Agenda and draft minutes

To confirm as a correct record the Minutes of the previous meeting.

The minutes from the meeting held on 6 December 2023 were APPROVED.

To receive any apologies for absence and notification of substitutes in accordance with the Constitution.

An apology for absence was received from Councillor Bray, Councillor Harrison attended as her substitute. An apology for absence was received from Councillor Buttironi. Councillor Chester was not present.

To receive any declarations of interest.

There were no declarations of interest.

To note the Quarter 3 2023/24 update on risk management provided in the report and make any observations to the Executive.

The Executive Member for Corporate Policy and Resources highlighted developments relevant to the Council’s strategic risks and explained that, as these have taken place since the end of quarter 3, they were not included in the reports presented to this meeting of  the Committee.

They included:

Strategic Risk 1 – Financial Sustainability - approval of a balanced budget for 2024/25 by Full Council, only drawing on earmarked reserves to address specific funding risks.

Strategic Risk 6 - Local Government Reorganisation. Surrey’s County Deal had been confirmed by the Government as part of the Spring Budget. The Deal did not require any structural changes to local government in Surrey but provided Surrey County Council with some additional areas of responsibility, including new economic development functions. This Council would continue to work with Surrey to make the Deal a success.

The Executive Member commented that it was good to note that the Council was seeing positive movement on a number of strategic risks in Quarter 3, and in relation to the previously red rated operational risk.

He explained that the second risk management report on the agenda introduced the strategic risks for 2024/25. In proposing updated risks for the year ahead, the Council has been able to reflect positive movement and it was anticipated that the Council would be recommended to approve the closure of some risks next quarter.

The Head of Corporate Policy, Projects and Performance introduced the Quarter 3 report, explaining that this provided an update on risk management in the period from September to December 2023.

No new strategic risks had been identified and no strategic risks were recommended for closure in the quarter. Updates on controls and mitigations for each risk were recorded in Annex 1 of the report.

As well as receiving an update on strategic risks, Members were also provided with updates on RED rated operational risks. At the end of Q3 there were none.

However, Members were provided with information about the operational risk that was reported RED in the previous quarter to help explain the reasons for the change in risk rating. Additional detail on this risk was provided in the part 2 exempt annex.

Following this Audit Committee meeting, the report would be considered by the Executive on 21 March.

Any observations made by the Audit Committee on the report’s contents would be communicated to the meeting of the Executive on 21 March.

A number of advance questions on this item had been raised and the responses were circulated to Members prior to the meeting.

In response to a Member’s questions on SR4, it was explained that in terms of capacity and capability risks there were a number of actions that were being considered, including workforce planning to run alongside the annual service planning process. This would also allow the Council to plan for resourcing key priorities in tandem with preparations for the next Corporate Plan.

In early April, the staff survey would also be launched, to gauge how staff felt with  ...  view the full minutes text for item 41.

To receive the 2024/25 strategic risks and assurance framework.

The Head of Corporate Policy, Projects and Performance introduced the report which sets out the proposed strategic risks for 2024/25 and the 2024/25 Assurance Framework.

Confirming strategic risks for the year ahead was carried out in quarter 3, to enable the strategic risks to be approved by the Executive before the start of the reporting year (commencing 1 April 2024).

Several changes were proposed to the strategic risks for 2024/25, the detail of which was explained in the report.

As the Executive Member for Corporate Policy and Resources had explained in his earlier introduction, they reflect the anticipated closure of some risks during Quarter 4.

More generally, risk wording had also been reviewed to ensure it remained accurate and reflective of current circumstances.

The Committee was asked to note the strategic risks and make any observations for consideration by the Executive.

The Committee was also advised that the Assurance Framework was a new document introduced to support the updated Risk Management Strategy. It was primarily a management document and was therefore being presented for information.

The Framework captured the wide range of risks that the Council faced on a day-to-day basis. It recorded controls and mitigations that the Council had in place relating to each risk and provided an assessment of whether these were sufficient and within risk appetite.

Where risks recorded in the Framework were outside of the Council’s risk appetite, and receiving active management attention, they were escalated for inclusion in the relevant risk register.

In terms of SR5 (cost pressures affecting the viability of Council developments) the risk was expected to be proposed for closure in Q4 2023/24. This was because it was now being managed via business-as-usual processes, including, project management and the commercial governance framework.

In response to a Member’s question it was explained that, if Members did not support the risk being closed when closure was proposed in Q4, it would carry forward into 2024/25. The rationale for anticipating closure of SR5 was that the number of developments had reduced.

A Member asked why risks were being confirmed for the year ahead at this stage, before quarter 4 had been reported. It was explained that risks had to be approved before the start of the financial (reporting) year, but when it comes to reporting to the Committee, this takes place in arrears – this explains the ‘overlap’. Ensuring that a live risk register was in place from the start of each year is, for example, critical to support SIAP’s audit reviews.

The substitute Member explained that he was unhappy with the suggestion that SR5 might be closed without the detailed reasons being explained. Until the issues underlying the risks were concluded SR5 risk should be retained. It was explained that the rationale for closure would be presented to the Committee in Quarter 4.

It was agreed that the Audit Committee could make the observation to the Executive that SR5 should remain on the risk register in 2024/24 until Executive had considered the reasons for  ...  view the full minutes text for item 42.

i)               That the Audit Committee note the Q3 2023/24 internal audit progress report available at Annex 1; and

ii)              That the Audit Committee make any comments and/or observations on the report to the Council’s Chief Finance Officer.

Natalie Jerams, Chief Internal Auditor of Southern Internal Audit Partnership (SIAP) explained that this report provided an update on the delivery of the 2023/24 internal audit plan at the end of quarter 3.

There were no new reports with a limited or no assurance outcome. Pages 88-89 of the report provided a line-by-line breakdown of the rolling work programme for 2023/24. Adjustments to the plan were outlined on page 91 of the report. Members were reminded that SIAP followed all management actions through to completion and revised due dates were outlined on page 94 (Annex 2) of the report. There was an additional annex with an update on the procurement management actions.

In response to a Member question, it was explained that the audit programme in quarter 3 was slightly behind schedule. Some audits were at fieldwork stage, and some had only just started, however some were close to completion. SIAP was confident that they had the resource to complete the required audits. Two reviews which were not completed last year and rolled over to this year – SIAP was confident that it would be able to deliver the annual report and opinion. It was noted that there would always be an element of carry over in agreement with officers.

In terms of target dates for management actions, SIAP’s perspective was that the risk remained until the action had been completed. If there was a shift in direction, then they would be looking to see a new action.

The Chief Finance Officer provided an overview of the procurement transformation programme, explaining that the audits of procurement and contract management had been carried out a couple of years ago and the programme set out at Annex 3 would address the outstanding management actions arising from them. Implementation dates had been revised and were now driven by the programme timeline. 

Overall, it represented a wide-ranging programme of works with realistic implementation dates, given the Council’s capacity and priorities. Regular updates would continue to be brought to this Committee. 

Page 93 of the report focussed on the audit of use of volunteers. It was explained that a policy for the use of volunteers was in place. In terms of receiving all DBS checks back by 31 March 2024, it was noted that they had all been applied for, however, the challenge was getting the completed DBS checks returned from the Disclosure and Barring Service.

RESOLVED that:

(i)             The Audit Committee note the Q3 2023/24 internal audit progress report available at Annex 1; and

(ii)            The Audit Committee make any comments and/or observations on the report to the Council’s Chief Finance Officer.

(i)             That the Audit Committee approves the internal audit plan for 2024/25 as set out in annex 1; and

(ii)            That the Audit Committee approves the internal audit Charter for 2024/25 as set out in annex 2.

Natalie Jerams, Chief Internal Auditor of Southern Internal Audit Partnership (SIAP) introduced the item explaining that the Audit Committee was responsible for agreeing the Council’s internal Audit Plan and Charter.

The Audit Plan and Charter (attached as annex 1 and 2 respectively) provided independent and objective assurance that the Council’s systems and processes were appropriate, operating effectively and provided sufficient control for the purposes of risk management, internal control and governance.

The Chief Internal Auditor explained that, in order to increase the responsiveness of audit reviews within the year, the Audit Plan was now presented on a quarterly basis.

It was explained that the previous approach had been to prepare an annual Plan and subsequently seek agreement of changes to that Plan in-year.

The Committee was therefore asked to approve the Plan for Quarter 1 2024/25 and would be asked to similarly approve the plans for Quarters 2 to 4 at future meetings.

In light of the volume of in-year changes over recent years and having considered the approach that was now adopted for many of SIAP’s clients who were in a similarly dynamic environment, the approach in 2024/25 would move to a quarterly planning cycle so that the Plan reflects each quarter’s emerging risks and priorities.

The substitute Member expressed his deep concern regarding this approach and argued that there should be an annual plan and an annual dialogue. The Portfolio Holder for Finance, Governance and Organisation commented that he agreed with these comments.

The Chief Internal Auditor of Southern Internal Audit Partnership explained that a number of clients had successfully adopted this approach. The quarter 1 Plan could be accompanied with a schedule of the ‘universe’ of audits that were likely be considered, if that would provide assurance that there was still oversight across the entire year.

It was further explained that the move to quarterly audit planning had been discussed in detail and agreed with the Corporate Governance Group because responsibility for agreeing the Plan content rests with officers. The Chief Finance Officer explained that the role of Audit Committee under the Constitution was to ‘approve (but not direct)’ the Audit Plan.

The substitute Member observed that there was also limited detail in the report regarding the scope of the Quarter 1 audit reviews. For example, in his view, the audit of insurance should not just be looking at claims but should consider the range of insurance cover and limits, The Chief Internal Auditor confirmed that the scope of the audit was yet to be confirmed with the Chief Finance Officer.

The substitute Member argued that it was contrary to the Constitution to omit the details for quarters 2 to 4. It was explained that three further reports would be submitted to Audit Committee to present each quarter’s plan in future (instead of presenting a single report as previously).

The Committee was advised that SIAP would not be able to commence work in quarter 1 without approval of the Audit Plan at this meeting. Members  ...  view the full minutes text for item 44.

(i)             That the Annual Report of the Audit Committee be noted and, subject to any changes agreed at this meeting, recommended to Council; and

(ii)            That the Audit Committee’s Forward Plan for 2023/24 be approved.

The Committee was apprised that the Annual Report 2023/24 set out the work of the Audit Committee in 2023/24. Once approved, the Chair of the Committee would present the report at Full Council on 28 March 2024.

Members considered the Committee’s forward work programme for 2024/25. It was noted that the Committee’s forward work programme was a live document and would be subject to change as required.

RESOLVED that:

(i)             The Annual Report of the Audit Committee be noted and recommended to Council; and

(ii)            The Audit Committee’s Forward Plan for 2024/25 be approved.

To note the progress on actions contained within the Audit Committee’s action tracker.

The action tracker gave an overview of the status of the actions that were requested at the previous meeting. The action tracker was NOTED.

To consider any item(s) which, in the opinion of the Chair, should be considered as a matter of urgency – Local Government Act 1972, Section 100b (4)(b).

Note: Urgent business must be submitted in writing but may be supplemented by an oral report.

There was no urgent business. Everyone was thanked for their contribution across the year.

RECOMMENDED that members of the Press and public be excluded from the meeting for part of items 4 and 6 of business under Section 100A(4) of the Local Government Act 1972 on the grounds that:

3. Information relating to the financial or business affairs of any particular person (including the authority holding that information).

7. Information relating to any action taken or to be taken in connection with the prevention, investigation or prosecution of crime.

RESOLVED that members of the press and public be excluded from the meeting for part of agenda items 4 (Risk Management - Quarter 3 2023/24) and 6 (Internal audit - Quarter 3 2023/24 progress report) under Section 100A(4) of the Local Government Act 1972 on the grounds that: It involves the likely disclosure of exempt information as defined in paragraphs 3 and 7 of Part 1 of Schedule 12A of the Act.

3. Information relating to the financial or business affairs of any particular person (including the authority holding that information).

7. Information relating to any action taken or to be taken in connection with the prevention, investigation or prosecution of crime.