Transcript

So, good afternoon, councillors, officers and members and members of the public. I don't think they're being live streamed on YouTube, so anyone watching, welcome along. We're going to run through some housekeeping rules, so can I just request that mobile phones are kept silent or turned off? We don't want to be going into the realm of giving to charity, but if we do, I'll bring one to the floor. And then we're not expected to have any fire alarm during this meeting, but if we do, if we can just ensure that we go via the exits and follow our officers to the meeting point outside. And finally, if anyone wishes to speak, just remember to put ourselves on mute afterwards. Thank you, Jenny. Welcome, Scott. And then do we have any, or do the members have any declarations of interest that they wish to declare? No? We can move forward. So the first part of the agenda item is for the minutes of the previous meeting. I'm sure we've all had a chance to read through for the accuracy. Excuse me. Everyone, are we happy to sign those minutes as a fair and accurate view? Agenda, please. Thank you, Councillor Conway. So those can be passed, and I will move to sign those minutes. And moving on to the next part of the agenda, I'm going to invite Claire Edwards, who is our Section 1151 Officer. Apologies. And then if you can go through the audit plan for 2024-2025. Thank you, Chair. I will be handing over to our external auditors to present the plan, but I just wanted to take an opportunity. Thank you, Mark. Over to you. Chair, my name is Mark Stocks. I'm a partner with Grant Thornton. I'm responsible for your external audit. As I understand from Paul, he's been talking you through what we do in audit in local government, because it is different. Obviously, we do a financial statement audit, but as well as that, we do something that's called the Value for Money Conclusion, which basically looks at – that's quite a broad church in terms of what we do there. Yeah. I'll do a bit of a page turn, because I think for many of you it will be a new audit plan or a new experience in terms of auditing in the public sector. I won't do every page. You'll be relieved to hear, but I will take you through the ones I think most relevant. So I'm just taking you to page – let's see if I can actually read it with my eyesight – so to page seven of the plan. So just to flag that one of the changes for this year, which I think is page 23 of your agenda, so there's a new standard coming in for local government, which is IFRS 16. That's quite a complex standard. It's to do with leasing, and it brings into play something called the right of use asset. So we'll be working with your team to get that right in your accounts. Just turning over the page, Paul's probably talked you through it a little bit, but over the last few years, there's been quite a backlog in local government accounts, and so there's something that we refer to as called the backstop. So what the government had to do, it had to bring in new legislation to allow auditors to effectively disclaim opinions that had been opened for too long, just to allow us to catch up, because there's not enough resource either in local government to have actually dealt with the backlog. And so you'll see if you go back to your 23 to 24 accounts, those have been disclaimed. And so the process over the next few years will be trying to rebuild that assurance for you, so sort of looking at your accounts in detail, if you plant an equipment – and sorry, my computer's doing some strange things to me, but we have to rebuild that assurance. So you are looking at disclaimed opinions for a little while longer, but that's not because we're not working on your accounts. It's just going to take us time to get that right for you. Just moving on a little bit, so I'll just take you to page 11 of the report, or 27 of your agenda. So auditors work in risks, so that doesn't mean we don't test the other aspects of your financial statements, but we do focus our work on particular areas, and on that page we just highlight sort of five or six areas where we're going to look in detail, and I will talk to each of those. So just moving down then, so I can talk to those significant risks, page 13 starts, I suppose, the process. You'll hear me talk around management override of control. Now, just to reassure you, this is a standard risk. Wherever you come across an auditor, there's a standard risk called management override of control, and that's the ability of the accounts to be changed. You know, there are a lot of assumptions that go into the accounts in terms of provisions and estimates and accounting policies that can actually change how they look, and so we do a lot of work around that, whether that's through journals or looking at those estimates and accounting policies. We spend quite a lot of time doing that work, but that's a mandated risk for us, so that's something that we're required to do by auditing standards. The other risks we focus on, again, there's a risk called, I suppose, revenue recognition, and it's the ability of that cycle to be inappropriately put together. So now we tend to rebut that risk in local government because your income processes are reasonably simple because it's kind of council tax and business rates, and that's no different here. So it doesn't mean we won't do any work on that. There's just no cause, in my view, to do any particular work in terms of the fraud risk associated with that. And similarly, practice note 10 talks to us around expenditure and the risk of fraud in that. And, again, your general processes for recognising expenditure are decent. They're pretty good. So, again, we've rebutted that risk, but that doesn't mean we don't test expenditure. We do test expenditure. We don't test it particularly to identify fraud. There are two really large estimates in your accounts. So I'm on to page 30 of your agenda. So your land and property, whether it's investments or sort of your general use assets, they're really big estimates. There's a lot of kind of process that goes into estimating those values. And because it's such a big figure in your accounts, we do classify that as a significant risk. So we will spend quite a lot of time auditing that. The other big figure you'll see in your accounts is the pension fund. And that can either be a liability, but usually in local government – sorry, it can be an asset, but usually in local government it's a liability. So now there's two parts of that. There's what's held in the pension fund in terms of assets, so are they brought to account properly. But then there's a rather large estimate under IS19 in terms of what is the – looking at that and making sure that's brought to account effectively. And then just moving down to page 32, you obviously have HRA, so we spend quite a lot of time looking at your HRA valuations. Sorry, I don't know what my computer's doing. It keeps on flipping to another screen, so it's very distracting. Just on to page 33, when we were looking at last year's accounts, there were a few areas where we couldn't quite get satisfied. So one was around Section 106 arrangements, and that – you hold quite a lot of balances under Section 106 in terms of development. So officers have been working on that, so we're going to pay quite a lot of attention to that during this year's audit. Similarly, on cash, we couldn't quite get there with cash last year, so we will spend time looking at that in detail this year. And then at just bottom of page 33, I've already talked to you around IFRS 16. Just moving on to the page, page 34, so we will look again in some detail at agency income and expenditure. Because where you – often local authorities act as agents for other authorities or for the government. So in that – well, the income and expenditure part of that isn't brought to account in your financial statements, whereas the – I suppose the balance sheet items are, because those are actual liabilities and assets. So we couldn't quite get there again under last year's audit, so we will look at that. And then finally, in terms of significant risks, because you're a new authority, then what happened when the county was broken up was that the assets were divided between yourself and West Northamptonshire. Now, West Northamptonshire picked up the responsibility for resolving all the outstanding debtors and creditors for the old authority. Now, they've not quite worked through that, and there was quite a significant balance that wasn't properly – well, I suppose all the income's not been collected and all the expenditure's not been expended yet. Now, if they can't recover all of the income, then that becomes a partial liability fee. Until that's done, then I'm not in a position, and neither is – is Clare as your Section 151. We're not – we don't have the information. We will look at that in detail as best as we can. Now, I told you there was two bits to the audit, so I'm going to take you all the way down now, if I can, to page 44. And this deals with value for money work. And as I said, we cover financial sustainability, we cover governance, and we cover improving economy efficiency and effectiveness. So what page 44 just highlights are the areas that we were – where we had concerns, also significant concerns last year. So we were – the Children's Trust is, I think, doing well in terms of its care for children. But in terms of its management of expenditure, it continues to overspend, and that gives you a difficulty because you have to – you're partially responsible for that. So – and then, as well as that, the funding of schools comes from something called the Dedicated Schools Grant, and at the moment, you're overspending against that. So what happens with that, that sits as basically a negative reserve on your balance sheet, and there's a statutory override that allows you to do that. We're all waiting with interest to see whether the government continues to leave that statutory override in place. But for you, there's a reality that you need to get the school's expenditure back in balance against that Dedicated Schools Grant. So turning over the page in terms of governance, there were lots of positives in terms of governance here. So, you know, it's easy just to see the red, but there were some, you know, some really good things. But where we were concerned was really around housing and so how that was being managed. And so we did raise a risk in terms of that and the processes that needed to be strengthened. So we will do the wider scope work in terms of the value for money work, but those are the key areas that we'll be focusing on, one around financial sustainability, but two around the HRA. I'm going to pause there, Chair. I've probably talked long enough, but that's a brief snapshot in terms of how we're going to – Do we have any questions for Mark? Thank you, Michael. Hi. Thank you for that. Can you just explain to us how – I mean, we've talked about the backstop for quite some time. I've been on this committee for two and a half years now. How did we actually get to being in a position where we need a backstop? I know you mentioned maybe lack of resources, but in my time as a – albeit in the private sector as an auditor and looking at financial companies, to say, oh, we didn't have time to finish the audit wouldn't really have cut the cloth very well. So could you just explain how you get into a position of needing a backstop and are there other authorities in that position just as a background for the committee? Okay. Okay. So the last part of that question first, pretty much half of local government are in that position. So I think there must have been about 400 or 500 sets of accounts backstopped under the process. So in terms of how you got there, so rather than how everybody got there, because it is a different story for different authorities, then effectively when you were set up as two new unitaries, then you were – part of the requirement is for you to complete the old accounts of the district councils. So – and that took quite a while to be – to be candid, councillor. So – and in clearing that, it left limited resources for you then to focus on your 23-24 accounts and to get those prepared for us for audits. And by the time they were prepared, you were so close to the backstop date, there wasn't – any other questions? Councillor? Thank you, Professor. Hi. Just a quick one, really. On the asset liability with the split, when that happened, liabilities and stuff, what is a timescale on all of that in terms of what is allowed under the scheme? Or any agreement that was – Thank you, Chair. So, when we actually undertook the disaggregation of the balance sheet, at that point in time, we obviously made decisions on what we knew. But what we did do in the report that did go to committee was actually agree that the Section 151 would then, if there was any material changes that might have come out of further work that may have been undertaken through the audits, would have the ability to be able to – If I could just briefly ask about – you mentioned the Section 106 monies and that it was an area that you would be focusing on this year. Is there any particular reason for that? I do understand that there is a time limit with these Section 106 agreements. So, is it possible that some of the money that's being listed on there actually should now be going back to the developer and shouldn't be listed as an asset of the Council's accounts? Thank you, Councillor. So, in reality, I don't know. So, the reason that we're looking at it was because there was an analysis at a high level, so we could understand sort of like what the value, the overall value was. But when we approach the audit, we need a detailed breakdown sort of by each sort of development and the – you know, because the Council had inherited quite a lot of information from the county that wasn't put in that way. It's quite a detailed – The tolerance that this committee needs to have is from our external audit on that basis. And whilst we did a lot of work on it, we weren't able to be able to provide all the information that the external one. Any other questions from councillors? Yes, Michael. Hi, again. Sorry, I had a couple of questions. One was on page 47 of our PACs, which is page 31 of your reports. It's just a background, really, is that we've got field testing July to November. And a couple of pages down, it says three people, and it'll take five months. I'm assuming it's not just three people. Maybe that's the audit senior and the audit manager and then however many. Is five months standard for authority audits? It just does seem quite a long time. Is that the sort of the standard that you would do, or is this a particularly complicated situation? That's more the relapsed time than the on-site time. So what will we find on – because you are a big, complex audit, so it's not a – I'll start off with that, really. And so it does take – it does take time. So we tend to find for a large audit by – like yourself, it would take at least four to five months, so to get done. But in terms of when we'll be on site, so we usually come out and we sort of reconcile the ledger. So you sound like an accountant and an auditor. So we basically make sure the trial balance agrees to the ledger, so make sure it agrees to the accounts, start to pick our samples, and then come back off-site to get the evidence ready. And then we come back on site and work through. So it's quite a logistically complex exercise to do something of this. Thank you, Paul. Any more? Sorry, and the second point was on page 44 when we talk about the Children's Trust. And you noted that it says – we note that the NCT continues to spend above its budget. We'll review the arrangements in place to support and challenge NCD to contain expenditure. I'm just thinking what we – what arrangements are in place and what we can do as a committee, because this has been something that's been rolling for quite some time, where we know there is an issue, and we know that it's in the audit plan. I think in the internal audit plan, there's also – it's down as a high there. What can we do as a committee to sort of keep our foot on the pressure on the NCT to actually come up with something? I think that it's been a high-priority action since 2022, and we've not received their latest reports, the 24, 25 reports. So it's just what we can do is what I'm trying to get my head around. It's a difficult question. I'll hand it over to Clare, who's probably got a better answer than me. But there's a reality for you as an audit committee, and as a council, that the children – No? Thank you both. So it's recommended that the Audit and Governance Committee notes that the external motion is carried. Great. So now we move on to the next piece of the agenda, and it's for the Internal Audit Annual Report 2024-2025. And then it also sets out the basis for that assurance opinion as well. So I'm conscious that this is an opinion that the committee is receiving with new membership as well. So the opinion that I've given is of a moderate assurance level. So there is a definition of our assurance levels in Section 4.1 of this report, but it's obviously reduced the assurance opinion we've been able to give at the time of the audit. So the rest of the report does set out the basis for that opinion, as I say. So we've broken it down into financials on the other systems. So I've just had, again, just to caveat my assurance around that. Again, as soon as those are finalised, they will come to this committee, so you will have that full site. I'm just not able to include it. Specifically included is around IT systems, which are hosted by West Northamptonshire. Again, I don't have the rights of access to perform audits on their network and their security, etc. So we're meant to seek that assurance as part of those partnership arrangements as they can. So the rest of the report then talks you through the basis for the opinion based on the work that we have done. And have we built controls into the system that we'd expect to see are they fit for purpose? So that's that first part of the assurance opinion. The second is in relation to compliance, so opinion, as to whether it's the design of the control or is it the compliance element. And then the last part of the opinion, again, is very much for the benefit of this committee, really, is to apply some organisation analysed in last summer, so it came to the committee in August. And that was subject to some improved controls around the environment, so there were some good controls put into place, but we still found a number to address it. So they will then set a date and an owner for that action, and we will then follow up the implementation of that action. And we report that to each of these meetings. An overview of the implementation of agreed management actions. So again, just to walk you through this briefly, the first line are those actions which were agreed and implemented. So we've had 24 actions completed during that year. 37 of those were what we class as high priority. We have then 77 which are overdue. So 17 of those were due within the last three months. So also within the report is a reflection on the performance of the internal audit service ourselves. So how have we performed against our own standards and our own service level expectations? Gives you a good level of assurance over our performance and delivery. Also in Table 5 is just some feedback scores from when we've completed audits, the ratings that we've been given, which I'm really pleased to report are all of good or outstanding. And just some reflection on ad hoc additional work that we've delivered during the year as well. So lastly... Hi, thank you, Rachel. Can I just clarify? On page 72 of our report, when it says in the report background, it says 76% of agreed actions due have been completed. Okay. Does that mean that the 24% is sort of added into your workload this year? So is that not going to stretch your resources if you're having to sort of do 25% of last year's and the agreed amount this year? Or am I not reading that correctly? I hope that helps. Thank you. And sorry, just one follow-up. Again, I may be not reading this correctly, but on the summary of audit opinions, where we say 50% are moderate, and your terminology is that moderate means there are gaps in the internal control framework, which pose a medium risk to delivery of objectives and controls are not consistently operating. From an optic perspective, looking on the outside in, are we saying 50% of our controls are basically not or only there are risks to 50% of our controls and the other 50% are good or better or whatever? It just seems like a high number. So this is greater than 30 days. What is the lateness of the 10 greatest within that? Because it could be, are we happy to keep it at three months less than and greater than, or would we like to delve a little bit more into the greater than three months? So it is then recommended that the committee notes that the annual audit... Thank you, Councillor. Thank you, Councillor. So we move to vote and ask all those in favour. Show of hands. Thank you all. Move on to the next agenda item. So this one is for the Internal Audit Progress Report. And again, Rachel, if you can. Thank you. Thank you. Constant updates on the activity of internal audit, so I do report to every meeting. So this report provides you with the outcomes of any audit reports that have been finalised since the last committee meeting. So the committee obviously didn't approve the new internal audit plan for 25-26, so I have included a full copy of that that was approved by the last member of the committee, and so that you have opinions start to appear as well in the later columns. So we summarised the key findings only that reports have been finalised. So the ones that have been finalised, as I say, were a data security standard, which we refer to as PCI DSS. So this is around ensuring security of data that we're handling for cardholders when we're taking payments. We had procedures. There was a good audit trail around the transactions and the activity, and we didn't highlight any significant concerns around how that was operating in practice. And the last audit was in relation to IT asset management. So this was looking both at the council's hardware, so our laptops and computers and servers, but also around software licensing as well, so a bit of a two-part audit. We identified some issues around the record, so what's referred to as the MAL, the asset list, the located assets that were no longer at the authority, and also duplication errors, etc. So these were flagged to officers. At the time of the audit, the council was about to roll out the OCADU project, which is essentially rolling out new assets to all officers, and so made some recommendations around improving the record-keeping on software licensing and expanding that spreadsheet record that's currently in place. Again, that is... Thank you, Rachel. It was just an observation, really. The home-to-school transport, which is, I think, Q4, that was raised at my first ever meeting, so that was like two and a half years ago, and there was a concern, and I'm a governor at a local school, and they've also sort of expressed concern that the drivers didn't have DBS checks, and these are quite vulnerable children being taken to schools, often on a one-on-one basis, so the schools were looking for some reassurance that all the people who are transporting their students have DBS checks and all the relevant checks, because it's obviously a big safeguarding issue. So I'm sure you'll cover that, but it was just a highlight to the committee that that was raised previously, and it was a concern to the committee, and it also is a concern to the local schools. Thank you. Thank you, Councillor. So now we move to a vote and ask all those in favour. Show of hands. Thank you. ...be the best possible service that we can be and give you the best service as a committee. So this is my vision of how I want us to be seen by all of the councils that we are working with, primarily in North North... Yes, Michael. Sorry for so many questions, but we used to put in a risk matrix, which was colour-coded. Have I missed it in here, or is that not relevant for this particular meeting? Because we found that really useful before, you know, when it had the red-green, the high-impact, high probability. Will that be something that you put in your future reports? Yes, I mentioned, to map that out so we can focus on those higher scored risks. So I haven't included it in this document, but it is in the risk management strategy that was approved by the committee. Thank you, Councillor. A seconder? Thank you. So we move to a vote, and all those in favour, a show of hands, please. Thank you. Thank you.