Agenda and draft minutes

Apologies were received from lay member Paul Whittham.

No declarations of interest had been raised.

No urgent matters had been raised.

To receive the minutes of the Corporate Governance and Audit Committee meeting held on 20 November 2019 (copy enclosed).

The minutes of the Corporate Governance and Audit Committee meeting held on 20 November 2019 were submitted.

Matters Arising:

·         Concerns which were raised with the lack of statistics from social services included in the Care Inspectorate Wales - Local Authority Performance Review were noted in the minutes.

RESOLVED that the minutes of Corporate Governance and Audit Committee meeting held on the 20 November 2019 be approved as a correct record.

To consider a report by the Head of Internal Audit (copy enclosed) updating members on Internal Audit progress.

The Chief Internal Auditor (CIA), introduced the Internal Audit update report (previously circulated) updating members on the Internal Audit progress in terms of its service delivery, assurance provision, reviews completed, performance and effectiveness in driving improvement.

The report provided information on work carried out by Internal Audit since the last committee meeting. The CIA guided members through the reports which provided an update as of the 31 December 2019:

·         Internal audit reports recently issued;

·         Payment card industry – data security standards (PCI DSS)

·         General data protection regulations (GDPR) in Schools

·         Traffic Regulation Orders

·         Single Access Route to Housing (SARTH)

·         Waste and Recycling Proposal Housing Tenancy

·         Office Accommodation

Both the Payment card industry – data security standards (PCI DSS) and Housing Tenancy would be discussed later in the meeting.

·         General data protection regulations (GDPR) in school - it was stated that since the last meeting e-learning training completion numbers had increased from 56% to 76%. Members commended the increase however felt that it would be beneficial for school governors to be aware of procedures and possibly have their own training.

·         Traffic Regulation Orders (TRO) - members queried whether there could be more done in areas of Rhyl where the public either parked on double yellow lines or on the curbs. It was stated that work was being carried out however the capacity within the highways team caused issues. It was advised that Legal had offered to work alongside highways. The committee understood the issue was nationwide however queried whether Denbighshire was performing better than surrounding authorities, officers responded stating that it was similar across the counties.

·         The Waste and Recycling Proposal – the project was at an early stage therefore assurance could not be given. Members were supportive of an audit to be carried out and the work scrutinised due to the climate emergency.

·         Single Access Route to Housing (SARTH) - it was stated that there were good partnership arrangements between Flintshire and Denbighshire. However current arrangements needed to be more robust to ensure that the partnership continued to add value for partners and provided effective service to customers. Members queried where the contact centre for SARTH was located, members were informed the contact number was a Denbighshire number however the queries would be directed to a Flintshire office to deal with any queries.

·         Office accommodation, the climate impact of each office was being monitored. A pilot case study had been carried out in Russell House revealed that savings and carbon emissions reductions could be achieved when staff were encouraged to switch off lights and turn off docking stations when they were no longer in use, and to leave thermostats as they have been set. There was a corporate Climate and Ecological Emergency Task and Finish Group set up which aimed to raise staff awareness and to encourage staff to change their behaviour.

·         County Hall had significant spare capacity and work was ongoing to see how this space can be used. The Asset Management Group met regularly to discuss and make decisions regarding the property portfolio.

RESOLVED that the Corporate Governance and Audit Committee receive the Internal Audit update report and note its contents.

To consider a report by Chief Internal Auditor (copy enclosed) providing details of a recent Internal Audit report of Housing Tenancy that received a ‘Low’ assurance rating.

The Chief Internal Auditor (CIA) introduced the Internal Audit of Housing Tenancy report (previously circulated) alongside the Lead Officer - Community Housing (LOCH).

The report provided details of a recent Internal Audit report of Housing Tenancy that received a ‘Low’ assurance rating. The scope of the audit which was carried out focused on data validity checks, policies and procedures, subletting and lodgers, and tenancy misuse. Within the review the issues which were highlighted were relating to system data inaccuracies and absence of tenancy audits to check that the terms of tenancy agreements were being met e.g. legitimate persons were living at the property with no unauthorised subletting or lodgers. During the review, the service confirmed that tenancy audits were due to commence and were in the process of being rolled out.

Procedures and guidelines around tenants verification checks, subletting, lodgers and tenancy misuse and potential tenancy fraud required development to ensure that a consistent process was applied. It was also outlined that whilst Housing staff reviewed National Fraud Initiative matches, there was little information sharing outside of this to assist with prevention and detection of fraud. Also, a more coordinated approach across different housing sections was needed to ensure that all key information relating to tenants and occupants were recorded to ensure that tenancy information was kept up-to-date and any potential misuse was addressed.

The following points were discussed further –

·         Since the audit had been carried out a new IT system was being implemented, and it was assured that the information which was held would be kept up to date, and accurate.

·         The visitation to tenants had proved difficult as some tenants were in occupation for several years and would not like any disturbances, it was also highlighted that unless there was legal cause to evict someone, they could only leave if they wished to. There would also be contact with the residents hopefully once a year.

·         The matter of fraud was outlined, and it was clarified that there was a good community communication with the Council and if something seemed incorrect local residents would report the matter. Another method which was being rolled out was to ensure that tenants would supply photographic identification which ensure the identity of the tenant.

Members queried the following points with officers –

·         Members commended the work which had been carried out since the audit, however as corporate landlords stated that the Council should ensure that the correct tenants reside in the houses.

·         It was queried whether the photographic images of the tenants would be GDPR compliant. Members were informed that the taking images of the tenants were compliant and other Housing Associations used the practice.

·         It was queried whether tenants would have to inform the Council if they had lodgers in the house with them. Responding members were informed that it was legal for tenants to have lodgers as long as the tenant lived in the house as well.

·         Checks through systems and other agencies was queried. It was clarified that the National Fraud Initiative was used however with GDPR sharing information between agencies was not prohibited.

·         It was queried whether the Housing team have good communication with local elected members, as they had a good understanding of the wards and the people. Communication would be carried out with local members.

·         Members were informed that the Housing team had a good working relationship with the local Police.

RESOLVED –

(i)    That the Corporate Governance and Audit Committee note the audit on the Internal Audit of Housing Tenancy

(ii)  A follow up report be returned to the Corporate Governance and Audit Committee in  ...  view the full minutes text for item 6.

To consider a report by Chief Internal Auditor (copy enclosed) providing details of a recent Internal Audit report of Payment Card Industry Data Security Standards (PCI-DSS) that received a ‘Low’ assurance rating.

The Chief Internal Auditor (CIA) introduced the Internal Audit of Payment Card Industry Data Security Standards (PCI-DSS) (previously circulated).

The report provided members with details on the recent Internal Audit report of PCI-DSS that received a ‘Low’ assurance rating. The review which was carried out of the PCI-DSS was to check compliance with the information security standard for handling credit or debit card payments. While compliance was not a legal requirement, card merchants and software suppliers often ask for compliance as part of their contractual agreements.

The review focused on: roles and responsibilities, policy and procedures, training, payment card environment, processing card payment data, third party processor compliance and compliance testing and self-assessment. The review highlighted issues relating to the lack of a programme or strategy to ensure compliance with the PCI-DSS. Training was inconsistent across services and awareness of proper practices was weak in some areas due in part to the absence of corporate policy or procedures to direct consistency.

The council has various agreements with card providers making the card payment environment more complex than it needed to be and therefore difficult to manage and demonstrate value for money. Also, PCI-DSS compliance was not considered as part of some historic procurement and contractual agreements with suppliers that take card payments on behalf of the council. As a result, some contracts do not state that compliance with the standards was required. It was stated that cooperation across all services was required to drive the necessary improvement and so the results of this review has been reported to the Information Governance Group and to the Senior Leadership Team to obtain their backing.

The following points were discussed in detail –

·         The card systems which were used in leisure centres were queried and whether the Alternative Delivery Model (ADM) would be compliant with the PCI-DSS. Members were informed that the ADM would be required to comply with the PCI-DSS.

·         Members commended that a task and finish group would be set up to implement the changes required.

·         Member queried the deadlines within the action plan and queried whether the matter would be dealt with by the deadlines. Members were informed that the first steps to deal with the matter would be created by the end of March.

·         Members queried whether there would be any cost savings with complying with the PCI-DSS. Officers responding stating that there were uncertainties with the procedures so whether there would be any savings was unknown.

RESOLVED that

(i)    That the Corporate Governance and Audit Committee note the audit on the Internal Audit of Payment Card Industry Data Security Standards (PCI-DSS)

(ii)  A follow up report be returned to the Corporate Governance and Audit Committee, either in September

To consider a report by the Head of Finance and Property Services (copy attached) on Treasury Management to allow the committee to review the Treasury Management Strategy and Prudential Indicators before they are considered for approval by Council on the 25 February 2020.

The Lead Member for Finance, Performance and Strategic Assets presented the Treasury Management Strategy Statement (TMSS) 2020/21 and Prudential Indicators 2020/21 to 2022/23 (previously circulated) alongside the Head of Finance and Property Services (Section 151 Officer).

The report was split into two sections, these covered the Treasury Management Strategy Statement (TMSS) 2020/21 and Prudential Indicators 2020/21 to 2022/23 as well as the Treasury Management (TM) Update Report 2019/20. The committee were reminded that the Council was responsible for its Treasury Management decisions and activity which involved looking after the Council’s cash. This was a vital part of the Council’s work because approximately £0.5bn passes through the Council’s accounts every year. The CIPFA Code of Practice on Treasury Management requires the Authority to approve a treasury management strategy statement (TMSS) before the start of each financial year. The report was being discussed in Corporate Governance prior to the report being debated in full Council on the 25^th February

Members queried the following points –

·         The flood defences in Rhyl were discussed by members were informed that the amount which was borrowed to enable work to be carried out, would be repaid by the Welsh Government.

·         Members raised concerns with the risk involved with large projects. They were reassured that projects were monitored regularly through the Finance reports which were discussed monthly in Cabinet.

·         The 21^st Century School project would be grant funded.

·          With the increasing risk and very low returns from short-term unsecured bank investments, the Council would continue to hold a minimal amount of investments for short-term cash flow purposes and would continue to place a far greater emphasis on investing with the UK Government’s Debt Management Office and other local authorities in order to minimise these risks.

·         Approaching challenges were known such as Ash Dieback and the appropriate measures would be taken to deal with the matters as they arise. These issues would likely be dealt with using Capital and investments.

RESOLVED that

(i)    That the Corporate Governance and Audit Committee review and note the Treasury Management Strategy Statement for 2020/21 and the Prudential Indicators for 2020/21, 2021/22 and 2022/23.

(ii)  That the Corporate Governance and Audit Committee note the Treasury Management Update Report 2019/20

(iii) The Corporate Governance and Audit Committee has read, understood and taken account of the Well-being Impact Assessment.

To receive a report by the Legal and Procurement Operations Manager (copy enclosed) reviewing the Collaborative Procurement Service

The Legal and Procurement Operations Manager introduced the Annual Review Collaborative Procurement Service report (previously circulated).

The report detailed how the Council has a collaborative procurement service with Flintshire County Council. Denbighshire County Council acts as the host authority and provided the service to Flintshire County Council. The Service had been in place since 2014 and Cabinet agreed to renew the Service Level Agreement (SLA) in 2019 for a further 3 years. The SLA established a Procurement Joint Management Board (PJMB) consisting of senior officers and the Cabinet Member from each Council. The PJMB holds the Service to account, monitors performance and resolves issues relating to the delivery of the Service.

The SLA states that the Councils would split the costs based on their share of the combined overall spend of both Councils. Spending would vary from year to year depending on capital projects but the Council broadly spends 45% and so its share of the running costs was 45%. The report covered all aspects of the service such as budget and structure, as well as performance against its Key Performance Indicators. The trends noted that over 60% of procurements for quarters 1 to 3 of 2019 have delivered savings on the existing budget. There was still improvement to be made on the number of collaborative procurements, with only an average of 13 % of procurements being carried out collaboratively.

The number of contracts including community benefits dipped in quarter 3. It was anticipated that with the Community Benefits Hub and the appointment of a Community Benefits Manager, there would be an increase in the number and type of Community Benefits delivered by contracts.

The following points were discussed in further detail –

·         The committee highlighted that Lay Member Paul Whitham could not attend the meeting however he suggested that the matter be discussed in either Partnerships or Performance Scrutiny Committee alongside being discussed in Corporate Governance. Members agreed the matter be discussed in Scrutiny chairs and vice chairs to decide which scrutiny would be best for the matter to be discussed.

·         Officers agreed with members that the matter would benefit from being discussed in a Scrutiny committee and the governance aspect of the Collaborative Procurement Service be discussed annually in the Corporate Governance and Audit Committee.

RESOLVED that

(i)    The Corporate Governance and Audit Committee note the report and endorse the proposed actions to improve performance

(ii)  The committee refer the annual performance report be sent to Scrutiny chairs and vice chairs for the report be sent to the appropriate scrutiny committee.

To consider the committee’s forward work programme (copy enclosed).

The Corporate Governance and Audit committee’s Forward Work Programme

(FWP) was presented for consideration (previously circulated).

18 March 2020 –

·         The committee agreed that the meeting had a lot of items to be discussed and agreed for the following items to be moved –

·         Section 106 Audit Follow up Report and the Support Budgets and Direct Payments Audit Follow up Report to be discussed in April.

·         The Head of Finance and Property Services (Section 151 Officer) suggested that the finance items could be moved to a later meeting.

·         Two items were agreed to be included which were the Annual Audit Letter by the Wales Audit Office. The Internal Audit Contract Management was also agreed to be included for the 18 March meeting.

RESOLVED – that, subject to the above, the Corporate Governance and Audit committee approves the Forward Work Programme.