PURPOSE OF THE REPORT

The Committee:

External Audit

1 Received regular progress reports and updates from the external auditors, Deloitte on the annual audit of the County Council and the North Yorkshire Pension Fund 2021/22 Statement of Final Accounts (SOFA). The completion of the 2021/22 audit has been delayed due to issues at a national level relating to the accounting treatment of infrastructure assets and the valuation of pension liabilities caused by the triennial valuation. A temporary solution to the issues relating to infrastructure assets was achieved by CIPFA making changes to the Code of Practice on Local Authority Accounting and the Government enacting a Statutory Instrument;

2 Considered the external audit plan prepared by Grant Thornton for the audit of the 2022/23 Statement of Final Accounts (SOFA) for the former Ryedale District Council, and the review of the Council’s arrangements for securing value for money;

3 Noted that Mazars had won the contract to provide external audit services to the Council and the North Yorkshire Pension Fund for the five-year period from 2023/24. The procurement exercise had been organised by Public Sector Audit Appointments Limited (PSAA), at a time when the external audit market is facing significant pressures. The Committee expected that audit fees would increase as a result. The Committee will oversee the handover of responsibilities from Deloitte to Mazars once the outgoing auditors have completed their work on the 2021/22 and 2022/23 accounts;

Internal Audit

4 Considered the draft Internal Audit Charter for the new Council and recommended its approval by the Executive;

5 Continued to oversee the internal audit arrangements for the Council and North Yorkshire Pension Fund;

6 Received and considered the results of internal audit work performed in respect of corporate and operational areas. Monitored the progress made by management during the period to address identified control weaknesses;

7 Approved the Internal Audit work programme for 2023/24. The plan ensures that limited internal audit resources are prioritised towards those systems and areas which are considered to be the most risky or which contribute most to the achievement of the Council’s corporate objectives. The Committee noted that the plan is flexible and will be kept under review to ensure it continues to reflect the changing risk environment and the Council’s priorities;

8 Monitored the delivery of the annual Internal Audit work programme through regular update reports presented by the Head of Internal Audit. Reviewed changes to the work programme to reflect new or changed Council priorities;

9 Received and considered the Annual Report of the Head of Internal Audit for 2022/23 which provided an overall opinion on the former County Council’s control environment. The Committee noted that the work of internal audit was primarily focused on those areas which represented the highest risk for the County Council. The Head of Internal Audit confirmed that the Council’s framework of governance, risk management and control provided substantial assurance. In forming this opinion, the Head of Internal Audit had considered the progress made by management during the year to address identified control weaknesses. The Head of Internal Audit also highlighted information security as being an area which required continuing attention;

10 Considered the outcome of the internal audit quality assurance and improvement programme (QAIP). The Committee was pleased that internal audit practices continue to meet the required professional standards and therefore continued reliance could be placed on the arrangements operating within the Council;

11 Counter Fraud

12 Received regular reports outlining the key fraud risks facing the public sector and local government. The Committee also received details of the plans which had been developed to address possible fraud risks arising from the LGR process;

13 Considered the draft counter fraud policy framework for the new Council and recommended its approval by the Executive. The framework included new whistleblowing, anti-money laundering and terrorist financing, and counter fraud and corruption policies;

14 Considered the results of the annual fraud risk assessment and recommended the updated Counter Fraud Strategy and workplan to the Executive for approval. The Committee also noted the results of the fraud investigations conducted for the former County Council during 2022/23 which helped to deliver savings of £66k;

Financial Statements

15 Established a working group to review the draft 2021/22 Statement of Final Accounts (SOFA) for the County Council and the associated governance documents. The SOFA incorporated the accounts of the North Yorkshire Pension Fund. The working group reported back to the Audit Committee in advance of the SOFA being approved. The Committee also approved the draft Letter of Representation to the external auditors;

16 Considered a report on the draft 2022/23 Statement of Final Accounts (SOFA) for the former County Council and five of the former North Yorkshire borough and district councils prior to their audit. The remaining two sets of accounts were published after the Committee’s meeting on 26 June 2023. All of the 2022/23 accounts are expected to be formally approved at the Committee’s meeting in November 2023. A number of SOFAs relating to the legacy North Yorkshire councils are still outstanding from earlier years due to a number of technical issues and capacity problems within the external audit teams. The accounts will be approved once those issues are resolved and the audits completed;

17 Established a working group to review the draft 2022/23 Statement of Final Accounts (SOFA) and the associated governance documents for the former County Council;

Risk Management

18 Continued to oversee the Council’s risk management arrangements and strategy;

19 Reviewed the progress made by the former County Council to identify and address corporate risks. This included consideration of the updated corporate risk register and the relevant mitigating actions. At the time of the report (in December 2022) officers highlighted four risks which had significantly changed. The Committee noted that the risks associated with the Covid-19 pandemic had reduced to the point that it could be removed from the corporate risk register. The risks associated with devolution had also reduced following the signing of the agreement by the former County Council and City of York Council. The risks associated with LGR had also changed as the focus had moved to the implementation phase of the process. Finally, a new risk associated with recruitment and retention had emerged. This new risk reflected the increase in vacancies caused by high levels of staff turnover and ongoing difficulties in recruiting to vacant posts;

20 Assessed the adequacy and effectiveness of each Directorate’s risk management arrangements through consideration of the risks and mitigating actions identified in Directorate risk registers;

21 Noted the progress being made to develop a risk management policy framework for the new Council and the plans to prepare an initial corporate risk register;

Corporate Governance

22 Considered changes to the Local Code of Corporate Governance prior to its approval;

23 Approved the Annual Governance Statement of the former County Council for 2022/23 which was included as part of the 2022/23 Statement of Final Accounts (SOFA);

24 Received details of the latest update to the Corporate Governance self-assessment checklist, the changes made to the Council’s governance arrangements during the year, and the governance arrangements introduced to support the LGR programme;

25 Considered the annual report of the former County Council on partnership governance for 2021/22. The report included details of key partnerships, changes which had occurred during the year and the arrangements in place to monitor the management and performance of those partnerships. It was noted that the governance arrangements of all high and medium risk partnerships are monitored on a regular basis, and that only one partnership had been identified as high risk, being Welcome to Yorkshire. The company went into administration in February 2022, and the Council was working with the administrators of the company to secure the repayment of outstanding loans and pension commitments. The Committee also noted that LGR, changes in NHS structures and the proposed creation of the combined authority would impact a number of partnerships in the next few years. The Committee concluded that partnership governance remains effective, and the existing arrangements are proportionate and commensurate to the risks;

26 Received a report outlining the work of the Procurement and Contract Management Service during the year. The report highlighted the challenges caused by rising inflation. In response to this, the Council’s Supply Chain Resilience Board (SCRB) had continued to meet to monitor the impact on suppliers of escalating fuel and raw material costs, and recruitment problems. It was recognised that supply chain stability and resilience, especially for small and medium sized enterprises (SMEs) and Voluntary, Community, and Social Enterprises (VCSEs) in North Yorkshire was particularly important. The Council also continues to work with the Go4Growth Programme, a partnership with other local councils, which invests in local business development. In addition, work is continuing with the Yorkshire Purchasing Organisation (YPO) to improve environmental sustainability. This has included reducing single use plastics, particularly in the catering and food sectors. The Procurement and Contract Management Service also plays a leading role in developing regional and national strategy within local government. The council is the deputy chair of the YorProcure Strategic Procurement Group and represents the region on the Local Government Association National Advisory Group for Procurement. The Committee also noted the progress being made to develop a new Procurement and Contract Management Strategy as part of the LGR implementation work;

27 Considered the ongoing work of the Corporate Information Governance Group (CIGG) which is responsible for updating the corporate information policy framework, identifying new or emerging risks, sharing best practice, and monitoring compliance with corporate information governance standards. The Committee received details of the work being done to mitigate cyber security risks and to raise awareness of the requirements of the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. The Committee was also informed of the work being undertaken to prepare for LGR. This included developing new policies, completing data protection impact assessments to support the LGR change programme, reviewing and updating privacy notices and contracts, adopting consistent processes, and preparing new guidance. The Committee also considered recent data security incidents and the move to MS Office 365. The Committee considers that information governance remains a key corporate risk;

28 Received a report outlining the Council’s business continuity arrangements. The report provided details of the corporate Business Continuity Policy and Plan. The corporate plan is intended to ensure a consistent and coordinated response to any major incident. Business continuity planning with partner organisations and other agencies is coordinated through the Local Resilience Form (LRF). The report also outlined the work of the Resilience and Emergencies Team (RET) to raise awareness of risks and train staff within service areas to respond to incidents. Business continuity champions in each service area oversee arrangements, take ownership of the process and attend meetings of the Corporate Risk Management Group (CRMG). Each service area is required to maintain a Business Impact Analysis which prioritises business functions and quantifies the impact of any loss of those functions, and an Incident Management Plan which sets out the planned response to a range of possible incidents. Members of the RET review these plans and facilitate business continuity exercises to test their adequacy. At the time of the report, work was also underway to prepare a Business Continuity Plan and Programme, as well as strategic and tactical plans for the new Council;

29 Received a report summarising the guidance recently issued by CIPFA on recommended arrangements for the oversight and governance of local authority owned companies. The guidance represents best practice for the establishment and monitoring of trading companies. It also identifies the possible risks and problems which can occur, highlighting some of the recent failures at other local authorities. Officers committed to undertaking a full review of the Council’s arrangements following LGR;

Financial Management

30 Received a report detailing the results of a self-assessment of compliance with the CIPFA Financial Management Code. The Code is intended to support good practice in financial management and to help local authorities demonstrate financial sustainability. The Code requires local authorities to assess compliance with the Financial Management Standards and to report this as part of the Annual Governance Statement. The Committee noted the results of the self-assessment and those areas which had been identified as requiring further improvement;

31 Received details of possible changes to the CIPFA Code of Practice on Local Authority Accounting and the impact of these changes on the Council’s accounting policies. Whilst no immediate changes were required to the accounting policies, the Committee noted that CIPFA was consulting on the planned adoption of IFRS 16 (covering the accounting treatment of leases) from 2024/25 onwards. This will have an impact on all the main elements of the Council’s SOFA, including the balance sheet, comprehensive income and expenditure statement, and cashflow statement. A number of new disclosure notes will also be required. It was also noted that further disclosure notes may be required in the 2021/22 and 2022/23 Statement of Accounts to reflect the issues related to the valuation of infrastructure assets. The financial impact of the Covid-19 pandemic on the Council during these years would also be reported;

Other

32 Considered the Council’s arrangements for securing value for money. The report outlined the existing framework for planning, decision-making, managing resources and reporting outcomes in respect to service delivery. This includes the Council Plan, Medium Term Financial Strategy (MTFS), service planning arrangements, the quarterly performance reports and various qualitive measures;

33 Continued to scrutinise the Council’s treasury management arrangements. This included reviewing the updated Treasury Management Strategy for 2023/24. The Strategy includes details of treasury indicators covering the investment of surplus funds, the future investment and borrowing strategies, capital financing and expenditure plans and the associated prudential indicators, and a minimum revenue provision (MRP) policy. The Strategy meets the requirements of the Local Government Act 2003, investment and MRP guidance issued by the Department for Levelling Up, Housing and Communities (DLUHC), and the CIPFA Prudential and Treasury Management Codes;

34 Reviewed the progress which had been made by officers to address other issues raised at meetings of the Committee;

35 During the year, the Committee continued to benefit from the attendance and participation of its two independent co-opted members, David Portlock and David Marsh. I would like to extend my thanks to them for their contribution to the work of the Committee and their diligence, enthusiasm and support during the period;

36 No changes are considered necessary to the Committee’s Terms of Reference at this time.

Councillor Clifford Lunn

Chair of the Audit Committee

APPENDIX A

AUDIT COMMITTEE

TERMS OF REFERENCE

1. In respect of Internal Audit

· to approve the Internal Audit Charter, Annual Audit Plan and performance criteria for the Internal Audit Service.

· to review summary findings and the main issues arising from internal audit reports and seek assurance that management action has been taken where necessary.

· to review the effectiveness of the anti-fraud and corruption arrangements throughout the Council.

· consider the annual report from the Head of Internal Audit.

· to obtain assurance that the work of internal audit conforms to the Public Sector Internal Audit Standards.

2. In respect of External Audit

· to ensure the independence of External Audit is maintained

· to review the annual audit plan and monitor its delivery

3. To review, and recommend to the Executive, changes to Procurement and Contract, Finance and Property Procedure Rules.

4. In respect of financial statements

For both the Council and the North Yorkshire Pension Fund

· to approve the respective annual Statements of Final Accounts

· to receive and review the Annual Audit Letters and associated documents issued by the External Auditor

· to review changes in accounting policy

5. In respect of Corporate Governance

· to assess the effectiveness of the Council’s Corporate Governance arrangements

· to review progress on the implementation of Corporate Governance arrangements throughout the Council

· to approve Annual Governance Statements for both the Council and the North Yorkshire Pension Fund

· to liaise, as necessary, with the Standards and Governance Committee on any matter(s) relating to the Codes of Conduct for both Members and Officers

· to work with the Standards and Governance Committee to promote good ethical standards within the Council

· to review the arrangements in place for ensuring good governance in the Council’s key partnerships and owned companies

6. In respect of Risk Management

· to assess the effectiveness of the Council's Risk Management arrangements.

· to review progress on the implementation of Risk Management throughout the Council.

7. In respect of Information Governance

· to review all corporate policies and procedures in relation to Information Governance.

· to oversee the implementation of Information Governance policies and procedures throughout the Council.

8. In respect of Treasury Management

· to be responsible for ensuring effective scrutiny of the Council’s Treasury Management strategy and policies as required by the CIPFA Treasury Management Code of Practice.

· To review these Treasury Management strategies, policies and arrangements and make appropriate recommendations to the Executive.

9. In respect of Value for Money

· to have oversight of the arrangements across the Council in securing Value for Money.

10. To consider any other relevant matter referred to it by the Council, Executive or any other Committee. In addition any matter of concern can be raised by this Committee to the full Council, Executive or any other Member body.

11. To exercise all functions in relation to the making and changing of policy relating to such audit and counter-fraud matters which fall within the remit of the Committee (save as may be delegated otherwise).

12. To periodically review the effectiveness of the Audit Committee itself.

13. To meet not less than four times a year on normal business and review its Terms of Reference on an annual basis.

[1] CIPFA – Audit Committees: Practical Guidance for Local Authorities and Police (2022 edition)

BACKGROUND

WORK UNDERTAKEN AND OPINION