notice of meeting · notice of meeting you are hereby summoned to attend a meeting of the sheffield...

Sheffield City Region Combined AuthorityRegistered Address: 18 Regent Street, Barnsley, S70 2HG

19 April 2017

To: Members of the Sheffield City Region Combined Authority Audit CommitteeAppropriate Officers

NOTICE OF MEETING

You are hereby summoned to attend a meeting of the Sheffield City Region Combined Authority Audit Committee, to be held at at 11.00 am on Thursday 27 April 2017 for the purpose of transacting the business set out in the agenda.

Diana TerrisClerk to the Combined Authority

WEBCASTING NOTICE

This meeting is being filmed for live or subsequent broadcast via the Combined Authority’s website. At the start of the meeting the Chair will confirm if all or part of the meeting is being filmed.

You should be aware that the Combined Authority is a Data Controller under the Data Protection Act. Data collected during this webcast will be retained in accordance with the Combined Authority’s published policy.

Therefore by entering the meeting room, you are consenting to being filmed and to the possible use of those images and sound recordings for webcasting and/or training purposes.

This matter is being dealt with by:Craig Tyler [email protected] 01226 772824

Gill Richards [email protected] 01226 772806

Contact Details

For further information or assistance please contact

Craig TylerSCR Combined Authority18 Regent StreetBarnsleySouth YorkshireS70 2HG

Tel: 01226 [email protected]

Gill RichardsSCR Combined Authority18 Regent StreetBarnsleySouth YorkshireS70 2HG

Tel: 01226 [email protected]

mailto:[email protected]


AUDIT COMMITTEE

11.00 AM, THURSDAY 27 APRIL 2017

18 Regent StreetBarnsleyS70 2HG

AGENDA

Item Page

1 Welcome and Apologies

2 Urgent Items / Announcements

3 Items to be considered in the Absence of the Public and Press

4 Declarations of Interest by Members

5 Reports from and Questions by Members

6 Questions from Members of the Public

7 Minutes of the Previous Meeting held on 26th January 2017 1 - 8

8 Internal Audit Charter 2017/18 9 - 24

9 Internal Audit Plan 2017/18 25 - 30

10 Internal Audit Progress Report 31 - 44

11 KPMG - SCR External Audit Plan Final 2016/17 45 - 64

12 SCR CA Governance Review Activity 2016/17 65 - 72

13 SCR Draft Code of Corporate Governance 73 - 84

AUDIT COMMITTEE

18 REGENT STREET, BARNSLEY, S70 2HG

MINUTES OF THE MEETING HELD ON 26 JANUARY 2017

PRESENT:

Councillor Mark Rayner, Chesterfield BC (Vice Chair, in the Chair)

Councillor Jeff Ennis, Barnsley MBCCouncillor Chris Furness, Derbyshire DalesCouncillor Allan Jones, Doncaster MBCCouncillor George Lindars-Hammond, Sheffield CCCouncillor Ian Saunders, Sheffield City CouncilCouncillor Austen White, Doncaster MBC

Ruth Adams, SCR Executive TeamTim Cutler, KPMGClaire James, SCR Executive TeamMartin McCarthy, South Yorkshire Joint AuthoritiesAndrew Shirt, South Yorkshire Joint AuthoritiesEugene Walker, S151 OfficerRob Winter, Internal Audit

Apologies for absence were received from Councillors K Reid, N Gibson, S Mohammed, J Shephard, P Short and K Wyatt

SCR Combined AuthorityAudit Committee

26/01/17

1 WELCOME AND APOLOGIES

The Chair welcomed everyone to the January meeting of the Sheffield City Region Combined Authority Audit Committee.

Apologies for absence were noted as above.

2 URGENT ITEMS / ANNOUNCEMENTS

No urgent items were requested.

3 ITEMS TO BE CONSIDERED IN THE ABSENCE OF THE PUBLIC AND PRESS

None.

4 DECLARATIONS OF INTEREST BY MEMBERS

None received.

5 REPORTS FROM AND QUESTIONS BY MEMBERS

Councillor Furness asked if he could be provided with an update in relation to the legal action taken by Derbyshire County Council against Sheffield City Region Combined Authority, noting that this had delayed the election of a City Region Mayor.

R Adams confirmed that Leaders of the CA had considered the High Court judgement and its implications on the Sheffield City Region’s Devolution Deal at the beginning of January.

CA Leaders had agreed that it was not possible to hold a Mayoral election in May 2017, due to the time required to carry out the additional consultation required and independent legal advice being sought before the period of Purdah commencing at the beginning of March.

CA Leaders had agreed that work on preparing the necessary additional consultation would not take place until after the May 2017 local elections.

6 QUESTIONS FROM MEMBERS OF THE PUBLIC

None received.

7 MINUTES OF THE PREVIOUS MEETING HELD ON 21ST JULY 2016

RESOLVED – That the minutes of the Committee held on 21 July 2016 be agreed as an accurate record.


26/01/17

8 SCR UPDATED RISK MANAGEMENT STRATEGY AND RISK REGISTER

A report was received to provide an update to the Audit Committee regarding the status of the strategic risks presented at the meeting held in July 2016 and, in addition, updates on the progress made in developing and embedding the SCR’s risk management process.

R Adams provided Members with an update on several matters arising in relation to risk following the Audit Committee held on 21 July 2016.

It was reported that Oxford Economics had been commissioned by the CA to carry out a piece of work on the implications of ‘Brexit’. This work would cover a number of areas, including the implications for trade and investment; business support; regulations; investment on university research funding; any sectorial impacts; labour market concerns, and any other areas of uncertainty.

The work on fully understanding the implications of ‘Brexit’ was underway; an update would be made at a future meeting.

It had been determined that the HS2 route change was not a particular risk for the CA, and was more appropriate for individual local authorities. It was noted that the CA had supported Councils where the blight would be most felt with the revised route. Additionally, the CA had agreed to carry out consultation to investigate how blight could be minimised from the routes.

Members were provided with an update on the current position in respect of the CA’s most significant Risks:-

The concern rating for Risk 001‘Failure of Partnership working to deliver the expected outcome for the Combined Authority’ had been minimised to concern rating 3, due to the control measures in place.

The concern rating for Risk 002 ‘Lack of robust internal control frameworks’ had been minimised to concern rating 3, due to the CA continually reviewing its governance arrangements and reviewing its Governance and Accountability Framework which would be presented at the next Scrutiny Committee. Additionally, the CA’s Financial Regulations had been updated, along with the CA’s Constitution being reviewed.

The concern rating for Risk 003 ‘Failure to ensure that the CA benefits from an appropriate level of staffing, resource and capacity’ had reduced to concern rating 3. Members were informed that the SCR Leaders had agreed that the SCR Executive Team be restructured around three key focuses. It was confirmed that the restructure was currently taking and that progress would be made during the forthcoming quarter.

The concern rating for Risk 11 ‘Failure to ensure that the CA considers wider implications and outcome that relate to non-essential impacts such as social value and growth’ had reduced to a concern rating of 5.


26/01/17

Risk 009 ‘Failure to ensure that significant changes and associated opportunities to the structure of the CA in terms of an Elected Mayor and the Devolution Deal are maximised to provide a strengthened approach to governance arrangements’, continued to be a high risk and a high concern rating; this risk continued to be monitored by the CA.

Linked to Risk 009 was Risk 012 ‘Unstable finance base: income and expenditure’ which continued to be a high risk, due to the CA having a large capital programme and a far smaller revenue programme.

It was reported that the revenue which supports the infrastructure was built on a variety of funding; the bulk of which, from income that derived from Enterprise Zone Business Rates. It was confirmed that Enterprise Zone Business Rates would not be known until the end of January, which, dependent upon the outcome, made it very difficult for long term planning in the SCR Executive for the next financial year, due to it being an unstable income base.

The anticipation was that, with the Devolution Deal, the SCR would be in receipt of Gainshare, which would have provided a more stable base and enable longer term planning.

Councillor Jones asked for confirmation when the SCR would likely receive confirmation that the Gainshare would be available.

R Adams explained that, Government had confirmed that Gainshare would only be made available to the CA, if SCR Leaders consent to the SCR Devolution Order.

Councillor Furness asked when Members would receive details of the re-convened Scrutiny Committee. It was confirmed that Members would be canvassed for their availability shortly.

Members were provided with further information regarding the SCR Executive Team’s revised method of managing risk for the CA.

Members were asked for their opinion in relation to the provision of assurance as set out in section 7 of the CA’s Risk Management Strategy.

Section 7 set out how the CA would manage risk, with the aim of providing Members with greater assurance of the Risk Framework. Members noted section 8 of the Strategy set out the longer term objectives for the Governance and Compliance function in relation to Risk Management.

In parallel with the Strategic Risk Register, the SCR’s Single Assurance Framework ensured that appropriate processes and protocols were in place for investment decisions. The framework also set out the mechanisms used to make decisions to deliver the SCR’s Regional Growth Deal allocations and its Strategic Economic Plan (SEP) and included a comprehensive approach to the identification, assessment and management of risk at Programme and Project level.


26/01/17

It was noted that, following Audit Committee feedback and in line with the SCR’s evolving governance and control procedures, the SCR Executive Team had reviewed its approach to monitoring and managing risk against relevant governance themes that underpin the successful delivery of the SEP. Moving forward, the strategic risk management approach would focus on the effectiveness of, and compliance with, the components of the governance and control framework.

Members were informed that, further to endorsement by the Audit Committee, the Risk Policy and Risk Management Strategy would be presented to the Combined Authority for approval.

Further work was currently underway with the SCR Executive Team to embed Risk Management processes at a strategic, operational and project level.

Councillor Jones commented that there were no operational risks which appeared on the Risk Register; he queried why this was the case. He felt that Audit Committee Members should have a full oversight of both strategic and operational risks.

R Winter explained that, the responsibility of the Audit Committee was to seek assurances that there were good and effective Risk Management processes in place which would give Members the assurance that, whatever the risks are, these were being identified, assessed and managed. If an operational risk became unmanageable and its risk score escalated, it would be on the radar of the statutory officers and reflected in Audit Committee reporting.

R Adams confirmed that, if a risk became out of tolerance, it would be escalated and appear on the Strategic Risk Register.

In addition, following the conclusion of the organisational restructure, the senior leadership group would work with their teams to identify risks and embed risk management processes at an operational level, focussing on high risk programmes.

Risk Management training would be rolled-out to relevant team members over the coming weeks.

RESOLVED – That the Audit Committee:-

1. Reviewed the status of risks recorded on the current Risk Register.

2. Reviewed the progress made in developing the SCR’s Risk Management processes and the proposed approach to Risk Management going forward.

3. Endorsed the Risk Policy and Risk Management Strategy for recommendation to the Combined Authority.


26/01/17

9 INTERNAL AUDIT PLAN CONSULTATION 2017/18

The Committee considered a report which set out the annual audit planning process and requested nominations for projects for potential inclusion in the draft Internal Audit Plan 2017/18.

Members were requested to provide the Chair with any nominations for collation and notification to the Head of Internal Audit.

It was noted that the proposed plan for 2017/18 would be presented at the next meeting.

RESOLVED – That the Audit Committee noted the following recommendations detailed in the report:-

1. Members’ views were sought regarding projects for potential inclusion in the Internal Audit Plan 2017/18.

2. Members should pass nominations for the 2017/18 Internal Audit Plan through the Chair for notification to Internal Audit.

3. Members considered the proposed planning process and were satisfied that it is sufficiently robust that it will determine a value-adding audit plan, informed by risk and through consultation with appropriate senior management.

10 INTERNAL AUDIT PROGRESS REPORT

A report was received to inform the Committee of the Internal Audit work completed and in progress from 1st July 2016 to 6th January 2017, the position with regard to the implementation of recommendations, about planned audit work and the performance of the Team.

It was reported that to date, a total of 75 days had been delivered (of the 110 days planned). Due to the continued work in developing and implementing aspects of the SCRCA’s control and governance framework, much of the planned Internal Audit work was scheduled towards the end of the financial year. In addition, two compliance reviews had been undertaken, both being concluded during 2016/17.

Members noted that there were no longstanding recommendations to report at this time.

There was one change to the Audit Plan at this time; the review of IT arrangements had been deferred to 2017-18, due to management currently undertaking a fundamental review of this business area. A review of procurement arrangements would be undertaken in 2016-17.

RESOLVED – That the Audit Committee noted the contents of the report.


26/01/17

11 EXTERNAL AUDIT UPDATE

T Cutler informed the Committee that detailed planning conversations continued with the SCR Executive Team with regard to producing the 2016/17 Audit Plan. It was anticipated that the 2016/17 Audit Plan would be presented at the April meeting of the Committee.

Members were informed that there would be no planned changes to the scope of KPMG’s audit for this year. KPMG would be providing an audit on the Financial Statements Opinion and a Value for Money Conclusion. In relation to the Value for Money Conclusion it was confirmed that, one of the areas of focus for KPMG would be to obtain an updated understanding of progress in implementing the CA’s governance arrangements, given those exceptions around the Value for Money Conclusion given last year.

RESOLVED – That the Audit Committee noted the verbal update.

CHAIR

.

Purpose of Report

To inform the Committee of the Internal Audit Charter for 2017/18.

Freedom of Information and Schedule 12A of the Local Government Act 1972

Under the Freedom of Information Act this paper and any appendices will be made available under the Combined Authority Publication Scheme. This scheme commits the Authority to make information about how decisions are made available to the public as part of its normal business activities.

In this section it must be clear if:

A – the paper will be available under the Combined Authority Publication Scheme

B – the paper is exempt under section 1 to 7 of Schedule 12A to the Local Government Act 1972 (report author to specify which exemption applies and why)

C – the paper is exempt under Part II of the Freedom of Information Act 2000 (report author to specify which exemption applies and why)

Recommendation

That the Audit Committee consider the Internal Audit Charter and be satisfied that it meets the requirements of the Public Sector Internal Audit Standards and adequately represents and describes the required function to provide the Audit Committee and senior management with a professional service.

27th APRIL 2017

AUDIT COMMITTEE: INTERNAL AUDIT CHARTER 2017/18

http://www.legislation.gov.uk/ukpga/2000/36/part/II

1. Introduction

1.1 The update of the Charter has considered the requirements of the revised Public Sector Internal Audit Standards which became effective from the 1st April 2017.

The Charter, prepared by the Head of Internal Audit (HoIA) and complemented by regular reports and an annual report, are intended to give the Audit Committee assurances regarding how the Internal Audit function is resourced, managed, organised and delivers its responsibilities.

1.2 The Audit Committee considers the Charter annually as required by the Public Sector Internal Audit Standards (PSIAS).

This latest review has ensured that the Charter reflects the current working arrangements of the function but also the aspirations and developments necessary to ensure continuous improvement. The Charter will be made available to all employees through the Service’s Intranet site.

The Charter has been revised to also reflect the changes within the broad client base and the revised structure of the Service that became effective from 1st April 2017 following a fundamental review through the Council’s Future Council programme.

As well as to the SCRCA, the Internal Audit Team provides services to Barnsley MBC, Berneslai Homes, the South Yorkshire Police and Crime Commissioner, South Yorkshire Police Chief Constable, South Yorkshire Fire and Rescue Authority, South Yorkshire Pensions Authority and the South Yorkshire Passenger Transport Executive. Core Internal Audit coverage is now a 40:60 split between the Council and non-Council clients.

The Charter will undergo an annual review to ensure it remains reflective of current working arrangements and professional standards.

2. Implications

2.1 Financial

The charge for the Internal Audit service is estimated to be as planned and budgeted for and consequently there are no specific financial implications to consider.

2.2 Legal

There are no legal implications.

2.3 Risk Management

Management engagement and responses remain positive which helps support a positive assurance that where opportunities for control, risk or governance improvements are highlighted, these are embraced by management.

2.4 Equality, Diversity and Social Inclusion

There are no implications.

3. Appendices/Annexes

3.1 The Internal Audit Charter is attached at Appendix A

REPORT AUTHOR Rob Winter CPFAPOST Head of Internal Audit and Corporate Anti-Fraud

Officer responsible Sharon Bradley CMIIAOrganisation Audit Manager (SCRCA)

Email [email protected] 01226 773187

Background papers used in the preparation of this report are available for inspection at: Barnsley MBC Westgate Plaza One office, Barnsley.

Other sources and references: Public Sector Internal Audit Standards 2013 and revised global internal audit standards 2017.


1

BARNSLEY M.B.C.

INTERNAL AUDIT SERVICES

INTERNAL AUDIT CHARTER

2017 / 2018

The Barnsley MBC Internal Audit Service also provides services to a broad range of external organisations. The term 'organisation' is therefore used in the Charter to cover all clients both individually and collectively. Unless specifically referred to all aspects of the Charter apply to all client organisations.

For the purposes of Internal Audit activity, the term ‘board’ refers to the appropriate Audit Committee. The term ‘senior management’ refers to the Chief Executive and most senior directors or equivalent e.g. the Chief Constable and Senior Leadership Group; the Chief Fire Officer and Executive Team; or the Chief Executive and Senior Management Team.

Other senior posts such as the statutory Section 151 Officer / Director of Finance / Chief Finance Officer are used synonymously.

The Public Sector Internal Audit Standards (PSIAS) refer to the officer responsible for the Internal Audit function as the Chief Audit Executive. This role is undertaken by the Head of Internal Audit (HoIA).

2

INTERNAL AUDIT CHARTER

1. Introduction

The Internal Audit function is a key component of an organisation's governance framework. As such it aims to provide a professional and high quality objective and independent management support function in order to influence and contribute to the achievement of strategic and operational objectives. A key component of this support is the development and maintenance of excellent client relationships and adopting an innovative and flexible approach to the delivery of the function.

This Charter provides the framework for the conduct of the Internal Audit function and is applicable to all client organisations. This Charter will be reviewed annually by the relevant Audit Committee, or their equivalent to ensure it remains relevant to the demands and responsibilities of the client service and supports the relevant organisation's corporate objectives.

Each client organisation is responsible for establishing and maintaining appropriate risk management processes, internal control systems, accounting records and governance arrangements. Internal Audit plays a vital part in advising whether effective and efficient arrangements exist. The annual HoIA opinion, which informs the annual governance statement, both emphasises and reflects upon the importance of this aspect of Internal Audit work. The response to Internal Audit activity should, where deemed necessary, lead to the strengthening of the control environment and therefore contribute to the achievement of the corporate objectives, improvement, support innovation and change and enhance public accountability and transparency.

Vital components of a successful internal audit service include effective working relationships, maintaining professional independence and objectivity and working in partnership with management to assist in ensuring that an effective organisation-wide control environment exists. The Internal Audit service embraces this approach by effective communication and regular contact with its clients in order to help the organisation achieve its objectives.

2. The Purpose of the Charter

The Public Sector Internal Audit Standards (PSIAS) are mandatory guidance and constitute principles of the fundamental requirements for the professional practice of internal auditing and for evaluating the effectiveness of Internal Audit’s performance. An important element of these standards is the requirement to have a formal Charter.

The purpose of this Charter is to set out the purpose, authority and responsibility of the Internal Audit Service. In addition it also sets out the nature, objectives, outcomes and the scope of its activities within its client organisations. This therefore forms the basis of the terms of reference for the function.

3

3. Definition of Internal Audit

The PSIAS provides the following definition of Internal Audit:

“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes”.

This definition encourages a collaborative style of audit review which focuses on evaluating and improving the effectiveness of risk, control and governance and therefore goes significantly beyond basic compliance.

Allied to this definition are the 10 Core Principles for internal audit as defined in the International Standards for the Professional Practice of Internal Auditing (IPPF). These are:

Demonstrates integrity – through adherence to the code of ethics for internal auditors

Demonstrates competence and due professional care – having a comprehensive performance and professional development framework

Is objective and free from undue influence (independent) – through its organisational position, access rights and the status of the HoIA

Aligns with the strategies, objectives and risks of the organisation – adopting a risk-based approach to all work

Is appropriately positioned and adequately resourced – through access to senior management and the audit committee and having an appropriate level of resources / budget

Demonstrates quality and continuous improvement – meeting the requirements of the PSIAS in maintaining an appropriate quality assurance and improvement programme (QAIP)

Communicates effectively – through appropriate liaison and reporting channels with senior management and audit committees

Provides risk-based assurance – through a robust audit planning process and the consideration of risk and strategic and operational objectives

Is insightful, proactive and future-focussed – through effective and proportionate deployment of resources for research, adopting a ‘single point of contact/subject matter expert’ approach and undertaking appropriate consultancy services

Promotes organisational improvement – maximising the wider consultancy capacity of internal audit and ensuring a clear understanding of the operational and strategic context of each client organisation

How the Internal Audit service is structured, managed and operates aims to demonstrate how these core principles are met. The performance management

4

and accountability framework developed by the Service is how this will be demonstrated.

The IPPF has also provided a ‘mission statement’ for internal audit that sets out what it aspires to accomplish within an organisation through the definition and core principles. The mission is:

“To enhance and protect organisational value by providing risk-based and objective advice and insight”

4. Operational Context

The Barnsley Internal Audit Service operates within a challenging and diverse environment across a variety of client organisations to deliver the services each requires and to ensure it does so to high professional standards and demonstrating added value. The Service needs to be able to react and adapt to the rapid pace of change which is taking place both locally, regionally and nationally within each client organisation. Accordingly, the Charter includes the aspirations of the Internal Audit Service, which are to:

further develop and enhance working relationships particularly where a client organisation is undergoing significant change to ensure that the service is aware of and understands its needs and objectives

promote and support clients with regards to an increase in collaborative working

understand its position with respect to the organisation’s other sources of assurance and plan our work accordingly

be seen as a catalyst and support for change at the heart of the organisation

be the internal auditor of choice, delivering exceptional client service add value and assist the organisation in achieving its objectives be forward looking – knowing where the organisation wishes to be and

being aware of the relevant national agenda and its impact be innovative, insightful and challenging help to shape the ethics and standards of the organisation, reducing

bureaucracy whilst maintaining high standards of public accountability, transparency and governance

ensure the right resources are available, recognising that the skills mix, capacity, specialisms, qualifications and experience requirements all change constantly

ensure all staff are supported in undertaking relevant professional qualifications and continuous professional development to increase standards, efficiency and effectiveness

share best practice with other internal auditors, clients and other professional services (e.g. financial services) and

seek opportunities for joint working with other organisations’ auditors.

5

5. Scope of Internal Audit

The scope of internal auditing encompasses the examination and evaluation of any aspect of an organisation’s activities in order to assess the adequacy and effectiveness of the framework of governance, risk management, and internal control processes such that the HoIA can provide an annual opinion on the extent to which the organisation can rely on it.

6. Responsibilities and Objectives of Internal Audit

The responsibilities and objectives of Internal Audit are as follows:

i. To be a valuable asset to the organisation by supporting senior management in meeting their corporate responsibilities.

ii. To contribute to the assurances sought by those charged with governance in relation to the robustness and reliability of internal controls, risk management and governance to support the Annual Governance Statement (AGS).

iii. To support the Statutory Chief Finance Officer in discharging their duties.iv. To review, appraise and report on the extent to which the assets and

interests of the organisation are accounted for and safeguarded from loss and the suitability and reliability of financial and other management data and information.

v. To support the requirement to seek efficiency including the arrangements for achieving value for money and effective change management.

vi. To provide soundly based assurances to management on the adequacy and effectiveness of their internal control, risk and governance arrangements, with such assurances including information technology governance and ethical behaviour.

vii. To assess the adequacy and effectiveness of the organisation's contracts, procurement, commissioning and associated governance arrangements.

viii. To assess effectiveness of the corporate risk management process and make recommendations to improve and embed the process where required whilst ensuring that Internal Audit does not adopt management responsibilities for managing risks.

ix. To evaluate the risk of fraud, bribery and corruption and the manner and effectiveness of how it is managed by the organisation. In addition, to reduce the incidence of fraud, loss and irregularity by publicising the findings of fraud investigations to act as a deterrent and provide a quality corporate fraud and irregularity prevention, detection and investigation service.

x. To disseminate examples of best practice in the application of an effective control, risk and governance framework.

xi. To provide an Internal Audit advisory service intended to add wider organisational value and improve the effectiveness and efficiency of governance, risk management and control processes.

xii. To provide advice and an objective and supportive consulting service in respect of the development of new programmes and processes and / or significant changes to existing programmes and processes including the design of appropriate controls. This is usually achieved through

6

membership of Officer Groups, Governance and other Boards or working parties as well as direct contact with officers within services / functions / departments. Such advice and consultation work forms an increasingly important part of the audit plan.

xiii. To prepare timely, concise and informative reports to management to facilitate the improvement of the control environment.

xiv. To undertake Audit support activities in respect of assisting the Audit Committee (or equivalent) to discharge its responsibilities; monitoring the implementation of agreed recommendations; disseminating across the entity best practice and lessons learnt arising from its audit activities, and having oversight of the audit function.

7. Organisational Independence of Internal Audit

An independent approach and mindset is essential to the effectiveness of the Internal Audit function. To ensure this, Internal Audit will operate within a framework that allows:-

Unrestricted access to the 'Chief Executive'; the 'Chief Finance Officer'; the Chair of the Audit Committee and Audit Committee Members; individual Senior Management Officers; employees and the responsible External Auditor.

The HoIA reporting in his own name. Segregation from line operations.

The Internal Audit function has no sole or direct responsibility for developing or implementing procedures or systems and does not prepare records or engage in original line processing functions or activities.

Internal Auditors are generally not involved in undertaking non-audit activities and an Auditor will not be involved in the audit of any system or process for which they had previous operational responsibility for a period of two years. This principle will equally apply to any consultancy type assignments.

Audit responsibilities are periodically rotated to avoid over-familiarity and complacency but balanced to provide reasonable service continuity and resilience.

8. Code of Ethics

The IPPF advocates that internal auditors conform to a code of ethics to promote an ethical culture in the profession of internal auditing. This is an important concept given that the nature of internal auditing is one built on trust and respect under-pinning its independent and objective approach.

The four components of the Code of Ethics are:

Integrity:

In the conduct of audit work, Internal Audit staff will:

7

i. Perform their work with honesty, diligence and responsibility;ii. Observe the law and make disclosures expected by the law and the

profession;iii. Not knowingly be party to any illegal activity, or engage in acts that are

discreditable to the profession of internal auditing or the organisation;iv. Respect and contribute to the legitimate and ethical objectives of the

organisation.

Objectivity:

Internal Auditors must exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal Auditors must make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgements.

In the conduct of audit work internal auditors shall:

i. Not take part in any activity or relationship that may impair or be perceived to impair their unbiased assessment;

ii. Not accept anything that may impair or be perceived to impair their professional judgement

iii. Disclose all material facts known to them that if not disclosed may distort the reporting of activities under review

In addition, internal auditors will;

iv. Declare any real or perceived interests on an annual basis. A prompt is included at the assignment planning phase of each audit;

v. Comply with the Bribery Act 2010.

Confidentiality:

Internal auditors must respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.

Internal Auditors are expected to display confidentiality by:

i. Acting prudently when using information acquired in the course of their duties and protecting that information and;

ii. Not using information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organisation.

Competency:

Internal Auditors are expected to apply the knowledge, skills and experience needed in the performance of internal audit activities.

Internal auditors will demonstrate their competency by:

8

i. Only engaging in services for which they have the necessary knowledge, skills and experience;

ii. Performing internal audit services in accordance with the IPPF iii. Continually seeking to improve their proficiency, effectiveness and quality

of their services

In addition, internal auditors will:

iv. Be skilled in dealing with people at all levels and communicating audit, risk management and related issues effectively;

v. Exercise due professional care in performing their duties and;vi. Conform with the PSIAS. NB: Any non-conformance with the PSIAS will

be disclosed within the engagement results / output including the reasons for the non-conformance and the impact.

8. Accountability, Reporting Lines and Relationships of the Head of Internal Audit

Accountability:

In relation to organisations governed by public sector legislation, (e.g. the Accounts and Audit Regulations 2015, Regulation 5 and Police Reform and the Social Responsibility Act 2011), such organisations are responsible for maintaining an adequate and effective Internal Audit function. In practical terms this means that the HoIA is accountable to the ‘Chief Executive’ and Audit Committee.

Reporting Lines and Relationships:

Within Barnsley MBC as the direct employing organisation, the HoIA reports administratively to the Service Director – Finance and has strategic and operational responsibility for the Internal Audit function and fulfils the specific designated role of the HoIA for the Council.

This specific designated role and its responsibilities are replicated for each client organisation with the HoIA being responsible to a designated senior manager (usually the chief financial officer or chief executive) and accountable to the Audit Committee or other relevant executive body.

While audit plans are considered by a range of senior managers and the Audit Committees of each client organisation, the professional responsibility for Internal Audit coverage rests with the HoIA who may determine and change the Internal Audit Service’s own priorities as appropriate. The HoIA has a functional reporting line to each client Audit Committee Chairman, the 'Chief Executive' and SMT Members, or equivalent.

The HoIA reports periodically to each Audit Committee. The reports provide information in respect of:

9

i. Periodic reports detailing: the audits completed; an assurance opinion on the overall state of internal controls for that particular period along with any fundamental issues requiring management attention based on the work of internal audit; progress in implementing the audit work plan; the status of the implementation of agreed internal audit recommendations;

ii. An annual opinion on the internal control, risk management and governance arrangements in each client organisation highlighting any fundamental issues requiring management attention based on the work of internal audit as reported within the periodic reports and;

iii. An annual report summarising the outcome of the review of the effectiveness of the internal audit function which is required under the PSIAS.

Internal and External Audit activities will be coordinated to help ensure the adequacy of overall audit coverage and to minimise any duplication of effort. Periodic meetings and contact between Internal and External Audit will be held to discuss matters of mutual interest. External Audit will have full and free access to all Internal Audit plans, working papers and reports. Similarly the function will coordinate its activities with other regulatory / inspection bodies where relevant.

Where it is appropriate Internal Audit will liaise with other internal functions or inspectorates, to ensure work is co-ordinated, mutually beneficial and where applicable utilised for assurance purposes (e.g. HMIC).

It is important to stress the existence of Internal Audit does not diminish the responsibility of management to establish and maintain systems of internal control, effective risk management and governance arrangements to ensure that activities are conducted in a secure, efficient and well-ordered manner.

9. Arrangements for Anti Fraud, Corruption and Bribery

Arrangements for combatting fraud, bribery and corruption will be set out by management in each organisation's anti-fraud and corruption policies and other supporting guidance. The HoIA should be notified of all suspected or detected fraud, corruption, impropriety or other irregularity, in order to inform the annual Internal Audit opinion and the risk-based plan.

Internal Audit’s role in respect of fraud-related work is as follows:

i. In support of the organisation's anti-fraud, Whistleblowing, Money Laundering, bribery and corruption policies, Internal Audit prepares periodic guidance for managers and the Board;

ii. To undertake proactive fraud detection work in high risk areas as defined by the fraud risk assessment and management process;

iii. To co-ordinate Barnsley MBC's, SY Fire and Rescue Authority, SY Police, SYPCC and SY Pensions Authority response to the mandatory National Fraud Initiative (NFI) exercise;

iv. To contribute to corporate counter fraud arrangements and;v. In certain circumstances and where discussed and agreed with

management, Internal Audit (through the Corporate Anti-Fraud Team) assume a lead role in the investigation of alleged irregularities. Internal

10

Audit will provide guidance and support to management throughout the investigatory process. The balance of work between that undertaken by Internal Audit and management will be kept under review to ensure the most appropriate use of specialist resources. With this in mind it is anticipated that Internal Audit will spend increasingly less time undertaking routine investigations.

10. Consultancy Work

The definition of internal audit makes reference to it being a “consulting activity” and therefore such work needs to be carefully scoped and managed to ensure the core purpose and responsibilities of internal audit are not compromised.

The scoping of audit work will make it clear in what guise it will be performed, the methodology to be used and the format and nature of the reported outcomes.

Due regard of the requirements of the client will be considered to preserve and demonstrate internal audit objectivity and independence in any consultancy engagement.

This nature of work is however increasingly important and valued by clients and provides an additional way in which Internal Audit can provide and demonstrate wider value beyond basic controls assurance. Providing this support also clearly links to a number of the core principles about being insightful, forward-focussed, proactive, and being able to promote organisational improvement.

11. Authority of Internal Audit

In accordance with the PSIAS, the scope of Internal Audit allows that in fulfilment of audit responsibilities unrestricted coverage of all the organisation’s activities and unrestricted access to all functions, records, data, personnel, premises and assets of the organisation and its partner organisations, is granted in the course of audit work and as set out in relevant partnership agreements and contracts.

Internal Audit has the authority to obtain such information and explanations as it considers necessary to fulfil its responsibilities.

All records, documentation and information accessed in the course of undertaking internal audit activities are to be used solely for the conduct of these activities. The HoIA and staff are responsible and accountable for maintaining the confidentiality of the information they receive during the course of their work.

12. Appropriate Resourcing of Internal Audit

At least annually, the HoIA will submit to the 'Chief Executive' and the Audit Committee an Internal Audit plan for review and approval. The plan will consist of a work schedule and resource requirements for the next financial year. The plan will include the impact of any resource limitations and significant actual or planned changes.

11

The Internal Audit plan is developed utilising a risk-based methodology to determine the prioritisation of the audit work, including the input of senior management and the Audit Committee. Any material deviations from the approved Internal Audit plan will be communicated to the Audit Committee through periodic activity reports.

Should the HoIA have concerns regarding the resources of the Internal Audit function, he will raise these with the appropriate client Chief Executive and Chief Finance Officer. The inadequate resourcing of the internal audit function may result in the HoIA being unable to provide an annual opinion on a client’s internal control, risk and governance environment.

The current establishment of the Internal Audit Service comprises 17 FTEs:

Head of Internal Audit and Corporate Anti-Fraud2 Audit Managers5 Principal Auditors6 Auditors / Senior Auditors

Principal Auditor – Corporate Anti-Fraud2 Corporate / Senior Corporate Anti-Fraud Officers

13. Client Organisations

The Internal Audit Service provides an internal audit function to the following clients. An approximate number of planned days allocated to each of these client organisations for 2017/18 are shown below.

Client OrganisationApproximate Allocation of Planned Days

Barnsley MBC (excluding Corporate Fraud Team) Approx. 1,050

South Yorkshire Police Approx. 700

South Yorkshire Fire and Rescue Authority Approx. 250

South Yorkshire Pensions Authority Approx. 250

Sheffield City Region Combined Authority Approx. 120

South Yorkshire Passenger Transport Executive Approx. 200

Berneslai Homes Approx. 130

Corporate Anti-Fraud Team Approx. 560

Other Bodies:

The Internal Audit service will seek to expand the service by exploring opportunities to tender for internal audit work where there is a clear benefit in terms of operational synergies, economies of scale, service continuity and staff development. Consideration will always be given to ensure continuity and quality of service to existing clients.

12

14. Internal Audit Strategy

Whilst not a specific requirement of the PSIAS the Internal Audit Service also prepares a Strategy. This strategy has previously been an over-arching one covering all client organisations. Due to the increasing differences between clients, their operational contexts, pressures, priorities and requirements from Internal Audit, a specific strategy document has been prepared for each client organisation.

The audit strategy documents reflect closely the audit planning process and the context of the annual operational audit plans.

April 2017

.

Purpose of ReportThis report informs the Audit Committee of the Internal Audit plan for 2017/18 (Appendix A). The report includes a summary of audit activity in relation to the Authority.

This report briefly describes the rationale and process for setting the plan, that it is based on a risk assessment process, historical data and consultation.

The proposed Plan has been considered by the Statutory Officers Group on 10th April 2017.

The consideration and approval of the audit plan is one of the key responsibilities of the Audit Committee.

Freedom of Information and Schedule 12A of the Local Government Act 1972Under the Freedom of Information Act this paper and any appendices will be made available under the Combined Authority Publication Scheme. This scheme commits the Authority to make information about how decisions are made available to the public as part of its normal business activities.In this section it must be clear if: A – the paper will be available under the Combined Authority Publication Scheme

B – the paper is exempt under section 1 to 7 of Schedule 12A to the Local Government Act 1972 (report author to specify which exemption applies and why)C – the paper is exempt under Part II of the Freedom of Information Act 2000 (report author to specify which exemption applies and why)

RecommendationsIt is recommended that:-

i. the Internal Audit plan 2017/18 (Appendix A) is approved, acknowledging the need for the Head of Internal Audit to exercise his professional judgement during the year to apply the Plan flexibly according to priority, risk and resources available; and

ii. the Committee receives monitoring reports from the Head of Internal Audit to

demonstrate progress against the plan including information where the Plan has materially varied from the original Plan.

27th APRIL 2017AUDIT COMMITTEE: INTERNAL AUDIT PLAN 2017/18 REPORT


1. Introduction

1.1 One of the key aspects of the organisation and operation of Internal Audit is the preparation and delivery of an operational plan. The plan seeks to ensure an appropriate deployment of the allocated resources across the Authority taking into account known risks, organisational developments, projects and initiatives all supporting the fundamental need to assess the adequacy and effectiveness of the internal control, risk and governance environment and ultimately inform the Head of Internal Audit’s opinion for inclusion in the Annual Governance Statement (AGS).

1.2 Key to a sound risk based plan is to ensure it is developed in collaboration with management. The culture of a modern Internal Audit service is not about keeping its work secret - successful audit services are characterised by operating ‘with’ and ‘for’ management rather than doing it ‘to’ them. This Plan has therefore been prepared following consultation with a range of senior officers and as audit planning is a continuous process it has included the following:

Consideration of issues included in the risk register(s) together with mitigating controls.

Consideration of historical and topical issues as well as horizon scanning to attempt to identify any major issues that might affect the controls, risks or governance of the Authority.

Consideration of issues to assist the Section 151 Officer to fulfil his responsibilities and to meet other legal requirements.

Consultation with senior managers responsible for the delivery of services. Consultation with the Audit Committee with responsibility for overseeing

delivery of the work of the Internal Audit Team and with the responsibility for overseeing good governance within the Authority.

1.3 It is important to acknowledge at the outset that whilst great care and consideration is given to establish the operational plan each year, it is designed to be flexible. Good audit practice encourages the flexible use of limited resources reflecting the need to respond to emerging risk issues, requests for advice and assistance, and the need to investigate any irregularities should they arise.

1.4 As well as providing management with an overview of Internal Audit coverage in support of their risk concerns, the plan sets a framework to manage Internal Audit resources within the function. The plan gives Internal Audit staff a focus and a degree of certainty regarding what they will be doing. This lends itself to establish a robust training and development framework where Internal Audit staff can be allocated to jobs based on their skills, experience and emerging abilities. Internal Audit has a policy of regularly reviewing the skills needs of the Service and identifying the training and development necessary to meet these needs.

1.5 Further information is contained within the Audit Charter which sets out the nature, objectives, outcomes, responsibilities and scope of its activities within its client organisations. The Audit Charter is compiled in accordance with the Public Sector Internal Audit Standards (PSIAS) which contains mandatory guidance and principles behind the professional practice of internal auditing and for evaluating the effectiveness of Internal Audit’s performance. The Audit Charter for 2017/18

is included on the Audit Committee’s agenda.

1.6 Delivery of the service will be by Barnsley MBC who deliver services to the following ‘clients’:

Sheffield City Region Combined Authority; South Yorkshire Passenger Transport Executive; South Yorkshire Fire and Rescue Authority; South Yorkshire Police & Crime Commissioner South Yorkshire Police Chief Constable; South Yorkshire Pensions Authority; Barnsley MBC; and Berneslai Homes.

2. Internal Audit Plan 2017/18

2.1 The Audit Plan (Appendix A) has been prepared to ensure adequate coverage across a broad basis of Internal Audit work to support the assurances that management and the corresponding Audit Committee require and provides a total planned allocation of 120 days assigned to the Authority for 2017/18 whic will be monitored during the year.

2.2 Whilst the principle of the audit plan is one based on risk, there are a number of areas of work and therefore a proportion of the plan that are undertaken annually. The precise deployment of Audit resources may within these areas be risk based but the initial identification of these areas is somewhat pre-determined. These are:-

Audit Activity RationaleCore financial systems

This work is also required by the S151 officer and also considered by External Audit.

Corporate Governance

Annual provision for undertaking review work on the Annual Governance Statement process and risk management.

Advice, audit planning, management, follow up & feedback

Standard annual provisions for each client for general advice, annual and periodic planning, obtaining and dealing with feedback from audits along with the follow up of audit recommendations (as per the follow up protocol), preparation of Audit Committee reports, attendance at Audit Committee and other meetings

Contingency Days set aside for unplanned work or increases in the scope of planned work, including provision for undertaking special investigations and follow-up work.

2.3 In addition to the annual areas of work referred to in 2.2, consultation with the Management Team and Statutory Officers has identified key priority areas of work for Internal Audit, to provide the required assurances that the control framework is operating robustly within their particular business areas. A full list of planned work is attached to the report. The key areas of activity are:

Information governance assurance

Compliance with transparency requirements Programme / Performance Management Business Innovation Fund (BIF)

2.4 At the point of preparing the Plan it is not always easy or appropriate to specifiy a number of days against certain pieces of work. Given the flexibility underpinning the Plan approach and the need for Internal Audit to be able to respond to unforeseen events, the total number of indicative days are agreed with senior management relevant to budget provision and risk assessment with the understanding that during the year as and when individual pieces of work are scoped in detail, the precise number of days for each piece of work will be determined. Most pieces of work are likely to be between 10 and 20 days in duration to allow sufficient depth of coverage and therefore provide the greatest benefit and value. Equally, the flexibility within the Plan also extends to when work will be undertaken during the year, including the possibility of deferring work to the following financial year. All proposed changes to the Plan or when work will be undertaken will be discussed and agreed with management and reported within the Progress reports to the Audit Committee.

2.5 Themes have also been developed and applied to each auditable area. These have been based on the key areas of assurance as reflected in the annual governance statement process and therefore in support of those officers charged with lead responsibilities. The same themes are set up within the audit management system and linked to all findings and recommendations. Functionality within the system enables reports covering the defined themes to be produced on audit work completed during a given period. This serves as a source of assurance information for Internal Audit and the senior officers with lead responsibilities for compliance and monitoring e.g. having an information technology or systems theme enables the appropriate responsible officer to be provided with issues extracted from across all audits regarding the levels of compliance with IT/IS related controls and procedures.

2.6 As part of the delivery of the 2017/18 Audit Plan emphasis will continue on enhanced customer focus and liaison, which will include periodic attendance at relevant senior management team meetings to report on progress against planned work. Quarterly plan monitoring/progress reports will continue to be presented to the Audit Committee.


3.1 The report attached at Appendix A includes a detailed draft 2017/18 plan.






Sheffield City Region Combined Authority – Internal Audit Plan 2017/18

Client Business Unit / Service Assignment Title Outline Scope / Purpose Risk / Gov. Area

SCRCA Finance C/fwd Procurement Review To complete the 2016/17 review Fin. Mgt; Int. Controls; DQ; Legal

SCRCA Finance C/fwd Payroll Review To complete the 2016/17 review. Fin. Mgt; Int. Controls; DQ

SCRCA Service Wide Advice, Planning & Feedback, Follow Up of Recommendations & Client Liaison

Provision of advice, as and when requested. Day to day management of annual audit plan, including scheduling of resources and incorporating any revisions. Follow up and update of the status of recommendations from individual audit assignments. Attendance at Stat Officers Meeting, client rep meetings etc.

All

SCRCA Service Wide Annual Audit Planning 2018-19 To discuss and develop an agreed annual audit plan for 2018-19. All

SCRCA Service Wide Audit Committee Preparation of reports and attendance at the Audit Committee meetings. Liaison with the Chair of the Audit Committee.

All

SCRCA Service Wide AGS process To provide advice, support and guidance on the AGS process and arrangements. HoIA statement.

Ethical; Safeguarding; Fin. Mgt; Int. Controls;

DQSCRCA Service Wide Risk Management To provide assurance on the Risk Management Framework and process. To include

compliance testing.Fin. Mgt; Int. Controls;

DQ

SCRCA Finance Core Financial Systems To provide assurance that systems and controls are robust and operating effectively and efficiently. Risk based strategy, systems to be determined.

Fin. Mgt; Int. Controls; DQ

SCRCA TBD Information Governance To provide assurance that the information handled by the SCRCA is effectively and efficiently managed, adherence to legislation. To include the retention of documentation and data quality.

Ethical; Safeguarding; Fin. Mgt; Int. Controls;

DQSCRCA TBD Compliance with Transparency To provide assurance that the SCRCA is complying with the AAF guidelines.

Reduced scope - this will not extend to the compliance with the wider government transparency agenda compliance (e.g. publishing of procurement data, salaries etc).


SCRCA TBD BIF To provide assurance that the programme/project management arrangements are robust and operating effectively & efficiently. BIF delegations are set out and decisions reported to the CA.


SCRCA TBD Programme / Performance Management

To provide assurance that the capital programme (incl. Growth Hub) is being effectively and efficiently managed, with clearly defined roles & responsibilities assigned to Officers. To include performance management arrangements of projects.


SCRCA Service Wide Contingency General provision of days to accommodate changes in the scope of work, ad hoc requests beyond advisory and general unplanned work.

All

.

Purpose of Report

To inform the Committee of the Internal Audit work completed and in progress from 7th January 2017 to 31st March 2017, the position with regard to the implementation of recommendations, about planned audit work and the performance of the Team.



In this section it must be clear if:

A – the paper will be available under the Combined Authority Publication Scheme

B – the paper is exempt under section 1 to 7 of Schedule 12A to the Local Government Act 1972 (report author to specify which exemption applies and why)

C – the paper is exempt under Part II of the Freedom of Information Act 2000 (report author to specify which exemption applies and why)

Recommendations

It is recommended that Members consider the report and as necessary request further information and/or explanations from Internal Audit or Management.

27th APRIL 2017

AUDIT COMMITTEE: INTERNAL AUDIT PROGRESS REPORT


1. Introduction

1.1 As part of its core functions the Audit Committee oversees the work of the Internal Audit Team and receives various reports. The following have been provided to date:-

April 2016

IA Progress ReportIA Annual Plan Report 2016-17IA Charter & Strategy 2016-17

July 2016

IA Annual ReportIA Effectiveness ReportIA Progress Report

January 2017

IA Plan Consultation ReportIA Progress Report

1.2 Assurance Opinion

The Assurance Opinion applied for each piece of work is selected from the following range:-

Substantial; } Positive assurance Adequate; } Positive assurance

Limited; } Negative assurance No Assurance. } Negative assurance

The Assurance Opinion is primarily driven by the number and priority level of the recommendations made / agreed. The priority level of recommendations is described either as Fundamental, Significant or Merits Attention.

The Assurance Opinion is also influenced by whether the recommendations are in respect of the adequacy (or existence) of controls or the application of existing controls.

The final factor influencing the overall opinion is in relation to the controls assessed and whether the result of that assessment regards the effectiveness of the control as Good, Adequate, Limited or Poor.

2. Implications

2.1 Financial

The charge for the Internal Audit service is estimated to be as planned and consequently there are no financial implications to consider.

2.2 Legal


2.3 Risk Management

Management engagement and responses remain positive which helps support a positive assurance that where opportunities for control, risk or governance improvements are highlighted, these are embraced by management.

2.4 Equality, Diversity and Social Inclusion (Equality Act - Public Sector Equality Duty)

There are no implications.


3.1 The report attached at Appendix A includes:-

significant control or compliance issues; longstanding recommendations; a summary of the work completed and also work in progress since the previous

progress report; assurance opinions given and total recommendations made; recommendations followed-up by Internal Audit since the previous progress report; Internal Audit performance information.





Other sources and references: Internal Audit Charter & Strategy 2016-17, Annual Plan 2016-17, Internal Audit Reports, MK Insight (audit management system), Public Sector Internal Audit Standards 2013.

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/85041/equality-duty.pdf


APPENDIX AINTERNAL AUDIT PROGRESS REPORT

1. Annual Plan and Actual Comparison

The annual audit plan for 2016-17 was discussed and agreed in principle with the Executive Director, Section 151 Officer and Monitoring Officer. It was also reported to this Committee at the April 2016 meeting. The plan included a brief description of the work Internal Audit would undertake to support the SCRCA as it evolved during the year to design and embed its control, risk and governance framework arrangements. Each piece of work was to be more clearly defined and scoped as it commenced. In addition, the plan included compliance work to be undertaken by Internal Audit to provide Management and the Committee with assurances that the financial processes were operating effectively and efficiently. It was acknowledged by all parties that a higher number of days was required for 2016-17 (potentially circa. 120 days), to enable Internal Audit to support the SCRCA in establishing its governance framework.

At 31st March 2017, a total of 98 days have been delivered in relation to the planned work. This is time supporting management to develop and embed the governance framework and also the completion of six compliance reviews (fundamental financial systems 2015-16, skills capital grants, programme management and Sales Ledger 2016-17, Main Accounting 2016-17, Purchase Ledger 2016-17). Reviews of the SCRCA’s procurement arrangements and Payroll 2016-17 are currently being completed.

Due to the continued work in developing and implementing aspects of the SCRCA’s control and governance framework, much of the planned Internal Audit work was scheduled towards the end of the financial year. A further 17 days will actually be delivered early in the new audit year to complete the 2016/17 plan. The results of all the 2016/17 work will therefore be taken into account in the Annual Assurance Report to be considered by the Audit Committee in July.

2. Significant Control or Compliance issues to bring to the Audit Committee's Attention

No fundamental recommendations have been made within the completed pieces of work and therefore there are no specific control or compliance issues to bring to the Committee’s attention.

Of note for the Committee is the progress that management have made in the development and implementation of a range of governance related policies and procedures. Whilst not yet fully complete and embedded this is a marked improvement from the beginning of the year.

3. Longstanding Recommendations and Management Reponses

This section highlights to Members any recommendations that remain outstanding for 6 months or more following the original recommendation/agreed action target completion date and/or where the recommendation/agreed action target completion date has been subject to 3 revisions.

There are no longstanding recommendations to report at this time.

4. Completed Projects Since last Progress Report

Title of Audit & Date of Report Key Issues and Finding arising from the Audit Assurance

OpinionNo. & Priority of

RecsComments / Follow-up

ActionMain Accounting 2016-17

30/03/17

The review concluded that processes with regards to Main Accounting related transactions were generally operating effectively.

However, although all bank reconciliations had been completed, a concern was identified with regards to the failure to retain all completed Bank Reconciliations and supporting reports in a central location, resulting in an incomplete audit trail for Bank Reconciliations completed during 2016/17.

Substantial Fundamental 0

Significant 0

Merits Attention 1

To follow up the agreed action in due course.

Purchase Ledger 2016-17

24/03/17

The review concluded that the regulations and policies relevant to Purchase Ledger system were up to date, had been approved and were being complied with. In addition, financial transactions had been processed accurately and were supported by source documentation.

However, a concern was identified with regards to the management of vendor master data information within the financial management system (OEO), whereby there is currently no segregation / identifier to confirm which suppliers are utilised by the SCRCA and / or Sheffield City Council. Consequently, assurance cannot be provided that the details relating specifically to SCRCA’s suppliers are accurate and supported by source documentation. It is acknowledged that a new financial system (Integra) is being implemented and this will provide for the opportunity to establish the company with its own entity (i.e. company code) for improved segregation and clarity.

Adequate Fundamental 0

Significant 1

Merits Attention 0

To follow up the agreed action in due course.

5. Projects / Other work In Progress

Title of Audit or Nature of Audit Activity Key Objective(s) Status / Comment

Procurement Arrangements

To provide assurance that procurement processes are undertaken on a fair, open and transparent basis, comply with regulatory, policy and procedural requirements, and that all actions and decisions fully evidenced. In addition, to confirm that contracts exist and are being effectively managed. The review will include a walkthrough of the procurement arrangements to provide assurance that the processes are robust, efficient and effective.

Testing on site

Payroll 2016-17 The focus of the Internal Audit work will be on the governance, controls and risk management arrangements associated with the Payroll System.

The scope of this review is to provide assurance that the systems, processes and procedures in respect of the Payroll System are robust and operating effectively and efficiently. This includes the recharge arrangements from Barnsley MBC to the SCRCA for payments made to its employees.

Testing on site

Title of Audit or Nature of Audit Activity Key Objective(s) Status / Comment

Risk Management To provide advice and support to management with regards to developing a Risk Management Framework. A workshop has been held and a strategic risk register prepared for management.

In progress – continuous support

Assurance Map To provide advice and support to management with regards to developing an assurance map. In progress – continuous support

Ethical / Integrity Framework

To review the relevant policies and procedures, in conjunction with management, to identify any points for clarification / further consideration to ensure fully applicable and clear in terms of reporting lines etc. (i.e. BMBC policies as the SCR CA Officers are employed by BMBC).

Advisory - In progress

Governance Assurance Group

Attendance at the Governance Assurance Group meetings, to provide advice and also support to management with regards to its governance arrangements.


Client Liaison Attendance at meetings with the Executive Director, Section 151 Officer and Monitoring Officer, to manage and monitor the audit plan.


Audit Committee Preparation of reports and attendance at Audit Committee meetings. Throughout the year

6. Planned Work

The audit work undertaken during 2016-17 was generally in accordance with the agreed scheduling throughout the financial year. A couple of reviews were ongoing at the 31st March 2017 and days have been included within the 2017-18 audit plan to enable these to be completed during early quarter 1 of the financial year.

7. Cancelled / Deferred / Added Assignments

There were no changes to the audit plan during this period

8. Internal Audit Performance

The performance indicators for the fourth quarter are attached at Appendix C. Quarterly performance of the function is satisfactory and all PI’s for the year are either on or exceed target levels

There have been 2 returned feedback questionnaires for the jobs completed in the financial year to date. An analysis is included at Appendix B.

Table 1ASummary Activity Report

All Audit Reports Completed in each progress report period

Assurance Opinion 01/04/16 – 30/06/16 01/07/16-06/01/17 07/01/17-31/03/17 Cumulative

Substantial 0 1 (50%) 1 (50%) 2 (33%)Adequate 2 (100%) 1 (50%) 1 (50%) 4 (67%)Limited 0 0 0 0None 0 0 0 0TOTAL REPORTS 2 (100%) 2 (100%) 2 (100%) 6 (100%)

Total Recommendations

Number of Recommendations

01/04/16 – 30/06/16 01/07/16-06/01/17 07/01/17-31/03/17 Cumulative

Fundamental 0 0 0 0Significant 1 (17%) 0 1 (50%) 2 (18%)Merits Attention 5 (83%) 3 (100%) 1 (50%) 9 (82%)TOTAL 6 (100%) 3 (100%) 2 (100%) 11 (100%)

Table 1B

Recommendations Followed-up in the period 07/01/17 to 31/03/17

Reporting in the period

Recommendation Classification Followed- Up Completed by

Target DateCompleted After

Target DateNot Yet Completed – Revised Date Agreed

Awaiting ManagementResponse

FundamentalSignificantMerits Attention 2 (100%) 2 (100%)

Total 2 (100%) 2 (100%)

Table 1CTrend Analysis – All Periods - 2016/17

Assurance Opinions

2016/17 CumulativeP1 P2 P3 & 4 2016-17

% %%

%

Substantial 0 50 50 33Adequate 100 50 50 67Limited 0 0 0 0None 0 0 0 0

100 100 100 100

Recommendations

2016/17 CumulativeP1 P2 P3 & 4 2016/17No. No. No. %

Completed by target date 8 0 80Completed after target date 0 0 0Not yet completed - revised date agreed 0 2 20Awaiting Management Response* 0 0 0Total followed up 8 2 100

% Completed by Original Due Date (excl. *) N/A 100% 0%

Glossary (For Tables 1A – 1C)

1. Classification of Recommendations

Fundamental A recommendation requiring immediate action – imperative to ensuring the objectives of the system under review are met.

Significant A recommendation requiring action necessary to avoid exposure to a significant risk to the achievement of the objectives of the system under review.

Merits Attention A recommendation where action is advised to enhance control or improve operational efficiency.

2. Assurance Opinions

Level Control Adequacy Control Application

Substantial Assurance

Robust framework of controls exist that are likely to ensure that objectives will be achieved.

Controls are applied continuously or with only minor lapses.POSITIVE

OPINIONS Adequate Assurance

Sufficient framework of key controls exist that are likely to result in objectives being achieved, but the control framework could be stronger.

Controls are applied but with some lapses.

Limited Assurance

Risk exists of objectives not being achieved due to the absence of key controls in the system.

Significant breakdown in the application of key controls.NEGATIVE

OPINIONSNo Assurance Significant risk exists of objectives not being achieved due to the

absence of controls in the system.Fundamental breakdown in the application of all or most controls.

The assurance level applied is a judgement based on the overall assessment of the control environment.

Appendix B

Analysis of Internal Audit Feedback Received - period 07/01/17 – 31/03/17

Number ticks shown against each ‘score’ given

Very Good Good Acceptable Poor

A Audit Planning1 Relevance of the audit objectives 2

B Communication1 Consultation on scope and objectives of the audit 22 Communication during all aspects of the audit 23 Helpfulness co-operation of the auditor(s) 24 Professionalism of the auditor(s) 25 The auditor(s) demonstrated an appreciation of any

relevant issues concerning equality and diversity2

C Timing1 Duration of the audit 22 Timeliness of the audit report 2

D Quality of the audit report1 Format and clarity of audit report 22 Accuracy of the findings 1 13 Relevance of recommendations 1 14 Overall quality of the report 2

E Value of the audit1 Basic controls assurance the audit has provided 22 Added value given beyond basic controls

assurance2

F Overall Value of the audit1 Overall value of the audit 2

100%

Total Number of ‘ticks’ (A – F) 28 2Percentage 93 7

100

Returned Questionnaires:-Period 1 1Period 2 1Period 3 & 4 2Total 4

Appendix C

Ref. Indicator Frequency of Report

Target 2016/17

This Period

Year to Date

1.

1.1

2.

2.1

2.2

2.3

3.

3.1

Customer Perspective:

Percentage of questionnaire received noted “good” or “very good” relating to work concluding with an audit report. * Business Process Perspective:

Percentage of final audit reports issued within 10 working days of completion and agreement of the draft audit report. *

Percentage of chargeable time against total available.

Average number of days lost through sickness per FTE (Cumulative 45 days in total)

Continuous Improvement Perspective:

Personal development plans for staff completed within the prescribed timetable.

Quarterly

Quarterly

Quarterly

Quarterly

Annual

95%

80%

73%

6 days

100%

100%

100%

72%

1 day

100%

100%

100%

73%

<3 days

100%

* KPIs relate specifically to the SCRCA.

INTERNAL AUDIT PERFORMANCE INDICATORS FOR 2016/17 (QUARTER 4)

External Audit Plan 2016/2017

Sheffield City Region Combined Authority

April 2017

1

Document Classification: KPMG Confidential

© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a

Swiss entity. All rights reserved.

Headlines

Financial Statement Audit Value for Money Arrangements work£

There are no significant changes to the Code of Practice on Local Authority Accounting

in 2016/17, which provides stability in terms of the accounting standards the Authority

need to comply with.

Materiality

Materiality for planning purposes has been provisionally based on last year’s

expenditure and set at £2 million.

We are obliged to report uncorrected omissions or misstatements other than those

which are ‘clearly trivial’ to those charged with governance and this has been set

at £0.1 million.

Significant risks

Those risks requiring specific audit attention and procedures to address the

likelihood of a material financial statement error have been identified as:

The new core financial system.

Other areas of audit focus

Those risks with less likelihood of giving rise to a material error but which are

nevertheless worthy of audit understanding have been identified as:

Disclosure around retrospective restatement of Comprehensive Income and

Expenditure (CIES) , Movement in Reserves Statement (MiRS) and Expenditure

and Funding Analysis (EFA) note from 1 April 2016.

See pages 3 to 10 for more details including Pension Fund and PTE risks.

Logistics

£

Our risk assessment is ongoing and we will report VFM significant risks during our audit

or our risk assessment regarding your arrangements to secure value for money have

identified the following VFM significant risks:

There is a risk that as the Authority continues to develop its governance

arrangements these are not fully embedded and operational throughout the period.

See pages 11 to 15 for more details.

Our team is:

Tim Cutler – Partner

Alison Ormston – Senior Manager

Matt Ackroyd – Manager

Olivia Camm – Assistant manager

More details are on page 18.

Our work is being completed in four phases from December 2016 to September 2017

and our key deliverables are this Audit Plan and a Report to those charged with

Governance as outlined on page 17.

Our fee for the audit is £38,200 (£38,200 2015/2016) see page 16.

2




Financial Statements Audit

Our financial statements audit work follows a four stage audit process which is identified

below. Appendix 1 provides more detail on the activities that this includes. This report

concentrates on the Financial Statements Audit Planning stage of the Financial

Statements Audit.

Value for Money Arrangements Work

Our Value for Money (VFM) Arrangements Work follows a five stage process which is

identified below. Page 8 provides more detail on the activities that this includes. This report

concentrates on explaining the VFM approach for the 2016/17 audit and the findings of our

VFM risk assessment.

Introduction

Background and Statutory responsibilities

This document supplements our Audit Fee Letter 2016/17 presented to you in April 2016,

which also sets out details of our appointment by Public Sector Audit Appointments Ltd

(PSAA).

Our statutory responsibilities and powers are set out in the Local Audit and Accountability

Act 2014 and the National Audit Office’s Code of Audit Practice.

Our audit has two key objectives, requiring us to audit/review and report on your:

— Financial statements (including the Annual Governance Statement): Providing an

opinion on your accounts; and

— Use of resources: Concluding on the arrangements in place for securing economy,

efficiency and effectiveness in your use of resources (the value for money

conclusion).

The audit planning process and risk assessment is an on-going process and the

assessment and fees in this plan will be kept under review and updated if necessary.

Acknowledgements

We would like to take this opportunity to thank officers and Members for their continuing

help and co-operation throughout our audit work.

Substantive

ProceduresCompletion

Control

Evaluation

Financial

Statements Audit

Planning

Risk

Assessment

VFM

audit work

Identification

of significant

VFM risks

Conclude Reporting

3




Financial statements audit planning

Financial Statements Audit Planning

Our planning work takes place during December 2016 to February 2017. This involves

the following key aspects:

— Risk assessment;

— Determining our materiality level; and

— Issuing this audit plan to communicate our audit strategy.

Risk assessment

Professional standards require us to consider two standard risks for all organisations. We

are not elaborating on these standard risks in this plan but consider them as a matter of

course in our audit and will include any findings arising from our work in our

ISA 260 Report.

— Management override of controls – Management is typically in a powerful position to

perpetrate fraud owing to its ability to manipulate accounting records and prepare

fraudulent financial statements by overriding controls that otherwise appear to be

operating effectively. Our audit methodology incorporates the risk of management

override as a default significant risk. In line with our methodology, we carry out

appropriate controls testing and substantive procedures, including over journal

entries, accounting estimates and significant transactions that are outside the normal

course of business, or are otherwise unusual.

— Fraudulent revenue recognition – We do not consider this to be a significant risk for

combined authorities as there are limited incentives and opportunities to manipulate

the way income is recognised. We therefore rebut this risk and do not incorporate

specific work into our audit plan in this area over and above our standard fraud

procedures.

The diagram opposite identifies, significant risks and other areas of audit focus, which we

expand on overleaf. The diagram also identifies a range of other areas considered by our

audit approach.

Overleaf we also identify those areas of significant risk associated with the Passenger

Transport Executive whose financial results are consolidated into the Combined Authority

accounts.

£

Management

override of

controls

Revenue

recognition

Remuneration

disclosures

New financial

system

Key financial

systems

Bad debt

provision

Financial

Instruments

disclosures

Provisions

Compliance

with the

Code’s

disclosure

requirements

Keys: Significant risk Other area of audit focus Example other areas considered by our approach

Disclosures

associated with

retrospective

restatement of

CIES, EFA and

MiRS

4




Significant Audit Risks (Combined Authority)


likelihood of a material financial statement error.

Financial statements audit planning (cont.) £

Risk: New core financial system

The general ledger used by the Combined Authority has changed in year.

There has been a phased implementation of the new Integra system with the

existing OEO system still being used for a number of feeder systems e.g.

Accounts Payable and Receivable Ledgers.

There is a risk that account balances are incorrectly transferred from the old

ledger to the new ledger incorrectly leading to a misstatement. There is also a

risk that account balances are inaccurately coded due to an unfamiliarity with

the new coding structure.

Approach: We will reconcile the closing balance on the old ledger to the

opening balance on the new ledger to ensure no transactions were lost or

duplicated in the transfer. Testing of activity in the year will verify that the

correct codes have been used both for the transfer and subsequent activity.

KPMG specialists will review the controls around the new system to ensure

users are appropriately recognised. We shall also review the ‘link’ between the

old OEO and other feeder systems to the new ledger to ensure data is

transferred as required.

Significant Audit Risks (Pension Fund)

Those risks requiring specific audit attention and procedures to address the likelihood

of a material financial statement error.

Risk : Continuing issues with the implementation of the Pensions Administration

System

The implementation of the pensions administration system in 2014/15 caused problems

for the Authority and, on implementation, it did not operate as designed. Workaround

systems were put in place, for example on pensioners payroll to ensure members

receive their entitlements.

As part of the 2015/16 audit, KPMG IT specialists undertook testing in respect of the

migration of data from the old Heywoods Pension system to the new Civica Pension

system. Their work identified a number of issues and we raised three

recommendations. The exceptions noted contributed to a lack of assurance over

completeness and accuracy for the migration from the old to new Pension systems.

Discussions with officers during 2016/17 indicate that significant progress has been

made in addressing the problems arising from the implementation although there

remain some outstanding issues such as backlogs in processing.

Approach : As part of our audit of the Pension Fund, we will

• undertake a walkthrough of the system to identify the controls in place in relation to

member details, benefits payable and contributions;

• test the operating effectiveness of relevant system controls;

• use KPMG IT specialists to review the progress the Authority has made during the

year in addressing our recommendations; and

• test benefits payable and contributions receivable substantively at the year end.

5




Significant Audit Risks (Passenger Transport Executive)


likelihood of a material financial statement error.


Risk : Significant changes in the pension liability due to LGPS Triennial Valuation

During the year, the Local Government Pension Scheme for South Yorkshire PTE

(the Pension Fund) has undergone a triennial valuation with an effective date of

31 March 2016 in line with the Local Government Pension Scheme

(Administration) Regulations 2013. The Authority’s share of pension’s assets and

liabilities is determined in detail, and a large volume of data is provided to the

actuary in order to carry out this triennial valuation.

The pension liability numbers to be included in the financial statements for

2016/17 will be based on the output of the triennial valuation rolled forward to 31

March 2017. For 2017/18 and 2018/19 the actuary will then roll forward the

valuation for accounting purposes based on more limited data.

There is a risk that the data provided to the actuary for the valuation exercise is

inaccurate and that these inaccuracies affect the actuarial figures in the accounts.

Most of the data is provided to the actuary by South Yorkshire Pension Authority,

who administer the Pension Fund.

Approach : As part of our audit, we will agree any data provided by the Authority

to the actuary, back to the relevant systems and reports from which it was

derived, in addition to checking the accuracy of this data.

We will also liaise with the Pension Fund Audit Team, who are the auditors of the

Pension Fund, where this data was provided by the Pension Fund on the

Authority’s behalf to check the completeness and accuracy of such data.

Significant Audit Risks (Passenger Transport Executive)


of a material financial statement error.

Risk: Valuation of Property, Plant & Equipment

At 31 March 2016 the Authority was reporting Property, Plant and Equipment with a

value of £109.737m, representing the large majority of assets held on the Balance

Sheet. It is the Authority’s policy to revalue assets at a minimum every 5 years on a

rolling basis, ensuring that the value of assets held on the balance sheet is not

materially different to the current value at year end.

There is an element of judgement exercised by the authority in determining whether

assets require a valuation in year and also with regards to the assumptions made by

the valuer in determining a value for the assets.

The ongoing tram/train project will progress during the year and the project will near

completion. There is a risk that this is categorised incorrectly on the financial

statements and the year end valuation provided is not a fair reflection of the project.

Given the materiality in value and the judgement involved in determining the carrying

amount we have determined a significant risk with regards to this account.

Approach:

We shall:

-Assess the qualifications and approach of the valuer used by the Authority;

-Test the accuracy and completeness of the Authority’s asset register through review of

the Authority’s asset verification exercise and the physical inspection of any significant

new additions;

-Review the instructions provided to the valuer;

-Consider the appropriateness of the valuation basis adopted e.g. should fair value

have been used;

-Understand the classification of the tram/train project;

-Understand the basis of any impairments that might occur and whether they comply

with the Code; and

-Review the capitalisation of major expenditure in the year.

6





Other areas of audit focus (Group)

Those risks with less likelihood of giving rise to a material error but which are nevertheless worthy of audit

understanding.

Disclosures associated with retrospective restatement of CIES, EFA and MiRS

During past years, CIPFA has been working with stakeholders to develop better accountability through

the financial statements as part of its ‘telling the whole story’ project. The key objective of this project

was to make Local Government accounts more understandable and transparent to the reader in terms

of how the Authorities are funded and how they use their funding to serve the local population. The

outcome of this project resulted in two main changes in respect of the 2016-17 Local Government

Accounting Code (Code) as follows:

• Allowing combined authorities to report on the same basis as they are organised by removing the

requirement for the Service Reporting Code of Practice (SeRCOP) to be applied to the

Comprehensive Income and Expenditure Statement (CIES); and

• Introducing an Expenditure and Funding Analysis (EFA) which provides a direct reconciliation

between the way combined authorities are funded and prepare their budget and the CIES. This

analysis is supported by a streamlined Movement in Reserves Statement (MIRS) and replaces the

current segmental reporting note.

As a result of these changes, retrospective restatement of CIES (cost of services) , EFA and MiRS is

required from 1 April 2016 in the Statement of Accounts.

New disclosure requirements and restatement of accounts require compliance with relevant guidance

and correct application of applicable Accounting Standards.

Though less likely to give rise to a material error in the financial statements, this is an important material

disclosure change in this year’s accounts, worthy of audit understanding.

Approach :

As part of our audit ;

• We will assess how the Authority has actioned the revised disclosure requirements for the CIES,

MiRS and the new EFA statement as required by the Code; and

• We will check the restated numbers and associated disclosures for accuracy ,correct presentation

and compliance with applicable Accounting Standards and Code guidance.

Other areas of audit focus (Passenger Transport Executive)

Those risks with less likelihood of giving rise to a material error but which

are nevertheless worthy of audit understanding.

Concessionary Travel

During 2015/16 expenditure on concessionary travel was circa £34m

amounting to 31% of Gross Transport Expenditure.

There has been an increase in the rate charged to concessions for travel

across South Yorkshire, therefore, this has led to an increased amount to

be reimbursed by the Executive for each concession. This increase in

price to be reimbursed per concession is offset in the total movements as

the general trend for use of public transport decreases.

Approach :

As part of our audit ;

-The payments for concessionary travel vary across different transport

providers and we will seek to understand each contract and the controls

in place at the Executive to monitor the amounts charged; and

-We will assess payments throughout the year and agree to supporting

evidence.

7





Other areas of audit focus

Those risks with less likelihood of giving rise to a material error but which are

nevertheless worthy of audit understanding.

Compliance with the Code’s requirements (Pension Fund)

The format of the Fund Account and the Net Asset Statement have been updated

for consistency with the new Financial Reports of Pension Schemes – A Statement

of Recommended Practice 2015

Approach :

We will assess the Pension Fund statements against the new format.

Valuation of Unquoted Investments (Pension Fund)

There is a higher risk of material misstatement in the valuation of level two and level

three investments.

Approach :

We will test a sample of unquoted investments, focussing the sample on those in

the higher risk category. Our testing will consider the classification of the

investments, the valuation approach and the adequacy of the evidence to support

the valuation.

8




Financial statements audit planning (cont.)Materiality

We are required to plan our audit to determine with reasonable confidence whether or not

the financial statements are free from material misstatement. An omission or misstatement

is regarded as material if it would reasonably influence the user of financial statements.

This therefore involves an assessment of the qualitative and quantitative nature of

omissions and misstatements.

Generally, we would not consider differences in opinion in respect of areas of judgement

to represent ‘misstatements’ unless the application of that judgement results in a financial

amount falling outside of a range which we consider to be acceptable.

Materiality for planning purposes has been set at £2 million (£2 million in 2015/16) for the

Authority’s accounts, which equates to 1.7 percent of gross expenditure.

For the Authority, materiality for planning purposes has been set at £2 million which

equates to 1.7 percent of gross expenditure and for the Pension Fund materiality has been

set at £3 million.

Local Authority’s aim is not to maximise profits as there are no shareholders. The services

LAs provide to the local communities are mainly driven by a mix of government

funding/grants and local income. The measure of services provided by the CA are

reflected by its expenditure which is a key benchmark for the local people and the readers

of Sheffield City Region Combined Authority’s accounts to assess its performance and

services to the public.

We have also considered other benchmarks, such as gross income, which is not

considered relevant, as income is partly funded through central government grants, which

is not as relevant to the local population and readers of the financial statements. Other

metrics considered include net assets. Due to the nature of the entity, which is service

delivery to the local community, the net assets benchmark is not the most reflective of the

core purpose of the Authority. Therefore, the most appropriate benchmark for Sheffield City

Region Combined Authority is judged as being gross expenditure.

We design our procedures to detect errors in specific accounts at a lower level of precision.

Reporting to the Audit Committee

Whilst our audit procedures are designed to identify misstatements which are material to

our opinion on the financial statements as a whole, we nevertheless report to the Audit

Committee any unadjusted misstatements of lesser amounts to the extent that these are

identified by our audit work.

£

Under ISA 260(UK&I) ‘Communication with those charged with governance’, we are obliged to

report uncorrected omissions or misstatements other than those which are ‘clearly trivial’ to

those charged with governance. ISA 260 (UK&I) defines ‘clearly trivial’ as matters that are

clearly inconsequential, whether taken individually or in aggregate and whether judged by any

quantitative or qualitative criteria.

In the context of the Authority, we propose that an individual difference could normally be

considered to be clearly trivial if it is less than £0.1 million ( PY £0.1m).

In the context of the Pension Fund, we propose that an individual difference could normally be

considered to be clearly trivial it is less than £0.15m.

If management have corrected material misstatements identified during the course of the audit,

we will consider whether those corrections should be communicated to the Audit Committee to

assist it in fulfilling its governance responsibilities.

We note that separate materiality levels are set for the Combined Authority and the Pension

Fund recognizing that whilst the Pension Fund accounts are appended to the Combined

Authority’s financial statements, its results are not consolidated into the Combined Authority’s

results and therefore do no impact upon its financial position.

2016/17

£118,570k

0

50

100

150

200

Materiality for the Authority

based on prior year gross

expenditure

Individual errors,

where identified,

reported to

Audit Committee

Procedures

designed to detect

individual errors

£0.1m

£2m

£,000’s

£118,570k

2015/16

9





Group audit

In addition to the Authority we deem South Yorkshire Passenger Transport Execuitve

to be significant in the context of the group audit.

Whilst the Pension Fund accounts are appended to the Combined Authority financial

statements these results are not consolidated into the Group and therefore we do not

consider the Pension Fund to be a significant component of the Group.

We will report the following matters in our Report to those charged with Governance:

Any deficiencies in the system of internal controls or instances of fraud which the

subsidiary auditors identify; and

Any limitations on the group audit, for example, where our access to information may

have been restricted..

10




Value for money arrangements work

Background to approach to VFM work

The Local Audit and Accountability Act 2014 requires auditors of local government bodies to be satisfied that the authority ‘has made proper arrangements for securing economy,

efficiency and effectiveness in its use of resources’.

This is supported by the Code of Audit Practice, published by the NAO in April 2015, which requires auditors to ‘take into account their knowledge of the relevant local sector as a whole,

and the audited body specifically, to identify any risks that, in the auditor’s judgement, have the potential to cause the auditor to reach an inappropriate conclusion on the audited body’s

arrangements.’

The VFM approach is fundamentally unchanged from that adopted in 2015/2016 and the process is shown in the diagram below. The diagram overleaf shows the details of

the criteria for our VFM work.

No further work required

Continually re-assess potential VFM risks

£

VFM audit risk

assessment

Financial statements

and other audit work

Identification of

significant VFM

risks (if any)

Conclude on

arrangements to

secure VFM

Assessment of work by other

review agencies

Specific local risk based work

VF

M c

on

clu

sio

n

11




Value for money arrangements work (cont.) £

Informed

decision

making

Working

with

partners

and third

parties

Sustainable

resource

deployment

Overall criterion

In all significant respects, the audited body had proper arrangements to ensure it took

properly informed decisions and deployed resources to achieve planned and

sustainable outcomes for taxpayers and local people.

Proper arrangements:

- Acting in the public interest, through

demonstrating and applying the principles and

values of sound governance.

- Understanding and using appropriate and

reliable financial and performance information

to support informed decision making and

performance management.

- Reliable and timely financial reporting that

supports the delivery of strategic priorities.

- Managing risks effectively and maintaining a

sound system of internal control.


- Planning finances effectively to support the

sustainable delivery of strategic priorities and

maintain statutory functions.

- Managing and utilising assets to support the

delivery of strategic priorities.

- Planning, organising and developing the

workforce effectively to deliver strategic

priorities.


- Working with third parties effectively to deliver

strategic priorities.

- Commissioning services effectively to support

the delivery of strategic priorities.

- Procuring supplies and services effectively to

support the delivery of strategic priorities.

12




Value for money arrangements work (cont.)£

VFM audit stage Audit approach

VFM audit risk assessment We consider the relevance and significance of the potential business risks faced by all combined authorities, and other risks that apply specifically to

the Authority. These are the significant operational and financial risks in achieving statutory functions and objectives, which are relevant to auditors’

responsibilities under the Code of Audit Practice.

In doing so we consider:

The Authority’s own assessment of the risks it faces, and its arrangements to manage and address its risks;

Information from the Public Sector Auditor Appointments Limited VFM profile tool;

Evidence gained from previous audit work, including the response to that work; and

The work of other inspectorates and review agencies.

Linkages with financial

statements and other

audit work

There is a degree of overlap between the work we do as part of the VFM audit and our financial statements audit. For example, our financial

statements audit includes an assessment and testing of the Authority’s organisational control environment, including the Authority’s financial

management and governance arrangements, many aspects of which are relevant to our VFM audit responsibilities.

We have always sought to avoid duplication of audit effort by integrating our financial statements and VFM work, and this will continue. We will

therefore draw upon relevant aspects of our financial statements audit work to inform the VFM audit.

Identification of

significant risks

The Code identifies a matter as significant ‘if, in the auditor’s professional view, it is reasonable to conclude that the matter would be of interest to the

audited body or the wider public. Significance has both qualitative and quantitative aspects.’

If we identify significant VFM risks, then we will highlight the risk to the Authority and consider the most appropriate audit response in each case,

including:

Considering the results of work by the Authority, inspectorates and other review agencies; and

Carrying out local risk-based work to form a view on the adequacy of the Authority’s arrangements for securing economy, efficiency and

effectiveness in its use of resources.

13




Value for money arrangements work (cont.)£

VFM audit stage Audit approach

Assessment of work by other

review agencies

and

Delivery of local risk based

work

Depending on the nature of the significant VFM risk identified, we may be able to draw on the work of other inspectorates, review agencies and other

relevant bodies to provide us with the necessary evidence to reach our conclusion on the risk.

If such evidence is not available, we will instead need to consider what additional work we will be required to undertake to satisfy ourselves that we

have reasonable evidence to support the conclusion that we will draw. Such work may include:

Meeting with senior managers across the Authority;

Review of minutes and internal reports; and

Examination of financial models for reasonableness, using our own experience and benchmarking data from within and without the sector.

Concluding on VFM

arrangements

At the conclusion of the VFM audit we will consider the results of the work undertaken and assess the assurance obtained against each of the VFM

themes regarding the adequacy of the Authority’s arrangements for securing economy, efficiency and effectiveness in the use of resources.

If any issues are identified that may be significant to this assessment, and in particular if there are issues that indicate we may need to consider

qualifying our VFM conclusion, we will discuss these with management as soon as possible. Such issues will also be considered more widely as part

of KPMG’s quality control processes, to help ensure the consistency of auditors’ decisions.

Reporting On the following page, we report the results of our initial risk assessment. We will update our assessment throughout the year should any further

issues present themselves and report against these in our ISA260.

We will report on the results of the VFM audit through our ISA 260 Report. This will summarise any specific matters arising, and the basis for our

overall conclusion.

The key output from the work will be the VFM conclusion (i.e. our opinion on the Authority’s arrangements for securing VFM), which forms part of our

audit report.

14




Value for money arrangements work Planning

Significant VFM Risks


that proper arrangements are not in place to deliver value for money.

Corporate Governance Arrangements (Group)

Risk

Our VFM opinion for the 2015/16 period was qualified due to two key deficiencies at

the authority, namely:

- A Corporate Code of Governance had not been established; and

- A robust risk management process had not been operational and embedded at

the Authority throughout the period e.g. the authority’s first risk register had only

been presented to Audit Committee in July 2016.

We understand from discussion with officers that some progress has been made

towards embedding these key processes in year, including the provision of a report

from an external consultant with several recommendations around governance

structures.

There is a risk that further improvements have not been made as required and that

these have not been in place for the full financial year.

Approach

We shall review the Governance framework in place, including the risk management

processes. We shall assess whether these were in place and operating effectively

throughout the financial year.

15




Other matters

Whole of government accounts (WGA)

We are required to review your WGA consolidation and undertake the work specified under

the approach that is agreed with HM Treasury and the National Audit Office. Deadlines for

production of the pack and the specified approach for 2016/17 have not yet been

confirmed.

Elector challenge

The Local Audit and Accountability Act 2014 gives electors certain rights. These are:

— The right to inspect the accounts;

— The right to ask the auditor questions about the accounts; and

— The right to object to the accounts.

As a result of these rights, in particular the right to object to the accounts, we may need to

undertake additional work to form our decision on the elector's objection. The additional

work could range from a small piece of work where we interview an officer and review

evidence to form our decision, to a more detailed piece of work, where we have to

interview a range of officers, review significant amounts of evidence and seek legal

representations on the issues raised.

The costs incurred in responding to specific questions or objections raised by electors is

not part of the fee. This work will be charged in accordance with the PSAA's fee scales.

Our audit team

Our audit team will be led by Tim Cutler whom will add a fresh perspective to the

Combined Authority. Appendix 2 provides more details on specific roles and contact details

of the team.

Reporting and communication

Reporting is a key part of the audit process, not only in communicating the audit findings

for the year, but also in ensuring the audit team are accountable to you in addressing the

issues identified as part of the audit strategy. Throughout the year we will communicate

with you through meetings with the finance team and the Audit and Standards Committee.

Our communication outputs are included in Appendix 1.

Independence and Objectivity

Auditors are also required to be independent and objective. Appendix 3 provides more

details of our confirmation of independence and objectivity.

Audit fee

Our Audit Fee Letter 2016/2017 presented to you in April 2016 first set out our fees for the

2016/2017 audit. This letter also sets out our assumptions.

Our audit fee may be varied later, subject to agreement with PSAA, for changes in the

Code, specifically this year the changes in relation to the disclosure associated with

retrospective restatement of CIES, EFA and MiRS. If such a variation is agreed with PSAA,

we will report that to you in the due course.

The planned audit fee for the Combined Authority Group in 2016/17 is £38,200. This is the

same fee as 2015/2016.

The planned audit fee for 2016/17 is £21,000 for the Pension Fund. (2015/16 £21,000).

The planned audit fee for 2016/17 is £

Our audit fee includes our work on the VFM conclusion and our audit of the Authority’s

financial statements.

16




Appendix 1: Key elements of our financial statements audit approach

Driving more value from the audit through data and

analytics

Technology is embedded throughout our audit approach

to deliver a high quality audit opinion. Use of Data and

Analytics (D&A) to analyse large populations of

transactions in order to identify key areas for our audit

focus is just one element. We strive to deliver new

quality insight into your operations that enhances our

and your preparedness and improves your collective

‘business intelligence.’ Data and Analytics allows us to:

— Obtain greater understanding of your processes, to

automatically extract control configurations and to

obtain higher levels assurance.

— Focus manual procedures on key areas of risk and

on transactional exceptions.

— Identify data patterns and the root cause of issues to

increase forward-looking insight.

We anticipate using data and analytics in our work

around key areas such as journals. We also expect to

provide insights from our analysis of these tranches of

data in our reporting to add further value from our audit.

CompletionPlanning Control evaluation Substantive testing

Co

mm

un

ica

tio

nA

ud

it w

ork

flo

w

Continuous communication involving regular meetings between Audit Committee, Senior Management and audit team

Initial planning

meetings and

risk assessment

Audit strategy

and planAnnual Audit

Letter

Interim report

(if appropriate)ISA 260 (UK&I)

Report

Interim audit

Year end audit of

financial

statements and

annual report

Sign

audit

opinion

Perform risk

assessment

procedures

and identify

risks

Determine

audit strategy

Determine

planned audit

approach

Understand accounting

and reporting activities

Evaluate design and

implementation of

selected controls

Test operating

effectiveness of selected

controls

Assess control risk and

risk of the accounts

being misstated

Plan substantive procedures

Perform substantive

procedures

Consider if audit evidence is

sufficient and appropriate

Perform completion

procedures

Perform overall

evaluation

Form an audit opinion

Audit Committee

reporting

Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec

D&A

ENABLED

AUDIT

METHODOLOGY

17




Appendix 2: Audit team

Your audit team has been drawn from our specialist public sector assurance department. Alison and Matt were both part of the Sheffield City Region Combined Authority

audit last year and will provide continuity. Tim Cutler and Olivia Camm will add a fresh perspective to the audit.

Name Tim Cutler

Position Partner

‘My role is to lead our team and ensure the delivery

of a high quality, valued added external audit

opinion.

I will be the main point of contact for the Audit and

Standards Committee and S151 Officer.’

Tim Cutler

Partner

Tel: 0116 246 4281

Email: [email protected]

Name Alison Ormston

Position Senior Manager

‘I provide quality assurance for the audit work and

specifically any technical accounting and risk

areas.

I will work closely with Tim to ensure we add value.

I will liaise with the Director of Finance and other

Executive Directors.’Alison Ormston

Senior Manager

Tel: 0113 231 3942


Name Olivia Camm

Position Assistant Manager

‘I will be responsible for the on-site delivery of our

work and will supervise the work of our audit

assistants.’

Olivia Camm

Assistant Manager

Tel: 0113 231 3017


Name Matt Ackroyd

Position Manager

‘I provide quality assurance for the audit work and

specifically any technical accounting and risk

areas.

I will work closely with the Tim and Alison to

ensure we add value.

I will liaise with the Director of Finance and other

Executive Directors.’Matt Ackroyd

Manager

Tel: 0113 231 3625


18




Appendix 3: Independence and objectivity requirements

Independence and objectivity

Professional standards require auditors to communicate to those charged with governance,

at least annually, all relationships that may bear on the firm’s independence and the

objectivity of the audit engagement partner and audit staff. The standards also place

requirements on auditors in relation to integrity, objectivity and independence.

The standards define ‘those charged with governance’ as ‘those persons entrusted with the

supervision, control and direction of an entity’. In your case this is the Audit and Standards

Committee.

KPMG LLP is committed to being and being seen to be independent. APB Ethical

Standards require us to communicate to you in writing all significant facts and matters,

including those related to the provision of non-audit services and the safeguards put in

place, in our professional judgement, may reasonably be thought to bear on KPMG LLP’s

independence and the objectivity of the Engagement Lead and the audit team.

Further to this auditors are required by the National Audit Office’s Code of Audit Practice to:

— Carry out their work with integrity, independence and objectivity;

— Be transparent and report publicly as required;

— Be professional and proportional in conducting work;

— Be mindful of the activities of inspectorates to prevent duplication;

— Take a constructive and positive approach to their work; and

— Comply with data statutory and other relevant requirements relating to the security,

transfer, holding, disclosure and disposal of information.

PSAA’s Terms of Appointment includes several references to arrangements designed to

support and reinforce the requirements relating to independence, which auditors must

comply with. These are as follows:

— Auditors and senior members of their staff who are directly involved in the

management, supervision or delivery of PSAA audit work should not take part in

political activity.

— No member or employee of the firm should accept or hold an appointment as a

member of an audited body whose auditor is, or is proposed to be, from the same firm.

In addition, no member or employee of the firm should accept or hold such

appointments at related bodies, such as those linked to the audited body through a

strategic partnership.

— Audit staff are expected not to accept appointments as Governors at certain types of

schools within the local authority.

— Auditors and their staff should not be employed in any capacity (whether paid or

unpaid) by an audited body or other organisation providing services to an audited body

whilst being employed by the firm.

— Auditors appointed by the PSAA should not accept engagements which involve

commenting on the performance of other PSAA auditors on PSAA work without first

consulting PSAA.

— Auditors are expected to comply with the Terms of Appointment policy for the

Engagement Lead to be changed on a periodic basis.

— Audit suppliers are required to obtain the PSAA’s written approval prior to changing

any Engagement Lead in respect of each audited body.

— Certain other staff changes or appointments require positive action to be taken by

Firms as set out in the Terms of Appointment.

Confirmation statement

We confirm that as of 27 April 2017 in our professional judgement, KPMG LLP is

independent within the meaning of regulatory and professional requirements and the

objectivity of the Engagement Lead and audit team is not impaired.


© 2017 KPMG LLP, a UK limited liability partnership and a

member firm of the KPMG network of independent member

firms affiliated with KPMG International Cooperative (“KPMG

International”), a Swiss entity. All rights reserved.

This report is addressed to the Authority and has been prepared for the sole use of the

Authority. We take no responsibility to any member of staff acting in their individual

capacities, or to third parties. We draw your attention to the Statement of Responsibilities of

auditors and audited bodies, which is available on Public Sector Audit Appointment’s website

(www.psaa.co.uk).

External auditors do not act as a substitute for the audited body’s own responsibility for

putting in place proper arrangements to ensure that public business is conducted in

accordance with the law and proper standards, and that public money is safeguarded and

properly accounted for, and used economically, efficiently and effectively.

We are committed to providing you with a high quality service. If you have any concerns or

are dissatisfied with any part of KPMG’s work, in the first instance you should contact Tim

Cutler, the engagement lead to the Authority, who will try to resolve your complaint. If you

are dissatisfied with your response please contact the national lead partner for all of KPMG’s

work under our contract with Public Sector Audit Appointments Limited, Andrew Sayers, by

email to [email protected]. After this, if you are still dissatisfied with how your

complaint has been handled you can access PSAA’s complaints procedure by emailing

[email protected] by telephoning 020 7072 7445 or by writing to Public Sector

Audit Appointments Limited, 3rd Floor, Local Government House, Smith Square, London,

SW1P 3HZ.

1. Introduction

1.1 SCR’s governance arrangements have continued to evolve in line with its programme of work. During 2016/17, in light of devolution, an impending mayoral combined authority and the shift from a policy forming organisation to the delivery of major programmes, a number of activities have taken place to review and strengthen governance.

1.2 The structure in place from 2014 reflected the history of the CA and LEP partnership - primarily formed to attract Government funding. As the work programme evolved the CA / LEP has adapted to include a suite of Executive Boards made up of Leaders, LEP Private Sector, CEX (Officers of the CA) and CA Statutory Officer delegates.

1.3 Review of SCR’s governance and decision making

It was recognised early in 16/17 that a mayoral CA needed to be a quite different organisation. An independent review was commissioned to assess the SCR’s decision making and governance structure. This review focused upon current arrangements, their fitness for current and new arrangements and how they could flex and adapt to changing needs and requirements.

1.4 Metro Dynamics, the appointed independent review organisation, reported and discussed

Purpose of ReportThis report updates the Committee on the review of governance arrangements during 16/17 and the priorities arising from this.



Recommendations

The Audit Committee is asked to consider the governance review activity that has taken place during 2016/17.

27th April 2017

Governance Review Activity 2016/17

findings with stakeholders across the City Region as well as collaboration with Chief Executives, Leaders, Private Sector members and Statutory Officers. A report on the findings of the review was produced and a workshop held in October 2016 to consider the recommendations.

1.5 This review identified the need for SCR to move away from being transactional in its arrangements with government to becoming a more strategic organisation. For partners and stakeholders to develop and commit to a shared purpose for the SCR and for that commitment to be reflected in changed behaviours. Alongside this the report found that there were examples where the delineation of responsibilities required greater clarity and decision making processes could be improved. As a result the report clearly established the responsibilities of the different component parts of the SCR.

1.6 Suggested next steps included:

Prioritising the development of a common purpose and strategy for the SCR – with leaders, Chief Executives and the LEP.

Strengthening & widening the Audit and Scrutiny function to ensure stronger & deeper accountability.

Realising the opportunity to put in place effective forward planning and meeting management.

Maximising the potential of the SCR team by revisiting their role and place in the system, and helping develop officer skills.

Creating and nurturing expertise and talent across nine Councils, to be utilised as key SCR resource & develop more secondments.

Continuing to improve communications and engagement with business.

1.7 These recommendations fed into SCR’s governance improvement plan and actions and progress reflected in the Annual Governance Statement. To progress these the following actions are underway:

Amendments to the constitution and associated regulations (Contracting and Procurement, Financial)

Formalised LEP Terms of Reference SCR Executive Team restructure LEP led formalised business engagement programme Recruitment of a Scrutiny Officer Establishing a SCR Capital Programme Board

1.8 Review of SCR’s decision making mechanisms

In 2015 SCR was awarded £295m of devolved Local Growth Fund. A condition of the award was to establish an Assurance and Accountability Framework (AAF) that set out the decision making mechanisms for the investment of the funds. The framework must be reviewed and updated on a yearly basis in order to receive the annual allocation.

1.9 The review of the framework in preparation for 2017/18 is an iterative process using government guidance and internal self-evaluation activity. It has also incorporated the work undertaken on the review of decision making structures as discussed in 1.3. The revised framework was approved by DCLG in February 2017.

1.10 There are a number of actions required in order to implement the framework, these

include:

Publication of LEP Board agendas and papers in advance. Publication of a complaints policy. Publication of the proposed and approved SCR investment programme, with the

opportunity for members of the public to comment. Publication of the Full Business Case for any approved scheme.

As with the actions arising from the governance review, these have been fed into SCR’s governance improvement plan and will be reflected in the Annual Governance Statement.

1.11 Governance Improvements actioned in year

Since its inception the CA have adopted the policies of BMBC on all matters of governance and legal controls and SCC on financial controls. During 2015/16 BMBC provided advice and guidance, working with SCR to identify strategic risks and develop risk management arrangements. (NB at an operational level all capital investments are required to include a risk management plan as part of the FBC).

1.12 Whilst the external audit conclusion for 15/16 concluded that SCR had made proper arrangements to ensure planned and sustainable outcomes, there were some areas of corporate governance that required development, particularly in relation to risk management. Statutory Officers recognised that whilst risk management arrangements had been proportionate to the relative immaturity of the organisation so far, more work would be required to embed a robust and effective approach. As part of SCR’s governance improvement plan, a review the approach to risk management was undertaken.

1.13 SCR fully recognised that in order to successfully delivery its Strategic Economic Plan and effective governance and control system needed to be in place. A number of governance themes that underpin the successful delivery of the SEP were identified and it was agreed that, going forward, the strategic risk management approach would focus on the effectiveness of, and compliance with the components of this governance and control framework. A number of sessions have been held (Statutory Officer, 1-1s and workshops) that have considered the controls SCR have in place in relation to the governance themes, their adequacy and any additional controls required. SCR’s Risk Management Policy and Strategy were endorsed by the Audit Committee in January ’17 and adopted by the CA in March. This work is progressing and has, by its nature, facilitated a review of governance. Risk management actions plans are in development, are feeding into the governance improvement plan. Key actions will be reflected in the Annual Governance Statement.

1.14 Additionally the SCR commenced in year a full review of Information Governance systems and approaches across the SCR. This has led to a decision to move the IT services and processes to a shared arrangement with the SYPTE (currently rolling out). This integration of services within the CA group provides efficiencies but also aims to improve business resilience and continuity.

1.15 Next Steps

SCR have prioritised the governance changes and actions that are required to implement the revised Assurance and Accountability Framework. Relevant policies and processes will be considered by Leaders in early May and finalised versions presented to the AGM in

June.

Prioritised actions include:

Reviewing and updating the constitution (Officers Code of Conduct, Procurement and Contract Regulations and Financial Regulations);

Increasing transparency (LEP declarations of interests, publication of LEP papers, improving the website, publication of full business cases, project and programme management information)

Strengthening LEP Governance (LEP ToR/Constitution) Documentation of delegated decision making (delegated authority, written

procedures) Establishing a Programme Board and Delivery Boards (ToR, register of interests) Increasing visibility of sub boards of the CA who act under delegated authority

(register and declaration of interests, publication of grants made etc)

2. Proposal and justification

2.1 Annual Governance Statement

The opportunities to strengthen governance arrangements identified though governance review activities will be reflected in the Annual Governance Statement which is currently being drafted. The next Audit Committee meeting is scheduled for 27th July shortly followed by a meeting to approve the statutory accounts on 31st July. The Audit Committee has a responsibility to consider and advise the CA on the Annual Governance Statement, therefore it is proposed that an additional meeting is scheduled during June, following the CA AGM.

3. Consideration of alternative approaches

3.1 Do Nothing - Continue to adopt governance arrangements via a constituent authority. This continues to be the approach to a number of the services required by the CA, as it provides expertise and a better value solution. However as the CA develops and as the Metro Dynamics independent review suggested it is appropriate in a number of key areas for the CA to move to a more targeted and bespoke approach including adapting its own risk management and information governance protocols.

3.2 Full governance independence – This has been discounted as would require significant investment in infrastructure and expertise which is more effectively procured via established LA partners.

4. Implications

4.1 Financial

Unsuccessful implementation of the Assurance and Accountability Framework may result in failure to secure the following years LGF allocation.

4.2 Legal

Failure to comply with Government guidance re AAF could result in reputational damage to the LEP and CA. Legal implications are associated with specific elements of the governance plan including data breaches (information security), fraud etc. All of these policies are in place and as in the case of information security are reviewed and risks

actively managed.

4.3 Risk Management

Risk management is an important and integral part of good governance. This paper updates the Audit Committee on SCR’s risk management approach and how it is contributing to identifying ways in which to strengthen governance arrangements.


There are no equality, diversity or social inclusion issues in relation to this update.

5. Communications

5.1 The activity described in this paper is internally focussed however, as discussed at 1.13, relevant policies and processes will considered by Leaders and therefore may be included in public document packs.


6.1 Governance Review Timeline.

REPORT AUTHOR Claire JamesPOST Governance & Compliance Officer

Officer responsible Ruth AdamsOrganisation Sheffield City Region

Email [email protected] Telephone 0114 220 3442

Background papers used in the preparation of this report are available for inspection at: 11 Broad Street West, Sheffield S1 2BQ

Other sources and references: n/a


Review of SCR’s decision making structure

Review of SCR’s decision making mechanisms

Review of the approach to ensuring the successful delivery of the Strategic Economic Plan

Jun 16 Jul 16 Aug 16 Sep 16 Oct 16 Nov 16 Dec 16 Jan 17 Feb 17 Mar 17 Apr 17 May 18



Leaders workshop to

consider findingsIndependent Review

(meetings with key

stakeholders)

Government guidance

published

Revised AAF published

Action planning to

implement revised AAF

SO consideration of

external audit feedback

CA consideration of

external audit feedback

SO regular Governance Assurance

meetings – Risk & Governance

arrangement agenda items

Risk Workshop Risk Workshop

Guidance sessions with

BMBC Risk

1-1 risk sessions with senior

members of SCR Exec

Audit Committee endorsed

Policy & StrategyCA adopted Policy &

Strategy

Policy & Strategy in development

1. Introduction

1.1 At inception of the SCR CA, the CA policy framework was driven by adoption of policies and processes from Constituent Members. Particularly this includes adoption of BMBC policy and processes for governance, legal, risk management and internal audit and SCC policies for financial and commercial procurement management.

1.2 Whilst the external audit conclusion for 15/16 had highlighted that proper governance arrangements had been in place, there was a recommendation that SCR should now have its own public statement, in the form of Code of Corporate Governance, to demonstrate commitment to good governance and describe how this commitment is fulfilled in practice. This paper highlights the revised SCR Code.

2. Proposal and justification

2.1 Statutory Officers recognised, through the independent governance review activity that in a number of areas, SCR was, and is very different to a local authority and therefore where appropriate should move to development of CA policies (including the Code) that were relevant and bespoke to the purpose of a Combined Authority.

Purpose of ReportThis report updates the Committee on the development of SCR’s Code of Corporate Governance.



Recommendations

The Audit Committee is asked to consider SCR’s draft Code of Corporate Governance and provide feedback where necessary.

27th April 2017

Draft Code of Corporate Governance

2.2 The systems and processes, and the culture required to deliver SCR’s intended outcomes were mapped against the principles of the Chartered Institute of Public Finance and Accountancy (CIPFA) / Society of Local Authority Chief Executives (SOLACE) Framework Delivering Good Governance in Local Government 2016, and a Code of Corporate Governance drafted. The principles within the framework underpin the governance of the SCR and provide a framework against which to structure the approach to governance.

2.3 Next Steps

The arrangements described in the Code are well established. The annual governance statement will report on SCR’s performance against the Code and identify any actions required to strengthen arrangements in 17/18.

Further to endorsement by the Audit Committee, the Code of Corporate Governance will be considered by the CA at its AGM and published on the SCR website.

3. Consideration of alternative approaches

3.1 No other options were considered as the maturity of the CA requires SCR to develop a bespoke code separate to that of a constituent authority.

4. Implications

4.1 Financial

There are no financial implications.

4.2 Legal


4.3 Risk Management

There are no risk management implications.


There are no equality, diversity or social inclusion issues in relation to the Code of Corporate Governance.

5. Communications

5.1 The activity described in this paper is internally focussed however, the Code will be published on the SCR website.


6.1 Appendix 1 - Draft Code of Corporate Governance

Annex A – Evidence Framework

REPORT AUTHOR Claire JamesPOST Governance & Compliance Officer

Officer responsible Ruth AdamsOrganisation Sheffield City Region

Email [email protected] Telephone 0114 220 3442

Background papers used in the preparation of this report are available for inspection at: 11 Broad Street West, Sheffield S1 2BQ

Other sources and references: n/a


SCR Combined Authority and Local Enterprise Partnership Code of Corporate Governance

Code of Corporate Governance


1. Introduction

What is Corporate Governance?

Corporate governance’ describes how Sheffield City Region (SCR) Combined Authority (the CA) directs and controls what it is accountable for. In order to fulfil its purpose and deliver better outcomes for City Region residents, businesses and visitors, SCR CA, working closely with the SCR Local Enterprise Partnership (LEP), needs to have a comprehensive governance and accountability framework in place to ensure it operates effectively, efficiently and ethically.

To demonstrate good corporate governance, the CA and the LEP should carry out their functions in a way that demonstrates accountability, transparency, effectiveness, integrity, and inclusivity. Good governance will enable SCR to pursue its vision and secure its agreed objectives in the most effective and efficient manner.

By governance, we mean the arrangements that are put in place to ensure that SCR’s intended outcomes are defined and achieved. The Governance Framework comprises the systems and processes, cultures and values, by which the CA, as accountable body, directs and controls activities. Good governance is about making sure SCR does the right things, in the right way for the right people, in a timely inclusive, open, honest and accountable manner.

Governance Principles

The systems and processes, and the culture required to deliver SCR’s intended outcomes are mapped against the principles of the Chartered Institute of Public Finance and Accountancy (CIPFA) / Society of Local Authority Chief Executives (SOLACE) Framework Delivering Good Governance in Local Government 2016. These principles underpin the governance of the organisation and provide a framework against which to structure SCR’s approach to governance.

The Purpose of the Code

This Code is a public statement that sets out the way in which SCR will fulfil these principles in practice and demonstrate its commitment to good governance. The business of the SCR will also be conducted in accordance with the Seven Principles of Public Life identified in 1The Nolan Committee Report (1995) and in accordance with the Cabinet Office Code of Conduct for Board Members of Public Bodies.This Code fulfils three purposes:

It sets out what corporate governance is in a CA and LEP context It describes the recommended framework and detail to follow It provides a statement of the principles of good corporate governance, and SCR’s commitment to adopt and

follow best practice, how it intends to do this, and demonstrate it.

The Code will be reviewed annually to ensure it continues to be relevant and fit for purpose. The effectiveness of SCR’s governance arrangements and internal control systems will be reviewed annually and the review outcomes published in an Annual Governance Statement (AGS). The AGS will describe the governance structures and arrangements in place and will report on their effectiveness, including performance against the Code. It will also highlight any significant areas for improvement and identify actions to be taken to address them in the forthcoming year.

Legislative Background

Whilst there is no specific duty for a combined authority to prepare a local code of corporate governance, changes in Regulation 4(3) of the Accounts and Audit Regulations 2011 have placed a statutoryduty on authorities to prepare an Annual Governance Statement (AGS) in accordance with‘proper practices’.

1 selflessness; integrity; objectivity; accountability; openness; honesty; and leadership.


2. Role, & Structure of Sheffield City Region Combined Authority & Local Enterprise Partnership

Role and Structure

LEPLEPs are private sector led voluntary partnerships between local authorities and businesses set up in 2010 by the Department of Business Innovation and Skills to help determine local economic priorities and lead economic growth and job creation within the local area.

The LEP comprises a private sector majority with 10 private sector representatives and nine leaders of the member local authorities. The LEP works in partnership with the CA and ensures that SCR policy and decisions receive the input and views of key business leaders and the wider business community. The LEP is the originator of economic policy within SCR and is author and custodian of the Strategic Economic Plan (SEP).

CAThe CA was established on the 1st April 2014. Working closely with the LEP, the remit of the CA is to provide strategic direction for SCR, and to coordinate and drive forward economic regeneration and transport initiatives for the benefit of citizens and the business community within its boundaries. The CA is the accountable body for funds notionally awarded to the LEP.

The SCR CA comprises the leaders and elected mayor (Doncaster) of each of the nine councils which constitute the body. It meets every six weeks and is aligned to a number of supporting committees and boards which provide the expected degree of scrutiny and challenge in formulating policy and driving key strategic decision-making. The CA comprises nine local authorities that collectively reflect the natural and economic geography of SCR. Between these partner authorities there has been a long standing approach to collaborative working.

The CA has a distinct and separate role from the local authorities it is comprised of, in that it provides leadership on those aspects that define the region, enables a regional identity and performs the strategy, policy, programme and assurance of SCR.

The CA constitution and operating arrangements, approved by all nine member bodies, have been in place since April 2014. These include terms of reference for the SCR Transport Committee and the authority that has been both delegated and referred to it. The constitution sets out the powers and functions of the CA, including financial procedures, Member Code of Conduct, the Scheme of Delegation to officers and arrangements for the operation of a scrutiny and audit committee function.

The Scheme of Delegation provides for the day to day management and oversight of services provided by the Authority. These include the responsibilities of the Head of Paid Service, Clerk, Finance Director and Monitoring Officer. Five thematic ‘Boards’ (Business Growth, Skills, Housing, Transport and Infrastructure) are empowered to debate thematic matters in detail on the CA / LEP’s behalf ahead of draft ‘resolutions’ being put to the CA for endorsement.

CollectivelyThe SCR’s objective, working in tandem with central Government, is to grow the economy of the SCR noting that to do so requires greater devolution of funding, resources and functions to the City Region. Since 2014 SCR has established itself as a front-running city region for devolution and governance, as one of only seven regions across the country to have established a combined authority and negotiated two devolution deals with central Government.

Executive TeamThe CA and LEP are supported by a dedicated Sheffield City Region Executive Team, who provide day-to-day support on policy, commissioning, project development, project appraisal, programme management and meeting administration. Through close co-ordination with member authorities, Leaders and Chief Executives, the team pro-actively advances decision making processes for SCR. Neither the CA or LEP are employing bodies, therefore the Executive Team is employed via BMBC.


3. Delivering Good Governance – The Principles

The systems and processes, and the culture required to deliver SCR’s intended outcomes are mapped against the principles of the Chartered Institute of Public Finance and Accountancy (CIPFA) / Society of Local Authority Chief Executives (SOLACE) Framework Delivering Good Governance in Local Government 2016.

This Code of Corporate Governance (the Code) is a public statement based on the six core principles defined with in this. These principles (below) provide structure and underpin the organisation’s approach to governance.

3.1 Good governance means ensuring Officers behave with integrity, demonstrate a strong commitment to ethical values and respect for the rule of the law

SCR CA reflects the values and high standards of conduct and behaviour of its constituent and non-constituent local authorities. These high standards are supported by Codes of Conduct for Members and Officers, which are incorporated into the SCR CA Constitution, and set out the standards required of all members, co-opted members and officers in carrying out their duties. These Codes include, as general obligation, that members must have regard to the Principles of Public Life as identified in the Nolan Committee Report (1995). Protocols in relation to the disclosing of interests at meetings and the registering of interests both pecuniary and non-pecuniary are also included in this section of the Constitution. These declarations are published on the website.

These Codes of Conduct will be reviewed annually at the Authority’s Annual General Meeting.

The Constitution also describes the delegations to the Monitoring Officer in relation to their contribution to the promotion and maintenance of high standards of conduct.

The Overview and Scrutiny Committee and Audit Committee hold SCR to account and provide a ‘check and balance’ in relation to the discharge of duties.

The Constitution outlines the approach taken by CA in dealing with the threat of fraud and corruption as well as detailing a Fraud Response Plan. In addition, the CA’s commitment to openness, probity and accountability is also outlined in its Whistle-blowing Policy. The Constitution also outlines the responsibilities of members to notify the Monitoring Officer regarding the receipt of gifts or hospitality.

The LEP have in place a (draft) Code of Conduct and Declarations of Interest Policy which sets out the standards which are required of members of the LEP in carrying out their duties, and in their relationships with the CA and its officers. In line with the CA, the Code of Conduct includes a general obligation, that members must have regard to the Principles of Public Life as identified in the Nolan Committee Report (1995) and also to the Cabinet office Code of Conduct for Board Members of Public Bodies.

The SCR Executive Team are employed by Barnsley Metropolitan Borough Council and as such are bound by BMBCs Code of Conduct and other related policies and procedures.

SCR are committed to ensuring compliance with relevant laws and regulations, internal policies and procedures, and that expenditure is lawful.

Standard contract clauses stating compliance with applicable laws relating to Anti-bribery and anti-corruption are included in contracts with all external providers of services.

http://meetings.southyorks.gov.uk/mgMemberIndexGroup.aspx?bcr=1&G=MEMBERSB&M=MEMBERSB&zTS=Bhttp://meetings.southyorks.gov.uk/mgMemberIndexGroup.aspx?bcr=1&G=MEMBERSB&M=MEMBERSB&zTS=B


3.4 Good governance means determining the interventions necessary to optimise the achievement of the intended outcomes

SCR CA and LEP are committed to ensuring robust decision making mechanisms and processes are in place that enable decision-makers to be fully informed and confident that decisions made take into account the needs and ambitions of the City Region, and that defined outcomes can be achieved.

In order to achieve this, as accountable body, the SCR CA will:

Ensure decision makers receive objective and robust information on which to base decisions along with an analysis of a variety of options and an outline of the risks involved.

Ensure, as appropriate, that the views of stakeholders are considered in the decision making process.

Establish and implement robust planning and control cycles for strategic and operational plans. Ensure decision making arrangements are robust but flexible enough to adapt to changing

circumstances. Ensure commissioned schemes/investments made are measured against defined outcomes and

that they represent the best use of resources and value for money. Ensure there is sufficient capacity/resource to generate the information required to review and

monitor the performance of schemes/investments made. Use realistic estimates of revenue and capital expenditure to inform medium and long term

3.2 Good governance means ensuring openness and comprehensive stakeholder engagement

SCR CA and LEP recognise that they have been established for the public good and should therefore ensure openness in their activities. The CA and LEP therefore aim to ensure clear, trusted channels of communication are used to engage effectively with its stakeholders.

The CA and LEP will do this by:

Documenting and demonstrating SCR’s commitment to openness through, but not limited to, the publishing of agendas and minutes and of Codes of Conduct and through publicly held CA meetings

Establishing clear channels of communication and effective engagement with all stakeholders, encouraging consultation and collaboration.

Incorporating good governance arrangements into partnerships and other joint working. Ensuring public records and explanations to stakeholders include clear reasoning and evidence

for decisions made. Consulting appropriately to determine effective interventions and courses of action. Providing clear justification regarding any information or decisions that require confidentiality.

3.3 Good governance means outcomes are defined in terms of sustainable economic, social and environmental benefits

SCR CA and LEP recognise that the long term nature and impact of its actions means that it is vital that it should plan and define its outcomes and that these should be sustainable. It also recognises that decisions made should further the organisations purpose and contribute to intended benefits and outcomes.

In order to ensure this SCR CA and LEP will:

Have in place a formal statement, in the form of a Strategic Economic Plan (SEP) that describes the vision for the City Region and sets out purpose and intended outcomes of the CA and LEP.

Identify and manage the risks to the achievement of outcomes. Appraise schemes seeking investment against a robust set of criteria that consider and balance

the combined economic, social and environmental impact of policies and plans where appropriate.


resource planning in order to develop a sustainable funding strategy. Ensure the achievement of ‘social value’ through planning and commissioning

3.5 Good governance means developing the entity’s capacity, including the capability of its leadership and the individuals within it

SCR CA and LEP are committed to ensuring it has an appropriate structure and leadership in place to operate effectively and efficiently whilst having the capacity to fulfil its mandate. It is also committed to continuing to develop organisational capacity in preparation for further phases of devolution.

In order to do this, as the accountable body, the SCR CA will:

Ensure Statutory Officers have the skills, resources and support necessary to effectively perform their roles in a changing environment.

Provide effective inductions and identify and meet any further development needs of members and officers, in relation to their strategic roles, and provide training and opportunities to increase skills and knowledge as necessary.

Ensure effective arrangements and delegations are in place in order for the Head of Paid Service to discharge their functions.

Ensure a clear protocol exists to support a constructive working relationship between Members and Officers and seek to develop partnerships and collaboration where most value can be added.

Define the types of decisions that are delegated and those reserved for the collective decision making of the CA.

3.6 Good governance means risks and performance are managed through robust internal control and strong public financial management

SCR CA and LEP recognise that effective performance management underpins the effective and efficient delivery of its intended outcomes and that risk management is a vital and integral part of this. As accountable body the CA is committed to ensuring a strong system of financial management is in place in order to enforce financial discipline, strategic allocation of resources, efficient service delivery and accountability. Underpinning this, a culture and structure encouraging scrutiny and challenge.

To achieve this, SCR CA:

Has in place an effective and active Audit Committee, who are accountable to the CA and, amongst other responsibilities, lead on ensuring SCR CA have robust risk management arrangements in place.

Will review the effectiveness of its decision-making framework, including delegation arrangements regularly.

Will ensure risk management is considered in all aspects of decision making. Will ensure commissioned schemes/investments made are measured against defined outcomes

and that they represent the best use of resources and value for money. Has in place effective scrutiny arrangements. Has in place robust arrangements for internal and external audit to provide assurance over the

effectiveness of systems of internal control. Will ensure effective arrangements and delegations are in place in order for the Chief Financial

Officer to discharge their functions. Has in place a properly resourced and skilled Finance team with embedded processes compliant

with best practice. Will ensure compliance with relevant laws and regulations, internal policies and procedures and

that all expenditure is lawful.

3.7 Good governance means good practices in transparency, reporting and audit to deliver effective accountability are implemented

SCR CA and LEP are committed to ensuring good practice in transparency, reporting and audit arrangements in order to deliver effective accountability.


In order to achieve this, as accountable body, SCR CA:

Has in place robust arrangements for internal and external audit to provide assurances over the effectiveness of systems of internal control (also in 3.6).

Ensures that the Authority’s Annual Accounts are reviewed by external auditors and that their opinion together with the final accounts are published and are available for inspection.

Holds all CA meetings in public, unless there are good reasons to exclude the press and public. Publishes all agendas and reports for the CA and its associated committees online in accordance

with statutory access to information requirements. Ensure effective arrangements and delegations are in place in order for the Monitoring Officer to

discharge their functions. Is committed to openness and transparency in all its activities subject only to where there is a

need to preserve confidentiality. Will review the effectiveness of its decision making framework including delegation arrangements

and data quality regularly (also in 3.6). Will ensure effective counter fraud and anti-corruption arrangements are developed and

maintained. Keeps its governance arrangements under review and has in place an action plan for

improvements.

4. Monitoring and review of governance

The SCR CA and LEP recognise the importance of good governance in maintaining and enhancing stakeholder confidence. Each year the Authority publishes an Annual Governance Statement (AGS) together with the Authority’s Annual Accounts. This statement is prepared following an internal review of governance arrangements and outlines actions identified to strengthen them.

The review is informed by the work of:

The Statutory Officers within the Authority who have responsibility for the development and maintenance of the governance environment.

Internal Auditor’s annual report and opinion, and also by comments made by the external auditors and other review agencies and inspectorates.

The Chief Financial Officer who has statutory responsibility for ensuring the proper management of SCR CAs financial affairs.

Delegates of the Statutory Officers (The Governance Assurance Group). This group meets regularly to discuss corporate governance arrangements and issues, and to reflect on recurring themes and activity relating to governance improvement.

The framework for evaluating the effectiveness of internal control includes:

An evaluation of progress against previously identified governance issues Reviews of

o External Audit’s Opinion o Annual Internal audit report and opiniono Strategic Risk Management Action Plano Issues identified through business planning and performance managemento Complaintso Freedom of Information requestso Data Protection and Information Governance issues

The AGS is discussed by the Audit Committee and examined by External Auditors and approved by the Combined Authority.

notice of meeting · notice of meeting you are hereby summoned to attend a meeting of the sheffield...

Documents