Agenda and draft minutes

The Democratic Services Officer opened the meeting by asking if there were any nominations for a Chair of the meeting. Members proposed, seconded and agreed to appoint Cllr Denys as Chair of the meeting.

RESOLVED: That the Audit Committee appointed Cllr Nick Denys as Chair for the current meeting

Apologies had been received from John Chesshire.

None.

It was confirmed that item 6 would be heard in private. All other items would be heard in public.

RESOLVED: That the minutes of the meeting held on 30 April 2024 be approved as a correct record

This item was discussed as a Part II item without the press or public present as the information under discussion contained confidential or exempt information as defined by law in the Local Government (Access to Information) Act 1985. This was because it discussed ‘information relating to any individual’ (paragraph 1 of the schedule to the Act).

This item was considered in public before item 6.

The Council published the draft 2023/24 Statement of Accounts on 28 June 2024. EY were aiming to complete the 2022/23 and 2023/24 audits by the end of November and ahead of the revised backstop dates. The revised and newly proposed backstop date for financial years up to an including 2022/23 was now 13 December 2024, which had been extended from September.

The field work had been completed for the 2022/23 Housing Benefit Assurance Process and was currently at the Partner review stage. EY expected this to be completed in September 2024.

Members referred to ‘disclaimed’/ ‘modified’ opinions (where auditors have been unable to complete audits, they will issue a ‘disclaimed’ or ‘modified’ audit opinion) and asked if this was to be expected. Officers noted that it was. Modified opinions were expected as a result of the government measures to remedy the national audit backlog. It was noted that Hillingdon was in a similar situation to other local authorities with outstanding audits.

Members noted that previous audits had been held up due to differences in valuation around PPE and national issues relating to the accounting for infrastructure and IAS19. Delays relating to infrastructure and IAS19 were unlikely to happen during the 23/24 audit, however it was expected that there would be differences in PPE valuations which would need to be managed.

RESOLVED: That the Committee noted the report

The meeting started streaming to YouTube and it was noted that the private part of the meeting had just concluded. It was also noted that items 7 and 14 were conducted prior to item 6 and so were not on the public broadcast.

Officers presented the draft Annual Report of the Audit Committee for 2023/24. It had been drafted by the Head of Internal Audit on behalf of the Audit Committee and reflected their opinion of the work that had been undertaken during 2023-24. Feeback and amendments were invited from Members.

Members requested that the input of the Independent Chair of the Committee be sought.

RESOLVED: That approval of the Draft Audit Committee Annual Report for 2023/24 be deferred to the next meeting.

Officers presented the Internal Audit Progress Report. Since the last Audit Committee meeting, 10 reports had been finalised: two substantial assurance; four reasonable assurance; one advisory review in relation to Organisation Culture; one limited assurance; and two no assurance reports.

The limited assurance report was around performance information. This was a known area of improvement and it was part of the digital strategy and digital programme, looking at performance indicators, and developing a dashboard for CMT level. Services had KPIs in place, but they were not aligned with the objectives of the service or the Council’s strategic objectives. KPIs had not been reviewed or monitored consistently.

Members asked about the process of reprioritising workload when new managers requested internal audits. Officers explained the process, emphasising flexibility and the importance of obtaining necessary information. If items were being added to the plan, this was positive as people were engaging. If items were requested to come off of the plan, this would be challenged where appropriate.

Members asked about the impact of zero-based budgeting. Officers noted that outcomes from zero-based budgeting were monitored and influenced the internal audit plan.

The no assurance reports were around SEND Data Quality and Uninspected B&Bs. Members asked for more detail on these. SEND Data Quality was added to the plan because there were concerns around significant overspends against the agreed targets with the Council's Dedicated Schools Grant Safety Valve. Ongoing work had since improved processes. On B&Bs, insufficient evidence of checks had led to no assurance. This did not necessarily mean that those checks had not been completed. Efforts were ongoing to address this. It was noted that a lot of B&Bs were used to house residents in temporary accommodation. It would be ensured during follow-ups that any recommendations were implemented.

Members asked and officers clarified that they developed a plan for the full year, and officers were roughly where they would expect to be at this point in the year (Quarter 1). It tended to get busier at year-end. Officer tried to bring things forward into Quarters 2 and 3. In terms of ratings, there were not usually as many limited and no assurance reports, however, this may be because there had been more focus on risk areas and a lot of work had been done on the risk register and increasing risk awareness.

Members asked and officers further clarified that the audits were prioritised by the risk register and ratings within it. It was the role of Internal Audit to provide assurance to the Committee that there were controls in place. Officers would also consider if there were things coming out from other Councils or if KPIs were being missed. There were a lot of different elements involved.

Officers noted that they had included a paper on the new internal audit standards. These were new global standards and would create more oversight for the Audit Committee. More guidance was expected on the public sector focus.

Further to this, Members asked when  ...  view the full minutes text for item 108.

The new risk management system was being rolled out across the different directorates. Positive feedback had been received and the system had been described as easy to use. As at the end of June there were 221 risks on the system. The current total was 230. Of these, 16 were red-rated risks, and these formed the Corporate Risk Register.

New Key Performance Indicators (KPIs) had been presented to the Corporate Risk Management Group on 24 June. They were responsible for implementing and managing the risk register.

The Counter Fraud team had moved their risks onto the new system at the end of the quarter, which had led to an increase in the number of fraud risks. These were not new risks, just newly on the system. Risks had been added without a risk score to encourage active management and mitigation.

Officers asked for feedback on things that could be added to aid Members’ understanding.

Members asked about the 12 risks overdue for review. The Corporate Risk Management Group and CMT were responsible for managing these risks. Red-rated risks should be reviewed monthly, if not, weekly. If any were out of date and not recently reviewed, officers from those areas could be invited to the Audit Committee to discuss.

Members asked about actions being taken for high-risk items. Officers noted that items that were red on the Corporate Risk Register should align with the strategic risks. Detailed actions were included in the Strategic Risk Report. The Strategic Risk Register was still in its infancy and had been aligned with the new CMT dashboard. Members noted that it would be useful, for the bigger risks, to know what actions were being taken and if items were remaining on the register, why this was the case. This was noted as an action to be discussed outside of the meeting.

On changing risk status, Members asked how risks were closed or replaced, and about accountability for this. Risks had been reviewed and split into more specific categories. Explanatory notes would be added to future reports for clarity. KPIs on closed risks were monitored through the Corporate Risk Management Group, and red-rated risks required justification for closure.

Members asked how actions were being recorded and followed-up. Actions were expected to be recorded on the new system. The Corporate Risk Management Group would challenge any lack of action.

Members noted it may be useful to include how risk ratings had changed from the previous meeting to the current meeting. It was noted that this was done for corporate risks, it listed Quarter 4 and Quarter 1. It was proposed to use colour coding to show changes.

Members asked about the table of review date and rating. It was noted that the ‘Meeting Housing Need’, ‘Workforce Sufficiency’ and ‘Children’s Care Placements’ risks has been closed/ replaced. Officers noted that when items were added to the new risk management system, previous risks were reviewed. ‘Meeting Housing Need’ was a catch-all risk and so had been split into smaller  ...  view the full minutes text for item 109.

Officers introduced the Strategic Risk Report, noting its alignment with the strategic objectives and the operational risk register. The report aimed to provide assurance that the objectives will be met by collating strategic risks into a simplified, public-friendly version. Key updates included the integration of KPIs on the new dashboard and risk ratings from the new risk management system.

Officers highlighted that the Corporate Management Team (CMT) owned each risk and should discuss them with the relevant Cabinet lead. A meeting with the new Corporate Director of Finance was planned.

Members asked for clarity on the strategic risk of ‘high levels of homelessness and housing needs demand’, noting the change from the initial rating of B1 to the current rating of C2. It was noted that there were linked operation risks of legal disrepair; damp and mould; and decent homes/ thermal efficiencies. Officers explained that the strategic risk of ‘high levels of homelessness and housing needs demand’ aligned with the strategic objective of ‘safe and strong communities’.

The linked operational risks impacted the achievement of this objective and were included in the Corporate Risk Register and the new risk management system. These were things that impacted on achieving the objective and impacted on the risk score. The current rating incorporated the ratings of the linked operational risks.

Officers elaborated on the risk scoring methodology, noting that the overall risk score was a collective assessment rather than a simple aggregation of individual scores. For example, fraud risks were scored high at a strategic level due to their potential impact, but when broken down into specific operational risks, the scores may be lower.

RESOLVED: That the Audit Committee noted the Strategic Risk Report and provided feedback on the content and the level of assurance received

Officers introduced the Counter Fraud annual report for 2023-24.

This was an extremely successful year for the team. They had achieved savings of £11.2 million. The team had won the Public Finance Awards in both the Outstanding Fraud Prevention, Detection, and Recovery category and the overall Grand Prix. The team’s success had led to greater national recognition, with other councils and fraud teams seeking to learn from their best practices.

On housing, 103 properties were recovered, representing a 23% increase from the previous year and a record for the team. Additional billing in revenues amounted to around £4 million, positively impacting Council finances.

Just over £300,000 in social care savings had been achieved, demonstrating an improving work stream and better relationships with Social Care.

Members asked officers to pass on their congratulations to the team for their achievements. Members also commended the report and the national award.

Members asked about the fraud awareness campaign mentioned in the report. Officers noted that fraud awareness was embedded through mandatory e-learning for new staff and ongoing presentations. While empirical evidence was limited, anecdotal feedback suggested the campaign was building better relationships and awareness across the Council.

Members asked about HMOs and methods of obtaining information via site visits. Officers noted that due to changes to the way the government had listed HMOs in terms of Council Tax, they did not fall under the remit of the Counter Fraud team and fell under private sector housing, which would fall under the remit of the Residents’ Services Select Committee. Officers advised that when they were looking at unregistered dwellings, such as beds in sheds, their visits were all unannounced.

Members and officers discussed hybrid working and people running businesses from home and the implications of this on business rates. This would have a planning element regarding the use of properties.

Members asked about staffing levels. Officers confirmed the team was at full complement, noting that staff had been seconded in over the last six months to take up part of the B&B project.

Members asked about blue badge fraud, noting that the figures had been consistent across the year and then dropped off to zero at year end. Officers explained that the flow of cases through the system affected quarterly results. Blue Badge Days of Action were resource intensive, and once these days had been conducted, items were referred to the criminal justice system where appropriate.

RESOLVED: That the Audit Committee:

1. Noted the Counter Fraud Annual Report for 2023/24; and
2. Suggested any comments/ amendments

Officers introduced the Counter Fraud Progress Report.

The team had achieved savings of £3.3 million in Q1, marking a strong start to the year.

On tenancy fraud, 30 properties were recovered, setting a new record for a single quarter.

There were 34 cases ongoing within the criminal justice system.

£783,000 had been generated in additional billing in quarter 1.

23 unregistered dwellings had been identified.

All fraud risks had been added to the Corporate Risk Register, facilitating closer collaboration between Internal Audit and Counter Fraud teams.

There were planned workshops with service areas to improve fraud risk knowledge, management and relationships.

Officers noted the importance of ongoing efforts to manage and mitigate fraud risks.

The Committee acknowledged the impressive results and ongoing efforts in counter fraud activities.

RESOLVED: That the Audit Committee:

1. Noted the Counter Fraud Progress Report for 2024/25 Quarter 1; and

2. Suggested any comments/ amendments

This item was considered in public before item 6.

Members referred to the training programme and suggested holding all of the training sessions in one sitting. This was agreed.

It was confirmed that the Skills Matrix would be shared with new Committee Members.

RESOLVED: That the Audit Committee:

1. Noted the dates for Audit Committee meetings: and

2. Made suggestions for future agenda items, working practices and/ or reviews