NORTH YORKSHIRE COUNCIL
AUDIT COMMITTEE
16 MARCH 2026
ASSESSMENT OF EFFECTIVENESS OF GOVERNANCE ARRANGEMENTS – RESOURCES AND CENTRAL SERVICES
REPORT OF THE CORPORATE DIRECTOR RESOURCES AND ASSISTANT CHIEF EXECUTIVES
|
|
|
1.0 PURPOSE OF THE REPORT |
|
|
|
1.1 To inform members of the results of the annual review of governance completed by the Central Services Management Team. The review has compared the governance arrangements which have operated within the Resources Directorate and Central Services over the last year with the Council’s expected principles of good governance as set out in the local code of governance. |
|
|
|
1.2 To provide details of the updated Risk Register, and the management of key risks for the Resources and Central Services. |
|
|
2.0 Overall Assessment
2.1 The overall conclusion of the assessment of the effectiveness of governance arrangements for Resources and Central Services is that the governance arrangements operating in the Directorate in the last year have met the Council’s expected principles of good governance, as set out in the Council’s local code of governance. The evidence for this is described in the sections below, particularly section 4 of this report.
3.0 BACKGROUND
3.1 The Accounts and Audit Regulations (2015) require the Council to conduct a review, at least annually, of the effectiveness of its internal control systems and to report the results as part of the Annual Governance Statement.
3.2 The Council has approved and adopted a local code of corporate governance which is consistent with the principles of the CIPFA/SOLACE Framework Delivering Good Governance in Local Government (2016). Annual reviews of the effectiveness of each Directorate’s governance arrangements are undertaken and reported in accordance with the Audit Committee’s agreed work programme.
3.3 This report follows the format introduced at the beginning of the current financial year and covers the period from April 2025 through to March 2026. The format and content will be refined in future years following engagement with the Audit Committee through this and other directorate reports. The intention in this report is to provide an assessment of the effectiveness of established governance arrangements in Resources and Central Services (R&CS).
3.4 To deliver effective and efficient services, the services must have a solid foundation of good governance and sound financial management. The R&CS has a broad range of governance arrangements in place as well as a strategic monitoring and oversight role to ensure good governance is in place.
3.5 R&CS aim to ensure that governance arrangements are proportionate and focused to enable services to deliver value for money across all of our activity. We will continue to amend and improve our governance arrangements in that regard. For example, in recent years, we have established additional governance arrangements for contract management and capital delivery to strengthen and co-ordinate our oversight and actions. These, and other governance arrangements, are not static but evolve incrementally to respond to emerging requirements or gaps as well as other changes within the council or from external issues.
3.6 In carrying out an annual assessment of effectiveness of R&CS governance arrangements, we have considered:
- Outcomes and overall performance with regard to our statutory obligations and organisational objectives;
- Consideration of our governance arrangements with regard to the principles, sub-principles, actions and evidence contained within the agreed North Yorkshire Council Local Code of Corporate Governance. The seven key principles include:
Principle A: Behaving with integrity, demonstrating strong commitment to ethical values, and respecting the rule of law
Principle B: Ensuring openness and comprehensive stakeholder engagement
Principle C: Defining outcomes in terms of sustainable economic, social and environmental benefits
Principle E: Developing the entity’s capacity, including the capability of its leadership and the individuals within it
Principle F: Managing risks and performance through robust internal control and strong public financial management
- Assurance from external inspection and regulators as well as from internal audit reports;
- The strategic risks identified through the Directorate Risk Register and the internal control frameworks that we have in place to manage those risks;
4.0 ASSESSMENT OF EFFECTIVENESS
4.1 The following is a review of the governance arrangements in place across R&CS.
Principle A: Behaving with integrity, demonstrating strong commitment to ethical values, and respecting the rule of law
4.2 R&CS complies with the Council’s Standards of Conduct Policy which applies to all employees. Failure to observe the standard set out in this Policy and related documents will be regarded as serious, and any breach will render an employee liable to disciplinary action, which may include dismissal. In addition, there is a requirement for officers who manage budgets to complete a Register of Employee interests form, and an annual Related Parties Questionnaire”. Actions to strengthen the timeliness of submission of these questionnaires, will be implemented as part of the annual accounts closure process for 2025/26. Our Democratic Services team issue reminders to all councillors regarding keeping their Register of Interests updated and provide advice and guidance to members in committee meetings.
4.3 There is a published Whistleblowing Policy and Managers Guidance available – of which all complaints raised are flagged with our auditors, Veritau. To maintain an ethical practice a Conflict of Interest register is in place for staff. Any gifts received staff are handled transparently and donated to services where suitable.
4.4 Decision making has proper regard for prevailing legislation and any legal implications must be covered as part of the standard approach to committee report writing.
Principle B: Ensuring openness and comprehensive stakeholder engagement
4.5 Communications and engagement is embedded throughout R&CS. Citizen and business engagement is a key feature of our annual budget consultation “Let’s Talk Money”; customer facing policies are subject to consultation with the public and other key stakeholders – for example our Council Tax Reduction Scheme. During 2025/26 we have also conducted a series of consultations on community governance to help shape plans for parish council changes. The full range of consultations (past and present) is available on the Council’s website - Consultations and engagement | North Yorkshire Council.
4.6 R&CS also helps to ensure openness and comprehensive stakeholder engagement through a variety of partnerships and forums, including the following:
· North Yorkshire Community Safety Partnership – this partnership brings together the responsible authorities to agree collective priorities and work together under the Crime and Disorder Act;
· North Yorkshire Local Resilience Forum – a multi-agency partnership which carries out statutory duties under the Civil Contingencies Act;
· Community Partnerships – brings together multi-agency partners in principal towns and hinterlands to develop local action plans;
· Bi-annual Parish Forums across the County engaging with our Town and Parish Councils.
Principle C: Defining outcomes in terms of sustainable economic, social and environmental benefits
4.7 R&CS uses the following tools to support the achievement of sustainable economic, social and environmental benefits:
· Business Cases for proposed projects with financial outlay;
· Weekly transformation updates to provide delivery assurance across the whole transformation programme;
· Monthly leadership team meetings including transformation updates to track individual projects and programmes and agree any necessary actions;
· Quarterly Finance and Performance meetings with the Corporate Director to report on progress against financial targets, highlight any emerging issues and agree action plans value;
· Our committee report template requires the implications of recommendations to be considered in respect of climate change and equalities impacts – and the guidance has been updated and circulated corporately to support report writers.
Principle D: Determining the interventions necessary to optimise the achievement of the intended outcomes
4.8 Regular meetings between Executive Members and Senior Officers underpin strategic decision-making and policy formulation, including regular scrutiny of financial and performance data. The Council’s Executive, Overview and Scrutiny Committees and Audit Committee routinely hold services to account – for example receiving annual commercial governance and procurement reports and tracking agreed actions.
Principle E: Developing the entity’s capacity, including the capability of its leadership and the individuals within it
4.9 Central Services Management Team has responsibility for a range of support functions and has direct links to key Business Partners across the organisation – including HR, Finance, Technology, Strategy and Performance, Customer and Communications – to ensure the services are highlighting any issues corporately.
4.10 We are committed to becoming an effective performing council that supports the development of its employees. Our individual performance management (IPM) or ‘appraisal’ process, provides a framework of continuous performance conversations which culminate in an end of year IPM review. This provides an opportunity for all employees to recognise how they contribute to team priorities, broader service plans and ultimately to the success of the council, and importantly provides opportunity to discuss and agree development needs for individuals and teams.
4.11 The Council’s arrangements for employee development are overseen and operated by the Human Resources services. A series of management master classes have been delivered over last year. Open to all managers these have been delivered alongside a whole range of courses available to employees through the Learning Zone.
4.12 The Council has a People Strategy which underpins workforce planning. Within R&CS, we have a well-established People Strategy Group which includes service representatives across who have contributed to the shaping of our priorities, based around the 4 pillars of Retain Staff, Attraction for All, Engage and Listen and One Council. This has resulted in an action plan, with key colleagues from the services, and HR teams, leading on Task and Finish group work. Examples of the workstreams include managing talent and building relationships.
4.13 We have a comprehensive Learning and Development offer with all staff having access to the required statutory and mandatory training required for roles set out in a training matrix, as well as enhanced developmental opportunities and leadership development programmes. All training is managed via the “Learning Zone” from which compliance and monitoring of training completions are reported, and it hosts individual learner records. We have a clearly defined career development process through use of apprenticeships and targeted development, and offer coaching, mentoring and leadership development. All training, learning and development activity is managed by a dedicated Learning and Development function who are responsible for all quality, budget and recording of learning and development activity for the Council, and manage the Growth and Skills Levy.
Principle F: Managing risks and performance through robust internal control and strong public financial management
4.14 The Central Services Risk Management Group meets monthly to review and monitor key risks, ensuring timely action. The key risks being managed by R&CS are set out in section 5.
4.15 The Corporate Governance Officers Group (which includes the statutory s151 and Monitoring Officers and internal audit representatives) meets quarterly to keep overall governance matters under review, taking a leading role in producing and monitoring the Annual Governance Statement and its associated actions.
4.16 Strong performance and financial management are supported with clear accountability, and systems and processes are in place to identify issues impacting on operational performance, spending, income and savings – quarterly performance and financial reports to Executive highlight issues of concern and mitigating actions where necessary.
4.17 Monthly transformation updates are reported to Central Services Management Team with a focus on delivery assurance and savings tracking.
4.18 R&CS has robust reporting and decision-making processes, with decisions taken at a range of leadership meetings covering services and specific programmes. Guidance on the Council’s approach to decision-making and report writing has been produced and shared with all leadership teams, to assist officers in navigating the process. The Council’s Constitution and Scheme of Delegation and Sub-delegation, are reviewed on an annual basis with recommendations for update reported to members as required.
Principle G: Implementing good practices in transparency, reporting and audit to deliver effective accountability
4.19 External audit representatives routinely attend Audit Committee and members have the opportunity to meet with the external auditor privately, without officers.
4.20 The Annual Governance Statement is reported to and approved by Audit Committee with a mid-year review undertaken by the committee to ensure actions are being followed up. Key areas of improvement reported to the last Audit Committee included:
· Information security - the Council has successfully retained the ISO27001 information security accreditation, providing assurance that the expected controls and processes to help protect information and effectively manage security risks, are in place.
· Capital projects - improvements to the capital gateway approval process to deliver consistent project governance, accountability and decision making.
4.21 R&CS manages and oversees, with support from its Internal Auditor Veritau Public Sector, responses to statutory responsibilities such as Freedom of Information Requests, Subject Access Requests and complaints, including liaison with the Local Government Ombudsman. The Governance Team produces quarterly and annual reports that report on and assesses compliance on these responsibilities. These reports support effective and timely monitoring of performance and compliance, providing a mechanism for proactive management, escalation and the implementation of action plans should any performance issues arise.
5.0 DIRECTORATE RISK REGISTER
5.1 The R&CS ‘Directorate’ Risk Register (DRR) is the end product of a systematic process that initially identifies risks at Service Unit level and then aggregates these via a sieving process to Directorate level. A similar process sieves Directorate level risks into the Corporate Risk Register.
5.2 The Council uses a 5x5 risk assessment ranging from very low to very high in terms of both likelihood and impact: Once the likelihood and impact for a risk have been assessed, the risk scoring is calculated, using the table below.
|
Likelihood |
Very High |
5 |
10 |
15 |
20 |
25 |
|
High |
4 |
8 |
12 |
16 |
20 |
|
|
Medium |
3 |
6 |
9 |
12 |
15 |
|
|
Low |
2 |
4 |
6 |
8 |
10 |
|
|
Very Low |
1 |
2 |
3 |
4 |
5 |
|
|
|
|
Very Low |
Low |
Medium |
High |
Very High |
|
|
|
Impact |
||||
5.3 Once a risk has been assessed, the required action is determined by the following table.
|
Colour |
Score |
Assessment |
Required Action |
|
|
1 - 2 |
Very Low (tolerate) |
Risk should not appear in risk register. |
|
|
3 - 4 |
Low (tolerate) |
Regular monitoring, action plan not essential, acceptable just to maintain current controls. |
|
|
5 - 9 |
Medium (treat) |
Frequent monitoring, action plan required. |
|
|
10-12 |
Medium High (treat) |
Frequent monitoring, action plan required to prevent from becoming a red risk. |
|
|
15 - 16 |
High (treat) |
Constant monitoring, action plan required and escalation to next level for consideration / inclusion. |
|
|
20 - 25 |
Very High (treat / terminate) |
Constant monitoring, action plan required and escalation to next level with request for inclusion. Consider terminating activity (if an option) where score cannot be reduced by risk mitigation. |
5.4 The detailed DRR is shown at Appendix A. This shows a range of key risks and the risk reduction actions designed to minimise them, together with a ranking of the risks both at the present time and after mitigating action.
5.5 A summary of the DRR is also attached at Appendix B. As well as providing a quick overview of the risks and their ranking, it also provides details of the change or movement in the ranking of the risk since the last review in the left-hand column.
5.6 A six-month update review of the register will take place in August 2026.
5.7 Central Services to face a number of key issues which are reflected throughout the Risk Register, however our top risks relate to:
• Information governance and cyber security
• Customer service
• Transformation portfolio
5.8 Although mitigating activities continue, there have been some movements upwards in the risk rankings over the period since the last review:
• The Information governance and cyber security (High) risk has increased in likelihood from medium to high. Despite on-going mitigating activity, the global landscape and pace of technological advancement is such that the risk of a cyber-attack is at the forefront of our information security measures. We continue to keep our cyber prevention tools, policies and procedures, and training updated. A no-notice cyber exercise is planned for the coming year, to test the robustness of disaster recovery and business continuity plans.
• Customer service (High) – this risk has maintained its high level. The Customer Strategy has been approved in the last year and now work to consolidate the systems and procedures and associated transformation is in progress. This is a wide-reaching complex programme of work which has major implications for our customers and individual services. Activities across systems, processes (including a new customer relationship management system and website improvements) and our workforce, continue throughout 2026/27.
• Transformation portfolio (High) – this risk has also maintained its high level over the last year. The financial challenges continue, along with capacity issues in some key frontline services; a backlog of investment needs; and an even higher level of demand for people related services. Further transformation opportunities remain, for example through “The Way We Will Work” programme; a single customer strategy; using data and digital capability; and wider artificial intelligence tools to enable increased productivity, as we continue to deliver the financial savings needed to support a sustainable council into the future.
• Corporate Governance and Ensuring Legality (Medium/High) has also increased in likelihood from medium to high as challenges with the Council’s commercial housing company have increased. Along with a range of actions identified in the risk register, an annual commercial governance review ensures robust oversight of our arrangements with actions identified and monitored by the Audit Committee.
5.9 No new risks have been identified since the last review.
6.0 FINANCIAL IMPLICATIONS
6.1 There are no direct financial implications as a result of this report.
7.0 LEGAL IMPLICATIONS
7.1 There are no direct legal implications as a result of this report.
8.0 EQUALITIES IMPLICATIONS
8.1 There are no direct equalities implications as a result of this report.
9.0 CLIMATE CHANGE IMPLICATIONS
9.1 There are no direct climate change implications as a result of this report.
10.0 REASONS FOR RECOMMENDATIONS
10.1 This report has highlighted a number of existing sources of assurance that help to determine the effectiveness of governance arrangements in practical terms. R&CS have not experienced any major governance failures during the last year.
· the Risk Register has been working well and senior managers have actively engaged with the detailed review.
· Internal Audit have undertaken a number of reviews to provide assurance. Although improvements have been identified in some areas, these are not regarded as significant.
· There are no major gaps or weaknesses identified when considering the outcomes and practical implementation of the North Yorkshire Local Code of Corporate Governance
10.2 This high-level review concludes that the governance arrangements operating in the R&CS over the last year have met the Council’s expected principles of good governance, as set out in the Council’s local code of governance.
11.0 RECOMMENDATIONS
11.1 That the Committee:
i. Notes the review of the effectiveness of governance arrangements in Resources and Central Services.
ii. Notes the Directorate Risk Register for Resources and Central Services; and
iii. Provides feedback and comments on the Directorate Risk Register and any other related internal control issues.
APPENDICES:
· Appendix A – Directorate Risk Register – Detailed
· Appendix B – Directorate Risk Register – Summary
BACKGROUND DOCUMENTS: None
Gary Fielding
Corporate Director – Resources
March 2026
Report Author – Karen Iveson, Assistant Director – Resources
Presenter of Report – Gary Fielding, Corporate Director Resources