Venue: Committee Room 5, Guildhall, Swansea. View directions
Contact: Democratic Services: - 636923
No. | Item |
---|---|
Disclosures of Personal and Prejudicial Interests. Minutes: In accordance with the Code
of Conduct adopted by the City and County of Swansea, the following interests were declared: - Councillor P M Black – Minute
No.40 – Internal Audit Monitoring Report Q1 2018/19 – Member of governing body
of Burlais Primary School – personal. Councillor T J Hennegan –
Minute No.40 – Internal Audit Monitoring Report Q1 2018/19 – School Governor at
Clwyd Community School – personal. Councillor P R Hood-Williams –
Minute No.40 – Internal Audit Monitoring Report Q1 2018/19 – School Governor at
Crwys Primary School – personal. Councillor J W Jones – Minute
No.40 – Internal Audit Monitoring Report Q1 2018/19 – School Governor at Dunvant
School and my wife is Governor at Hendrefoilan School – personal. Councillor P K Jones – Minute
No.40 – Internal Audit Monitoring Report Q1 2018/19 – School Governor at Bishop
Gore School – personal. Councillor M B Lewis – Minute
No.40 – Internal Audit Monitoring Report Q1 2018/19 – School Governor at Gwyrosydd
Primary School and Pension Fund Committee Member – personal. Councillor W G Thomas –
Minute No.40 – Internal Audit Monitoring Report Q1 2018/19 – School Governor at
Newton Primary School and Pension Fund Committee Member – personal. Councillor T M White – Minute
No.40 – Internal Audit Monitoring Report Q1 2018/19 and Minute No.42 - Wales
Audit Office ISA 260 Report CCS Pension Fund - Chair of Governors at Brynhyfryd
Primary School, Pension Fund Committee Member and benefactor of the Pension
Fund – personal. Geraint Norman (Wales Audit
Office) - Minute No.40 – Internal Audit Monitoring Report Q1 2018/19 – My wife
is the Head Teacher of Pontlliw Primary School.
The Wales Audit Office has controls in place to mitigate – personal. |
|
To approve & sign the Minutes of the previous meeting(s) as a correct record. Additional documents: Minutes: Resolved
that the Minutes of the previous meetings of the Audit Committee held on 14 and
23 August 2018 be approved as correct records. |
|
Internal Audit Monitoring Report - Q1 2018/19. PDF 131 KB Additional documents:
Minutes: The Chief Auditor presented the audits finalised and any other work undertaken
by the Internal Audit Section during the period 1 April 2018 to 30
June 2018. A total of 30 audits were finalised during Quarter 1. The audits finalised were listed in Appendix 1, which also showed the level of assurance given at the end of the audit and the number of recommendations made and agreed. A total of 247 audit recommendations were made and management agreed to implement all but one of the recommendations i.e. 99.6% against a target of 95%. Appendix 2 outlined that by the end of June 2018, approximately 66% of the Audit Plan was either completed or in progress. Out of the 30 audits finalised in Quarter 1, 18 had been audits that were included in the 2017/18 audit plan that were ongoing at the end of the financial year, that had since been finalised in 2018/19. Information regarding additional work and details of follow-ups completed between 1 April and 30 June 2018 were specified. Details of the significant issue which led to a moderate rating issued in the Quarter for Disaster Recover & Business Continuity were provided. The Audit objectives were to ensure that the Authority had an ICT Disaster Recovery Plan (DR Plan) in place and that the plan was regularly reviewed, tested and updated. The audit included the testing of controls established by management over the following areas within the DR Plan: Ownership and Management; Risk Assessment and Prevention; The Corporate Plan; IT User Plans; Resourcing and Training. The reasons for the moderate rating were provided as follows: - ·
Checks were carried
out to confirm that the responsibility for the Councils IT Disaster
Recovery Policy and Recovery Plan had been formally assigned. No Terms of
Reference had been established for the Disaster
Recovery Team. ·
It was found
that the Team had not carried out regular reviews of the Disaster Recovery
Plan. A review of the Disaster Recovery
Plan revealed that it had not been updated on at least
an annual basis. The last review was undertaken in
April 2017. ·
Testing was carried
out of the Information Asset Register to ensure that data in relation to each
system, interface and its users was recorded. A sample of three system entries was selected for checking.
For the sample of systems selected it was found that: o
There was no indication of the length
of time that the Council could function without the system / systems. o
Minimum resources required to get the system up and running again in respect of
hardware, software and communications were not detailed. ·
A further sample check of these systems
was carried out to confirm that the Register contained details of the systems
objectives and that there were explanations detailed of how each element of the
IT service will address the objectives.
It was found that the objectives of the systems
were recorded, however, there was no information detailed as to how the IT
service would address the objectives. ·
A review of the Councils Risk Registers
to check that each system risk had been recorded
revealed that risks were not listed individually in the Registers. It was noted that
only a general entry had been made regarding the risk of not having a full
Disaster Recovery Plan in place. ·
A review of the current Corporate
Disaster Plan to confirm that all required information was detailed revealed
that: o
Full details of Risk Assessments were not recorded. o
Recovery sites had
not been established. ·
A sample of four key IT system users were contacted and asked to provide copies of their Business
Continuity Plans, particularly in relation to Hardware and Software. For all Plans, hardware and software issues had not been addressed in the individual Business Continuity
Plans. ·
Information was requested from the
Insurance Section to confirm that a policy was in place to cover a disaster
situation should one occur, however, to date no
evidence had been received. ·
It was also confirmed
that no formal testing took place in relation to the Disaster Recovery Plan. Jo Harley, the Interim Head of Digital and Transformation Services provided the Committee with a thorough explanation on the progress made in respect of the issues raised in the moderate rating. She referred to each specific reason and confirmed the progress / developments made in order to provide the Committee with assurance that improvements were being implemented. The Committee asked questions of the Officer, who responded accordingly. Discussions centred around: - ·
Companies providing Cloud based systems being located in
the UK; ·
Concern regarding BT infrastructure; ·
Consideration being given to
each system prior to any cloud migration decision. This will lead to a hybrid solution of cloud
and on premise systems; ·
Potential cost of transferring to the Cloud and the
different options / packages available; ·
Risk assessments of the Service Areas systems is the responsibility
of services; ·
Internal Audit keep pace with the changes in IT. Resolved that the contents of the report be noted. |
|
Wales Audit Office - ISA 260 Report - City and County of Swansea. PDF 405 KB Minutes: Geraint Norman and Anthony Veale, Wales Audit Office presented Wales Audit Office ISA 260 report 2017/18 – City and County of Swansea. The report set out for consideration, matters arising from the audit of the 2017-18 financial statements for the Council that required reporting under ISA 260. It was stated that it was the Auditor General’s intention to issue an unqualified audit report on the financial statements. It was added that the auditors had received the draft financial statements for the year ended 31 March 2018 on 4 June, prior to the deadline of 30 June 2018. The Wales Audit Office were reporting the more significant issues arising from the audit, which they believed must be considered prior to approval of the financial statements. These issues had already been discussed with the Section 151 Officer. It was the Auditor General’s intention to issue an unqualified audit report on the 2017-18 financial statements. The final letter of representation was contained at Appendix 1, the proposed audit report was provided at Appendix 2, the corrected mis-statements were provided at Appendix 3 and the key recommendations arising from the financial audit work were set out in Appendix 4. The Committee asked questions in relation to the following which were responded to by the Wales Audit Office Representatives: - · Capital Accounting advice regarding current arrangements; · Progress made regarding registering deeds with the Land Registry; · Reconciliation of the Council’s Revaluation Reserve. The Chair expressed his appreciation to the Finance staff for
providing the accounts to the Wales Audit Office well before the required
deadline. Resolved that the contents of the report be noted. |
|
Wales Audit Office - ISA 260 Report - City & County of Swansea Pension Fund. PDF 126 KB Minutes: David Williams, Wales Audit Office presented a report that set out for consideration the matters arising from the audit of the financial statements of the Pension Fund for 2017/18, which required reporting under ISA 260. The gross assets controlled by the Pension Fund amounted to £1.9 billion. The quantitative levels at which misstatements were judged to be material for the Pension Fund is £19.1 million. The report provided the matters arising from the audit of the financial statements of the Pension Fund for 2017-18. The draft financial statements for the year ended 31 March 2018 were received on 25 May 2018, prior to the 30 June 2018 deadline. The Wales Audit Office were reporting the more significant issues arising from the audit, which they believed must be considered prior to approval of the financial statements. These issues had already been discussed with the Section 151 Officer. It was the Auditor General’s intention to issue an unqualified audit report on the financial statements once the Authority had provided a Letter of Representation based on that set out in Appendix 1. The proposed audit report was set out in Appendix 2. The Pension Fund was included within the Council’s main financial statements and therefore the opinion shown was that proposed for the Council’s main financial statements incorporating the Pension Fund. It was outlined that there were no non-trivial misstatements identified in the financial statements which remained uncorrected. There were misstatements which had been corrected by management but which the auditors felt should be highlighted due to their relevance to the responsibilities of the Authority over the financial reporting process. These were set out with explanations in Appendix 3. These amendments increased the value of investments in the Net Assets Statement by £2.5 million. There were also a number of other presentational amendments made to the draft financial statements arising from the audit. Other significant issues arising from the audit were also reported. The key recommendations arising from the financial audit work were set out in Appendix 4. Management had responded to them and progress would be checked during next year’s audit. Where any actions were outstanding, the auditors would continue to monitor progress and include it in the report next year. The Chair expressed his appreciation to the Finance staff for providing the accounts to the Wales Audit Office well before the required deadline. Resolved that the contents of the report be noted. |
|
Corporate Fraud Annual Report 2017/18. PDF 184 KB Minutes: Jeff Fish and Jonathan Rogers presented a summary of the work completed by the Fraud Function of Internal Audit in 2017/18. The report provided the background to the Fraud Function, an overview of activities and its value. The key activities in 2017/18 covered the following areas of work: - · Review of Direct Payment Strategy / forms; · Joint work with DWP’s Fraud and Error Service; · National Fraud Initiative 2016 · Fraud Awareness; · Inter-Agency work and Data Exchange; · Special investigations. The Review of the Fraud Function Plan for 2017/18 reported that out of the 9 planned activities, 6 were fully achieved and 3 partly achieved. Appendix 3 of the report provided details of these activities. The Committee asked questions of the Officers, who responded accordingly. Discussions centred around the following: - · Overpayments, the reasons surrounding why they had occurred and the follow up process; ·
The pilot scheme relating to overpayments. Resolved that the contents of the report be noted. |
|
Audit Committee Action Tracker Report. (For Information) PDF 121 KB Minutes: The Chief Auditor presented the Audit Committee Tracker Report for information. He highlighted two additional actions in relation to the Draft Audit Committee Annual Report 2017/18 and outcomes that required reports being provided to future Committee meetings. |
|
Audit Committee Work Plan. (For Information) PDF 94 KB Additional documents: Minutes: The Audit Committee Work Plan
was reported for information. The Chief Auditor highlighted
two updated actions at Appendix 2 relating to the Wales Audit Office. Geraint Norman stated that it was for the
Committee to decide how it wished to progress the issues. Resolved
that the items be discussed at the next scheduled
meeting. |