Agenda and draft minutes

Apologies were received from Councillor Henry Higgins with Councillor Kishan Bhatt substituting.

None.

RESOVLED: That the minutes of the meeting held on 12 February 2024 be approved as a correct record

There were a number of items in this report.

Consultation

The government consultation aimed to clear the national audit backlog. The consultation had a number of phases. Phase one would focus on clearing audits for 2022-23 and prior periods by September of this year. Close-to-completion audits would be prioritised, while others may require an audit disclaimer. It was noted that Hillingdon would not have a 2022-23 Council audit. The government had not yet issued any guidance on audit opinions but it was emphasised that disclaimers were due to system resets, not underlying Council problems.

Phase two set future audit deadlines, aiming for normalcy by 2028-29. It was suggested that the audit deadline should be May 2025 for the 2023/24 audit, however officers and EY did not think that this was sensible as the audit period was too long and it also conflicted with other key pieces of work that both teams were doing at that time. This had been fed back to the government. It had been agreed with EY that both parties would work towards completing the audit around the November 2024 deadline. The consultation also suggested that local authorities should still publish their draft accounts at the end of May 2024.

2022-23 Value For Money Report

Despite the national reset affecting financial statement audits, value for money work continued. The value for money assessment for 2022-23 had been completed. Challenges included budget pressures, savings requirements, and an increasing DSG deficit were noted in the assessment.

No significant risks or weaknesses were identified, but financial sustainability challenges were noted. Continued focus was needed to maintain sustainability and sufficient reserves.

Members asked for clarity on the position of the Dedicated Schools Grant (DSG). There was a £23.5m deficit brought forward from 2021-22. No DSG funding was paid by the Department for Education (DfE) to the Council in 2023-24. Officers noted that discussions with the DfE continued regarding the safety valve agreement and deficit coverage. This issue cut across both the DfE and Department for Levelling Up, Housing and Communities (DLUHC). This was noted and Members suggested that it would be useful to have an update, possibly at the next Committee.

2022-23 Pension Fund Audit Results Report

Draft audit results for the 2022-23 pension fund audit were nearly complete, with no significant further delays expected. Accounts were in draft format, providing a true and fair view. An unqualified opinion was planned, once government issue guidance.

The going concern assessment covered the pension fund up to March 2026, providing sufficient coverage.

Membership data testing had been challenging this year but was completed.

On audit differences, a £2.7m difference had been identified. This was due to timing – accounts based on estimates versus updated information during the audit. An adjusted fair value classification point of £4.3m was flagged; discussions were planned for EY and the Council to discuss classifications next year as these were subjective in nature. An adjustment relating to fair value hierarchy and minor disclosure differences were noted.

Membership data point  ...  view the full minutes text for item 92.

Officers presented the internal audit annual report for 2023-24. The report was brought forward from the August meeting to assist in drafting the annual governance statement.

A total of 47 pieces of internal audit work were fully delivered as part of the 2023-24 internal audit plan. Field work for all planned work was completed by the year-end, despite initial vacancies and a new team. The work included 33 assurance reviews, 7 consultancy, and 7 grant claims. Six planned audit reports were in draft form at year-end.

Of the 33 assurance reviews, 21% were substantial, 42% reasonable, and 36% limited. The opinion for 2023-24 was limited assurance. This was based on the assurance reviews completed throughout the year and considered the scope of each review. A lot of work had been done looking at high risk areas and looking at the action plans.It also took into consideration any significant findings from the draft reports.

Several areas of the limited assurance reviews were in key areas of governance such as the risk management, workforce planning and facilities management.

Common themes included inconsistent governance arrangements due to ongoing transformation work. Poor data quality was identified due to reliance on manual records and outdated systems. The Council was addressing data quality issues in 2024-25. The report also covered follow-ups on recommendations and performance against key indicators.

The internal audit team had achieved significant progress despite starting from scratch and facing vacancies. The limited assurance opinion reflected the current context of ongoing transformation and governance adjustments.

Members asked what would be done to improve the opinion going forward. There was a lot of work already underway in terms of data quality and governance arrangements. A lot of the reviews in the plan for next year were to look into the details of those areas. This included early reviews to address these areas and embed recommendations.

The Cabinet Member for Finance congratulated the audit team on a total rebuild given that previously the Council had relied on outsourcing of internal audit. It was noted that there was some inevitability around governance arrangements taking time to settle down following transformation.36% limited assurance was a subject for concern but in the current context it was not particularly surprising.

Members noted previous discussion around the new data system and asked how this was working out. Officers noted better responses on more recent reports due to quicker follow-ups. Previously there had been a backlog with a lot of change happening, and when people left their roles, sometimes recommendations were not handed over.

Officers put on record their thanks to the internal audit team for their swift takeover of audit matters.

On the face of it, limited assurance was not a good place to be. However, it was recognised that the audit service was identifying areas for improvement and also moving into areas that they may previously not have been involved in, adding their skills set to, for example, the transformation programme and the Oracle project.

It was noted  ...  view the full minutes text for item 93.

This report outlined the work completed since the previous Audit Committee. At lot of this fed into the annual report as it was currently only one month into the new financial year.

Nine reviews had been completed since the last Audit Committee meeting. These reviews included one substantial (building safety standards), four reasonable (Payment Card Data Security Standard, Building Control Action Plan, Neglect (Children’s), and Private Sector Housing), one advisory (fraud risk assessment in procurement), and three limited (social housing applications, fleet damage, and pool cars).

Key findings in the limited assurance reports related to missing key documentation, reliance on manual processes, duplicate systems, and insufficient checks and challenges within different services.

Seven draft reports were also prepared at year-end.

The report outlined the planned work for the remainder of the year. The internal audit team was already ahead of last year’s progress in terms of planning for audits. Six weeks in advance, planning for all audits had commenced.

The team was working on a quality improvement action plan. This plan will address the new internal audit standards coming into effect. The new standard came into effect from January 2025, and specific guidance for the public sector will be incorporated by the end of March next year.

The Chair asked what the scope of the substantial assurance report was. This was around building safety standards and looking at the action plan that was in place.

The pool cars audit focused on the processes related to pool car usage. Concerns arose due to reliance on individual officers completing documentation (e.g. consent forms, damage assessments). Weaknesses were found in the documentation, including inconsistencies and incorrect recording of damage. Progress on fixing these issues was being monitored.

Some items dropped off the 2023-24 internal audit work plan but were postponed to 2024-25. It was common practice to move items into Q1 due to year-end busyness. Areas like personal appraisals, overtime payments, and partnership working were still being addressed.

The follow-up process was ongoing, and meetings will be held to get updates. There were no immediate concerns about the unknown status items. The capital program item with high and medium actions would be monitored.

RESOLVED: That the Audit Committee noted the IA progress since the last meeting

This report provided a summary of the risk management work that was completed during 2023-24. It was brought forward from the August meeting and included a summary of the risk register at year-end. There was a significant change at the beginning of the year with a big refresh of the corporate risk register and moving to a new risk management system.

The new risk management system was now up and running. Place Directorate, Finance Directorate and the Digital Directorate had all had demonstrations. There were requests to complete the demonstrations with Children’s Services Directorate, Adult Services & Health Directorate and the Central Services Directorate.

Risk management was crucial for managing opportunities and threats to objectives. The Council’s risk management policy provided a framework for: clear accountabilities and roles; prompt identification and assessment of risks; employee knowledge and skills in risk management; informed decision-making considering relevant risks; and evaluation of risk management impact.

Several updates had been made to the risk register: Microsoft Word versions of Directorate Risk Registers had been replacedwith a central Excel Risk Register. There was improved access for risk owners. A Digital Directorate Risk Register had been added, with services reallocated between directorates. Corporate risks had been aligned with strategic objectives through a Strategic Risk report. A new risk management system (JCAD) had been introduced for increased accountability and collaboration. Training and guidance were being prepared for system implementation.

At year-end, there were 16 red-rated risks in the Corporate Risk Register.Place Directorate had the highest number of risks (though was not necessarily the most risky). 13 unscored risks (down from 24) were being addressed. 5 risks not reviewed within the last 6 months were raised at the Corporate Risk Management Group and were being addressed.

Members asked what was being done to enhance consistency across the authority. Officers were not transferring everything from the excel spreadsheet to JCAD straight away and were running training sessions within individual services to make sure that they were reflecting their risks. While currently, a lot of risks were recorded at a very high level, such as one big risk around cyber security, these could be broken down into a larger number of smaller risks.

The report noted an aspiration to move to a risk defined level of maturity, and Members asked if there would be a more formal plan to achieve this. Currently the focus was on getting risks recorded on the register. Officers were also looking at how to embed KPI information.

Members asked for clarity on the corporate risks brought forward from 2022-23 and new risks in 2023-24. There was a big refresh moving from Q1 to Q2 of 2023-24. A further three risks were added at the end of Q4. When the risk management progress report was presented at each Audit Committee, this would list all new risks that had been added since the previous meeting.

RESOLVED: That the Audit Committee noted the Risk Management Annual Report and progress to improve the risk management arrangements

The final paper was the Strategic Risk report. This was introduced at the previous Audit Committee. There had been no significant changes since the last meeting. The risks had been added to JCAD and officers were training up members of CMT on the system. Furthermore, officers were working with digital and business intelligence to incorporate risk KPIs into the dashboard, and other service level KPIs were embedded as well.

RESOLVED: That the Audit Committee noted the Strategic Risk Report and provided feedback on the content and level of assurance received.

It was noted that an addendum had been issued to update Appendix B.

The Counter Fraud team continued to focus on areas of high risk, particularly around frontline demand-led services. Proactive and reactive activities during Q4 had led to approximately £2 million in savings, bringing the year-to-date total savings to £11.2 million.

In housing, efforts had focused on tenancy fraud, resulting in the recovery of 23 properties in Q4 (total of 103 for the year) and the closure of 16 emergency accommodation units due to non-occupation (total of 42 for the year). Both of these year-end figures were the highest the team had ever achieved in a single year.

Efforts to maximise income included identifying eight businesses undeclared for rates and 30 “beds in sheds” not listed for council tax, resulting in approximately £543,000 of additional income.

Refreshing the fraud risk register was a key priority. A fraud awareness campaign would commence, starting in Adult Social Care, equipping staff to spot and report fraud. Sustaining performance from last year into this year was crucial. Transitioning from narrative progress reports to dashboard reporting using tools like Power BI was underway.

Members asked and officers noted that quantifying overall liabilities or losses due to fraud or cyber fraud was challenging. A common rule of thumb suggested that fraud or loss within a budget could range from 0.5% to 5%. While proactive activity and process improvements help, accurately assessing unknown losses remained difficult.

Members congratulated the team on their achievements.

It was noted that the Counter Fraud team was currently the highest contributor to the housing stock.

It was encouraging that the Counter Fraud and Internal Audit teams were working well together.

The team collaborated with other departments (e.g. private sector housing, planning enforcement) to address beds in sheds and other fraud-related issues. Further discussions with officers were planned to enhance efforts in this area.

RESOLVED: That the Audit Committee:

1. Noted the Counter Fraud Progress Report for 2023-24 Quarter 4; and

2. Suggested any comments/ amendments

The report provided an overview of how the counter-fraud team operated, including its strategic approach and operational functions. It highlighted alignment with internal audit and collaborative efforts. The refreshed fraud risks faced by the Council were outlined in Appendix A. Appendix B set out the operational work plan.

The work plan focused on three main frontline service areas: Revenue, Social Care, and Housing. Synergies existed between Counter Fraud efforts and Internal Audit activities. A key priority was ramping up activity in social care, including fraud awareness discussions and consultancy work.

Members asked and officers noted that Social Care was a complex area, and the Counter Fraud team acknowledged that it was not the expert in this field. Stakeholder engagement, fraud awareness, and consultancy work will help understand risks and identify necessary actions. Decisions related to criminal cases or protecting against loss will involve collaboration with Social Care experts.

Members asked and officers noted that the London Counter Fraud Hub collaborated with other councils in the region. There was also a London Borough Fraud Investigation Group, which included an executive board that had three members from Hillingdon. The hub shared information, worked jointly, and shared resources with other councils.

The hub had set high standards and received awards. It focused on fraud prevention, detection, and recovery. Challenges included aligning priorities across different boroughs.

In-house data matching and sharing contributed to detecting fraud (e.g., identifying deceased tenants).

The team structure was stable, with one Counter Fraud apprenticeship vacancy. The plan was to transition a trainee into the apprenticeship role after completing their accountancy degree.

The focus was on doing effective work rather than just meeting targets. The team aimed to sustain its successful performance from the previous year.

RESOLVED: That the Audit Committee:

1.    Noted the Counter Fraud Annual Operational Plan for 2024-25; and

2.    Suggested any amendments/ comments.

Officers noted that the work programme outlined the meeting dates for 2024-25.

Officers would draft a work programme for the year, which would be shared ahead of the next meeting.

RESOLVED: That the Audit Committee:

1.      Confirmed the dates for Audit Committee meetings; and

2.      Made suggestions for future agenda items, working practices and/ or reviews