Agenda and minutes

There were no apologies for absence.

There were no Substitute Members.

Councillor Ash indicated that he was attending the meeting as an observer.

All Members disclosed a personal interest in the report of the Corporate Services Overview and Scrutiny Committee relating to devolved budgets in that they each had a devolved budget of £2,000 per annum.

There were no disclosures of lobbying.

RESOLVED:  That the item on Part II of the agenda be considered in public but the information contained therein should remain private.

RESOLVED:  That the Minutes of the meeting held on 21 September 2009 be approved as a correct record and signed.

Minute 40 – Audit Commission Presentation on the Council’s Use of Resources Assessment 2008/09

A Member asked whether the Council had received a response to its request for a review of the provisional score of 3 for the Managing Performance element of the Comprehensive Area Assessment.  The Head of Internal Audit and Risk Strategy advised the Committee that the CAA Review Office had confirmed that the Council’s application met the allowable grounds for review and that a Review Panel would be convened to consider the submission and make a decision.  The Council would be notified of the outcome of the review early in December.

RESOLVED:  That the position be noted.

The Committee considered the report of the Assistant Director of Customer Services and Partnerships reviewing the Council’s corporate business continuity arrangements.  It was noted that:-

• The Council, as a Category 1 responder under the Civil Contingencies Act, was required to:-

Ø  maintain plans to ensure that it could continue to exercise its functions in the event of an emergency in so far as was reasonably practicable;

Ø  put in place arrangements to warn and inform the public in the event of an emergency; and

Ø  put in place a training programme for those directly involved in the execution of the Business Continuity Plan should it be invoked.

• The Council had a corporate Business Continuity Plan, a Business Continuity Plan Strategy, individual incident (or scenario) plans and separate Business Continuity Plans for twelve key services.  A Business Impact Analysis exercise had identified the key services and the main threats to these services which could then be addressed through the continuity planning process.
• This year the corporate Business Continuity Plan had been updated to take into account the implications of BS25999 and, since the office move, other plans had also been updated to reflect the change of accommodation.
• Plans could not be considered reliable until they were exercised and proved to be workable.  Last year, a number of desk top tests had been arranged as a result of which the corporate Business Continuity Plan and some of the service Business Continuity Plans were updated.  In the coming year, it was the intention to test the individual plans of the key services as well as to undertake a test of how the corporate Business Continuity Plan would interact with the Emergency Plan and the Council’s IT Disaster Recovery Plan.
• Over the past twelve months the Council had reviewed its preparedness for a pandemic following the worldwide outbreak of swine flu.  A pandemic plan had been formulated and actioned.

The Committee asked a number of questions of the Officers relating to, inter alia, the arrangements being made for the Council’s IT Disaster Recovery Plan to be formally tested; the potential impact of the loss of critical services, including the effect on the Council’s reputation; the availability of labour to deal with incidents and the arrangements for seeking reimbursement from the Government; the composition and skills of the Strategic Direction Team; the plans for specific events; and the use of certain words and terms throughout the documents.

RESOLVED:

1.  That the progress made in developing and exercising the Council’s corporate business continuity arrangements be noted and that the revised corporate business continuity documents attached as Appendices to the report of the Assistant Director of Customer Services and Partnerships be noted and referred to the appropriate Cabinet Member.

2.  That the Committee should be advised in due course of the results of the various plan testing.

The Committee considered the report of the Corporate Services Overview and Scrutiny Committee concerning the Council’s Devolved Budgets Scheme and, in particular, the audit trail for devolved budgets; the information made available to new Members regarding devolved budgets; and the need to clarify the guidance about spending devolved budget money on “religious activities” in order to ensure a clear distinction between “faith” and “culture”.

In response to questions by Members, the Officers explained that it would be impractical to seek to recover funds allocated for the purchase of equipment in the event of the recipient subsequently closing down.  Procedures were in place to monitor what payments were made, to whom and by which Councillor(s); who authorised the payment; and whether these payments were in line with the Scheme.  The Scheme was last audited in 2007/08 and was on the Audit Plan for 2010/11.  When checks had been undertaken in the past, no discrepancies had been found. 

RESOLVED:  That the Corporate Services Overview and Scrutiny Committee be informed that the Audit Committee is:

• reassured that there is a satisfactory audit trail in place for devolved budgets;
• satisfied that there are comprehensive guidance notes regarding the Devolved Budgets Scheme; and
• satisfied that Section 7 of the Guidance Notes clearly sets out what projects/works cannot be funded under the Devolved Budgets Scheme.

The Committee considered a report by the Director of Resources and Partnerships seeking its views on possible changes to its role and remit.  The Director of Resources and Partnerships explained that the Audit Committee could choose to continue in its current form and retain its existing terms of reference.  However, given the increasing focus and emphasis on strong governance and effective use of resources, Audit Commission guidance and best practice nationally was that matters such as the approval of the Council’s accounts was the responsibility of those charged with governance, i.e. the Audit Committee.  Currently, the Audit Committee was responsible for reviewing the annual statement of accounts and making a recommendation to the Council regarding their approval.  Authorising the Audit Committee to approve the final accounts could result in a higher score in the 2009/10 Use of Resources Assessment.

RESOLVED:  That agreement be given in principle to the revision of the terms of reference of the Audit Committee to enable it to undertake an increased role on behalf of the Council in line with best practice and Audit Commission guidance and that a further report be submitted to the next meeting of the Committee with a view to a recommendation being made, if considered appropriate, to the Council in March 2010.

The Committee considered a report by the Head of Internal Audit and Risk Strategy outlining the progress that had been made in addressing concerns over data transfer between Maidstone Borough Council and the Traffic Enforcement Centre as part of the process of debt recovery for penalty charge notices under the Traffic Management Act 2004.

The Head of Internal Audit and Risk Strategy explained that the data was sent to the Traffic Enforcement Centre in order that the Council’s parking enforcement debts could be formally registered.  If data was lost in transit this would adversely affect the Council’s system for debt recovery.  Although the Parking Services Section had not lost any data in transit to the Traffic Enforcement Centre the risk remained high as the method of transfer was insecure and the data would only be accepted as an unencrypted file by the Traffic Enforcement Centre.  The issue had been raised with both the Local Government Association and the Information Commissioner.

The Information Commissioner had raised the matter with the Ministry of Justice which was ultimately responsible for the Traffic Enforcement Centre/Bulk Processing Centre and the Head of the Data Access and Compliance Unit at the Traffic Enforcement Centre who had given assurances that the Unit was tackling and dealing with the problem.  The Council’s Parking Services Manager would continue to monitor the transmission arrangements and would contact the Information Commissioner again if for some reason they remained unchanged.

RESOLVED:  That the progress made in addressing concerns over data transfer between Maidstone Borough Council and the Traffic Enforcement Centre be noted.

The Committee considered the report of the Head of Internal Audit and Risk Strategy setting out details of the work of the Internal Audit Section over the six month period April-September 2009.  It was noted that the principal objective of the Internal Audit Section was to examine and evaluate the adequacy of internal control within the various systems, procedures and processes operated by the Council.  Each audit review included an assurance assessment in terms of the adequacy of controls.  A total of sixteen audit assignments were undertaken during the six month period:  one project resulted in an assessment of “high”:  six projects resulted in an assessment of “substantial” and six projects were assessed as “limited”.  No areas were assessed as having a “minimal” level of assurance.  Three further audit reviews did not receive an assurance assessment as this was not considered to be appropriate within the control environment under review.  A follow up to each report was completed, usually three to six months after the date of issue of the original report and the assurance assessment for areas found to have “limited” control in place at the time of the original audit was expected to have improved to “substantial” or “high” by the time that the follow up was completed.  All follow ups conducted during the reporting period confirmed that either a “substantial” or “high” level of assurance was in place at the time of the follow up.  However, a follow up review of Section 106 arrangements conducted in October 2009 (outside the current reporting period) had resulted in an assurance assessment remaining at a “limited” level of assurance although there were mitigating circumstances for the lack of progress made against the agreed audit recommendations in that following the original review the responsibility for monitoring Section 106 agreements had transferred from the Environmental Enforcement Team to the Development Control Team and the Line Manager jointly responsible for completing the implementation plan to the Section 106 database had since left the employment of the Council.  The Development Control Manager who now had responsibility for Section 106 arrangements attended the meeting to explain the action being undertaken to provide the necessary level of assurance.  He also updated the Committee on the action being taken in response to the audit report on Development Control Enforcement.

The Committee asked a number of questions of the Development Control Manager relating to, inter alia, the working relationship with the Legal Services Section; whether staffing levels were sufficient to deal with the number of planning enforcement cases; the perceived lack of feedback; and the use of standard templates for Section 106 agreements.

The Committee also asked questions of the Officers relating to the audit review of the recruitment process; including, the initial management response to the recommendations regarding the checking and verification of qualifications particularly for senior/high profile posts and the need to obtain all relevant paperwork from recruiting managers before progressing the recruitment process; the arrangements for employing temporary staff and consultants; and the details  ...  view the full minutes text for item 55.

The Committee considered a report by the Head of Internal Audit and Risk Strategy attaching, as an exempt Appendix, the final Business Case for the four-way Internal Audit Partnership between Maidstone, Ashford, Swale and Tunbridge Wells Borough Councils.  It was noted that the Business Case set out in some detail how the Audit Partnership would work in practice and how the Partnership would lead to efficiencies and cost savings.  It also set out a staffing structure, provided job descriptions for each of the posts and addressed the risk management concerns raised by Members through the creation of a dedicated “Risk Officer” post.  The job (salary) evaluation exercise would impact on the Business Case in terms of the cost of the service and, in this connection, minor amendments still needed to be made to the figures shown in the report.  Staff had been formally consulted on the proposed partnership arrangements and the Business Case had formed a key element of the consultation process.  Matters raised by staff would receive full and proper attention and this might also lead to amendments to the Business Case.  The final Business Case would be considered for approval by the four partner Councils in December with a view to staff being appointed in January 2010 and the Partnership being implemented in March.

The Committee asked a number of questions of the Officers relating to the compatibility of office systems across the Partnership, staff development and training.

The Chairman confirmed that arrangements would be made for joint meetings of the four Audit Committees.  The Chairs of the four Committees already had an informal meeting protocol in place.

RESOLVED:  That the creation of a four-way Internal Audit Partnership between Maidstone, Ashford, Swale and Tunbridge Wells Borough Councils be endorsed.

6.30 p.m. to 8.40 p.m.