Agenda and draft minutes

There were no apologies for absence received.

The Committee received an update from the Assistant Director of Strategy and Performance on the recruitment of a second independent member to the Audit Committee. The Committee heard that despite attempts to recruit to the role, officers faced difficulties finding somebody with the required level of commitment and expertise for the role. A full review is to be carried out to understand the market and how to make the role more attractive to the appropriate candidates.

RESOLVED that, the update and next steps are noted by the Committee.

There were no public questions for this meeting to consider.

The Minutes of the meeting held on 28^th November 2024 are attached for approval.

RESOLVED that, the Minutes of the meeting of the Audit Committee, held on 28^th November 2024, be approved as a correct record with the addition of the below action on Agenda Item 11.

Adult Social Care to provide an updated FFS report with updates and rag rating as actioned.

The Audit Committee heard from Mazars on the progress of the External Audit Report. Officers confirmed that they have continued to make progress. However, there are still a significant number of areas where information is outstanding.

Members queried the cause of the delays and Officers explained that it was a combination of waiting for requests to be progressed and requesting further inormation where requests had already been fulfilled.

External Auditors confirmed that the accounts would be ready for sign off in February and an additional meeting of the Audit Committee would be scheduled for this sign off.

External Auditors shared government plans for the next steps with the Committee. The Government are planning to establish a local audit office to bring together various elements which currently sit with different organisations. This will reduce delays and steamline working for a smoother audit process.

RESOLVED that, the External Audit Progress Report is noted by the Committee.

The Head of Internal Audit and Fraud presented a summary on the report of internal Control Matters. Members raised concerns that issues had been ongoing for 9 years but the responsible Officer was unavailable to present and answer questions on this report. Officers confirmed that the full report and action plan will be brought to the next meeting and the appropriate Officer will attend to present.

RESOLVED that,

1.    The report is noted by the Audit Committee

2.    The full report and action plan are to be brought to the next meeting in March.

Treasury management is the management of the Council’s cash flows, borrowing and investments, and the associated risks. Oldham Council has borrowed and invested substantial sums of money and is therefore exposed to financial risks including the loss of invested funds and the revenue effect of changing interest rates.

The strategy for 2024/25 covers the below areas: Treasury management issues:

·         Economic Background & Interest Rate Forecasts

·         The current and forecast balance sheet position;

·         The Liability Benchmark

·         The Borrowing Strategy;

·         The policy on borrowing in advance of need;

·         Debt rescheduling;

·         The Investment Strategy;

·         Approved Counterparties

·         Treasury indicators which limit the treasury risk and activities of the Council;

·         Treasury Related Matters

In response to member queries on future borrowing, officers explained that they are bound by the prudential code which only drives a 3-4 year plan, and are unable to include anything beyond this which has not yet been committed to. It would be difficult to make predictions beyond what has already been provided.

Members queried the borrowing market and whether officers had any concerns about this. Officers noted that there have been some changes not in the council’s favour with rates increasing from 4.4% to over 5%.

RESOLVED that, as per the report, the Audit Committee considers and commends to Cabinet:

1.    Capital Financing Requirement (CFR) Projections

2.    Projected Balance Sheet position as at 31 March 2025 and future years

3.    Liability Benchmark

4.    Borrowing Strategy for 2025/26

5.    Annual Investment Strategy

6.    Treasury Management Prudential Indicators

The Audit Committee received the internal Audit Progress Report for Q3 2024/25 from the Head of Audit & Counter Fraud. Work on the Council’s Fundamental Financial Systems (FFS) reviews for 2024/25 has continued into Q3. One FFS report in connection with the Council’s Payroll Service has been issued and the remainder will be reported in due course.

In addition, other Audit and Counter Fraud Team activity in Q3 included:

·         Completion of six opinion reports

·         Ongoing work in connection with a review of the Council’s Housing Options Service, a review of Children’s to Adults transitions in Social care, a Standards of Conduct review, and a review of In-Borough SEND Placements,

·         Corporate Counter Fraud activities have identified £349,033 of fraud, errors and overpayments

The Committee were given a summary of Audit Reports/Outcomes from 1 April 2024 to 15 January 2025 and 3 new ‘inadequate’ reports have been added to the Outcomes. Members queried whether full reports and an action plan can be provided to the Audit Committee where an area has been deemed ‘inadequate’. The Head of Audit & Counter Fraud suggested that this would create excessive amounts of high-level reading for the Committee but suggested that more detail could be added to the current summary to provide more detail on the findings and action plans. The Head of Audit & Counter Fraud also suggested that he would look across Greater Manchester to establish their processes on providing full inadequate reports to Committees.

The Assistant Director of Strategy & Performance noted that that areas deemed to be inadequate were reviewed regularly at management board meetings and that he would work to bring back a proposal to provide more detail to the Committee and ensure that the responsible Officers are available to attend to answer Committee questions.

RESOLVED that,

1.    The Audit Committee accept and note the progress achieved and performance by the Audit and Counter Fraud Team

2.    The Head of Audit & Counter Fraud is to look across Greater Manchester to establish their processes on providing full inadequate reports to Committees

3.    The Assistant Director of Strategy & Performance will work to bring back a proposal to provide more detail to the Committee and ensure that the responsible Officers are available to attend to answer Committee questions.

The Audit Committee considered its Work Programme for 2024/25. Members were invited to make suggestions of other items to add to the work programme for 2024/25.

Members suggested that they were interested in reviewing the payment processes and timescales for invoices of goods and services. Officers confirmed that the Council aims to pay all invoices within 30 days, and these figures could be included within the Corporate Performance Report that already comes to Committee if required.

Members raised concerns about continuity and contingency planning around the loss of senior staff, and whether this was a risk performance that should be brought to the Audit Committee. Officers explained that this is not currently considered to be a priority risk and has not been included on the risk register as appropriate recruitment work and handover planning has done to ensure continuity as new members of senior staff are recruited.

RESOLVED that, the Work Programme for the remainder of 2024/25 is noted by the Committee.

To consider that the press and public be excluded from the meeting for the following item of business, pursuant to Section 100A(4) of the Local Government Act 1972 on the grounds that discussions may involve the likely disclosure of exempt information, under paragraph 3 as defined in the provisions of Part 1 of Schedule 12A of the Act, to the Local Government Act 1972 and public interest would not be served in publishing the information.

RESOLVED that, in accordance with Section 100A(4) of the Local Government Act 1972, the press and public be excluded from the meeting for the following two items of business on the grounds that they contain exempt information, as defined under paragraph 3 of Part 1 of Schedule 12A of the Act, and it would not, on balance, be in the public interest to disclose the report.

The Audit Committee received the report of the Senior Information Risk Owner (SIRO). The report highlighted Information Security Incidents and related matters which have occurred from 1 April 2024 to 31 December 2024.

The Board heard how Cyber-criminals continue to be an increased risk particularly around sending 'phishing' emails with the aim of getting users to click on a malicious link. A single malicious link could lead to a successful attack, which could in turn compromise the IT network and put all information at risk. The SIRO has been working with ICT and reviewing how other authorities have responded to recent Cyber Attacks. In terms of reassurance following an incident in October 2023 ICT are in the process of making several improvements to support managing the Council estate from malicious attempts.

For the year 2024/25 there are 81 incidents recorded. This compares to 2023/2024 where there were 132 security incidents, which compares to 99 for the year 2022/2023. The trend for 2023/24 shows an increase year on year. Which appears to have remain steady for 2024/25.

The Council has reported one incident to the Information Commissioner’s Office (ICO) in 2023/24 This is the same as 22/23 when 1 incident was reported to the ICO. No incidents have met the threshold to report to the ICO in 2024/25.

Members queried what resilience or back up Oldham have to deal with serious breaches like the one which recently occurred in Northern Ireland. Officers confirmed that IT have the appropriate firewalls and backups in place. System tests are conducted and vulnerabilities identified regularly. Officers also noted that they have reviewed a copy of the report from Northern Ireland and taken the appropriate learnings on how to avoid a similar attack.

RESOLVED that, the Senior Information Risk Owner update is noted by the Committee.