Agenda and minutes

To receive any apologies for absence from Councillors.

Apologies were received from Cllr R Herrett.

To receive information on any changes in the membership of the Committee.

Note – When a member of a Committee is unable to attend a meeting of a Committee or Sub-Committee, the relevant Political Group Leader (or their nominated representative) may, by notice to the Monitoring Officer (or their nominated representative) prior to the meeting, appoint a substitute member from within the same Political Group. The contact details on the front of this agenda should be used for notifications.

Cllr M Tarling substituted for Cllr R Herrett.

Councillors are requested to declare any interests on items included in this agenda. Please refer to the workflow on the preceding page for guidance.

Declarations received will be reported at the meeting.

There were none received.

To confirm and sign as a correct record the minutes of the meeting held on 7 March 2024.

The minutes of the meeting held on 7 March were approved as a correct record.

To receive any public questions, statements or petitions submitted in accordance with the Constitution. Further information on the requirements for submitting these is available to view at the following link:-

https://democracy.bcpcouncil.gov.uk/ieListMeetings.aspx?CommitteeID=151&Info=1&bcr=1

The deadline for the submission of public questions is 3 clear working days before the meeting.

The deadline for the submission of a statement is midday the working day before the meeting.

The deadline for the submission of a petition is 10 working days before the meeting.

There were 4 public questions received and 3 public statements as follows:

Mr Alex McKinstry, in relation to agenda item 6 and 2 questions from Mr Ian Redman (being read by Mr McKinstry), in relation to agenda items 9 and 6.

Public Questions from Mr Alex McKinstry

1. Of the Freedom of Information Act requests received by BCP Council in 2023-4, how many were dismissed as vexatious, and how many were reclassified as non-vexatious following a request for an internal review /referral to the ICO? If the number of reclassifications is significant - and I accept that it might not be - is this a matter which is being discussed at Information Governance Board meetings, and if so, what lessons are being learned?

Response from the Chair:

There were 1458 FOI/EIR requests processed in 2023/24, of these none were refused under S14 (vexatious).

There were 2 requests dealt with under an internal review where S14 was applied after further consideration.

There were no reclassifications overturning the S14 decisions to the internal review responses.

2. Of the 38 requests for internal reviews made in 2023-4, how many responses to those requests were issued outside the 20-working-day guideline recommended by the ICO?

Response from the Chair:

9 responses to internal reviews were not made within the ICO response guideline of 20 working days.

Of these 9 responses, 8 were met within 40 days (including a 20 working day permitted extension for complex requests, consultation with third parties or where a substantial amount of information is requested)

Public Questions from Mr Ian Redman

3. Why would aggregating activities into larger packages increase the number of potential providers and offer better value for money for the Council through greater competition? Aggregating activities into larger packages might save work for the council by reducing the number of tenders but larger packages is more likely to prevent smaller businesses taking part in the tender process, reducing competition and providing less choice for consumers.

Response from the Chairman:

The actual Internal Audit recommendation reads :

‘R8 - Formal consideration should be given to aggregating activities into larger packages where possible and appropriate to do so to increase the number of potential providers and potentially offer better value for money for the Council through greater competition’. 

The key words in this recommendation are ‘consider’ and ‘where possible and appropriate’, the recommendation does not imply that all activities should be aggregated.

There is a fine balance to strike, Mr Redman is quite right that in certain situations larger packages of activity may prevent smaller businesses from taking part in tendering or providing quotes, thus reducing competition and providing less choice for consumers.

Conversely however in certain situations, if activity packages are too small, this can put off certain suppliers from making the effort to tender or to supply quotes as any eventual return on this effort and on fixed costs incurred is considered insufficient reward. This is simple economies of scale.

Aggregation of activity into large tender opportunity packages can therefore,  ...  view the full minutes text for item 73.

IG update report to the Committee, providing performance management information.

The Head of Information Governance (IG) presented a report, a copy of which had been circulated to each Member and a copy of which appears as Appendix 'A' to these Minutes in the Minute Book. The report provided an update from Information Governance on performance management information across the Council including that related to Freedom of Information (FOI) Requests and Subject Access Requests (SAR). The Head of IG outlined the structure for the Service and how FOIs and SARs are handled across the Council. The Committee was advised that there was a new management team in place working to review how the IG function worked across BCP and looking to see what improvements could be made to the service. The Committee was also asked to note the response rates for the year.

In responding to the fact that Law and Governance had recorded a 10 percent response rate in Q3 it was explained that requests coming in were rarely simple and therefore it was difficult to find the correct information within the required timeframe and resources were stretched across different areas.

The Head of IG explained in response to a question about the review of the IG structure that this was in the early stages and a workshop was due to take place the following week which would look at how well the service was resourced. The aim for improving the services was that the 90 percent target would be reached. This would be included within the internal audit plan which should help to support and improve this function within LG, which should in turn assist the Data Protection and Information Governance Service. Policies and procedures would also be looked into as part of a comprehensive review. The current performance termed unsatisfactory, the timescale for moving to satisfactory would be approximately 1 year.

It was suggested that the average response time for those falling outside of the requisite period would be useful and that the case management system would be useful to drive this forward.

The Committee discussed the provision of data breach information. It was noted that there was a separate log for this but the service would be looking into how this worked and how it could be combined into the reporting system. The service was working to minimise exposure to risks.

RESOLVED that

(a)  Committee note the Information Governance (IG) performance management information (PMI) for 2023/24 (Q1 to Q3 – December 2024) contained in this report. 

This includes requests received under the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations (EIRs), Data Protection Act 2018 (DPA) and other agency disclosure requests.

(b)  Committee note that currently a review is underway by leadership team of the function of IG within BCP Council. 

Voting: Nem. Con

This report updates councillors on the position of the council’s Corporate Risk Register. The main updates are as follows:

·        Two risks were combined (CR02 and CR12)

·        One risk was re-included (CR08)

·        4 new risks were added (CR16, CR23, CR24, CR25)

·        3 risks were removed (CR12, CR13, CR22).

Material updates for this quarter are outlined in sections 9 to 11.

The Chief Executive presented a report, a copy of which had been circulated to each Member and a copy of which appears as Appendix ‘B’ to these Minutes in the Minute Book. The Committee was informed that the report provided an update on the position of the council’s Corporate Risk Register. The main updates were outlined to the Committee.

·       Two risks were combined (CR02 and CR12)

·       One risk was re-included (CR08)

·       4 new risks were added (CR16, CR23, CR24, CR25)

·       3 risks were removed (CR12, CR13, CR22)

The Committee was advised that it was expected that CR02 was increased from 6 to 12 incorrectly and that this would be reduced in the next iteration of the Risk Register. The material updates for the quarter were outlined in the report.

The Committee discussed the response to CR15 concerning staff recruitment, retention and support, which was ‘to tolerate or accept’. This would be followed up with the Risk and Insurance Manager, but it was noted that there were limits in terms of attracting staff. The Committee suggested that it would be useful for the register to include the direction of travel over the course of a year.

There was a concern raised that there wasn’t a risk recorded regarding meeting the statutory requirements for housing. It was noted that this would be included within the Housing Service Risk Register. CR20, regarding the environment and CR03 on information governance were also raised as previously downgraded and it was questioned whether these should be put back on the register. In consideration of the merge of CR02 and CR12 it was noted that these areas were repetitive in the Corporate Risk Register but there was a complete risk register for Children’s Services which would provide a complete breakdown for the service area.

It was noted that the change with CR13 and CR25 had already happened. This was a significant risk. It was noted that this was due to a change in the direction of the transformation programme to services. It was suggested that it would be helpful if as soon as ready could be distributed to the Committee.

It was asked whether CR16 - Failure to Secure Partnerships, should be linked to the transformation programme. The Chief Executive advised that the Council did not have a devolution deal. There was concern that there would be a re-entrenchment in police, health and local government. The risk reflected the challenges in the current public sector environment.

There was general support expressed for the submission of the risk register to Cabinet and possibly Council. There was also general agreement that the Committee should look at Service Level Risk Registers. It was agreed that the programme and scheduling for this be agreed with the Service Lead and Chair. It was proposed that this begin with Children’s Services and this would be followed up by the Chief Executive and Director of Childrens Services.

RESOLVED that the Audit and Governance Committee note the update provided in this report relating to corporate  ...  view the full minutes text for item 75.

This report sets out the Internal Audit Charter and the Audit Plan for 2024/25. Approval of these documents by the Audit & Governance Committee is a requirement of the Public Sector Internal Audit Standards (PSIAS).

Some minor amendments have been made to the Internal Audit Charter which includes an updated Data Analytics Strategy.

The final Internal Audit Plan for 2024/25 has been produced which includes some minor amendments from the version provided to the Audit & Governance Committee in January 2024. Completion of the plan will enable the Head of Audit & Management Assurance to provide an annual opinion on the adequacy and effectiveness of the Council’s control environment.

The allocated budget resource for 2024/25 is considered adequate to deliver the Internal Audit Charter and Audit Plan for 2024/25.

The Head of Internal Audit presented a report, a copy of which had been circulated to each Member and a copy of which appears as Appendix 'B to these Minutes in the Minute Book. The report set out the Internal Audit Charter and the Audit Plan for 2024/25. The Committee needed to approve these documents as a requirement of the Public Sector Internal Audit Standards (PSIAS).  The Committee was informed that some minor amendments had been made to the Internal Audit Charter which includes an updated Data Analytics Strategy.

The final Internal Audit Plan for 2024/25 included some minor amendments from the version provided to the Audit & Governance Committee in January 2024. The completion of the plan would enable the Head of Audit & Management Assurance to provide an annual opinion on the adequacy and effectiveness of the Council’s control environment.

The allocated budget resource for 2024/25 was considered adequate to deliver the Internal Audit Charter and Audit Plan for 2024/25. The Committee was advised of the process for ensuring the independence of Chief Internal Auditor in respect of the other services they managed.

The Committee asked how the allocation of audit hours related to the corporate and operational risk registers. In response the Committee was advised that the allocation of days was broadly on budget and a professional assessment. Children services was already under external inspections and an improvement board and therefore there tended to be less work in this area as formal assurance process was in place externally.

There was no resource allocated for 2024/25 for the allocation of grants which was an area which may be impacted by fraud. There was a process for the approval of grants which had to be signed off by the Head of Internal Audit and the Chief Executive. Risks around grants would be reported within the quarterly update to the A&G Committee if required.

As scoping was not completed for each audit it was explained that the determination of allocated days was planned at the start of the year to be strategic and set out a broad allocation. Certain key assurance functions were planned in and the time requirements were known on annual basis for some functions. However, there was a need to be more dynamic in the approach to high-risk functions and these would be addressed in an initial meeting between auditors and Service Directors.

RESOLVED that

•        the Internal Audit Charter be approved and that the Chair sign the document to record this approval (this may be a virtual sign off using email).

•        The Internal Audit Plan 2024/25 including the detailed breakdown of quarter 1 audits be approved

note the 2024/25 budget for the Internal Audit service which was approved by Council as part of the 2024/25 Council Budget setting and Medium Term Financial Plan update in February 2024

Voting: Nem. Con

This report details progress made on delivery of the 2023/24 Audit Plan for the 4^th quarter – January to March (inclusive) 2024. The report highlights that:

·        11 audit assignments have been finalised, including 2 ‘Partial’, 8 ‘Reasonable’ and 1 ‘Follow Up’ audit opinions;

·        25 audit assignments arein progress, including 9 at draft report stage;

·        Total additional council tax yield of £243,678 has resulted, to date, from the Single Person Discount pilot project;

·        14 of the 18 recommendations from the Review of Pop-up/Temporary activities incorporating Bayside Restaurant Review have been implemented;

·        A replacement Audit Manager has been successfully recruited and is now in post;

5 ‘High’ priority auditrecommendations have not been fully implemented by the original target date.  Explanations from respective Directors appear reasonable and revised target dates have been agreed.

The Head of Internal Audit presented a report, a copy of which had been circulated to each Member and a copy of which appears as Appendix 'D' to these Minutes in the Minute Book. The Committee was asked to note the progress against the implementation of the recommendations from the Review of Pop-up/Temporary activities incorporating Bayside Restaurant Review.

The report detailed the progress made on delivery of the 2023/24 Audit Plan for the 4^th quarter 2024. The Committee was advised of the key areas outlined in the report. It was noted that five ‘High’ priority audit recommendationshad not been fully implemented by the original target date but explanations from respective Directors appeared reasonable and revised target dates had been agreed. It was noted that whilst not preferred audits had been taken out on the basis of risk.

A number of areas within the Internal Audit 4^th Quarter Audit Plan were raised by the Committee and responded to or assurances provided that further information would be shared outside of the meeting. The scope of the in-progress audit entitled ‘Developer Contributions - Management of Spend Audit’ would be provided to members of the Committee outside of the meeting. It was noted that the business case template developed as part of the recommendations for the Review of Pop-up/Temporary activities incorporating Bayside Restaurant would be circulated to members to assure the Committee that it included the required content. A further concern was raised regarding the firewall risk outlined in the paper and an update would be brought to the next meeting.

Concern was raised that the number of high priority recommendations issued had increased from the previous year. It was explained that direct comparisons from one year to another could not be drawn, as many factors impact, such as type and scope of the audit, framing of the recommendation and only ‘key assurance’ audits are completed on an annual basis.

The Head of Internal Audit advised that he would not want to create any perverse incentives within the Internal Audit team to make or not make recommendations to align with previous year levels; he further explained it is his responsibility to ensure that the recommendations made were relevant and appropriate. If the number of recommendations reduced significantly there may be some concern as it may mean the right high-risk areas were not being targeted for audits. It was suggested by a committee member that the level of assurance was less due to the greater number of findings.  The Head of Internal Audit explained that such a stark conclusion could not be drawn given the impacting factors explained previously.

It was noted that it was hard to demonstrate that some of the recommendations had been completed and it was requested whether further tests could be put in place to check the recommendations were embedded.

RESOLVED that

a)    The progress made andissues arising onthe deliveryof the2023/24 InternalAudit Plan be noted.

b)    The explanations provided (Appendix 1) be  ...  view the full minutes text for item 77.

The report summarises the issues considered by the Constitution Review Working Group and sets out a series of recommendations arising from the Working Group for consideration by the Committee relating to the introduction of budget and policy framework procedure rules.

Any recommendations arising from the Committee shall be referred to full Council for adoption.

The Constitution Review Working Group presented a report, a copy of which had been circulated to each Member and a copy of which appears as Appendix 'E' to these Minutes in the Minute Book. The Head of Democratic Services advised that the plan would be to review these recommendations and that any recommendations arising from the Committee would be referred to full Council for adoption. The intention was to bring forward additional procedure rules for the budget setting meeting. The report summarised the issues considered by the Constitution Review Working Group and set out a series of recommendations arising from the Working Group for consideration by the Committee relating to the introduction of budget and policy framework procedure rules. It was noted that the recommendations arose from the best value review and was put into the CE review on previous MOs request.

It was noted that the recommendations would bring clarity around the budget and corporate monitoring framework and provided an option for issues if there was disagreement with the budget recommendation. In the discussion it was noted that there was no impact on the Leader of Finance Portfolio Holder positions. There was an aim towards a dedicated budget Council. There was a plan to survey Councillors on some of the other issues raised and come back with a further package of proposals.

RECOMMENDED that in relation to Issue 1 (Budget and Policy Framework Approval Procedure Rules) the proposed amendment to insert the new Procedure Rules into Part 4E of the Constitution, as set out in Appendix 1 to this report, be approved; any necessary and consequential technical and formatting related updates and revisions to the Constitution be delegated to the Monitoring Officer.

Voting: Unanimous

This report sets out the indicative list of reports to be considered by the Audit & Governance Committee for the 2024/25 municipal year in order to enable it to fulfil its terms of reference.

The Head of Internal Audit presented a report, a copy of which had been circulated to each Member and a copy of which appears as Appendix '?' to these Minutes in the Minute Book. The report set out the indicative list of reports to be considered by the Audit & Governance Committee for the 2024/25 municipal year in order to enable it to fulfil its terms of reference.

RESOLVED that

The Audit & Governance Committee approves the indicative Forward Plan set out at Appendix A.

Voting: Nem. Con.