This meeting of the Audit, Standards and Governance Committee was scheduled to consider the adoption of the Council's Whistleblowing Policy, receive an update on the progress being made by the Internal Audit team, and consider the External Auditor's report on the Council's accounts from 2020/21, 2021/22 and 2022/23.

External Audit

The Committee was scheduled to receive a report about the External Audit. This report was prepared by the Council's outgoing External Auditor Grant Thornton, and it described the outcomes of their audits of the financial statements from 2020/21, 2021/22, and 2022/23. In the report, Grant Thornton explain that:

On 5 September 2024 parliament approved the Accounts and Audit (Amendment) Regulations 2024. These Regulations, which came into force on 30 September 2024 set a publication date for financial statements up to and including 2022/23 of 13 December 2024.

The report pack included draft disclaimer of opinion statements about the financial statements from 2020/21, 2021/22 and 2022/23. Grant Thornton explain in these statements that they:

have not been able to obtain sufficient appropriate audit evidence by the backstop date to conclude that the Authority’s [Bromsgrove Council's] or group’s financial statements for the year ended 31 March 2021 as a whole are free from material misstatement.

and

have therefore issued a disclaimer of opinion on the financial statements. This enables the Authority to comply with the requirement in the Regulations that they publish audited financial statements for the year ended 31 March 2021 by the backstop date.

The meeting pack explained that Grant Thornton would be replaced by Ernst and Young as the Council's new External Auditor, and that the process of inducting Ernst and Young would begin imminently.

Internal Audit Progress Report

The committee was scheduled to receive an update on the progress of the Internal Audit team. The report explained that the Internal Auditors were preparing to audit a range of services and functions, including Accounts Payable, Council Tax, Benefits, NNDR, The General Ledger, the Embedding of Risk Management, Cyber & Data security including Disaster Recovery, Workforce Planning, Insurance, the Council's decision making in relation to its constitution, Business Continuity and Emergency Planning, Fraud Investigations, Statutory Inspections, Corporate Credit Cards including Petty Cash, HR Processes and the follow-up of previous Internal Audit Recommendations. The report explained that, at the time of writing, the Internal Auditors had delivered 120 productive days of their 230 day target for the year.

One of the Internal Audit reports, on Procurement and Contract Management was included in the meeting pack. It contained an audit opinion of 'limited assurance', which the report defines as follows:

Significant gaps, weaknesses or non-compliance were identified. Improvement is required to the system of governance, risk management and control to effectively manage risks to the achievement of objectives in the area audited.

The procurement audit identified two findings:

• A lack of a deadline by which services should become compliant with the Council's procurement rules.
• Inconsistent retention of documentation about how framework decisions had been made.

Financial Compliance

The meeting pack included a report about the Financial Compliance of the Council. The report included a long list of legislative reporting requirements that the Council is required to submit to Central Government. The report indicated which of these had already been delivered, which were in draft form, and which had not yet been started. The report included details about the Council's outstanding VAT returns, and its efforts to return to normal VAT reporting with HMRC, which involved working with PS Tax, the Council's Tax Consultants. The report explained that the Minister of State for Housing, Communities and Local Government Jim McMahon OBE MP had written to the Council, noting:

the significant and unacceptable backlog of unaudited accounts. This situation undermines trust and transparency in the way taxpayers’ money is being spent and auditors cannot focus on up-to-date accounts, where assurance is most valuable.

The report included a draft Letter of Representation to Grant Thornton. This is a document the Council must produce at the end of each financial year so that its External Auditor can sign off the Council's accounts. The report included three copies of the Letter of Representation - one for each of the outstanding financial years.

Financial Savings Monitoring

The meeting pack included a report on Financial Savings Monitoring. The report explained that the Council had made a number of savings options through its two-tranche budget process for 2024/25. These options had been approved as part of the balanced budget for that year. The report also explained that it had been recommended that:

savings delivery is monitored independently of basic budget monitoring at a Corporate level.

The report contained a table that describes each of the Council's savings options, which had been grouped by their RAG status. This showed that, at Quarter 2, the Council was forecasting a £344,000 revenue overspend. This overspend was attributed primarily to:

• Increased spending on vehicle hire by the Environmental Services department
• Additional costs associated with the delivery of the new Planning income increases
• A shortfall in income from parking charges, which was £100,000 below the budgeted amount
• The failure of the Environment Partnership to get started

Risk Management

The Committee was scheduled to receive a report about the Council's Risk Management activity.

The report explained that the Council used the 4Risk system to manage its Corporate and Departmental Risks. It described the changes that had been made to the Council's Corporate Risk Register since the previous Quarter. These changes were as follows:

• The risk of non-compliance with Health and Safety legislation had been downgraded from Red to Amber.
• The risk of poor decisions being made due to a lack of robust data had been upgraded from Amber to Red.
• The risk of non-adherence with the Statutory Inspection Policy had been downgraded from Red to Amber.
• The risk of changes to partner funding arrangements had been downgraded from Amber to Green.
• The risk of the Council failing to adequately manage its contracts had been downgraded from Amber to Green.
• The risk of the Council failing to resolve the approved budget position had been downgraded from Amber to Green.
• The risk of the Council being subjected to a cyberattack had been upgraded from Amber to Red.
• The risk of inadequate workforce planning had been downgraded from Amber to Green.
• The risk of the Council failing to rectify its financial position had been downgraded from Red to Amber.
• The risk of Bromsgrove Council being placed into special measures due to the quality of its planning application decisions had been downgraded from Amber to Green.
• The risk of the Council failing to deliver on its Levelling Up and UK Shared Prosperity Fund projects had been downgraded from Amber to Green.
• The risk of the cost of living crisis had been downgraded from Amber to Green.
• The risk of the Council failing to deliver its new customer facing interface had been downgraded from Amber to Green.
• The risk of the Environment Bill had been downgraded from Amber to Green.
• The risk of disruption from local and general elections had been removed.

The report explained that, at the June 2022 Officer Risk Board Meeting, it had been agreed that:

“Green” Departmental Risks should be taken off this list if they have been to two consecutive meetings and mitigating actions have been fully put into place for them.

The report then described the changes that had been made to the Council's Departmental Risk Register, which contained a list of 40 risks with the following RAG status:

• 1 Red risk
• 25 Amber risks
• 14 Green risks

The report contained a table that described each of these risks and their mitigations. There was one red risk on the list:

• The risk of the Council failing to achieve revenue data compliance.

Whistleblowing Policy

The committee was scheduled to consider the adoption of the Council's Whistleblowing Policy. The policy explained what whistleblowing is, what sorts of things could be considered whistleblowing concerns, who the policy applied to, and how employees, members of the public, and councillors could raise their concerns. The policy states that:

Whistleblowing is the disclosure of information which relates to suspected wrongdoing or dangers at work. The Public Interest Disclosure Act 1998 gives legal protection to Employees against being dismissed or penalised by their employers for publicly disclosing serious concerns falling into certain specified categories. This policy is designed to be used to raise serious concerns which are in the public interest.

The policy explains that, after a concern is raised, the Council:

will write to the whistleblower... acknowledging that the concern has been received; indicating how the matter is likely to be dealt with; supplying the whistleblower with information on Employees support mechanisms in place; and giving an estimate of how long the investigations will take.

The policy also explains that a whistleblower may choose to raise their concern anonymously, but:

concerns expressed anonymously are much less powerful.

Risk Champion Update

The meeting pack included the Terms of Reference for the Council's Risk Champion. This is a Councillor who takes an active role in promoting and supporting the Council's Risk Management process. The document explained that the Risk Champion would be expected to:

to promote the Council’s Risk Management Strategy and acting as a recognised point of contact for risk related questions.

Audit, Standards and Governance Committee Work Programme

The Committee was scheduled to consider its Work Programme for the 2024/25 Municipal Year. This document listed the items that were scheduled to be discussed at the Committee's future meetings.