Transcript

Good evening. In the absence of the appointed chair of the committee, may I please ask for a nomination for a chair? Hello. Councillor Marshall. And a seconder? Seconded. Thank you. Councillor Marshall, you may continue. Thank you very much. Good evening, everybody. Good evening, anybody who is watching this. So my name is Councillor Marshall. I'm going to be chair for this evening's audit meeting. Councillor Paul has been unavoidably detained. Those of the committee, I will now call your names in alphabetical order. Please switch on your microphone to confirm your attendance. Councillor Critchard. Present. And Councillor Hedges. Present. Thank you. And may I also please introduce our independent member, Vanessa Bisser. Hello, everyone. Very welcome. We've received apologies from the other independent member, Ilva Forte Nikana, and also from Councillor Caddy, and obviously, as mentioned before, from Councillor Paul. We have a number of officers, President, who will introduce themselves when they address the committee. So I need to start by asking if there are, for declarations of interest, are there any declarations of either pecuniary, other registrable or non-registrable interests? Nope, thank you. And item 2, the minutes. Members, are the minutes of the meeting held on 12th of March, 2024, agreed as a correct record? Agreed. Thank you. So item 3, external audit reports for 2022-23 and 2023-24. I'd like to ask Assistant Director of Finance, Catherine Burstyn, to introduce this. Thank you. Evening, Chair. I'm actually going to pass over to the Chief Accountant, Alicia Atto. Hello, Alicia Atto, Chief Accountant. This paper provides an update on the external audits of the accounts for 2022-23 and 2023-24 financial years. I'm pleased to be able to confirm that the 23-24 draft accounts have been published in early June and the inspection period and the full external audit has also begun for 23-24. As members are aware, there are general backlogs in relation to all audits and whilst the draft accounts for 2022-23 were published at the end of June, 2023, the audit was delayed and is being reformed by EY as a limited scope audit, but including a value for money audit for which work has started. In terms of statistics for 22-23 year audits, as at the 3rd of June for the end of April, only 21% of local authority audits have been finalised for 22-23 with 63% awaiting sign-off and 16% unpublished. Finally, the paper also discusses external audit fees. Janet Dawson and Adrian Barmar from EY are here who can also answer any questions. Thank you. Thank you very much. Would you like to talk? Thank you. Janet Dawson, external audit partner from EY and we've got two papers on the agenda as Alicia has said, one which brings you up to date on where we are with the 22-23 audit and in particular the work that we've undertaken on the value for money arrangements that were in place across the organisation up to the 31st of March 2023 and then the second one is the audit plan for the full scope of work for the 23-24 audit, which as Alicia has explained is already underway, but it sets out where the key risks and issues are that we are addressing through that work. So what I suggest is I just give you a very quick summary of the 22-23 value for money arrangements report and then pass over to Adrian to take you through the highlights of the plan, if that's satisfactory. Okay, so the 22-23 audit for the moment is focused only on the value for money arrangements. We are awaiting the department and the financial reporting council and the NAO to determine what they want to do about the scope of work on financial statements and you'll remember we brought this to your attention over the last year or so that plans were very well advanced amongst the system leaders to reset the system for the open years of accounts. That was a slight hiatus was caused as a result of calling the election. So we're now just awaiting those system leaders to brief the incoming minister to determine (a) whether they will proceed on that basis and (b) how quickly they will proceed. So that's just a little bit of the context. In the meantime we have undertaken our scope of work on value for money arrangements which looks at the arrangements that you have in place across three different reporting criteria. So what have you got in place to ensure that you're planning and managing your resources effectively to achieve financial sustainability? What governance arrangements have you got in place to ensure that you make informed decisions and properly manage your risks and how do you use information about costs and performance to improve the way that you manage and deliver your services? And just in very brief summary you'll see on page 17 of your page numbers that we assessed having carried out our initial risk assessment, we didn't identify any risks of significant weakness and then having pursued those criteria across the arrangements in place within the organization, we didn't identify any significant weaknesses in those arrangements either. And the report then summarizes really the arrangements that you have in the form of a commentary against the various sub-criteria. So a clean bill of health from us for 22-23 on the value for money arrangements. Happy to pause there or hand on. Thank you very much. Members do you have any questions or Vanessa if you have any questions as well please jump in. So if you could go first Annemarie and then Stefan. First thing though this is admin, is it possible to turn off the air con because I find it hard to hear especially everyone down the far end of the room and I don't think we really need it now. Sorry that was the first one. So just to repeat, so you're saying for the value for money for 22-23 which is not as detailed an audit as we would have had the year before and we will have this year clean bill of health you're very happy with how the council is managing its finances and its money. So the scope of the value for money work is the same as you've had in the past in previous years. It's not a lighter touch. So that's the full range of the work that we would always do under the reporting requirements. And yes we are happy. One of the other things on this is that I was thinking of I was looking at the audit timetable and maybe this is something we should take away for the chair is it looks to me that you're offering that you're suggesting we will report back you're you'll have the accounts ready I think it was towards the end of November but our audit meeting is before and I just want I just thought that would be a pity because if we get the timing wrong we then have to wait till March given the way the meetings are set up and maybe that's something that we could have a look at so that once the accounts once the audit is ready we actually see it very soon after it becomes ready rather than having to wait three or four months. And that's really a question for the admin side and the chair. Councillor Hedges. Yeah thank you chair and thank you to EY for all the hard work you've done and appreciate that we haven't got any significant risks. That's very good news. My point is actually around the increase in fees and I know we talked about this last time and there is 133 per cent increase which is quite a lot and I understand the officers are pushing the point that you know if we're having a limit well we have got a limited scope order therefore we should have limited we should be paying a limited fee. Can I just find out what the latest is on that please? Thank you for your question absolutely. We are currently actually reviewing previous year's fees as outlined in the paper so it does take some time for that process to go through the arbitration process with PSAA. So when we finalise the prior year's sets of fees I'm sure EY will put forward what their proposed fee would be for the 22/23 once we know what the limited scope what the actual range of work would be for the 22/23 audit and at that point we can discuss with PSAA. We're currently not in a position to finalise but obviously as a council we will do our utmost to emphasise to PSAA that if we haven't had a full audit then we don't expect to pay the full fee. I don't know if you want to add to that Janet? No I think Catherine is right. The issue that we've got at the moment is because the system leaders haven't yet been able to finalise how they're going to reset the system then PSAA which is the contractual body has nothing to work on for its audit contract to help us determine our scope and then how that will be charged so we're in a sort of wait and see process but it will be and obviously the FRC has a role to set what that scope of work needs to look like as well which isn't under our control or PSAA's control or the council's control so we're just trying to stay very close to it aren't we? I think that's the best way to describe it so it can move forward as quickly as possible. Thank you. My question is actually about the proposed outcome of the 22/23 accounts so the disclaimed opinion. I'm just wondering if I've understood correctly it means that you might be unsure as to whether you could provide an opinion on the opening balances of the 23/24 accounts and I'm trying to understand what risks might come with that. I'm wondering if it's possible for you to outline some of the limitations that might come with that scenario and perhaps the worst case scenario just so we have sight of that at this point. Shall I have a go and then you can jump in? So you're right, so if you have opening balances and comparatives in your 23/24 statements that haven't been audited then the question is over what can we provide assurance so we are focused on the transactions in year and the year end balances. We've had to look at our audit approach very carefully to understand where we would normally do a comparison back to a number from the prior year and perhaps using that to build an expectation of what this year's number should look like. We need to have some alternative procedures to see how we can build the assurance on that and then the question is, is there a sufficient scope and resource to go back and rebuild some of that assurance over some of the opening balances as well but that would be additional to the scope of the in-year audit. So the first bit which is look at the alternative procedures, we're in and doing that and we've got guidance out to our teams already. The second bit which is, is there an opportunity to rebuild some of those balances, that has not yet been determined and that is partly because we're waiting to see what the FRC's view is as to what that scope needs to be. The more we can do, the more quickly we can move away from scope limitations but if you have no rebuild it takes three years to fully wash through the auditing process because even in the second year you're looking at comparatives over which you haven't given an opinion but you've rebuilt the opening in year end closing position if that makes sense. So you sort of rebuild as you go through a number of years and what we're trying to do is see if there's a faster way to increase that assurance to get rid of scope limitations faster but it's a system-wide question rather than this team in this room. I have one and I was going to say this is something I was going to ask the chair but actually not available and maybe our independent member could also help and the officers. Page 51 to 52 give the significant risks and the responses. My question is how do we know we've got the right significant risks? Are we missing anything? I can take that one actually so this is our risk assessment so this is EY's risk assessment in terms of the risks that we see in terms of the council and kind of the potential risk of material misstatement so as part of our kind of general planning and overall assessment of the council each year we go through each of those areas of the council and we look and we say what's changed what do we know from previous years and that all helps build up a kind of overall picture in terms of what we would perceive to be the areas where the council's a bigger risk or potential risk of material misstatement in their accounts so these risks are solely focused on material numbers which actually for you are around headline 20 million or the kind of underlying level of that's about 10 million so if you keep those numbers in your mind whenever you're thinking about materiality when we say our materiality those are the kind of type of numbers that we're actually looking at so we're not looking at everything to kind of say is there a risk in all of the accounts the risk starts with the kind of numerical number assessment and then it moves down and looks at other areas so is there any other areas of those accounts which may be non-numerical so more sensitive to kind of manipulation or other areas that may kind of cause sort of kind of wider sensitivity within both the council or else external stakeholders as well. And if I if I phrase those within that I'm going to give you an opinion on your financial statements these are the risks that I give the wrong opinion so they're either complex areas or they're highly judgmental or they're subject to manipulation as Adrienne suggested which might lead to a number in there where I give you assurance but actually I shouldn't have given you assurance so I give you a false opinion so that that's how they're framed in terms of being audit risks they're a risk to me in giving you the wrong opinion as opposed to organizational risks. If there are no further questions we are asked to note EY's two reports they've attached an appendix A and appendix B the value for money report and the audit planning report and also the external audit update and the audit fees update. Members of the committee are those agreed? Thank you very much. So moving on now to item four which is the annual review of the risk management strategy in the 2023 24 review of risks and risk controls by directors I'd like to ask assistant director of finance Paul Gilotti to comment. Thank you chair. So this is the you know the paper says it's the annual review so for most of you you would see this fairly regularly but because obviously we've got the new independent member attending for the first time I'll go into a little bit more detail to explain how we operate because the model that we use is probably slightly different to what you might see of seen elsewhere. So rather than have you know you know reams and reams of risks that are just put on a document put in a database and not really looked at in finite detail we have a different tiered sort of approach in the way that we manage it. So the top end which is our strategic or our corporate key risks are what the directors seem to be those which are material and cut across all service areas and have a real impact on the council managing to achieve its core objectives. So they're normally around about 15 to 20 in that sort of window that will cut across so it would include things like ICT like project like contracts and aspects of that nature. Sitting next down keys your service delivery model so for that so all heads of service are then sent a form which they have to assess themselves not only on those key corporate risks they'll have to assess to see is it relevant for their service if it is is it managed or is it dealt with by somebody else. They also have to identify you know what are the you know the keys sort of half a dozen risks for themselves now quite often they double up so they are the same as what would be in the core one because quite often it may well be personnel it might well be data it might well be IT and those sort of issues but there might be something that's specific and pertinent just purely to those so they'll flag it and then also determine how well they think they're performing against it whether it's managed or not and then thirdly there is key project risks so that's where you would get a far more detailed project plan and project risk assessment and they would be for your major project so they're the three tiers that are explained within the strategy there's no real proposals you know from the previous year we're not changing anything significant in that approach the only thing that there has been a change on and that's tied in with the appendix which is actually highlighting what those key corporate risks are is in relation to project management for several years it's been raised not just in this committee but the other borough for which we work collaboratively with Richmond both audit committees have highlighted that you know projects are key for them and they and they have concern that it may not have had the same oversight so you will note in A in the strategy there's a couple of extra paragrassing around 15 15 16 around that sort of area where it's highlighting what the project management office is doing to enhance the reviews and in that particular area and project management has been given its own specific corporate risk specialists within the new approach to the corporate elements in the relevant appendix so that's really the oversight on it and the key sort of changes there's a couple of other minor issues with some consolidation when we come out to doing the annual governance review you'll note that there's a lot of detail in there in budgetary control so the need to have a separate review outside of the annual governance statement it seems superfluous so hence why we've amalgamated them into one risk so so that's really where we are at thank you mr gelotti counselor hedges thank you mr gelotti much appreciated and glad to see we've got fraud and cyber on there and actually that ai has now made it to the to the to the deck so i'm pleased to see that and my point actually is more around the annual governance statement which is on page 142 if i may go to that and i mentioned fraud obviously that being like one of the the top high risks where we've got here on the page further down we've got a total number of fraud cases investigated looks like there's been an increase on the housing and tenancy related investigations oh sorry am i on the wrong have i jumped ahead oh sorry apologies that's the next one thank you in which case just very happy to see ai on there because i know we talked about it before yeah i mean that that might evolve over time so i think ai have been incorporated into the the traditional sort of cyber and governance but clearly as we've got a new department that's been set up that will actually be looking at changing innovation and i expect that we will be seeing a lot more and trying to ensure that we've got relevant controls in place for it but on the cyber just to reiterate again what we said previously is that the key issue is unfortunately we net it's more likely to be when an authority gets hit not if so you know we try to be as robust and plan for the future there are contracts in place in order to have a recovery plan that we ourselves as in you know as officers don't have the skill set so we do have contractors in place to help and support that but i wouldn't want to rest on our laurels and and for any reason think that we are perfect and we'll be and that these risk processes will protect us all just noting that we've got ai i think it's going to as well we'll see more and more challenges evolve over time thank you yes sir i was also very pleased to see the use of ai included as a strategic risk i'm just wondering if the chief digital information officer has been appointed i saw that as a coming yes so again i think it's ian robinson i think is the individual so he's been in for a little while now so and again they'll be looking through a lot of the processes that we have within the council to ensure that we not just identify risks but create opportunities as well because i mean we shouldn't be putting in controls as a barrier for us moving forward we need to ensure that we've got the right tools to enable us to flourish and be able to to do things differently and getting ensure that we gain access for everybody through the use of it i have a few more questions chair may i continue okay okay thank you um i was really interested to read about the newly established cpo and the role that they'll play in providing uh good practice guidelines um particularly the introduction of the central um learning library as a resource for sort of you know lessons learned i'm just checking that it would be available to everyone that has a role in assessing and managing risk and not just the risk specialists yes there is specialists in in essence i mean i'm one of them down on there it's not down for us the the whole um you know the the anna saddler's team and that area who are devising it is really there to set up a framework so that all people commissioners are able to to do that i mean coupled with this i mean there is a repeat and a scenario that's been set up for contract management food for yourselves that's been discussed here before but clearly for yourself being a first meeting um this office is you know you know both whether it be procurement or whether it be project management are not there to deliver they're there to provide advice support and create a framework that enables officers to know what they should be doing that's what it's all about so that's about ensuring that you've got a sizing model that you can try to risk assess what the project should be and then you go down a particular pathway subject to that similar to what we're doing uh with contracts with them being put into a different category whether it be bronze silver gold platinum and that will then enable you to know the processes that you've got and that will be accessible for all right thank you thank you sorry on page 99 we talk about new and emerging risks um you say these would be identified on a day-to-day basis but we haven't actually called out any um i know i've mentioned ai and cyber are there any others that um that concern you um or any anything else that you think would be relevant for this group please um well project management was the key one that's been added as a separate category uh this time so um they do evolve and um you know when we put the paper up to directors a lot of it does stem from audits that come through any common themes that we'll be looking at um and also listening to what goes on in other local authorities as well and clearly when you're looking around some of the changes that we're looking likely to be seeing um project you know we are reliant upon third parties so key projects are there if there is new themes that will come through they will be discussed um so follow up on any project management does that include um the new projects um that are being funded out the reserves like things like the change project and other other big projects we're not looking for the part of the risk strategy is not looking at individual items that comes through it is actually looking at making sure you because you know what cuts across so that particular team should set up a framework that would enable everyone to draw down from and that's what it and that's what it is we're not looking at anything service specific if there is a key project that's separate so if you remember there's three tiers to this there is your corporate your service and then your project specific key project so if you do have a major project i would expect them to be working with um you know the project management office the cpo in order to actually devise a proper framework where you would have a board that you would be accountable for that would end up having a proper forward plan around key milestones that would be reported through to that project board that's the third tier of this strategy so that doesn't cut across everything because that's because it's specific we're saying that that needs to have its own risk register that addresses and utilizes um you know the toolkits that have been made available to them thank you i've got some questions to my own and then i've also got some that have been fed in by the chair so the ones i had was um page 103 and 102 105 is sort of the statement before we get into the individual risks um how much of that has changed since the previous year so the actual preamble statement rather than the individual bits the only real main change is what we said in you know in is in relation to specific details around project or program risks around paragraph 15 of the of the uh you know strategy because that's just building on and enhancing on the new framework uh that that's been been implemented and and this is a good area of where the audit committees can help and support to look to direct change because the feedback that we got like i said both from yourselves and from uh the richmond um audit committee was such that um warranted it being brought forward it got raised as something that was key and relevant for yourselves and and hence why that was put forward as a as a suggested uh change can i carry on okay um right on page 107 climate change just as a note it says achieving baseline scoping one and two emissions by june 2020 was there a type of some kind in there i mean we've either done it or we haven't or 107 under the climate change and the last one is achieving baseline scoping it's a risk strategy and i i wasn't sure if we've actually you see it here yeah yeah um i was a bit confused because we've either done it or we haven't done it if we were supposed to do it by june 2020 no that that's fair we were going away and have a look at it sometimes with the baseline that would be your set date um i mean for to give an example on the pension fund we've got a baseline that we use of uh 2019 uh and that's the baseline that's been used so it might not be um by june 2020 it'll be utilizing their uh um from that data but we'll we'll double check to take that away okay keep going uh the question was um this came comes through from council paul is climate change also includes sustainability but actually she said i would have expected it to be in the other way round um with climate as one of the areas for sustainability and maybe that's something that you might need to pick up with her about how she thinks because i was looking to see if we had a separate um climate climate a separate sustainability category um we don't i mean part of the reason for doing that is um trying to get language that is uh common uh and when you're looking at trying to ask um service managers to assess themselves if you're putting in something else like sustainability instead of climate change everyone knows what climate change is and that's part of the process of dealing with it so um when you know every specialist is going to do their report then that and it will be all encompassing but remember that you know each service head is required to assess themselves against that and we are asking them all of them to pay attention to that and focus on it so i quite like the idea of using language that is well known and well established then on the workforce um there's nothing mentioned about uh diversity and inclusion uh under the number 11 human resources workforce capacity um and given that i think we probably aren't as representative as we might be is that a a risk that we're missing that we ought to be covering um again it's something that uh i think is is embedded into the work that we've that we've done even only today um when we had a senior management workshop they were looking at the analytics and all the data that's coming out from that just to ensure that we are a fully diverse um authority um when you go through your recruitment campaigns um we've got anonymized data in order to to look at doing that and we go get reporting stats that are coming through um this can't have i mean obviously these are the key bullet points and the key uh sort of areas for us to determine where we are and what we're looking to to seek to do um when we are looking at um you know whether or not we've got an appropriate one again i'll just say look if you look at um you know bullet point two we got to to retain a sufficiently suitable trained workforce now one could argue that you know to sufficiently uh and suitable would incorporate those that are actually meet the needs of our um borough and that will ensure that we are a fully diversified angle and and the new change and innovation department which also includes uh our workforce um or hr uh team they do look at those uh analysis uh within it so i would i would articulate that and i'll argue that we are already embracing that and uncovering it because it is reported through to relevant committees is we've got it in the kpis um so they can be addressed if needed um page 117 onwards is the highlight existing risk mitigation strategic risk categories some 117 so we've got the list of the risks but there's nothing particularly around any mitigation for those risks if you're looking at 117 118 so for example adult social care sustained increase in demand for care services there may not be any mitigation unless there's a change in policy but there's nothing said what the mitigation would be which i would normally expect to see if i got risks um this is just a summary of detailed reports that they've come through so this is what it's for this is just highlighting these are the areas for which the relevant service managers are flagging as uh what they seem to be key issues for them so when you were asking in like the previous paper how we identified some of the key risks you know this is this is just to give you the oversight that they people are thinking in the right area this isn't this is not having the solution put in with all the mitigating factors associated that's not not what the report is actually showing you and then the last one was um i hope this is the right paper to asking uh about the progress of the implementation of the gold silver and bronze um contract or is or should that be done on the next paper i can do either could do whatever it probably is more for the other paper or thought good well if there are no further questions i'll take that yes please i just have a couple of questions about the insurance if that's okay so this is within schedule to appendix a so starting at page 109 section 10 um this is under health and safety it refers to injury or impairment of health of staff etc but there's no mention of the council's employer's liability insurance cover and know that it's a statutory requirement um but i would consider that the review of that policy to be a key mitigation control um alternatively it could appear on page 111 section 14 that is the insurance section it does refer to the public liability insurance there but again no mention of the employer's liability insurance it's fair we can we can add it to it um for your own benefit um we self-insure to a large degree here so we do have insurance policies in place we do have case handlers that are that go through the relevant um so we say national sort of companies that do it on our behalf but a large chunk of what we do we have quite a high threshold before we'll actually get paid out by a third party because it's it's just more cost effective to do it that way but we but you're right it's not just that one level of insurance we do have the others which we can make the changes for okay can i ask one more question about insurance um although i think i know the answer to this one this is me just double checking um so i see that there's no mention of insurance covering cyber attacks and just going back to what you were saying previously about um the procedures that were in place in the recovery plan i did see in minutes of a previous audit committee meeting one that i didn't attend where i think the question was was asked and answered so i just want to check that it is um already been considered and has been ruled out as a necessity and that's why it doesn't appear it's been considered it's been ruled out not because it's not a necessity but it's not but it's not available uh a price that you would be able to to live with um so yes if if anyone is aware of something that is um affordable and sensible then we would love to embrace it and take it on yes thank you um so um we're recommended to receive this information the results of the annual review of the risk management strategy and approve the risk management strategy agreed thank you very much uh and so the last item on the agenda um is the uh yes i'm there a review of the council's governance arrangements um so again um the director of financial services um yes so um again this is uh an annual review uh that comes to the committee um around this sort of time of year um the appendix which is the annual government statement will sit part of the actual council's accounts when they finally get signed off it's a combination this report of a review of the governance arrangements and then and then we've also included within it our own annual report of the work that's been undertaken by the internal audit team and also the fraud team and then you've got the summary of the work undertaken including the outstanding actions of previous audits for for which have either come to this committee for the first time and you're seeing them with a forward plan or they are important recommendations that are yet to be implemented so we've not really when we've done the review there's not been any real significant changes we've provided updates on those key areas for where we deem to be the most material just because an item sits within the annual governance statement doesn't mean that what we're saying is is that it's poor practice is going on in the area that there's remedial actions need to be undertaken we're just highlighting to say similar to what we said with those corporate risk risk areas that they're fundamental to the delivery of our corporate objectives and therefore they should should be on there sometimes they're not they are because they are problematic we see things like devolve management organizations continue to be on there but more often than not that's because they're beyond our control so you know whether it be a school or whether it be one of the tentative management organizations there is limited work that we can do but it has significant potential consequences on behalf of the reputation and or ability for the authority to deliver but there are other areas like information cyber security where we're not saying that we think that it's really weak what we've got but if something were to go wrong it would have significant impact for the authority so hence why we think it's warrants being on the annual governance certificate or statement just to highlight here and flag it so that's probably enough for an introduction if there's anything specific around the core paper then I will hopefully address it if not I might turn to my colleagues who are sitting around the sides to answer any any particular question thank you chair and mr. gelotti so I'm going to ask this question the right paper now there's a mention of fraud risk which you would expect to see in the annual governance annual governance statement and obviously we talk about the fact that there's been a significant increase in the national level as well in interested to know more about the increase in some of the figures that are on page 142 sorry bear with me now just intrigued to know more about the fraud risk and and and how you monitor it and a bit more about the figures if you wouldn't mind please I'll give a broad overview and if you want more detail I'll ask Kevin to give you some more background the challenge you've got especially whether they've been tenancy related is it takes a period of time to come through and you know some of the cases that you investigate will be them at will be on on a trend purpose other times if it's going to and if it's going through the courts it will be delayed in order for us to get through so when we're looking at some of the outcomes from it a year-on-year increase or decrease doesn't necessarily give you it should frighten you or give you comfort thinking things are getting better because there are general sort of timelines but if there's an if you're looking at something like housing related investigations in particular if you're looking about why is it gone from 362 to four seven three I'll pass you over to Kevin to be able to probably give you a better answer the mic and give sorry sorry Kevin Holland had page 142 we're looking at yeah Kevin Holland head of the fraud partnership the the numbers you look in that sorry it's actually a reduction year-on-year not an increase but the reason for the big changes in numbers is to do with the National Fraud Initiative so with what gets grouped in with the housing related fraud it includes the data matching that so we do through the National Fraud Initiative on housing applications that process is a two-year process so there is this will be peaks and troughs on that quite a few of the matches they they are errors inconsistencies rather than I'd say out and out fraud but we talked earlier about you know using AI getting smarter using our data we can only get smarter with using our data if we make sure we get the best quality data so with their refer back this comment in paragraph 99 about need to do our best to cleanse our data make sure we have the best quality data to feed into these processes in order to get the best outcomes so those are reduced others in there there have been changes in the Tennessee successes some of that is still the knock-on effect from the the COVID period access to courts and also changes in the profile so in years gone by when we had detected and found someone who shouldn't be there or was subletting their property they would come forward they would hand over the property unfortunately that ended probably about three three years ago it ended around the COVID time where now we are having to take 90% plus of those cases through the court process so we've got another 18 months to two and a half years time like time lag in terms of recovering possession and do we know how many how many we actually recover or any we have to write off so on just thinking in terms of percentages and how we you know go through the whole process and and what the outcome is and and what the damage to the council is basically so I mean in terms of the actual numbers of properties recovered that's include that's mentioned in table four on page 140 and that's based on the work we do and the resources we have to enable to to to recover properties in terms of measuring the fraud risk concern it's I think it's back in 2019 was the last local government survey that came up with some it's the figures we still refer back to in terms of the incidence of fraud I'm part of a wider group of all across London in the similar colleagues for different status where we're trying to do something similar to see whether we can get a an up-to-date figure of the level of fraud within each of those four categories thank you right just picking up something I noticed last year we had major risks outlined for probably for where there's limited assurance we had a different table and I would just like that covered and and on page 140 I think the numbers are wrong it's nine million but looks like we get me started then I've got some other things I know I'd notice once you're reading I think that's three point three point nine million not nine point nine look just adding up numbers very quickly in my head going through so I think there's I think it's it is I apologize it's an optimistic overly optimistic typo yeah so sorry what was the other question I got I got sidetracked by the cheer we had last year we had a mate one of the tables included major risks I think unfortunately haven't got last year's paper in front of me today but I think I asked you to have a I've not seen major risks in in the thing there were details where you had recommendations from audits in a major you know it was the major recommendations not yet so so yes so when you were looking at it from the previous year so there was 43 major 326 important or p2 risks and 58 minor for 23 24 there were 34 major 242 important and 59 so in total there was 427 recommendations and that's been reduced to 335 that's not that's but that's taken slightly out of context if you remember we used to have two thousand audit days and it got reduced to sixteen hundred and ten audit days so the proportion of that reduction would be down to the fact that we've been doing fewer audits so in two thousand and twenty two three there was actually a hundred and seven audits undertaken and I think we're looking at doing the target for 23 24 is 85 so that would show you some of the reasons for the reduction in number of recommendations made because we've got that 400 fewer days of audit time thank you would you be able to circulate that yeah thanks thank you chair and so looking at appendix a in terms of the audit finding I know we I know I asked this last year and it was a different school under children's services last year I remember it was Beatrix Potter and there had been a couple of DBS checks that hadn't been carried out obviously with heightened security you know you know just with the general environment I've noticed there's another one in there under Francis barber would you mind sort of please explaining because I remember last time that there was a there was a simple explanation for it but I think it would just be good to clarify that one please I'll pass over to colleagues if there's anything specific on on the audit chairs one five seven good evening my name is Tanya college I am audit manager for the Francis barber in particular there was this finding that we had and we are actually forming actively with the school to make sure that they did address the finding and I can tell you in this particular case we had a little bit difficulties to get evidence and tomorrow I know that there will be a call and after that call will be a visit to the school to get evidence for old open actions thank you this is a real worry I mean is there any way that we can ensure this doesn't happen because it's come up again a year later to ensure that we don't we don't hire anyone at any school where they haven't been DBS checked first should just point out that this is a recommendation is the finding isn't saying a check wasn't done it would say they haven't retained any evidence that it was done so there's a key difference between between the two I mean still a worry though right still a concern but bear in mind that obviously we've been only can retain data and retain evidence for certain periods of time but normally speaking when it comes to this one we've looked at I can't talk specifically about this but if you talk about thematically in general we do find that for certainly for frontline staff there is there is in general appropriate measures in place to get those checks people shouldn't be left alone when they are if they haven't got it but quite often some of the challenges isn't like a season about them actually actively being done it's that when we turn up to do the audit whether or not the individual that we're liaising with has actually got the information so I think on this particular one if you look down on the wording it was stated you know when when query the the school business manager it was stated that no evidence could be provided by the minute but it manages to support the check being done prior to the commencement of the employment so we would ensure double check now that but where it is I think that's what Tonya saying is around to see whether or not we've got that coming through but for peace of mind for here it's just to just to highlight the significant there is a key difference between not having it not having it done and not retaining the evidence it's basically the school that should have should should enhance their record keeping so that you know that so that we we've got that assurance but they know when we come in they know what we asked for is making sure that they've got it when when we're there that's part of the challenge is that historically when you turn up to do an audit they may not necessarily have all the relevant information with but I agree with you this isn't this isn't something that's you know out out of the blue that we're turning up and doing something it isn't something that's new that we're asking them for that you would expect that they've not heard before these are the these are the basic queries that we would always audit and check you would expect them to have the relevant information available could could I could I just add something quickly is that okay and so I would just say that yes it is a concern yes it is something we find when we do school audits and what this what we're not saying here though is that they haven't completed barred list check which is the kind of belt and braces check that all schools need to do so the DBS check is really important that needs to be done it's also something that Ofsted checks when Ofsted go into school you know they look at the single central register and if and if DBS checks haven't been haven't been recorded there then that's a that's a real problem for the school but but the belt and braces as I say is the barred list check so and I'd need to check this one specifically but because we haven't referenced that in the recommendation I'm assuming the barred list check was completed which means we have it you know the school has at least checked that that person hasn't been barred from working in schools which gives some level of comfort just just picking up on that as this is the second time it's come up is there a training issue that we as a council can help with with schools around reminding that the importance of not only having done it is making sure that it's clear you've done it because that's yeah I mean that's happened it's happened for two schools we've picked it up and that's maybe a question to take away all I would say if I'm being really candid is that we do it all the time that's why if you look at the annual government statement DMOs are still on there and they've been on on there for at least 14 years because schools aren't the same school isn't audited every year so it goes in cycles you'll get a new business manager you'll get a new headteacher you'll get a new same when it goes to your tenants management organisations you get things okay right people move on and it changes and you know you'll always get a lot more recommendations that come up with those entities because they are small little businesses in their own right so I wouldn't you're right to challenge you're right to focus and the high mean on these things because they are key and important however it would be remiss of me to say what managing expectations about some of these things because like I said because of church the changes Andrews highlighted that some of the key fundamental elements is looking at those borrowing lists look at where it is and how many other checks and insurance levels that you can get you've got offstead you've got others so there's that you know from what we do we obviously liaise with the department they will obviously have got their own relevant officers that would go out liaison whether it be in housing or in children and the reason I'm referring to housing is because they have similar sort of challenges and issues where you get the same thing time and time again but I can guarantee you that next year you'll probably find a similar recommendation on there five years time if you're still on this audit committee you'll find a similar recommendation on there so I wonder how many DBS checks there are carried out in any year to miss one or two or not to be able to find the evidence one or two is possibly. I hope you keep all of our DBS checks, that's all I'm going to say. Our storage of records the first item that recommended due date has been shifted again, so it was the first recommended due date was end of 2022 and it's been shifted because I looked at last year's are they actually going to make the date? It's one of our teams we really ought to be getting the documents sorted so that's the first one we see the school is and I think if you can answer that one I'll carry on with a couple of others. It's the first recommendation in the appendix A. I can take that one, sorry I didn't introduce myself last time did I? I'm Andrew Hamilton the head of the shared audit service. Yes the recommendation has been outstanding for a long time we have had conversations with the monitoring officer on several occasions. They are progressing so for a long time there was a lack of available money for in the first instance to pay for a resource the money was then made available it was then difficult to get a resource because it's not a it's not an exciting piece of work to do sitting in the basement cataloging old agreements they now they have now found a resource so we are expecting it to be completed. Have I also had conversations with the monitoring officer to really try and understand what the risk is for the council. The recommendation was made some time ago wasn't it and it was accepted at the time that it was a priority one. His view is maybe that it's not as serious as that I think it is still an issue. The fundamental issue would be that documents if there was a fire could be burnt that perhaps had titles to small tracts of land that the council owned. He assures me that they would be able to piece together information from the committee reports going back as as far as they needed to legally demonstrate that this land belonged to the council and he was very sure of himself when he said that I'm not legally trained in that sense to understand the legalities but it does need to be done and he is aware of it and we do expect it to be completed. Or and if not maybe he could come along to the meeting and explain that to you. There's one about the environment community services the building maintenance DSO, the developing a set of KPIs and including time lists and response and something I did wonder is do how do we know how if I don't know why I made a note of this but I did about things being outstanding for more than one year it must have been something about what's going on there for that should have been finished shouldn't it the environment community services audit so is there a question here yes there is is what's going on there it's a little bit more um precisely so you can actually answer it yeah they're supposed to have got KPIs about housing team works being completed yeah so are these there and do we also have kpis about anything that's been outstanding for a particularly long time for example like a year sorry is that about the audit that is was titled building maintenance DSO yeah okay if that's something you need to go away and answer happy to for that to happen that way yeah I don't have the specifics for that one but we'll go away and we'll we'll come back to you Councillor Critchard can I just suggest that possibly we are going to a level of detail and the scrutiny here that is possibly not worth the candle the evidence here would suggest that we've got some very very detailed comprehensive work here and the fact that we're turning up one or two errors and slidings of dates is hardly hardly surprising this business as you have a question yes this is just page 126 section 21 it states that the anti-money laundering and anti-drivery policies are linked to the whistleblowing policy and procedure were last reviewed in October 21 I just wondered how frequently those policies are reviewed and when the next one's due it's I'll chat with Kevin earlier before we normally would look at these every three years is normally where we'd look to try to seek to do it on an optimum basis sometimes it slips but it is on our radar and we're anticipating doing it and you know during 2024 I have a follow-on question if that's okay chair and and this is part of the reason why I've asked about the review actually is because there's a protection of whistleblowing bill that looks like it will be replacing the existing law and there are wider provisions around the definition of what whistleblowing would mean and give the government more powers for enforcement of it so my question is if the legislation changes will that trigger a review even if it falls outside of the review period it would normally yes because obviously the three years is where you look to try and do it in the absence of anything key fundamental there are different approaches whistleblowing and also the anti-money laundering and anti-bribery reviews I'm the council's anti-money laundering officer but then you've got HR who would ultimately be responsible for the whistleblowing approach so it's a collaborative approach more for here what we'll be looking at is on the money laundering angle but clearly you as a committee want to ensure that there is an unfettered access through to individuals like myself like my colleagues so that they can you know actively and are encouraged to highlight areas of poor practice or on areas it is something that's key for us one of the staff survey queries and questions here this was the angle about how it was they felt and the ability to refer queries it didn't get a good enough response in my view and and therefore it you know it was actually quite poor and concerning but that has been addressed as part of the you know this in the senior management team it has been flagged to try to encourage and engage with our officers but if I'm on to it it's more to do when we actually we've been tackling to the detail this is sometimes sometimes we are looking at surveys and approaches it was more poor practice in the result in performance matters rather than it actually being poor practice as in the way that you're behaving and actually doing wrongdoing if that makes sense interesting actually to hear about the results of the staff survey because one of the elements that is being looked at in the new bill is around the culture of an organisation and ensuring that that is that at that level is correct because it will then encourage people to know that it will be upheld so we are asking the right questions we're not getting the right answers in my view well not answers that I'd be happy with rather than the right answer that means it would show you we've got more work to do to actively encourage and engage with with you know officers in general but also members of the public members and if you look at these what we were seeing in the table earlier in the conversations with Kevin in relation in the investigative work it's not just our own team it's how we get whistleblowing from others so things such as to recover your property quite often whilst we might do proactive work you are reliant upon information coming through as well from whistleblowers to ensure that we've got that pipeline that's one more question Councillor Crichfield and then we could move to a conclusion it's the one from cats Paul about the contracts so the question is around page 146 147 implementation of the contract management system how's it going okay it's work in progress a key issue that atomists for the was actually getting the the tender modules first because obviously you know before you can actually do have your contract management module really in operation you need to have the procurement modules being done first that had priority spend analysis work has been it was the second tier and that's carrying going on to try to address to see if there are what's the severity of off-contract spend there has been analysis done by the commissioners to assess where where the contract should be bronze silver gold platinum that's in train and you know but so yet to be finalized because that will then help deliver and set up what we do with the contract monitoring modules the contract monitoring modules are yet to be implemented because the focus has been on those previous other modules have we got an idea about how much has been in a sort of percentage terms how much is of the work is being done and also when it will all be finished so when we'll get all the contracts on there properly to manage well the contracts are on there in relation to putting them on for the tender modules what we're looking at is for the contract management angle it's all about having KPIs being uploaded and everything else so that's I can't sit here and give you a date now as to when that will be we are looking at that's the next phase for what's what's being put in but the aim will be to get it completed by the end of the financial year but whether or not it has everything is subject to like I said there is that contract off-contract spend analysis that's being undertaken it's it's a fluid piece of work that sounds that makes me feel a bit anxious I don't know whether that's the right feeling about it but given that contract management is obviously an area where we can in there ought to be some financing contracts properly would give us a financial edge it would worry me that it's we've identified this is a problem like two years a year and a half two years ago but it still looks like it's going to be another year before in a position to start using this properly I mean is that what I'm saying about it be a year before we can use it properly is that the correct deduction it's not incorrect in the sense that you know this is a IT system that's trying to help for people to do what they should be doing already so this isn't the you know this isn't the panacea this isn't you know the idea of them doing it contract management is with the commissioners and it's for them to be able to they know what their contracts are now they know what their KPIs are now they should be managing a contract in accordance with the KPIs this is a tool to help them deliver that that's why I'm saying you know this is something that they should be doing already so the idea that you can't have contract management without this tool without this tool is not not accurate and I don't want members of this committee to think that this is the answer this is delivering everything else it still requires individuals to do certain things what the what the module will do is not for every contract because you've got all your housing contracts already have all their KPIs being uploaded to their relevant system there are others that are doing it this is just saying for those that don't it's going to have the KPIs put on to and to help them the provider will be uploading on a regular basis onto the system so we could we could see the data quicker and more efficiently thank you Mr Gelotti just following on from that presumably also the contract management system let's comes up with an alert so say for example if a contract's up for renewal you'll get an alert six months in advance so that you can check the KPIs see if performance is great and then compare it to other companies and then we can get a better deal or get maybe three quotes or something next time we can make it more beneficial and efficient for the council overall it will go a part of that I mean you should have the alert to now allow people to know when they should start planning to do the audits because you'll have the key relevant milestone and dates it doesn't you know link in with a database to know what price points are going on outside in order to say are you getting value from money compared to peer groups in other local authorities no you wouldn't get that the only way you'll achieve that is through soft market testing and going out and doing the program but if you start your process early enough because you've got your key date that should be factored into it when you're going out and then to look to see your specification correct and right and proper or should it evolve because you last procured five years ago things move and change but the only way you achieve that is by starting the process 18 to 24 months in advance and that's what this should again highlight and give a red flag coming through but only if it's on there and that's why I said it's we're putting the contracts that we know about on there we're looking at all the spend analysis to see you know whether or not those there are other spend other thematical spend areas that should have contracts that's where the focus has been on first we'll then look at the kept uploading the KPIs that contract management which should already be being done already that's what comes now Are there any further questions then? Are these proposals approved? Good thank you very much indeed in that case I'll draw the meeting to a close. Thank you very much councillors, thank you very much Mr. Searle, thank you officers, have a very good evening.