MAIDSTONE BOROUGH COUNCIL
AUDIT, GOVERNANCE AND STANDARDS COMMITTEE
MINUTES OF THE REMOTE MEETING HELD ON 16 NOVEMBER 2020
Councillor Harvey (Chairman) and
Councillors Adkinson, Brindle, Coulling (Parish Representative), Cox, Cuming, Daley, Fissenden, Garten, Perry, Round and Titchener (Parish Representative)
Mr Paul Dossett and Ms Tina James of Grant Thornton (External Auditor)
It was noted that Councillor Perry would be late in arriving at the meeting.
It was noted that Councillor Garten would be substituting for Councillor Perry until his arrival.
There were no urgent items.
There were no Visiting Members.
With regard to agenda item 15 (External Audit Update November 2020), Councillor Cuming said that his son worked for PricewaterhouseCoopers who Grant Thornton, the External Auditor, had consulted as auditorís expert on actuary figures.† However, his son did not work in the department involved.
There were no disclosures of lobbying.
RESOLVED:† That the items on the agenda be taken in public as proposed.
RESOLVED:† That the Minutes of the meeting held on 14 September 2020 be approved as a correct record and signed.
There were no questions from members of the public.
There were no questions from Members to the Chairman.
The Committee considered its work programme for the period 18 January 2021 to 31 March 2021.† In response to questions:
The Head of Audit Partnership said that:
∑ He could assure Members that the Internal Audit team was working through the updated Internal Audit and Assurance Plan 2020/21 agreed by the Committee in September 2020.† He did not anticipate that the team would undertake a specific piece of work on contract management, but it would form part of other reviews and information would be gathered as the Plan was completed.† Similarly revised working practices due to COVID-19 would form part of each review undertaken.† A report would be submitted to the meeting of the Committee in January 2021 summarising the progress made in delivering the Internal Audit and Assurance Plan 2020/21 and the findings of the audit work undertaken.
∑ The waste management contract was one that might be affected by current issues such as Brexit and COVID-19.† The Internal Audit team was undertaking a piece of work looking specifically at waste contract management.
The Director of Finance and Business Improvement said that:
∑ The risks relating to Brexit were included in the Budget Strategy Risk Register reported to the Audit, Governance and Standards Committee and the Corporate Risk Register which was reported to the Policy and Resources Committee.† There were, therefore, mechanisms in place for monitoring, for example, the risk that the UK could leave the EU without a trade agreement in December 2020.† In the circumstances, he was not convinced that a separate report was needed on this subject, but he would discuss with the Member who had raised the issue how his concerns might be addressed.
RESOLVED:† That the Committee work programme be noted.
At the conclusion of this item, it was noted that Councillors Daley and Fissenden had joined the meeting.† Both Members indicated that they had no disclosures of interest or lobbying.
The Head of Policy, Communications and Governance presented her report which provided an update on the progress made against the Action Plan for 2020/21 contained in the Annual Governance Statement for 2019/20 which was approved by the Committee in July 2020.† It was noted that:
∑ The annual review of the Councilís governance arrangements had identified nine areas where additional action was required to ensure that good standards of governance are maintained.† These included managing the financial risk arising from the impact of COVID-19, short-term Brexit impacts and the capacity to deliver the investment and regeneration programme.†
∑ Progress had been made across all areas.† For example:
The financial impact of COVID-19 was being monitored in parallel with regular monthly financial reporting and monthly reports were submitted to the Ministry of Housing, Communities and Local Government (MHCLG) setting out the impact of COVID-19 on the Councilís financial position.† The impact of COVID-19 was specifically addressed in the quarterly financial performance monitoring reports to Members.
Officers with emergency planning responsibilities were now meeting regularly to plan for any short-term impacts arising from a disorderly Brexit.† The Council was part of the Kent Resilience Forum and participated in its regular tactical and strategic co-ordination groups to plan for the transition.† Individual service area contingency plans had been reviewed and updated considering potential threats arising from the transition.
The capacity to deliver the investment and regeneration programme was a priority for the Director of Regeneration and Place.† The Regeneration and Economic Development team was leading on this work with additional staffing resources, specialist training and support from external consultants when needed.
In response to questions:
The Director of Finance and Business Improvement advised the Committee that:
∑ In terms of managing the financial impact of COVID-19, the Council did not publish its monthly report to the MHCLG, but details of the key issues were included in the quarterly financial performance monitoring reports to the Policy and Resources Committee.† The Local Government Association also provided summaries of local authority monthly reports to the MHCLG where copies were submitted to them and this gave a flavour of how local authorities across the country were addressing the short and longer-term impacts of COVID-19.
∑ The Council had a Contract Management Toolkit and contract managers were encouraged to have regard to the quality of contract delivery as well as financial performance as part of their monitoring.† The suggestion that the Toolkit should include guidance to the effect that every contract for products and services should include criteria by which the quality of the product or service will be judged together with a degree of financial recompense if the supplier falls short was noted.
The Head of Policy, Communications and Governance advised the Committee that:
∑ As part of the work to ensure compliance with the requirements of the Data Protection legislation, a review was undertaken of the Councilís CCTV (body worn cameras and CCTV equipment which the Council maintained, managed or was responsible for).† The review was completed in February 2020 and a number of actions were identified.† Some actions were implemented at that time, but the redeployment of resources during the pandemic had impacted on the delivery of the remaining actions and these were now being addressed.
∑ When making the Councilís CCTV footage available to a third party, a full data protection impact assessment would be undertaken, appropriate risk mitigations identified, and legal contracts put in place.† That is what happened with the new CCTV contracts bringing in external support as the Council did not have the resources in-house.
RESOLVED:† That the update on the progress made against the Annual Governance Statement Action Plan for 2020/21 be noted.
The Policy and Information Manager introduced her report providing an update on the progress made against the Action Plan originally put in place in 2017 in preparation for the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.† The report also included an update on the Councilís preparations for data protection after the EU exit transition period; examples of the Information Commissionerís Office (ICO) applying its powers; details of the ICOís Accountability Framework; and a new Action Plan which had been developed incorporating areas outstanding from the old Action Plan and areas identified from an accountability self-assessment.† It was noted that:
∑ The Council had received guidance from the Ministry of Housing, Communities and Local Government on preparing for data protection after the EU exit transition period ends.† Most of the work had been completed and no major risks had been identified.† There were a few areas where further work was required to ensure that systems are solely based in the UK, but these were not high risk and would be resolved by the end of the year.
∑ Accountability was one of the key principles in data protection.† It required organisations to comply and be able to demonstrate compliance with the legislation.† The ICO had produced a framework including an ďaccountability trackerĒ to enable organisations to review their own arrangements and create plans to improve. †The framework had ten themes with a range of actions which an organisation complying with accountability and demonstrating best practice would evidence.† When completing the self-assessment, the organisation would rank itself as fully meeting, partially meeting, or not meeting expectations.
∑ A self-assessment of Maidstoneís arrangements and compliance had been undertaken.† To summarise, most of the actions were in place or partially in place.† Those that were partially in place might need updating, formalising, or expanding to meet the ICOís expectations.† The lowest scoring area focussed on privacy notices and information and how the Council informed people it was using their data.† The Council was fully or partially meeting most of the requirements and the rest were being addressed.† Overall, only 9% of the actions did not meet expectations.† None of these were high risk areas and could be mitigated.† The only area which had limited mitigation was the ability of the organisation to deal with any increase in requests or reduction in staffing levels.† Over the next year, more members of the Policy and Information and Executive Support teams would receive training on some aspects of data protection to provide resilience, but resources were limited.
∑ A new Action Plan had been developed incorporating areas outstanding from the old Action Plan and areas identified from the accountability self-assessment as not or partially meeting expectations.† It also included the remaining work to ensure compliance should the UK not receive adequacy status when the EU exit transition period ends.† Delivery of the Action Plan would be overseen by the Information Management Board.
In response to questions, the Policy and Information Manager advised the Committee that:
∑ There were several pages on the Councilís website relating to data protection such as the Councilís Data Protection Policy and Privacy Notices.† This was necessary to comply with the legislation, but the website would be updated to include additional information such as risk assessments completed before new systems were implemented or changes in processes.
∑ The Council was compliant with the legislation but there were things it could do to improve.† The ICO was fining organisations that did not recognise their accountability or take data protection issues seriously.† By having an Action Plan in place, regular reporting to the Committee and Member involvement in the Information Management Board, the Council could demonstrate that it was taking the issues seriously.† The Action Plan would be checked to ensure that it was up to date and forward looking.
∑ The Record of Processing Activity (ROPA) was a requirement of the ICO.† The organisation was required to document very clearly what information it collects, the legal basis for collecting that information, how it ensures that the information is securely kept and who has access to it such as a third party.† Two reviews had been undertaken since the ROPA was introduced and following the self-assessment it would be reviewed again to make sure that it is fully refined.
∑ Although a lot of work was done in relation to procurement initially, there was not a lot of guidance from the ICO so some work was required to ensure that data protection is clearly embedded in the procurement process.
∑ In terms of back office systems, some work was required to ensure that logs of system access are as well documented and controlled as within ICT for consistency across the Council.
∑ Work had commenced on some of the actions but there were some concerns about delivering the Action Plan within the timeframes.† The team was multi-functional and might be called upon to provide support in other areas such as the Community Hub.† The timeframes were ambitious, and it might be necessary to review some of the dates if other priorities were identified.
∑ For clarity, a review of the Councilís website would be undertaken with the Digital and Transformation team as it was recognised that people used the terms Data Protection Act and General Data Protection Regulation interchangeably.
RESOLVED:† That the report be noted.
Councillor Perry joined the meeting during consideration of this item (7.19 p.m.).† Councillor Perry said that he had no disclosures of interest or lobbying.† Councillor Garten who had been substituting for Councillor Perry until his arrival then left the meeting.
The Finance Manager presented his report setting out the activities of the Treasury Management function for the first six months of the 2020/21 financial year in accordance with CIPFAís Code of Practice on Treasury Management in Local Authorities.† The Finance Manager advised the Committee that:
∑ The Treasury Management Strategy for 2020/21 was approved by the Council in February 2020 and the key aim was to keep investments short term and to use cash balances to fund the Capital Programme in the short term due to low investment returns and high counterparty risk in the current economic climate.† All investments so far this year had been kept within money market funds and notice accounts which could be called upon immediately or with a short notice period.
∑ As at 30 September 2020, the Council held £10.43m of investments (£11.025m at the start of the year) and the investment portfolio yield for the first six months of the year was 0.33%.
∑ As at 30 September 2020, the Council also had short-term external borrowing of £9m from other local authorities.† This was likely to increase throughout the year due to the escalation of the Capital Programme.
∑ The Councilís borrowing had been kept under review during the first half of the year to see whether it would be prudent to lock in long-term borrowing to spread the risk of refinancing and to lock in a long-term low rate.† It had been decided to wait for the results of the Governmentís consultation on revised PWLB lending terms before committing to anything long term.† In the meantime, given current interest rate forecasts, the risk of losing the opportunity to borrow at low rates by waiting appeared to be low.
∑ During the first six months of the financial year 2020/21, the Council had operated within the prudential and treasury indicators set out in the Treasury Management Strategy Statement and in compliance with its Treasury Management Practices.
In response to questions, the Finance Manager advised the Committee that:
∑ Short-term borrowing was anything less than one year and was used to help fund the Capital Programme, but consideration was being given to locking in some longer-term rates to coincide with the length of projects within the Capital Programme to spread the risk of refinancing.
∑ Investments fluctuated throughout the month as a result of the Councilís role as billing authority in the collection of Business Rates and Council Tax, fluctuations in cash balances from these sources, payments being due to preceptors, funding of the Capital Programme and other expenditure.† It was the Councilís strategy to use cash balances where possible.
∑ The Council had borrowed from North Yorkshire County Council to coincide with the acquisition of the Lockmeadow Leisure Complex.† The rate was locked in at 0.97% which was favourable at the time.† The maturity date was 20 November 2020, but the loan had been rolled over for a further six months at 0.12%.† The Council would be looking at locking in longer-term borrowing very soon.
1. ††† That the position regarding the Treasury Management Strategy as at 30 September 2020 be noted.
2.†††† That no amendments to the current procedures are necessary as a result of the review of activities during the first six months of 2020/21.
The Committee considered the report of the Head of Finance providing (a) an update from Grant Thornton, the External Auditor, on the progress towards the completion of the audit of the 2019/20 financial statements and value for money conclusion and (b) a sector update from the External Auditor on some of the emerging national issues and developments that might impact on the Council.
It was noted that the external audit work was now substantially complete, and the anticipated outcome was an unqualified audit report opinion including an Emphasis of Matter paragraph highlighting Property Plant and Equipment (PPE) valuation material uncertainties for both the Council property and its share of assets included in the IAS 19 Pension Fund actuarial position arising from potential impacts of the COVID-19 pandemic on these figures.
Ms Tina James of Grant Thornton advised the Committee that the External Auditor had completed work on the PPE valuations by the time the report was produced and there was nothing further to report on that.† In terms of the items that were outstanding at the time the report was produced, the assurance letter from the Kent Pension Fund auditor had now been received and provided sufficient assurance, so no further work was required on that.
In response to questions, Ms James explained that:
∑ The External Auditor would be producing an updated Audit Findings Report and an Annual Audit Letter summarising the financial position and overall conclusion and confirming that sufficient assurance had been obtained in relation to, for example, the valuation of the Pension Fund net liability to reach that conclusion.
∑ In terms of the net pension liability, key assumptions such as life expectancy were assessed by the actuary and then reviewed by the External Auditor using PricewaterhouseCoopers as an auditorís expert.
∑ Typographical errors in the External Auditorís Audit Findings Report identified during the discussion would be corrected in the final version of the document.
1.†††† That the updated Audit Findings Report from the External Auditor, attached as Appendix 1 to the report of the Head of Finance, be noted.
2.†††† That the Audit Progress Report and Sector Update from the External Auditor, attached as Appendix 2 to the report of the Head of Finance, be noted.
The Director of Finance and Business Improvement introduced his report providing an update on the budget risks facing the Council.†
The Director of Finance and Business Improvement advised the Committee that:
∑ The main challenge was the financial impact of COVID-19 which had led to a very significant overspend against the original budget in the current financial year.† The deficit had been mitigated by Government grants and actions that the Council had taken at its own initiative but based on the current figures this would not be sufficient to cover all the additional expenditure and loss of income.† The Council did, however, have reserves it could draw on to cover the likely shortfall this year.† COVID-19 would have an ongoing financial impact.† Current projections indicated that, given neutral forecasts, the Council would face a £2m-£3m budget gap in 2021/22.
∑ Since the situation was not improving, he had reviewed the Budget Risk Register and amended some of the risks.† For example, the risk levels relating to fees and charges failing to deliver sufficient income, commercialisation failing to deliver additional income and Business Rates and Council Tax collection failing to achieve target had been increased due to the difficult economic environment.
In response to questions, the Director of Finance and Business Improvement explained that:
∑ There was a revenue impact associated with capital expenditure: (a) the cost of borrowing and (b) the provision made for the repayment of borrowing.† However, this mitigated the Councilís deficit to an extent because some capital expenditure had been deferred and borrowing costs had been lower than anticipated.† The Capital Programme would still be delivered but it would be delivered over a longer period.† Some schemes had been deferred to ease the pressure on the revenue budget.
∑ The risks associated with major contractor failure were now included in the Corporate Risk Register and would be mirrored in the Budget Risk Register.
During the discussion it was suggested that the Council should not just be looking at the ďtop risksĒ as summarised in the risk matrix.† The relative changes in others such as commercialisation failing to deliver additional income should also warrant attention.
RESOLVED:†† That the updated risk assessment of the Budget Strategy, attached as Appendix A to the report of the Director of Finance and Business Improvement, be noted.
6.30 p.m. to 8.10 p.m.