Agenda and draft minutes

Audit Committee - Monday, 12th February, 2024 5.10 pm

Venue: Committee Room 5 - Civic Centre. View directions

Contact: Democratic Services  Email:

No. Item


Apologies for absence




Declarations of interest





To confirm that all items marked Part I will be considered in Public and that any items marked Part II will be considered in Private


It was confirmed that all items would be considered in public.



Minutes of the Meeting held on 22 November 2023 pdf icon PDF 431 KB


RESOVLED: That the minutes of the meeting held on 22 November 2023 be approved as a correct record



Counter Fraud Progress Report 2023-2024 Q3 pdf icon PDF 517 KB


Officers presented the Counter Fraud progress report.


Officers highlighted the recent achievement of the team being awarded the Public Finance Awards in the category of Outstanding Fraud Prevention, Detection and Recovery. The team had also won the Grand Prix award, which was the winner of the winners of the night award. Officers thanked Members and other officers for their contributions to this.


The team had achieved £5.6 million in savings during Q3, which was the highest figure ever recorded for a quarter. This brought the total for the year to £9.2 million. Most of the activity focused on housing, social care and revenues.


In housing, 32 properties were recovered due to tenancy fraud, totalling 80 for the year as a whole, with 135 ongoing investigations. Revenue maximisation efforts had identified undeclared businesses, resulting in billings issued exceeding £3.6 million. In social care, multiple fraud awareness sessions had led to an increase in fraud referrals, particularly related to direct payments.


Looking ahead to Q4, the management team planned to focus on housing and social care whilst preparing for the new financial year.


Officer proposed a change to the formatting of the presented report to include fewer narratives and more visual representations, to aid Members in their understanding. Members supported this idea, citing the need for clear understanding. It was also noted that this may be a benefit to any substitute Members.


Member praised the team’s achievements, noting their consistent performance.


Members noted where the report stated there was more work to be done on social care fraud. Officers noted that they had had discussions on this and acknowledged that there was more work to be done on understanding the fraud risk in this area. This was a key focus moving forward.


Members referred to publicity of the Counter Fraud team’s work, and officers noted that more could be done on this, although more was being done than in previous years.  Members highlighted publicity on blue badges.


Members asked about the ongoing investigations in housing and asked how long these investigations take. Officers noted that most of the referrals received were anonymous or internal. This meant that when officers were notified of tenancy fraud, the person committing the fraud would be unaware. They would then not be notified until officers had gathered sufficient evidence so that the person could be interviewed.


Members asked about ‘beds in sheds’ and whether these were across the borough or centred around certain areas. Officers noted that a lot of this was to do with where the university was located and where the airport was located in terms of renting a room for work. Therefore, a lot was centred around certain areas of the borough.


Members asked about the £3.6 million in revenue maximisation, noting that this seemed quite high. Officers noted that the last financial year was the first looking at revenue maximisation. On one day per quarter the team went out into hotspot areas to see which businesses were notified within the system for business  ...  view the full minutes text for item 80.


External Audit Update pdf icon PDF 133 KB


Officers introduced the external audit update.


The 2022-23 Teachers’ Pension audit had successfully completed with no material items to report. Similarly, the Capital Receipts Pooling for 2022-23 had also completed. Currently, the Housing Benefits Certification for 2022-23 was underway and was expected to be completed by the end of June. The Value for Money Assessment and Pension Fund audits for 2022-23 were nearly completed, with results expected to be presented to the next Audit Committee in April.


The 2023-24 Council audit was in an interim phase, focusing on transactions up to December and ensuring compliance with established processes and controls. This work was progressing on track.


On the 2022-23 Council audit, Hillingdon was not among those authorities facing significant audit backlogs, with only 2022-23 outstanding.  Efforts were being made at the national level to address this backlog and consultations were underway. Officers from EY gave further updates on these consultations, noting proposed amendments to the Code of Audit Practise and measures to address the backlog. A joint consultation launched by Department for Levelling Up, Housing and Communities (DLUHC) and the Financial Reporting Council (FRC) was noted, with the deadline for responses on 07 March 2024.


Subject to this consultation, there may be some amendments to the Code of Audit Practice around the ability to report on a composite basis for Value for Money, rather than reporting annually. This would not be an issue for Hillingdon as it was only the 2022-23 Value for Money audit that EY were currently working on.


On the National Audit Office Code consultation, the main element was in relation to encouraging auditors to cooperate where a transition had taken place. This would not affect Hillingdon who were continuing with EY as external auditors.


On the DLUHC consultation, there were three key elements:

Phase one: to address the backlog which would see a backstop date of the end of September 2024 for all financial years up to 2022-23, and if the audits were not complete by this time, then auditors would be required to issue a form of modified opinion, either limitation of scope or a disclaimed opinion on all financial statements.


Phase two: a recovery period which would see backstop dates introduced for each financial year up to the end of the five-year PSAA contract (2028/29).


Phase three: longer term reform of reporting and auditing within the local government sector.


There was one additional consultation expected from the FRC in relation to the basis under which the Council prepares its financial statements. This was expected imminently and will address the extension of the statutory override in relation to infrastructure asset accounting. Other elements on this consultation would include how pension disclosures are set out within the financial statement (moving from an IFRS basis to an FS102); and moving for operational assets to the application of indexation rather than the requirement as it currently stands for formal valuations to be received. If these changes were implemented, they would affect 2023/24 and 2024/25. EY would keep officers  ...  view the full minutes text for item 81.


Internal Audit Progress Report 2023-2024 Q3 pdf icon PDF 483 KB


Officers presented the Internal Audit progress report for Q3 of 2023-24.


Since the previous Audit Committee, nine reports had been issued in final. At the time of writing the report, five had been issued in draft, one of which had since been finalised. This related to private sector housing, which was reasonable assurance and would be included in the report for the next Audit Committee.


Lots of remaining audits were getting to the draft report stage and those marked as field work were at the end of the field work stage.


More reports had been issued in final at this stage in the year, compared to at the end of April in the last financial year. Although there was some work outstanding, officers had no concerns and this represented a good position for internal audit work.


Of the nine reports issued in final, one was substantial, two were reasonable, two were advisory and four were limited assurance reports.


Common themes identified in the limited assurance reports related to:


For ‘Facilities Management’ and ‘Climate Action’ reports, this related to governance arrangements and the strategic direction of the governance arrangements.


For ‘Homeless Housing Applications’ and ‘Goshawk Gardens & Chapel Lane’ reports, this related to the effectiveness of controls in practice.


Changes to the Internal Audit plan were also highlighted, with the removal of the budget-setting audit due to prioritisation of zero-based budgeting (ZBB) processes. An audit of pool cars had been added to the plan in response to service requests. This had been completed and would be finalised by the next Audit Committee.


Regarding follow-up, three reports were now closed since the last Audit Committee meeting, but several recommendations remained outstanding. Officers explained that some delays in addressing recommendations were due to new systems implementation and personnel changes.


Members asked for more details about the status of ‘field work’. Officers clarified that this referred to testing, obtaining evidence and coming up with findings, working with services to collate evidence and identifying what to report. Report drafting referred to when field work had finished, writing up the reports, going through an internal review stage before being issued. Reports marked as draft in amber meant that a draft report had been sent to the service for their management response.


Members asked about the key performance indicators (KPIs), and specifically KPI 8 (HIGH and MEDIUM risk IA Management Actions completed within the agreed timescale). Officers noted that not all of the KPIs were things for Internal Audit to deal with. KPI 8 referred to management responding to completing management actions. The KPIs were making sure that there was evidence to the Committee that progress was being made.


It was noted that the follow-up process started at the beginning of the year. Initially there were a lot of quick follow-ups and a lot of these were reported to the previous Audit Committee. Those remaining were likely older ones whereby officers many have changed, or it was taking time to embed new systems.


The Chair expressed  ...  view the full minutes text for item 82.


Internal Audit Charter pdf icon PDF 503 KB


Officers presented the Internal Audit Charter and Internal Audit Plan.


The Internal Audit Charter was a requirement to be produced and outlined the role and responsibilities and the purpose of Internal Audit. The Charter was unchanged from the previous year, but officers were required to review it annually.


The Internal Audit Plan was based on the team’s capacity internally. There was support from external providers if required. The plan was spread across the year and spread across Directorates. It was a flexible plan which would allow for accommodation of any big service changes. There were some cross-Directorate reviews within the plan around governance and the transformation programme which impacted on all Directorates.


The plan had been presented to the Corporate Management Team and took into consideration the risk register.


The Chair asked about the audit methodology. The Global Institute of Internal Auditors had updated its internal audit standards. Hillingdon followed the Public Sector Internal Audit Standards and so there would be a process of deciding if these standards needed to be updated or replaced by the Global Standards. Officers noted that the new standards were due to come into effect from 2025 and so there was sufficient time to review this, although on initial inspection there did not appear to be the need to major updates.


The Chair commended the plan as well-balanced and comprehensive, particularly welcoming the inclusion of cross-Directorate reviews and audits related to governance and transformation programs.


The Chair noted the security review that had been added to the plan following a number of concerns and asked for more information on this. Officers noted that this referred to security within the Civic Centre, and who could access different parts of the building.


The Chair asked for clarification on the safety valve agreement. Officers noted that this was a technical term applied to a specific arrangement that a number of Local Authorities had with the Department for Education in terms of managing the high needs block. Hillingdon had a deficit and a management arrangement with the DfE to manage that deficit which was denoted a ‘safety valve arrangement’.


Members asked about the utilisation of housing stock. Officers noted that this referred to identifying the current availability and how officers were maximising the available use of the housing stock, getting the most value out of it and allocating it appropriately.


Overall, the Committee approved the Internal Audit Plan and noted the responsibilities outlined in the Charter.


RESOLVED: That the Audit Committee:


  1. Approved the Internal Audit Annual Plan for 2024/25; and


  1. Noted the purpose and responsibilities of Internal Audit as outlined in the Charter



Risk Management Report 2023-2024 Q3 pdf icon PDF 512 KB


Officers presented the Risk Management report. This showed the risk register as at the end of Q3 and so it was noted that there had been some updates as it was a live document.


There had been a training workshop with the Senior Management Team since the last Audit Committee and this led to a number of new risks, particularly within the Place Directorate. Officers emphasised that the increase in risk did not indicate a higher level of riskiness but rather improved consistency in recording risks within the Directorate.


Officers provided an update on the implementation of new risk management software, which was currently being fine-tuned before full deployment. Training sessions were due to be run on it.


In response to questions from the Committee, officers explained the functionality of the new risk management software, which included automated notifications for overdue reviews and improved dashboard reporting. A lot of the risks within the Place Directorate still needed to be scored, but this was because they were newly added to the list. The register was moving to a system of individuals services taking ownership of their risk registers, and Directors taking ownership of holding services accountable.


At the end of the report was a summary of the Corporate Risk Register. These were the red rated risks from the Directorate Risk Register. As at the end of the quarter there were no significant changes. Since the end of the quarter the schools’ places risk had been reduced down to green rated, and Decarbonisation and Decent Homes Improvement has been added.


Members asked if the new software would help to identify departments that were not updating the register. Offices noted that there was a review date for all risks and review dates for actions. The system was currently set up to notify departments daily when something became overdue, and officers were reviewing the frequency of these updates. The system also notified the manager or Director. The new system would also allow exporting of dashboard information. The system would likely be updated by the time of the next Audit Committee.


The Chair asked about the reasonable delays for risks not reviewed. Officers noted that one of these related to an officer who had been off sick for an extended period of time. Two of these were related to where the responsible officer did not have access to the centralised register. This had now been rectified.


Furthermore, the Committee sought clarification on specific risks mentioned in the report, with officers providing insights into Risk 12 (Ability to Deliver a Balanced Budget in the Short and Medium Term) and Risk 13 (Financial Resilience of Contracts). On Risk 12, the date of the review was before officers had information relating to the local government settlement and before setting the budget. Therefore, further consideration of this risk would be given in Q4. On Risk 13, measures being taken to address this included proactive contract management and closer monitoring of contractors' financial health.


Members asked about ‘new and  ...  view the full minutes text for item 84.


Strategic Risk Report pdf icon PDF 219 KB


Officers presented the Strategic Risk Report. The intention of this was to align operational risk registers with the Council's strategic objectives.


The report provided assurance to the Committee that strategic risks were being managed effectively, with performance indicators, controls, and actions to mitigate them.


Officers emphasised that the report was still in the early stages and would evolve further, particularly with the implementation of the new risk management software. Officers also noted that there would likely be more strategic risks to add against the strategic objectives.


Officers were reviewing the way they presented their performance information to make it more into a dashboard and linking it in with performance indicator data.


On each risk there was the risk description relating to strategic risk; the primary controls that were there to manage that risk; and what the source of assurance was. There were three levels of assurance:

·         Level One: management controls and how management was dealing with the services

·         Level Two: internal oversight such as CMT monitoring

·         Level Three: independent assurance, for example if Internal Audit were doing any reviews or External Audit or Independent Advisers coming in


There were also KPIs but Q3 data had not been available at the time of the report. There were initial and current ratings included via a red/ amber/ green scale. The control rating was in relation to how confident officers were that those controls mitigate that risk from happening. The assurance rating was the level of assurance that officer had that this risk is being managed. Those assurance ratings were currently still TBC because it depended on what the assurance was and also the performance indicated data. This would be updated going forward.


Feedback from the Committee was overwhelmingly positive, with Members commending the clarity and simplicity of the report. Members appreciated its intuitive layout and expressed anticipation for future developments.


Members sought clarification on the current risk ratings, and officers noted that these were agreed on with CMT. However, Members could give their opinions and updates could be made. Officers further noted the process of encouraging risk owners to take more active ownership. Officers explained that the focus was currently on operational risk management but acknowledged the importance of integrating strategic risks into the process.


Overall, the Committee praised officers for their work on the report and expressed confidence in its ongoing development. Members encouraged continued efforts to simplify and streamline risk management processes while ensuring alignment with the Council's strategic objectives.


RESOLVED: That the Audit Committee noted the Strategic Risk Report and provided feedback on the content and level of assurance received



Skills Matrix pdf icon PDF 260 KB


Attached to the report was the Skills Matrix, which Members had recently completed. Also attached was a draft training plan, which officers had compiled in response to the completed Skills Matrix. It was noted that the dates may need to be updated.


Officers suggested moving the item on ‘the role of the Audit Committee’ to an earlier session or integrating this within the other topics.


Ultimately, the Committee approved the training plan with the understanding that minor adjustments may be made to the sequencing of topics.


RESOLVED: That the Audit Committee:


  1. Suggested any amendments/ made comments on the Skills Matrix;


  1. Suggested any amendments/ made comments on the draft training plan; and


  1. Subject to any agreed amendments; approved the Skills Matrix



Work Programme pdf icon PDF 97 KB


Officers noted that the dates for future meetings would need to be updated from those published in the agenda, and that the Work Programme was for noting.


RESOLVED: That the Audit Committee:


  1. Noted that new dates of upcoming Audit Committee meetings were to be confirmed; and


  1. Made suggestions for future agenda items, working practices and/ or reviews