there were no matters that threatened our independence during 23/24 or any inappropriate scope or resource limitations during the year. As with standard practice, we will ask the section 151 officer to provide confirmation they concur of this view. I do. Thank you. On page 49, paragraph 3.2, we provide a summary of all of the outcomes of work performed during the year, this supporting the overall opinion given. On page 50, paragraph 4.1, we provide a summary of our performance against performance indicators for 23/24. Plan days were 95% delivered against the target of 95%. Plan projects were 96% delivered against the target of 95%. And for customer satisfaction surveys, 100% of questionnaires were returned at a satisfactory level. And there was a 76% return rate with 16 questionnaires returned from 21 issued. On page 53, appendix A, we detail the outcomes from individual audits. On page 57, appendix B details the definitions of assurance and priority levels. Appendix C outlines our position against the public sector internal audit standard self-assessment. As per previous years, there are two areas of intentional nonconformance identified. These relating to appointments of the chief audit executive and their performance appraisals. And appendix D provides the audit charter. The charter sets out the authority and arrangements for internal audit as well as our approach to delivering the service. And there are no significant changes to the charter that was presented and approved in 23/24. And that concludes the update. I'll hand back to the chair again for questions. Thank you. Thank you, Katie. Our last members, if they have any questions. Jonathan. Yeah, one from me. So page 53, for private social housing, damper mould, we've got a large -- relatively large number of medium recommendations at eight. But only a limited level of assurance. Are you able just to talk to -- particularly why that's only a limited level of assurance? Yes. Well, it's an opinion firstly, so it isn't -- there's no set in stone criteria around it. I think, yes, there were eight medium priority recommendations. However, there weren't any high priority recommendations. So it was more based around the volume of things that do need to be improved but weren't significant enough to put an immediate risk to the authority. Just to check, just a cross reference, do you have an audit of damper mould for this year's work plan? Yes, we have a follow-up that's going to take place in quarter two. Perfect. Thank you. Yes, on page 55, it says level of assurance unqualified for food waste collection grant certification. I wonder if you could explain what that means. Yeah, certainly. It was because it was a grant certification, so it wasn't the standard assurance piece. It was us doing some work to certify a grant that needs signing off and sending back. So it falls under a different -- sorry, it falls under a different category. So for sort of certification reviews, we wouldn't give it an assurance opinion because we're not providing assurance. But we gave it unqualified, and that means that there were no material matters identified, so it was okay. It was just a bit of work sort of thing. Yeah, we were required to sign it alongside the chief executive, and we do obviously look at it, but we don't provide an assurance opinion. Sorry, if that helps. Thanks. Just a really quick one. On page 51, you talk about kind of training and development of the individuals, and there's three trainee auditors, two going through their apprenticeships and things like that, which is really great. I just wondered -- I don't know how many kind of resources across CISC get kind of reported into this area, like how many employees are there and therefore how many kind of trainees are there. I just wanted to understand like the experience and seniority kind of base relative to the number being kind of trained. Yeah, so we have three trainee auditors across the partnership, so they would be delivering to the county council and all the boroughs and districts that we -- to give some context off the top of my head, I can double check and give you the figures properly, but I believe we've got five auditors, two senior auditors, an assistant client manager, and then currently four client managers. Okay. And then a head of assurance services that we sit under, hosted by the county council. Okay, so yeah, the balance is in favour of the more experienced, what it is, rather than that. Yes. Okay, that's great. Thanks. Any more questions? Okay. Can I ask the members to note the following? A, the annual assurance statement and internal audit annual report. B, the results of the self-assessment required by the public sector, internal audit standards, and the quality assurance and improvement program. C, to approve the SIAS audit charter 2425. Can I ask members to note that, please? Noted. Yep. Okay. Agenda item 8, shared anti-fraud service, anti-fraud report, pages 71 to 86, and I will now hand over to Nick. Good evening, Chair. Yes, this is the annual report, anti-fraud report for the authority for 2324, and it provides details of the work undertaken by the council and the shared anti-fraud service during 2324. And it's important to remember that this report includes a detailed account, and it's quite lengthy, I apologise for that, and several more apologies coming in a moment. A detailed account of all the anti-fraud activity during that year, and it's important to note that the council and the SAFs work in close partnership, and much of the work reported was undertaken or supported by council officers as well. So this is not just our work, it's very much a partnership approach with council officers. And just before I go on, Chair, if I can just make two observations, two errors in the report. On your page 73, section 14, we mention details about the transparency code, section 57, that should actually read section 59. And then on page 74 of your report, section 17, we mention the KPIs for the shared anti-fraud service being at section 59, they're actually section 64. And if I can just draw members' attention to section 64 for a moment, just to pick up on those KPIs, and it's mentioned elsewhere in the report as well. We did fail to fully achieve three of our key performance objectives for last year. One of them was 2A, around the number of days. Part of our plan that we agreed with officers was that we would deliver 350 days of operational activity. Unfortunately, our case management system was new to us in April of 2023. Welland Hatfield joined the partnership in Welland Hatfield 2023. And along with a number of other issues at the time, for the first quarter, we weren't able to record time properly or accurately for any of our partners, not just Welland Hatfield council. So although we've reported 270 days, which is 77% of our target, actually we're confident that we delivered the 350 days because of the volume of work that we undertook for the authority. So that's just to highlight that with members that there was a reporting issue in quarter one. We resolved that in quarter two. Quarter four, we were actually recording the right levels of activity for the authority. So we are confident that we delivered that 100%, but I can only report on what the case management system tells us at the moment. So just to highlight that. And then on KPI 3A, we had a target to resolve all high risk or urgent referrals. So these are allegations of fraud that are received by the service within one day. Unfortunately, our case management system, and members might recall I mentioned this during the year, our case management system is unable to identify urgent cases. But our second target in KPI 3B is all other cases are to be resolved within two days. So we can work out, that system will tell us how long it takes us to deal with all of the referrals we receive. We just can't separate out the urgent ones. But what I can confirm for this committee is that all of the referrals, on average, across the years, were resolved within 24 hours. So we are confident, again, we are achieving that target for KPI 1A, or 3A, sorry. I'm probably beating myself up a bit about that. And again, I'm sure Richard and Helen would tell me very quickly if they thought that we were slovenly in our response to any allegations that have been received, which they consider to be urgent. And then just on KPI 5C, this is much more important to me. We set ourselves a target to recover six properties that were being misused. So these social housing properties, your stock, which is being misused, that was a target we set for year one. We only managed to recover two properties last year. That's much lower than we anticipated. We've set ourselves a higher target this year. Members will have seen the plan that we brought to this committee earlier this year. We've had meetings with the housing management team, and Helen was present when we were talking to housing management last week. And we've got more meetings lined up with the housing team to try and be more proactive about how we identify tenancy fraud and deal with those matters. And members might be saying, well, is it because the level of fraud in our stock is much lower? That's a possibility. But with the volume of stock that you've got, we'd expect, sadly, to see more misuse. So we're going to be much more proactive about how we try and identify tenancy fraud in your stock this year. So we're going to do a lot of work with housing management, a lot more use of data analytics, and much more proactive activities on the ground as well, trying to identify potential fraud. If I come back to you next year, we've only recovered two properties. You don't have a problem in your stock. I've solved it. We could all be very happy, and we'll focus our efforts elsewhere, but we'll see how we go on. So I just wanted to draw those to your attention, Chair, just to be very clear about that, that, yes, we know we sort of failed on those three objectives. We understand why. We'll do better this year. Other areas, just to draw members' attentions to, we had a very busy year. This was our first year. One and a half people joined the partnership in April 2023. So we've had a really, really busy year working with officers. Cooperation has been fantastic. It's been really, really good. We've embedded the service with a number of service areas across the Council, and you'll see from the report some of the outcomes and the activity that's been undertaken. Two particular areas of work for us have been around tenancy fraud, as I mentioned already, but also around understanding your risks, your fraud risks. So we've introduced work around executive reports, fraud risk assessments, fraud alerts in particular, making staff aware of new fraud risks as they arise, whether we see those across local authorities or other sectors, and sharing those with the relevant departments. And we talk about that at some length in the report. We mentioned the volume of allegations of fraud that have been received. So, again, we call these referrals. The numbers we received for last year, 92, is comparable to other authorities we work with. So, again, it's always quite a difficult one to measure about whether that feels right or not, but it's comparable to other similar authorities that we work with across the county. And then we mentioned some of the outcomes from investigations as well. I mentioned tenancy fraud already. The other big area for us last year was looking at data matching and analytics, so use of the National Fraud Initiative, use of the Fraud Hub, use of Analyze Local to identify fraud within the small business rates data. So there's a whole range of different types of data that we're looking at to try and identify fraud early. That kept us really busy, particularly kept certain service areas busy as well, looking at those matches, because there was a lot of volume to go through last year. And, again, we put more things in place this year to better manage the output from that activity, hopefully giving us better results as well. And then just finally, at the end of the report, from section 59 onwards, we talk about the transparency code data. So this is data the council can now publish about this activity around counter-fraud and the output from that work as well. And just a big caveat on section 62, the bullet point that talks about fraud loss that's been identified, real big caveat on that, a huge amount of that is actually fraud prevention. So it's where activity that we've undertaken, particularly around data analytics, is spotting fraud earlier or stopping fraud happening. So that isn't in any way to suggest those sums have been lost by the authority. It's all around prevention. Chair, that's my report. Thank you, Nick. Thank you very much. I'll now ask members for any questions, please. Kathy. In paragraph 25, there's mention made of the website having links for the public to report fraud. And I was just wondering how useful that is, you know, how many of those reports do turn out to be quite truthful or whether some of them might have been motivated by spite? I'm just kind of interested in, you know, human nature and all that. Yes, we the public are really useful. There are eyes and ears. They see what's going on. So we don't want everybody to turn into a, you know, busy body or a grass or anything like that. But we do want to encourage people to report their suspicions of fraud if they've got them. They say that the public give us the golden nugget. Sometimes they give us the thing we're not going to find. We're not going to find through data analytics. We're not going to find through system checks. They they see things we don't see. So although the vast majority of those probably don't end up with an investigation, occasionally they they're the ones that get us over the line sometimes to make a decision. And we do want to encourage people to report that to the public. So we want to encourage people to report back to the public. So we want to make sure that it's not mixed, but useful. There aren't any that are simply untrue when you investigate. Yes, we do. Yeah, we get malicious ones. You know, we'll be we'll be on the list along with the RSPCA and the DWP that have been contacted to, you know, because there are neighbour disputes going on, we get caught up in that sometimes. I mean, we investigate needs to be investigated and we don't waste our time and your time and money as well. Thank you, Chair. Just a couple for me, Nick. I remember when you first came to this committee three or four times ago and I asked you a question about return on investment and making tangible return on investment. It was a difficult question for you to answer. So it's nice to see actually a number at the end of the report there on number 62 of over a quarter of a million pounds of potential fraud, a number that we've actually identified that's potentially been stopped. So I think people like Richard and Helen will be delighted to see a figure there that you guys have identified. So I think that's that's a real win. Just going back to so I should have finished that with so well done. Yeah, I'm sure you will. Going back to the point you made on page 85 on the KPI three. I think I think it's fair to say about not not beating yourself up too much about the identifying the urgent ones. I mean, it is obviously a bit of a flaw in the system not to be able to identify an urgent one. So these are probably a fundamental flaw in the system you use. However, if you can identify all ones within 24 hours, the last time I looked 24 hours was a day. So you are actually doing what you said you do. So I don't think there's a major issue there. And I'm sure if there was, Richard would be banging on your door to say, come on. So, I mean, I think the the KPI is all urgent, high risk cases in one day and 24 hours is a day. So you're just sort of getting there. But so I wouldn't buy too much myself on that one, but I shouldn't really probably speak for the council there. But the the question I had on the KPI five see the only two properties were recovered in a year. I agree that does seem remarkably low if the target was six and the target is higher this year. Is that normal in the first year to do less than you would think compared to how you work with other authorities? Or is it just a bit of an anomaly that you found here maybe? We set a target which we believe was achievable based on the other authorities we work with, with a similar number of stock. So we got some evidence to base it on. We'd made some assumptions because you have to make some assumptions when you're setting targets in year one. I just don't think we've got it right. I just don't think we need to take a step back and look again at where the risks are and how we can improve on that. And again, recovering six properties suggests there's a problem. You've got a stock of seven thousand nine thousand nine thousand. So outside of London and again, it's a there's there's there's details in the report. You know that the potential risk of fraud across your stock is probably about two percent during the year. So we're not going to find all of it. And two percent, again, is a bit of a finger in the sky. But I'm just disappointed. Personally, I think we could have done better on that. I think we've missed we've missed something. We just need to take that step back, understand it and then come at it from a different angle. Well, yeah. Yeah, I think it's I think it's like I'd rather be looked at it like that than just accepted it. So, yeah, I think that's a good way to look at it. Thanks. Anybody else? OK. Therefore, can I ask members to note the following, please? A. The activity undertaken by the shared anti-fraud service to deliver the 23-24 anti-fraud plan for the council. B. All anti-fraud activity undertaken by the officers and the SAFs to protect the council and the public funds it administers. Can I ask you to note that, please? Yep. OK. Thank you. Agenda item nine. Risk management report, quarter four, 23-24, pages 87 to 132. I shall now hand over to Richard Baker. Thank you. OK, so this report presents the standard quarterly report on risk management to the committee. This report's for quarter four of 23-24, so shows the risks as they were assessed as at 31st of March 2024. Some of the key risks or key key updates to note on the strategic risks we there are three to bring to your attention. So we've added industrial action as a risk. That was queried at the last audit committee meeting. Officers have since considered the risk register to see if it was appropriately reflected. There are a number of employment risks in the register. But following discussion, it was it was felt the risk did warrant a separate risk to be identified. So that's been added. Cybersecurity. Again, as we briefly discussed at the last committee, we have reviewed the assessment of the risk and the risk environment. And regardless of the wide range of measures that we have in place, the residual risk of hackers attempting to penetrate the council system will always remain high. Council run events was another one that was discussed. And the scores were reviewed downwards as the control measures that are in place do reduce both the risk and the likelihood of impact. And on the operational risks, the capital tax and business rates collection risks have been increased. The 23-24 out-turn position collection rates were still slightly behind targets. They haven't reached pre-pandemic levels, although we are getting closer. It's an area that's constantly being closely monitored by the team. And we are doing some work with other councils across Hertfordshire to look at this, as most councils are seeing similar trends. And the final one worth just bringing to attention is the control centre. And that's just been amended following a general review, the risk scores were identified as effectively being the wrong way around. So they've been corrected. As mentioned earlier, it's also worth noting there was a risk audit undertaken and risk management during the last quarter. It did receive substantial assurance. And really, that was focusing on the new control environment that we've got following the implementation of the new framework last year. So in discussion with the order at the time, they provided very good feedback, particularly around the sort of survey they'd done from risk managers. They were appropriately trained. The report is certainly at better frequency and the commentary is getting updated in a much more detailed way and more frequent way than it used to. So I think it provides a good basis for continuing to develop the risk framework as we move forward. Thank you. Thank you, Richard. Just a comment from myself, as you know that I've quite regularly beaten you up about this and it's nice to see that the description of the risk and the risk commentary has definitely got some more beef to it. Which I would like to pass on to the risk managers that should be congratulated on. These are a bit more chunky than just a little one-liners that we did see last year. So thank you. I'll ask members for any questions, please. Victoria. Thanks, as ever, I've got quite a few. Again, I would echo what the chair just said on the commentary. I think that has improved. I think there's a way to go yet, but I think improvement is definitely noted. If I can jump into some of the specifics just on the questions. On page 99, we talk about service standards and therefore the complaint procedure as well. It was noted in the risk commentary that the probability has increased as tenants are now able to contact the housing ombudsman directly. I would question because the probability doesn't seem to have changed quarter on quarter, so I just question the accuracy of that, notwithstanding I don't think it's a massive problem because it's noted in the commentary. But I would also note that the audit report issued in April '24 was noting that 69% of Stage 2 samples did actually kind of breach the timeline. So I was kind of concerned about the way that the commentary was written. As it said, this means it is more likely that there will be an increase in cases and maladministration findings. And I was a bit concerned that there was causation between increased in reporting and increase in maladministration. Increased in reporting means, yes, more things to look into, but it doesn't necessarily mean an increase in maladministration complaints and findings. Yes, findings I was concerned about. So I just think it might be worth just to have another look at that one. Yeah, absolutely. I think that comment has been left in from the previous quarter because it was increased last quarter. So that's why there's a comment in there around the increase in scoring, but I will take that back to the risk manager. In relation to the increase in maladministration findings, the reason we have suggested that there could be an increase is because the House can now investigate prior to us even having a chance to rectify. Before they would have taken the rectification within a spent timeframe into account, whereas now they won't. So they may find maladministration, whereas actually before we would have rectified it. If it had then gone on to them, they would have said you didn't comply with X or Y, but actually you rectified it and therefore we take no action, we have no findings. So there's just a risk there might be more maladministration because they're investigating before we've had a chance to rectify. Okay, thank you. That's helpful. If I can go on to the next one, page 101 on cyber security. There's been an increase versus the previous quarter, again, as you mentioned, but I'm just a bit unclear as to why that is and actually the commentary didn't really give us very much information. I know you kind of mentioned it briefly at the beginning, but could you give us a bit more colour on that? Yeah, no, absolutely. So we talked about the feedback from the committee last time. So we went back to the risk managers and asked them to just review risk scores that have been discussed and have a look to make sure they were comfortable with it. We know that particularly with Ukraine, all the events that have been going on in London, there's lots of things that we get notification from the cabinet office quite often around increased risks around cyber security. And those risks just aren't aren't reducing. So the risk manager took the view that actually this was a risk that should be should be higher. Okay. And it would be good to understand what they're therefore doing as additional kind of mitigation, because the commentary again, doesn't it says what they're continuing to do. But given that the probabilities increased, I would like to see kind of a bit more on therefore we're doing this. Absolutely. And what I will probably do with you, what I'll probably do is share a report with you that was a part to report to the overview and scrutiny committee, which gave an overview of our cyber security controls. And what we're doing, obviously, that wasn't the public domain, so I will share that with you confidentially. But there is there is additional work that we're constantly doing. We're constantly looking at what we can do to improve our control environment. Yeah, yeah, I can I can well imagine there is I think it's kind of reference to the early points kind of upbringing. It's a life for that for the committee. I think a little bit more like even referencing that it was kind of taken as a part two would be like helpful. So we can kind of understand actually it's going kind of elsewhere as well. Thank you. And then in terms of sorry, the next one on page one hundred and twenty seven on the dump and mold. Sorry, let me just scroll there. I'm obviously referencing the audit report that was kind of published just recently that was given limited assurance and quite a number, which Jonathan kind of mentioned just earlier. It was interesting that there hasn't been a kind of a change here in the kind of the risk assessment. And I thought, again, the commentary was was a little light, giving the number of findings that have just happened. I think a general comment again to say, like, are we doing enough? I can take that back to the risk management camera. We're in response to you and an update to that risk, definitely based on the audit report. OK, thank you. That's it. Thanks, Jeff. Kathy. Page one hundred and four, there's a very, very high residual score for failure to comply with the regulator of social housing's regulatory standards. So I wondered why there is this very pessimistic expectation. And my personal view, I believe I would agree. I think that's I think that scores on the high side. I think the impact would remain, but the probability is significantly lower. So again, I'll take that back to the risk manager and ask them to do it over an update on that. Russ. Just a couple for me. Good to see the addition of the industrial action that was brought up from the panel last time. So thank you for putting that on, Richard. I had to one was the one oh one that page one oh one that Victoria brought up about cybersecurity. So you've already covered that. So thank you. And the only other one, but I have noticed that it was the date of the report was page one, two, three, which was a challenge to the local plan, which I know hasn't come to fruition. But I actually noticed the date of the report was prior to that actually happening. So that will disappear off of the report on the next quarter, because for those of you that don't know, on page one, two, three, the challenge to the local plan didn't come to fruition. It was pushed away by the inspector, so that will disappear off the report, but it was after this report date. So that's my fault for not looking properly. Thank you. OK, any other questions? No, no. OK, I'll ask members to note the following, please. A, the risk register at quarter three. B, the comments and actions in respect of the strategic, serious, severe operational risks. And C, make recommendations to Cabinet or Council in relation to the management of the risk. I'll ask you to note them. Thank you. Agenda item 10. When Hatfield Borough Council draft statement of accounts, 23, 24 pages one, three, three to two, four, eight. I will now hand over to Helen. Thank you. So this item presents the draft statement of accounts for 20, 23, 24. The statement of accounts was published on the council's website within the statutory deadline of 31st of May, 2024. The next stage for these accounts is for those to be audited by the council's external auditors, which are KPMG for this financial year. And their audit work is commencing in July. We've already got some dates booked in with them. The deadline for the publication of the audited accounts, alternatively publication of a statement saying why the audited accounts are not able to be published is 30th of September, 2024. Just to note as well that the 20, 22, 23 statement of accounts is still a draft statement of accounts. That that statement has not yet been audited by EY, who were our auditors at that time. This has been discussed before, I think, at this committee that there are national discussions ongoing regarding plans for external audit to catch up on outstanding local authority audits. And we're by no means unique in that. However, decision on that has been deferred by until after the general election. So we will await that before we have an update on those plans. I'm happy to take any questions on the accounts. Thank you. Richard Baker's got something to say. Thank you. I just wanted to say a big thank you to Helen and the team for ensuring that we managed to deliver the accounts by the 31st of May. Many councils didn't. And a big thank you to staying late on a Friday night to answer my last questions, things like that. Yes, I'll second that. I'll open up the floor for questions, please. Victoria. Thank you. Question on the dates that you just mentioned and kind of the 30th, given it's over holiday time and it's a new auditor that's obviously kind of taking over. I know there'll be handover procedures, et cetera, for that. But how, given the dates you just mentioned, kind of how confident are you? Because I was just kind of foreseeing that we're going to be kind of doing both at the same time in terms of review of the committee as we go forward for the 23 and the 24th. OK, so KPMG have done a lot of work in advance, so they've looked at our systems. They've got some understanding by looking at our work that we're doing the year in terms of the accounts during the year. So didn't wait until the end of May to start doing any work. They have got time booked in in July. They will need to come back for another visit after that July visit. But a more pressing issue is that we don't yet have the 22, 23 accounts signed off. And until we know what the situation is on that, KPMG won't be able to formally conclude their work. So I would say KPMG are doing as much as they can to meet the deadline, but there may be reasons outside their control that they're not able to do that. OK, understood. Thank you. That's helpful just to contextualise the timelines that will be coming forward. OK, thank you. Any other questions? No. OK. Can I ask members to agree to delegate authority to the chief executive director of finance and transformation in consultation with the chair of the audit committee to approve the statement of accounts for 23, 24? And sign the letters of representation. Yeah, yeah, OK, great. Agenda item 11. Draft annual governance statement 20, 23, 24 pages 2, 4, 9, 2, 6, 8. I shall hand over to Claire who will give you an explanation. Thank you. The annual governance statement provides an overview of the council's governance arrangement for 20, 23, 24 and sets out the areas identified for improvement. Prior to being brought to the audit committee, the draft AGS is considered and agreed by the corporate governance group. Details of the governance group can be found at paragraph 3.9 of the AGS. Section 4 sets out a review of the effectiveness of the governance framework. Section 5 sets out the review and assurance mechanisms used by the council. Each executive director and all assistant directors are required to complete and submit a declaration of compliance in the form of a management assurance statement at the end of each financial year to help inform the AGS. Section 6 provides updates on the areas identified for improvement in 22, 23. Section 7 sets out the areas identified for improvement in 24, 25 and the lead officers. These are action plan and compliance with social housing regulations act, housing ombudsman complaint handling code, damper mold, financial sustainability and temporary accommodation costs. Updates to these actions will be provided in 24, 25 AGS. If approved by the committee, the annual governance statement will be signed by the chief exec and the leader of the council and published on the council's website. Thank you. Thank you Claire. I don't think we take any questions on this do we? Yeah, is there any questions by anyone? Russ? Sorry. Just one. I'm just wondering what the purpose of this is to look at something retrospectively to submit because obviously this has now been superseded and everything on here is last year. So is it just to submit for the record almost? Is that the purpose of it? So really this is part of an effective governance framework. It's looking back to make sure that we have delivered what we say we're going to deliver in the way we say we're going to do it. Make sure that we comply with our rules and regulations, make sure that we've got a good control mechanism in place and highlight to members if there are any areas that need additional work and what our action plan will be. So it's really to take that sort of holistic view of the year, set out what we've done, how we've approached it and if there are any issues. Okay, so obviously the management structure has changed since then and there's new directors so it's sort of saying that's what we did and we did have an action plan and we've acted on that action plan. Is that fair, Praise? Thanks. Okay. Any other questions? Nope. Okay. Can I ask members to agree the annual governance statement for 2023-24 for the signing by the leader of the council and chief executive officer? Agreed. Thank you. Agenda item 12, review of corporate anti-fraud and corruption policy and associated policies, pages 269 to 314. I'll hand back to Nick. Thank you. Good evening, Chair. So as it says on the tin, this is a review of the council's existing suite of anti-fraud and corruption policies that were last reviewed I think back in 2020. This is just to make some changes following reorganisation within the authorities, so changing some roles for senior officers and officers making decisions for the anti-fraud and corruption policy. And then introducing the shared anti-fraud service and our roles to support the work across the authority around anti-fraud and corruption, particularly in relation to that policy, which is an overarching policy, and within the anti-money laundering policy as well, so the shared anti-fraud service will act as your money laundering reporting officer. The other changes to the other policies are very minor, just to bring them up to date. There's no significant changes to any of those, and so it is all just bringing them up to date, really. Happy to take any questions. Thank you, Nick. Can I ask members any questions for Nick? Russ. Just one. Where the policy now mentions SAFs, how long is the agreement with SAFs, and if SAFs and the council no longer had the agreement, obviously that would affect the policy, so do we have a long agreement with each other that would mean that we didn't have to quickly review these should that agreement cease? The agreement with the shared anti-fraud service at the moment runs through to March 26. We're currently looking at a new agreement from April 26 onwards, so Richard and Helen sit on the board, so they'll be sort of involved in those discussions about what happens from 2026 onwards. In relation to this policy, if SAFs wasn't providing a service anymore, it would be quite simple. We'd make Richard responsible for everything. Thank you. Okay. Any other questions? No? Okay. Can I ask members to agree the changes to the anti-fraud corruption policy and associated policies and note these updates? We'll remove the requirement for the council to maintain a separate tenancy fraud policy. Noted. All agreed? Thank you. Agenda item 13. There is no other such urgent business, so I will now declare the meeting closed. Thank you.