Agenda and minutes

Audit Committee - Thursday, 9th June, 2022 6.00 pm

Venue: Lees Suite, Civic Centre, Oldham, West Street, Oldham, OL1 1NL. View directions

Contact: Peter Thompson

Items
No.	Item
1.	Appointment of Vice Chair To appoint a Vice Chair of the Committee for the Municipal Year 2022/23. Minutes: RESOLVED – That Councillor Islam be appointed Vice Chair of the Audit Committee for the 2022/23 Municipal Year.
2.	Apologies for absence Minutes: Apologies for absence were received from Councillors Ahmad and Chris Gloster.
3.	Urgent Business Urgent business, if any, introduced by the Chair. Minutes: There were no items of urgent business for this meeting of the Committee to consider.
4.	Declarations of Interest To receive declarations of Interest in any Contract or matter to be discussed at the meeting. Minutes: There were no declarations of interests.
5.	Public Question Time To receive Questions from the Public, in accordance with the Council’s Constitution. Minutes: There were no questions submitted by members of the public.
6.	Minutes PDF 251 KB To approve the minutes of the meeting held on 10^th March 2022. Minutes: RESOLVED That the Minutes of the meeting of the Audit Committee held 10^th March 2022 be approved as a correct record.
7.	SIRO Annual Report 2021/22 PDF 126 KB To follow Minutes: The Committee considered a report of the Assistant Director of Corporate Governance and Strategic Financial Management, which updated Members on information security breaches, risk issues/actions. The submitted report was the annual report of the Senior Information Risk Owner (SIRO) to the Audit Committee highlighting Information Security Incidents and related matters which have occurred throughout 2021/22. The position of SIRO, within Oldham Council was held by Anne Ryans, Director of Finance with Mark Stenson, Assistant Director of Corporate Governance and Strategic Financial Management acting as Deputy SIRO. The SIRO responsibilities extend to cover the MioCare Group Community Interest Community and the Unity Partnership Ltd (during 2021/22) under the service level agreements in place with the Council’s Information Management Team. Operational day to day responsibilities for the management and reporting of information risk, and information security breaches, rests with the Information Management Team. The Committee was informed that there were 80 information security incidents reported during 2021/22, compared to 68 during 2020/21. It was thought likely that number of incidents in 2020/21 were reduced due to the coronavirus pandemic as during 2019/20 there were 103 incidents. Specific incidents that occurred during both 2020/21 and 2021/22 were summarised in a table attached at Appendix 1 to the report. The Committee was informed that Caldicott Guardian is a senior role in an organisation which processes health and social care personal data. The duty of the Guardian is to ensure that personal data is used legally, ethically and appropriately, and that confidentiality is maintained. The Council currently has two Caldicott Guardians - one for Children’s Services and one for Community Health and Adult Social Care. The Information Management Team has worked with both Caldicott Guardian’s to raise awareness, provide training, and issue key messages to staff. Furthermore, the Information Management Team and the Children’s Caldicott Guardian analysed trends across the four incidents and issued specific guidance to staff relating to how to minimise the risk of information being disclosed in error or shared inappropriately due to redaction issues. Members were reminded that cyber-criminals continue to be an increased risk particularly around sending 'phishing' emails with the aim of getting users to click on a malicious link. It is important therefore to remember that a single malicious link could lead to a successful attack, which could in turn compromise the IT network and put all information at risk. Reminders have been sent to all employees and Councillors requesting completion of the Council’s interactive Mandatory Cyber Security training course. Cyber awareness guidance has also been added to the Council intranet and circulated to all staff. To further reduce risk, further work is being carried out to heighten awareness of phishing emails. Cyber criminals often target employees of organisations in order gain unauthorised access, infiltrate the network and compromise data, Local Authorities are popular targets. To reduce the risk, the Council successfully changed its policy on password complexity to align with the recommendations of the National Cyber Security Centre (NCSC). External independent validation has shown an improvement in ... view the full minutes text for item 7.
8.	Audit of Housing Benefit Subsidy 2020/21 PDF 74 KB To follow Additional documents: 2a ac090622hbauditAnnex 1 , item 8. PDF 118 KB Minutes: The Committee received a report of the Assistant Director of Corporate Governance and Strategic Financial Management which detailed the outcome of an external audit of the Housing Benefit Subsidy claim form for the financial year 2020/21. The audit of the Housing Benefit Subsidy Claim was undertaken by KPMG LLP and the report and its appendix detailed the findings of that audit. Overall, the report was positive and did not detail any findings which impacted on the subsidy claim. Where there were errors identified as detailed in Appendix A of Annex 1, they were minor and not material. RESOLVED That the report be noted.
9.	Director of Finance - Charged with Governance Management Processes and Arrangements PDF 76 KB To follow Additional documents: 3a aC090622directoroffinanceMazars Letter to Management 2021-22final , item 9. PDF 83 KB Minutes: The Committee was informed that for the Council’s External Auditor, Mazars LLP, to be enabled to carry out their duties required under the Local Audit and Accountability Act 2014, the Director of Finance was required to provide the auditors with the necessary assurances required under International Standards on Auditing (ISA), particularly, ISA 260, Communication with Those Charged with Governance. In carrying out the annual audit of the Council, Mazars LLP were required to comply with the International Standards on Auditing (ISAs) as adopted by the UK Financial Reporting Council (FRC). ISAs require that the auditor make inquiries of those charged with governance (TCWG) to determine whether they have knowledge of any actual, suspected or alleged fraud affecting the entity. These inquiries are made in part to corroborate the responses to the inquiries of management. Mazars LLP had sent the Director of Finance a questionnaire setting out their inquiries of TCWG. The questionnaire and the Director of Finance’s proposed responses were set in the attachment to the submitted (Annex 1). As part of this process, Mazars asked that the Council’s Director of Finance provides response to the following questions: a. What processes are in place at the Council to undertake an assessment of the risk that the financial statements may be materially misstated due to fraud or error (including the nature, extent and frequency of these assessments)? b. What processes are in place to identify and respond to risks of fraud? c. What processes are in place to communicate to employees the Council’s views on business practice and ethical behaviour d. What processes are in pace to communicate to the Audit Committee measures for identifying and responding to fraud or error? e. How does the Council’s management gain assurance that all relevant laws and regulations have been complied with and have there been any instances of non-compliance during 2021/22? f. Are there any actual or potential litigation or claims that would affect the financial statements? g. What controls are in place to: identify, authorise, approve, account for and disclose related party transactions and relationships? RESOLVED 1. that the report be noted. 2. That the Director of Finance be authorised to submit appropriate responses to the questions submitted by Mazars
10.	Audit Committee Chair - Charged with Governance Management Processes and Arrangements PDF 76 KB To follow Additional documents: 4a ac090622Mazars Letter to TCWG 2021-22chairfinal , item 10. PDF 96 KB Minutes: The Committee considered a report of the Assistant Director of Corporate Governance and Strategic Financial Management which advised that to enable the Council’s external auditors, Mazars LLP, to carry out their duties under the Local Audit and Accountability Act 2014, the Audit Committee via the Chair (for 2021/22 financial year in Oldham this was the Vice Chair) was required to provide the auditors with the necessary assurances required under International Standards on Auditing (ISA), particularly, ISA 260, Communication with Those Charged with Governance. In carrying out their annual audit of the Council, Mazars LLP had complied with the International Standards on Auditing (ISAs) as adopted by the UK Financial Reporting Council (FRC). ISAs require that the auditor makes inquiries of those charged with governance (TCWG) to determine whether they have knowledge of any actual, suspected or alleged fraud affecting the entity. These inquiries were made in part to corroborate the responses to the inquiries of management. Mazars LLP has sent the (Vice)Chair of Oldham Council’s Audit Committee a questionnaire setting out their inquiries of TCWG. The questionnaire and the Vice Chair of the Audit Committee’s proposed responses were set out in Attachment 1 of the Appendix to the submitted report. There is a requirement to respond to Mazars LLP by 30^th June 2022. RESOLVED That the report be noted.
11.	Local Code of Corporate Governance PDF 81 KB To follow Additional documents: 5a ac090622Appendix 1 Code of Corporate Governance final , item 11. PDF 62 KB Minutes: The Committee considered a report of the Director of Finance that proposed a refreshed Local Code of Corporate Governance for Oldham Council. The Council was required to produce a Local Code of Corporate Governance, which would be subject to review every two years or when there had been changes to Governance Standards. Oldham Council’s Local Code of Corporate Governance was last reviewed on 20^th January 2020. A refreshed Local Code of Corporate Governance was presented for review at Appendix 1, of the submitted report. The main body of the Code was structured around the seven key principles of the revised CIPFA/SOLACE publication: ‘Delivering Good Governance in Local Government’ and was designed to reflect the assurance gathering process for the Annual Governance Statement which is produced to support the Statement of Accounts. Each commitment covered a particular area of the Council’s responsibilities in terms of corporate governance. The seven principles were: Behaving with integrity, demonstrating strong commitment to ethical values, and respecting the law; Ensuring openness and comprehensive stakeholder engagement; Defining outcomes in terms of sustainable economic, social and environmental benefits; Determining the interventions necessary to optimise the achievement of the intended outcome; Developing the entity’s capacity including the capability of its leadership and the individuals within it; Managing risks and performance through robust internal control and strong public financial management; Implementing good practices in transparency, reporting and audit to deliver effective accountability. RESOLVED That the Audit Committee accepts and notes the refreshed Local Code of Corporate Governance for Oldham Council, as set out at Appendix 1 of the submitted report.
12.	Internal Audit Charter 2022/23 PDF 202 KB To follow Minutes: The Committee considered a report of the Head of Internal Audit which advised Members of the proposed Internal Audit Charter for 2022/23. The work of Oldham Council’s Internal Audit team has been governed by the UK Public Sector Internal Audit Standards (PSIAS) from 1^st April 2013 (updated in March 2017). The Standards comprise a revised definition of Internal Auditing, a Code of Ethics for Internal Auditors working in the Public Sector and the Standards themselves. The Standards were mandatory for all Internal Auditors working in the UK public sector. The 2022/23 Internal Audit Charter was attached at Appendix 1 to the submitted report. RESOLVED That the Audit Committee approves the 2022/23 Internal Audit Charter, with effect from 1^st April 2022.
13.	Internal Audit and Counter Fraud Progress Report PDF 175 KB To follow Minutes: The Committee considered a report of the Head of Audit and Counter Fraud which provided Members with a high-level progress report on the work of the Internal Audit and Counter Fraud team for the 2021/22 financial year. The report summarised the work carried out by the team from 1^st April 2021 to 31^st March 2022. In the final Quarter of the year (January – March 2022) the team continued to prioritise work on the Fundamental Financial Systems (FFS) reviews to support the 2021/22 audit of the financial accounts. Interim FFS reports were issued, and work commenced on the final stage reviews, with final reports being issued in the first quarter of 2022/23. In addition, other Audit and Counter Fraud Team activity included: • Continued support in respect of COVID-19 grant funding regimes, including responding to central government requests for supporting information in respect of grants paid. • Compilation of the Annual Audit Report and Opinion and other reports for this Committee. • The Counter Fraud and Direct Payments Audit Teams (Children and Adults) have continued to deliver significant recovery outcomes which have generated £408,478 and £2,978,029 for the year to 31^st March 2022. RESOLVED That the Internal Audit and Counter Fraud progress report be noted.