notice of meeting · notice of meeting you are hereby summoned to attend a meeting of the sheffield...
TRANSCRIPT
Sheffield City Region Combined AuthorityRegistered Address: 18 Regent Street, Barnsley, S70 2HG
19 April 2017
To: Members of the Sheffield City Region Combined Authority Audit CommitteeAppropriate Officers
NOTICE OF MEETING
You are hereby summoned to attend a meeting of the Sheffield City Region Combined Authority Audit Committee, to be held at at 11.00 am on Thursday 27 April 2017 for the purpose of transacting the business set out in the agenda.
Diana TerrisClerk to the Combined Authority
WEBCASTING NOTICE
This meeting is being filmed for live or subsequent broadcast via the Combined Authority’s website. At the start of the meeting the Chair will confirm if all or part of the meeting is being filmed.
You should be aware that the Combined Authority is a Data Controller under the Data Protection Act. Data collected during this webcast will be retained in accordance with the Combined Authority’s published policy.
Therefore by entering the meeting room, you are consenting to being filmed and to the possible use of those images and sound recordings for webcasting and/or training purposes.
This matter is being dealt with by:Craig Tyler [email protected] 01226 772824
Gill Richards [email protected] 01226 772806
Contact Details
For further information or assistance please contact
Craig TylerSCR Combined Authority18 Regent StreetBarnsleySouth YorkshireS70 2HG
Tel: 01226 [email protected]
Gill RichardsSCR Combined Authority18 Regent StreetBarnsleySouth YorkshireS70 2HG
Tel: 01226 [email protected]
AUDIT COMMITTEE
11.00 AM, THURSDAY 27 APRIL 2017
18 Regent StreetBarnsleyS70 2HG
AGENDA
Item Page
1 Welcome and Apologies
2 Urgent Items / Announcements
3 Items to be considered in the Absence of the Public and Press
4 Declarations of Interest by Members
5 Reports from and Questions by Members
6 Questions from Members of the Public
7 Minutes of the Previous Meeting held on 26th January 2017 1 - 8
8 Internal Audit Charter 2017/18 9 - 24
9 Internal Audit Plan 2017/18 25 - 30
10 Internal Audit Progress Report 31 - 44
11 KPMG - SCR External Audit Plan Final 2016/17 45 - 64
12 SCR CA Governance Review Activity 2016/17 65 - 72
13 SCR Draft Code of Corporate Governance 73 - 84
AUDIT COMMITTEE
18 REGENT STREET, BARNSLEY, S70 2HG
MINUTES OF THE MEETING HELD ON 26 JANUARY 2017
PRESENT:
Councillor Mark Rayner, Chesterfield BC (Vice Chair, in the Chair)
Councillor Jeff Ennis, Barnsley MBCCouncillor Chris Furness, Derbyshire DalesCouncillor Allan Jones, Doncaster MBCCouncillor George Lindars-Hammond, Sheffield CCCouncillor Ian Saunders, Sheffield City CouncilCouncillor Austen White, Doncaster MBC
Ruth Adams, SCR Executive TeamTim Cutler, KPMGClaire James, SCR Executive TeamMartin McCarthy, South Yorkshire Joint AuthoritiesAndrew Shirt, South Yorkshire Joint AuthoritiesEugene Walker, S151 OfficerRob Winter, Internal Audit
Apologies for absence were received from Councillors K Reid, N Gibson, S Mohammed, J Shephard, P Short and K Wyatt
SCR Combined AuthorityAudit Committee
26/01/17
1 WELCOME AND APOLOGIES
The Chair welcomed everyone to the January meeting of the Sheffield City Region Combined Authority Audit Committee.
Apologies for absence were noted as above.
2 URGENT ITEMS / ANNOUNCEMENTS
No urgent items were requested.
3 ITEMS TO BE CONSIDERED IN THE ABSENCE OF THE PUBLIC AND PRESS
None.
4 DECLARATIONS OF INTEREST BY MEMBERS
None received.
5 REPORTS FROM AND QUESTIONS BY MEMBERS
Councillor Furness asked if he could be provided with an update in relation to the legal action taken by Derbyshire County Council against Sheffield City Region Combined Authority, noting that this had delayed the election of a City Region Mayor.
R Adams confirmed that Leaders of the CA had considered the High Court judgement and its implications on the Sheffield City Region’s Devolution Deal at the beginning of January.
CA Leaders had agreed that it was not possible to hold a Mayoral election in May 2017, due to the time required to carry out the additional consultation required and independent legal advice being sought before the period of Purdah commencing at the beginning of March.
CA Leaders had agreed that work on preparing the necessary additional consultation would not take place until after the May 2017 local elections.
6 QUESTIONS FROM MEMBERS OF THE PUBLIC
None received.
7 MINUTES OF THE PREVIOUS MEETING HELD ON 21ST JULY 2016
RESOLVED – That the minutes of the Committee held on 21 July 2016 be agreed as an accurate record.
SCR Combined AuthorityAudit Committee
26/01/17
8 SCR UPDATED RISK MANAGEMENT STRATEGY AND RISK REGISTER
A report was received to provide an update to the Audit Committee regarding the status of the strategic risks presented at the meeting held in July 2016 and, in addition, updates on the progress made in developing and embedding the SCR’s risk management process.
R Adams provided Members with an update on several matters arising in relation to risk following the Audit Committee held on 21 July 2016.
It was reported that Oxford Economics had been commissioned by the CA to carry out a piece of work on the implications of ‘Brexit’. This work would cover a number of areas, including the implications for trade and investment; business support; regulations; investment on university research funding; any sectorial impacts; labour market concerns, and any other areas of uncertainty.
The work on fully understanding the implications of ‘Brexit’ was underway; an update would be made at a future meeting.
It had been determined that the HS2 route change was not a particular risk for the CA, and was more appropriate for individual local authorities. It was noted that the CA had supported Councils where the blight would be most felt with the revised route. Additionally, the CA had agreed to carry out consultation to investigate how blight could be minimised from the routes.
Members were provided with an update on the current position in respect of the CA’s most significant Risks:-
The concern rating for Risk 001‘Failure of Partnership working to deliver the expected outcome for the Combined Authority’ had been minimised to concern rating 3, due to the control measures in place.
The concern rating for Risk 002 ‘Lack of robust internal control frameworks’ had been minimised to concern rating 3, due to the CA continually reviewing its governance arrangements and reviewing its Governance and Accountability Framework which would be presented at the next Scrutiny Committee. Additionally, the CA’s Financial Regulations had been updated, along with the CA’s Constitution being reviewed.
The concern rating for Risk 003 ‘Failure to ensure that the CA benefits from an appropriate level of staffing, resource and capacity’ had reduced to concern rating 3. Members were informed that the SCR Leaders had agreed that the SCR Executive Team be restructured around three key focuses. It was confirmed that the restructure was currently taking and that progress would be made during the forthcoming quarter.
The concern rating for Risk 11 ‘Failure to ensure that the CA considers wider implications and outcome that relate to non-essential impacts such as social value and growth’ had reduced to a concern rating of 5.
SCR Combined AuthorityAudit Committee
26/01/17
Risk 009 ‘Failure to ensure that significant changes and associated opportunities to the structure of the CA in terms of an Elected Mayor and the Devolution Deal are maximised to provide a strengthened approach to governance arrangements’, continued to be a high risk and a high concern rating; this risk continued to be monitored by the CA.
Linked to Risk 009 was Risk 012 ‘Unstable finance base: income and expenditure’ which continued to be a high risk, due to the CA having a large capital programme and a far smaller revenue programme.
It was reported that the revenue which supports the infrastructure was built on a variety of funding; the bulk of which, from income that derived from Enterprise Zone Business Rates. It was confirmed that Enterprise Zone Business Rates would not be known until the end of January, which, dependent upon the outcome, made it very difficult for long term planning in the SCR Executive for the next financial year, due to it being an unstable income base.
The anticipation was that, with the Devolution Deal, the SCR would be in receipt of Gainshare, which would have provided a more stable base and enable longer term planning.
Councillor Jones asked for confirmation when the SCR would likely receive confirmation that the Gainshare would be available.
R Adams explained that, Government had confirmed that Gainshare would only be made available to the CA, if SCR Leaders consent to the SCR Devolution Order.
Councillor Furness asked when Members would receive details of the re-convened Scrutiny Committee. It was confirmed that Members would be canvassed for their availability shortly.
Members were provided with further information regarding the SCR Executive Team’s revised method of managing risk for the CA.
Members were asked for their opinion in relation to the provision of assurance as set out in section 7 of the CA’s Risk Management Strategy.
Section 7 set out how the CA would manage risk, with the aim of providing Members with greater assurance of the Risk Framework. Members noted section 8 of the Strategy set out the longer term objectives for the Governance and Compliance function in relation to Risk Management.
In parallel with the Strategic Risk Register, the SCR’s Single Assurance Framework ensured that appropriate processes and protocols were in place for investment decisions. The framework also set out the mechanisms used to make decisions to deliver the SCR’s Regional Growth Deal allocations and its Strategic Economic Plan (SEP) and included a comprehensive approach to the identification, assessment and management of risk at Programme and Project level.
SCR Combined AuthorityAudit Committee
26/01/17
It was noted that, following Audit Committee feedback and in line with the SCR’s evolving governance and control procedures, the SCR Executive Team had reviewed its approach to monitoring and managing risk against relevant governance themes that underpin the successful delivery of the SEP. Moving forward, the strategic risk management approach would focus on the effectiveness of, and compliance with, the components of the governance and control framework.
Members were informed that, further to endorsement by the Audit Committee, the Risk Policy and Risk Management Strategy would be presented to the Combined Authority for approval.
Further work was currently underway with the SCR Executive Team to embed Risk Management processes at a strategic, operational and project level.
Councillor Jones commented that there were no operational risks which appeared on the Risk Register; he queried why this was the case. He felt that Audit Committee Members should have a full oversight of both strategic and operational risks.
R Winter explained that, the responsibility of the Audit Committee was to seek assurances that there were good and effective Risk Management processes in place which would give Members the assurance that, whatever the risks are, these were being identified, assessed and managed. If an operational risk became unmanageable and its risk score escalated, it would be on the radar of the statutory officers and reflected in Audit Committee reporting.
R Adams confirmed that, if a risk became out of tolerance, it would be escalated and appear on the Strategic Risk Register.
In addition, following the conclusion of the organisational restructure, the senior leadership group would work with their teams to identify risks and embed risk management processes at an operational level, focussing on high risk programmes.
Risk Management training would be rolled-out to relevant team members over the coming weeks.
RESOLVED – That the Audit Committee:-
1. Reviewed the status of risks recorded on the current Risk Register.
2. Reviewed the progress made in developing the SCR’s Risk Management processes and the proposed approach to Risk Management going forward.
3. Endorsed the Risk Policy and Risk Management Strategy for recommendation to the Combined Authority.
SCR Combined AuthorityAudit Committee
26/01/17
9 INTERNAL AUDIT PLAN CONSULTATION 2017/18
The Committee considered a report which set out the annual audit planning process and requested nominations for projects for potential inclusion in the draft Internal Audit Plan 2017/18.
Members were requested to provide the Chair with any nominations for collation and notification to the Head of Internal Audit.
It was noted that the proposed plan for 2017/18 would be presented at the next meeting.
RESOLVED – That the Audit Committee noted the following recommendations detailed in the report:-
1. Members’ views were sought regarding projects for potential inclusion in the Internal Audit Plan 2017/18.
2. Members should pass nominations for the 2017/18 Internal Audit Plan through the Chair for notification to Internal Audit.
3. Members considered the proposed planning process and were satisfied that it is sufficiently robust that it will determine a value-adding audit plan, informed by risk and through consultation with appropriate senior management.
10 INTERNAL AUDIT PROGRESS REPORT
A report was received to inform the Committee of the Internal Audit work completed and in progress from 1st July 2016 to 6th January 2017, the position with regard to the implementation of recommendations, about planned audit work and the performance of the Team.
It was reported that to date, a total of 75 days had been delivered (of the 110 days planned). Due to the continued work in developing and implementing aspects of the SCRCA’s control and governance framework, much of the planned Internal Audit work was scheduled towards the end of the financial year. In addition, two compliance reviews had been undertaken, both being concluded during 2016/17.
Members noted that there were no longstanding recommendations to report at this time.
There was one change to the Audit Plan at this time; the review of IT arrangements had been deferred to 2017-18, due to management currently undertaking a fundamental review of this business area. A review of procurement arrangements would be undertaken in 2016-17.
RESOLVED – That the Audit Committee noted the contents of the report.
SCR Combined AuthorityAudit Committee
26/01/17
11 EXTERNAL AUDIT UPDATE
T Cutler informed the Committee that detailed planning conversations continued with the SCR Executive Team with regard to producing the 2016/17 Audit Plan. It was anticipated that the 2016/17 Audit Plan would be presented at the April meeting of the Committee.
Members were informed that there would be no planned changes to the scope of KPMG’s audit for this year. KPMG would be providing an audit on the Financial Statements Opinion and a Value for Money Conclusion. In relation to the Value for Money Conclusion it was confirmed that, one of the areas of focus for KPMG would be to obtain an updated understanding of progress in implementing the CA’s governance arrangements, given those exceptions around the Value for Money Conclusion given last year.
RESOLVED – That the Audit Committee noted the verbal update.
CHAIR
.
Purpose of Report
To inform the Committee of the Internal Audit Charter for 2017/18.
Freedom of Information and Schedule 12A of the Local Government Act 1972
Under the Freedom of Information Act this paper and any appendices will be made available under the Combined Authority Publication Scheme. This scheme commits the Authority to make information about how decisions are made available to the public as part of its normal business activities.
In this section it must be clear if:
A – the paper will be available under the Combined Authority Publication Scheme
B – the paper is exempt under section 1 to 7 of Schedule 12A to the Local Government Act 1972 (report author to specify which exemption applies and why)
C – the paper is exempt under Part II of the Freedom of Information Act 2000 (report author to specify which exemption applies and why)
Recommendation
That the Audit Committee consider the Internal Audit Charter and be satisfied that it meets the requirements of the Public Sector Internal Audit Standards and adequately represents and describes the required function to provide the Audit Committee and senior management with a professional service.
27th APRIL 2017
AUDIT COMMITTEE: INTERNAL AUDIT CHARTER 2017/18
1. Introduction
1.1 The update of the Charter has considered the requirements of the revised Public Sector Internal Audit Standards which became effective from the 1st April 2017.
The Charter, prepared by the Head of Internal Audit (HoIA) and complemented by regular reports and an annual report, are intended to give the Audit Committee assurances regarding how the Internal Audit function is resourced, managed, organised and delivers its responsibilities.
1.2 The Audit Committee considers the Charter annually as required by the Public Sector Internal Audit Standards (PSIAS).
This latest review has ensured that the Charter reflects the current working arrangements of the function but also the aspirations and developments necessary to ensure continuous improvement. The Charter will be made available to all employees through the Service’s Intranet site.
The Charter has been revised to also reflect the changes within the broad client base and the revised structure of the Service that became effective from 1st April 2017 following a fundamental review through the Council’s Future Council programme.
As well as to the SCRCA, the Internal Audit Team provides services to Barnsley MBC, Berneslai Homes, the South Yorkshire Police and Crime Commissioner, South Yorkshire Police Chief Constable, South Yorkshire Fire and Rescue Authority, South Yorkshire Pensions Authority and the South Yorkshire Passenger Transport Executive. Core Internal Audit coverage is now a 40:60 split between the Council and non-Council clients.
The Charter will undergo an annual review to ensure it remains reflective of current working arrangements and professional standards.
2. Implications
2.1 Financial
The charge for the Internal Audit service is estimated to be as planned and budgeted for and consequently there are no specific financial implications to consider.
2.2 Legal
There are no legal implications.
2.3 Risk Management
Management engagement and responses remain positive which helps support a positive assurance that where opportunities for control, risk or governance improvements are highlighted, these are embraced by management.
2.4 Equality, Diversity and Social Inclusion
There are no implications.
3. Appendices/Annexes
3.1 The Internal Audit Charter is attached at Appendix A
REPORT AUTHOR Rob Winter CPFAPOST Head of Internal Audit and Corporate Anti-Fraud
Officer responsible Sharon Bradley CMIIAOrganisation Audit Manager (SCRCA)
Email [email protected] 01226 773187
Background papers used in the preparation of this report are available for inspection at: Barnsley MBC Westgate Plaza One office, Barnsley.
Other sources and references: Public Sector Internal Audit Standards 2013 and revised global internal audit standards 2017.
1
BARNSLEY M.B.C.
INTERNAL AUDIT SERVICES
INTERNAL AUDIT CHARTER
2017 / 2018
The Barnsley MBC Internal Audit Service also provides services to a broad range of external organisations. The term 'organisation' is therefore used in the Charter to cover all clients both individually and collectively. Unless specifically referred to all aspects of the Charter apply to all client organisations.
For the purposes of Internal Audit activity, the term ‘board’ refers to the appropriate Audit Committee. The term ‘senior management’ refers to the Chief Executive and most senior directors or equivalent e.g. the Chief Constable and Senior Leadership Group; the Chief Fire Officer and Executive Team; or the Chief Executive and Senior Management Team.
Other senior posts such as the statutory Section 151 Officer / Director of Finance / Chief Finance Officer are used synonymously.
The Public Sector Internal Audit Standards (PSIAS) refer to the officer responsible for the Internal Audit function as the Chief Audit Executive. This role is undertaken by the Head of Internal Audit (HoIA).
2
INTERNAL AUDIT CHARTER
1. Introduction
The Internal Audit function is a key component of an organisation's governance framework. As such it aims to provide a professional and high quality objective and independent management support function in order to influence and contribute to the achievement of strategic and operational objectives. A key component of this support is the development and maintenance of excellent client relationships and adopting an innovative and flexible approach to the delivery of the function.
This Charter provides the framework for the conduct of the Internal Audit function and is applicable to all client organisations. This Charter will be reviewed annually by the relevant Audit Committee, or their equivalent to ensure it remains relevant to the demands and responsibilities of the client service and supports the relevant organisation's corporate objectives.
Each client organisation is responsible for establishing and maintaining appropriate risk management processes, internal control systems, accounting records and governance arrangements. Internal Audit plays a vital part in advising whether effective and efficient arrangements exist. The annual HoIA opinion, which informs the annual governance statement, both emphasises and reflects upon the importance of this aspect of Internal Audit work. The response to Internal Audit activity should, where deemed necessary, lead to the strengthening of the control environment and therefore contribute to the achievement of the corporate objectives, improvement, support innovation and change and enhance public accountability and transparency.
Vital components of a successful internal audit service include effective working relationships, maintaining professional independence and objectivity and working in partnership with management to assist in ensuring that an effective organisation-wide control environment exists. The Internal Audit service embraces this approach by effective communication and regular contact with its clients in order to help the organisation achieve its objectives.
2. The Purpose of the Charter
The Public Sector Internal Audit Standards (PSIAS) are mandatory guidance and constitute principles of the fundamental requirements for the professional practice of internal auditing and for evaluating the effectiveness of Internal Audit’s performance. An important element of these standards is the requirement to have a formal Charter.
The purpose of this Charter is to set out the purpose, authority and responsibility of the Internal Audit Service. In addition it also sets out the nature, objectives, outcomes and the scope of its activities within its client organisations. This therefore forms the basis of the terms of reference for the function.
3
3. Definition of Internal Audit
The PSIAS provides the following definition of Internal Audit:
“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes”.
This definition encourages a collaborative style of audit review which focuses on evaluating and improving the effectiveness of risk, control and governance and therefore goes significantly beyond basic compliance.
Allied to this definition are the 10 Core Principles for internal audit as defined in the International Standards for the Professional Practice of Internal Auditing (IPPF). These are:
Demonstrates integrity – through adherence to the code of ethics for internal auditors
Demonstrates competence and due professional care – having a comprehensive performance and professional development framework
Is objective and free from undue influence (independent) – through its organisational position, access rights and the status of the HoIA
Aligns with the strategies, objectives and risks of the organisation – adopting a risk-based approach to all work
Is appropriately positioned and adequately resourced – through access to senior management and the audit committee and having an appropriate level of resources / budget
Demonstrates quality and continuous improvement – meeting the requirements of the PSIAS in maintaining an appropriate quality assurance and improvement programme (QAIP)
Communicates effectively – through appropriate liaison and reporting channels with senior management and audit committees
Provides risk-based assurance – through a robust audit planning process and the consideration of risk and strategic and operational objectives
Is insightful, proactive and future-focussed – through effective and proportionate deployment of resources for research, adopting a ‘single point of contact/subject matter expert’ approach and undertaking appropriate consultancy services
Promotes organisational improvement – maximising the wider consultancy capacity of internal audit and ensuring a clear understanding of the operational and strategic context of each client organisation
How the Internal Audit service is structured, managed and operates aims to demonstrate how these core principles are met. The performance management
4
and accountability framework developed by the Service is how this will be demonstrated.
The IPPF has also provided a ‘mission statement’ for internal audit that sets out what it aspires to accomplish within an organisation through the definition and core principles. The mission is:
“To enhance and protect organisational value by providing risk-based and objective advice and insight”
4. Operational Context
The Barnsley Internal Audit Service operates within a challenging and diverse environment across a variety of client organisations to deliver the services each requires and to ensure it does so to high professional standards and demonstrating added value. The Service needs to be able to react and adapt to the rapid pace of change which is taking place both locally, regionally and nationally within each client organisation. Accordingly, the Charter includes the aspirations of the Internal Audit Service, which are to:
further develop and enhance working relationships particularly where a client organisation is undergoing significant change to ensure that the service is aware of and understands its needs and objectives
promote and support clients with regards to an increase in collaborative working
understand its position with respect to the organisation’s other sources of assurance and plan our work accordingly
be seen as a catalyst and support for change at the heart of the organisation
be the internal auditor of choice, delivering exceptional client service add value and assist the organisation in achieving its objectives be forward looking – knowing where the organisation wishes to be and
being aware of the relevant national agenda and its impact be innovative, insightful and challenging help to shape the ethics and standards of the organisation, reducing
bureaucracy whilst maintaining high standards of public accountability, transparency and governance
ensure the right resources are available, recognising that the skills mix, capacity, specialisms, qualifications and experience requirements all change constantly
ensure all staff are supported in undertaking relevant professional qualifications and continuous professional development to increase standards, efficiency and effectiveness
share best practice with other internal auditors, clients and other professional services (e.g. financial services) and
seek opportunities for joint working with other organisations’ auditors.
5
5. Scope of Internal Audit
The scope of internal auditing encompasses the examination and evaluation of any aspect of an organisation’s activities in order to assess the adequacy and effectiveness of the framework of governance, risk management, and internal control processes such that the HoIA can provide an annual opinion on the extent to which the organisation can rely on it.
6. Responsibilities and Objectives of Internal Audit
The responsibilities and objectives of Internal Audit are as follows:
i. To be a valuable asset to the organisation by supporting senior management in meeting their corporate responsibilities.
ii. To contribute to the assurances sought by those charged with governance in relation to the robustness and reliability of internal controls, risk management and governance to support the Annual Governance Statement (AGS).
iii. To support the Statutory Chief Finance Officer in discharging their duties.iv. To review, appraise and report on the extent to which the assets and
interests of the organisation are accounted for and safeguarded from loss and the suitability and reliability of financial and other management data and information.
v. To support the requirement to seek efficiency including the arrangements for achieving value for money and effective change management.
vi. To provide soundly based assurances to management on the adequacy and effectiveness of their internal control, risk and governance arrangements, with such assurances including information technology governance and ethical behaviour.
vii. To assess the adequacy and effectiveness of the organisation's contracts, procurement, commissioning and associated governance arrangements.
viii. To assess effectiveness of the corporate risk management process and make recommendations to improve and embed the process where required whilst ensuring that Internal Audit does not adopt management responsibilities for managing risks.
ix. To evaluate the risk of fraud, bribery and corruption and the manner and effectiveness of how it is managed by the organisation. In addition, to reduce the incidence of fraud, loss and irregularity by publicising the findings of fraud investigations to act as a deterrent and provide a quality corporate fraud and irregularity prevention, detection and investigation service.
x. To disseminate examples of best practice in the application of an effective control, risk and governance framework.
xi. To provide an Internal Audit advisory service intended to add wider organisational value and improve the effectiveness and efficiency of governance, risk management and control processes.
xii. To provide advice and an objective and supportive consulting service in respect of the development of new programmes and processes and / or significant changes to existing programmes and processes including the design of appropriate controls. This is usually achieved through
6
membership of Officer Groups, Governance and other Boards or working parties as well as direct contact with officers within services / functions / departments. Such advice and consultation work forms an increasingly important part of the audit plan.
xiii. To prepare timely, concise and informative reports to management to facilitate the improvement of the control environment.
xiv. To undertake Audit support activities in respect of assisting the Audit Committee (or equivalent) to discharge its responsibilities; monitoring the implementation of agreed recommendations; disseminating across the entity best practice and lessons learnt arising from its audit activities, and having oversight of the audit function.
7. Organisational Independence of Internal Audit
An independent approach and mindset is essential to the effectiveness of the Internal Audit function. To ensure this, Internal Audit will operate within a framework that allows:-
Unrestricted access to the 'Chief Executive'; the 'Chief Finance Officer'; the Chair of the Audit Committee and Audit Committee Members; individual Senior Management Officers; employees and the responsible External Auditor.
The HoIA reporting in his own name. Segregation from line operations.
The Internal Audit function has no sole or direct responsibility for developing or implementing procedures or systems and does not prepare records or engage in original line processing functions or activities.
Internal Auditors are generally not involved in undertaking non-audit activities and an Auditor will not be involved in the audit of any system or process for which they had previous operational responsibility for a period of two years. This principle will equally apply to any consultancy type assignments.
Audit responsibilities are periodically rotated to avoid over-familiarity and complacency but balanced to provide reasonable service continuity and resilience.
8. Code of Ethics
The IPPF advocates that internal auditors conform to a code of ethics to promote an ethical culture in the profession of internal auditing. This is an important concept given that the nature of internal auditing is one built on trust and respect under-pinning its independent and objective approach.
The four components of the Code of Ethics are:
Integrity:
In the conduct of audit work, Internal Audit staff will:
7
i. Perform their work with honesty, diligence and responsibility;ii. Observe the law and make disclosures expected by the law and the
profession;iii. Not knowingly be party to any illegal activity, or engage in acts that are
discreditable to the profession of internal auditing or the organisation;iv. Respect and contribute to the legitimate and ethical objectives of the
organisation.
Objectivity:
Internal Auditors must exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal Auditors must make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgements.
In the conduct of audit work internal auditors shall:
i. Not take part in any activity or relationship that may impair or be perceived to impair their unbiased assessment;
ii. Not accept anything that may impair or be perceived to impair their professional judgement
iii. Disclose all material facts known to them that if not disclosed may distort the reporting of activities under review
In addition, internal auditors will;
iv. Declare any real or perceived interests on an annual basis. A prompt is included at the assignment planning phase of each audit;
v. Comply with the Bribery Act 2010.
Confidentiality:
Internal auditors must respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.
Internal Auditors are expected to display confidentiality by:
i. Acting prudently when using information acquired in the course of their duties and protecting that information and;
ii. Not using information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organisation.
Competency:
Internal Auditors are expected to apply the knowledge, skills and experience needed in the performance of internal audit activities.
Internal auditors will demonstrate their competency by:
8
i. Only engaging in services for which they have the necessary knowledge, skills and experience;
ii. Performing internal audit services in accordance with the IPPF iii. Continually seeking to improve their proficiency, effectiveness and quality
of their services
In addition, internal auditors will:
iv. Be skilled in dealing with people at all levels and communicating audit, risk management and related issues effectively;
v. Exercise due professional care in performing their duties and;vi. Conform with the PSIAS. NB: Any non-conformance with the PSIAS will
be disclosed within the engagement results / output including the reasons for the non-conformance and the impact.
8. Accountability, Reporting Lines and Relationships of the Head of Internal Audit
Accountability:
In relation to organisations governed by public sector legislation, (e.g. the Accounts and Audit Regulations 2015, Regulation 5 and Police Reform and the Social Responsibility Act 2011), such organisations are responsible for maintaining an adequate and effective Internal Audit function. In practical terms this means that the HoIA is accountable to the ‘Chief Executive’ and Audit Committee.
Reporting Lines and Relationships:
Within Barnsley MBC as the direct employing organisation, the HoIA reports administratively to the Service Director – Finance and has strategic and operational responsibility for the Internal Audit function and fulfils the specific designated role of the HoIA for the Council.
This specific designated role and its responsibilities are replicated for each client organisation with the HoIA being responsible to a designated senior manager (usually the chief financial officer or chief executive) and accountable to the Audit Committee or other relevant executive body.
While audit plans are considered by a range of senior managers and the Audit Committees of each client organisation, the professional responsibility for Internal Audit coverage rests with the HoIA who may determine and change the Internal Audit Service’s own priorities as appropriate. The HoIA has a functional reporting line to each client Audit Committee Chairman, the 'Chief Executive' and SMT Members, or equivalent.
The HoIA reports periodically to each Audit Committee. The reports provide information in respect of:
9
i. Periodic reports detailing: the audits completed; an assurance opinion on the overall state of internal controls for that particular period along with any fundamental issues requiring management attention based on the work of internal audit; progress in implementing the audit work plan; the status of the implementation of agreed internal audit recommendations;
ii. An annual opinion on the internal control, risk management and governance arrangements in each client organisation highlighting any fundamental issues requiring management attention based on the work of internal audit as reported within the periodic reports and;
iii. An annual report summarising the outcome of the review of the effectiveness of the internal audit function which is required under the PSIAS.
Internal and External Audit activities will be coordinated to help ensure the adequacy of overall audit coverage and to minimise any duplication of effort. Periodic meetings and contact between Internal and External Audit will be held to discuss matters of mutual interest. External Audit will have full and free access to all Internal Audit plans, working papers and reports. Similarly the function will coordinate its activities with other regulatory / inspection bodies where relevant.
Where it is appropriate Internal Audit will liaise with other internal functions or inspectorates, to ensure work is co-ordinated, mutually beneficial and where applicable utilised for assurance purposes (e.g. HMIC).
It is important to stress the existence of Internal Audit does not diminish the responsibility of management to establish and maintain systems of internal control, effective risk management and governance arrangements to ensure that activities are conducted in a secure, efficient and well-ordered manner.
9. Arrangements for Anti Fraud, Corruption and Bribery
Arrangements for combatting fraud, bribery and corruption will be set out by management in each organisation's anti-fraud and corruption policies and other supporting guidance. The HoIA should be notified of all suspected or detected fraud, corruption, impropriety or other irregularity, in order to inform the annual Internal Audit opinion and the risk-based plan.
Internal Audit’s role in respect of fraud-related work is as follows:
i. In support of the organisation's anti-fraud, Whistleblowing, Money Laundering, bribery and corruption policies, Internal Audit prepares periodic guidance for managers and the Board;
ii. To undertake proactive fraud detection work in high risk areas as defined by the fraud risk assessment and management process;
iii. To co-ordinate Barnsley MBC's, SY Fire and Rescue Authority, SY Police, SYPCC and SY Pensions Authority response to the mandatory National Fraud Initiative (NFI) exercise;
iv. To contribute to corporate counter fraud arrangements and;v. In certain circumstances and where discussed and agreed with
management, Internal Audit (through the Corporate Anti-Fraud Team) assume a lead role in the investigation of alleged irregularities. Internal
10
Audit will provide guidance and support to management throughout the investigatory process. The balance of work between that undertaken by Internal Audit and management will be kept under review to ensure the most appropriate use of specialist resources. With this in mind it is anticipated that Internal Audit will spend increasingly less time undertaking routine investigations.
10. Consultancy Work
The definition of internal audit makes reference to it being a “consulting activity” and therefore such work needs to be carefully scoped and managed to ensure the core purpose and responsibilities of internal audit are not compromised.
The scoping of audit work will make it clear in what guise it will be performed, the methodology to be used and the format and nature of the reported outcomes.
Due regard of the requirements of the client will be considered to preserve and demonstrate internal audit objectivity and independence in any consultancy engagement.
This nature of work is however increasingly important and valued by clients and provides an additional way in which Internal Audit can provide and demonstrate wider value beyond basic controls assurance. Providing this support also clearly links to a number of the core principles about being insightful, forward-focussed, proactive, and being able to promote organisational improvement.
11. Authority of Internal Audit
In accordance with the PSIAS, the scope of Internal Audit allows that in fulfilment of audit responsibilities unrestricted coverage of all the organisation’s activities and unrestricted access to all functions, records, data, personnel, premises and assets of the organisation and its partner organisations, is granted in the course of audit work and as set out in relevant partnership agreements and contracts.
Internal Audit has the authority to obtain such information and explanations as it considers necessary to fulfil its responsibilities.
All records, documentation and information accessed in the course of undertaking internal audit activities are to be used solely for the conduct of these activities. The HoIA and staff are responsible and accountable for maintaining the confidentiality of the information they receive during the course of their work.
12. Appropriate Resourcing of Internal Audit
At least annually, the HoIA will submit to the 'Chief Executive' and the Audit Committee an Internal Audit plan for review and approval. The plan will consist of a work schedule and resource requirements for the next financial year. The plan will include the impact of any resource limitations and significant actual or planned changes.
11
The Internal Audit plan is developed utilising a risk-based methodology to determine the prioritisation of the audit work, including the input of senior management and the Audit Committee. Any material deviations from the approved Internal Audit plan will be communicated to the Audit Committee through periodic activity reports.
Should the HoIA have concerns regarding the resources of the Internal Audit function, he will raise these with the appropriate client Chief Executive and Chief Finance Officer. The inadequate resourcing of the internal audit function may result in the HoIA being unable to provide an annual opinion on a client’s internal control, risk and governance environment.
The current establishment of the Internal Audit Service comprises 17 FTEs:
Head of Internal Audit and Corporate Anti-Fraud2 Audit Managers5 Principal Auditors6 Auditors / Senior Auditors
Principal Auditor – Corporate Anti-Fraud2 Corporate / Senior Corporate Anti-Fraud Officers
13. Client Organisations
The Internal Audit Service provides an internal audit function to the following clients. An approximate number of planned days allocated to each of these client organisations for 2017/18 are shown below.
Client OrganisationApproximate Allocation of Planned Days
Barnsley MBC (excluding Corporate Fraud Team) Approx. 1,050
South Yorkshire Police Approx. 700
South Yorkshire Fire and Rescue Authority Approx. 250
South Yorkshire Pensions Authority Approx. 250
Sheffield City Region Combined Authority Approx. 120
South Yorkshire Passenger Transport Executive Approx. 200
Berneslai Homes Approx. 130
Corporate Anti-Fraud Team Approx. 560
Other Bodies:
The Internal Audit service will seek to expand the service by exploring opportunities to tender for internal audit work where there is a clear benefit in terms of operational synergies, economies of scale, service continuity and staff development. Consideration will always be given to ensure continuity and quality of service to existing clients.
12
14. Internal Audit Strategy
Whilst not a specific requirement of the PSIAS the Internal Audit Service also prepares a Strategy. This strategy has previously been an over-arching one covering all client organisations. Due to the increasing differences between clients, their operational contexts, pressures, priorities and requirements from Internal Audit, a specific strategy document has been prepared for each client organisation.
The audit strategy documents reflect closely the audit planning process and the context of the annual operational audit plans.
April 2017
.
Purpose of ReportThis report informs the Audit Committee of the Internal Audit plan for 2017/18 (Appendix A). The report includes a summary of audit activity in relation to the Authority.
This report briefly describes the rationale and process for setting the plan, that it is based on a risk assessment process, historical data and consultation.
The proposed Plan has been considered by the Statutory Officers Group on 10th April 2017.
The consideration and approval of the audit plan is one of the key responsibilities of the Audit Committee.
Freedom of Information and Schedule 12A of the Local Government Act 1972Under the Freedom of Information Act this paper and any appendices will be made available under the Combined Authority Publication Scheme. This scheme commits the Authority to make information about how decisions are made available to the public as part of its normal business activities.In this section it must be clear if: A – the paper will be available under the Combined Authority Publication Scheme
B – the paper is exempt under section 1 to 7 of Schedule 12A to the Local Government Act 1972 (report author to specify which exemption applies and why)C – the paper is exempt under Part II of the Freedom of Information Act 2000 (report author to specify which exemption applies and why)
RecommendationsIt is recommended that:-
i. the Internal Audit plan 2017/18 (Appendix A) is approved, acknowledging the need for the Head of Internal Audit to exercise his professional judgement during the year to apply the Plan flexibly according to priority, risk and resources available; and
ii. the Committee receives monitoring reports from the Head of Internal Audit to
demonstrate progress against the plan including information where the Plan has materially varied from the original Plan.
27th APRIL 2017AUDIT COMMITTEE: INTERNAL AUDIT PLAN 2017/18 REPORT
1. Introduction
1.1 One of the key aspects of the organisation and operation of Internal Audit is the preparation and delivery of an operational plan. The plan seeks to ensure an appropriate deployment of the allocated resources across the Authority taking into account known risks, organisational developments, projects and initiatives all supporting the fundamental need to assess the adequacy and effectiveness of the internal control, risk and governance environment and ultimately inform the Head of Internal Audit’s opinion for inclusion in the Annual Governance Statement (AGS).
1.2 Key to a sound risk based plan is to ensure it is developed in collaboration with management. The culture of a modern Internal Audit service is not about keeping its work secret - successful audit services are characterised by operating ‘with’ and ‘for’ management rather than doing it ‘to’ them. This Plan has therefore been prepared following consultation with a range of senior officers and as audit planning is a continuous process it has included the following:
Consideration of issues included in the risk register(s) together with mitigating controls.
Consideration of historical and topical issues as well as horizon scanning to attempt to identify any major issues that might affect the controls, risks or governance of the Authority.
Consideration of issues to assist the Section 151 Officer to fulfil his responsibilities and to meet other legal requirements.
Consultation with senior managers responsible for the delivery of services. Consultation with the Audit Committee with responsibility for overseeing
delivery of the work of the Internal Audit Team and with the responsibility for overseeing good governance within the Authority.
1.3 It is important to acknowledge at the outset that whilst great care and consideration is given to establish the operational plan each year, it is designed to be flexible. Good audit practice encourages the flexible use of limited resources reflecting the need to respond to emerging risk issues, requests for advice and assistance, and the need to investigate any irregularities should they arise.
1.4 As well as providing management with an overview of Internal Audit coverage in support of their risk concerns, the plan sets a framework to manage Internal Audit resources within the function. The plan gives Internal Audit staff a focus and a degree of certainty regarding what they will be doing. This lends itself to establish a robust training and development framework where Internal Audit staff can be allocated to jobs based on their skills, experience and emerging abilities. Internal Audit has a policy of regularly reviewing the skills needs of the Service and identifying the training and development necessary to meet these needs.
1.5 Further information is contained within the Audit Charter which sets out the nature, objectives, outcomes, responsibilities and scope of its activities within its client organisations. The Audit Charter is compiled in accordance with the Public Sector Internal Audit Standards (PSIAS) which contains mandatory guidance and principles behind the professional practice of internal auditing and for evaluating the effectiveness of Internal Audit’s performance. The Audit Charter for 2017/18
is included on the Audit Committee’s agenda.
1.6 Delivery of the service will be by Barnsley MBC who deliver services to the following ‘clients’:
Sheffield City Region Combined Authority; South Yorkshire Passenger Transport Executive; South Yorkshire Fire and Rescue Authority; South Yorkshire Police & Crime Commissioner South Yorkshire Police Chief Constable; South Yorkshire Pensions Authority; Barnsley MBC; and Berneslai Homes.
2. Internal Audit Plan 2017/18
2.1 The Audit Plan (Appendix A) has been prepared to ensure adequate coverage across a broad basis of Internal Audit work to support the assurances that management and the corresponding Audit Committee require and provides a total planned allocation of 120 days assigned to the Authority for 2017/18 whic will be monitored during the year.
2.2 Whilst the principle of the audit plan is one based on risk, there are a number of areas of work and therefore a proportion of the plan that are undertaken annually. The precise deployment of Audit resources may within these areas be risk based but the initial identification of these areas is somewhat pre-determined. These are:-
Audit Activity RationaleCore financial systems
This work is also required by the S151 officer and also considered by External Audit.
Corporate Governance
Annual provision for undertaking review work on the Annual Governance Statement process and risk management.
Advice, audit planning, management, follow up & feedback
Standard annual provisions for each client for general advice, annual and periodic planning, obtaining and dealing with feedback from audits along with the follow up of audit recommendations (as per the follow up protocol), preparation of Audit Committee reports, attendance at Audit Committee and other meetings
Contingency Days set aside for unplanned work or increases in the scope of planned work, including provision for undertaking special investigations and follow-up work.
2.3 In addition to the annual areas of work referred to in 2.2, consultation with the Management Team and Statutory Officers has identified key priority areas of work for Internal Audit, to provide the required assurances that the control framework is operating robustly within their particular business areas. A full list of planned work is attached to the report. The key areas of activity are:
Information governance assurance
Compliance with transparency requirements Programme / Performance Management Business Innovation Fund (BIF)
2.4 At the point of preparing the Plan it is not always easy or appropriate to specifiy a number of days against certain pieces of work. Given the flexibility underpinning the Plan approach and the need for Internal Audit to be able to respond to unforeseen events, the total number of indicative days are agreed with senior management relevant to budget provision and risk assessment with the understanding that during the year as and when individual pieces of work are scoped in detail, the precise number of days for each piece of work will be determined. Most pieces of work are likely to be between 10 and 20 days in duration to allow sufficient depth of coverage and therefore provide the greatest benefit and value. Equally, the flexibility within the Plan also extends to when work will be undertaken during the year, including the possibility of deferring work to the following financial year. All proposed changes to the Plan or when work will be undertaken will be discussed and agreed with management and reported within the Progress reports to the Audit Committee.
2.5 Themes have also been developed and applied to each auditable area. These have been based on the key areas of assurance as reflected in the annual governance statement process and therefore in support of those officers charged with lead responsibilities. The same themes are set up within the audit management system and linked to all findings and recommendations. Functionality within the system enables reports covering the defined themes to be produced on audit work completed during a given period. This serves as a source of assurance information for Internal Audit and the senior officers with lead responsibilities for compliance and monitoring e.g. having an information technology or systems theme enables the appropriate responsible officer to be provided with issues extracted from across all audits regarding the levels of compliance with IT/IS related controls and procedures.
2.6 As part of the delivery of the 2017/18 Audit Plan emphasis will continue on enhanced customer focus and liaison, which will include periodic attendance at relevant senior management team meetings to report on progress against planned work. Quarterly plan monitoring/progress reports will continue to be presented to the Audit Committee.
3. Appendices/Annexes
3.1 The report attached at Appendix A includes a detailed draft 2017/18 plan.
REPORT AUTHOR Rob Winter CPFAPOST Head of Internal Audit and Corporate Anti-Fraud
Officer responsible Sharon Bradley CMIIAOrganisation Audit Manager (SCRCA)
Email [email protected] 01226 773187
Background papers used in the preparation of this report are available for inspection at: Barnsley MBC Westgate Plaza One office, Barnsley.
Sheffield City Region Combined Authority – Internal Audit Plan 2017/18
Client Business Unit / Service Assignment Title Outline Scope / Purpose Risk / Gov. Area
SCRCA Finance C/fwd Procurement Review To complete the 2016/17 review Fin. Mgt; Int. Controls; DQ; Legal
SCRCA Finance C/fwd Payroll Review To complete the 2016/17 review. Fin. Mgt; Int. Controls; DQ
SCRCA Service Wide Advice, Planning & Feedback, Follow Up of Recommendations & Client Liaison
Provision of advice, as and when requested. Day to day management of annual audit plan, including scheduling of resources and incorporating any revisions. Follow up and update of the status of recommendations from individual audit assignments. Attendance at Stat Officers Meeting, client rep meetings etc.
All
SCRCA Service Wide Annual Audit Planning 2018-19 To discuss and develop an agreed annual audit plan for 2018-19. All
SCRCA Service Wide Audit Committee Preparation of reports and attendance at the Audit Committee meetings. Liaison with the Chair of the Audit Committee.
All
SCRCA Service Wide AGS process To provide advice, support and guidance on the AGS process and arrangements. HoIA statement.
Ethical; Safeguarding; Fin. Mgt; Int. Controls;
DQSCRCA Service Wide Risk Management To provide assurance on the Risk Management Framework and process. To include
compliance testing.Fin. Mgt; Int. Controls;
DQ
SCRCA Finance Core Financial Systems To provide assurance that systems and controls are robust and operating effectively and efficiently. Risk based strategy, systems to be determined.
Fin. Mgt; Int. Controls; DQ
SCRCA TBD Information Governance To provide assurance that the information handled by the SCRCA is effectively and efficiently managed, adherence to legislation. To include the retention of documentation and data quality.
Ethical; Safeguarding; Fin. Mgt; Int. Controls;
DQSCRCA TBD Compliance with Transparency To provide assurance that the SCRCA is complying with the AAF guidelines.
Reduced scope - this will not extend to the compliance with the wider government transparency agenda compliance (e.g. publishing of procurement data, salaries etc).
Fin. Mgt; Int. Controls; DQ
SCRCA TBD BIF To provide assurance that the programme/project management arrangements are robust and operating effectively & efficiently. BIF delegations are set out and decisions reported to the CA.
Fin. Mgt; Int. Controls; DQ
SCRCA TBD Programme / Performance Management
To provide assurance that the capital programme (incl. Growth Hub) is being effectively and efficiently managed, with clearly defined roles & responsibilities assigned to Officers. To include performance management arrangements of projects.
Fin. Mgt; Int. Controls; DQ
SCRCA Service Wide Contingency General provision of days to accommodate changes in the scope of work, ad hoc requests beyond advisory and general unplanned work.
All
.
Purpose of Report
To inform the Committee of the Internal Audit work completed and in progress from 7th January 2017 to 31st March 2017, the position with regard to the implementation of recommendations, about planned audit work and the performance of the Team.
Freedom of Information and Schedule 12A of the Local Government Act 1972
Under the Freedom of Information Act this paper and any appendices will be made available under the Combined Authority Publication Scheme. This scheme commits the Authority to make information about how decisions are made available to the public as part of its normal business activities.
In this section it must be clear if:
A – the paper will be available under the Combined Authority Publication Scheme
B – the paper is exempt under section 1 to 7 of Schedule 12A to the Local Government Act 1972 (report author to specify which exemption applies and why)
C – the paper is exempt under Part II of the Freedom of Information Act 2000 (report author to specify which exemption applies and why)
Recommendations
It is recommended that Members consider the report and as necessary request further information and/or explanations from Internal Audit or Management.
27th APRIL 2017
AUDIT COMMITTEE: INTERNAL AUDIT PROGRESS REPORT
1. Introduction
1.1 As part of its core functions the Audit Committee oversees the work of the Internal Audit Team and receives various reports. The following have been provided to date:-
April 2016
IA Progress ReportIA Annual Plan Report 2016-17IA Charter & Strategy 2016-17
July 2016
IA Annual ReportIA Effectiveness ReportIA Progress Report
January 2017
IA Plan Consultation ReportIA Progress Report
1.2 Assurance Opinion
The Assurance Opinion applied for each piece of work is selected from the following range:-
Substantial; } Positive assurance Adequate; } Positive assurance
Limited; } Negative assurance No Assurance. } Negative assurance
The Assurance Opinion is primarily driven by the number and priority level of the recommendations made / agreed. The priority level of recommendations is described either as Fundamental, Significant or Merits Attention.
The Assurance Opinion is also influenced by whether the recommendations are in respect of the adequacy (or existence) of controls or the application of existing controls.
The final factor influencing the overall opinion is in relation to the controls assessed and whether the result of that assessment regards the effectiveness of the control as Good, Adequate, Limited or Poor.
2. Implications
2.1 Financial
The charge for the Internal Audit service is estimated to be as planned and consequently there are no financial implications to consider.
2.2 Legal
There are no legal implications.
2.3 Risk Management
Management engagement and responses remain positive which helps support a positive assurance that where opportunities for control, risk or governance improvements are highlighted, these are embraced by management.
2.4 Equality, Diversity and Social Inclusion (Equality Act - Public Sector Equality Duty)
There are no implications.
3. Appendices/Annexes
3.1 The report attached at Appendix A includes:-
significant control or compliance issues; longstanding recommendations; a summary of the work completed and also work in progress since the previous
progress report; assurance opinions given and total recommendations made; recommendations followed-up by Internal Audit since the previous progress report; Internal Audit performance information.
REPORT AUTHOR Rob Winter CPFAPOST Head of Internal Audit and Corporate Anti-Fraud
Officer responsible Sharon Bradley CMIIAOrganisation Audit Manager (SCRCA)
Email [email protected] 01226 773187
Background papers used in the preparation of this report are available for inspection at: Barnsley MBC Westgate Plaza One office, Barnsley.
Other sources and references: Internal Audit Charter & Strategy 2016-17, Annual Plan 2016-17, Internal Audit Reports, MK Insight (audit management system), Public Sector Internal Audit Standards 2013.
APPENDIX AINTERNAL AUDIT PROGRESS REPORT
1. Annual Plan and Actual Comparison
The annual audit plan for 2016-17 was discussed and agreed in principle with the Executive Director, Section 151 Officer and Monitoring Officer. It was also reported to this Committee at the April 2016 meeting. The plan included a brief description of the work Internal Audit would undertake to support the SCRCA as it evolved during the year to design and embed its control, risk and governance framework arrangements. Each piece of work was to be more clearly defined and scoped as it commenced. In addition, the plan included compliance work to be undertaken by Internal Audit to provide Management and the Committee with assurances that the financial processes were operating effectively and efficiently. It was acknowledged by all parties that a higher number of days was required for 2016-17 (potentially circa. 120 days), to enable Internal Audit to support the SCRCA in establishing its governance framework.
At 31st March 2017, a total of 98 days have been delivered in relation to the planned work. This is time supporting management to develop and embed the governance framework and also the completion of six compliance reviews (fundamental financial systems 2015-16, skills capital grants, programme management and Sales Ledger 2016-17, Main Accounting 2016-17, Purchase Ledger 2016-17). Reviews of the SCRCA’s procurement arrangements and Payroll 2016-17 are currently being completed.
Due to the continued work in developing and implementing aspects of the SCRCA’s control and governance framework, much of the planned Internal Audit work was scheduled towards the end of the financial year. A further 17 days will actually be delivered early in the new audit year to complete the 2016/17 plan. The results of all the 2016/17 work will therefore be taken into account in the Annual Assurance Report to be considered by the Audit Committee in July.
2. Significant Control or Compliance issues to bring to the Audit Committee's Attention
No fundamental recommendations have been made within the completed pieces of work and therefore there are no specific control or compliance issues to bring to the Committee’s attention.
Of note for the Committee is the progress that management have made in the development and implementation of a range of governance related policies and procedures. Whilst not yet fully complete and embedded this is a marked improvement from the beginning of the year.
3. Longstanding Recommendations and Management Reponses
This section highlights to Members any recommendations that remain outstanding for 6 months or more following the original recommendation/agreed action target completion date and/or where the recommendation/agreed action target completion date has been subject to 3 revisions.
There are no longstanding recommendations to report at this time.
4. Completed Projects Since last Progress Report
Title of Audit & Date of Report Key Issues and Finding arising from the Audit Assurance
OpinionNo. & Priority of
RecsComments / Follow-up
ActionMain Accounting 2016-17
30/03/17
The review concluded that processes with regards to Main Accounting related transactions were generally operating effectively.
However, although all bank reconciliations had been completed, a concern was identified with regards to the failure to retain all completed Bank Reconciliations and supporting reports in a central location, resulting in an incomplete audit trail for Bank Reconciliations completed during 2016/17.
Substantial Fundamental 0
Significant 0
Merits Attention 1
To follow up the agreed action in due course.
Purchase Ledger 2016-17
24/03/17
The review concluded that the regulations and policies relevant to Purchase Ledger system were up to date, had been approved and were being complied with. In addition, financial transactions had been processed accurately and were supported by source documentation.
However, a concern was identified with regards to the management of vendor master data information within the financial management system (OEO), whereby there is currently no segregation / identifier to confirm which suppliers are utilised by the SCRCA and / or Sheffield City Council. Consequently, assurance cannot be provided that the details relating specifically to SCRCA’s suppliers are accurate and supported by source documentation. It is acknowledged that a new financial system (Integra) is being implemented and this will provide for the opportunity to establish the company with its own entity (i.e. company code) for improved segregation and clarity.
Adequate Fundamental 0
Significant 1
Merits Attention 0
To follow up the agreed action in due course.
5. Projects / Other work In Progress
Title of Audit or Nature of Audit Activity Key Objective(s) Status / Comment
Procurement Arrangements
To provide assurance that procurement processes are undertaken on a fair, open and transparent basis, comply with regulatory, policy and procedural requirements, and that all actions and decisions fully evidenced. In addition, to confirm that contracts exist and are being effectively managed. The review will include a walkthrough of the procurement arrangements to provide assurance that the processes are robust, efficient and effective.
Testing on site
Payroll 2016-17 The focus of the Internal Audit work will be on the governance, controls and risk management arrangements associated with the Payroll System.
The scope of this review is to provide assurance that the systems, processes and procedures in respect of the Payroll System are robust and operating effectively and efficiently. This includes the recharge arrangements from Barnsley MBC to the SCRCA for payments made to its employees.
Testing on site
Title of Audit or Nature of Audit Activity Key Objective(s) Status / Comment
Risk Management To provide advice and support to management with regards to developing a Risk Management Framework. A workshop has been held and a strategic risk register prepared for management.
In progress – continuous support
Assurance Map To provide advice and support to management with regards to developing an assurance map. In progress – continuous support
Ethical / Integrity Framework
To review the relevant policies and procedures, in conjunction with management, to identify any points for clarification / further consideration to ensure fully applicable and clear in terms of reporting lines etc. (i.e. BMBC policies as the SCR CA Officers are employed by BMBC).
Advisory - In progress
Governance Assurance Group
Attendance at the Governance Assurance Group meetings, to provide advice and also support to management with regards to its governance arrangements.
In progress – continuous support
Client Liaison Attendance at meetings with the Executive Director, Section 151 Officer and Monitoring Officer, to manage and monitor the audit plan.
In progress – continuous support
Audit Committee Preparation of reports and attendance at Audit Committee meetings. Throughout the year
6. Planned Work
The audit work undertaken during 2016-17 was generally in accordance with the agreed scheduling throughout the financial year. A couple of reviews were ongoing at the 31st March 2017 and days have been included within the 2017-18 audit plan to enable these to be completed during early quarter 1 of the financial year.
7. Cancelled / Deferred / Added Assignments
There were no changes to the audit plan during this period
8. Internal Audit Performance
The performance indicators for the fourth quarter are attached at Appendix C. Quarterly performance of the function is satisfactory and all PI’s for the year are either on or exceed target levels
There have been 2 returned feedback questionnaires for the jobs completed in the financial year to date. An analysis is included at Appendix B.
Table 1ASummary Activity Report
All Audit Reports Completed in each progress report period
Assurance Opinion 01/04/16 – 30/06/16 01/07/16-06/01/17 07/01/17-31/03/17 Cumulative
Substantial 0 1 (50%) 1 (50%) 2 (33%)Adequate 2 (100%) 1 (50%) 1 (50%) 4 (67%)Limited 0 0 0 0None 0 0 0 0TOTAL REPORTS 2 (100%) 2 (100%) 2 (100%) 6 (100%)
Total Recommendations
Number of Recommendations
01/04/16 – 30/06/16 01/07/16-06/01/17 07/01/17-31/03/17 Cumulative
Fundamental 0 0 0 0Significant 1 (17%) 0 1 (50%) 2 (18%)Merits Attention 5 (83%) 3 (100%) 1 (50%) 9 (82%)TOTAL 6 (100%) 3 (100%) 2 (100%) 11 (100%)
Table 1B
Recommendations Followed-up in the period 07/01/17 to 31/03/17
Reporting in the period
Recommendation Classification Followed- Up Completed by
Target DateCompleted After
Target DateNot Yet Completed – Revised Date Agreed
Awaiting ManagementResponse
FundamentalSignificantMerits Attention 2 (100%) 2 (100%)
Total 2 (100%) 2 (100%)
Table 1CTrend Analysis – All Periods - 2016/17
Assurance Opinions
2016/17 CumulativeP1 P2 P3 & 4 2016-17
% %%
%
Substantial 0 50 50 33Adequate 100 50 50 67Limited 0 0 0 0None 0 0 0 0
100 100 100 100
Recommendations
2016/17 CumulativeP1 P2 P3 & 4 2016/17No. No. No. %
Completed by target date 8 0 80Completed after target date 0 0 0Not yet completed - revised date agreed 0 2 20Awaiting Management Response* 0 0 0Total followed up 8 2 100
% Completed by Original Due Date (excl. *) N/A 100% 0%
Glossary (For Tables 1A – 1C)
1. Classification of Recommendations
Fundamental A recommendation requiring immediate action – imperative to ensuring the objectives of the system under review are met.
Significant A recommendation requiring action necessary to avoid exposure to a significant risk to the achievement of the objectives of the system under review.
Merits Attention A recommendation where action is advised to enhance control or improve operational efficiency.
2. Assurance Opinions
Level Control Adequacy Control Application
Substantial Assurance
Robust framework of controls exist that are likely to ensure that objectives will be achieved.
Controls are applied continuously or with only minor lapses.POSITIVE
OPINIONS Adequate Assurance
Sufficient framework of key controls exist that are likely to result in objectives being achieved, but the control framework could be stronger.
Controls are applied but with some lapses.
Limited Assurance
Risk exists of objectives not being achieved due to the absence of key controls in the system.
Significant breakdown in the application of key controls.NEGATIVE
OPINIONSNo Assurance Significant risk exists of objectives not being achieved due to the
absence of controls in the system.Fundamental breakdown in the application of all or most controls.
The assurance level applied is a judgement based on the overall assessment of the control environment.
Appendix B
Analysis of Internal Audit Feedback Received - period 07/01/17 – 31/03/17
Number ticks shown against each ‘score’ given
Very Good Good Acceptable Poor
A Audit Planning1 Relevance of the audit objectives 2
B Communication1 Consultation on scope and objectives of the audit 22 Communication during all aspects of the audit 23 Helpfulness co-operation of the auditor(s) 24 Professionalism of the auditor(s) 25 The auditor(s) demonstrated an appreciation of any
relevant issues concerning equality and diversity2
C Timing1 Duration of the audit 22 Timeliness of the audit report 2
D Quality of the audit report1 Format and clarity of audit report 22 Accuracy of the findings 1 13 Relevance of recommendations 1 14 Overall quality of the report 2
E Value of the audit1 Basic controls assurance the audit has provided 22 Added value given beyond basic controls
assurance2
F Overall Value of the audit1 Overall value of the audit 2
100%
Total Number of ‘ticks’ (A – F) 28 2Percentage 93 7
100
Returned Questionnaires:-Period 1 1Period 2 1Period 3 & 4 2Total 4
Appendix C
Ref. Indicator Frequency of Report
Target 2016/17
This Period
Year to Date
1.
1.1
2.
2.1
2.2
2.3
3.
3.1
Customer Perspective:
Percentage of questionnaire received noted “good” or “very good” relating to work concluding with an audit report. * Business Process Perspective:
Percentage of final audit reports issued within 10 working days of completion and agreement of the draft audit report. *
Percentage of chargeable time against total available.
Average number of days lost through sickness per FTE (Cumulative 45 days in total)
Continuous Improvement Perspective:
Personal development plans for staff completed within the prescribed timetable.
Quarterly
Quarterly
Quarterly
Quarterly
Annual
95%
80%
73%
6 days
100%
100%
100%
72%
1 day
100%
100%
100%
73%
<3 days
100%
* KPIs relate specifically to the SCRCA.
INTERNAL AUDIT PERFORMANCE INDICATORS FOR 2016/17 (QUARTER 4)
1
Document Classification: KPMG Confidential
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a
Swiss entity. All rights reserved.
Headlines
Financial Statement Audit Value for Money Arrangements work£
There are no significant changes to the Code of Practice on Local Authority Accounting
in 2016/17, which provides stability in terms of the accounting standards the Authority
need to comply with.
Materiality
Materiality for planning purposes has been provisionally based on last year’s
expenditure and set at £2 million.
We are obliged to report uncorrected omissions or misstatements other than those
which are ‘clearly trivial’ to those charged with governance and this has been set
at £0.1 million.
Significant risks
Those risks requiring specific audit attention and procedures to address the
likelihood of a material financial statement error have been identified as:
The new core financial system.
Other areas of audit focus
Those risks with less likelihood of giving rise to a material error but which are
nevertheless worthy of audit understanding have been identified as:
Disclosure around retrospective restatement of Comprehensive Income and
Expenditure (CIES) , Movement in Reserves Statement (MiRS) and Expenditure
and Funding Analysis (EFA) note from 1 April 2016.
See pages 3 to 10 for more details including Pension Fund and PTE risks.
Logistics
£
Our risk assessment is ongoing and we will report VFM significant risks during our audit
or our risk assessment regarding your arrangements to secure value for money have
identified the following VFM significant risks:
There is a risk that as the Authority continues to develop its governance
arrangements these are not fully embedded and operational throughout the period.
See pages 11 to 15 for more details.
Our team is:
Tim Cutler – Partner
Alison Ormston – Senior Manager
Matt Ackroyd – Manager
Olivia Camm – Assistant manager
More details are on page 18.
Our work is being completed in four phases from December 2016 to September 2017
and our key deliverables are this Audit Plan and a Report to those charged with
Governance as outlined on page 17.
Our fee for the audit is £38,200 (£38,200 2015/2016) see page 16.
2
Document Classification: KPMG Confidential
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a
Swiss entity. All rights reserved.
Financial Statements Audit
Our financial statements audit work follows a four stage audit process which is identified
below. Appendix 1 provides more detail on the activities that this includes. This report
concentrates on the Financial Statements Audit Planning stage of the Financial
Statements Audit.
Value for Money Arrangements Work
Our Value for Money (VFM) Arrangements Work follows a five stage process which is
identified below. Page 8 provides more detail on the activities that this includes. This report
concentrates on explaining the VFM approach for the 2016/17 audit and the findings of our
VFM risk assessment.
Introduction
Background and Statutory responsibilities
This document supplements our Audit Fee Letter 2016/17 presented to you in April 2016,
which also sets out details of our appointment by Public Sector Audit Appointments Ltd
(PSAA).
Our statutory responsibilities and powers are set out in the Local Audit and Accountability
Act 2014 and the National Audit Office’s Code of Audit Practice.
Our audit has two key objectives, requiring us to audit/review and report on your:
— Financial statements (including the Annual Governance Statement): Providing an
opinion on your accounts; and
— Use of resources: Concluding on the arrangements in place for securing economy,
efficiency and effectiveness in your use of resources (the value for money
conclusion).
The audit planning process and risk assessment is an on-going process and the
assessment and fees in this plan will be kept under review and updated if necessary.
Acknowledgements
We would like to take this opportunity to thank officers and Members for their continuing
help and co-operation throughout our audit work.
Substantive
ProceduresCompletion
Control
Evaluation
Financial
Statements Audit
Planning
Risk
Assessment
VFM
audit work
Identification
of significant
VFM risks
Conclude Reporting
3
Document Classification: KPMG Confidential
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a
Swiss entity. All rights reserved.
Financial statements audit planning
Financial Statements Audit Planning
Our planning work takes place during December 2016 to February 2017. This involves
the following key aspects:
— Risk assessment;
— Determining our materiality level; and
— Issuing this audit plan to communicate our audit strategy.
Risk assessment
Professional standards require us to consider two standard risks for all organisations. We
are not elaborating on these standard risks in this plan but consider them as a matter of
course in our audit and will include any findings arising from our work in our
ISA 260 Report.
— Management override of controls – Management is typically in a powerful position to
perpetrate fraud owing to its ability to manipulate accounting records and prepare
fraudulent financial statements by overriding controls that otherwise appear to be
operating effectively. Our audit methodology incorporates the risk of management
override as a default significant risk. In line with our methodology, we carry out
appropriate controls testing and substantive procedures, including over journal
entries, accounting estimates and significant transactions that are outside the normal
course of business, or are otherwise unusual.
— Fraudulent revenue recognition – We do not consider this to be a significant risk for
combined authorities as there are limited incentives and opportunities to manipulate
the way income is recognised. We therefore rebut this risk and do not incorporate
specific work into our audit plan in this area over and above our standard fraud
procedures.
The diagram opposite identifies, significant risks and other areas of audit focus, which we
expand on overleaf. The diagram also identifies a range of other areas considered by our
audit approach.
Overleaf we also identify those areas of significant risk associated with the Passenger
Transport Executive whose financial results are consolidated into the Combined Authority
accounts.
£
Management
override of
controls
Revenue
recognition
Remuneration
disclosures
New financial
system
Key financial
systems
Bad debt
provision
Financial
Instruments
disclosures
Provisions
Compliance
with the
Code’s
disclosure
requirements
Keys: Significant risk Other area of audit focus Example other areas considered by our approach
Disclosures
associated with
retrospective
restatement of
CIES, EFA and
MiRS
4
Document Classification: KPMG Confidential
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a
Swiss entity. All rights reserved.
Significant Audit Risks (Combined Authority)
Those risks requiring specific audit attention and procedures to address the
likelihood of a material financial statement error.
Financial statements audit planning (cont.) £
Risk: New core financial system
The general ledger used by the Combined Authority has changed in year.
There has been a phased implementation of the new Integra system with the
existing OEO system still being used for a number of feeder systems e.g.
Accounts Payable and Receivable Ledgers.
There is a risk that account balances are incorrectly transferred from the old
ledger to the new ledger incorrectly leading to a misstatement. There is also a
risk that account balances are inaccurately coded due to an unfamiliarity with
the new coding structure.
Approach: We will reconcile the closing balance on the old ledger to the
opening balance on the new ledger to ensure no transactions were lost or
duplicated in the transfer. Testing of activity in the year will verify that the
correct codes have been used both for the transfer and subsequent activity.
KPMG specialists will review the controls around the new system to ensure
users are appropriately recognised. We shall also review the ‘link’ between the
old OEO and other feeder systems to the new ledger to ensure data is
transferred as required.
Significant Audit Risks (Pension Fund)
Those risks requiring specific audit attention and procedures to address the likelihood
of a material financial statement error.
Risk : Continuing issues with the implementation of the Pensions Administration
System
The implementation of the pensions administration system in 2014/15 caused problems
for the Authority and, on implementation, it did not operate as designed. Workaround
systems were put in place, for example on pensioners payroll to ensure members
receive their entitlements.
As part of the 2015/16 audit, KPMG IT specialists undertook testing in respect of the
migration of data from the old Heywoods Pension system to the new Civica Pension
system. Their work identified a number of issues and we raised three
recommendations. The exceptions noted contributed to a lack of assurance over
completeness and accuracy for the migration from the old to new Pension systems.
Discussions with officers during 2016/17 indicate that significant progress has been
made in addressing the problems arising from the implementation although there
remain some outstanding issues such as backlogs in processing.
Approach : As part of our audit of the Pension Fund, we will
• undertake a walkthrough of the system to identify the controls in place in relation to
member details, benefits payable and contributions;
• test the operating effectiveness of relevant system controls;
• use KPMG IT specialists to review the progress the Authority has made during the
year in addressing our recommendations; and
• test benefits payable and contributions receivable substantively at the year end.
5
Document Classification: KPMG Confidential
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a
Swiss entity. All rights reserved.
Significant Audit Risks (Passenger Transport Executive)
Those risks requiring specific audit attention and procedures to address the
likelihood of a material financial statement error.
Financial statements audit planning (cont.) £
Risk : Significant changes in the pension liability due to LGPS Triennial Valuation
During the year, the Local Government Pension Scheme for South Yorkshire PTE
(the Pension Fund) has undergone a triennial valuation with an effective date of
31 March 2016 in line with the Local Government Pension Scheme
(Administration) Regulations 2013. The Authority’s share of pension’s assets and
liabilities is determined in detail, and a large volume of data is provided to the
actuary in order to carry out this triennial valuation.
The pension liability numbers to be included in the financial statements for
2016/17 will be based on the output of the triennial valuation rolled forward to 31
March 2017. For 2017/18 and 2018/19 the actuary will then roll forward the
valuation for accounting purposes based on more limited data.
There is a risk that the data provided to the actuary for the valuation exercise is
inaccurate and that these inaccuracies affect the actuarial figures in the accounts.
Most of the data is provided to the actuary by South Yorkshire Pension Authority,
who administer the Pension Fund.
Approach : As part of our audit, we will agree any data provided by the Authority
to the actuary, back to the relevant systems and reports from which it was
derived, in addition to checking the accuracy of this data.
We will also liaise with the Pension Fund Audit Team, who are the auditors of the
Pension Fund, where this data was provided by the Pension Fund on the
Authority’s behalf to check the completeness and accuracy of such data.
Significant Audit Risks (Passenger Transport Executive)
Those risks requiring specific audit attention and procedures to address the likelihood
of a material financial statement error.
Risk: Valuation of Property, Plant & Equipment
At 31 March 2016 the Authority was reporting Property, Plant and Equipment with a
value of £109.737m, representing the large majority of assets held on the Balance
Sheet. It is the Authority’s policy to revalue assets at a minimum every 5 years on a
rolling basis, ensuring that the value of assets held on the balance sheet is not
materially different to the current value at year end.
There is an element of judgement exercised by the authority in determining whether
assets require a valuation in year and also with regards to the assumptions made by
the valuer in determining a value for the assets.
The ongoing tram/train project will progress during the year and the project will near
completion. There is a risk that this is categorised incorrectly on the financial
statements and the year end valuation provided is not a fair reflection of the project.
Given the materiality in value and the judgement involved in determining the carrying
amount we have determined a significant risk with regards to this account.
Approach:
We shall:
-Assess the qualifications and approach of the valuer used by the Authority;
-Test the accuracy and completeness of the Authority’s asset register through review of
the Authority’s asset verification exercise and the physical inspection of any significant
new additions;
-Review the instructions provided to the valuer;
-Consider the appropriateness of the valuation basis adopted e.g. should fair value
have been used;
-Understand the classification of the tram/train project;
-Understand the basis of any impairments that might occur and whether they comply
with the Code; and
-Review the capitalisation of major expenditure in the year.
6
Document Classification: KPMG Confidential
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a
Swiss entity. All rights reserved.
Financial statements audit planning (cont.) £
Other areas of audit focus (Group)
Those risks with less likelihood of giving rise to a material error but which are nevertheless worthy of audit
understanding.
Disclosures associated with retrospective restatement of CIES, EFA and MiRS
During past years, CIPFA has been working with stakeholders to develop better accountability through
the financial statements as part of its ‘telling the whole story’ project. The key objective of this project
was to make Local Government accounts more understandable and transparent to the reader in terms
of how the Authorities are funded and how they use their funding to serve the local population. The
outcome of this project resulted in two main changes in respect of the 2016-17 Local Government
Accounting Code (Code) as follows:
• Allowing combined authorities to report on the same basis as they are organised by removing the
requirement for the Service Reporting Code of Practice (SeRCOP) to be applied to the
Comprehensive Income and Expenditure Statement (CIES); and
• Introducing an Expenditure and Funding Analysis (EFA) which provides a direct reconciliation
between the way combined authorities are funded and prepare their budget and the CIES. This
analysis is supported by a streamlined Movement in Reserves Statement (MIRS) and replaces the
current segmental reporting note.
As a result of these changes, retrospective restatement of CIES (cost of services) , EFA and MiRS is
required from 1 April 2016 in the Statement of Accounts.
New disclosure requirements and restatement of accounts require compliance with relevant guidance
and correct application of applicable Accounting Standards.
Though less likely to give rise to a material error in the financial statements, this is an important material
disclosure change in this year’s accounts, worthy of audit understanding.
Approach :
As part of our audit ;
• We will assess how the Authority has actioned the revised disclosure requirements for the CIES,
MiRS and the new EFA statement as required by the Code; and
• We will check the restated numbers and associated disclosures for accuracy ,correct presentation
and compliance with applicable Accounting Standards and Code guidance.
Other areas of audit focus (Passenger Transport Executive)
Those risks with less likelihood of giving rise to a material error but which
are nevertheless worthy of audit understanding.
Concessionary Travel
During 2015/16 expenditure on concessionary travel was circa £34m
amounting to 31% of Gross Transport Expenditure.
There has been an increase in the rate charged to concessions for travel
across South Yorkshire, therefore, this has led to an increased amount to
be reimbursed by the Executive for each concession. This increase in
price to be reimbursed per concession is offset in the total movements as
the general trend for use of public transport decreases.
Approach :
As part of our audit ;
-The payments for concessionary travel vary across different transport
providers and we will seek to understand each contract and the controls
in place at the Executive to monitor the amounts charged; and
-We will assess payments throughout the year and agree to supporting
evidence.
7
Document Classification: KPMG Confidential
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a
Swiss entity. All rights reserved.
Financial statements audit planning (cont.) £
Other areas of audit focus
Those risks with less likelihood of giving rise to a material error but which are
nevertheless worthy of audit understanding.
Compliance with the Code’s requirements (Pension Fund)
The format of the Fund Account and the Net Asset Statement have been updated
for consistency with the new Financial Reports of Pension Schemes – A Statement
of Recommended Practice 2015
Approach :
We will assess the Pension Fund statements against the new format.
Valuation of Unquoted Investments (Pension Fund)
There is a higher risk of material misstatement in the valuation of level two and level
three investments.
Approach :
We will test a sample of unquoted investments, focussing the sample on those in
the higher risk category. Our testing will consider the classification of the
investments, the valuation approach and the adequacy of the evidence to support
the valuation.
8
Document Classification: KPMG Confidential
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a
Swiss entity. All rights reserved.
Financial statements audit planning (cont.)Materiality
We are required to plan our audit to determine with reasonable confidence whether or not
the financial statements are free from material misstatement. An omission or misstatement
is regarded as material if it would reasonably influence the user of financial statements.
This therefore involves an assessment of the qualitative and quantitative nature of
omissions and misstatements.
Generally, we would not consider differences in opinion in respect of areas of judgement
to represent ‘misstatements’ unless the application of that judgement results in a financial
amount falling outside of a range which we consider to be acceptable.
Materiality for planning purposes has been set at £2 million (£2 million in 2015/16) for the
Authority’s accounts, which equates to 1.7 percent of gross expenditure.
For the Authority, materiality for planning purposes has been set at £2 million which
equates to 1.7 percent of gross expenditure and for the Pension Fund materiality has been
set at £3 million.
Local Authority’s aim is not to maximise profits as there are no shareholders. The services
LAs provide to the local communities are mainly driven by a mix of government
funding/grants and local income. The measure of services provided by the CA are
reflected by its expenditure which is a key benchmark for the local people and the readers
of Sheffield City Region Combined Authority’s accounts to assess its performance and
services to the public.
We have also considered other benchmarks, such as gross income, which is not
considered relevant, as income is partly funded through central government grants, which
is not as relevant to the local population and readers of the financial statements. Other
metrics considered include net assets. Due to the nature of the entity, which is service
delivery to the local community, the net assets benchmark is not the most reflective of the
core purpose of the Authority. Therefore, the most appropriate benchmark for Sheffield City
Region Combined Authority is judged as being gross expenditure.
We design our procedures to detect errors in specific accounts at a lower level of precision.
Reporting to the Audit Committee
Whilst our audit procedures are designed to identify misstatements which are material to
our opinion on the financial statements as a whole, we nevertheless report to the Audit
Committee any unadjusted misstatements of lesser amounts to the extent that these are
identified by our audit work.
£
Under ISA 260(UK&I) ‘Communication with those charged with governance’, we are obliged to
report uncorrected omissions or misstatements other than those which are ‘clearly trivial’ to
those charged with governance. ISA 260 (UK&I) defines ‘clearly trivial’ as matters that are
clearly inconsequential, whether taken individually or in aggregate and whether judged by any
quantitative or qualitative criteria.
In the context of the Authority, we propose that an individual difference could normally be
considered to be clearly trivial if it is less than £0.1 million ( PY £0.1m).
In the context of the Pension Fund, we propose that an individual difference could normally be
considered to be clearly trivial it is less than £0.15m.
If management have corrected material misstatements identified during the course of the audit,
we will consider whether those corrections should be communicated to the Audit Committee to
assist it in fulfilling its governance responsibilities.
We note that separate materiality levels are set for the Combined Authority and the Pension
Fund recognizing that whilst the Pension Fund accounts are appended to the Combined
Authority’s financial statements, its results are not consolidated into the Combined Authority’s
results and therefore do no impact upon its financial position.
2016/17
£118,570k
0
50
100
150
200
Materiality for the Authority
based on prior year gross
expenditure
Individual errors,
where identified,
reported to
Audit Committee
Procedures
designed to detect
individual errors
£0.1m
£2m
£,000’s
£118,570k
2015/16
9
Document Classification: KPMG Confidential
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a
Swiss entity. All rights reserved.
Financial statements audit planning (cont.) £
Group audit
In addition to the Authority we deem South Yorkshire Passenger Transport Execuitve
to be significant in the context of the group audit.
Whilst the Pension Fund accounts are appended to the Combined Authority financial
statements these results are not consolidated into the Group and therefore we do not
consider the Pension Fund to be a significant component of the Group.
We will report the following matters in our Report to those charged with Governance:
Any deficiencies in the system of internal controls or instances of fraud which the
subsidiary auditors identify; and
Any limitations on the group audit, for example, where our access to information may
have been restricted..
10
Document Classification: KPMG Confidential
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a
Swiss entity. All rights reserved.
Value for money arrangements work
Background to approach to VFM work
The Local Audit and Accountability Act 2014 requires auditors of local government bodies to be satisfied that the authority ‘has made proper arrangements for securing economy,
efficiency and effectiveness in its use of resources’.
This is supported by the Code of Audit Practice, published by the NAO in April 2015, which requires auditors to ‘take into account their knowledge of the relevant local sector as a whole,
and the audited body specifically, to identify any risks that, in the auditor’s judgement, have the potential to cause the auditor to reach an inappropriate conclusion on the audited body’s
arrangements.’
The VFM approach is fundamentally unchanged from that adopted in 2015/2016 and the process is shown in the diagram below. The diagram overleaf shows the details of
the criteria for our VFM work.
No further work required
Continually re-assess potential VFM risks
£
VFM audit risk
assessment
Financial statements
and other audit work
Identification of
significant VFM
risks (if any)
Conclude on
arrangements to
secure VFM
Assessment of work by other
review agencies
Specific local risk based work
VF
M c
on
clu
sio
n
11
Document Classification: KPMG Confidential
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a
Swiss entity. All rights reserved.
Value for money arrangements work (cont.) £
Informed
decision
making
Working
with
partners
and third
parties
Sustainable
resource
deployment
Overall criterion
In all significant respects, the audited body had proper arrangements to ensure it took
properly informed decisions and deployed resources to achieve planned and
sustainable outcomes for taxpayers and local people.
Proper arrangements:
- Acting in the public interest, through
demonstrating and applying the principles and
values of sound governance.
- Understanding and using appropriate and
reliable financial and performance information
to support informed decision making and
performance management.
- Reliable and timely financial reporting that
supports the delivery of strategic priorities.
- Managing risks effectively and maintaining a
sound system of internal control.
Proper arrangements:
- Planning finances effectively to support the
sustainable delivery of strategic priorities and
maintain statutory functions.
- Managing and utilising assets to support the
delivery of strategic priorities.
- Planning, organising and developing the
workforce effectively to deliver strategic
priorities.
Proper arrangements:
- Working with third parties effectively to deliver
strategic priorities.
- Commissioning services effectively to support
the delivery of strategic priorities.
- Procuring supplies and services effectively to
support the delivery of strategic priorities.
12
Document Classification: KPMG Confidential
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a
Swiss entity. All rights reserved.
Value for money arrangements work (cont.)£
VFM audit stage Audit approach
VFM audit risk assessment We consider the relevance and significance of the potential business risks faced by all combined authorities, and other risks that apply specifically to
the Authority. These are the significant operational and financial risks in achieving statutory functions and objectives, which are relevant to auditors’
responsibilities under the Code of Audit Practice.
In doing so we consider:
The Authority’s own assessment of the risks it faces, and its arrangements to manage and address its risks;
Information from the Public Sector Auditor Appointments Limited VFM profile tool;
Evidence gained from previous audit work, including the response to that work; and
The work of other inspectorates and review agencies.
Linkages with financial
statements and other
audit work
There is a degree of overlap between the work we do as part of the VFM audit and our financial statements audit. For example, our financial
statements audit includes an assessment and testing of the Authority’s organisational control environment, including the Authority’s financial
management and governance arrangements, many aspects of which are relevant to our VFM audit responsibilities.
We have always sought to avoid duplication of audit effort by integrating our financial statements and VFM work, and this will continue. We will
therefore draw upon relevant aspects of our financial statements audit work to inform the VFM audit.
Identification of
significant risks
The Code identifies a matter as significant ‘if, in the auditor’s professional view, it is reasonable to conclude that the matter would be of interest to the
audited body or the wider public. Significance has both qualitative and quantitative aspects.’
If we identify significant VFM risks, then we will highlight the risk to the Authority and consider the most appropriate audit response in each case,
including:
Considering the results of work by the Authority, inspectorates and other review agencies; and
Carrying out local risk-based work to form a view on the adequacy of the Authority’s arrangements for securing economy, efficiency and
effectiveness in its use of resources.
13
Document Classification: KPMG Confidential
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a
Swiss entity. All rights reserved.
Value for money arrangements work (cont.)£
VFM audit stage Audit approach
Assessment of work by other
review agencies
and
Delivery of local risk based
work
Depending on the nature of the significant VFM risk identified, we may be able to draw on the work of other inspectorates, review agencies and other
relevant bodies to provide us with the necessary evidence to reach our conclusion on the risk.
If such evidence is not available, we will instead need to consider what additional work we will be required to undertake to satisfy ourselves that we
have reasonable evidence to support the conclusion that we will draw. Such work may include:
Meeting with senior managers across the Authority;
Review of minutes and internal reports; and
Examination of financial models for reasonableness, using our own experience and benchmarking data from within and without the sector.
Concluding on VFM
arrangements
At the conclusion of the VFM audit we will consider the results of the work undertaken and assess the assurance obtained against each of the VFM
themes regarding the adequacy of the Authority’s arrangements for securing economy, efficiency and effectiveness in the use of resources.
If any issues are identified that may be significant to this assessment, and in particular if there are issues that indicate we may need to consider
qualifying our VFM conclusion, we will discuss these with management as soon as possible. Such issues will also be considered more widely as part
of KPMG’s quality control processes, to help ensure the consistency of auditors’ decisions.
Reporting On the following page, we report the results of our initial risk assessment. We will update our assessment throughout the year should any further
issues present themselves and report against these in our ISA260.
We will report on the results of the VFM audit through our ISA 260 Report. This will summarise any specific matters arising, and the basis for our
overall conclusion.
The key output from the work will be the VFM conclusion (i.e. our opinion on the Authority’s arrangements for securing VFM), which forms part of our
audit report.
14
Document Classification: KPMG Confidential
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a
Swiss entity. All rights reserved.
Value for money arrangements work Planning
Significant VFM Risks
Those risks requiring specific audit attention and procedures to address the likelihood
that proper arrangements are not in place to deliver value for money.
Corporate Governance Arrangements (Group)
Risk
Our VFM opinion for the 2015/16 period was qualified due to two key deficiencies at
the authority, namely:
- A Corporate Code of Governance had not been established; and
- A robust risk management process had not been operational and embedded at
the Authority throughout the period e.g. the authority’s first risk register had only
been presented to Audit Committee in July 2016.
We understand from discussion with officers that some progress has been made
towards embedding these key processes in year, including the provision of a report
from an external consultant with several recommendations around governance
structures.
There is a risk that further improvements have not been made as required and that
these have not been in place for the full financial year.
Approach
We shall review the Governance framework in place, including the risk management
processes. We shall assess whether these were in place and operating effectively
throughout the financial year.
15
Document Classification: KPMG Confidential
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a
Swiss entity. All rights reserved.
Other matters
Whole of government accounts (WGA)
We are required to review your WGA consolidation and undertake the work specified under
the approach that is agreed with HM Treasury and the National Audit Office. Deadlines for
production of the pack and the specified approach for 2016/17 have not yet been
confirmed.
Elector challenge
The Local Audit and Accountability Act 2014 gives electors certain rights. These are:
— The right to inspect the accounts;
— The right to ask the auditor questions about the accounts; and
— The right to object to the accounts.
As a result of these rights, in particular the right to object to the accounts, we may need to
undertake additional work to form our decision on the elector's objection. The additional
work could range from a small piece of work where we interview an officer and review
evidence to form our decision, to a more detailed piece of work, where we have to
interview a range of officers, review significant amounts of evidence and seek legal
representations on the issues raised.
The costs incurred in responding to specific questions or objections raised by electors is
not part of the fee. This work will be charged in accordance with the PSAA's fee scales.
Our audit team
Our audit team will be led by Tim Cutler whom will add a fresh perspective to the
Combined Authority. Appendix 2 provides more details on specific roles and contact details
of the team.
Reporting and communication
Reporting is a key part of the audit process, not only in communicating the audit findings
for the year, but also in ensuring the audit team are accountable to you in addressing the
issues identified as part of the audit strategy. Throughout the year we will communicate
with you through meetings with the finance team and the Audit and Standards Committee.
Our communication outputs are included in Appendix 1.
Independence and Objectivity
Auditors are also required to be independent and objective. Appendix 3 provides more
details of our confirmation of independence and objectivity.
Audit fee
Our Audit Fee Letter 2016/2017 presented to you in April 2016 first set out our fees for the
2016/2017 audit. This letter also sets out our assumptions.
Our audit fee may be varied later, subject to agreement with PSAA, for changes in the
Code, specifically this year the changes in relation to the disclosure associated with
retrospective restatement of CIES, EFA and MiRS. If such a variation is agreed with PSAA,
we will report that to you in the due course.
The planned audit fee for the Combined Authority Group in 2016/17 is £38,200. This is the
same fee as 2015/2016.
The planned audit fee for 2016/17 is £21,000 for the Pension Fund. (2015/16 £21,000).
The planned audit fee for 2016/17 is £
Our audit fee includes our work on the VFM conclusion and our audit of the Authority’s
financial statements.
16
Document Classification: KPMG Confidential
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a
Swiss entity. All rights reserved.
Appendix 1: Key elements of our financial statements audit approach
Driving more value from the audit through data and
analytics
Technology is embedded throughout our audit approach
to deliver a high quality audit opinion. Use of Data and
Analytics (D&A) to analyse large populations of
transactions in order to identify key areas for our audit
focus is just one element. We strive to deliver new
quality insight into your operations that enhances our
and your preparedness and improves your collective
‘business intelligence.’ Data and Analytics allows us to:
— Obtain greater understanding of your processes, to
automatically extract control configurations and to
obtain higher levels assurance.
— Focus manual procedures on key areas of risk and
on transactional exceptions.
— Identify data patterns and the root cause of issues to
increase forward-looking insight.
We anticipate using data and analytics in our work
around key areas such as journals. We also expect to
provide insights from our analysis of these tranches of
data in our reporting to add further value from our audit.
CompletionPlanning Control evaluation Substantive testing
Co
mm
un
ica
tio
nA
ud
it w
ork
flo
w
Continuous communication involving regular meetings between Audit Committee, Senior Management and audit team
Initial planning
meetings and
risk assessment
Audit strategy
and planAnnual Audit
Letter
Interim report
(if appropriate)ISA 260 (UK&I)
Report
Interim audit
Year end audit of
financial
statements and
annual report
Sign
audit
opinion
Perform risk
assessment
procedures
and identify
risks
Determine
audit strategy
Determine
planned audit
approach
Understand accounting
and reporting activities
Evaluate design and
implementation of
selected controls
Test operating
effectiveness of selected
controls
Assess control risk and
risk of the accounts
being misstated
Plan substantive procedures
Perform substantive
procedures
Consider if audit evidence is
sufficient and appropriate
Perform completion
procedures
Perform overall
evaluation
Form an audit opinion
Audit Committee
reporting
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
D&A
ENABLED
AUDIT
METHODOLOGY
17
Document Classification: KPMG Confidential
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a
Swiss entity. All rights reserved.
Appendix 2: Audit team
Your audit team has been drawn from our specialist public sector assurance department. Alison and Matt were both part of the Sheffield City Region Combined Authority
audit last year and will provide continuity. Tim Cutler and Olivia Camm will add a fresh perspective to the audit.
Name Tim Cutler
Position Partner
‘My role is to lead our team and ensure the delivery
of a high quality, valued added external audit
opinion.
I will be the main point of contact for the Audit and
Standards Committee and S151 Officer.’
Tim Cutler
Partner
Tel: 0116 246 4281
Email: [email protected]
Name Alison Ormston
Position Senior Manager
‘I provide quality assurance for the audit work and
specifically any technical accounting and risk
areas.
I will work closely with Tim to ensure we add value.
I will liaise with the Director of Finance and other
Executive Directors.’Alison Ormston
Senior Manager
Tel: 0113 231 3942
Email: [email protected]
Name Olivia Camm
Position Assistant Manager
‘I will be responsible for the on-site delivery of our
work and will supervise the work of our audit
assistants.’
Olivia Camm
Assistant Manager
Tel: 0113 231 3017
Email: [email protected]
Name Matt Ackroyd
Position Manager
‘I provide quality assurance for the audit work and
specifically any technical accounting and risk
areas.
I will work closely with the Tim and Alison to
ensure we add value.
I will liaise with the Director of Finance and other
Executive Directors.’Matt Ackroyd
Manager
Tel: 0113 231 3625
Email: [email protected]
18
Document Classification: KPMG Confidential
© 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a
Swiss entity. All rights reserved.
Appendix 3: Independence and objectivity requirements
Independence and objectivity
Professional standards require auditors to communicate to those charged with governance,
at least annually, all relationships that may bear on the firm’s independence and the
objectivity of the audit engagement partner and audit staff. The standards also place
requirements on auditors in relation to integrity, objectivity and independence.
The standards define ‘those charged with governance’ as ‘those persons entrusted with the
supervision, control and direction of an entity’. In your case this is the Audit and Standards
Committee.
KPMG LLP is committed to being and being seen to be independent. APB Ethical
Standards require us to communicate to you in writing all significant facts and matters,
including those related to the provision of non-audit services and the safeguards put in
place, in our professional judgement, may reasonably be thought to bear on KPMG LLP’s
independence and the objectivity of the Engagement Lead and the audit team.
Further to this auditors are required by the National Audit Office’s Code of Audit Practice to:
— Carry out their work with integrity, independence and objectivity;
— Be transparent and report publicly as required;
— Be professional and proportional in conducting work;
— Be mindful of the activities of inspectorates to prevent duplication;
— Take a constructive and positive approach to their work; and
— Comply with data statutory and other relevant requirements relating to the security,
transfer, holding, disclosure and disposal of information.
PSAA’s Terms of Appointment includes several references to arrangements designed to
support and reinforce the requirements relating to independence, which auditors must
comply with. These are as follows:
— Auditors and senior members of their staff who are directly involved in the
management, supervision or delivery of PSAA audit work should not take part in
political activity.
— No member or employee of the firm should accept or hold an appointment as a
member of an audited body whose auditor is, or is proposed to be, from the same firm.
In addition, no member or employee of the firm should accept or hold such
appointments at related bodies, such as those linked to the audited body through a
strategic partnership.
— Audit staff are expected not to accept appointments as Governors at certain types of
schools within the local authority.
— Auditors and their staff should not be employed in any capacity (whether paid or
unpaid) by an audited body or other organisation providing services to an audited body
whilst being employed by the firm.
— Auditors appointed by the PSAA should not accept engagements which involve
commenting on the performance of other PSAA auditors on PSAA work without first
consulting PSAA.
— Auditors are expected to comply with the Terms of Appointment policy for the
Engagement Lead to be changed on a periodic basis.
— Audit suppliers are required to obtain the PSAA’s written approval prior to changing
any Engagement Lead in respect of each audited body.
— Certain other staff changes or appointments require positive action to be taken by
Firms as set out in the Terms of Appointment.
Confirmation statement
We confirm that as of 27 April 2017 in our professional judgement, KPMG LLP is
independent within the meaning of regulatory and professional requirements and the
objectivity of the Engagement Lead and audit team is not impaired.
Document Classification: KPMG Confidential
© 2017 KPMG LLP, a UK limited liability partnership and a
member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG
International”), a Swiss entity. All rights reserved.
This report is addressed to the Authority and has been prepared for the sole use of the
Authority. We take no responsibility to any member of staff acting in their individual
capacities, or to third parties. We draw your attention to the Statement of Responsibilities of
auditors and audited bodies, which is available on Public Sector Audit Appointment’s website
(www.psaa.co.uk).
External auditors do not act as a substitute for the audited body’s own responsibility for
putting in place proper arrangements to ensure that public business is conducted in
accordance with the law and proper standards, and that public money is safeguarded and
properly accounted for, and used economically, efficiently and effectively.
We are committed to providing you with a high quality service. If you have any concerns or
are dissatisfied with any part of KPMG’s work, in the first instance you should contact Tim
Cutler, the engagement lead to the Authority, who will try to resolve your complaint. If you
are dissatisfied with your response please contact the national lead partner for all of KPMG’s
work under our contract with Public Sector Audit Appointments Limited, Andrew Sayers, by
email to [email protected]. After this, if you are still dissatisfied with how your
complaint has been handled you can access PSAA’s complaints procedure by emailing
[email protected] by telephoning 020 7072 7445 or by writing to Public Sector
Audit Appointments Limited, 3rd Floor, Local Government House, Smith Square, London,
SW1P 3HZ.
1. Introduction
1.1 SCR’s governance arrangements have continued to evolve in line with its programme of work. During 2016/17, in light of devolution, an impending mayoral combined authority and the shift from a policy forming organisation to the delivery of major programmes, a number of activities have taken place to review and strengthen governance.
1.2 The structure in place from 2014 reflected the history of the CA and LEP partnership - primarily formed to attract Government funding. As the work programme evolved the CA / LEP has adapted to include a suite of Executive Boards made up of Leaders, LEP Private Sector, CEX (Officers of the CA) and CA Statutory Officer delegates.
1.3 Review of SCR’s governance and decision making
It was recognised early in 16/17 that a mayoral CA needed to be a quite different organisation. An independent review was commissioned to assess the SCR’s decision making and governance structure. This review focused upon current arrangements, their fitness for current and new arrangements and how they could flex and adapt to changing needs and requirements.
1.4 Metro Dynamics, the appointed independent review organisation, reported and discussed
Purpose of ReportThis report updates the Committee on the review of governance arrangements during 16/17 and the priorities arising from this.
Freedom of Information and Schedule 12A of the Local Government Act 1972
Under the Freedom of Information Act this paper and any appendices will be made available under the Combined Authority Publication Scheme. This scheme commits the Authority to make information about how decisions are made available to the public as part of its normal business activities.
Recommendations
The Audit Committee is asked to consider the governance review activity that has taken place during 2016/17.
27th April 2017
Governance Review Activity 2016/17
findings with stakeholders across the City Region as well as collaboration with Chief Executives, Leaders, Private Sector members and Statutory Officers. A report on the findings of the review was produced and a workshop held in October 2016 to consider the recommendations.
1.5 This review identified the need for SCR to move away from being transactional in its arrangements with government to becoming a more strategic organisation. For partners and stakeholders to develop and commit to a shared purpose for the SCR and for that commitment to be reflected in changed behaviours. Alongside this the report found that there were examples where the delineation of responsibilities required greater clarity and decision making processes could be improved. As a result the report clearly established the responsibilities of the different component parts of the SCR.
1.6 Suggested next steps included:
Prioritising the development of a common purpose and strategy for the SCR – with leaders, Chief Executives and the LEP.
Strengthening & widening the Audit and Scrutiny function to ensure stronger & deeper accountability.
Realising the opportunity to put in place effective forward planning and meeting management.
Maximising the potential of the SCR team by revisiting their role and place in the system, and helping develop officer skills.
Creating and nurturing expertise and talent across nine Councils, to be utilised as key SCR resource & develop more secondments.
Continuing to improve communications and engagement with business.
1.7 These recommendations fed into SCR’s governance improvement plan and actions and progress reflected in the Annual Governance Statement. To progress these the following actions are underway:
Amendments to the constitution and associated regulations (Contracting and Procurement, Financial)
Formalised LEP Terms of Reference SCR Executive Team restructure LEP led formalised business engagement programme Recruitment of a Scrutiny Officer Establishing a SCR Capital Programme Board
1.8 Review of SCR’s decision making mechanisms
In 2015 SCR was awarded £295m of devolved Local Growth Fund. A condition of the award was to establish an Assurance and Accountability Framework (AAF) that set out the decision making mechanisms for the investment of the funds. The framework must be reviewed and updated on a yearly basis in order to receive the annual allocation.
1.9 The review of the framework in preparation for 2017/18 is an iterative process using government guidance and internal self-evaluation activity. It has also incorporated the work undertaken on the review of decision making structures as discussed in 1.3. The revised framework was approved by DCLG in February 2017.
1.10 There are a number of actions required in order to implement the framework, these
include:
Publication of LEP Board agendas and papers in advance. Publication of a complaints policy. Publication of the proposed and approved SCR investment programme, with the
opportunity for members of the public to comment. Publication of the Full Business Case for any approved scheme.
As with the actions arising from the governance review, these have been fed into SCR’s governance improvement plan and will be reflected in the Annual Governance Statement.
1.11 Governance Improvements actioned in year
Since its inception the CA have adopted the policies of BMBC on all matters of governance and legal controls and SCC on financial controls. During 2015/16 BMBC provided advice and guidance, working with SCR to identify strategic risks and develop risk management arrangements. (NB at an operational level all capital investments are required to include a risk management plan as part of the FBC).
1.12 Whilst the external audit conclusion for 15/16 concluded that SCR had made proper arrangements to ensure planned and sustainable outcomes, there were some areas of corporate governance that required development, particularly in relation to risk management. Statutory Officers recognised that whilst risk management arrangements had been proportionate to the relative immaturity of the organisation so far, more work would be required to embed a robust and effective approach. As part of SCR’s governance improvement plan, a review the approach to risk management was undertaken.
1.13 SCR fully recognised that in order to successfully delivery its Strategic Economic Plan and effective governance and control system needed to be in place. A number of governance themes that underpin the successful delivery of the SEP were identified and it was agreed that, going forward, the strategic risk management approach would focus on the effectiveness of, and compliance with the components of this governance and control framework. A number of sessions have been held (Statutory Officer, 1-1s and workshops) that have considered the controls SCR have in place in relation to the governance themes, their adequacy and any additional controls required. SCR’s Risk Management Policy and Strategy were endorsed by the Audit Committee in January ’17 and adopted by the CA in March. This work is progressing and has, by its nature, facilitated a review of governance. Risk management actions plans are in development, are feeding into the governance improvement plan. Key actions will be reflected in the Annual Governance Statement.
1.14 Additionally the SCR commenced in year a full review of Information Governance systems and approaches across the SCR. This has led to a decision to move the IT services and processes to a shared arrangement with the SYPTE (currently rolling out). This integration of services within the CA group provides efficiencies but also aims to improve business resilience and continuity.
1.15 Next Steps
SCR have prioritised the governance changes and actions that are required to implement the revised Assurance and Accountability Framework. Relevant policies and processes will be considered by Leaders in early May and finalised versions presented to the AGM in
June.
Prioritised actions include:
Reviewing and updating the constitution (Officers Code of Conduct, Procurement and Contract Regulations and Financial Regulations);
Increasing transparency (LEP declarations of interests, publication of LEP papers, improving the website, publication of full business cases, project and programme management information)
Strengthening LEP Governance (LEP ToR/Constitution) Documentation of delegated decision making (delegated authority, written
procedures) Establishing a Programme Board and Delivery Boards (ToR, register of interests) Increasing visibility of sub boards of the CA who act under delegated authority
(register and declaration of interests, publication of grants made etc)
2. Proposal and justification
2.1 Annual Governance Statement
The opportunities to strengthen governance arrangements identified though governance review activities will be reflected in the Annual Governance Statement which is currently being drafted. The next Audit Committee meeting is scheduled for 27th July shortly followed by a meeting to approve the statutory accounts on 31st July. The Audit Committee has a responsibility to consider and advise the CA on the Annual Governance Statement, therefore it is proposed that an additional meeting is scheduled during June, following the CA AGM.
3. Consideration of alternative approaches
3.1 Do Nothing - Continue to adopt governance arrangements via a constituent authority. This continues to be the approach to a number of the services required by the CA, as it provides expertise and a better value solution. However as the CA develops and as the Metro Dynamics independent review suggested it is appropriate in a number of key areas for the CA to move to a more targeted and bespoke approach including adapting its own risk management and information governance protocols.
3.2 Full governance independence – This has been discounted as would require significant investment in infrastructure and expertise which is more effectively procured via established LA partners.
4. Implications
4.1 Financial
Unsuccessful implementation of the Assurance and Accountability Framework may result in failure to secure the following years LGF allocation.
4.2 Legal
Failure to comply with Government guidance re AAF could result in reputational damage to the LEP and CA. Legal implications are associated with specific elements of the governance plan including data breaches (information security), fraud etc. All of these policies are in place and as in the case of information security are reviewed and risks
actively managed.
4.3 Risk Management
Risk management is an important and integral part of good governance. This paper updates the Audit Committee on SCR’s risk management approach and how it is contributing to identifying ways in which to strengthen governance arrangements.
4.4 Equality, Diversity and Social Inclusion
There are no equality, diversity or social inclusion issues in relation to this update.
5. Communications
5.1 The activity described in this paper is internally focussed however, as discussed at 1.13, relevant policies and processes will considered by Leaders and therefore may be included in public document packs.
6. Appendices/Annexes
6.1 Governance Review Timeline.
REPORT AUTHOR Claire JamesPOST Governance & Compliance Officer
Officer responsible Ruth AdamsOrganisation Sheffield City Region
Email [email protected] Telephone 0114 220 3442
Background papers used in the preparation of this report are available for inspection at: 11 Broad Street West, Sheffield S1 2BQ
Other sources and references: n/a
Review of SCR’s decision making structure
Review of SCR’s decision making mechanisms
Review of the approach to ensuring the successful delivery of the Strategic Economic Plan
Jun 16 Jul 16 Aug 16 Sep 16 Oct 16 Nov 16 Dec 16 Jan 17 Feb 17 Mar 17 Apr 17 May 18
Jun 16 Jul 16 Aug 16 Sep 16 Oct 16 Nov 16 Dec 16 Jan 17 Feb 17 Mar 17 Apr 17 May 18
Jun 16 Jul 16 Aug 16 Sep 16 Oct 16 Nov 16 Dec 16 Jan 17 Feb 17 Mar 17 Apr 17 May 18
Leaders workshop to
consider findingsIndependent Review
(meetings with key
stakeholders)
Government guidance
published
Revised AAF published
Action planning to
implement revised AAF
SO consideration of
external audit feedback
CA consideration of
external audit feedback
SO regular Governance Assurance
meetings – Risk & Governance
arrangement agenda items
Risk Workshop Risk Workshop
Guidance sessions with
BMBC Risk
1-1 risk sessions with senior
members of SCR Exec
Audit Committee endorsed
Policy & StrategyCA adopted Policy &
Strategy
Policy & Strategy in development
1. Introduction
1.1 At inception of the SCR CA, the CA policy framework was driven by adoption of policies and processes from Constituent Members. Particularly this includes adoption of BMBC policy and processes for governance, legal, risk management and internal audit and SCC policies for financial and commercial procurement management.
1.2 Whilst the external audit conclusion for 15/16 had highlighted that proper governance arrangements had been in place, there was a recommendation that SCR should now have its own public statement, in the form of Code of Corporate Governance, to demonstrate commitment to good governance and describe how this commitment is fulfilled in practice. This paper highlights the revised SCR Code.
2. Proposal and justification
2.1 Statutory Officers recognised, through the independent governance review activity that in a number of areas, SCR was, and is very different to a local authority and therefore where appropriate should move to development of CA policies (including the Code) that were relevant and bespoke to the purpose of a Combined Authority.
Purpose of ReportThis report updates the Committee on the development of SCR’s Code of Corporate Governance.
Freedom of Information and Schedule 12A of the Local Government Act 1972
Under the Freedom of Information Act this paper and any appendices will be made available under the Combined Authority Publication Scheme. This scheme commits the Authority to make information about how decisions are made available to the public as part of its normal business activities.
Recommendations
The Audit Committee is asked to consider SCR’s draft Code of Corporate Governance and provide feedback where necessary.
27th April 2017
Draft Code of Corporate Governance
2.2 The systems and processes, and the culture required to deliver SCR’s intended outcomes were mapped against the principles of the Chartered Institute of Public Finance and Accountancy (CIPFA) / Society of Local Authority Chief Executives (SOLACE) Framework Delivering Good Governance in Local Government 2016, and a Code of Corporate Governance drafted. The principles within the framework underpin the governance of the SCR and provide a framework against which to structure the approach to governance.
2.3 Next Steps
The arrangements described in the Code are well established. The annual governance statement will report on SCR’s performance against the Code and identify any actions required to strengthen arrangements in 17/18.
Further to endorsement by the Audit Committee, the Code of Corporate Governance will be considered by the CA at its AGM and published on the SCR website.
3. Consideration of alternative approaches
3.1 No other options were considered as the maturity of the CA requires SCR to develop a bespoke code separate to that of a constituent authority.
4. Implications
4.1 Financial
There are no financial implications.
4.2 Legal
There are no legal implications.
4.3 Risk Management
There are no risk management implications.
4.4 Equality, Diversity and Social Inclusion
There are no equality, diversity or social inclusion issues in relation to the Code of Corporate Governance.
5. Communications
5.1 The activity described in this paper is internally focussed however, the Code will be published on the SCR website.
6. Appendices/Annexes
6.1 Appendix 1 - Draft Code of Corporate Governance
Annex A – Evidence Framework
REPORT AUTHOR Claire JamesPOST Governance & Compliance Officer
Officer responsible Ruth AdamsOrganisation Sheffield City Region
Email [email protected] Telephone 0114 220 3442
Background papers used in the preparation of this report are available for inspection at: 11 Broad Street West, Sheffield S1 2BQ
Other sources and references: n/a
SCR Combined Authority and Local Enterprise Partnership Code of Corporate Governance
Code of Corporate Governance
SCR Combined Authority and Local Enterprise Partnership Code of Corporate Governance
1. Introduction
What is Corporate Governance?
Corporate governance’ describes how Sheffield City Region (SCR) Combined Authority (the CA) directs and controls what it is accountable for. In order to fulfil its purpose and deliver better outcomes for City Region residents, businesses and visitors, SCR CA, working closely with the SCR Local Enterprise Partnership (LEP), needs to have a comprehensive governance and accountability framework in place to ensure it operates effectively, efficiently and ethically.
To demonstrate good corporate governance, the CA and the LEP should carry out their functions in a way that demonstrates accountability, transparency, effectiveness, integrity, and inclusivity. Good governance will enable SCR to pursue its vision and secure its agreed objectives in the most effective and efficient manner.
By governance, we mean the arrangements that are put in place to ensure that SCR’s intended outcomes are defined and achieved. The Governance Framework comprises the systems and processes, cultures and values, by which the CA, as accountable body, directs and controls activities. Good governance is about making sure SCR does the right things, in the right way for the right people, in a timely inclusive, open, honest and accountable manner.
Governance Principles
The systems and processes, and the culture required to deliver SCR’s intended outcomes are mapped against the principles of the Chartered Institute of Public Finance and Accountancy (CIPFA) / Society of Local Authority Chief Executives (SOLACE) Framework Delivering Good Governance in Local Government 2016. These principles underpin the governance of the organisation and provide a framework against which to structure SCR’s approach to governance.
The Purpose of the Code
This Code is a public statement that sets out the way in which SCR will fulfil these principles in practice and demonstrate its commitment to good governance. The business of the SCR will also be conducted in accordance with the Seven Principles of Public Life identified in 1The Nolan Committee Report (1995) and in accordance with the Cabinet Office Code of Conduct for Board Members of Public Bodies.This Code fulfils three purposes:
It sets out what corporate governance is in a CA and LEP context It describes the recommended framework and detail to follow It provides a statement of the principles of good corporate governance, and SCR’s commitment to adopt and
follow best practice, how it intends to do this, and demonstrate it.
The Code will be reviewed annually to ensure it continues to be relevant and fit for purpose. The effectiveness of SCR’s governance arrangements and internal control systems will be reviewed annually and the review outcomes published in an Annual Governance Statement (AGS). The AGS will describe the governance structures and arrangements in place and will report on their effectiveness, including performance against the Code. It will also highlight any significant areas for improvement and identify actions to be taken to address them in the forthcoming year.
Legislative Background
Whilst there is no specific duty for a combined authority to prepare a local code of corporate governance, changes in Regulation 4(3) of the Accounts and Audit Regulations 2011 have placed a statutoryduty on authorities to prepare an Annual Governance Statement (AGS) in accordance with‘proper practices’.
1 selflessness; integrity; objectivity; accountability; openness; honesty; and leadership.
SCR Combined Authority and Local Enterprise Partnership Code of Corporate Governance
2. Role, & Structure of Sheffield City Region Combined Authority & Local Enterprise Partnership
Role and Structure
LEPLEPs are private sector led voluntary partnerships between local authorities and businesses set up in 2010 by the Department of Business Innovation and Skills to help determine local economic priorities and lead economic growth and job creation within the local area.
The LEP comprises a private sector majority with 10 private sector representatives and nine leaders of the member local authorities. The LEP works in partnership with the CA and ensures that SCR policy and decisions receive the input and views of key business leaders and the wider business community. The LEP is the originator of economic policy within SCR and is author and custodian of the Strategic Economic Plan (SEP).
CAThe CA was established on the 1st April 2014. Working closely with the LEP, the remit of the CA is to provide strategic direction for SCR, and to coordinate and drive forward economic regeneration and transport initiatives for the benefit of citizens and the business community within its boundaries. The CA is the accountable body for funds notionally awarded to the LEP.
The SCR CA comprises the leaders and elected mayor (Doncaster) of each of the nine councils which constitute the body. It meets every six weeks and is aligned to a number of supporting committees and boards which provide the expected degree of scrutiny and challenge in formulating policy and driving key strategic decision-making. The CA comprises nine local authorities that collectively reflect the natural and economic geography of SCR. Between these partner authorities there has been a long standing approach to collaborative working.
The CA has a distinct and separate role from the local authorities it is comprised of, in that it provides leadership on those aspects that define the region, enables a regional identity and performs the strategy, policy, programme and assurance of SCR.
The CA constitution and operating arrangements, approved by all nine member bodies, have been in place since April 2014. These include terms of reference for the SCR Transport Committee and the authority that has been both delegated and referred to it. The constitution sets out the powers and functions of the CA, including financial procedures, Member Code of Conduct, the Scheme of Delegation to officers and arrangements for the operation of a scrutiny and audit committee function.
The Scheme of Delegation provides for the day to day management and oversight of services provided by the Authority. These include the responsibilities of the Head of Paid Service, Clerk, Finance Director and Monitoring Officer. Five thematic ‘Boards’ (Business Growth, Skills, Housing, Transport and Infrastructure) are empowered to debate thematic matters in detail on the CA / LEP’s behalf ahead of draft ‘resolutions’ being put to the CA for endorsement.
CollectivelyThe SCR’s objective, working in tandem with central Government, is to grow the economy of the SCR noting that to do so requires greater devolution of funding, resources and functions to the City Region. Since 2014 SCR has established itself as a front-running city region for devolution and governance, as one of only seven regions across the country to have established a combined authority and negotiated two devolution deals with central Government.
Executive TeamThe CA and LEP are supported by a dedicated Sheffield City Region Executive Team, who provide day-to-day support on policy, commissioning, project development, project appraisal, programme management and meeting administration. Through close co-ordination with member authorities, Leaders and Chief Executives, the team pro-actively advances decision making processes for SCR. Neither the CA or LEP are employing bodies, therefore the Executive Team is employed via BMBC.
SCR Combined Authority and Local Enterprise Partnership Code of Corporate Governance
3. Delivering Good Governance – The Principles
The systems and processes, and the culture required to deliver SCR’s intended outcomes are mapped against the principles of the Chartered Institute of Public Finance and Accountancy (CIPFA) / Society of Local Authority Chief Executives (SOLACE) Framework Delivering Good Governance in Local Government 2016.
This Code of Corporate Governance (the Code) is a public statement based on the six core principles defined with in this. These principles (below) provide structure and underpin the organisation’s approach to governance.
3.1 Good governance means ensuring Officers behave with integrity, demonstrate a strong commitment to ethical values and respect for the rule of the law
SCR CA reflects the values and high standards of conduct and behaviour of its constituent and non-constituent local authorities. These high standards are supported by Codes of Conduct for Members and Officers, which are incorporated into the SCR CA Constitution, and set out the standards required of all members, co-opted members and officers in carrying out their duties. These Codes include, as general obligation, that members must have regard to the Principles of Public Life as identified in the Nolan Committee Report (1995). Protocols in relation to the disclosing of interests at meetings and the registering of interests both pecuniary and non-pecuniary are also included in this section of the Constitution. These declarations are published on the website.
These Codes of Conduct will be reviewed annually at the Authority’s Annual General Meeting.
The Constitution also describes the delegations to the Monitoring Officer in relation to their contribution to the promotion and maintenance of high standards of conduct.
The Overview and Scrutiny Committee and Audit Committee hold SCR to account and provide a ‘check and balance’ in relation to the discharge of duties.
The Constitution outlines the approach taken by CA in dealing with the threat of fraud and corruption as well as detailing a Fraud Response Plan. In addition, the CA’s commitment to openness, probity and accountability is also outlined in its Whistle-blowing Policy. The Constitution also outlines the responsibilities of members to notify the Monitoring Officer regarding the receipt of gifts or hospitality.
The LEP have in place a (draft) Code of Conduct and Declarations of Interest Policy which sets out the standards which are required of members of the LEP in carrying out their duties, and in their relationships with the CA and its officers. In line with the CA, the Code of Conduct includes a general obligation, that members must have regard to the Principles of Public Life as identified in the Nolan Committee Report (1995) and also to the Cabinet office Code of Conduct for Board Members of Public Bodies.
The SCR Executive Team are employed by Barnsley Metropolitan Borough Council and as such are bound by BMBCs Code of Conduct and other related policies and procedures.
SCR are committed to ensuring compliance with relevant laws and regulations, internal policies and procedures, and that expenditure is lawful.
Standard contract clauses stating compliance with applicable laws relating to Anti-bribery and anti-corruption are included in contracts with all external providers of services.
SCR Combined Authority and Local Enterprise Partnership Code of Corporate Governance
3.4 Good governance means determining the interventions necessary to optimise the achievement of the intended outcomes
SCR CA and LEP are committed to ensuring robust decision making mechanisms and processes are in place that enable decision-makers to be fully informed and confident that decisions made take into account the needs and ambitions of the City Region, and that defined outcomes can be achieved.
In order to achieve this, as accountable body, the SCR CA will:
Ensure decision makers receive objective and robust information on which to base decisions along with an analysis of a variety of options and an outline of the risks involved.
Ensure, as appropriate, that the views of stakeholders are considered in the decision making process.
Establish and implement robust planning and control cycles for strategic and operational plans. Ensure decision making arrangements are robust but flexible enough to adapt to changing
circumstances. Ensure commissioned schemes/investments made are measured against defined outcomes and
that they represent the best use of resources and value for money. Ensure there is sufficient capacity/resource to generate the information required to review and
monitor the performance of schemes/investments made. Use realistic estimates of revenue and capital expenditure to inform medium and long term
3.2 Good governance means ensuring openness and comprehensive stakeholder engagement
SCR CA and LEP recognise that they have been established for the public good and should therefore ensure openness in their activities. The CA and LEP therefore aim to ensure clear, trusted channels of communication are used to engage effectively with its stakeholders.
The CA and LEP will do this by:
Documenting and demonstrating SCR’s commitment to openness through, but not limited to, the publishing of agendas and minutes and of Codes of Conduct and through publicly held CA meetings
Establishing clear channels of communication and effective engagement with all stakeholders, encouraging consultation and collaboration.
Incorporating good governance arrangements into partnerships and other joint working. Ensuring public records and explanations to stakeholders include clear reasoning and evidence
for decisions made. Consulting appropriately to determine effective interventions and courses of action. Providing clear justification regarding any information or decisions that require confidentiality.
3.3 Good governance means outcomes are defined in terms of sustainable economic, social and environmental benefits
SCR CA and LEP recognise that the long term nature and impact of its actions means that it is vital that it should plan and define its outcomes and that these should be sustainable. It also recognises that decisions made should further the organisations purpose and contribute to intended benefits and outcomes.
In order to ensure this SCR CA and LEP will:
Have in place a formal statement, in the form of a Strategic Economic Plan (SEP) that describes the vision for the City Region and sets out purpose and intended outcomes of the CA and LEP.
Identify and manage the risks to the achievement of outcomes. Appraise schemes seeking investment against a robust set of criteria that consider and balance
the combined economic, social and environmental impact of policies and plans where appropriate.
SCR Combined Authority and Local Enterprise Partnership Code of Corporate Governance
resource planning in order to develop a sustainable funding strategy. Ensure the achievement of ‘social value’ through planning and commissioning
3.5 Good governance means developing the entity’s capacity, including the capability of its leadership and the individuals within it
SCR CA and LEP are committed to ensuring it has an appropriate structure and leadership in place to operate effectively and efficiently whilst having the capacity to fulfil its mandate. It is also committed to continuing to develop organisational capacity in preparation for further phases of devolution.
In order to do this, as the accountable body, the SCR CA will:
Ensure Statutory Officers have the skills, resources and support necessary to effectively perform their roles in a changing environment.
Provide effective inductions and identify and meet any further development needs of members and officers, in relation to their strategic roles, and provide training and opportunities to increase skills and knowledge as necessary.
Ensure effective arrangements and delegations are in place in order for the Head of Paid Service to discharge their functions.
Ensure a clear protocol exists to support a constructive working relationship between Members and Officers and seek to develop partnerships and collaboration where most value can be added.
Define the types of decisions that are delegated and those reserved for the collective decision making of the CA.
3.6 Good governance means risks and performance are managed through robust internal control and strong public financial management
SCR CA and LEP recognise that effective performance management underpins the effective and efficient delivery of its intended outcomes and that risk management is a vital and integral part of this. As accountable body the CA is committed to ensuring a strong system of financial management is in place in order to enforce financial discipline, strategic allocation of resources, efficient service delivery and accountability. Underpinning this, a culture and structure encouraging scrutiny and challenge.
To achieve this, SCR CA:
Has in place an effective and active Audit Committee, who are accountable to the CA and, amongst other responsibilities, lead on ensuring SCR CA have robust risk management arrangements in place.
Will review the effectiveness of its decision-making framework, including delegation arrangements regularly.
Will ensure risk management is considered in all aspects of decision making. Will ensure commissioned schemes/investments made are measured against defined outcomes
and that they represent the best use of resources and value for money. Has in place effective scrutiny arrangements. Has in place robust arrangements for internal and external audit to provide assurance over the
effectiveness of systems of internal control. Will ensure effective arrangements and delegations are in place in order for the Chief Financial
Officer to discharge their functions. Has in place a properly resourced and skilled Finance team with embedded processes compliant
with best practice. Will ensure compliance with relevant laws and regulations, internal policies and procedures and
that all expenditure is lawful.
3.7 Good governance means good practices in transparency, reporting and audit to deliver effective accountability are implemented
SCR CA and LEP are committed to ensuring good practice in transparency, reporting and audit arrangements in order to deliver effective accountability.
SCR Combined Authority and Local Enterprise Partnership Code of Corporate Governance
In order to achieve this, as accountable body, SCR CA:
Has in place robust arrangements for internal and external audit to provide assurances over the effectiveness of systems of internal control (also in 3.6).
Ensures that the Authority’s Annual Accounts are reviewed by external auditors and that their opinion together with the final accounts are published and are available for inspection.
Holds all CA meetings in public, unless there are good reasons to exclude the press and public. Publishes all agendas and reports for the CA and its associated committees online in accordance
with statutory access to information requirements. Ensure effective arrangements and delegations are in place in order for the Monitoring Officer to
discharge their functions. Is committed to openness and transparency in all its activities subject only to where there is a
need to preserve confidentiality. Will review the effectiveness of its decision making framework including delegation arrangements
and data quality regularly (also in 3.6). Will ensure effective counter fraud and anti-corruption arrangements are developed and
maintained. Keeps its governance arrangements under review and has in place an action plan for
improvements.
4. Monitoring and review of governance
The SCR CA and LEP recognise the importance of good governance in maintaining and enhancing stakeholder confidence. Each year the Authority publishes an Annual Governance Statement (AGS) together with the Authority’s Annual Accounts. This statement is prepared following an internal review of governance arrangements and outlines actions identified to strengthen them.
The review is informed by the work of:
The Statutory Officers within the Authority who have responsibility for the development and maintenance of the governance environment.
Internal Auditor’s annual report and opinion, and also by comments made by the external auditors and other review agencies and inspectorates.
The Chief Financial Officer who has statutory responsibility for ensuring the proper management of SCR CAs financial affairs.
Delegates of the Statutory Officers (The Governance Assurance Group). This group meets regularly to discuss corporate governance arrangements and issues, and to reflect on recurring themes and activity relating to governance improvement.
The framework for evaluating the effectiveness of internal control includes:
An evaluation of progress against previously identified governance issues Reviews of
o External Audit’s Opinion o Annual Internal audit report and opiniono Strategic Risk Management Action Plano Issues identified through business planning and performance managemento Complaintso Freedom of Information requestso Data Protection and Information Governance issues
The AGS is discussed by the Audit Committee and examined by External Auditors and approved by the Combined Authority.